Ubuntu
cloud-init package

netplan apply triggers udev add events for every network interface

  1. Oracular (24.10)
  2. Bug #2071363
Bug #2071363 reported by Alberto Contreras
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init (Ubuntu)
Status tracked in Oracular
Oracular
Invalid
Undecided
Unassigned
netplan.io (Ubuntu)
Status tracked in Oracular
Oracular
Fix Released
Undecided
Unassigned

Bug Description

netplan.io version 1.0-3ubuntu1, on Ubuntu 24.10, triggers udev add events for every already present network interface:

```
$ lxc launch ubuntu-daily:o oo

# open `udevadm monitor` on another window within the container

o: # netplan apply

o: # udevadm monitor
monitor will print the received events for:
UDEV - the event which udev sends out after rule processing
KERNEL - the kernel uevent

KERNEL[23616.687850] add /devices/virtual/net/eth0 (net)
KERNEL[23616.687890] add /devices/virtual/net/lo (net)
UDEV [23616.691806] add /devices/virtual/net/lo (net)
UDEV [23616.697810] add /devices/virtual/net/eth0 (net)
```

This is wrong by its own, but, with cloud-init on aws images is even worse because:

cloud-init installs the following udev rules to configure hotplugged nics:

```
# cat /etc/udev/rules.d/90-cloud-init-hook-hotplug.rules
# Installed by cloud-init due to network hotplug userdata
ACTION!="add|remove", GOTO="cloudinit_end"

ENV{ID_NET_DRIVER}=="vif|ena|ixgbevf", GOTO="cloudinit_hook"
GOTO="cloudinit_end"

LABEL="cloudinit_hook"
SUBSYSTEM=="net", RUN+="/usr/lib/cloud-init/hook-hotplug"
LABEL="cloudinit_end"

```

which gets triggered by the udev add events, and hook-hotplug instructs cloud-init to configure the new nic, and during that reconfiguration `netplan apply` is called by cloud-init, which starts an infinite loop.

Related branches

~danilogondolfo/netplan/+git/ubuntu:noble_1.0.1-1ubuntu1
Lukas Märdian: Approve
Ubuntu Core Development Team: Pending requested
Diff: 9520 lines (+2927/-1381)
72 files modified
.github/workflows/autopkgtest.yml (+5/-1)
.github/workflows/build-abi.yml (+1/-0)
.github/workflows/check-address-sanitizer.yml (+1/-0)
.github/workflows/check-coverage.yml (+1/-0)
.github/workflows/coverity.yml (+1/-0)
.github/workflows/debci.yml (+1/-1)
.github/workflows/snapd.patch (+4/-4)
.github/workflows/spread.yml (+5/-1)
README.md (+3/-3)
debian/changelog (+73/-0)
debian/control (+1/-0)
debian/copyright (+1/-1)
debian/patches/0002-CLI-apply-call-udevadm-trigger-using-action-add-Clos.patch (+72/-0)
debian/patches/0003-Revert-wait-online-disabled-wait-online-for-stable-1.patch (+155/-0)
debian/patches/0004-generate-avoid-calling-udevadm-control-reload-LP-199.patch (+82/-0)
debian/patches/series (+3/-16)
debian/tests/control (+1/-1)
dev/null (+0/-386)
doc/.sphinx/requirements.txt (+1/-0)
doc/conf.py (+0/-1)
doc/creating-link-aggregation.md (+86/-0)
doc/howto.md (+26/-14)
doc/matching-interface-by-mac-address.md (+85/-0)
doc/netplan-generate.md (+2/-2)
doc/netplan-status.md (+3/-3)
doc/netplan-tutorial.md (+239/-533)
doc/netplan-yaml.md (+6/-5)
doc/tutorial.md (+2/-0)
doc/using-static-ip-addresses.md (+128/-0)
meson.build (+1/-1)
netplan_cli/__init__.py (+1/-1)
netplan_cli/cli/commands/apply.py (+0/-4)
netplan_cli/cli/commands/generate.py (+10/-1)
netplan_cli/cli/core.py (+2/-2)
netplan_cli/cli/sriov.py (+107/-56)
netplan_cli/cli/state_diff.py (+1/-1)
netplan_cli/cli/utils.py (+1/-1)
python-cffi/netplan/__init__.py (+5/-5)
spread.yaml (+1/-0)
src/generate.c (+25/-10)
src/networkd.c (+219/-58)
src/networkd.h (+5/-0)
src/nm.c (+18/-12)
src/openvswitch.c (+14/-10)
src/parse-nm.c (+15/-0)
src/parse.c (+115/-40)
src/sriov.c (+16/-5)
src/util-internal.h (+12/-0)
src/util.c (+116/-4)
src/validation.c (+4/-3)
src/yaml-helpers.h (+1/-0)
tests/cli/test_get_set.py (+2/-0)
tests/cli_legacy.py (+1/-2)
tests/ctests/meson.build (+1/-0)
tests/ctests/test_netplan_keyfile.c (+65/-0)
tests/ctests/test_netplan_misc.c (+45/-0)
tests/ctests/test_netplan_networkd.c (+74/-0)
tests/ctests/test_netplan_parser.c (+51/-0)
tests/generator/base.py (+3/-0)
tests/generator/test_args.py (+106/-5)
tests/generator/test_auth.py (+11/-11)
tests/generator/test_bonds.py (+14/-0)
tests/generator/test_common.py (+144/-9)
tests/generator/test_ovs.py (+82/-0)
tests/generator/test_wifis.py (+61/-90)
tests/integration/base.py (+93/-0)
tests/integration/diff.py (+2/-2)
tests/integration/ethernets.py (+46/-3)
tests/netplan_dbus/test_dbus.py (+6/-6)
tests/parser/test_keyfile.py (+39/-0)
tests/test_sriov.py (+403/-66)
tests/test_utils.py (+1/-1)

CVE References

Revision history for this message
Alberto Contreras (aciba) wrote :

cloud-init logs on aws

Changed in cloud-init (Ubuntu Oracular):
status: New → Invalid
Revision history for this message
Alberto Contreras (aciba) wrote :

Marking cloud-init as invalid, as the problem is not caused by it directly.

Chad Smith (chad.smith)
summary: - netplan apply triggers udev add events for every network interfdace
+ netplan apply triggers udev add events for every network interface
Revision history for this message
Lukas Märdian (slyon) wrote (last edit ):

Might be related to https://github.com/canonical/netplan/pull/479 (parts of it landed in the oracular package already)

tags: added: fr-8086
Lukas Märdian (slyon)
tags: added: foundations-todo
Revision history for this message
Lukas Märdian (slyon) wrote :

systemd-udevd does not apply ethtool changes, that are defined in a .link file, on a CHANGE uevent anymore, as of systemd v265.

It still seems to apply those changes for ADD, BIND & MOVE udev actions, though. Going with a MOVE action seems more senstible here, as that should cover all the cases Netplan needs and avoid triggering the above mentioned cloud-init rule, running on ADD uevents.

Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.8 KiB)

This bug was fixed in the package netplan.io - 1.0.1-1ubuntu1

---------------
netplan.io (1.0.1-1ubuntu1) oracular; urgency=medium

  * Merge from Debian unstable. Remaining changes:
    - d/p/0003-Revert-wait-online-disabled-wait-online-for-stable-1.patch:
      Fix wait-online via s-n-wait-online.service.d/10-netplan.
    - d/libnetplan1.symbols: Update for new (private) symbol

netplan.io (1.0.1-1) unstable; urgency=medium

  * New upstream release: 1.0.1:
    - sriov: accept setting the eswitch mode without VFs (LP: #2020409)
    - cli/sriov: refactoring
    - tests: use proper 0o600 file permissions in more places
    - doc: Adding missing 'watchfiles' dependency for Sphinx
    - doc: Minor fixes in lang. and mark-up in YAML reference
    - doc: Tutorial reorg & lang. + formatting improvements
    - networkd: add wait-online enumeration utils
    - generate: enable systemd-networkd-wait-online for non-optional interfaces
    - CLI:utils: Do not ask for daemon-reload password interactively
    - CLI:generate: call daemon-reload after (re-)generating services
    - wait-online: Do not block on loopback interface
    - generate: Do not touch wait-online, if we don't have any networkd NetDefs
    - wait-online: wait for existing interfaces only and downgrade operational
      state for interfaces without IP configuration
    - wait-online: account for DHCPv4/v6 addresses
    - wait-online: do not require virtual devices to be created already
    - wait-online: recognize that bridge/bond members will never gain
      link-local addresses
    - networkd:apply: Drop handling of legacy wpa@ instance units
    - wait-online: disabled wait-online for stable 1.0
    - test:integration: Try to improve test flakyness
    - autopkgtest: More fixes for flaky 'ethernets' test
    - Increase some test timeouts to account for slow (riscv64) buildds
    SECURITY UPDATE:
    - libnetplan: use more restrictive file permissions
      (Closes: #1072789, LP: #2065738, LP: #1987842)
    - CVE-2022-4968
    - libnetplan: escape control characters
    - backends: escape file paths
    - backends: escape semicolons in service units (LP: #2066258)
    Bug fixes:
    - cli: Fix logging setup when python-rich is not present
    - CI: fix DebCI case for no-change rebuilds
    - CI: adopt autopkgtest for 1.0-1 on 22.04
    - doc: Update README, move CODE_OF_CONDUCT
    - doc: fix en_GB spelling
    - CI: adopt snapd.patch for autopkgtest SRU (LP: #2051939)
    - parse-nm: add a workaround for the DoT DNS option (LP: #2055148)
    - CI: Install netplan-ci PPA
    - parse: don't remove datalist items during iteration
    - ATTN: parse/bonds: handle same primary in multiple bonds
    - parse/bonds: don't fail on primary reassignment
    - cli/sriov: set eswitch regardless of pcidev.vfs
    - doc: Fix wrong bonds.parameters.mode syntax in example
    - parse: fix redefinition of gateway(4|6)
    - doc:tutorial: fix whitespace formatting
    - util: fix potential NULL pointer assert
    - python: elements of __all__ must be strings
    - tests: fix diff test with iproute2 6.8
    - cli/generate: skip daemon_reload with --mapping
    - test: cleanup after wait_online tes...

Read more...

Changed in netplan.io (Ubuntu Oracular):
status: New → Fix Released
Revision history for this message
Alberto Contreras (aciba) wrote :

Thanks for the work here. I can confirm that netplan.io 1.0.1-1ubuntu1 triggers the following udev events while `netplan apply` which fixes the issue:

KERNEL[318.736089] move /devices/pci0000:00/0000:00:05.0/net/ens5 (net)
KERNEL[318.736131] move /devices/virtual/net/lo (net)
UDEV [318.738939] move /devices/virtual/net/lo (net)
UDEV [318.740502] move /devices/pci0000:00/0000:00:05.0/net/ens5 (net)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.