yahoo-eng-team team mailing list archive

[Launchpad Bug Tracker <1948984@xxxxxxxxxxxxxxxxxx>]

[Expired for cloud-init because there has been no activity for 60 days.]

** Changed in: cloud-init
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1948984

Title:
  os-login will not work in GCP ubuntu image after cloud-init gets
  updated during image creation

Status in cloud-init:
  Expired

Bug description:
  In GCP when you use packer to build up an image based on ubuntu-
  minimal-2004-lts with enable-oslogin set to false and run apt-get -Y
  upgrade, if cloud-init is upgraded, os-login will not work in VMs that
  use that image in the future.

  Be aware that using oslogin set to false during image build time is a
  common practice.

  Bellow is a complete packer config file as an example.

  Run it with: 
  $ packer build -example.pkr.hcl

  
  example.pkr.hcl:
  locals {
    build_disk_size       = 20
    build_disk_type       = "pd-ssd"
    build_machine_type    = "n1-standard-1"
    build_network         = "your-config-here"
    build_project         = "your-config-here"
    build_ssh_username    = "your-config-here"
    build_subnetwork      = "your-config-here"
    build_service_account = "your-config-here"
    build_region          = "your-config-here"
    image_datestamp       = formatdate("YYYYMMDD-hhmm", timestamp())
    scopes = [
      "https://www.googleapis.com/auth/userinfo.email";,
      "https://www.googleapis.com/auth/cloud-platform";,
      "https://www.googleapis.com/auth/compute";,
      "https://www.googleapis.com/auth/devstorage.full_control";
    ]
  }

  source "googlecompute" "example-test" {
    disk_size               = local.build_disk_size
    disk_type               = local.build_disk_type
    image_description       = "example example image"
    image_family            = "example-test"
    image_name              = "example-test-${local.image_datestamp}"
    image_storage_locations = ["us"]
    machine_type            = local.build_machine_type
    metadata = {
      enable-oslogin = "false"
    }
    network               = local.build_network
    omit_external_ip      = true
    project_id            = local.build_project
    region                = local.build_region
    scopes                = local.scopes
    service_account_email = local.build_service_account
    source_image_family   = "ubuntu-minimal-2004-lts"
    ssh_username          = local.build_ssh_username
    subnetwork            = local.build_subnetwork
    use_internal_ip       = true
    zone                  = "${local.build_region}-a"
  }

  build {
    sources = ["source.googlecompute.example-test"]

    provisioner "shell" {
      inline_shebang = "/bin/bash -e"
      inline = [
        "function apt-workaround { while [[ $(ps aux | grep 'apt-ge[t]' | wc -l) -gt 1 ]]; do sleep 1s; done }",
        "apt-workaround && sudo apt-get update && sudo apt-get upgrade -y",
     ]
    }
  }

  Expected result: All packages will be upgraded, including cloud-init,
  and os-login will work as configured in GCP.

  Actual result: Regardless if you have os-login enabled by default in
  that project, it won't work on VMs using that image.

  Workaround: Exclude the cloud-init package from the apt-get upgrade using the following:
  sudo apt-mark hold cloud-init.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1948984/+subscriptions