yahoo-eng-team team mailing list archive

[Jeffrey Walton <1922530@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Hi Everyone,

We are renting an Ubuntu 20 VM from IONOS. The VM is a webserver with
LAMP stack and a wiki. The machine has an external IPv4 address, but no
external IPv6 address. There's not much to it.

I'm trying to clamp the machine down using iptables. The initial
iptables was empty. I added some INPUT chain rules to allow SSH (22),
DHCP (68), HTTP (80), and HTTPS (443). The machine booted fine.

When I added a DROP rule at the end the machine took about 2:00 minutes
to boot. After the 2 minute delay the machine was fine.

Most of the time during the long boot was spent in cloud-init.service.

# iptable rule that causes the 2 minute boot
# tail -n 3 /etc/iptables/rules.v4
-A INPUT -j DROP
COMMIT

# systemd-analyze critical-chain
The time when unit became active or started is printed after the "@" character.
The time the unit took to start is printed after the "+" character.

graphical.target @2min 9.162s
└─multi-user.target @2min 9.162s
  └─apache2.service @2min 2.715s +6.446s
    └─basic.target @2min 2.704s
      └─sockets.target @2min 2.703s
        └─uuidd.socket @2min 2.702s
          └─sysinit.target @2min 2.686s
            └─cloud-init.service @11.358s +1min 51.325s
              └─networking.service @6.079s +5.275s
                └─network-pre.target @6.071s
                  └─cloud-init-local.service @3.401s +2.668s
                    └─open-vm-tools.service @3.391s
                      └─vgauth.service @3.376s
                        └─systemd-tmpfiles-setup.service @3.214s +88ms
                          └─local-fs.target @3.141s
                            └─boot.mount @3.099s +41ms
                              └─systemd-fsck@dev-disk-by\x2duuid-0905f2a6\x2d8b>
                                └─dev-disk-by\x2duuid-0905f2a6\x2d8b1e\x2d438d\>


I assume cloud-init needs to listen for something since adding the DROP affects the boot time.

I went to lookup the port numbers used by cloud-init, but I could not
find them. The docs I found are at
https://cloudinit.readthedocs.io/en/latest/.

My request is, please document the ports needed by cloud-init.

** Affects: cloud-init
     Importance: Undecided
         Status: New

** Attachment added: "/etc/iptables/rules.v4"
   https://bugs.launchpad.net/bugs/1922530/+attachment/5484133/+files/rules.v4

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1922530

Title:
  Docs do not list necessary ports for cloud-init

Status in cloud-init:
  New

Bug description:
  Hi Everyone,

  We are renting an Ubuntu 20 VM from IONOS. The VM is a webserver with
  LAMP stack and a wiki. The machine has an external IPv4 address, but
  no external IPv6 address. There's not much to it.

  I'm trying to clamp the machine down using iptables. The initial
  iptables was empty. I added some INPUT chain rules to allow SSH (22),
  DHCP (68), HTTP (80), and HTTPS (443). The machine booted fine.

  When I added a DROP rule at the end the machine took about 2:00
  minutes to boot. After the 2 minute delay the machine was fine.

  Most of the time during the long boot was spent in cloud-init.service.

  # iptable rule that causes the 2 minute boot
  # tail -n 3 /etc/iptables/rules.v4
  -A INPUT -j DROP
  COMMIT

  # systemd-analyze critical-chain
  The time when unit became active or started is printed after the "@" character.
  The time the unit took to start is printed after the "+" character.

  graphical.target @2min 9.162s
  └─multi-user.target @2min 9.162s
    └─apache2.service @2min 2.715s +6.446s
      └─basic.target @2min 2.704s
        └─sockets.target @2min 2.703s
          └─uuidd.socket @2min 2.702s
            └─sysinit.target @2min 2.686s
              └─cloud-init.service @11.358s +1min 51.325s
                └─networking.service @6.079s +5.275s
                  └─network-pre.target @6.071s
                    └─cloud-init-local.service @3.401s +2.668s
                      └─open-vm-tools.service @3.391s
                        └─vgauth.service @3.376s
                          └─systemd-tmpfiles-setup.service @3.214s +88ms
                            └─local-fs.target @3.141s
                              └─boot.mount @3.099s +41ms
                                └─systemd-fsck@dev-disk-by\x2duuid-0905f2a6\x2d8b>
                                  └─dev-disk-by\x2duuid-0905f2a6\x2d8b1e\x2d438d\>

  
  I assume cloud-init needs to listen for something since adding the DROP affects the boot time.

  I went to lookup the port numbers used by cloud-init, but I could not
  find them. The docs I found are at
  https://cloudinit.readthedocs.io/en/latest/.

  My request is, please document the ports needed by cloud-init.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1922530/+subscriptions