Ubuntu
cloud-init package

EC2 multi-nic ENI rendering fails if ENI activator not used

  1. Noble (24.04)
  2. Bug #2066985
Bug #2066985 reported by James Falcon
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init (Ubuntu)
Status tracked in Oracular
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned
Oracular
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

Cloud-init recently added policy-based routing for netplan-only systems on EC2. In order to gate the netplan-specific code, it checked to see in the netplan activator was being used. However, if the datasource is fetched in init-local timeframe (such as on EC2), it is possible to specify a different renderer without also changing the activator. This means the netplan-gating no longer works, even when rendering to a non-netplan system.

The fix is to instead check if we're using the netplan renderer before rendering the netplan-specific code.

[ Test Plan ]

Launch an Ubuntu instance on EC2 having two NICs attached.
Run "apt update; apt install ifupdown"
In /etc/cloud/cloud.cfg, update the `renderers` line to start with `eni` rather than `netplan`
`cloud-init clean --logs --reboot`
Connect to instance
Verify no networking related tracebacks exist in logs
Verify /etc/network/interfaces.d/ contains valid networking information for both NICs.

Run tests/integration_tests/modules/test_hotplug.py and
tests/integration_tests/test_networking.py
to ensure no regression to existing multinic rendering behavior.

Specifically this test per series is known to assert proper behavior and show potential regressions for netplan-based environments
CLOUD_INIT_OS_IMAGE=jammy CLOUD_INIT_CLOUD_INIT_SOURCE=<YOUR_DEB_FROM_PROPOSED> CLOUD_INIT_PLATFORM=ec2 tox -e integration-tests -- tests/integration_tests/modules/test_hotplug.py::test_multi_nic_hotplug_vpc

[ Where problems could occur ]

On EC2 only, if the renderer is still somehow mis-detecting a netplan or non-netplan based system, we could still attempt to render netplan config where we shouldn't be, or instead skip rendering the config where we shouldn't be.

Problems cloud also occur on Ec2 only in netplan-based images if cloud-init incorrectly determines that netplan is not the configured renderer and skips adding supplmental policy based routes with route-metrics when rendering netplan config for secondary NIC route-metrics.

[ Other Info ]

Upstream bug: https://github.com/canonical/cloud-init/issues/5318
Upstream fixes:
- https://github.com/canonical/cloud-init/pull/5321
- https://github.com/canonical/cloud-init/pull/5361

See original description
James Falcon (falcojr)
description: updated
Chad Smith (chad.smith)
summary: - Mutli-nic ENI rendering fails if ENI activator not used
+ EC2 multi-nic ENI rendering fails if ENI activator not used
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 24.2~3ge68c8c74-0ubuntu1

---------------
cloud-init (24.2~3ge68c8c74-0ubuntu1) oracular; urgency=medium

  * Upstream snapshot based on upstream/main at e68c8c74.
    - Bugs fixed in this snapshot: (LP: #2066979, #2066985)

 -- James Falcon <email address hidden> Fri, 24 May 2024 12:08:51 -0500

Changed in cloud-init (Ubuntu Oracular):
status: New → Fix Released
Chad Smith (chad.smith)
Changed in cloud-init (Ubuntu Oracular):
status: Fix Released → New
status: New → Fix Released
Revision history for this message
Chad Smith (chad.smith) wrote (last edit ):

Setting this task back to new for oracular as the fix provided in https://github.com/canonical/cloud-init/pull/5321 ended up breaking policy-based routing rendering for the netplan-based renderers on multi-nic instance types on Ec2.

Upstream fix https://github.com/canonical/cloud-init/pull/5361 resolves this network rendering issue for multi-nic environments which make use of policy-based routing.

Upload 24.2~4... will resolve this issue fully.

Chad Smith (chad.smith)
description: updated
Revision history for this message
Chad Smith (chad.smith) wrote :

This bug was fixed in the package cloud-init - 24.2~4g5f40426f-0ubuntu1

---------------

cloud-init (24.2~4g5f40426f-0ubuntu1) oracular; urgency=medium

  * Upstream snapshot based on upstream/main at 5f40426f.
    - Bugs fixed in this snapshot: (LP: #2066985)
      The fix for this bug in the previous release was only a
      partial fix.

 -- James Falcon <email address hidden> Wed, 05 Jun 2024 12:52:40 -0500

Chad Smith (chad.smith)
description: updated
description: updated
description: updated
Revision history for this message
Andreas Hasenack (ahasenack) wrote (last edit ):

All uploads except focal are missing a bug identification for this changelog entry:

       - cpick-d6776632: fix: Check renderer for netplan-specific code (#5321)

The patch itself also does not have a DEP3[1] header, which would help clarify what this change is doing, which bug it's fixing.

In the focal upload, I see the same patch pointing at this bug here, and it has the same content, so I'm assuming for non-focal uploads, it's also fixing #2066985:

       - cpick-d6776632: fix: Check renderer for netplan-specific code (#5321)
         (LP: #2066985)

Please, for future SRU uploads:
- make sure all changes in d/changelog have an LP bug entry. If multiple patches/changes are part of the same bug fix, then just group them together using indentation.
- add DEP3[1] headers to the patches

This helps to speed up SRU processing. I understand you use Github references, but for debian packaging changelog entries, please also include LP references.

1. http://dep.debian.net/deps/dep3/

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Is focal missing the cpick-d771d1f4 patch by any chance? Or, why is it not applied there?

Revision history for this message
Andreas Hasenack (ahasenack) wrote : Please test proposed package

Hello James, or anyone else affected,

Accepted cloud-init into noble-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/24.1.3-0ubuntu3.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-noble to verification-done-noble. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-noble. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cloud-init (Ubuntu Noble):
status: New → Fix Committed
tags: added: verification-needed verification-needed-noble
Changed in cloud-init (Ubuntu Mantic):
status: New → Fix Committed
tags: added: verification-needed-mantic
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hello James, or anyone else affected,

Accepted cloud-init into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/24.1.3-0ubuntu1~23.10.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cloud-init (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hello James, or anyone else affected,

Accepted cloud-init into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/24.1.3-0ubuntu1~20.04.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cloud-init (Ubuntu Jammy):
status: New → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Hello James, or anyone else affected,

Accepted cloud-init into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/24.1.3-0ubuntu1~22.04.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

James Falcon (falcojr)
description: updated
description: updated
Revision history for this message
James Falcon (falcojr) wrote :

Verification results attached.

`verify_2066985.txt` contains results of manual verification as laid out in the bug description.
`multinic-2066985-template.json` contains one of the supporting files used in those tests.
`<series>_integration_tests.txt` contains the automated regression integration test results for each series.

James Falcon (falcojr)
tags: added: verification-done verification-done-focal verification-done-jammy verification-done-mantic verification-done-noble
removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-mantic verification-needed-noble
Revision history for this message
Andreas Hasenack (ahasenack) wrote : Update Released

The verification of the Stable Release Update for cloud-init has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 24.1.3-0ubuntu3.3

---------------
cloud-init (24.1.3-0ubuntu3.3) noble; urgency=medium

  * Upstream bug fix release based on 24.1.7
    + functional fixes in debian/patches:
      - cpick-417ee551: fix(ec2): Ensure metadata exists before configuring PBR.
        (LP: #2066979)
      - cpick-d6776632: fix: Check renderer for netplan-specific code (#5321)
      - cpick d771d1f4: fix(ec2): Correctly identify netplan renderer (#5361)
        (LP: #2066985)
    + test fixes in debian/patches:
      - cpick-74dc7cce: test: Fix failing test_ec2.py test (#5324)

 -- James Falcon <email address hidden> Wed, 05 Jun 2024 12:37:32 -0500

Changed in cloud-init (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 24.1.3-0ubuntu1~23.10.6

---------------
cloud-init (24.1.3-0ubuntu1~23.10.6) mantic; urgency=medium

  * Upstream bug fix release based on 24.1.7
    + functional fixes in debian/patches:
      - cpick-417ee551: fix(ec2): Ensure metadata exists before configuring PBR.
        (LP: #2066979)
      - cpick-d6776632: fix: Check renderer for netplan-specific code (#5321)
      - cpick d771d1f4: fix(ec2): Correctly identify netplan renderer (#5361)
        (LP: #2066985)
    + test fixes in debian/patches:
      - cpick-74dc7cce: test: Fix failing test_ec2.py test (#5324)

 -- James Falcon <email address hidden> Wed, 05 Jun 2024 12:34:41 -0500

Changed in cloud-init (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 24.1.3-0ubuntu1~22.04.5

---------------
cloud-init (24.1.3-0ubuntu1~22.04.5) jammy; urgency=medium

  * Upstream bug fix release based on 24.1.7
    + functional fixes in debian/patches:
      - cpick-417ee551: fix(ec2): Ensure metadata exists before configuring PBR.
        (LP: #2066979)
      - cpick-d6776632: fix: Check renderer for netplan-specific code (#5321)
      - cpick-d771d1f4: fix(ec2): Correctly identify netplan renderer (#5361)
        (LP: #2066985)
    + test fixes in debian/patches:
      - cpick-74dc7cce: test: Fix failing test_ec2.py test (#5324)

 -- James Falcon <email address hidden> Wed, 05 Jun 2024 12:32:23 -0500

Changed in cloud-init (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 24.1.3-0ubuntu1~20.04.5

---------------
cloud-init (24.1.3-0ubuntu1~20.04.5) focal; urgency=medium

  * Upstream bug fix release based on 24.1.7
    + functional fixes in debian/patches:
      - cpick-417ee551: fix(ec2): Ensure metadata exists before configuring PBR.
        (LP: #2066979)
      - cpick-d6776632: fix: Check renderer for netplan-specific code (#5321)
        (LP: #2066985)
      - cpick d771d1f4: fix(ec2): Correctly identify netplan renderer (#5361)
        (LP: #2066985)
    + test fixes in debian/patches:
      - cpick-74dc7cce: test: Fix failing test_ec2.py test (#5324)

 -- James Falcon <email address hidden> Wed, 05 Jun 2024 12:40:38 -0500

Changed in cloud-init (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.