diff --git a/cloudinit/sources/DataSourceHetzner.py b/cloudinit/sources/DataSourceHetzner.py index 53a950f8e94..2aaba2a5435 100644 --- a/cloudinit/sources/DataSourceHetzner.py +++ b/cloudinit/sources/DataSourceHetzner.py @@ -9,81 +9,149 @@ import logging import cloudinit.sources.helpers.hetzner as hc_helper -from cloudinit import dmi, net, sources, util +from cloudinit import dmi, net, sources, url_helper, util +from cloudinit.event import EventScope, EventType from cloudinit.net.dhcp import NoDHCPLeaseError -from cloudinit.net.ephemeral import EphemeralDHCPv4 +from cloudinit.net.ephemeral import EphemeralIPNetwork LOG = logging.getLogger(__name__) -BASE_URL_V1 = "http://169.254.169.254/hetzner/v1" - BUILTIN_DS_CONFIG = { - "metadata_url": BASE_URL_V1 + "/metadata", - "userdata_url": BASE_URL_V1 + "/userdata", + "metadata_path": "metadata", + "metadata_private_networks_path": "metadata/private-networks", + "userdata_path": "userdata", } MD_RETRIES = 60 MD_TIMEOUT = 2 MD_WAIT_RETRY = 2 +MD_MAX_WAIT = 120 +MD_SLEEP_TIME = 2 +# Do not re-configure the network on non-Hetzner network interface +# changes. Currently, Hetzner private network addresses start with 0x86. +EXTRA_HOTPLUG_UDEV_RULES = """ +SUBSYSTEM=="net", ATTR{address}=="86:*", GOTO="cloudinit_hook" +GOTO="cloudinit_end" +""" -class DataSourceHetzner(sources.DataSource): +def base_urls_v1(): + return ( + f"http://[fe80::a9fe:a9fe%25{net.find_fallback_nic()}]/hetzner/v1/", + "http://169.254.169.254/hetzner/v1/", + ) + + +class DataSourceHetzner(sources.DataSource): dsname = "Hetzner" + default_update_events = { + EventScope.NETWORK: { + EventType.BOOT_NEW_INSTANCE, + EventType.BOOT, + EventType.HOTPLUG, + } + } + def __init__(self, sys_cfg, distro, paths): sources.DataSource.__init__(self, sys_cfg, distro, paths) self.distro = distro - self.metadata = dict() + self.metadata = {} self.ds_cfg = util.mergemanydict( [ util.get_cfg_by_path(sys_cfg, ["datasource", "Hetzner"], {}), BUILTIN_DS_CONFIG, ] ) - self.metadata_address = self.ds_cfg["metadata_url"] - self.userdata_address = self.ds_cfg["userdata_url"] + self.metadata_path = self.ds_cfg["metadata_path"] + self.metadata_private_networks_path = self.ds_cfg[ + "metadata_private_networks_path" + ] + self.userdata_path = self.ds_cfg["userdata_path"] self.retries = self.ds_cfg.get("retries", MD_RETRIES) self.timeout = self.ds_cfg.get("timeout", MD_TIMEOUT) self.wait_retry = self.ds_cfg.get("wait_retry", MD_WAIT_RETRY) + self.max_wait = self.ds_cfg.get("max_wait", MD_MAX_WAIT) + self.sleep_time = self.ds_cfg.get("sleep_time", MD_SLEEP_TIME) self._network_config = sources.UNSET self.dsmode = sources.DSMODE_NETWORK self.metadata_full = None + self.extra_hotplug_udev_rules = EXTRA_HOTPLUG_UDEV_RULES + + def _unpickle(self, ci_pkl_version: int) -> None: + super()._unpickle(ci_pkl_version) + self.extra_hotplug_udev_rules = EXTRA_HOTPLUG_UDEV_RULES + self.wait_retry = self.ds_cfg.get("wait_retry", MD_WAIT_RETRY) + self.max_wait = self.ds_cfg.get("max_wait", MD_MAX_WAIT) + self.sleep_time = self.ds_cfg.get("sleep_time", MD_SLEEP_TIME) + self.metadata_path = self.ds_cfg["metadata_path"] + self.metadata_private_networks_path = self.ds_cfg[ + "metadata_private_networks_path" + ] + self.userdata_path = self.ds_cfg["userdata_path"] + def _get_data(self): (on_hetzner, serial) = get_hcloud_data() if not on_hetzner: return False + base_urls = base_urls_v1() try: - with EphemeralDHCPv4( + with EphemeralIPNetwork( self.distro, - iface=net.find_fallback_nic(), + interface=net.find_fallback_nic(), + ipv4=True, + ipv6=True, connectivity_urls_data=[ { - "url": BASE_URL_V1 + "/metadata/instance-id", + "url": url_helper.combine_url( + url, f"{self.metadata_path}/instance-id" + ) } + for url in base_urls ], ): - md = hc_helper.read_metadata( - self.metadata_address, + url, contents = hc_helper.get_metadata( + [ + url_helper.combine_url(url, self.metadata_path) + for url in base_urls + ], + max_wait=self.max_wait, timeout=self.timeout, - sec_between=self.wait_retry, - retries=self.retries, + sleep_time=self.sleep_time, ) - ud = hc_helper.read_userdata( - self.userdata_address, + LOG.debug("Using metadata source: '%s'", url) + md = util.load_yaml(contents.decode(), allowed=(dict, list)) + url, contents = hc_helper.get_metadata( + [ + url_helper.combine_url( + url, self.metadata_private_networks_path + ) + for url in base_urls + ], + max_wait=self.max_wait, timeout=self.timeout, - sec_between=self.wait_retry, - retries=self.retries, + sleep_time=self.sleep_time, ) - pn = hc_helper.read_metadata( - self.metadata_address + "/private-networks", + LOG.debug("Using private_networks source: '%s'", url) + md["private-networks"] = util.load_yaml( + contents.decode(), allowed=(dict, list) + ) + url, ud = hc_helper.get_metadata( + [ + url_helper.combine_url(url, self.userdata_path) + for url in base_urls + ], + max_wait=self.max_wait, timeout=self.timeout, - sec_between=self.wait_retry, - retries=self.retries, + sleep_time=self.sleep_time, ) + LOG.debug("Using userdata source: '%s'", url) + if not ud: + LOG.debug("Got empty userdata") except NoDHCPLeaseError as e: LOG.error("Bailing, DHCP Exception: %s", e) raise @@ -105,7 +173,7 @@ def _get_data(self): self.metadata["local-hostname"] = md["hostname"] self.metadata["network-config"] = md.get("network-config", None) self.metadata["public-keys"] = md.get("public-keys", None) - self.metadata["private-networks"] = pn + self.metadata["private-networks"] = md.get("private-networks", []) self.vendordata_raw = md.get("vendor_data", None) # instance-id and serial from SMBIOS should be identical @@ -138,19 +206,37 @@ def network_config(self): if self._network_config != sources.UNSET: return self._network_config - _net_config = self.metadata["network-config"] - if not _net_config: + net_config = self.metadata["network-config"] + if not net_config: raise RuntimeError("Unable to get meta-data from server....") - self._network_config = _net_config - + private_networks = self.metadata.get("private-networks", []) + private_networks_config = [] + for private_network in private_networks: + private_networks_config.append( + { + "type": "physical", + "mac_address": private_network["mac_address"], + "name": hc_helper.get_interface_name_from_mac( + private_network["mac_address"] + ), + "subnets": [ + { + "ipv4": True, + "type": "dhcp", + } + ], + } + ) + net_config["config"].extend(private_networks_config) + self._network_config = net_config return self._network_config def get_hcloud_data(): vendor_name = dmi.read_dmi_data("system-manufacturer") if vendor_name != "Hetzner": - return (False, None) + return False, None serial = dmi.read_dmi_data("system-serial-number") if serial: @@ -158,7 +244,7 @@ def get_hcloud_data(): else: raise RuntimeError("Hetzner Cloud detected, but no serial found") - return (True, serial) + return True, serial # Used to match classes to dependencies diff --git a/cloudinit/sources/helpers/hetzner.py b/cloudinit/sources/helpers/hetzner.py index 50fbcb0468a..68abd4dc48d 100644 --- a/cloudinit/sources/helpers/hetzner.py +++ b/cloudinit/sources/helpers/hetzner.py @@ -3,22 +3,41 @@ # # This file is part of cloud-init. See LICENSE file for license information. -from cloudinit import url_helper, util +from typing import Optional, Tuple +from cloudinit import net, url_helper -def read_metadata(url, timeout=2, sec_between=2, retries=30): - response = url_helper.readurl( - url, timeout=timeout, sec_between=sec_between, retries=retries - ) - if not response.ok(): - raise RuntimeError("unable to read metadata at %s" % url) - return util.load_yaml(response.contents.decode(), allowed=(dict, list)) +def _skip_retry_on_empty_response(cause: url_helper.UrlError) -> bool: + return cause.code != 204 -def read_userdata(url, timeout=2, sec_between=2, retries=30): - response = url_helper.readurl( - url, timeout=timeout, sec_between=sec_between, retries=retries - ) - if not response.ok(): - raise RuntimeError("unable to read userdata at %s" % url) - return response.contents + +def get_metadata( + urls, + max_wait=120, + timeout=2, + sleep_time=2, +) -> Tuple[Optional[str], bytes]: + try: + url, contents = url_helper.wait_for_url( + urls=urls, + max_wait=max_wait, + timeout=timeout, + sleep_time=sleep_time, + # It is ok for userdata to not exist (that's why we are stopping if + # HTTP code is 204) and just in that case returning an empty + # string. + exception_cb=_skip_retry_on_empty_response, + ) + if not url: + raise RuntimeError("No data received from urls: '%s':" % urls) + return url, contents + except url_helper.UrlError as e: + if e.code == 204: + return e.url, b"" + raise + + +def get_interface_name_from_mac(mac: str) -> Optional[str]: + mac_to_iface = net.get_interfaces_by_mac() + return mac_to_iface.get(mac.lower()) diff --git a/doc/module-docs/cc_install_hotplug/data.yaml b/doc/module-docs/cc_install_hotplug/data.yaml index 2277c9f274a..abdac913a46 100644 --- a/doc/module-docs/cc_install_hotplug/data.yaml +++ b/doc/module-docs/cc_install_hotplug/data.yaml @@ -14,7 +14,7 @@ cc_install_hotplug: around this limitation, one can wait until cloud-init has completed before hotplugging devices. - Currently supported datasources: Openstack, EC2 + Currently supported datasources: Openstack, EC2, Hetzner examples: - comment: | Example 1: Enable hotplug of network devices diff --git a/tests/unittests/sources/test_hetzner.py b/tests/unittests/sources/test_hetzner.py index 268837562db..af0a893cd0f 100644 --- a/tests/unittests/sources/test_hetzner.py +++ b/tests/unittests/sources/test_hetzner.py @@ -10,8 +10,7 @@ from cloudinit.sources import DataSourceHetzner from tests.unittests.helpers import mock -METADATA = util.load_yaml( - """ +METADATA = b""" hostname: cloudinit-test instance-id: 123456 local-ipv4: '' @@ -45,13 +44,24 @@ test-key@workstation vendor_data: "test" """ -) USERDATA = b"""#cloud-config runcmd: - [touch, /root/cloud-init-worked ] """ +PRIVATE_NETWORKS = b""" +- ip: 10.1.0.2 + alias_ips: [] + interface_num: 2 + mac_address: 86:00:00:aa:5d:f8 + network_id: 11352901 + network_name: network-2 + network: 10.1.0.0/16 + subnet: 10.1.0.0/24 + gateway: 10.1.0.1 +""" + class TestDataSourceHetzner: """ @@ -68,16 +78,14 @@ def ds(self, paths, tmp_path): return ds @mock.patch("cloudinit.net.dhcp.maybe_perform_dhcp_discovery") - @mock.patch("cloudinit.sources.DataSourceHetzner.EphemeralDHCPv4") + @mock.patch("cloudinit.sources.DataSourceHetzner.EphemeralIPNetwork") @mock.patch("cloudinit.net.find_fallback_nic") - @mock.patch("cloudinit.sources.helpers.hetzner.read_metadata") - @mock.patch("cloudinit.sources.helpers.hetzner.read_userdata") + @mock.patch("cloudinit.sources.helpers.hetzner.get_metadata") @mock.patch("cloudinit.sources.DataSourceHetzner.get_hcloud_data") def test_read_data( self, m_get_hcloud_data, - m_usermd, - m_readmd, + m_get_metadata, m_fallback_nic, m_net, m_dhcp, @@ -85,10 +93,15 @@ def test_read_data( ): m_get_hcloud_data.return_value = ( True, - str(METADATA.get("instance-id")), + str(util.load_yaml(METADATA).get("instance-id")), ) - m_readmd.return_value = METADATA.copy() - m_usermd.return_value = USERDATA + # Use side_effect to return values for the three sequential calls to + # helpers.hetzner.get_metadata: metadata, private-networks, userdata + m_get_metadata.side_effect = [ + ("metadata_url", METADATA), + ("privnets_url", PRIVATE_NETWORKS), + ("userdata_url", USERDATA), + ] m_fallback_nic.return_value = "eth0" m_dhcp.return_value = [ { @@ -104,29 +117,45 @@ def test_read_data( m_net.assert_called_once_with( ds.distro, - iface="eth0", + interface="eth0", + ipv4=True, + ipv6=True, connectivity_urls_data=[ + { + "url": "http://[fe80::a9fe:a9fe%25eth0]/hetzner/v1/metadata/instance-id" + }, { "url": "http://169.254.169.254/hetzner/v1/metadata/instance-id" - } + }, ], ) - assert 0 != m_readmd.call_count + assert 0 != m_get_metadata.call_count - assert METADATA.get("hostname") == ds.get_hostname().hostname + assert ( + util.load_yaml(METADATA).get("hostname") + == ds.get_hostname().hostname + ) - assert METADATA.get("public-keys") == ds.get_public_ssh_keys() + assert ( + util.load_yaml(METADATA).get("public-keys") + == ds.get_public_ssh_keys() + ) + assert ds.metadata["private-networks"] == util.load_yaml( + PRIVATE_NETWORKS, allowed=(dict, list) + ) assert isinstance(ds.get_public_ssh_keys(), list) assert ds.get_userdata_raw() == USERDATA - assert ds.get_vendordata_raw() == METADATA.get("vendor_data") + assert ds.get_vendordata_raw() == util.load_yaml(METADATA).get( + "vendor_data" + ) - @mock.patch("cloudinit.sources.helpers.hetzner.read_metadata") + @mock.patch("cloudinit.sources.helpers.hetzner.get_metadata") @mock.patch("cloudinit.net.find_fallback_nic") @mock.patch("cloudinit.sources.DataSourceHetzner.get_hcloud_data") def test_not_on_hetzner_returns_false( - self, m_get_hcloud_data, m_find_fallback, m_read_md, ds + self, m_get_hcloud_data, m_find_fallback, m_get_metadata, ds ): """If helper 'get_hcloud_data' returns False, return False from get_data.""" @@ -136,4 +165,4 @@ def test_not_on_hetzner_returns_false( assert not ret # These are a white box attempt to ensure it did not search. assert 0 == m_find_fallback.call_count - assert 0 == m_read_md.call_count + assert 0 == m_get_metadata.call_count