Time To SSH Regression
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init (Ubuntu) |
Fix Released
|
Critical
|
Brett Holman | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Lunar |
Fix Released
|
Undecided
|
Unassigned | ||
Mantic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
=== Begin SRU Template ===
[Impact]
In 23.3.1, system unit ordering changes moved the configuration Before=
Leaving this current extended delay to login unresolved also breaks tooling which uses `uvt-kvm wait` which is present in some continuous integration testing.
The fix is to revert https:/
[Test Case]
Launch a daily image and a daily-image with proposed cloud-init and compare the following data points:
- time to SSH: number of retries required to successfully SSH into the VM
- assert presence of console messages about Unprivileged users inability to login on current cloud-init
- assert absence of console messages about Unprivileged users inability to login on -proposed cloud-init 23.3.3
- validate time to ssh by sampling: systemd-analyze critical-chain systemd-
- systemctl show -p Before,After cloud-config.
- systemd-analyze blame: # validate systemd-
test procedure:
RANDOMSEED=
cat <<EOF > meta-data-
instance-id: iid-local01
local-hostname: cloudimg
EOF
PLAIN_TEXT_
ENCRYPTED_
cat <<EOF > user-data-
#cloud-config
ssh_import_id: [chad.smith]
system_info:
default_user:
lock_passwd: false
passwd: ${ENCRYPTED_
ssh_pwauth: true
EOF
cat <<EOF > setup_proposed.sh
#!/bin/bash
mirror=http://
echo deb \$mirror \$(lsb_release -sc)-proposed main | tee /etc/apt/
apt-get update -q
apt-get install -t \$(lsb_release -sc)-proposed -qy cloud-init
EOF
cloud-localds seed-${
wait_for_ssh() {
port=$1
while true; do
sleep 5
if ssh -o "StrictHOstKeyC
echo "got it"
break
else
echo "Awaiting SSH access..."
fi
done
}
cmd(){
port=$1
shift
echo "---- $@ -----"
ssh -o "StrictHOstKeyC
}
for RELEASE in mantic; do
RELEASE_URL=https:/
RELEASE_
if [ ! -f $RELEASE_IMG ]; then
echo $RELEASE_IMG
wget $RELEASE_
fi
echo "Creating a disk backed by the image..."
qemu-img create -f qcow2 -F qcow2 -b $RELEASE_IMG boot-disk-
echo "Launching current cloud-init to confirm expected time to SSH delay"
echo --- expect to see some messages Unprivileged users are not permitted to log in yet ---
qemu-system-x86_64 -enable-kvm -daemonize -drive file=boot-
wait_for_ssh 2222
echo --- assert systemd-
cmd 2222 systemd-analyze critical-chain systemd-
cmd 2222 systemctl show -p Before cloud-config.
echo "Creating a disk backed by the image with cloud-init upgraded to -proposed..."
qemu-img create -f qcow2 -F qcow2 -b $RELEASE_IMG boot-disk-
sudo mount-image-
echo "Upgrading cloud-init from $RELEASE-proposed"
sudo mount-image-
echo --- expect to see NO messages concerning Unprivileged users are not permitted to log in yet ---
qemu-system-x86_64 -enable-kvm -daemonize -drive file=boot-
wait_for_ssh 2223
echo --- assert cloud-init is 23.3.3 based
cmd 2223 cloud-init --version
echo --- assert systemd-
cmd 2223 systemd-analyze critical-chain systemd-
echo --- assert cloud-init.service blocks systemd-
cmd 2223 systemctl show -p Before cloud-init.service
cmd 2223 systemctl show -p Before cloud-init.service | grep systemd-
done
[Regression Potential]
This is a revert to functionality that was working for years. It will regress emulated riscV users per LP: #2013403 as they may be able to see a login prompt that will show up before cloud-config completes and could reject their correct configured password as invalid until the cloud-config.
[Other info]
LP: #2013403
LP: #2039441
[Original Description]
Affected version: 23.3
Commit b3c9b6a7 introduced a dependency on snapd.seeded.
This was discovered while investigating LP: #2039441.
[1] https:/
[2] https:/
Changed in cloud-init (Ubuntu): | |
status: | New → Fix Committed |
description: | updated |
description: | updated |
description: | updated |
Changed in cloud-init (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in cloud-init (Ubuntu Jammy): | |
status: | New → Fix Committed |
Changed in cloud-init (Ubuntu Lunar): | |
status: | New → Fix Committed |
Changed in cloud-init (Ubuntu Mantic): | |
status: | New → Fix Committed |
tags: |
added: verification-done-mantic removed: verification-needed-mantic |
Downstream commit[1] for Ubuntu merged which reverts this change. It will be released as cloud-init version 23.3.2- 0ubuntu0~ 23.10.1.
[1] https:/ /github. com/canonical/ cloud-init/ commit/ 052d898023fbd6f 7d87338e31f6cca 6535cccef7
When cloud-init merges the ability to avoid snap.seeded.service costs in cloud-config. service this change will be re-applied.