| 2012-04-05 18:31:55 |
Chuck Short |
bug |
|
|
added bug |
| 2012-04-12 10:18:46 |
James Page |
cloud-init (Ubuntu): importance |
Undecided |
Low |
|
| 2012-05-09 19:36:14 |
Launchpad Janitor |
cloud-init (Ubuntu): status |
New |
Confirmed |
|
| 2012-05-09 19:42:59 |
Patrick Hetu |
bug |
|
|
added subscriber Patrick Hetu |
| 2012-06-25 13:53:40 |
Scott Moser |
summary |
Issues resolving ubuntu archives. |
cloud-init selects wrong mirror with dns server redirection |
|
| 2012-07-06 13:17:23 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2012-07-06 13:46:30 |
Scott Moser |
bug task added |
|
cloud-init |
|
| 2012-08-03 18:36:16 |
Launchpad Janitor |
branch linked |
|
lp:cloud-init |
|
| 2012-08-03 18:57:31 |
Scott Moser |
cloud-init: status |
New |
Fix Committed |
|
| 2012-08-03 19:00:13 |
Launchpad Janitor |
cloud-init (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2012-08-06 14:53:59 |
Scott Moser |
nominated for series |
|
Ubuntu Precise |
|
| 2012-08-06 14:53:59 |
Scott Moser |
bug task added |
|
cloud-init (Ubuntu Precise) |
|
| 2012-08-06 14:54:34 |
Scott Moser |
cloud-init (Ubuntu Precise): importance |
Undecided |
Medium |
|
| 2012-08-06 14:54:34 |
Scott Moser |
cloud-init (Ubuntu Precise): status |
New |
Triaged |
|
| 2012-08-06 14:54:34 |
Scott Moser |
cloud-init (Ubuntu Precise): assignee |
|
Scott Moser (smoser) |
|
| 2012-08-16 13:33:19 |
Scott Moser |
cloud-init: importance |
Undecided |
Medium |
|
| 2012-08-23 05:07:58 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/cloud-init |
|
| 2012-10-01 18:24:11 |
Scott Moser |
cloud-init: status |
Fix Committed |
Fix Released |
|
| 2012-10-12 20:01:27 |
Launchpad Janitor |
branch linked |
|
lp:~smoser/ubuntu/precise/cloud-init/sru |
|
| 2012-11-08 18:14:22 |
Scott Moser |
description |
Hi,
I have Rogers as an ISP in the great white north, and use their DNS servers. However they run DNS redirectors so that when you get a bad domain then it does bogus things to the hostname. Anyways this resolves in unresovalble hosts in my /etc/apt/sources.list when Im running an openstack instance.
ubuntu@server-5:/var/log$ host nov.ec2.archive.ubuntu.com
nov.ec2.archive.ubuntu.com has address 8.15.7.107
nov.ec2.archive.ubuntu.com has address 63.251.179.17
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
The console output is the following:
http://paste.ubuntu.com/916324/
If you have any questions please let me know.
Regards
chuck |
=== Begin SRU Information ===
[Impact]
* If a user launches an cloud-image in an environment where the DNS
server does DNS redirection (also known as DNS hijacking), then the
system will configure itself to use a mirror at
http://ubuntu-mirror/ubuntu .
This behavior was by design in cloud-init. It was intended to allow
a cloud provider to set up a mirror at 'ubuntu-mirror' and have
cloud-init select the mirror transparently. However, this causes
failure if dns hijacking ins being used.
* The fix is two fold:
a.) cloud-init's code that checks for DNS entries is now protected
by logic that detects the dns hijacking and does not consider
such entries as valid.
b.) the selection of the "search dns for 'ubuntu-mirror'" behavior
has been disabled by default.
[Test Case]
* download cloud image from cloud-images.ubuntu.com, and convert for use
$ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/"
$ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig
$ qemu-img convert -O raw disk.img.orig disk.raw.dist
* have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or
just have a service provider that uses dns hijacking)
I used dnsmasq on a server system, and can control this by adding entries
to /etc/hosts. You need to be able to configure your system such
that 'host ubuntu-mirror' returns something:
$ host ubuntu-mirror
ubuntu-mirror has address 192.168.1.1
* boot kvm guest (cloud-localds from 12.10 cloud-utils)
$ qemu-img create -f qcow2 disk.img disk.raw.dist
# this user-data just sets password so you can log in
$ cat user-data.txt
#cloud-config
password: passw0rd
chpasswd: { expire: False }
ssh_pwauth: True
$ cloud-localds seed.img user-data.txt
$ kvm -m 512 -curses -drive file=seed.img,if=virtio \
-drive file=disk.img,if=virtio
* login and see problem.
looking at sources.list will show 'ubuntu-mirror' entry
[Regression Potential]
* A regression is possible due to this designed change in behavior. If
someone was expecting the 'ubuntu-mirror' mirror to be automatically
located they will subsequently have to take different means to
accomplish this. That can be either:
a.) modifying the image to set 'apt_mirror_search_dns: true'
b.) doing 'a' through user-data user-data
* The change made in quantal was tested for regression as described in
comment 5 below.
[Other Info]
* The changes here also enable 2 other fixes
* allowing region/availability-zone to be part of mirror (bug 1037727)
* making mirror selection arch aware (bug #1028501)
=== End SRU Information ===
=== original bug report ===
Hi,
I have Rogers as an ISP in the great white north, and use their DNS servers. However they run DNS redirectors so that when you get a bad domain then it does bogus things to the hostname. Anyways this resolves in unresovalble hosts in my /etc/apt/sources.list when Im running an openstack instance.
ubuntu@server-5:/var/log$ host nov.ec2.archive.ubuntu.com
nov.ec2.archive.ubuntu.com has address 8.15.7.107
nov.ec2.archive.ubuntu.com has address 63.251.179.17
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
The console output is the following:
http://paste.ubuntu.com/916324/
If you have any questions please let me know.
Regards
chuck |
|
| 2012-12-10 23:05:37 |
Steve Langasek |
cloud-init (Ubuntu Precise): status |
Triaged |
Fix Committed |
|
| 2012-12-10 23:05:38 |
Steve Langasek |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2012-12-10 23:05:41 |
Steve Langasek |
bug |
|
|
added subscriber SRU Verification |
| 2012-12-10 23:05:48 |
Steve Langasek |
tags |
|
verification-needed |
|
| 2012-12-12 20:26:07 |
Scott Moser |
description |
=== Begin SRU Information ===
[Impact]
* If a user launches an cloud-image in an environment where the DNS
server does DNS redirection (also known as DNS hijacking), then the
system will configure itself to use a mirror at
http://ubuntu-mirror/ubuntu .
This behavior was by design in cloud-init. It was intended to allow
a cloud provider to set up a mirror at 'ubuntu-mirror' and have
cloud-init select the mirror transparently. However, this causes
failure if dns hijacking ins being used.
* The fix is two fold:
a.) cloud-init's code that checks for DNS entries is now protected
by logic that detects the dns hijacking and does not consider
such entries as valid.
b.) the selection of the "search dns for 'ubuntu-mirror'" behavior
has been disabled by default.
[Test Case]
* download cloud image from cloud-images.ubuntu.com, and convert for use
$ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/"
$ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig
$ qemu-img convert -O raw disk.img.orig disk.raw.dist
* have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or
just have a service provider that uses dns hijacking)
I used dnsmasq on a server system, and can control this by adding entries
to /etc/hosts. You need to be able to configure your system such
that 'host ubuntu-mirror' returns something:
$ host ubuntu-mirror
ubuntu-mirror has address 192.168.1.1
* boot kvm guest (cloud-localds from 12.10 cloud-utils)
$ qemu-img create -f qcow2 disk.img disk.raw.dist
# this user-data just sets password so you can log in
$ cat user-data.txt
#cloud-config
password: passw0rd
chpasswd: { expire: False }
ssh_pwauth: True
$ cloud-localds seed.img user-data.txt
$ kvm -m 512 -curses -drive file=seed.img,if=virtio \
-drive file=disk.img,if=virtio
* login and see problem.
looking at sources.list will show 'ubuntu-mirror' entry
[Regression Potential]
* A regression is possible due to this designed change in behavior. If
someone was expecting the 'ubuntu-mirror' mirror to be automatically
located they will subsequently have to take different means to
accomplish this. That can be either:
a.) modifying the image to set 'apt_mirror_search_dns: true'
b.) doing 'a' through user-data user-data
* The change made in quantal was tested for regression as described in
comment 5 below.
[Other Info]
* The changes here also enable 2 other fixes
* allowing region/availability-zone to be part of mirror (bug 1037727)
* making mirror selection arch aware (bug #1028501)
=== End SRU Information ===
=== original bug report ===
Hi,
I have Rogers as an ISP in the great white north, and use their DNS servers. However they run DNS redirectors so that when you get a bad domain then it does bogus things to the hostname. Anyways this resolves in unresovalble hosts in my /etc/apt/sources.list when Im running an openstack instance.
ubuntu@server-5:/var/log$ host nov.ec2.archive.ubuntu.com
nov.ec2.archive.ubuntu.com has address 8.15.7.107
nov.ec2.archive.ubuntu.com has address 63.251.179.17
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
The console output is the following:
http://paste.ubuntu.com/916324/
If you have any questions please let me know.
Regards
chuck |
=== Begin SRU Information ===
[Impact]
* If a user launches an cloud-image in an environment where the DNS
server does DNS redirection (also known as DNS hijacking), then the
system will configure itself to use a mirror at
http://ubuntu-mirror/ubuntu .
This behavior was by design in cloud-init. It was intended to allow
a cloud provider to set up a mirror at 'ubuntu-mirror' and have
cloud-init select the mirror transparently. However, this causes
failure if dns hijacking ins being used.
* The fix is two fold:
a.) cloud-init's code that checks for DNS entries is now protected
by logic that detects the dns hijacking and does not consider
such entries as valid.
b.) the selection of the "search dns for 'ubuntu-mirror'" behavior
has been disabled by default.
[Test Case]
* download cloud image from cloud-images.ubuntu.com, and convert for use
$ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/"
$ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig
$ qemu-img convert -O raw disk.img.orig disk.raw.dist
* have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or
just have a service provider that uses dns hijacking)
I used dnsmasq on a server system, and can control this by adding entries
to /etc/hosts. You need to be able to configure your system such
that 'host ubuntu-mirror' returns something:
$ host ubuntu-mirror
ubuntu-mirror has address 192.168.1.1
* boot kvm guest (cloud-localds from 12.10 cloud-utils)
$ qemu-img create -f qcow2 -b disk.raw.dist disk.img
# this user-data just sets password so you can log in
$ cat user-data.txt
#cloud-config
password: passw0rd
chpasswd: { expire: False }
ssh_pwauth: True
$ cloud-localds seed.img user-data.txt
$ kvm -m 512 -curses -drive file=seed.img,if=virtio \
-drive file=disk.img,if=virtio
* login and see problem.
looking at sources.list will show 'ubuntu-mirror' entry
[Regression Potential]
* A regression is possible due to this designed change in behavior. If
someone was expecting the 'ubuntu-mirror' mirror to be automatically
located they will subsequently have to take different means to
accomplish this. That can be either:
a.) modifying the image to set 'apt_mirror_search_dns: true'
b.) doing 'a' through user-data user-data
* The change made in quantal was tested for regression as described in
comment 5 below.
[Other Info]
* The changes here also enable 2 other fixes
* allowing region/availability-zone to be part of mirror (bug 1037727)
* making mirror selection arch aware (bug #1028501)
=== End SRU Information ===
=== original bug report ===
Hi,
I have Rogers as an ISP in the great white north, and use their DNS servers. However they run DNS redirectors so that when you get a bad domain then it does bogus things to the hostname. Anyways this resolves in unresovalble hosts in my /etc/apt/sources.list when Im running an openstack instance.
ubuntu@server-5:/var/log$ host nov.ec2.archive.ubuntu.com
nov.ec2.archive.ubuntu.com has address 8.15.7.107
nov.ec2.archive.ubuntu.com has address 63.251.179.17
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
The console output is the following:
http://paste.ubuntu.com/916324/
If you have any questions please let me know.
Regards
chuck |
|
| 2012-12-12 21:04:44 |
Scott Moser |
tags |
verification-needed |
verification-done |
|
| 2013-01-08 19:16:29 |
Clint Byrum |
tags |
verification-done |
|
|
| 2013-01-08 19:16:30 |
Clint Byrum |
tags |
|
verification-needed |
|
| 2013-01-08 23:52:40 |
Scott Moser |
tags |
verification-needed |
verification-done |
|
| 2013-01-16 14:20:08 |
Colin Watson |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2013-01-16 14:20:17 |
Launchpad Janitor |
cloud-init (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2013-08-28 11:32:39 |
Launchpad Janitor |
branch linked |
|
lp:~ubuntu-branches/ubuntu/precise/cloud-init/precise-proposed |
|
| 2023-05-09 20:28:52 |
James Falcon |
bug watch added |
|
https://github.com/canonical/cloud-init/issues/2254 |
|
