Skip to content

dbus: wait for 'netplan try' to be ready (LP: #1949893)#245

Closed
slyon wants to merge 7 commits intomainfrom
slyon/lp1949893-dbus-try-wait
Closed

dbus: wait for 'netplan try' to be ready (LP: #1949893)#245
slyon wants to merge 7 commits intomainfrom
slyon/lp1949893-dbus-try-wait

Conversation

@slyon
Copy link
Contributor

@slyon slyon commented Nov 24, 2021
edited
Loading

Description

netplan-dbus now waits for the spawned 'netplan try' child to touch the /run/netplan/netplan-try.ready stamp file before it returns the DBus call. If no stamp file is detected within up to 5 sec it hits a timeout and returns an error.

Additionally, this PR places ephemeral netplan configs in /run/netplan/config-XXXXXX, to avoid potential exploits of tmpfiles, like https://lwn.net/Articles/250468/

Checklist

  • Runs make check successfully.
  • Retains 100% code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad. LP#1949893

@codecov-commenter
Copy link

codecov-commenter commented Nov 24, 2021
edited by codecov bot
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.09%. Comparing base (c6ad8e6) to head (5aa371b).
Report is 695 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #245   +/-   ##
=======================================
  Coverage   99.09%   99.09%           
=======================================
  Files          58       58           
  Lines        9913     9977   +64     
=======================================
+ Hits         9823     9887   +64     
  Misses         90       90

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@slyon slyon force-pushed the slyon/lp1949893-dbus-try-wait branch 2 times, most recently from b015bc5 to 99e6190 Compare November 24, 2021 13:35
mvo5
mvo5 approved these changes Nov 24, 2021
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, two nitpicks inside but given the constraints probably the best we can do :) [reading this again I really hope it does not sound negative - it's not meant this way]

@mvo5

This comment has been minimized.

Sign in to view
@slyon slyon force-pushed the slyon/lp1949893-dbus-try-wait branch 2 times, most recently from 8d58917 to cc37ced Compare November 25, 2021 13:57
@slyon
Copy link
Contributor Author

slyon commented Nov 25, 2021

Thank you @mvo5 for your comments! Indeed having a "stamp file" is a much more universal approach. I'm not sure why I didn't think about that earlier... I thought about passing signals from child to parent process (like we do from parent to child currently) and also about passing DBus signal directly from the Python code (but that would probably be overkill as we do not have proper DBus integration with the python code, currently and on the netplan-dbus daemon side it would have led to additional sd-bus interrupts and probably the need for async methods.)

Polling for a file is plain and simple solution.
I adopted your recommendation a bit, primarily by having a global /tmp/netplan-try.ready stamp file. As there can only every be one single netplan try call at a time (as it is touching system system config and (re-)starting services). This way we do not have to shuffle it around with the states and it can also be used in a non-DBus environment.

@slyon slyon force-pushed the slyon/lp1949893-dbus-try-wait branch from cc37ced to 0bbc0d5 Compare November 25, 2021 15:30
mvo5
mvo5 approved these changes Nov 25, 2021
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very nice! I have some comments/nitpicks/suggestions inline that are hopefully useful but nothing that would bock this. Thanks a lot for working on this!

slyon added 5 commits November 26, 2021 15:31
@slyon
test:dbus: some cleanup
6dbe0b4
@slyon
test:utils: add touch() method to MockCmd
7280c9b
@slyon
cli:try: add touch/clear_ready_stamp methods
20488eb
@slyon
dbus: wait for 'netplan try' to be ready
36cc22d 
netplan-dbus now waits for the spawned 'netplan try' child to touch the
/tmp/netplan-try.ready stamp file before it returns the DBus call. If no
stamp file is detected within up to 5sec it hits a timeout and returns an
error.
@slyon
cli:apply: some more time for NM to have all interfaces created
eee9d6b
@slyon slyon force-pushed the slyon/lp1949893-dbus-try-wait branch from 9f27143 to 0cf3e7e Compare November 26, 2021 14:31
@slyon slyon marked this pull request as ready for review November 26, 2021 14:31
@slyon slyon force-pushed the slyon/lp1949893-dbus-try-wait branch from 0cf3e7e to 0bd35a4 Compare November 26, 2021 16:11
@slyon slyon requested a review from mvo5 November 26, 2021 16:22
mvo5
mvo5 approved these changes Nov 26, 2021
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very nice, thank you! One tiny nitpick inline but feel free to ignore :)

@slyon slyon force-pushed the slyon/lp1949893-dbus-try-wait branch from 0bd35a4 to 5aa371b Compare November 26, 2021 16:39
@slyon
Copy link
Contributor Author

slyon commented Nov 26, 2021

Thank you so much @mvo5 for all your input here. I think this is ready for merging \o/

Let me run some more test on it before merging it early next week.

slyon added a commit that referenced this pull request Nov 29, 2021
@slyon
dbus: wait for 'netplan try' to be ready (LP: #1949893) (#245)
e19441c 
netplan-dbus now waits for the spawned 'netplan try' child to touch the /run/netplan/netplan-try.ready stamp file before it returns the DBus call. If no stamp file is detected within up to 5 sec it hits a timeout and returns an error.

Additionally, this PR places ephemeral netplan configs in /run/netplan/config-XXXXXX, to avoid potential exploits of tmpfiles, like https://lwn.net/Articles/250468/

COMMITS:
* test:dbus: some cleanup
* test:utils: add touch() method to MockCmd
* cli:try: add touch/clear_ready_stamp methods
* dbus: wait for 'netplan try' to be ready
netplan-dbus now waits for the spawned 'netplan try' child to touch the
/tmp/netplan-try.ready stamp file before it returns the DBus call. If no
stamp file is detected within up to 5sec it hits a timeout and returns an
error.
* cli:apply: some more time for NM to have all interfaces created
* dbus:cli: move netplan-try.ready stamp file to /run/netplan
to avoid potential expolits of tmpfiles, like https://lwn.net/Articles/250468/
* dbus: move ephemeral netplan config states to /run/netplan
to avoid potential expolits of tmpfiles, like https://lwn.net/Articles/250468/
@slyon
Copy link
Contributor Author

slyon commented Nov 29, 2021

Merged in e19441c

@slyon slyon closed this Nov 29, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mvo5 mvo5 mvo5 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@slyon @codecov-commenter @mvo5