packages/cloud-init
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Do not enable dhcp6 on EC2

Browse Source
This commit is contained in:
dongyuzhen 2024-05-08 15:25:15 +08:00
parent 60867e5b89
commit 2bf471a75d
2 changed files with 128 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
backport-ec2-Do-not-enable-dhcp6-on-EC2.patch Normal file
View File

@ -0,0 +1,119 @@
From f0fb841883b80c71618582e43e1b3cd87a0dcb58 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@redhat.com>
Date: Mon, 1 Apr 2024 18:28:12 +0000
Subject: [PATCH] ec2: Do not enable dhcp6 on EC2 (#5104)
When cloud-init finds any ipv6 information in the instance metadata, it
automatically enables dhcp6 for the network interface. However, this
brings up the instance with a broken IPv6 configuration because SLAAC
should be used for almost all situations on EC2.
Red Hat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2092459
Fedora Pagure: https://pagure.io/cloud-sig/issue/382
Upstream: https://bugs.launchpad.net/cloud-init/+bug/1976526
Fixes GH-3980
Reference:https://github.com/canonical/cloud-init/commit/f0fb841883b80c71618582e43e1b3cd87a0dcb58
Conflict:(1)Delete one more line of code. The content is "if nic_metadata.get('ipv6s'): # Any IPv6 addresses configured"
(2)The test cases are modified differently because the version is too early.
Signed-off-by: Major Hayden <major@redhat.com>
---
cloudinit/sources/DataSourceEc2.py | 5 -----
tests/unittests/test_datasource/test_ec2.py | 14 +++++++-------
2 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
index 700437b..2d869db 100644
--- a/cloudinit/sources/DataSourceEc2.py
+++ b/cloudinit/sources/DataSourceEc2.py
@@ -773,8 +773,6 @@ def convert_ec2_metadata_network_config(
'match': {'macaddress': mac.lower()},
'set-name': nic_name}
nic_metadata = macs_metadata.get(mac)
- if nic_metadata.get('ipv6s'): # Any IPv6 addresses configured
- dev_config['dhcp6'] = True
netcfg['ethernets'][nic_name] = dev_config
return netcfg
# Apply network config for all nics and any secondary IPv4/v6 addresses
@@ -791,9 +789,6 @@ def convert_ec2_metadata_network_config(
'dhcp6': False,
'match': {'macaddress': mac.lower()},
'set-name': nic_name}
- if nic_metadata.get('ipv6s'): # Any IPv6 addresses configured
- dev_config['dhcp6'] = True
- dev_config['dhcp6-overrides'] = dhcp_override
dev_config['addresses'] = get_secondary_addresses(nic_metadata, mac)
if not dev_config['addresses']:
dev_config.pop('addresses') # Since we found none configured
diff --git a/tests/unittests/test_datasource/test_ec2.py b/tests/unittests/test_datasource/test_ec2.py
index a93f219..f932e73 100644
--- a/tests/unittests/test_datasource/test_ec2.py
+++ b/tests/unittests/test_datasource/test_ec2.py
@@ -399,7 +399,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
mac1 = '06:17:04:d7:26:09' # Defined in DEFAULT_METADATA
expected = {'version': 2, 'ethernets': {'eth9': {
'match': {'macaddress': '06:17:04:d7:26:09'}, 'set-name': 'eth9',
- 'dhcp4': True, 'dhcp6': True}}}
+ 'dhcp4': True, 'dhcp6': False}}}
patch_path = M_PATH_NET + 'get_interfaces_by_mac'
get_interface_mac_path = M_PATH_NET + 'get_interface_mac'
with mock.patch(patch_path) as m_get_interfaces_by_mac:
@@ -460,7 +460,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
'addresses': ['172.31.45.70/20',
'2600:1f16:292:100:f152:2222:3333:4444/128',
'2600:1f16:292:100:f153:12a3:c37c:11f9/128'],
- 'dhcp4': True, 'dhcp6': True}}}
+ 'dhcp4': True, 'dhcp6': False}}}
patch_path = M_PATH_NET + 'get_interfaces_by_mac'
get_interface_mac_path = M_PATH_NET + 'get_interface_mac'
with mock.patch(patch_path) as m_get_interfaces_by_mac:
@@ -509,7 +509,7 @@ class TestEc2(test_helpers.HttprettyTestCase):
self.logs.getvalue())
expected = {'version': 2, 'ethernets': {'eth9': {
'match': {'macaddress': mac1}, 'set-name': 'eth9',
- 'dhcp4': True, 'dhcp6': True}}}
+ 'dhcp4': True, 'dhcp6': False}}}
self.assertEqual(expected, ds.network_config)
def test_ec2_get_instance_id_refreshes_identity_on_upgrade(self):
@@ -825,7 +825,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
nic1_metadata.pop('public-ipv4s')
expected = {'version': 2, 'ethernets': {'eth9': {
'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
- 'dhcp4': True, 'dhcp6': True}}}
+ 'dhcp4': True, 'dhcp6': False}}}
self.assertEqual(
expected,
ec2.convert_ec2_metadata_network_config(
@@ -875,7 +875,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
nic1_metadata['local-ipv4s'] = '10.0.0.42' # Local ipv4 only on vpc
expected = {'version': 2, 'ethernets': {'eth9': {
'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
- 'dhcp4': True, 'dhcp6': True}}}
+ 'dhcp4': True, 'dhcp6': False}}}
self.assertEqual(
expected,
ec2.convert_ec2_metadata_network_config(
@@ -897,7 +897,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
'eth9': {
'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
'dhcp4': True, 'dhcp4-overrides': {'route-metric': 100},
- 'dhcp6': True, 'dhcp6-overrides': {'route-metric': 100}},
+ 'dhcp6': False},
'eth10': {
'match': {'macaddress': mac2}, 'set-name': 'eth10',
'dhcp4': True, 'dhcp4-overrides': {'route-metric': 200},
@@ -916,7 +916,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
nic1_metadata['ipv6s'] = '2620:0:1009:fd00:e442:c88d:c04d:dc85/64'
expected = {'version': 2, 'ethernets': {'eth9': {
'match': {'macaddress': self.mac1}, 'set-name': 'eth9',
- 'dhcp4': True, 'dhcp6': True}}}
+ 'dhcp4': True, 'dhcp6': False}}}
self.assertEqual(
expected,
ec2.convert_ec2_metadata_network_config(
--
2.33.0

10
cloud-init.spec
View File

@ -1,6 +1,6 @@
Name: cloud-init Name: cloud-init
Version: 21.4 Version: 21.4
Release: 26 Release: 27
Summary: the defacto multi-distribution package that handles early initialization of a cloud instance. Summary: the defacto multi-distribution package that handles early initialization of a cloud instance.
License: ASL 2.0 or GPLv3 License: ASL 2.0 or GPLv3
URL: http://launchpad.net/cloud-init URL: http://launchpad.net/cloud-init
@ -75,6 +75,7 @@ Patch6040: backport-fix-Don-t-loosen-the-permissions-of-the-log-file.patch
Patch6041: backport-fix-growpart-race-4618.patch Patch6041: backport-fix-growpart-race-4618.patch
Patch6042: backport-handle-error-when-log-file-is-empty-4859.patch Patch6042: backport-handle-error-when-log-file-is-empty-4859.patch
Patch6043: backport-fix-Logging-sensitive-data.patch Patch6043: backport-fix-Logging-sensitive-data.patch
Patch6044: backport-ec2-Do-not-enable-dhcp6-on-EC2.patch
BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd BuildRequires: pkgconfig(systemd) python3-devel python3-setuptools systemd
BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2 BuildRequires: iproute python3-configobj python3-httpretty >= 0.8.14-2
@ -185,6 +186,12 @@ fi
%exclude /usr/share/doc/* %exclude /usr/share/doc/*
%changelog %changelog
* Wed May 8 2024 dongyuzhen <dongyuzhen@h-partners.com> - 21.4-27
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:ec2: Do not enable dhcp6 on EC2
* Fri Apr 12 2024 shixuantong <shixuantong1@huawei.com> - 21.4-26 * Fri Apr 12 2024 shixuantong <shixuantong1@huawei.com> - 21.4-26
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA
@ -402,3 +409,4 @@ https://github.com/canonical/cloud-init/commit/0450a1faff9e5095e6da0865916501772
* Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 17.1-8 * Tue Sep 17 2019 openEuler Buildteam <buildteam@openeuler.org> - 17.1-8
- Package init. - Package init.