In 22.2 cloud-init fails when phone-home module does not have "tries" parameter

We ran into the exact same issue.

All our VM creations suddenly starts failing yesterday, which was a bit surprising because that's why we were using LTS in the first place ;)

Adding the "tries" parameter to phone_home fixed the issue immediately.

Upstream PR in flight on this, we expect a quick SRU release to fix this:
https://github.com/canonical/cloud-init/pull/1500

Upstream commit landed that will address this issue
https://github.com/canonical/cloud-init/commit/a2e6273872c2cafa73530e6c73178c2ebfc2beba

cloud-init version 22.2-30 has been uploaded to Ubuntu 22.10 Kinetic.

We plan to queue uploads of cloud-init with this specific fix into Ubuntu 18.04. 20.04, 21.10 and 22.04. These fixes should updated cloudimages within a week.

Hello Schmidt, or anyone else affected,

Accepted cloud-init into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~22.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Schmidt, or anyone else affected,

Accepted cloud-init into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~21.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Schmidt, or anyone else affected,

Accepted cloud-init into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~20.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello Schmidt, or anyone else affected,

Accepted cloud-init into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Created an ad hoc "test" that works with the cloud-init integration testing framework. This test uses the userdata from the bug description and then prints out the relevant section of the logs. The test file and test output are included in the attached tarball.

Note that tracebacks are seen in the logs, but both are expected. The type conversion traceback was the standard behavior before this bug was introduced, but module execution then continues. The web request traceback happens because the address isn't resolvable.

Hi!

Tested by enabling proposed repositories.
Everything works as expected even with the "tries" parameter missing.
Thanks for the quick response.

Br:
Zsolt

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~22.04.2

---------------
cloud-init (22.2-0ubuntu1~22.04.2) jammy; urgency=medium

  * cherry-pick a2e62738: Fix cc_phone_home requiring 'tries' (#1500)
    (LP: #1977952)

 -- James Falcon <email address hidden> Thu, 09 Jun 2022 16:25:29 -0500

The verification of the Stable Release Update for cloud-init has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~21.10.2

---------------
cloud-init (22.2-0ubuntu1~21.10.2) impish; urgency=medium

  * cherry-pick a2e62738: Fix cc_phone_home requiring 'tries' (#1500)
    (LP: #1977952)

 -- James Falcon <email address hidden> Thu, 09 Jun 2022 16:48:01 -0500

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~20.04.2

---------------
cloud-init (22.2-0ubuntu1~20.04.2) focal; urgency=medium

  * cherry-pick a2e62738: Fix cc_phone_home requiring 'tries' (#1500)
    (LP: #1977952)

 -- James Falcon <email address hidden> Thu, 09 Jun 2022 16:53:07 -0500

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~18.04.2

---------------
cloud-init (22.2-0ubuntu1~18.04.2) bionic; urgency=medium

  * cherry-pick a2e62738: Fix cc_phone_home requiring 'tries' (#1500)
    (LP: #1977952)

 -- James Falcon <email address hidden> Thu, 09 Jun 2022 16:56:33 -0500

This bug was fixed in the package cloud-init - 22.2-64-g1fcd55d6-0ubuntu1~22.10.1

---------------
cloud-init (22.2-64-g1fcd55d6-0ubuntu1~22.10.1) kinetic; urgency=medium

  * d/control: add python3-debconf as Depends and Build-Depends
  * d/gbp.conf d/gbp_format_changelog:
    + git-buildpackage customization for debian/changelog generation
  * New upstream snapshot.
    + tests: mock dns lookup that causes long timeouts (#1555)
    + tox: add unpinned env for do_format and check_format (#1554)
    + cc_ssh_import_id: Substitute deprecated warn (#1553)
      [Alberto Contreras]
    + Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
    + Update WebHookHandler to run as background thread (SC-456) (#1491)
      (LP: #1910552)
    + testing: Don't run custom cloud dir test on Bionic (#1542)
    + bash completion: update schema command (#1543) (LP: #1979547)
    + CI: add non-blocking run against the linters tip versions (#1531)
      [Paride Legovini]
    + Change groups within the users schema to support lists and strings
      (#1545) [RedKrieg]
    + make it clear which username should go in the contributing doc (#1546)
    + Pin setuptools for Travis (SC-1136) (#1540)
    + Fix LXD datasource crawl when BOOT enabled (#1537)
    + testing: Fix wrong path in dual stack test (#1538)
    + cloud-config: honor cloud_dir setting (#1523) (LP: #1976564)
      [Alberto Contreras]
    + Add python3-debconf to pkg-deps.json Build-Depends (#1535)
      [Alberto Contreras]
    + redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
      (#1536)
    + tests/azure: add test coverage for DisableSshPasswordAuthentication
      (#1534) [Chris Patterson]
    + summary: Add david-caro to the cla signers (#1527) [David Caro]
    + Add support for OpenMandriva (https://openmandriva.org/) (#1520)
      [Bernhard Rosenkraenzer]
    + tests/azure: refactor ovf creation (#1533) [Chris Patterson]
    + Improve DataSourceOVF error reporting when script disabled (#1525)
      [rong]
    + tox: integration-tests-jenkins: softfail if only some test failed
      (#1528) [Paride Legovini]
    + CI: drop linters from Travis CI (moved to GH Actions) (#1530)
      [Paride Legovini]
    + sources/azure: remove unused encoding support for customdata (#1526)
      [Chris Patterson]
    + sources/azure: remove unused metadata captured when parsing ovf
      (#1524) [Chris Patterson]
    + sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
      [Chris Patterson]
    + Remove extra space from ec2 dual stack crawl message (#1521)
    + tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
      [Chris Patterson]
    + setup.py: adjust udev/rules default path (#1513)
      [Emanuele Giuseppe Esposito]
    + Add python3-deconf dependency (#1506) [Alberto Contreras]
    + Change match macadress param for network v2 config (#1518)
      [Henrique Caricatti Capozzi]
    + sources/azure: remove unused userdata property from ovf (#1516)
      [Chris Patterson]
    + sources/azure: minor refactoring to network config generation (#1497)
      [Chris Patterson]
    + net: Implement link-local ephemeral ipv6
    + Rename function ...

This bug is believed to be fixed in cloud-init in version 22.3. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

What is the relationship between the current bug and CVE-2022-2084? I found out they were related.

https://launchpad.net/bugs/cve/CVE-2022-2084

The CVE as added by mistake, likely because of the bot comment including the CVE number in a changelog description. I'm removing the link.

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/3985