fix #5009: avoid waiting for stdout eof of /etc/network/ scripts

Previously, PVE (7 and 8) hosts would hang at boot if both ntpsec and ntpsec-ntpdate are installed. The root cause for the hang is an unfortunate interaction between ntpsec, ntpsec-ntpdate and the PVE ifupdown2 package. The hang happens because ntpsec-ntpdate installs a hook /etc/network/if-up.d/ntpsec-ntpdate that blocks until networking is available if ntpsec is installed. Previously, ifupdown2 would wait for the hook to terminate, so networking would never become available, resulting in a deadlock. See the bug report [0] for more information. With this patch, ifupdown2 runs the hook in the background and does not wait for it to terminate, thus resolving the deadlock. This patch was already applied upstream [1]. Backport it to make it available before the next upstream release. [0] https://bugzilla.proxmox.com/show_bug.cgi?id=5009 [1] https://github.com/CumulusNetworks/ifupdown2/pull/274 Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
2025-04-28 12:58:21 +00:00 · 2023-12-19 10:22:27 +01:00 · 2023-12-19 10:22:27 +01:00 · 1997a5a6d7
commit 1997a5a6d7
parent e6835fd11d
2 changed files with 45 additions and 0 deletions
--- a/debian/patches/series
+++ b/debian/patches/series
@ -11,3 +11,4 @@ upstream/0001-add-ipv6-slaac-support-inet6-auto-accept_ra.patch
 upstream/0001-addons-ethtool-add-rx-vlan-filter.patch
 upstream/0001-scheduler-import-traceback.patch
 upstream/0001-addons-vxlan-fix-compare-between-remote-ips-and-old_.patch
+upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch 
--- a/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
+++ b/debian/patches/upstream/0001-scheduler-avoid-waiting-for-stdout-eof-of-etc-networ.patch
@ -0,0 +1,44 @@
+From 1303d9211d82326f7c55d56db13eed66bb1c6535 Mon Sep 17 00:00:00 2001
+From: Friedrich Weber <f.weber@proxmox.com>
+Date: Tue, 26 Sep 2023 13:33:36 +0200
+Subject: [PATCH] scheduler: avoid waiting for stdout eof of /etc/network/
+ scripts
+
+Scripts in /etc/network/ are executed using `exec_command` which
+captures stdout by default, and thus waits for stdout end-of-file via
+`Popen.communicate()`. However, this can cause hangs if the network
+script executes a long-running command in the background. Can be
+reproduced by putting the following (executable) script in
+/etc/network/if-up.d/:
+
+	#!/bin/sh
+	sleep 5&
+
+This script will cause `ifreload -a` to wait for 5 seconds per network
+interface.
+
+To avoid waiting, do not capture stdout when executing /etc/network/
+scripts. This also improves compatibility with ifupdown, which runs
+the above script in the background.
+
+Signed-off-by: Friedrich Weber <f.weber@proxmox.com>
+---
+ ifupdown2/ifupdown/scheduler.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ifupdown2/ifupdown/scheduler.py b/ifupdown2/ifupdown/scheduler.py
+index fda6ff2..e4d579f 100644
+--- a/ifupdown2/ifupdown/scheduler.py
+++ b/ifupdown2/ifupdown/scheduler.py
+@@ -142,7 +142,7 @@ class ifaceScheduler():
+             for mname in ifupdownobj.script_ops.get(op, []):
+                 ifupdownobj.logger.debug("%s: %s : running script %s" % (ifacename, op, mname))
+                 try:
+-                    utils.exec_command(mname, env=command_env)
+                    utils.exec_command(mname, env=command_env, stdout=False)
+                 except Exception as e:
+                     if "permission denied" in str(e).lower():
+                         ifupdownobj.logger.warning('%s: %s %s' % (ifacename, op, str(e)))
+-- 
+2.39.2
+