ec2: Do not enable DHCPv6 on EC2

Enabling DHCPv6 by default on EC2 leads to instance with broken IPv6
connectivity. AWS provides the IP address via DHCPv6 and SLAAC, but
router advertisements are not accepted if the instance has DHCPv6
configured. The accept_ra value is set to 0.

Removing the `dhcp` option from `ipv6.method` and simply using `auto`
(the default) allows the instance to pick up its IPv6 address and accept
router advertisements from the AWS network.

RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2092459
Pagure: https://pagure.io/cloud-sig/issue/382
Upstream: https://bugs.launchpad.net/cloud-init/+bug/1976526?comments=all

Signed-off-by: Major Hayden <major@redhat.com>
This commit is contained in:
Major Hayden 2023-03-28 17:20:20 -05:00
parent a96d2826de
commit 7721cbf1e2
No known key found for this signature in database
2 changed files with 122 additions and 1 deletions

View File

@ -0,0 +1,114 @@
From 02d0c4852feddb0715cb515e5e552351df3d9e5f Mon Sep 17 00:00:00 2001
From: Major Hayden <major@redhat.com>
Date: Tue, 28 Mar 2023 17:16:41 -0500
Subject: [PATCH] ec2: Do not enable dhcp6 on EC2
When cloud-init finds any ipv6 information in the instance metadata, it
automatically enables dhcp6 for the network interface. However, this
brings up the instance with a broken IPv6 configuration because SLAAC
should be used for almost all situations on EC2.
Red Hat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2092459
Fedora Pagure: https://pagure.io/cloud-sig/issue/382
Upstream: https://bugs.launchpad.net/cloud-init/+bug/1976526
Signed-off-by: Major Hayden <major@redhat.com>
---
cloudinit/sources/DataSourceEc2.py | 5 -----
tests/unittests/sources/test_ec2.py | 15 +++++++--------
2 files changed, 7 insertions(+), 13 deletions(-)
diff --git a/cloudinit/sources/DataSourceEc2.py b/cloudinit/sources/DataSourceEc2.py
index 44665b26..b78b3e99 100644
--- a/cloudinit/sources/DataSourceEc2.py
+++ b/cloudinit/sources/DataSourceEc2.py
@@ -921,8 +921,6 @@ def convert_ec2_metadata_network_config(
"set-name": nic_name,
}
nic_metadata = macs_metadata.get(mac)
- if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured
- dev_config["dhcp6"] = True
netcfg["ethernets"][nic_name] = dev_config
return netcfg
# Apply network config for all nics and any secondary IPv4/v6 addresses
@@ -942,9 +940,6 @@ def convert_ec2_metadata_network_config(
"match": {"macaddress": mac.lower()},
"set-name": nic_name,
}
- if nic_metadata.get("ipv6s"): # Any IPv6 addresses configured
- dev_config["dhcp6"] = True
- dev_config["dhcp6-overrides"] = dhcp_override
dev_config["addresses"] = get_secondary_addresses(nic_metadata, mac)
if not dev_config["addresses"]:
dev_config.pop("addresses") # Since we found none configured
diff --git a/tests/unittests/sources/test_ec2.py b/tests/unittests/sources/test_ec2.py
index 3fe525e3..9721cab2 100644
--- a/tests/unittests/sources/test_ec2.py
+++ b/tests/unittests/sources/test_ec2.py
@@ -432,7 +432,7 @@ class TestEc2(test_helpers.ResponsesTestCase):
"match": {"macaddress": "06:17:04:d7:26:09"},
"set-name": "eth9",
"dhcp4": True,
- "dhcp6": True,
+ "dhcp6": False,
}
},
}
@@ -513,7 +513,7 @@ class TestEc2(test_helpers.ResponsesTestCase):
"2600:1f16:292:100:f153:12a3:c37c:11f9/128",
],
"dhcp4": True,
- "dhcp6": True,
+ "dhcp6": False,
}
},
}
@@ -593,7 +593,7 @@ class TestEc2(test_helpers.ResponsesTestCase):
"match": {"macaddress": mac1},
"set-name": "eth9",
"dhcp4": True,
- "dhcp6": True,
+ "dhcp6": False,
}
},
}
@@ -1000,7 +1000,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
"match": {"macaddress": self.mac1},
"set-name": "eth9",
"dhcp4": True,
- "dhcp6": True,
+ "dhcp6": False,
}
},
}
@@ -1077,7 +1077,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
"match": {"macaddress": self.mac1},
"set-name": "eth9",
"dhcp4": True,
- "dhcp6": True,
+ "dhcp6": False,
}
},
}
@@ -1107,8 +1107,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
"set-name": "eth9",
"dhcp4": True,
"dhcp4-overrides": {"route-metric": 100},
- "dhcp6": True,
- "dhcp6-overrides": {"route-metric": 100},
+ "dhcp6": False,
},
"eth10": {
"match": {"macaddress": mac2},
@@ -1139,7 +1138,7 @@ class TestConvertEc2MetadataNetworkConfig(test_helpers.CiTestCase):
"match": {"macaddress": self.mac1},
"set-name": "eth9",
"dhcp4": True,
- "dhcp6": True,
+ "dhcp6": False,
}
},
}
--
2.39.2

View File

@ -6,7 +6,7 @@
Name: cloud-init Name: cloud-init
Version: 23.1.2 Version: 23.1.2
Release: 5%{?dist} Release: 6%{?dist}
Summary: Cloud instance init scripts Summary: Cloud instance init scripts
License: Apache-2.0 or GPL-3.0-only License: Apache-2.0 or GPL-3.0-only
URL: https://github.com/canonical/cloud-init URL: https://github.com/canonical/cloud-init
@ -25,6 +25,10 @@ Patch2: Fedora-Enable-CA-handling.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2068529 # https://bugzilla.redhat.com/show_bug.cgi?id=2068529
Patch3: multiple-nameservers.patch Patch3: multiple-nameservers.patch
# Enabling dhcp6 on EC2 causes a broken IPv6 configuration.
# See RHBZ 2092459.
Patch4: Do-not-enable-dhcp6-on-EC2.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: pkgconfig(systemd) BuildRequires: pkgconfig(systemd)
@ -200,6 +204,9 @@ python3 -m pytest tests/unittests
%changelog %changelog
* Tue May 16 2023 Major Hayden <major@redhat.com> - 23.1.2-6
- Add patch to disable DHCPv6 on EC2 to fix BZ 2092459.
* Tue May 16 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 23.1.2-5 * Tue May 16 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 23.1.2-5
- Disable tests by default in RHEL builds - Disable tests by default in RHEL builds