fix(machined): opennebula: process ETH*_ vars regardless of NETWORK context flag

mcanevet · smira · commit f8a2a9b7a378 · 2026-03-06T19:17:39.000+04:00
The NETWORK=YES context variable is a server-side OpenNebula directive that instructs the OpenNebula server to auto-inject ETH*_ variables into the VM context from the NIC definitions. It is not a guest-side signal. The official OpenNebula guest contextualization scripts (one-apps/context-linux) never read this variable. Their get_context_interfaces() function uses ETH*_MAC key presence as the sole trigger, with no NETWORK=YES check. Gating on NETWORK=YES breaks setups where NETWORK=NO (or absent) is intentional — for example, VMs using ETHER-type address ranges, where setting NETWORK=YES would cause the server to overwrite all manually-specified ETH*_ variables with empty strings (ETHER ARs carry no IP data). Remove the outer NETWORK=YES guard, relying solely on ETH*_MAC key presence (same as the reference implementation). Add a test case with NETWORK=NO to explicitly cover this scenario. Signed-off-by: Mickaël Canévet <mickael.canevet@proton.ch> Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com> (cherry picked from commit ad29417)
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula.go
@@ -57,122 +57,126 @@ func (o *OpenNebula) ParseMetadata(st state.State, oneContextPlain []byte) (*run
 		}
 	}
 
-	if oneContext["NETWORK"] == "YES" {
-		// Iterate through parsed environment variables
-		for key := range oneContext {
-			// Dereference the pointer here
-			if strings.HasPrefix(key, "ETH") && strings.HasSuffix(key, "_MAC") {
-				ifaceName := strings.TrimSuffix(key, "_MAC")
-				ifaceNameLower := strings.ToLower(ifaceName)
-
-				if oneContext[ifaceName+"_METHOD"] == "dhcp" {
-					// Create DHCP4 OperatorSpec entry
-					networkConfig.Operators = append(networkConfig.Operators,
-						network.OperatorSpecSpec{
-							Operator:  network.OperatorDHCP4,
-							LinkName:  ifaceNameLower,
-							RequireUp: true,
-							DHCP4: network.DHCP4OperatorSpec{
-								RouteMetric:         1024,
-								SkipHostnameRequest: true,
-							},
-							ConfigLayer: network.ConfigPlatform,
+	// Iterate through parsed environment variables looking for ETHn_MAC keys.
+	// The presence of ETHn_MAC is the sole trigger for interface configuration,
+	// matching the behavior of the official OpenNebula guest contextualization
+	// scripts (one-apps/context-linux: get_context_interfaces() uses ETH*_MAC
+	// presence exclusively). The NETWORK context variable is a server-side
+	// directive that tells OpenNebula to auto-inject ETH*_ variables from NIC
+	// definitions; it is not a guest-side signal and is never read by the
+	// official scripts.
+	for key := range oneContext {
+		if strings.HasPrefix(key, "ETH") && strings.HasSuffix(key, "_MAC") {
+			ifaceName := strings.TrimSuffix(key, "_MAC")
+			ifaceNameLower := strings.ToLower(ifaceName)
+
+			if oneContext[ifaceName+"_METHOD"] == "dhcp" {
+				// Create DHCP4 OperatorSpec entry
+				networkConfig.Operators = append(networkConfig.Operators,
+					network.OperatorSpecSpec{
+						Operator:  network.OperatorDHCP4,
+						LinkName:  ifaceNameLower,
+						RequireUp: true,
+						DHCP4: network.DHCP4OperatorSpec{
+							RouteMetric:         1024,
+							SkipHostnameRequest: true,
 						},
-					)
+						ConfigLayer: network.ConfigPlatform,
+					},
+				)
+			} else {
+				// Parse IP address and create AddressSpecSpec entry
+				ipPrefix, err := address.IPPrefixFrom(oneContext[ifaceName+"_IP"], oneContext[ifaceName+"_MASK"])
+				if err != nil {
+					return nil, fmt.Errorf("failed to parse IP address: %w", err)
+				}
+
+				networkConfig.Addresses = append(networkConfig.Addresses,
+					network.AddressSpecSpec{
+						Address:         ipPrefix,
+						LinkName:        ifaceNameLower,
+						Family:          nethelpers.FamilyInet4,
+						Scope:           nethelpers.ScopeGlobal,
+						Flags:           nethelpers.AddressFlags(nethelpers.AddressPermanent),
+						AnnounceWithARP: false,
+						ConfigLayer:     network.ConfigPlatform,
+					},
+				)
+
+				var mtu uint32
+
+				if oneContext[ifaceName+"_MTU"] == "" {
+					mtu = 0
 				} else {
-					// Parse IP address and create AddressSpecSpec entry
-					ipPrefix, err := address.IPPrefixFrom(oneContext[ifaceName+"_IP"], oneContext[ifaceName+"_MASK"])
+					var mtu64 uint64
+
+					mtu64, err = strconv.ParseUint(oneContext[ifaceName+"_MTU"], 10, 32)
+					// check if any error happened
 					if err != nil {
-						return nil, fmt.Errorf("failed to parse IP address: %w", err)
+						return nil, fmt.Errorf("failed to parse MTU: %w", err)
 					}
 
-					networkConfig.Addresses = append(networkConfig.Addresses,
-						network.AddressSpecSpec{
-							Address:         ipPrefix,
-							LinkName:        ifaceNameLower,
-							Family:          nethelpers.FamilyInet4,
-							Scope:           nethelpers.ScopeGlobal,
-							Flags:           nethelpers.AddressFlags(nethelpers.AddressPermanent),
-							AnnounceWithARP: false,
-							ConfigLayer:     network.ConfigPlatform,
-						},
-					)
-
-					var mtu uint32
-
-					if oneContext[ifaceName+"_MTU"] == "" {
-						mtu = 0
-					} else {
-						var mtu64 uint64
-
-						mtu64, err = strconv.ParseUint(oneContext[ifaceName+"_MTU"], 10, 32)
-						// check if any error happened
-						if err != nil {
-							return nil, fmt.Errorf("failed to parse MTU: %w", err)
-						}
+					mtu = uint32(mtu64)
+				}
 
-						mtu = uint32(mtu64)
+				// Create LinkSpecSpec entry
+				networkConfig.Links = append(networkConfig.Links,
+					network.LinkSpecSpec{
+						Name:        ifaceNameLower,
+						Logical:     false,
+						Up:          true,
+						MTU:         mtu,
+						Kind:        "",
+						Type:        nethelpers.LinkEther,
+						ParentName:  "",
+						ConfigLayer: network.ConfigPlatform,
+					},
+				)
+
+				if oneContext[ifaceName+"_GATEWAY"] != "" {
+					// Parse gateway address and create RouteSpecSpec entry
+					gateway, err := netip.ParseAddr(oneContext[ifaceName+"_GATEWAY"])
+					if err != nil {
+						return nil, fmt.Errorf("failed to parse gateway ip: %w", err)
 					}
 
-					// Create LinkSpecSpec entry
-					networkConfig.Links = append(networkConfig.Links,
-						network.LinkSpecSpec{
-							Name:        ifaceNameLower,
-							Logical:     false,
-							Up:          true,
-							MTU:         mtu,
-							Kind:        "",
-							Type:        nethelpers.LinkEther,
-							ParentName:  "",
-							ConfigLayer: network.ConfigPlatform,
-						},
-					)
-
-					if oneContext[ifaceName+"_GATEWAY"] != "" {
-						// Parse gateway address and create RouteSpecSpec entry
-						gateway, err := netip.ParseAddr(oneContext[ifaceName+"_GATEWAY"])
-						if err != nil {
-							return nil, fmt.Errorf("failed to parse gateway ip: %w", err)
-						}
-
-						route := network.RouteSpecSpec{
-							ConfigLayer: network.ConfigPlatform,
-							Gateway:     gateway,
-							OutLinkName: ifaceNameLower,
-							Table:       nethelpers.TableMain,
-							Protocol:    nethelpers.ProtocolStatic,
-							Type:        nethelpers.TypeUnicast,
-							Family:      nethelpers.FamilyInet4,
-							Priority:    network.DefaultRouteMetric,
-						}
-
-						route.Normalize()
-
-						networkConfig.Routes = append(networkConfig.Routes, route)
+					route := network.RouteSpecSpec{
+						ConfigLayer: network.ConfigPlatform,
+						Gateway:     gateway,
+						OutLinkName: ifaceNameLower,
+						Table:       nethelpers.TableMain,
+						Protocol:    nethelpers.ProtocolStatic,
+						Type:        nethelpers.TypeUnicast,
+						Family:      nethelpers.FamilyInet4,
+						Priority:    network.DefaultRouteMetric,
 					}
 
-					// Parse DNS servers
-					dnsServers := strings.Fields(oneContext[ifaceName+"_DNS"])
+					route.Normalize()
+
+					networkConfig.Routes = append(networkConfig.Routes, route)
+				}
 
-					var dnsIPs []netip.Addr
+				// Parse DNS servers
+				dnsServers := strings.Fields(oneContext[ifaceName+"_DNS"])
 
-					for _, dnsServer := range dnsServers {
-						ip, err := netip.ParseAddr(dnsServer)
-						if err != nil {
-							return nil, fmt.Errorf("failed to parse DNS server IP: %w", err)
-						}
+				var dnsIPs []netip.Addr
 
-						dnsIPs = append(dnsIPs, ip)
+				for _, dnsServer := range dnsServers {
+					ip, err := netip.ParseAddr(dnsServer)
+					if err != nil {
+						return nil, fmt.Errorf("failed to parse DNS server IP: %w", err)
 					}
 
-					// Create ResolverSpecSpec entry with multiple DNS servers
-					networkConfig.Resolvers = append(networkConfig.Resolvers,
-						network.ResolverSpecSpec{
-							DNSServers:  dnsIPs,
-							ConfigLayer: network.ConfigPlatform,
-						},
-					)
+					dnsIPs = append(dnsIPs, ip)
 				}
+
+				// Create ResolverSpecSpec entry with multiple DNS servers
+				networkConfig.Resolvers = append(networkConfig.Resolvers,
+					network.ResolverSpecSpec{
+						DNSServers:  dnsIPs,
+						ConfigLayer: network.ConfigPlatform,
+					},
+				)
 			}
 		}
 	}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula_test.go b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/opennebula_test.go
@@ -24,6 +24,12 @@ var oneContextPlain []byte
 //go:embed testdata/expected.yaml
 var expectedNetworkConfig string
 
+//go:embed testdata/metadata_no_network_flag.yaml
+var oneContextPlainNoNetworkFlag []byte
+
+//go:embed testdata/expected_no_network_flag.yaml
+var expectedNetworkConfigNoNetworkFlag string
+
 func TestParseMetadata(t *testing.T) {
 	o := &opennebula.OpenNebula{}
 	st := state.WrapCore(namespaced.NewState(inmem.Build))
@@ -37,3 +43,20 @@ func TestParseMetadata(t *testing.T) {
 	t.Log(string(marshaled))
 	assert.Equal(t, expectedNetworkConfig, string(marshaled))
 }
+
+// TestParseMetadataNoNetworkFlag verifies that ETH*_ variables are processed
+// regardless of the NETWORK context variable value. NETWORK=YES is a
+// server-side OpenNebula directive and should not gate guest-side processing.
+func TestParseMetadataNoNetworkFlag(t *testing.T) {
+	o := &opennebula.OpenNebula{}
+	st := state.WrapCore(namespaced.NewState(inmem.Build))
+
+	networkConfig, err := o.ParseMetadata(st, oneContextPlainNoNetworkFlag)
+	require.NoError(t, err)
+
+	marshaled, err := yaml.Marshal(networkConfig)
+	require.NoError(t, err)
+
+	t.Log(string(marshaled))
+	assert.Equal(t, expectedNetworkConfigNoNetworkFlag, string(marshaled))
+}
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/expected_no_network_flag.yaml
@@ -0,0 +1,45 @@
+addresses:
+    - address: 192.168.1.92/24
+      linkName: eth0
+      family: inet4
+      scope: global
+      flags: permanent
+      layer: platform
+links:
+    - name: eth0
+      logical: false
+      up: true
+      mtu: 0
+      kind: ""
+      type: ether
+      layer: platform
+routes:
+    - family: inet4
+      dst: ""
+      src: ""
+      gateway: 192.168.1.1
+      outLinkName: eth0
+      table: main
+      priority: 1024
+      scope: global
+      type: unicast
+      flags: ""
+      protocol: static
+      layer: platform
+hostnames:
+    - hostname: code-server
+      domainname: ""
+      layer: platform
+resolvers:
+    - dnsServers:
+        - 192.168.1.1
+        - 8.8.8.8
+        - 1.1.1.1
+      layer: platform
+timeServers: []
+operators: []
+externalIPs: []
+metadata:
+    platform: opennebula
+    hostname: code-server
+    instanceId: "14"
diff --git a/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/metadata_no_network_flag.yaml b/internal/app/machined/pkg/runtime/v1alpha1/platform/opennebula/testdata/metadata_no_network_flag.yaml
@@ -0,0 +1,30 @@
+# Context variables generated by OpenNebula with NETWORK=NO.
+# ETH*_ variables are manually specified (e.g. for ETHER-type address ranges
+# where NETWORK=YES would cause the server to overwrite them with empty values).
+DISK_ID = "1"
+ETH0_DNS = "192.168.1.1 8.8.8.8 1.1.1.1"
+ETH0_EXTERNAL = ""
+ETH0_GATEWAY = "192.168.1.1"
+ETH0_IP = "192.168.1.92"
+ETH0_IP6 = ""
+ETH0_IP6_GATEWAY = ""
+ETH0_IP6_METHOD = ""
+ETH0_IP6_METRIC = ""
+ETH0_IP6_PREFIX_LENGTH = ""
+ETH0_IP6_ULA = ""
+ETH0_MAC = "02:00:c0:a8:01:5c"
+ETH0_MASK = "255.255.255.0"
+ETH0_METHOD = ""
+ETH0_METRIC = ""
+ETH0_MTU = ""
+ETH0_NETWORK = "192.168.1.0"
+ETH0_SEARCH_DOMAIN = ""
+ETH0_VLAN_ID = "3"
+ETH0_VROUTER_IP = ""
+ETH0_VROUTER_IP6 = ""
+ETH0_VROUTER_MANAGEMENT = ""
+NETWORK = "NO"
+SSH_PUBLIC_KEY = ""
+TARGET = "hda"
+VMID = "14"
+NAME = "code-server"
