[Bug 615545] Re: Instances launched in a VPC cannot access ec2.archive.ubuntu.com
Scott Moser
smoser at ubuntu.com
Mon Dec 5 19:25:33 UTC 2011
** Description changed:
sources.list is helpfully configured to us-east-1.ec2.archive.ubuntu.com
for instances that I launch in US-EAST-1 on EC2. However, instances
launched in a Virtual Private Cloud (VPC) can only access machines in
their local subnet, private machines on the connected LAN, and the
Internet via the VPC tunnel.
Because us-east-1.ec2.archive.ubuntu.com resolves to an internal EC2
10.0.0.0/8 address, instances launched in a VPC will be unable to
perform any apt operations. The user must update sources.list to point
to us.archive.ubuntu.com to use apt.
Proposed solution:
1) Detect that the machine was launched in a VPC. I'm not sure what the ideal way to determine this is without doing a DescribeInstances. But I did notice that when in a VPC, curl http://169.254.169.254/latest/meta-data/ does not have public-ipv4 and public-hostname listed as a possibility. So perhaps the absence of these could be used to determine it was in a VPC.
2) Fallback to the public us.archive.ubuntu.com (or whatever region appropriate) if us-east-1.ec2.archive.ubuntu.com cannot be reached.
+
+ === SRU Information ===
+ [Impact]
+ After launch of an instance in a VPC (virtual private cloud) of EC2, the user must update /etc/apt/sources.list, as cloud-init has selected a mirror that is not available to the instance.
+
+ [Development Fix] The simple fix is to query the EC2 metadata service
+ and determine if the instance has booted inside VPC (is_vpc). If so,
+ use the fallback apt source rather than the EC2 specific region source.
+ This was added to in the 10.10 cycle.
+
+ [Stable Fix]
+ Same as development fix.
+
+ [Test Case]
+ * a.) Boot instance in EC2 in a VPC
+ * b.) Boot instance in EC2 not in a VPC
+ * Instance 'a' should have 'archive.ubuntu.com' in /etc/apt/sources.list
+ * grep "http://archive.ubuntu.com" /etc/apt/sources.list
+ * Instance 'b' should have '<region>.ec2.archive.ubuntu.com' in /etc/apt/sources.list
+ * az=$(wget http://instance-data/latest/meta-data/placement/availability-zone -O - -q)
+ * region=${az%?} ; # az="us-east-1a", region="us-east-1"
+ * grep "http://$region.ec2.archive.ubuntu.com" /etc/apt/sources.list
+
+ [Regression Potential]
+ Inside of EC2, the regression potential is almost non-existant. This exact same fix has been in since 10.10.
+ Outside of EC2, the potential for regression would be in EC2-like clouds that have a metadata service that looks similar to EC2's. Since the fix has been in for > 18 months, the chance of this scenario causing failure is very low.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/615545
Title:
Instances launched in a VPC cannot access ec2.archive.ubuntu.com
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/615545/+subscriptions
More information about the Ubuntu-server-bugs
mailing list