From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 6057B1FF3A7
	for <inbox@lore.proxmox.com>; Fri, 28 Jun 2024 16:35:39 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 9DFEA2E35;
	Fri, 28 Jun 2024 16:35:50 +0200 (CEST)
Message-ID: <cd2e1d38-1cf5-4abd-81af-84f274e717b5@proxmox.com>
Date: Fri, 28 Jun 2024 16:35:46 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Stefan Hanreich <s.hanreich@proxmox.com>
References: <20240627150132.265982-1-s.hanreich@proxmox.com>
Content-Language: en-US
From: Friedrich Weber <f.weber@proxmox.com>
In-Reply-To: <20240627150132.265982-1-s.hanreich@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.028 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH ifupdown2 1/1] fix #5197: do not run scripts
 ending with .dpkg-{old, new, tmp, dist}
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On 27/06/2024 17:01, Stefan Hanreich wrote:
> This can lead to issue when upgrading from ifupdown to ifupdown2. The
> particular issue this fixes occurs in the following scenario:
> 
> * Suppose there is a legacy Debian host with ifupdown and ifenslave
>   installed that has a bond configured in /etc/network/interfaces.
> * ifenslave installs a script /etc/network/if-pre-up.d/ifenslave.
> * Now, an upgrade creates a second script
>   /etc/network/if-pre-up.d/ifenslave.dpkg-new. As ifupdown executes
>   network scripts via run-parts which ignores scripts with . in their
>   name, ifenslave.dpkg-new has no effect.
> * If the host switches over to ifupdown2 by installing it (removing
>   ifupdown, keeping ifenslave) and reboots, the network will not come
>   up:
>   /etc/network/if-pre-up.d/ifenslave still exists, but is ignored
>   by ifupdown2's bond addon [1]
>   /etc/network/if-pre-up.d/ifenslave.dpkg-new is executed by ifupdown2
>   because it executes all scripts in /etc/network/if-pre-up.d, even if
>   their name contains a dot
> 
> This leads to ifreload failing on upgrades, which in turn causes
> issues with the networking of upgraded hosts.

Thanks for tackling this! Consider this

Tested-by: Friedrich Weber <f.weber@proxmox.com>

I tested the following:

- Set up a PVE8 VM with an active-backup bond, from /etc/network/interfaces:

> auto bond0
> iface bond0 inet manual
> 	bond-slaves ens18 ens19
> 	bond-miimon 100
> 	bond-mode active-backup
> 
> auto vmbr0
> iface vmbr0 inet static
> 	address 10.1.1.122/16
> 	gateway 10.1.1.1
> 	bridge-ports bond0
> 	bridge-stp off
> 	bridge-fd 0

- Install ifupdown and ifenslave
- Manually create a .dpkg-new:

>  cp /etc/network/if-pre-up.d/ifenslave /etc/network/if-pre-up.d/ifenslave.dpkg-new

- Reboot -- network comes up fine.
- Install latest packaged ifupdown2:

> apt install ifupdown2=3.2.0-1+pmx8

- Network is already lost during install
- Reboot -- network does not come up, bond0 and vmbr0 report NO-CARRIER
- Install ifupdown2 with this patch applied
- Reboot -- network comes up fine
- Running `execsnoop -l network & sleep 3; ifreload -a` confirms
ifenslave.dpkg-new is never executed (ifenslave is never executed by
ifupdown2, see the pull request linked by Stefan)


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel