[pve-devel] [PATCH ifupdown2] fix #5009: avoid waiting for stdout eof of /etc/network/ scripts

[pve-devel] [PATCH ifupdown2] fix #5009: avoid waiting for stdout eof of /etc/network/ scripts

[Friedrich Weber]

Previously, PVE (7 and 8) hosts would hang at boot if both ntpsec and
ntpsec-ntpdate are installed. The root cause for the hang is an
unfortunate interaction between ntpsec, ntpsec-ntpdate and the PVE
ifupdown2 package. The hang happens because ntpsec-ntpdate installs a
hook /etc/network/if-up.d/ntpsec-ntpdate that blocks until networking
is available if ntpsec is installed. Previously, ifupdown2 would wait
for the hook to terminate, so networking would never become available,
resulting in a deadlock. See the bug report [0] for more information.

With this patch, ifupdown2 runs the hook in the background and does
not wait for it to terminate, thus resolving the deadlock.

This patch was already applied upstream [1]. Backport it to make it
available before the next upstream release.

[0] https://bugzilla.proxmox.com/show_bug.cgi?id=5009
[1] https://github.com/CumulusNetworks/ifupdown2/pull/274

Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
---

Notes:
    Tested on PVE 8:
    * installed ntpsec and ntpsec-ntpdate
      reboot without `quiet` -> boot hangs at networking
    * installed patched ifupdown2, ntpsec, ntpsec-ntpdate
      reboot -> boot ok

 debian/patches/series                         |  1 +
 ...waiting-for-stdout-eof-of-etc-networ.patch | 44 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch

diff --git a/debian/patches/series b/debian/patches/series
index 6676c06..557aa7f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch
 upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
 upstream/0001-scheduler-import-traceback.patch
 upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
+upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch 
diff --git a/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch b/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
new file mode 100644
index 0000000..e377e56
--- /dev/null
+++ b/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
@@ -0,0 +1,44 @@
+From 1303d9211d82326f7c55d56db13eed66bb1c6535 Mon Sep 17 00:00:00 2001
+From: Friedrich Weber <f.weber@proxmox.com>
+Date: Tue, 26 Sep 2023 13:33:36 +0200
+Subject: [PATCH] scheduler: avoid waiting for stdout eof of /etc/network/
+ scripts
+
+Scripts in /etc/network/ are executed using `exec_command` which
+captures stdout by default, and thus waits for stdout end-of-file via
+`Popen.communicate()`. However, this can cause hangs if the network
+script executes a long-running command in the background. Can be
+reproduced by putting the following (executable) script in
+/etc/network/if-up.d/:
+
+	#!/bin/sh
+	sleep 5&
+
+This script will cause `ifreload -a` to wait for 5 seconds per network
+interface.
+
+To avoid waiting, do not capture stdout when executing /etc/network/
+scripts. This also improves compatibility with ifupdown, which runs
+the above script in the background.
+
+Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
+---
+ ifupdown2/ifupdown/scheduler.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ifupdown2/ifupdown/scheduler.py b/ifupdown2/ifupdown/scheduler.py
+index fda6ff2..e4d579f 100644
+--- a/ifupdown2/ifupdown/scheduler.py
++++ b/ifupdown2/ifupdown/scheduler.py
+@@ -142,7 +142,7 @@ class ifaceScheduler():
+             for mname in ifupdownobj.script_ops.get(op, []):
+                 ifupdownobj.logger.debug("%s: %s : running script %s" % (ifacename, op, mname))
+                 try:
+-                    utils.exec_command(mname, env=command_env)
++                    utils.exec_command(mname, env=command_env, stdout=False)
+                 except Exception as e:
+                     if "permission denied" in str(e).lower():
+                         ifupdownobj.logger.warning('%s: %s %s' % (ifacename, op, str(e)))
+-- 
+2.39.2
+
-- 
2.39.2

[pve-devel] applied: [PATCH ifupdown2] fix #5009: avoid waiting for stdout eof of /etc/network/ scripts

[Thomas Lamprecht]

On 19/12/2023 10:22, Friedrich Weber wrote:
> Previously, PVE (7 and 8) hosts would hang at boot if both ntpsec and
> ntpsec-ntpdate are installed. The root cause for the hang is an
> unfortunate interaction between ntpsec, ntpsec-ntpdate and the PVE
> ifupdown2 package. The hang happens because ntpsec-ntpdate installs a
> hook /etc/network/if-up.d/ntpsec-ntpdate that blocks until networking
> is available if ntpsec is installed. Previously, ifupdown2 would wait
> for the hook to terminate, so networking would never become available,
> resulting in a deadlock. See the bug report [0] for more information.
> 
> With this patch, ifupdown2 runs the hook in the background and does
> not wait for it to terminate, thus resolving the deadlock.
> 
> This patch was already applied upstream [1]. Backport it to make it
> available before the next upstream release.
> 
> [0] https://bugzilla.proxmox.com/show_bug.cgi?id=5009
> [1] https://github.com/CumulusNetworks/ifupdown2/pull/274
> 
> Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
> ---
> 
> Notes:
>     Tested on PVE 8:
>     * installed ntpsec and ntpsec-ntpdate
>       reboot without `quiet` -> boot hangs at networking
>     * installed patched ifupdown2, ntpsec, ntpsec-ntpdate
>       reboot -> boot ok
> 
>  debian/patches/series                         |  1 +
>  ...waiting-for-stdout-eof-of-etc-networ.patch | 44 +++++++++++++++++++
>  2 files changed, 45 insertions(+)
>  create mode 100644 debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
> 
>

applied, thanks!