Bug 2411780

Summary: nmap-ncat prevents cloud-init from running
Product: [Fedora] Fedora Reporter: Brian Cunnie <brian.cunnie>
Component: cloud-initAssignee: Jeremy Cline <jeremy>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 43CC: dustymabe, gholms, jeremy, lars, mhayden, python-packagers-sig, rominf
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-11-03 19:28:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brian Cunnie 2025-11-01 19:46:59 UTC 
The wrong variant of netcat can derail cloud-init because it doesn't have the expected option "-W".

There are two RPM packages of netcat: netcat (the original) and nmap-ncat (Nmap's Netcat replacement). The latter does not implement the -W flag, which is used by the cloud-init systemd files:

grep -- -W /etc/systemd/system/cloud-init.target.wants/cloud-*
  /etc/systemd/system/cloud-init.target.wants/cloud-config.service:ExecStart=sh -c 'echo "start" | nc -Uu -W1 /run/cloud-init/share/config.sock -s /run/cloud-init/share/config-return.sock | sh'
  /etc/systemd/system/cloud-init.target.wants/cloud-final.service:ExecStart=sh -c 'echo "start" | nc -Uu -W1 /run/cloud-init/share/final.sock -s /run/cloud-init/share/final-return.sock | sh'
  /etc/systemd/system/cloud-init.target.wants/cloud-init-local.service:ExecStart=sh -c 'echo "start" | nc -Uu -W1 /run/cloud-init/share/local.sock -s /run/cloud-init/share/local-return.sock | sh'

When the wrong netcat is selected (e.g. "sudo alternatives --config nc"), then the cloud-init scripts will not run, but will emit an error in the boot log.

From /var/log/boot.log

[    4.893038] sh[1025]: nc: invalid option -- 'W'
[    4.893261] sh[1025]: Ncat: Try `--help' or man(1) ncat for more information, usage options and help. QUITTING.

Reproducible: Always

Steps to Reproduce:
1. Fedora 43:  with nmap-ncat as the default
   sudo alternatives --config nc
   choose "/usr/bin/ncat"
2. sudo systemctl restart cloud-config
2. sudo journalctl -xeu cloud-config
   nc: invalid option -- 'W'

Actual Results:
The VM that's deployed using cloud-init doesn't have any customizations, not even network addresses.

Expected Results:
A properly configured VM with cloud-init customizations.

Additional Information:
The default Fedora 43 Server install includes both variants of netcat, and unfortunately defaults to the one that breaks cloud-init.
Comment 1 Jeremy Cline 2025-11-03 19:28:57 UTC 
Hi Brian,

This should actually work in Rawhide Server images (and so also in Fedora 44 when it arrives) due to https://github.com/canonical/cloud-init/pull/6339. Unfortunately the ship has sailed for Fedora 43 Server images since they aren't refreshed after release. I do know cloud-init does work in the Fedora Cloud images since that's where all the testing happens, so you can use those for your Fedora 43 VMs.
Comment 2 Brian Cunnie 2025-11-03 19:52:39 UTC 
Nice work, Jeremy! Thanks.