Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Firecracker Metadata Service + NoCloud source - API TOKEN required with MMDS v2 (v1 deprecated) #3973

Open
ubuntu-server-builder opened this issue May 12, 2023 · 1 comment
Open

Firecracker Metadata Service + NoCloud source - API TOKEN required with MMDS v2 (v1 deprecated) #3973

ubuntu-server-builder opened this issue May 12, 2023 · 1 comment
Labels
bug Something isn't working correctly launchpad Migrated from Launchpad

Comments

@ubuntu-server-builder
Copy link
Collaborator

This bug was originally filed in Launchpad as LP: #1972819

Launchpad details 
affected_projects = []
assignee = None
assignee_name = None
date_closed = None
date_created = 2022-05-10T10:34:41.283722+00:00
date_fix_committed = None
date_fix_released = None
id = 1972819
importance = undecided
is_complete = False
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1972819
milestone = None
owner = jaroslav-pulchart-4
owner_name = Jaroslav Pulchart
private = False
status = confirmed
submitter = jaroslav-pulchart-4
submitter_name = Jaroslav Pulchart
tags = []
duplicates = []

Launchpad user Jaroslav Pulchart(jaroslav-pulchart-4) wrote on 2022-05-10T10:34:41.283722+00:00

Hello,

I noticed the Firecracker 1.1.0 hypervisor announced MMDS v1 deprecation in favor of MMDS v2 (https://github.com/firecracker-microvm/firecracker/releases/tag/v1.1.0).

The MMDS v2 is a a session-oriented and request to get and use API_TOKEN like EC2 Metadata service IMDSv2.

Cloud-init can be used with firecracker medatada service using NoCloud data source as is described in https://ongres.com/blog/automation-to-run-vms-based-on-vanilla-cloud-images-on-firecracker/. However this is going to stop to work with MMDS v2 where the guest cannot get any user-data/meta-data by cloud-init any more due to missing API_TOKEN in request.

Can you please implement API_TOKEN feature into NoCloud data source?

Many thanks,
@ubuntu-server-builder ubuntu-server-builder added bug Something isn't working correctly launchpad Migrated from Launchpad labels May 12, 2023
@ubuntu-server-builder
Copy link
Collaborator Author

Launchpad user Brett Holman(holmanb) wrote on 2022-05-11T15:19:48.343812+00:00

Hi Jaroslav Pulchart,

Thanks for bringing this to our attention!

NoCloud is a fairly generic datasource implementation in cloud-init, which is why it "just works" for many different scenarios.

I agree that we should add support for v2, but I don't think that "implementing API_TOKEN feature into NoCloud data source" is the best approach (I'm happy to be proven otherwise). This would make the otherwise generic datasource implementation specific to firecracker. Personally, I think it's far more likely that modeling a new datasource off of the Ec2 IMDS (which currently uses a session token model) would be more appropriate for MMDSv2.

Thoughts?

Do you know the expected release timeline of v2.0.0? And if anybody is interested in contributing to help make this happen? The best docs I've seen so far around MMDSv2 are here[1]. Are you aware of any other documentation for implementation details that could help with implementation?

Thanks again for the report!

[1] https://github.com/firecracker-microvm/firecracker/blob/main/docs/mmds/mmds-user-guide.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working correctly launchpad Migrated from Launchpad
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ubuntu-server-builder