diff --git a/SOURCES/ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch b/SOURCES/ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch new file mode 100644 index 0000000..b0387f2 --- /dev/null +++ b/SOURCES/ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch @@ -0,0 +1,60 @@ +From 5d6674508c6478fa2ca3d8c5d39b533a0bbb317a Mon Sep 17 00:00:00 2001 +From: Emanuele Giuseppe Esposito +Date: Thu, 20 May 2021 08:53:55 +0200 +Subject: [PATCH] rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set + in cloud.cfg + +RH-Author: Ani Sinha +RH-MergeRequest: 113: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg +RH-Jira: RHEL-16572 +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Emanuele Giuseppe Esposito +RH-Commit: [1/1] f506bf58dc5458f50624342ec33bcd390aa0b719 (anisinha/rhel-cloud-init) + +RH-Author: Emanuele Giuseppe Esposito +RH-MergeRequest: 10: rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set in cloud.cfg +RH-Commit: [1/1] 6da989423b9b6e017afbac2f1af3649b0487310f +RH-Bugzilla: 1957532 +RH-Acked-by: Eduardo Otubo +RH-Acked-by: Cathy Avery +RH-Acked-by: Vitaly Kuznetsov +RH-Acked-by: Mohamed Gamal Morsy + +Currently genkeytypes in cloud.cfg is set to None, so together with +ssh_deletekeys=1 cloudinit on first boot it will just delete the existing +keys and not generate new ones. + +Just removing that property in cloud.cfg is not enough, because +settings.py provides another empty default value that will be used +instead, resulting to no key generated even when the property is not defined. + +Removing genkeytypes also in settings.py will default to GENERATE_KEY_NAMES, +but since we want only 'rsa', 'ecdsa' and 'ed25519', add back genkeytypes in +cloud.cfg with the above defaults. + +Also remove ssh_deletekeys in settings.py as we always need +to 1 (and it also defaults to 1). + +Signed-off-by: Emanuele Giuseppe Esposito +(cherry picked from commit b545a0cbabe8924d048b7172b30e7aad59ed32d5) +(cherry picked from commit 855dec5dcc0892c0f7cedf06b025a794769a2a8d) +--- + cloudinit/settings.py | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/cloudinit/settings.py b/cloudinit/settings.py +index a36c518d..859ad546 100644 +--- a/cloudinit/settings.py ++++ b/cloudinit/settings.py +@@ -55,8 +55,6 @@ CFG_BUILTIN = { + "log_cfgs": [], + "syslog_fix_perms": [], + "mount_default_fields": [None, None, "auto", "defaults,nofail", "0", "2"], +- "ssh_deletekeys": False, +- "ssh_genkeytypes": [], + "system_info": { + "paths": { + "cloud_dir": "/var/lib/cloud", +-- +2.41.0 + diff --git a/SOURCES/net-nm-check-for-presence-of-ifcfg.patch b/SOURCES/net-nm-check-for-presence-of-ifcfg.patch new file mode 100644 index 0000000..1f3cbbc --- /dev/null +++ b/SOURCES/net-nm-check-for-presence-of-ifcfg.patch @@ -0,0 +1,112 @@ +From d1d5166895da471cff3606c70d4e8ab6eec1c006 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 7 Dec 2023 02:39:51 +0530 +Subject: [PATCH] net/nm: check for presence of ifcfg files when nm connection + files are absent (#4645) + +On systems that use network manager to manage connections and activate network +interfaces, they may also use ifcfg files for configuring +interfaces using ifcfg-rh network manager plugin. When network manager is used +as the activator, we need to also check for the presence of ifcfg interface +config file when the network manager connection file is absent and if ifcfg-rh +plugin is present. +Hence, with this change, network manager activator first tries to use network +manager connection files to bring up or bring down the interface. If the +connection files are not present and if ifcfg-rh plugin is present, it tries to +use ifcfg files for the interface. If the plugin or the ifcfg files are not +present, the activator fails to activate or deactivate the interface and it +bails out with warning log. + +Fixes: GH-4640 + +Signed-off-by: Ani Sinha +--- + cloudinit/net/activators.py | 7 +++++++ + cloudinit/net/network_manager.py | 33 ++++++++++++++++++++++++++++++-- + 2 files changed, 38 insertions(+), 2 deletions(-) + +diff --git a/cloudinit/net/activators.py b/cloudinit/net/activators.py +index e69da40d371..dd85886212c 100644 +--- a/cloudinit/net/activators.py ++++ b/cloudinit/net/activators.py +@@ -135,6 +135,13 @@ class NetworkManagerActivator(NetworkActivator): + from cloudinit.net.network_manager import conn_filename + + filename = conn_filename(device_name) ++ if filename is None: ++ LOG.warning( ++ "Unable to find an interface config file. " ++ "Unable to bring up interface." ++ ) ++ return False ++ + cmd = ["nmcli", "connection", "load", filename] + if _alter_interface(cmd, device_name): + cmd = ["nmcli", "connection", "up", "filename", filename] +diff --git a/cloudinit/net/network_manager.py b/cloudinit/net/network_manager.py +index 8a99eb3a1c5..76a0ac15eaa 100644 +--- a/cloudinit/net/network_manager.py ++++ b/cloudinit/net/network_manager.py +@@ -17,10 +17,12 @@ from cloudinit import log as logging + from cloudinit import subp, util + from cloudinit.net import is_ipv6_address, renderer, subnet_is_ipv6 + from cloudinit.net.network_state import NetworkState ++from cloudinit.net.sysconfig import available_nm_ifcfg_rh + + NM_RUN_DIR = "/etc/NetworkManager" + NM_LIB_DIR = "/usr/lib/NetworkManager" + NM_CFG_FILE = "/etc/NetworkManager/NetworkManager.conf" ++IFCFG_CFG_FILE = "/etc/sysconfig/network-scripts" + NM_IPV6_ADDR_GEN_CONF = """# This is generated by cloud-init. Do not edit. + # + [.config] +@@ -374,7 +376,7 @@ class Renderer(renderer.Renderer): + for con_id, conn in self.connections.items(): + if not conn.valid(): + continue +- name = conn_filename(con_id, target) ++ name = nm_conn_filename(con_id, target) + util.write_file(name, conn.dump(), 0o600) + + # Select EUI64 to be used by default by NM for creating the address +@@ -384,12 +386,39 @@ class Renderer(renderer.Renderer): + ) + + +-def conn_filename(con_id, target=None): ++def nm_conn_filename(con_id, target=None): + target_con_dir = subp.target_path(target, NM_RUN_DIR) + con_file = f"cloud-init-{con_id}.nmconnection" + return f"{target_con_dir}/system-connections/{con_file}" + + ++def sysconfig_conn_filename(devname, target=None): ++ target_con_dir = subp.target_path(target, IFCFG_CFG_FILE) ++ con_file = f"ifcfg-{devname}" ++ return f"{target_con_dir}/{con_file}" ++ ++ ++def conn_filename(devname): ++ """ ++ This function returns the name of the interface config file. ++ It first checks for presence of network manager connection file. ++ If absent and ifcfg-rh plugin for network manager is available, ++ it returns the name of the ifcfg file if it is present. If the ++ plugin is not present or the plugin is present but ifcfg file is ++ not, it returns None. ++ This function is called from NetworkManagerActivator class in ++ activators.py. ++ """ ++ conn_file = nm_conn_filename(devname) ++ # If the network manager connection file is absent, also check for ++ # presence of ifcfg files for the same interface (if nm-ifcfg-rh plugin is ++ # present, network manager can handle ifcfg files). If both network manager ++ # connection file and ifcfg files are absent, return None. ++ if not os.path.isfile(conn_file) and available_nm_ifcfg_rh(): ++ conn_file = sysconfig_conn_filename(devname) ++ return conn_file if os.path.isfile(conn_file) else None ++ ++ + def cloud_init_nm_conf_filename(target=None): + target_con_dir = subp.target_path(target, NM_RUN_DIR) + conf_file = "30-cloud-init-ip6-addr-gen-mode.conf" diff --git a/SOURCES/tests-unittests-add-a-new-unit-test.patch b/SOURCES/tests-unittests-add-a-new-unit-test.patch new file mode 100644 index 0000000..105b957 --- /dev/null +++ b/SOURCES/tests-unittests-add-a-new-unit-test.patch @@ -0,0 +1,129 @@ +From bb474df78bfe45ea5f05907eb710e8d5de764fc8 Mon Sep 17 00:00:00 2001 +From: Ani Sinha +Date: Thu, 7 Dec 2023 21:03:13 +0530 +Subject: [PATCH] tests/unittests: add a new unit test for network manager net + activator (#4672) + +Some changes in behavior in network manager net activator was brought in with +the commit +d1d5166895da ("net/nm: check for presence of ifcfg files when nm connection files are absent") + +This change adds some unit tests that exercizes network manager activator's +bring_up_interface() method that tests failure scenarios as well as cases +where an ifcfg file is used to bring the interface up. + +Signed-off-by: Ani Sinha +--- + tests/unittests/test_net_activators.py | 103 +++++++++++++++++++++++++ + 1 file changed, 103 insertions(+) + +diff --git a/tests/unittests/test_net_activators.py b/tests/unittests/test_net_activators.py +index 2a363ec415b..d53701efafb 100644 +--- a/tests/unittests/test_net_activators.py ++++ b/tests/unittests/test_net_activators.py +@@ -347,3 +347,105 @@ class TestActivatorsBringDown: + activator.bring_down_all_interfaces(network_state) + for call in m_subp.call_args_list: + assert call in expected_call_list ++ ++class TestNetworkManagerActivatorBringUp: ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=True, ++ ) ++ @patch("os.path.isfile") ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_nm_conn( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ There is no network manager connection file but ifcfg-rh plugin is ++ present and ifcfg interface config files are also present. In this ++ case, we should use ifcfg files. ++ """ ++ ++ def fake_isfile_no_nmconn(filename): ++ return False if filename.endswith(".nmconnection") else True ++ ++ m_isfile.side_effect = fake_isfile_no_nmconn ++ ++ expected_call_list = [ ++ ( ++ ( ++ [ ++ "nmcli", ++ "connection", ++ "load", ++ "".join( ++ [ ++ "/etc/sysconfig/network-scripts/ifcfg-eth0", ++ ] ++ ), ++ ], ++ ), ++ {}, ++ ), ++ ( ++ ( ++ [ ++ "nmcli", ++ "connection", ++ "up", ++ "filename", ++ "".join( ++ [ ++ "/etc/sysconfig/network-scripts/ifcfg-eth0", ++ ] ++ ), ++ ], ++ ), ++ {}, ++ ), ++ ] ++ ++ index = 0 ++ assert NetworkManagerActivator.bring_up_interface("eth0") ++ for call in m_subp.call_args_list: ++ assert call == expected_call_list[index] ++ index += 1 ++ ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=False, ++ ) ++ @patch("os.path.isfile") ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_plugin_no_nm_conn( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ The ifcfg-rh plugin is absent and nmconnection file is also ++ not present. In this case, we can't use ifcfg file and the ++ interface bring up should fail. ++ """ ++ ++ def fake_isfile_no_nmconn(filename): ++ return False if filename.endswith(".nmconnection") else True ++ ++ m_isfile.side_effect = fake_isfile_no_nmconn ++ assert not NetworkManagerActivator.bring_up_interface("eth0") ++ ++ @patch("cloudinit.subp.subp", return_value=("", "")) ++ @patch( ++ "cloudinit.net.network_manager.available_nm_ifcfg_rh", ++ return_value=True, ++ ) ++ @patch("os.path.isfile", return_value=False) ++ @patch("os.path.exists", return_value=True) ++ def test_bring_up_interface_no_conn_file( ++ self, m_exists, m_isfile, m_plugin, m_subp ++ ): ++ """ ++ Neither network manager connection files are present nor ++ ifcfg files are present. Even if ifcfg-rh plugin is present, ++ we can not bring up the interface. So bring_up_interface() ++ should fail. ++ """ ++ assert not NetworkManagerActivator.bring_up_interface("eth0") diff --git a/SPECS/cloud-init.spec b/SPECS/cloud-init.spec index 01df6f7..29f8b18 100644 --- a/SPECS/cloud-init.spec +++ b/SPECS/cloud-init.spec @@ -6,7 +6,7 @@ Name: cloud-init Version: 23.1.1 -Release: 10%{?dist}.alma.1 +Release: 11%{?dist}.1.alma.1 Summary: Cloud instance init scripts Group: System Environment/Base @@ -55,6 +55,14 @@ Patch29: ci-DS-VMware-modify-a-few-log-level-4284.patch # For bz#2229460 - [rhel-8.9] [RFE] Configure "ipv6.addr-gen-mode=eui64' as default in NetworkManager Patch30: ci-NM-renderer-set-default-IPv6-addr-gen-mode-for-all-i.patch +# Patches were taken from: +# https://github.com/canonical/cloud-init/commit/d1d5166895da471cff3606c70d4e8ab6eec1c006 +Patch31: net-nm-check-for-presence-of-ifcfg.patch +# https://gitlab.com/redhat/centos-stream/rpms/cloud-init/-/commit/46b71b3a2dd8fb9cff34dbc217f5f4a69bad08cb +Patch32: ci-rhel-cloud.cfg-remove-ssh_genkeytypes-in-settings.py.patch +# https://github.com/canonical/cloud-init/commit/bb474df78bfe45ea5f05907eb710e8d5de764fc8 +Patch33: tests-unittests-add-a-new-unit-test.patch + # AlmaLinux OS patches Patch100: 0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch @@ -275,6 +283,14 @@ fi %config(noreplace) %{_sysconfdir}/rsyslog.d/21-cloudinit.conf %changelog +* Mon Jan 15 2023 Eduard Abdullin - 23.1.1-11.1.alma.1 +- tests/unittests: add a new unit test for network manager net + activator +- rhel/cloud.cfg: remove ssh_genkeytypes in settings.py and set + in cloud.cfg +- net/nm: check for presence of ifcfg files when nm connection + files are absent + * Tue Oct 10 2023 Elkhan Mammadli - 23.1.1-10.alma.1 - 0001-Improvements-for-AlmaLinux-OS-and-CloudLinux-OS.patch