Cloud-init recently added policy-based routing for netplan-only systems on EC2. In order to gate the netplan-specific code, it checked to see in the netplan activator was being used. However, if the datasource is fetched in init-local timeframe (such as on EC2), it is possible to specify a different renderer without also changing the activator. This means the netplan-gating no longer works, even when rendering to a non-netplan system.
The fix is to instead check if we're using the netplan renderer before rendering the netplan-specific code.
[ Test Plan ]
Launch an Ubuntu instance on EC2 having two NICs attached.
Run "apt update; apt install ifupdown"
In /etc/cloud/cloud.cfg, update the `renderers` line to start with `eni` rather than `netplan`
`cloud-init clean --logs --reboot`
Connect to instance
Verify no networking related tracebacks exist in logs
Verify /etc/network/interfaces.d/ contains valid networking information for both NICs.
Run tests/integration_tests/modules/test_hotplug.py and
tests/integration_tests/test_networking.py
to ensure no regression to existing multinic rendering behavior.
[ Where problems could occur ]
If the renderer is still somehow misdetecting a netplan or non-netplan based system, we could still attempt to render netplan config where we shouldn't be, or instead skip rendering the config where we shouldn't be.
[ Impact ]
Cloud-init recently added policy-based routing for netplan-only systems on EC2. In order to gate the netplan-specific code, it checked to see in the netplan activator was being used. However, if the datasource is fetched in init-local timeframe (such as on EC2), it is possible to specify a different renderer without also changing the activator. This means the netplan-gating no longer works, even when rendering to a non-netplan system.
The fix is to instead check if we're using the netplan renderer before rendering the netplan-specific code.
[ Test Plan ]
Launch an Ubuntu instance on EC2 having two NICs attached. cloud.cfg, update the `renderers` line to start with `eni` rather than `netplan` interfaces. d/ contains valid networking information for both NICs.
Run "apt update; apt install ifupdown"
In /etc/cloud/
`cloud-init clean --logs --reboot`
Connect to instance
Verify no networking related tracebacks exist in logs
Verify /etc/network/
Run tests/integrati on_tests/ modules/ test_hotplug. py and on_tests/ test_networking .py
tests/integrati
to ensure no regression to existing multinic rendering behavior.
[ Where problems could occur ]
If the renderer is still somehow misdetecting a netplan or non-netplan based system, we could still attempt to render netplan config where we shouldn't be, or instead skip rendering the config where we shouldn't be.
[ Other Info ]
Upstream bug: /github. com/canonical/ cloud-init/ pull/5321
Upstream fix: https:/