feat(lxd): add s390x virtio-ports detection for LXD

[blackboxsw]

• I have signed the CLA: https://ubuntu.com/legal/contributors
• I have included a comprehensive commit message using the guide below
• I have added unit tests to cover the new behavior under tests/unittests/
  • Test files should map to source files i.e. a source file cloudinit/example.py should be tested by tests/unittests/test_example.py
  • Run unit tests with tox -e py3
• I have kept the change small, avoiding unnecessary whitespace or non-functional changes.
• I have added a reference to issues that this PR relates to in the PR message (Refs integration: do not LXD bind mount /etc/cloud/cloud.cfg.d #1234, Fixes integration: do not LXD bind mount /etc/cloud/cloud.cfg.d #1234)
• I have updated the documentation with the changed behavior.
  • If the change doesn't change the user interface and is trivial, this step may be skipped.
  • Cloud-config documentation is generated from the jsonschema.
  • Generate docs with tox -e doc.

Proposed Commit Message

feat(lxd): add s390x virtio-ports detection for LXD

Support LXD detection on IBM's s390x architecture using virtio-ports
serial device detection. Add a new detection method which checks
LXD serial devices in /sys/class/virtio-ports/ for both current
(com.canonical.lxd) and legacy (org.linuxcontainers.lxd) names.
Update public LXD datasource documentation for this detection method.

Drop the now unnecessary DMI board name check from ds-identify and
DataSourceLXD because virtio-ports is sufficient for both KVM/QEMU
and s390x.

The following mechinisms for LXD detection are retained:
1. /dev/lxd/sock socket file (primary method)
2. virtio-ports serial device presence if socket is not yet active

Implements: PL073

Additional Context

Test Steps

git checkout upstream/ubuntu/questing -B ubuntu/questing
new_upstream_snapshot -c 5ff9034ffdac4a59a871384c1bd082c2589a1c4e
build-package
sbuild ....
CLOUD_INIT_OS_IMAGE=questing CLOUD_INIT_CLOUD_INIT_SOURCE=cloud-init_25.4~2gdef5afa3-0ubuntu1_all.deb CLOUD_INIT_PLATFORM=lxd_vm .tox/integration-tests/bin/pytest tests/integration_tests/datasources/test_lxd_discovery.py::test_lxd_kvm_datasource_discovery_without_lxd_socket

Merge type

• Squash merge using "Proposed Commit Message"
• Rebase and merge unique commits. Requires commit messages per-commit each referencing the pull request number (#<PR_NUM>)

[blackboxsw]

Additionally, we should add resolute support to pycloudlib per canonical/pycloudlib#494

[holmanb]

Thanks for this @blackboxsw, this is a good start. I left some comments inline, also note that the commit message:

Drop the now unnecessary DMI board name check from ds-identify and
DataSourceLXD because virtio-ports is sufficient in bot KVM/QEMU and
s390x.

The following mechinisms for LXD detection are retained:
1. /dev/lxd/sock socket file (primary method)
2. virtio-ports serial device (KVM/QEMU and new for s390x)

This reads as if s390x is a new platform alternative to QEMU, when in fact it is a different cpu instruction set (like x86_64 or amd64).

[blackboxsw]

Thank you for the review @holmanb. I think I have resolved all comments.

[holmanb]

It looks like we still have a failing ruff check.

[holmanb]

Thanks for the work on this @blackboxsw. See my comments.

[holmanb]

Hey @blackboxsw, I think this is getting closer. See my latest round of comments.

[github-actions]

Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close.

If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging blackboxsw, and he will ensure that someone takes a look soon.

(If the pull request is closed and you would like to continue working on it, please do tag blackboxsw to reopen it.)

[blackboxsw]

Thank you Brett. I believe I have addressed all review comments now.

[holmanb]

Thanks for the changes @blackboxsw. Besides the linter failures it looks like there were also a couple of comments from before that weren't addressed.

[holmanb]

This tests a specific failure mode that occurs when the socket is disabled, which is more of a test of the platform than of cloud-init, isn't it? This doesn't actually "Test DataSourceLXD on KVM detected by ds-identify using virtio-ports."

If the LXD project stopped providing the nocloud device then this test would start to fail unexpectedly due to changes in an external project. Checking for nocloud here could provide a "canary signal" to warn that something is broken on the platform, but the signal getting to the right place would mean work for the developers to look at failing integration tests and doing something about the failure. But if this is known and expected by LXD developers then what is the point?

[blackboxsw]

My comment was maybe misleading here or didn't provide enough relevant context.

I've updated the comment to:

+        # Expect NoCloud because python DataSourceLXD cannot read metadata from
+        # /dev/lxd/sock due to security.devlxd above and falls back to
+        # the nocloud seed files written by _customize_environment.
         cloud_id = client.execute("cloud-id").stdout

[holmanb]

I understand what is happening. I'm saying I don't necessarily think that this is important behavior for us to test. Is the fact that NoCloud is detected when the socket is not available a core feature of cloud-init? Or is this just a failure mode that happens to still resemble success simply because that is how LXD originally exposed the IMDS?

My comment earlier was about the test maintenance burden this kind of test will have introduced if the LXD project later stops providing 2 duplicate datasources. I don't want to have to come back later and rewrite this test when the LXD project decides that they will no longer provide duplicate datasources.

[holmanb]

forget to push?

[blackboxsw]

Thank you for this additional round @holmanb. Getting nearer to the finish line here and avoiding stray test changes that are unrelated to this PR.

[holmanb]

Thanks for the updates @blackboxsw! I think we're getting close. See my comments below.

[holmanb]

I see now that this is documented.

This seems like something that users shouldn't need to do. I would rather we didn't document this behavior unless we have a really good reason to do so.

[holmanb]

These are implementation details of LXD - a user shouldn't need them.

If anywhere, they belong in dev docs, but even then it doesn't seem important.

I would drop and represents all.*$ of this highlighted section (including the bullet list).

[holmanb]

Also seem like implementation details the user shouldn't need.

[holmanb]

Did I just miss adding these tests to the parametrized list?

The structure of these tests is error-prone: it requires modification in multiple places which has a high likelyhood of mistakes. The networking tests are like that too, iirc, but in both cases when I considered refactoring them before it seemed like too much work to be worth it.

Maybe something to point an agent at someday.

[holmanb]

nit: Besides the nesting argument, cognitive load can be reduced if we instead continue if the file doesn't exist. The difference is subtle, but real. Filtering out values with early continues (or in other cases early returns) reduces the range of possible values in scope - so there is less to mentally store in your head. An early continue when the conditions don't match the expected condition ensures that the condition that was checked for has been completely dealt with. Compare two cases:

1. As written:

    if [ -f "${name_file}"]; then
        # do something
    fi
    # The reader knows nothing about the path in $name_file at this point!

2. Filter out unwanted conditions with an early continue:

    if [ ! -f "${name_file}"]; then
        continue
    fi
    # The case where "not a regular file or doesn't exist" has been
    # completely handled at this point. The reader knows that the path in
    # $name_file exists and is a real file for the remainder of the scope. 

Obviously this isn't a hard rule to always follow - but when filtering for a single condition, simply following this rule tends to produce code that is less nested and requires less cognitive load simply because there is less "state" to keep track of.