From d61fd7c3f3e31c002d46a079c1ca7d8d64f4ce99 Mon Sep 17 00:00:00 2001 From: Drew Malin Date: Fri, 20 Mar 2026 10:49:25 -0700 Subject: [PATCH 1/3] fix(BRE2-876): Add lock timeout in cloudinit for nebius --- v1/providers/nebius/instance.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/v1/providers/nebius/instance.go b/v1/providers/nebius/instance.go index 7b126ff..5a66cff 100644 --- a/v1/providers/nebius/instance.go +++ b/v1/providers/nebius/instance.go @@ -1748,8 +1748,10 @@ func (c *NebiusClient) cleanupOrphanedBootDisks(ctx context.Context, testID stri // generateCloudInitUserData generates a cloud-init user-data script for SSH key injection and firewall configuration // This is inspired by Shadeform's LaunchConfiguration approach but uses cloud-init instead of base64 scripts func generateCloudInitUserData(publicKey string, firewallRules v1.FirewallRules) string { - // Start with cloud-init header + // See: https://docs.cloud-init.io/en/17.2/topics/examples.html#additional-apt-configuration + // The below overrides 'apt_get_command' to include a lock timeout in addition to the default settings script := `#cloud-config +apt_get_command: ["apt-get", "--option=DPkg::Lock::Timeout=600", "--option=Dpkg::Options::=--force-confold", "--option=Dpkg::options::=--force-unsafe-io", "--assume-yes", "--quiet"] packages: - ufw ` From 275732cc091ada1403f06354bd9455108e78a6dd Mon Sep 17 00:00:00 2001 From: Drew Malin Date: Fri, 20 Mar 2026 12:43:36 -0700 Subject: [PATCH 2/3] test other option --- v1/providers/nebius/instance.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/v1/providers/nebius/instance.go b/v1/providers/nebius/instance.go index 5a66cff..c506b7f 100644 --- a/v1/providers/nebius/instance.go +++ b/v1/providers/nebius/instance.go @@ -1748,10 +1748,14 @@ func (c *NebiusClient) cleanupOrphanedBootDisks(ctx context.Context, testID stri // generateCloudInitUserData generates a cloud-init user-data script for SSH key injection and firewall configuration // This is inspired by Shadeform's LaunchConfiguration approach but uses cloud-init instead of base64 scripts func generateCloudInitUserData(publicKey string, firewallRules v1.FirewallRules) string { - // See: https://docs.cloud-init.io/en/17.2/topics/examples.html#additional-apt-configuration - // The below overrides 'apt_get_command' to include a lock timeout in addition to the default settings + // Make apt wait on the dpkg frontend lock (vendor bootstrap / parallel apt). Use apt.conf via the + // documented `apt:` key — cc_apt_configure writes this before package_update_upgrade_install runs, + // so it applies to cloud-init's eatmydata-wrapped apt-get. Top-level apt_get_command is often not + // present in merged config on newer cloud-init (logs show default argv without Lock::Timeout). script := `#cloud-config -apt_get_command: ["apt-get", "--option=DPkg::Lock::Timeout=600", "--option=Dpkg::Options::=--force-confold", "--option=Dpkg::options::=--force-unsafe-io", "--assume-yes", "--quiet"] +apt: + conf: | + DPkg::Lock::Timeout "600"; packages: - ufw ` From 57e46d26555f6af58488917c38b882893d21a6f0 Mon Sep 17 00:00:00 2001 From: Drew Malin Date: Fri, 20 Mar 2026 13:08:26 -0700 Subject: [PATCH 3/3] new strategy --- v1/providers/nebius/instance.go | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/v1/providers/nebius/instance.go b/v1/providers/nebius/instance.go index c506b7f..1d68bdc 100644 --- a/v1/providers/nebius/instance.go +++ b/v1/providers/nebius/instance.go @@ -1748,14 +1748,16 @@ func (c *NebiusClient) cleanupOrphanedBootDisks(ctx context.Context, testID stri // generateCloudInitUserData generates a cloud-init user-data script for SSH key injection and firewall configuration // This is inspired by Shadeform's LaunchConfiguration approach but uses cloud-init instead of base64 scripts func generateCloudInitUserData(publicKey string, firewallRules v1.FirewallRules) string { - // Make apt wait on the dpkg frontend lock (vendor bootstrap / parallel apt). Use apt.conf via the - // documented `apt:` key — cc_apt_configure writes this before package_update_upgrade_install runs, - // so it applies to cloud-init's eatmydata-wrapped apt-get. Top-level apt_get_command is often not - // present in merged config on newer cloud-init (logs show default argv without Lock::Timeout). + // Make apt wait on the dpkg frontend lock (vendor bootstrap / parallel apt). + // apt: conf: {} is silently dropped on this cloud-init version (logs show "handling apt config: {}"). + // write_files runs in the network stage before cc_package_update_upgrade_install, so the apt.conf.d + // file is in place before any apt-get call. script := `#cloud-config -apt: - conf: | - DPkg::Lock::Timeout "600"; +write_files: + - path: /etc/apt/apt.conf.d/99-lock-timeout + content: | + DPkg::Lock::Timeout "600"; + permissions: '0644' packages: - ufw `