diff --git a/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch b/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch new file mode 100644 index 0000000000000000000000000000000000000000..3072c4d314c743fefb1f4772fdb80792f065e49e --- /dev/null +++ b/backport-ec2-Do-not-enable-dhcp6-on-EC2.patch @@ -0,0 +1,144 @@ +From f0fb841883b80c71618582e43e1b3cd87a0dcb58 Mon Sep 17 00:00:00 2001 +From: Major Hayden +Date: Mon, 1 Apr 2024 18:28:12 +0000 +Subject: [PATCH] ec2: Do not enable dhcp6 on EC2 (#5104) + +When cloud-init finds any ipv6 information in the instance metadata, it +automatically enables dhcp6 for the network interface. However, this +brings up the instance with a broken IPv6 configuration because SLAAC +should be used for almost all situations on EC2. + +Red Hat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2092459 +Fedora Pagure: https://pagure.io/cloud-sig/issue/382 +Upstream: https://bugs.launchpad.net/cloud-init/+bug/1976526 + +Fixes GH-3980 + +Signed-off-by: Major Hayden +--- + cloudinit/sources/DataSourceEc2.py | 4 ---- + tests/unittests/sources/test_ec2.py | 24 +++++++++--------------- + 2 files changed, 9 insertions(+), 19 deletions(-) + +diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py +index 1b49ad16525..879eb66de63 100644 +--- a/cloudinit/sources/DataSourceEc2.py ++++ b/cloudinit/sources/DataSourceEc2.py +@@ -1066,8 +1066,6 @@ def convert_ec2_metadata_network_config( + "set-name": nic_name, + } + nic_metadata = macs_metadata.get(mac) +- if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured +- dev_config["dhcp6"] = True + netcfg["ethernets"][nic_name] = dev_config + return netcfg + # Apply network config for all nics and any secondary IPv4/v6 addresses +@@ -1114,8 +1112,6 @@ def convert_ec2_metadata_network_config( + table=table, + ) + if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured +- dev_config["dhcp6"] = True +- dev_config["dhcp6-overrides"] = dhcp_override + if ( + is_netplan + and nic_metadata.get("device-number") +diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py +index e6e1aec9277..7ba4f881083 100644 +--- a/tests/unittests/sources/test_ec2.py ++++ b/tests/unittests/sources/test_ec2.py +@@ -460,7 +460,7 @@ def test_network_config_property_returns_version_2_network_data(self): + "match": {"macaddress": "06:17:04:d7:26:09"}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -545,7 +545,7 @@ def test_network_config_property_secondary_private_ips(self): + "2600:1f16:292:100:f153:12a3:c37c:11f9/128", + ], + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -625,7 +625,7 @@ def test_network_config_cached_property_refreshed_on_upgrade(self, m_dhcp): + "match": {"macaddress": mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -1154,7 +1154,7 @@ def test_convert_ec2_metadata_network_config_handles_only_dhcp6(self): + "match": {"macaddress": self.mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -1234,7 +1234,7 @@ def test_convert_ec2_metadata_network_config_handles_local_v4_and_v6(self): + "match": {"macaddress": self.mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } +@@ -1267,8 +1267,7 @@ def test_convert_ec2_metadata_network_config_multi_nics_ipv4(self): + "set-name": "eth9", + "dhcp4": True, + "dhcp4-overrides": {"route-metric": 100}, +- "dhcp6": True, +- "dhcp6-overrides": {"route-metric": 100}, ++ "dhcp6": False, + }, + "eth10": { + "match": {"macaddress": mac2}, +@@ -1327,10 +1326,9 @@ def test_convert_ec2_metadata_network_config_multi_nics_ipv4_ipv6_multi_ip( + "eth9": { + "dhcp4": True, + "dhcp4-overrides": {"route-metric": 100}, +- "dhcp6": True, ++ "dhcp6": False, + "match": {"macaddress": "06:17:04:d7:26:09"}, + "set-name": "eth9", +- "dhcp6-overrides": {"route-metric": 100}, + }, + "eth10": { + "dhcp4": True, +@@ -1338,7 +1336,7 @@ def test_convert_ec2_metadata_network_config_multi_nics_ipv4_ipv6_multi_ip( + "route-metric": 200, + "use-routes": True, + }, +- "dhcp6": True, ++ "dhcp6": False, + "match": {"macaddress": "06:17:04:d7:26:08"}, + "set-name": "eth10", + "routes": [ +@@ -1361,10 +1359,6 @@ def test_convert_ec2_metadata_network_config_multi_nics_ipv4_ipv6_multi_ip( + "table": 101, + }, + ], +- "dhcp6-overrides": { +- "route-metric": 200, +- "use-routes": True, +- }, + "addresses": ["2600:1f16:292:100:f153:12a3:c37c:11f9/128"], + }, + }, +@@ -1394,7 +1388,7 @@ def test_convert_ec2_metadata_network_config_handles_dhcp4_and_dhcp6(self): + "match": {"macaddress": self.mac1}, + "set-name": "eth9", + "dhcp4": True, +- "dhcp6": True, ++ "dhcp6": False, + } + }, + } diff --git a/cloud-init.spec b/cloud-init.spec index 24f39bc4e63b5106deab6a6febb662959d66ab25..f45cabacd85d1ce3fb85f5cbbd253419f8a29273 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init Version: 21.4 -Release: 22 +Release: 23 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance. License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -75,6 +75,8 @@ Patch6040: backport-fix-Don-t-loosen-the-permissions-of-the-log-file.patch Patch6041: backport-fix-growpart-race-4618.patch Patch6042: backport-handle-error-when-log-file-is-empty-4859.patch +Patch6043: backport-ec2-Do-not-enable-dhcp6-on-EC2.patch + BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2 BuildRequires: python3-jinja2 python3-jsonpatch python3-jsonschema @@ -183,6 +185,9 @@ fi %exclude /usr/share/doc/* %changelog +* Tue May 07 2024 zhangxingrong - 21.4-23 +- backport upstream patch + * Tue Mar 26 2024 shixuantong - 21.4-22 - Type:bugfix - CVE:NA