Firecracker Metadata Service + NoCloud source - API TOKEN required with MMDS v2 (v1 deprecated)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Undecided
|
Unassigned |
Bug Description
Hello,
I noticed the Firecracker 1.1.0 hypervisor announced MMDS v1 deprecation in favor of MMDS v2 (https:/
The MMDS v2 is a a session-oriented and request to get and use API_TOKEN like EC2 Metadata service IMDSv2.
Cloud-init can be used with firecracker medatada service using NoCloud data source as is described in https:/
Can you please implement API_TOKEN feature into NoCloud data source?
Many thanks,
Hi Jaroslav Pulchart,
Thanks for bringing this to our attention!
NoCloud is a fairly generic datasource implementation in cloud-init, which is why it "just works" for many different scenarios.
I agree that we should add support for v2, but I don't think that "implementing API_TOKEN feature into NoCloud data source" is the best approach (I'm happy to be proven otherwise). This would make the otherwise generic datasource implementation specific to firecracker. Personally, I think it's far more likely that modeling a new datasource off of the Ec2 IMDS (which currently uses a session token model) would be more appropriate for MMDSv2.
Thoughts?
Do you know the expected release timeline of v2.0.0? And if anybody is interested in contributing to help make this happen? The best docs I've seen so far around MMDSv2 are here[1]. Are you aware of any other documentation for implementation details that could help with implementation?
Thanks again for the report!
[1] https:/ /github. com/firecracker -microvm/ firecracker/ blob/main/ docs/mmds/ mmds-user- guide.md