From a6c60951263a3219de94e2b4f8023bf4b3e003af Mon Sep 17 00:00:00 2001 From: shixuantong Date: Tue, 11 Jun 2024 10:41:17 +0800 Subject: [PATCH] backport upstream bugfix patches --- ...able-use-dns-for-secondary-nics-5314.patch | 112 ++++++++++++++++++ ...ke-duplicate-route-add-succeed.-5343.patch | 52 ++++++++ ...predictable-interface-rename-issue-5.patch | 56 +++++++++ cloud-init.spec | 13 +- 4 files changed, 232 insertions(+), 1 deletion(-) create mode 100644 backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch create mode 100644 backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch create mode 100644 backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch diff --git a/backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch b/backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch new file mode 100644 index 0000000..d9959c2 --- /dev/null +++ b/backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch @@ -0,0 +1,112 @@ +From 42930d8459b59b22cab3f76d85d170871174b479 Mon Sep 17 00:00:00 2001 +From: Alberto Contreras +Date: Wed, 29 May 2024 09:10:53 +0200 +Subject: [PATCH] fix(azure): disable use-dns for secondary nics (#5314) + +DNS resolution through secondary NICs is not supported on Azure. Disable +it. + +Without this, we see seconds of delay resolving urls in cloud-init logs +from Jammy+, see SF ticket. + +Per cjp256's comment, the first NIC under metadata.imds.network is +ensured +to be the primary one. We use this to determine primary NICs instead of +relying on fragile driver and/or NIC names. + +Fixes: SF: #00380708 + +Co-authored-by: Calvin Mwadime +--- + cloudinit/sources/DataSourceAzure.py | 3 +++ + tests/unittests/sources/test_azure.py | 20 +++++++++++++------- + 2 files changed, 16 insertions(+), 7 deletions(-) + +diff --git a/cloudinit/sources/DataSourceAzure.py b/cloudinit/sources/DataSourceAzure.py +index 11c14e2..e384b32 100644 +--- a/cloudinit/sources/DataSourceAzure.py ++++ b/cloudinit/sources/DataSourceAzure.py +@@ -1965,6 +1965,9 @@ def generate_network_config_from_instance_network_metadata( + # addresses. + nicname = "eth{idx}".format(idx=idx) + dhcp_override = {"route-metric": (idx + 1) * 100} ++ # DNS resolution through secondary NICs is not supported, disable it. ++ if idx > 0: ++ dhcp_override["use-dns"] = False + dev_config: Dict[str, Any] = { + "dhcp4": True, + "dhcp4-overrides": dhcp_override, +diff --git a/tests/unittests/sources/test_azure.py b/tests/unittests/sources/test_azure.py +index 2a477f8..3a36418 100644 +--- a/tests/unittests/sources/test_azure.py ++++ b/tests/unittests/sources/test_azure.py +@@ -718,14 +718,20 @@ class TestGenerateNetworkConfig: + "match": {"macaddress": "00:0d:3a:04:75:98"}, + "dhcp6": False, + "dhcp4": True, +- "dhcp4-overrides": {"route-metric": 200}, ++ "dhcp4-overrides": { ++ "route-metric": 200, ++ "use-dns": False, ++ }, + }, + "eth2": { + "set-name": "eth2", + "match": {"macaddress": "00:0d:3a:04:75:98"}, + "dhcp6": False, + "dhcp4": True, +- "dhcp4-overrides": {"route-metric": 300}, ++ "dhcp4-overrides": { ++ "route-metric": 300, ++ "use-dns": False, ++ }, + }, + }, + "version": 2, +@@ -952,7 +958,7 @@ class TestNetworkConfig: + "dhcp6": False, + "match": {"macaddress": "00:0d:3a:04:75:98"}, + "set-name": "eth0", +- } ++ }, + }, + "version": 2, + } +@@ -1534,7 +1540,7 @@ scbus-1 on xpt0 bus 0 + "dhcp6": False, + "dhcp4": True, + "dhcp4-overrides": {"route-metric": 100}, +- } ++ }, + }, + "version": 2, + } +@@ -1563,14 +1569,14 @@ scbus-1 on xpt0 bus 0 + "match": {"macaddress": "22:0d:3a:04:75:98"}, + "dhcp6": False, + "dhcp4": True, +- "dhcp4-overrides": {"route-metric": 200}, ++ "dhcp4-overrides": {"route-metric": 200, "use-dns": False}, + }, + "eth2": { + "set-name": "eth2", + "match": {"macaddress": "33:0d:3a:04:75:98"}, + "dhcp6": False, + "dhcp4": True, +- "dhcp4-overrides": {"route-metric": 300}, ++ "dhcp4-overrides": {"route-metric": 300, "use-dns": False}, + }, + }, + "version": 2, +@@ -1603,7 +1609,7 @@ scbus-1 on xpt0 bus 0 + "dhcp6": False, + "dhcp4": True, + "dhcp4-overrides": {"route-metric": 100}, +- } ++ }, + }, + "version": 2, + } +-- +2.27.0 + diff --git a/backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch b/backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch new file mode 100644 index 0000000..a9a9142 --- /dev/null +++ b/backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch @@ -0,0 +1,52 @@ +From e432a31d6ea4263027c327559bb08adf3a91ad6d Mon Sep 17 00:00:00 2001 +From: Brett Holman +Date: Wed, 29 May 2024 16:03:46 -0600 +Subject: [PATCH] fix(net): Make duplicate route add succeed. (#5343) + +This behaves the same but doesn't fail when adding an existing route. + +Fixes GH-3441 +Fixes GH-3595 +--- + cloudinit/net/netops/iproute2.py | 2 +- + tests/unittests/net/test_init.py | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/cloudinit/net/netops/iproute2.py b/cloudinit/net/netops/iproute2.py +index 08d79b1..25ccbc1 100644 +--- a/cloudinit/net/netops/iproute2.py ++++ b/cloudinit/net/netops/iproute2.py +@@ -30,7 +30,7 @@ class Iproute2(netops.NetOps): + source_address: Optional[str] = None, + ): + subp.subp( +- ["ip", "-4", "route", "add", route] ++ ["ip", "-4", "route", "replace", route] + + (["via", gateway] if gateway and gateway != "0.0.0.0" else []) + + [ + "dev", +diff --git a/tests/unittests/net/test_init.py b/tests/unittests/net/test_init.py +index 51e54d0..16fe8e9 100644 +--- a/tests/unittests/net/test_init.py ++++ b/tests/unittests/net/test_init.py +@@ -1084,7 +1084,7 @@ class TestEphemeralIPV4Network(CiTestCase): + "ip", + "-4", + "route", +- "add", ++ "replace", + "192.168.2.1", + "dev", + "eth0", +@@ -1097,7 +1097,7 @@ class TestEphemeralIPV4Network(CiTestCase): + "ip", + "-4", + "route", +- "add", ++ "replace", + "default", + "via", + "192.168.2.1", +-- +2.27.0 + diff --git a/backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch b/backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch new file mode 100644 index 0000000..62e7089 --- /dev/null +++ b/backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch @@ -0,0 +1,56 @@ +From 2856f4c8a440eba1127ac09f2b411d436c62e777 Mon Sep 17 00:00:00 2001 +From: Brett Holman +Date: Wed, 29 May 2024 16:08:35 -0600 +Subject: [PATCH] fix(netplan): Fix predictable interface rename issue +(#5339) + +When predictable naming is disabled, the following command may exit with +a non-zero exit code. + +udevadm test-builtin net_setup_link + +This code only ran to check for udev rename races, which cannot happen +when systemd renaming is disabled. Skip when disabled. + +Fixes GH-3950 +--- + cloudinit/net/netplan.py | 3 +++ + tests/unittests/test_net.py | 5 ++++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/cloudinit/net/netplan.py b/cloudinit/net/netplan.py +index 0b8419a..aea8a67 100644 +--- a/cloudinit/net/netplan.py ++++ b/cloudinit/net/netplan.py +@@ -329,6 +329,9 @@ class Renderer(renderer.Renderer): + if not run: + LOG.debug("netplan net_setup_link postcmd disabled") + return ++ elif "net.ifnames=0" in util.get_cmdline(): ++ LOG.debug("Predictable interface names disabled.") ++ return + setup_lnk = ["udevadm", "test-builtin", "net_setup_link"] + + # It's possible we can race a udev rename and attempt to run +diff --git a/tests/unittests/test_net.py b/tests/unittests/test_net.py +index 052b067..73a4c91 100644 +--- a/tests/unittests/test_net.py ++++ b/tests/unittests/test_net.py +@@ -6782,10 +6782,13 @@ class TestNetplanPostcommands(CiTestCase): + mock_netplan_generate.assert_called_with(run=True, same_content=False) + mock_net_setup_link.assert_called_with(run=True) + ++ @mock.patch("cloudinit.util.get_cmdline") + @mock.patch("cloudinit.util.SeLinuxGuard") + @mock.patch.object(netplan, "get_devicelist") + @mock.patch("cloudinit.subp.subp") +- def test_netplan_postcmds(self, mock_subp, mock_devlist, mock_sel): ++ def test_netplan_postcmds( ++ self, mock_subp, mock_devlist, mock_sel, m_get_cmdline ++ ): + mock_sel.__enter__ = mock.Mock(return_value=False) + mock_sel.__exit__ = mock.Mock() + mock_devlist.side_effect = [["lo"]] +-- +2.27.0 + diff --git a/cloud-init.spec b/cloud-init.spec index df541a6..ae65a0a 100644 --- a/cloud-init.spec +++ b/cloud-init.spec @@ -1,6 +1,6 @@ Name: cloud-init Version: 23.4.1 -Release: 4 +Release: 5 Summary: the defacto multi-distribution package that handles early initialization of a cloud instance. License: ASL 2.0 or GPLv3 URL: http://launchpad.net/cloud-init @@ -23,6 +23,9 @@ Patch6005: backport-fix-Logging-sensitive-data.patch Patch6006: backport-fix-growpart-race-4618.patch Patch6007: backport-handle-error-when-log-file-is-empty-4859.patch Patch6008: backport-ec2-Do-not-enable-dhcp6-on-EC2.patch +Patch6009: backport-fix-azure-disable-use-dns-for-secondary-nics-5314.patch +Patch6010: backport-fix-net-Make-duplicate-route-add-succeed.-5343.patch +Patch6011: backport-fix-netplan-Fix-predictable-interface-rename-issue-5.patch BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd BuildRequires: iproute python3-configobj python3-responses @@ -153,6 +156,14 @@ fi %exclude /usr/share/doc/* %changelog +* Tue Jun 11 2024 shixuantong - 23.4.1-5 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:disable use-dns for secondary nics + Make duplicate route add succeed + Fix predictable interface rename issue + * Mon Jun 03 2024 shixuantong - 23.4.1-4 - Type:bugfix - CVE:NA -- Gitee