cloud-init 23.4.3 "Error: Cloud config schema errors: network: Additional properties are not allowed ('network' was unexpected)"
lsh-0 opened this issue · comments
Bug report
An upgrade to cloud-init from 23.3.3-0ubuntu0~20.04.1 to 23.4.3-0ubuntu0~20.04.1 now produces the following validation error:
$ cloud-init --version
/usr/bin/cloud-init 23.4.3-0ubuntu0~20.04.1
$ cat /etc/cloud/cloud.cfg.d/10_enable-dhcp-ipv6.cfg
#cloud-config
network:
version: 2
ethernets:
ens5:
dhcp4: true
dhcp6: true
$ cloud-init schema -c /etc/cloud/cloud.cfg.d/10_enable-dhcp-ipv6.cfg
Invalid UNKNOWN_CONFIG_HEADER /etc/cloud/cloud.cfg.d/10_enable-dhcp-ipv6.cfg
Error: Cloud config schema errors: network: Additional properties are not allowed ('network' was unexpected)
Error: Invalid schema: UNKNOWN_CONFIG_HEADERHowever, the network section seems to be valid v2 configuration:
https://cloudinit.readthedocs.io/en/latest/reference/network-config-format-v2.html
Steps to reproduce the problem
See above.
Environment details
- Cloud-init version:
23.4.3-0ubuntu0~20.04.1 - Operating System Distribution: Ubuntu 20.04
- Cloud provider, platform or installer type: Vagrant, AWS EC2
cloud-init logs
Thank you for the bug report and making cloud-init better.
Some minor notes on this bug:
- I see no warnings or errors in your cloud-init log. So, I'm presuming this concern is a post-processing step you are performing to validate configuration provided files to cloud-init to make sure schema looks good?
- Can you please confirm that
sudo cloud-init schema --systemdoes not error in your environment as the--systemparameter will check user-data and network-config against the appropriate schemas. - The network config YAML you provided isn't cloud-init user-data, so it really shouldn't have that declarative header (
#cloud-config). #cloud-config is typically reserved for user-data files. It doesn't break network config processing for cloud-init because any commented lines in network config handling are ignored.line,
Background:
What has changed in cloud-init 23.4.3 is that cloud-init user-data schema validation has gotten more strict to attempt to alert consumers of invalid config keys in #cloud-config user-data files that were previously ignored by more permissive schema validation that would just ignore unknown keys. Your file is actually a network-config file and not a #cloud-config user-data file, so the default --schema-type cloud-config that is being performed is correct in raising that error. The network key is not strictly allowed in user-data files, but it is permitted in network-config files.
The subcommand sudo cloud-init schema --system is an alternative which can automatically differentiate between user-data and network-config provided to a system and alert to any schema errors present in the launched instance.
Note that /etc/cloud/cloud.cfg.d can contain more than just #cloud-config user-data files or parts. It aggregates base config which can potentially include network config (in your case) or other base configuration keys and values beyond just strict #cloud-config user-data keys.
When using the cloud-init schema -c YOUR_FILE for validation, the command makes the default assumption that the file it is looking at is --schema-type cloud-config to represent known user-data schema. Since the file you are processing is actually network config, you'll need to provide the parameter --schema-type network-config to get appropriate network schema validation for this network config file.
That said, the only strict network config schema validation performed in 23.4.3 is for network config version: 1, So running sudo cloud-init schema -c /etc/cloud/cloud.cfg.d/10_enable-dhcp-ipv6.cfg --schema-type network-config against your network version: 2 schema will only tell you:
Skipping network-config schema validation. No network schema for version: 2
In cloud-init v. 24.1, (already present in Ubuntu Noble), any system with netplan installed has the ability to validate network version: 2 schema by using sudo cloud-init schema -c <your_file> --schema-type network-config.
This 24.1 release of cloud-init will also be provided as a stable upstream release back into Ubuntu Focal, Jammy and Mantic and should make it within the next couple of weeks.
Thank you for the detailed reply, it makes perfect sense.
I see no warnings or errors in your cloud-init log. So, I'm presuming this concern is a post-processing step you are performing to validate configuration provided files to cloud-init to make sure schema looks good?
Precisely. I'm trying to migrate a fleet of EC2 VMs to a mixed ipv4+ipv6 environment for a Ubuntu 20.04 AMI after Amazon's move to charge for the automatically assigned ipv4 address. I've been told the newer release of Ubuntu LTS (22.04) works out of the box without this additional configuration step.
Can you please confirm that sudo cloud-init schema --system does not error in your environment as the --system parameter will check user-data and network-config against the appropriate schemas.
Confirmed, that does not error.
The network config YAML you provided isn't cloud-init user-data, so it really shouldn't have that declarative header (#cloud-config). #cloud-config is typically reserved for user-data files. It doesn't break network config processing for cloud-init because any commented lines in network config handling are ignored.line,
Good to know, I'll remove it as misleading.
So running sudo cloud-init schema -c /etc/cloud/cloud.cfg.d/10_enable-dhcp-ipv6.cfg --schema-type network-config against your network version: 2 schema will only tell you:
Skipping network-config schema validation. No network schema for version: 2
Correct, that's what I'm seeing.
It seems like what I need is --system rather than the -c ... approach, at least until 24.1 is released.
Thank you again for the detailed explanation, I'll close this off now.