← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1660385] Re: Alert user of Ec2 Datasource on lookalike cloud

 

This bug was fixed in the package cloud-init -
0.7.9-48-g1c795b9-0ubuntu1~16.10.1

---------------
cloud-init (0.7.9-48-g1c795b9-0ubuntu1~16.10.1) yakkety; urgency=medium

  * debian/rules: install Z99-cloudinit-warnings.sh to /etc/profile.d
  * debian/patches/ds-identify-behavior-yakkety.patch: adjust default
    behavior of ds-identify for SRU (LP: #1669675, #1660385).
  * New upstream snapshot.
    - Support warning if the used datasource is not in ds-identify's list
      (LP: #1669675).
    - DatasourceEc2: add warning message when not on AWS. (LP: #1660385)
    - Z99-cloudinit-warnings: Add profile.d script for showing warnings on
    - Z99-cloud-locale-test.sh: convert tabs to spaces, remove unneccesary
      execute bit in permissions.
    - (RedHat) net: correct errors in cloudinit/net/sysconfig.py
      [Lars Kellogg-Stedman]
    - ec2_utils: fix MetadataLeafDecoder that returned bytes on empty
    - Fix eni rendering of multiple IPs per interface [Ryan Harper]
      (LP: #1657940)
    - Add 3 ecdsa-sha2-nistp* ssh key types now that they are standardized
      [Lars Kellogg-Stedman]
    - EC2: Do not cache security credentials on disk [Andrew Jorgensen]
      (LP: #1638312)
    - OpenStack: Use timeout and retries from config in get_data.
      [Lars Kellogg-Stedman] (LP: #1657130)
    - Fixed Misc issues related to VMware customization. [Sankar Tanguturi]
    - (RedHat) Use dnf instead of yum when available [Lars Kellogg-Stedman]
    - Get early logging logged, including failures of cmdline url.
    - test / doc / build environment changes
      - Remove style checking during build and add latest style checks to
        tox [Joshua Powers]
      - code-style: make master pass pycodestyle (2.3.1) cleanly, currently
        [Joshua Powers]
      - Fix small typo and change iso-filename for consistency
      - tools/mock-meta: support python2 or python3 and ipv6 in both.
      - tests: remove executable bit on test_net, so it runs, and fix it.
      - tests: No longer monkey patch httpretty for python 3.4.2
      - reset httppretty for each test [Lars Kellogg-Stedman]
      - build: fix running Make on a branch with tags other than master
      - doc: Fix typos and clarify some aspects of the part-handler
        [Erik M. Bray]
      - doc: add some documentation on OpenStack datasource.
      - Fix minor docs typo: perserve > preserve [Jeremy Bicha]
      - validate-yaml: use python rather than explicitly python3

 -- Scott Moser <smoser@xxxxxxxxxx>  Mon, 06 Mar 2017 16:37:28 -0500

** Changed in: cloud-init (Ubuntu Yakkety)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1660385

Title:
  Alert user of Ec2 Datasource on lookalike cloud

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  Opportunistic polling of the Ec2 Metadata service, which lives at
  169.254.169.254 can be problematic for numerous reasons including timeouts.

  In this first phase of SRU, the code that has been added will be set to
  a warn-only mode.

  In 16.04, if cloud-init finds it is using a EC2 Metadata Service but
  not running on Amazon AWS, it will warn the user.

  In 16.10, it will warn the user and sleep 10 seconds to increase the
  likelyhood of being noticed.

  [Test Case]

  a.) check warnings are seen on openstack configured to use ec2
   - launch instance on openstack (it will use OpenStack MD)
   - enable proposed upgrade
   - rm -Rf /var/lib/cloud /var/log/cloud-init*
   - dpkg-reconfigure cloud-init
     # select 'Ec2' and 'None' only
   - sudo reboot
   - ssh in. you should see a warning.
     The warning instructs you to silence the warning by putting
     the following in /etc/cloud/cloud.cfg.d/99-ec2-datasource.cfg. Do that.
      | datasource:
      |  Ec2:
      |   strict_id: false
   - rm -Rf /var/lib/cloud/ /var/log/cloud*
   - reboot
   - ssh in. you should not see a warning.

  
  [Regression Potential]
  There is real regression potential here.  That is why we have announced
  this fairly widely and also are putting this into place with warnings
  only first.

  After some time is passed, further SRUs will put more strict behavior
  in place.

  [Other Info]
  We've announced this fairly widely on mailing lists
   https://lists.ubuntu.com/archives/ubuntu-devel/2017-February/039697.html
  === End SRU Template ===

  Many cloud providers mimic the EC2 Metadata service [1] in order to
  provide a level of EC2 compatibility for images.  This is quite useful and
  allows image portability.

  Because this is a network based metadata service, cloud-init
  opportunistically poll an IPv4 link local address (http://169.254.169.254)
  to determine if there is metadata available.  That can have negative side
  affects such as timeouts.

  AWS has recently begun providing a way for instances to determine if they
  are running on EC2 [2].

  Cloud-init will change its behavior to attempt to find the EC2 metadata
  service only if it has determined itself to be running on EC2 or another
  known cloud provider which provides an EC2 metadata service.

  For more information, please see:
    https://lists.ubuntu.com/archives/ubuntu-devel/2017-February/039697.html

  --
  [1] http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
  [2] http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/identify_ec2_instances.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1660385/+subscriptions


References