[Bug 974509] Re: cloud-init selects wrong mirror with dns server redirection

Scott Moser smoser at ubuntu.com
Wed Dec 12 20:26:07 UTC 2012 

** Description changed:

  === Begin SRU Information ===
  [Impact]
-  * If a user launches an cloud-image in an environment where the DNS
-    server does DNS redirection (also known as DNS hijacking), then the
-    system will configure itself to use a mirror at
-    http://ubuntu-mirror/ubuntu .
+  * If a user launches an cloud-image in an environment where the DNS
+    server does DNS redirection (also known as DNS hijacking), then the
+    system will configure itself to use a mirror at
+    http://ubuntu-mirror/ubuntu .
  
-    This behavior was by design in cloud-init.  It was intended to allow
-    a cloud provider to set up a mirror at 'ubuntu-mirror' and have
-    cloud-init select the mirror transparently.  However, this causes
-    failure if dns hijacking ins being used.
+    This behavior was by design in cloud-init.  It was intended to allow
+    a cloud provider to set up a mirror at 'ubuntu-mirror' and have
+    cloud-init select the mirror transparently.  However, this causes
+    failure if dns hijacking ins being used.
  
-  * The fix is two fold:
-    a.) cloud-init's code that checks for DNS entries is now protected
-        by logic that detects the dns hijacking and does not consider
-        such entries as valid.
-    b.) the selection of the "search dns for 'ubuntu-mirror'" behavior
-        has been disabled by default.
+  * The fix is two fold:
+    a.) cloud-init's code that checks for DNS entries is now protected
+        by logic that detects the dns hijacking and does not consider
+        such entries as valid.
+    b.) the selection of the "search dns for 'ubuntu-mirror'" behavior
+        has been disabled by default.
  
  [Test Case]
-  * download cloud image from cloud-images.ubuntu.com, and convert for use
-    $ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/"
-    $ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig
-    $ qemu-img convert -O raw disk.img.orig disk.raw.dist
+  * download cloud image from cloud-images.ubuntu.com, and convert for use
+    $ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/"
+    $ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig
+    $ qemu-img convert -O raw disk.img.orig disk.raw.dist
  
-  * have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or
-    just have a service provider that uses dns hijacking)
+  * have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or
+    just have a service provider that uses dns hijacking)
  
-    I used dnsmasq on a server system, and can control this by adding entries
-    to /etc/hosts. You need to be able to configure your system such
-    that 'host ubuntu-mirror' returns something:
-    $ host ubuntu-mirror
-    ubuntu-mirror has address 192.168.1.1
+    I used dnsmasq on a server system, and can control this by adding entries
+    to /etc/hosts. You need to be able to configure your system such
+    that 'host ubuntu-mirror' returns something:
+    $ host ubuntu-mirror
+    ubuntu-mirror has address 192.168.1.1
  
-  * boot kvm guest (cloud-localds from 12.10 cloud-utils)
-    $ qemu-img create -f qcow2 disk.img disk.raw.dist
-    # this user-data just sets password so you can log in
-    $ cat user-data.txt
-    #cloud-config
-    password: passw0rd
-    chpasswd: { expire: False }
-    ssh_pwauth: True
+  * boot kvm guest (cloud-localds from 12.10 cloud-utils)
+    $ qemu-img create -f qcow2 -b disk.raw.dist disk.img
+    # this user-data just sets password so you can log in
+    $ cat user-data.txt
+    #cloud-config
+    password: passw0rd
+    chpasswd: { expire: False }
+    ssh_pwauth: True
  
-    $ cloud-localds seed.img user-data.txt
-    $ kvm -m 512 -curses -drive file=seed.img,if=virtio \
-       -drive file=disk.img,if=virtio
+    $ cloud-localds seed.img user-data.txt
+    $ kvm -m 512 -curses -drive file=seed.img,if=virtio \
+       -drive file=disk.img,if=virtio
  
-  * login and see problem.
-    looking at sources.list will show 'ubuntu-mirror' entry
+  * login and see problem.
+    looking at sources.list will show 'ubuntu-mirror' entry
  
  [Regression Potential]
-  * A regression is possible due to this designed change in behavior.  If
-    someone was expecting the 'ubuntu-mirror' mirror to be automatically
-    located they will subsequently have to take different means to
-    accomplish this.  That can be either:
-     a.) modifying the image to set 'apt_mirror_search_dns: true'
-     b.) doing 'a' through user-data user-data
-  * The change made in quantal was tested for regression as described in
-    comment 5 below.
+  * A regression is possible due to this designed change in behavior.  If
+    someone was expecting the 'ubuntu-mirror' mirror to be automatically
+    located they will subsequently have to take different means to
+    accomplish this.  That can be either:
+     a.) modifying the image to set 'apt_mirror_search_dns: true'
+     b.) doing 'a' through user-data user-data
+  * The change made in quantal was tested for regression as described in
+    comment 5 below.
  
  [Other Info]
-  * The changes here also enable 2 other fixes
-     * allowing region/availability-zone to be part of mirror (bug 1037727)
-     * making mirror selection arch aware (bug #1028501)
+  * The changes here also enable 2 other fixes
+     * allowing region/availability-zone to be part of mirror (bug 1037727)
+     * making mirror selection arch aware (bug #1028501)
  
  === End SRU Information ===
- 
  
  === original bug report ===
  Hi,
  
  I have Rogers as an ISP in the great white north, and use their DNS
  servers. However they run DNS redirectors so that when you get a bad
  domain then it does bogus things to the hostname. Anyways this resolves
  in unresovalble hosts in my /etc/apt/sources.list when Im running an
  openstack instance.
  
  ubuntu at server-5:/var/log$ host nov.ec2.archive.ubuntu.com
  nov.ec2.archive.ubuntu.com has address 8.15.7.107
  nov.ec2.archive.ubuntu.com has address 63.251.179.17
  Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
  Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN)
  
  The console output is the following:
  
  http://paste.ubuntu.com/916324/
  
  If you have any questions please let me know.
  
  Regards
  chuck

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/974509

Title:
  cloud-init selects wrong mirror with dns server redirection

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/974509/+subscriptions

More information about the Ubuntu-server-bugs mailing list