Alert user of Ec2 Datasource on lookalike cloud
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Scott Moser | ||
cloud-init (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned | ||
Yakkety |
Fix Released
|
Medium
|
Unassigned |
Bug Description
=== Begin SRU Template ===
[Impact]
Opportunistic polling of the Ec2 Metadata service, which lives at
169.254.169.254 can be problematic for numerous reasons including timeouts.
In this first phase of SRU, the code that has been added will be set to
a warn-only mode.
In 16.04, if cloud-init finds it is using a EC2 Metadata Service but
not running on Amazon AWS, it will warn the user.
In 16.10, it will warn the user and sleep 10 seconds to increase the
likelyhood of being noticed.
[Test Case]
a.) check warnings are seen on openstack configured to use ec2
- launch instance on openstack (it will use OpenStack MD)
- enable proposed upgrade
- rm -Rf /var/lib/cloud /var/log/
- dpkg-reconfigure cloud-init
# select 'Ec2' and 'None' only
- sudo reboot
- ssh in. you should see a warning.
The warning instructs you to silence the warning by putting
the following in /etc/cloud/
| datasource:
| Ec2:
| strict_id: false
- rm -Rf /var/lib/cloud/ /var/log/cloud*
- reboot
- ssh in. you should not see a warning.
[Regression Potential]
There is real regression potential here. That is why we have announced
this fairly widely and also are putting this into place with warnings
only first.
After some time is passed, further SRUs will put more strict behavior
in place.
[Other Info]
We've announced this fairly widely on mailing lists
https:/
=== End SRU Template ===
Many cloud providers mimic the EC2 Metadata service [1] in order to
provide a level of EC2 compatibility for images. This is quite useful and
allows image portability.
Because this is a network based metadata service, cloud-init
opportunistically poll an IPv4 link local address (http://
to determine if there is metadata available. That can have negative side
affects such as timeouts.
AWS has recently begun providing a way for instances to determine if they
are running on EC2 [2].
Cloud-init will change its behavior to attempt to find the EC2 metadata
service only if it has determined itself to be running on EC2 or another
known cloud provider which provides an EC2 metadata service.
For more information, please see:
https:/
--
[1] http://
[2] http://
Changed in cloud-init: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
status: | Confirmed → In Progress |
assignee: | nobody → Scott Moser (smoser) |
description: | updated |
tags: | added: dsid |
Changed in cloud-init: | |
status: | In Progress → Fix Committed |
Changed in cloud-init (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → Medium |
Changed in cloud-init (Ubuntu Xenial): | |
status: | New → Confirmed |
Changed in cloud-init (Ubuntu Yakkety): | |
status: | New → Confirmed |
Changed in cloud-init (Ubuntu Xenial): | |
importance: | Undecided → Medium |
Changed in cloud-init (Ubuntu Yakkety): | |
importance: | Undecided → Medium |
description: | updated |
description: | updated |
Hello Scott, or anyone else affected,
Accepted cloud-init into xenial-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ cloud-init/ 0.7.9-48- g1c795b9- 0ubuntu1~ 16.04.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!