yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #00283
[Bug 974509] Re: cloud-init selects wrong mirror with dns server redirection
This bug was fixed in the package cloud-init - 0.6.3-0ubuntu1.3
---------------
cloud-init (0.6.3-0ubuntu1.3) precise-proposed; urgency=low
* debian/patches/lp-1070345-landscape-restart-after-change.patch,
debian/patches/lp-1066115-landscape-install-fix-perms.patch:
fix missing or incorrect imports (LP: #1070345, LP: #1066115).
cloud-init (0.6.3-0ubuntu1.2) precise-proposed; urgency=low
* debian/patches/lp-978127-maas-oauth-fix-bad-clock.patch: fix usage of
oauth in maas data source if local system has a bad clock (LP: #978127)
* debian/cloud-init.preinst: fix bug where user data scripts re-ran on
upgrade from 10.04 versions (LP: #1049146)
* debian/patches/lp-974509-detect-dns-server-redirection.patch: detect dns
server redirection and disable searching dns for a mirror named
'ubuntu-mirror' (LP: #974509)
* debian/patches/lp-1018554-shutdown-message-to-console.patch: write a
message to the console on system shutdown. (LP: #1018554)
* debian/patches/lp-1066115-landscape-install-fix-perms.patch: install
landscape package if needed which will ensure proper permissions on config
file (LP: #1066115).
* debian/patches/lp-1070345-landscape-restart-after-change.patch: restart
landscape after modifying config (LP: #1070345)
* debian/patches/lp-1073077-zsh-workaround-for-locale_warn.patch: avoid
warning when user's shell is zsh (LP: #1073077)
* debian/patches/rework-mirror-selection.patch: improve mirror selection by:
* allowing region/availability-zone to be part of mirror (LP: #1037727)
* making mirror selection arch aware (LP: #1028501)
* allow specification of a security mirror (LP: #1006963)
-- Scott Moser <smoser@xxxxxxxxxx> Thu, 13 Dec 2012 12:16:56 -0500
** Changed in: cloud-init (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/974509
Title:
cloud-init selects wrong mirror with dns server redirection
Status in Init scripts for use on cloud images:
Fix Released
Status in “cloud-init” package in Ubuntu:
Fix Released
Status in “cloud-init” source package in Precise:
Fix Released
Bug description:
=== Begin SRU Information ===
[Impact]
* If a user launches an cloud-image in an environment where the DNS
server does DNS redirection (also known as DNS hijacking), then the
system will configure itself to use a mirror at
http://ubuntu-mirror/ubuntu .
This behavior was by design in cloud-init. It was intended to allow
a cloud provider to set up a mirror at 'ubuntu-mirror' and have
cloud-init select the mirror transparently. However, this causes
failure if dns hijacking ins being used.
* The fix is two fold:
a.) cloud-init's code that checks for DNS entries is now protected
by logic that detects the dns hijacking and does not consider
such entries as valid.
b.) the selection of the "search dns for 'ubuntu-mirror'" behavior
has been disabled by default.
[Test Case]
* download cloud image from cloud-images.ubuntu.com, and convert for use
$ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/";
$ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig
$ qemu-img convert -O raw disk.img.orig disk.raw.dist
* have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or
just have a service provider that uses dns hijacking)
I used dnsmasq on a server system, and can control this by adding entries
to /etc/hosts. You need to be able to configure your system such
that 'host ubuntu-mirror' returns something:
$ host ubuntu-mirror
ubuntu-mirror has address 192.168.1.1
* boot kvm guest (cloud-localds from 12.10 cloud-utils)
$ qemu-img create -f qcow2 -b disk.raw.dist disk.img
# this user-data just sets password so you can log in
$ cat user-data.txt
#cloud-config
password: passw0rd
chpasswd: { expire: False }
ssh_pwauth: True
$ cloud-localds seed.img user-data.txt
$ kvm -m 512 -curses -drive file=seed.img,if=virtio \
-drive file=disk.img,if=virtio
* login and see problem.
looking at sources.list will show 'ubuntu-mirror' entry
[Regression Potential]
* A regression is possible due to this designed change in behavior. If
someone was expecting the 'ubuntu-mirror' mirror to be automatically
located they will subsequently have to take different means to
accomplish this. That can be either:
a.) modifying the image to set 'apt_mirror_search_dns: true'
b.) doing 'a' through user-data user-data
* The change made in quantal was tested for regression as described in
comment 5 below.
[Other Info]
* The changes here also enable 2 other fixes
* allowing region/availability-zone to be part of mirror (bug 1037727)
* making mirror selection arch aware (bug #1028501)
=== End SRU Information ===
=== original bug report ===
Hi,
I have Rogers as an ISP in the great white north, and use their DNS
servers. However they run DNS redirectors so that when you get a bad
domain then it does bogus things to the hostname. Anyways this
resolves in unresovalble hosts in my /etc/apt/sources.list when Im
running an openstack instance.
ubuntu@server-5:/var/log$ host nov.ec2.archive.ubuntu.com
nov.ec2.archive.ubuntu.com has address 8.15.7.107
nov.ec2.archive.ubuntu.com has address 63.251.179.17
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
The console output is the following:
http://paste.ubuntu.com/916324/
If you have any questions please let me know.
Regards
chuck
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/974509/+subscriptions
