[10996] - use 'ip' structured data to safely retrieve default route interface

[mosys0815]

Using ip route structured data allows to query safely the default route interface, no matter the output of the standard 'ip route' output.

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
Here are some useful points:

• In case of a new feature add useful documentation (raise doc PR at https://github.com/apache/cloudstack-documentation)
• Be patient and persistent. It might take some time to get a review or get the final approval from the committers.
• Pay attention to the quality of your code, ensure tests are passing and your PR doesn't have conflicts.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Issues, Mailing list and Slack.
• Be sure to read the CloudStack Coding Conventions.
  Apache CloudStack is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: [email protected] (https://cloudstack.apache.org/mailing-lists.html)
  Slack: https://apachecloudstack.slack.com/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 17.54%. Comparing base (4d46bec) to head (6b9c422).
⚠️ Report is 331 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #11800      +/-   ##
============================================
+ Coverage     16.57%   17.54%   +0.96%     
- Complexity    13987    15467    +1480     
============================================
  Files          5746     5897     +151     
  Lines        510860   527397   +16537     
  Branches      62140    64407    +2267     
============================================
+ Hits          84696    92516    +7820     
- Misses       416690   424486    +7796     
- Partials       9474    10395     +921     

Flag	Coverage Δ
uitests	3.60% <ø> (-0.31%)	⬇️
unittests	18.60% <100.00%> (+1.12%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[weizhouapache]

it worked on ubuntu 24

# /bin/ip -j a | /bin/jq -r '.[] | .addr_info | map(select(.local == "'`/bin/ip -j r s default | /bin/jq -r '.[0] | .prefsrc'`'")) | .[].label'
eth0

however, on RHEL and variants, the path of ip is not /bin/ip

# which ip
/usr/sbin/ip

[mosys0815]

well, until now plain ip is used, i could replace is with just ip, or the script can get the path beforehand, what would you prefer?

[mosys0815]

I changed the script to use short-paths for ipand jq, as like as it was before

[mosys0815]

@weizhouapache anything missing still?

[daviftorres]

Dear @mosys0815,

I agree with the goal of finding a more reliable way to retrieve the interface, but I want to apologize in advance for my straightforward feedback on the proposed solutions:

The approach feels overly complex, which makes it hard to understand and, in my opinion, not an effective way to achieve the goal.

When I tried to run it, it didn’t work due to unescaped characters (as @weizhouapache also mentioned).

Were you able to run the command successfully? If so, could you share your environment or context?

I would prefer updating the PR to use the following instead:

ip route show default | awk '{print $5}'

The following one also accomplish the same goal but I would prefer to use the one above because does not require jq to be installed.

ip -j r s default | jq -r '.[0] | .dev'

Regards,

[daviftorres]

Suggested change

	return Script.runSimpleBashScript("ip -j a | jq -r '.[] | .addr_info | map(select(.local == \"'`ip -j r s default | jq -r '.[0] | .prefsrc'`'\")) | .[].label'");
	return Script.runSimpleBashScript("ip route show default | awk '{print $5}'");

My suggestion.

[weizhouapache]

Suggested change

	return Script.runSimpleBashScript("ip -j a | jq -r '.[] | .addr_info | map(select(.local == \"'`ip -j r s default | jq -r '.[0] | .prefsrc'`'\")) | .[].label'");
	return Script.runSimpleBashScript("ip route show default | awk '{print $5}'");

My suggestion.

agree with it

[weizhouapache]

Suggested change

	return Script.runSimpleBashScript("ip -j a | jq -r '.[] | .addr_info | map(select(.local == \"'`ip -j r s default | jq -r '.[0] | .prefsrc'`'\")) | .[].label'");
	return Script.runSimpleBashScript("ip route show default | awk '{print $5}'");

My suggestion.

agree with it

[mosys0815]

Thanks for your feedback @daviftorres :)

Using json to retrieve structured data makes plain text parsing unnecessary, it does not matter how the text output is formatted and how the content differs in the future.

Tbh i am not quite sure whether jq is available in a minimal installation, but i wouldn't see it as a big deal or security relevant dependency.

For testing purposes you can not just copy the script into your console. I had to escape and quote parts additionally because of the general quoting in Script.runSimpleBashScript. The End result, which you also can see in debug output of management server log looks like:

ip -j a | jq -r '.[] | .addr_info | map(select(.local == "'`ip -j r s default | jq -r '.[0] | .prefsrc'`'")) | .[].label'

To show you the output of your suggestion on our l3 network:

~$ ip route show default
default proto bird src 10.64.16.3 metric 32
	nexthop via inet6 fe80::9e5a:80ff:feaf:b108 dev eth1a weight 1
	nexthop via inet6 fe80::e65e:ccff:fe44:1a08 dev eth1b weight 1
default via 10.64.17.229 dev eth1b proto static src 10.64.17.230 metric 1024 onlink
default via 10.64.16.229 dev eth1a proto static src 10.64.16.230 metric 1024 onlink

~$ ip route show default | awk '{print $5}'
10.64.16.3
dev
dev
eth1b
eth1a

That is nothing different from where I come from, hence proposing my change.
Using json structured data and filtering for "label" in "prefsrc" always gives the correct default outgoing interface.

Your json variant

~$ ip -j r s default | jq -r '.[0] | .dev'
null

unfortunately does not return any interface at all.