2012-11-09 15:09:30 |
Luis Arias |
bug |
|
|
added bug |
2012-11-15 14:43:54 |
James Page |
cloud-init (Ubuntu): status |
New |
Confirmed |
|
2012-11-15 14:43:56 |
James Page |
cloud-init (Ubuntu): importance |
Undecided |
High |
|
2012-11-15 14:48:15 |
James Page |
bug task added |
|
cloud-init |
|
2012-11-16 19:12:52 |
Scott Moser |
cloud-init: status |
New |
Triaged |
|
2012-11-16 19:12:55 |
Scott Moser |
cloud-init: importance |
Undecided |
High |
|
2012-11-16 19:12:58 |
Scott Moser |
cloud-init: milestone |
|
0.7.2 |
|
2012-11-16 19:13:17 |
Scott Moser |
nominated for series |
|
Ubuntu Precise |
|
2012-11-16 19:13:17 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Precise) |
|
2012-11-16 19:13:17 |
Scott Moser |
nominated for series |
|
Ubuntu Quantal |
|
2012-11-16 19:13:17 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Quantal) |
|
2012-11-16 19:13:17 |
Scott Moser |
nominated for series |
|
Ubuntu Raring |
|
2012-11-16 19:13:17 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Raring) |
|
2012-11-16 19:13:29 |
Scott Moser |
cloud-init (Ubuntu Quantal): status |
New |
Triaged |
|
2012-11-16 19:13:31 |
Scott Moser |
cloud-init (Ubuntu Precise): status |
New |
Triaged |
|
2012-11-16 19:13:35 |
Scott Moser |
cloud-init (Ubuntu Precise): importance |
Undecided |
High |
|
2012-11-16 19:13:37 |
Scott Moser |
cloud-init (Ubuntu Quantal): importance |
Undecided |
High |
|
2012-12-02 02:36:56 |
Scott Moser |
description |
Using a cloud-init yaml file adding a certificate like this:
ca-certs:
# If present, the 'trusted' parameter should contain a certificate (or list
# of certificates) to add to the system as trusted CA certificates.
# Pay close attention to the YAML multiline list syntax. The example shown
# here is for a list of multiline certificates.
# - Amazon RDS SSL Certificate (http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem)
trusted:
- |
-----BEGIN CERTIFICATE-----
MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRMw
EQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNSRFMxHDAaBgNVBAMTE2F3cy5h
bWF6b24uY29tL3Jkcy8wHhcNMTAwNDA1MjI0NDMxWhcNMTUwNDA0MjI0NDMxWjB1
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2Vh
dHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEMMAoGA1UECxMDUkRTMRwwGgYDVQQD
ExNhd3MuYW1hem9uLmNvbS9yZHMvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDKhXGU7tizxUR5WaFoMTFcxNxa05PEjZaIOEN5ctkWrqYSRov0/nOMoZjqk8bC
med9vPFoQGD0OTakPs0jVe3wwmR735hyVwmKIPPsGlaBYj1O6llIpZeQVyupNx56
UzqtiLaDzh1KcmfqP3qP2dInzBfJQKjiRudo1FWnpPt33QIDAQABo4HaMIHXMB0G
A1UdDgQWBBT/H3x+cqSkR/ePSIinPtc4yWKe3DCBpwYDVR0jBIGfMIGcgBT/H3x+
cqSkR/ePSIinPtc4yWKe3KF5pHcwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
c2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20x
DDAKBgNVBAsTA1JEUzEcMBoGA1UEAxMTYXdzLmFtYXpvbi5jb20vcmRzL4IJAOd1
tlfiGoEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAvguZy/BDT66x
GfgnJlyQwnFSeVLQm9u/FIvz4huGjbq9dqnD6h/Gm56QPFdyMEyDiZWaqY6V08lY
LTBNb4kcIc9/6pc0/ojKciP5QJRm6OiZ4vgG05nF4fYjhU7WClUx7cxq1fKjNc2J
UCmmYqgiVkAGWRETVo+byOSDZ4swb10=
-----END CERTIFICATE-----
The certificate is added to the /etc/ca-certificates.conf file but there is a blank line between the previous content and the line added by cloud-init. In this situation running update-ca-certificates doesn't take the cloud-init certificates into account. Removing the blank line and running update-ca-certificates again fixes the issue.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cloud-init 0.6.3-0ubuntu1.1
ProcVersionSignature: User Name 3.2.0-31.50-virtual 3.2.28
Uname: Linux 3.2.0-31-virtual x86_64
ApportVersion: 2.0.1-0ubuntu14
Architecture: amd64
Date: Fri Nov 9 15:01:03 2012
Ec2AMI: ami-3d4ff254
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1d
Ec2InstanceType: m1.medium
Ec2Kernel: aki-825ea7eb
Ec2Ramdisk: unavailable
PackageArchitecture: all
ProcEnviron:
TERM=screen
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: cloud-init
UpgradeStatus: No upgrade log present (probably fresh install) |
== Begin SRU Information ==
[Impact]
* a documented feature of cloud-init, for adding ca-certificates does not function as it should. Instead, certificates added in this manner simply are ignored. This is because apparently, a line directly following a blank line in /etc/ca-certificates.conf is ignored.
[Test Case]
- start a cloud instance with no user-data
- add content below to /etc/cloud/cloud.cfg.d/99-local-certs.cfg
- run the ca-certs code through cloud-init single
you will see output from update-ca-certificates indicating no
new certificates were added
$ sudo cloud-init single --name=ca_certs --frequency=always
Cloud-init v. 0.7 running 'single' at Sun, 02 Dec 2012 02:23:21 +0000. Up 2429.68 seconds.
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
# this can be fixed by removing the blank line and re-running
# update-ca-certificates
Also, note that the following has no output:
$ ls -l /usr/lib/ssl/certs/ | grep -i cloud
- edit /etc/ca-certificates.conf, remove cloud-init added entry
$ sed -i '/cloud-init-ca-certs.crt/d'
- upgrade cloud-init, re-run the ca_certs
$ sudo dpkg -i cloud-init_all.deb
$ sudo cloud-init single --name=ca_certs --frequency=always
This time, you will see output containing: "1 added, 0 removed; done."
Also, (trimmed output), you will see:
$ ls -l /usr/lib/ssl/certs/ | grep -i cloud
lrwxrwxrwx b1d2b355.0 -> cloud-init-ca-certs.pem
lrwxrwxrwx cbbf81bb.0 -> cloud-init-ca-certs.pem
lrwxrwxrwx cloud-init-ca-certs.pem -> /usr/share/ca-certificates/cloud-init-ca-certs.crt
[Regression Potential]
* regression potential is low. It could break the ca_certs module further, but the module is not functional as it is. Tracebacks are caught when modules are executed, so there is really no potential for further harm.
== End SRU Information ==
Using a cloud-init yaml file adding a certificate like this:
# BEGIN /etc/cloud/cloud.cfg.d/99-local-certs.cfg
ca-certs:
# If present, the 'trusted' parameter should contain a certificate (or list
# of certificates) to add to the system as trusted CA certificates.
# Pay close attention to the YAML multiline list syntax. The example shown
# here is for a list of multiline certificates.
# - Amazon RDS SSL Certificate (http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem)
trusted:
- |
-----BEGIN CERTIFICATE-----
MIIDQzCCAqygAwIBAgIJAOd1tlfiGoEoMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRMw
EQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNSRFMxHDAaBgNVBAMTE2F3cy5h
bWF6b24uY29tL3Jkcy8wHhcNMTAwNDA1MjI0NDMxWhcNMTUwNDA0MjI0NDMxWjB1
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2Vh
dHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEMMAoGA1UECxMDUkRTMRwwGgYDVQQD
ExNhd3MuYW1hem9uLmNvbS9yZHMvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDKhXGU7tizxUR5WaFoMTFcxNxa05PEjZaIOEN5ctkWrqYSRov0/nOMoZjqk8bC
med9vPFoQGD0OTakPs0jVe3wwmR735hyVwmKIPPsGlaBYj1O6llIpZeQVyupNx56
UzqtiLaDzh1KcmfqP3qP2dInzBfJQKjiRudo1FWnpPt33QIDAQABo4HaMIHXMB0G
A1UdDgQWBBT/H3x+cqSkR/ePSIinPtc4yWKe3DCBpwYDVR0jBIGfMIGcgBT/H3x+
cqSkR/ePSIinPtc4yWKe3KF5pHcwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
c2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20x
DDAKBgNVBAsTA1JEUzEcMBoGA1UEAxMTYXdzLmFtYXpvbi5jb20vcmRzL4IJAOd1
tlfiGoEoMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAvguZy/BDT66x
GfgnJlyQwnFSeVLQm9u/FIvz4huGjbq9dqnD6h/Gm56QPFdyMEyDiZWaqY6V08lY
LTBNb4kcIc9/6pc0/ojKciP5QJRm6OiZ4vgG05nF4fYjhU7WClUx7cxq1fKjNc2J
UCmmYqgiVkAGWRETVo+byOSDZ4swb10=
-----END CERTIFICATE-----
# END /etc/cloud/cloud.cfg.d/99-local-certs.cfg
The certificate is added to the /etc/ca-certificates.conf file but there is a blank line between the previous content and the line added by cloud-init. In this situation running update-ca-certificates doesn't take the cloud-init certificates into account. Removing the blank line and running update-ca-certificates again fixes the issue.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cloud-init 0.6.3-0ubuntu1.1
ProcVersionSignature: User Name 3.2.0-31.50-virtual 3.2.28
Uname: Linux 3.2.0-31-virtual x86_64
ApportVersion: 2.0.1-0ubuntu14
Architecture: amd64
Date: Fri Nov 9 15:01:03 2012
Ec2AMI: ami-3d4ff254
Ec2AMIManifest: (unknown)
Ec2AvailabilityZone: us-east-1d
Ec2InstanceType: m1.medium
Ec2Kernel: aki-825ea7eb
Ec2Ramdisk: unavailable
PackageArchitecture: all
ProcEnviron:
TERM=screen
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: cloud-init
UpgradeStatus: No upgrade log present (probably fresh install) |
|
2012-12-02 02:47:55 |
Launchpad Janitor |
branch linked |
|
lp:cloud-init |
|
2012-12-02 02:48:54 |
Scott Moser |
cloud-init: status |
Triaged |
Fix Committed |
|
2012-12-02 02:48:54 |
Scott Moser |
cloud-init: assignee |
|
Scott Moser (smoser) |
|
2012-12-02 02:59:25 |
Launchpad Janitor |
branch linked |
|
lp:~smoser/ubuntu/quantal/cloud-init/sru |
|
2012-12-02 03:40:27 |
Scott Moser |
cloud-init (Ubuntu Quantal): status |
Triaged |
In Progress |
|
2012-12-02 03:40:31 |
Scott Moser |
cloud-init (Ubuntu Quantal): assignee |
|
Scott Moser (smoser) |
|
2012-12-02 04:19:33 |
todaioan |
cloud-init (Ubuntu Precise): status |
Triaged |
Fix Committed |
|
2012-12-02 04:20:16 |
todaioan |
cloud-init (Ubuntu Quantal): status |
In Progress |
Opinion |
|
2012-12-03 17:13:15 |
Scott Moser |
cloud-init (Ubuntu Quantal): status |
Opinion |
In Progress |
|
2012-12-03 17:13:19 |
Scott Moser |
cloud-init (Ubuntu Precise): status |
Fix Committed |
Triaged |
|
2012-12-04 03:14:15 |
Launchpad Janitor |
cloud-init (Ubuntu Raring): status |
Confirmed |
Fix Released |
|
2012-12-04 03:20:51 |
Scott Moser |
cloud-init (Ubuntu Raring): assignee |
|
Scott Moser (smoser) |
|
2012-12-04 13:28:09 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/cloud-init |
|
2012-12-04 16:00:45 |
todaioan |
cloud-init (Ubuntu Precise): status |
Triaged |
Fix Released |
|
2012-12-04 16:00:45 |
todaioan |
cloud-init (Ubuntu Precise): assignee |
|
todaioan (alan-ar06) |
|
2012-12-04 17:10:54 |
Scott Moser |
cloud-init (Ubuntu Precise): status |
Fix Released |
Triaged |
|
2012-12-13 20:30:13 |
Clint Byrum |
cloud-init (Ubuntu Quantal): status |
In Progress |
Fix Committed |
|
2012-12-13 20:30:15 |
Clint Byrum |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2012-12-13 20:30:20 |
Clint Byrum |
bug |
|
|
added subscriber SRU Verification |
2012-12-13 20:30:28 |
Clint Byrum |
tags |
amd64 apport-bug ec2-images precise |
amd64 apport-bug ec2-images precise verification-needed |
|
2013-01-07 04:13:56 |
Adolfo Jayme Barrientos |
cloud-init (Ubuntu Precise): assignee |
todaioan (alan-ar06) |
|
|
2013-01-09 00:43:20 |
Scott Moser |
tags |
amd64 apport-bug ec2-images precise verification-needed |
amd64 apport-bug ec2-images precise verification-done |
|
2013-01-09 14:31:28 |
Scott Moser |
attachment added |
|
user-data file appropriate for testing https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1077020/+attachment/3478023/+files/my.ud |
|
2013-01-09 14:40:10 |
Scott Moser |
attachment added |
|
slightly simplified version of user-data, should work on precise also https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1077020/+attachment/3478025/+files/my.ud |
|
2013-01-09 15:43:52 |
Launchpad Janitor |
branch linked |
|
lp:~smoser/ubuntu/precise/cloud-init/sru |
|
2013-01-16 14:20:59 |
Colin Watson |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2013-01-16 14:21:09 |
Launchpad Janitor |
cloud-init (Ubuntu Quantal): status |
Fix Committed |
Fix Released |
|
2013-02-19 18:27:41 |
Clint Byrum |
cloud-init (Ubuntu Precise): status |
Triaged |
Fix Committed |
|
2013-02-19 18:27:45 |
Clint Byrum |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2013-02-19 18:27:48 |
Clint Byrum |
tags |
amd64 apport-bug ec2-images precise verification-done |
amd64 apport-bug ec2-images precise |
|
2013-02-19 18:27:50 |
Clint Byrum |
tags |
amd64 apport-bug ec2-images precise |
amd64 apport-bug ec2-images precise verification-needed |
|
2013-02-19 22:10:35 |
Scott Moser |
tags |
amd64 apport-bug ec2-images precise verification-needed |
amd64 apport-bug ec2-images precise verification-done |
|
2013-02-27 02:43:11 |
Launchpad Janitor |
cloud-init (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2013-05-15 19:58:24 |
Scott Moser |
cloud-init: status |
Fix Committed |
Fix Released |
|
2013-05-15 19:58:24 |
Scott Moser |
cloud-init: milestone |
0.7.2 |
|
|
2013-08-28 11:32:39 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/cloud-init/precise-proposed |
|
2013-08-28 11:32:56 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/cloud-init/precise-updates |
|
2013-08-28 11:33:11 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/quantal/cloud-init/quantal-proposed |
|
2023-05-09 22:11:12 |
James Falcon |
bug watch added |
|
https://github.com/canonical/cloud-init/issues/2318 |
|