yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1896532] Re: Ec2Datasource fails in environments without IMDSv2

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dan Watkins <1896532@xxxxxxxxxxxxxxxxxx>
Date: Tue, 05 Jan 2021 14:53:56 -0000
Reply-to: Bug 1896532 <1896532@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thanks for the update, David!  I'll move this to Invalid, as there is
now no work required on our end.  (If you don't think that's correct,
please do let us know, of course!)

** Changed in: cloud-init
       Status: Triaged => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1896532

Title:
  Ec2Datasource fails in environments without IMDSv2

Status in cloud-init:
  Invalid

Bug description:
  On AWS regions that do not have IMDSv2 available, cloud-init fails to
  read user-data via the Ec2Datasource.

  This bug was introduced in the following change:
  https://bugs.launchpad.net/cloud-init/+bug/1866290

  The change in that bug incorrectly assumes that a status code of 403
  means the IMDS is disabled entirely.

  > The Ec2 IMDSv2 latest/api/token route can be set as disabled and
  return a 403 indefinitely for an instance.

  In reality, there are some regions where IMDSv2 is currently
  unsupported. In those regions, a 403 is still returned, but IMDSv1 is
  enabled and working. The end result is that cloud-init versions later
  than 20.1-9-g1f860e5a-0ubuntu1 are unable to retrieve user-data from
  the IMDS in affected regions.

  I am unable to attach the requested log because the region where I
  observed this behavior is physically disconnected from the internet.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1896532/+subscriptions

References

[Bug 1896532] [NEW] Ec2Datasource fails in environments without IMDSv2
From: Patrick Oyarzun, 2020-09-21