Add "install hotplug" module (SC-476) (#1069)

This commit removes automatically installing udev rules for hotplug
and adds a module to install them instead.

Automatically including the udev rules and checking if hotplug was
enabled consumed too many resources in certain circumstances. Moving the
rules to a module ensures we don't spend extra extra cycles on hotplug
if hotplug functionality isn't desired.

LP: #1946003

3 files changed, 193 insertions, 43 deletions

diff --git a/cloudinit/cmd/devel/hotplug_hook.py b/cloudinit/cmd/devel/hotplug_hook.py
index d4f0547e..f6f36a00 100644
--- a/cloudinit/cmd/devel/hotplug_hook.py
+++ b/cloudinit/cmd/devel/hotplug_hook.py
@@ -8,6 +8,7 @@ import time
 
 from cloudinit import log
 from cloudinit import reporting
+from cloudinit import stages
 from cloudinit.event import EventScope, EventType
 from cloudinit.net import activators, read_sys_net_safe
 from cloudinit.net.network_state import parse_net_config_data
@@ -164,7 +165,9 @@ def is_enabled(hotplug_init, subsystem):
                 subsystem)
         ) from e
 
-    return hotplug_init.update_event_enabled(
+    return stages.update_event_enabled(
+        datasource=hotplug_init.datasource,
+        cfg=hotplug_init.cfg,
         event_source_type=EventType.HOTPLUG,
         scope=scope
     )
diff --git a/cloudinit/config/cc_install_hotplug.py b/cloudinit/config/cc_install_hotplug.py
new file mode 100644
index 00000000..d6b2a2df
--- /dev/null
+++ b/cloudinit/config/cc_install_hotplug.py
@@ -0,0 +1,136 @@
+# This file is part of cloud-init. See LICENSE file for license information.
+"""Install hotplug udev rules if supported and enabled"""
+import os
+from textwrap import dedent
+
+from cloudinit import util
+from cloudinit import subp
+from cloudinit import stages
+from cloudinit.config.schema import get_schema_doc, validate_cloudconfig_schema
+from cloudinit.distros import ALL_DISTROS
+from cloudinit.event import EventType, EventScope
+from cloudinit.settings import PER_INSTANCE
+
+
+frequency = PER_INSTANCE
+distros = [ALL_DISTROS]
+
+schema = {
+    "id": "cc_install_hotplug",
+    "name": "Install Hotplug",
+    "title": "Install hotplug if supported and enabled",
+    "description": dedent("""\
+        This module will install the udev rules to enable hotplug if
+        supported by the datasource and enabled in the userdata. The udev
+        rules will be installed as
+        ``/etc/udev/rules.d/10-cloud-init-hook-hotplug.rules``.
+
+        When hotplug is enabled, newly added network devices will be added
+        to the system by cloud-init. After udev detects the event,
+        cloud-init will referesh the instance metadata from the datasource,
+        detect the device in the updated metadata, then apply the updated
+        network configuration.
+
+        Currently supported datasources: Openstack, EC2
+    """),
+    "distros": distros,
+    "examples": [
+        dedent("""\
+            # Enable hotplug of network devices
+            updates:
+              network:
+                when: ["hotplug"]
+        """),
+        dedent("""\
+            # Enable network hotplug alongside boot event
+            updates:
+              network:
+                when: ["boot", "hotplug"]
+        """),
+    ],
+    "frequency": frequency,
+    "type": "object",
+    "properties": {
+        "updates": {
+            "type": "object",
+            "additionalProperties": False,
+            "properties": {
+                "network": {
+                    "type": "object",
+                    "required": ["when"],
+                    "additionalProperties": False,
+                    "properties": {
+                        "when": {
+                            "type": "array",
+                            "additionalProperties": False,
+                            "items": {
+                                "type": "string",
+                                "additionalProperties": False,
+                                "enum": [
+                                    "boot-new-instance",
+                                    "boot-legacy",
+                                    "boot",
+                                    "hotplug",
+                                ]
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
+__doc__ = get_schema_doc(schema)
+
+
+HOTPLUG_UDEV_PATH = "/etc/udev/rules.d/10-cloud-init-hook-hotplug.rules"
+HOTPLUG_UDEV_RULES = """\
+# Installed by cloud-init due to network hotplug userdata
+ACTION!="add|remove", GOTO="cloudinit_end"
+LABEL="cloudinit_hook"
+SUBSYSTEM=="net", RUN+="/usr/lib/cloud-init/hook-hotplug"
+LABEL="cloudinit_end"
+"""
+
+
+def handle(_name, cfg, cloud, log, _args):
+    validate_cloudconfig_schema(cfg, schema)
+    network_hotplug_enabled = (
+        'updates' in cfg and
+        'network' in cfg['updates'] and
+        'when' in cfg['updates']['network'] and
+        'hotplug' in cfg['updates']['network']['when']
+    )
+    hotplug_supported = EventType.HOTPLUG in (
+        cloud.datasource.get_supported_events(
+            [EventType.HOTPLUG]).get(EventScope.NETWORK, set())
+    )
+    hotplug_enabled = stages.update_event_enabled(
+        datasource=cloud.datasource,
+        cfg=cfg,
+        event_source_type=EventType.HOTPLUG,
+        scope=EventScope.NETWORK,
+    )
+    if not (hotplug_supported and hotplug_enabled):
+        if os.path.exists(HOTPLUG_UDEV_PATH):
+            log.debug("Uninstalling hotplug, not enabled")
+            util.del_file(HOTPLUG_UDEV_PATH)
+            subp.subp(["udevadm", "control", "--reload-rules"])
+        elif network_hotplug_enabled:
+            log.warning(
+                "Hotplug is unsupported by current datasource. "
+                "Udev rules will NOT be installed."
+            )
+        else:
+            log.debug("Skipping hotplug install, not enabled")
+        return
+    if not subp.which("udevadm"):
+        log.debug("Skipping hotplug install, udevadm not found")
+        return
+
+    util.write_file(
+        filename=HOTPLUG_UDEV_PATH,
+        content=HOTPLUG_UDEV_RULES,
+    )
+    subp.subp(["udevadm", "control", "--reload-rules"])
diff --git a/cloudinit/stages.py b/cloudinit/stages.py
index 80aa9f5e..731b2982 100644
--- a/cloudinit/stages.py
+++ b/cloudinit/stages.py
@@ -49,6 +49,54 @@ NULL_DATA_SOURCE = None
 NO_PREVIOUS_INSTANCE_ID = "NO_PREVIOUS_INSTANCE_ID"
 
 
+def update_event_enabled(
+    datasource: sources.DataSource,
+    cfg: dict,
+    event_source_type: EventType,
+    scope: EventScope = None
+) -> bool:
+    """Determine if a particular EventType is enabled.
+
+    For the `event_source_type` passed in, check whether this EventType
+    is enabled in the `updates` section of the userdata. If `updates`
+    is not enabled in userdata, check if defined as one of the
+    `default_events` on the datasource. `scope` may be used to
+    narrow the check to a particular `EventScope`.
+
+    Note that on first boot, userdata may NOT be available yet. In this
+    case, we only have the data source's `default_update_events`,
+    so an event that should be enabled in userdata may be denied.
+    """
+    default_events = datasource.default_update_events  # type: Dict[EventScope, Set[EventType]]    # noqa: E501
+    user_events = userdata_to_events(cfg.get('updates', {}))  # type: Dict[EventScope, Set[EventType]]  # noqa: E501
+    # A value in the first will override a value in the second
+    allowed = util.mergemanydict([
+        copy.deepcopy(user_events),
+        copy.deepcopy(default_events),
+    ])
+    LOG.debug('Allowed events: %s', allowed)
+
+    if not scope:
+        scopes = allowed.keys()
+    else:
+        scopes = [scope]
+    scope_values = [s.value for s in scopes]
+
+    for evt_scope in scopes:
+        if event_source_type in allowed.get(evt_scope, []):
+            LOG.debug(
+                'Event Allowed: scope=%s EventType=%s',
+                evt_scope.value, event_source_type
+            )
+            return True
+
+    LOG.debug(
+        'Event Denied: scopes=%s EventType=%s',
+        scope_values, event_source_type
+    )
+    return False
+
+
 class Init(object):
     def __init__(self, ds_deps=None, reporter=None):
         if ds_deps is not None:
@@ -715,46 +763,6 @@ class Init(object):
         return (self.distro.generate_fallback_config(),
                 NetworkConfigSource.fallback)
 
-    def update_event_enabled(
-        self, event_source_type: EventType, scope: EventScope = None
-    ) -> bool:
-        """Determine if a particular EventType is enabled.
-
-        For the `event_source_type` passed in, check whether this EventType
-        is enabled in the `updates` section of the userdata. If `updates`
-        is not enabled in userdata, check if defined as one of the
-        `default_events` on the datasource. `scope` may be used to
-        narrow the check to a particular `EventScope`.
-
-        Note that on first boot, userdata may NOT be available yet. In this
-        case, we only have the data source's `default_update_events`,
-        so an event that should be enabled in userdata may be denied.
-        """
-        default_events = self.datasource.default_update_events  # type: Dict[EventScope, Set[EventType]]    # noqa: E501
-        user_events = userdata_to_events(self.cfg.get('updates', {}))  # type: Dict[EventScope, Set[EventType]]  # noqa: E501
-        # A value in the first will override a value in the second
-        allowed = util.mergemanydict([
-            copy.deepcopy(user_events),
-            copy.deepcopy(default_events),
-        ])
-        LOG.debug('Allowed events: %s', allowed)
-
-        if not scope:
-            scopes = allowed.keys()
-        else:
-            scopes = [scope]
-        scope_values = [s.value for s in scopes]
-
-        for evt_scope in scopes:
-            if event_source_type in allowed.get(evt_scope, []):
-                LOG.debug('Event Allowed: scope=%s EventType=%s',
-                          evt_scope.value, event_source_type)
-                return True
-
-        LOG.debug('Event Denied: scopes=%s EventType=%s',
-                  scope_values, event_source_type)
-        return False
-
     def _apply_netcfg_names(self, netcfg):
         try:
             LOG.debug("applying net config names for %s", netcfg)
@@ -784,8 +792,11 @@ class Init(object):
             return
 
         def event_enabled_and_metadata_updated(event_type):
-            return self.update_event_enabled(
-                event_type, scope=EventScope.NETWORK
+            return update_event_enabled(
+                datasource=self.datasource,
+                cfg=self.cfg,
+                event_source_type=event_type,
+                scope=EventScope.NETWORK
             ) and self.datasource.update_metadata_if_supported([event_type])
 
         def should_run_on_boot_event():