yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87540
[Bug 1948984] [NEW] os-login will not work in GCP ubuntu image after cloud-init gets updated during image creation
Public bug reported:
In GCP when you use packer to build up an image based on ubuntu-
minimal-2004-lts with enable-oslogin set to false and run apt-get -Y
upgrade, if cloud-init is upgraded, os-login will not work in VMs that
use that image in the future.
Be aware that using oslogin set to false during image build time is a
common practice.
Bellow is a complete packer config file as an example.
Run it with:
$ packer build -example.pkr.hcl
example.pkr.hcl:
locals {
build_disk_size = 20
build_disk_type = "pd-ssd"
build_machine_type = "n1-standard-1"
build_network = "your-config-here"
build_project = "your-config-here"
build_ssh_username = "your-config-here"
build_subnetwork = "your-config-here"
build_service_account = "your-config-here"
build_region = "your-config-here"
image_datestamp = formatdate("YYYYMMDD-hhmm", timestamp())
scopes = [
"https://www.googleapis.com/auth/userinfo.email";,
"https://www.googleapis.com/auth/cloud-platform";,
"https://www.googleapis.com/auth/compute";,
"https://www.googleapis.com/auth/devstorage.full_control";
]
}
source "googlecompute" "example-test" {
disk_size = local.build_disk_size
disk_type = local.build_disk_type
image_description = "example example image"
image_family = "example-test"
image_name = "example-test-${local.image_datestamp}"
image_storage_locations = ["us"]
machine_type = local.build_machine_type
metadata = {
enable-oslogin = "false"
}
network = local.build_network
omit_external_ip = true
project_id = local.build_project
region = local.build_region
scopes = local.scopes
service_account_email = local.build_service_account
source_image_family = "ubuntu-minimal-2004-lts"
ssh_username = local.build_ssh_username
subnetwork = local.build_subnetwork
use_internal_ip = true
zone = "${local.build_region}-a"
}
build {
sources = ["source.googlecompute.example-test"]
provisioner "shell" {
inline_shebang = "/bin/bash -e"
inline = [
"function apt-workaround { while [[ $(ps aux | grep 'apt-ge[t]' | wc -l) -gt 1 ]]; do sleep 1s; done }",
"apt-workaround && sudo apt-get update && sudo apt-get upgrade -y",
]
}
}
Expected result: All packages will be upgraded, including cloud-init,
and os-login will work as configured in GCP.
Actual result: Regardless if you have os-login enabled by default in
that project, it won't work on VMs using that image.
Workaround: Exclude the cloud-init package from the apt-get upgrade using the following:
sudo apt-mark hold cloud-init.
** Affects: cloud-init
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1948984
Title:
os-login will not work in GCP ubuntu image after cloud-init gets
updated during image creation
Status in cloud-init:
New
Bug description:
In GCP when you use packer to build up an image based on ubuntu-
minimal-2004-lts with enable-oslogin set to false and run apt-get -Y
upgrade, if cloud-init is upgraded, os-login will not work in VMs that
use that image in the future.
Be aware that using oslogin set to false during image build time is a
common practice.
Bellow is a complete packer config file as an example.
Run it with:
$ packer build -example.pkr.hcl
example.pkr.hcl:
locals {
build_disk_size = 20
build_disk_type = "pd-ssd"
build_machine_type = "n1-standard-1"
build_network = "your-config-here"
build_project = "your-config-here"
build_ssh_username = "your-config-here"
build_subnetwork = "your-config-here"
build_service_account = "your-config-here"
build_region = "your-config-here"
image_datestamp = formatdate("YYYYMMDD-hhmm", timestamp())
scopes = [
"https://www.googleapis.com/auth/userinfo.email";,
"https://www.googleapis.com/auth/cloud-platform";,
"https://www.googleapis.com/auth/compute";,
"https://www.googleapis.com/auth/devstorage.full_control";
]
}
source "googlecompute" "example-test" {
disk_size = local.build_disk_size
disk_type = local.build_disk_type
image_description = "example example image"
image_family = "example-test"
image_name = "example-test-${local.image_datestamp}"
image_storage_locations = ["us"]
machine_type = local.build_machine_type
metadata = {
enable-oslogin = "false"
}
network = local.build_network
omit_external_ip = true
project_id = local.build_project
region = local.build_region
scopes = local.scopes
service_account_email = local.build_service_account
source_image_family = "ubuntu-minimal-2004-lts"
ssh_username = local.build_ssh_username
subnetwork = local.build_subnetwork
use_internal_ip = true
zone = "${local.build_region}-a"
}
build {
sources = ["source.googlecompute.example-test"]
provisioner "shell" {
inline_shebang = "/bin/bash -e"
inline = [
"function apt-workaround { while [[ $(ps aux | grep 'apt-ge[t]' | wc -l) -gt 1 ]]; do sleep 1s; done }",
"apt-workaround && sudo apt-get update && sudo apt-get upgrade -y",
]
}
}
Expected result: All packages will be upgraded, including cloud-init,
and os-login will work as configured in GCP.
Actual result: Regardless if you have os-login enabled by default in
that project, it won't work on VMs using that image.
Workaround: Exclude the cloud-init package from the apt-get upgrade using the following:
sudo apt-mark hold cloud-init.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1948984/+subscriptions
Follow ups
