** Description changed: sources.list is helpfully configured to us-east-1.ec2.archive.ubuntu.com for instances that I launch in US-EAST-1 on EC2. However, instances launched in a Virtual Private Cloud (VPC) can only access machines in their local subnet, private machines on the connected LAN, and the Internet via the VPC tunnel. Because us-east-1.ec2.archive.ubuntu.com resolves to an internal EC2 10.0.0.0/8 address, instances launched in a VPC will be unable to perform any apt operations. The user must update sources.list to point to us.archive.ubuntu.com to use apt. Proposed solution: 1) Detect that the machine was launched in a VPC. I'm not sure what the ideal way to determine this is without doing a DescribeInstances. But I did notice that when in a VPC, curl http://169.254.169.254/latest/meta-data/ does not have public-ipv4 and public-hostname listed as a possibility. So perhaps the absence of these could be used to determine it was in a VPC. 2) Fallback to the public us.archive.ubuntu.com (or whatever region appropriate) if us-east-1.ec2.archive.ubuntu.com cannot be reached. + + === SRU Information === + [Impact] + After launch of an instance in a VPC (virtual private cloud) of EC2, the user must update /etc/apt/sources.list, as cloud-init has selected a mirror that is not available to the instance. + + [Development Fix] The simple fix is to query the EC2 metadata service + and determine if the instance has booted inside VPC (is_vpc). If so, + use the fallback apt source rather than the EC2 specific region source. + This was added to in the 10.10 cycle. + + [Stable Fix] + Same as development fix. + + [Test Case] + * a.) Boot instance in EC2 in a VPC + * b.) Boot instance in EC2 not in a VPC + * Instance 'a' should have 'archive.ubuntu.com' in /etc/apt/sources.list + * grep "http://archive.ubuntu.com" /etc/apt/sources.list + * Instance 'b' should have '<region>.ec2.archive.ubuntu.com' in /etc/apt/sources.list + * az=$(wget http://instance-data/latest/meta-data/placement/availability-zone -O - -q) + * region=${az%?} ; # az="us-east-1a", region="us-east-1" + * grep "http://$region.ec2.archive.ubuntu.com" /etc/apt/sources.list + + [Regression Potential] + Inside of EC2, the regression potential is almost non-existant. This exact same fix has been in since 10.10. + Outside of EC2, the potential for regression would be in EC2-like clouds that have a metadata service that looks similar to EC2's. Since the fix has been in for > 18 months, the chance of this scenario causing failure is very low.
-- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/615545 Title: Instances launched in a VPC cannot access ec2.archive.ubuntu.com To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/615545/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs