In 22.2 cloud-init fails when phone-home module does not have "tries" parameter

[ubuntu-server-builder]

This bug was originally filed in Launchpad as LP: #1977952

Launchpad details

affected_projects = ['cloud-init (Ubuntu)', 'cloud-init (Ubuntu Bionic)', 'cloud-init (Ubuntu Focal)', 'cloud-init (Ubuntu Impish)', 'cloud-init (Ubuntu Jammy)']
assignee = falcojr
assignee_name = James Falcon
date_closed = 2022-08-19T16:37:22.059475+00:00
date_created = 2022-06-08T09:02:04.593692+00:00
date_fix_committed = 2022-06-09T21:04:40.338589+00:00
date_fix_released = 2022-08-19T16:37:22.059475+00:00
id = 1977952
importance = high
is_complete = True
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1977952
milestone = None
owner = schmidtzsolti91
owner_name = Schmidt Zsolt
private = False
status = fix_released
submitter = schmidtzsolti91
submitter_name = Schmidt Zsolt
tags = ['verification-done', 'verification-done-bionic', 'verification-done-focal', 'verification-done-impish', 'verification-done-jammy']
duplicates = []

Launchpad user Schmidt Zsolt(schmidtzsolti91) wrote on 2022-06-08T09:02:04.593692+00:00

=== Begin SRU Template ===
[Impact]
The cloud-init "phone home" module contains an optional "tries" parameter. In release 22.2, this was accidentally changed to become mandatory. Any previously working cloud-config that didn't contain the "tries" parameter will now cause the module exit with exception. This happened because an overly broad exception handler for converting the 'tries' string to an int was changed to only raise on ValueError. However, if None (or any other non-string) is passed, a TypeError is raised, and this needs to be caught as well.

[Test Case]

1. Launch an Ubuntu instance on any cloud-init supported platform with the following userdata:

#cloud-config
phone_home:
url: http://192.168.1.1
post: all

2. By inspecting /var/log/cloud-init.log, ensure the phone home module attempts to make a web request, with the following log:
   url_helper.py[DEBUG]: [0/10] open 'http://192.168.1.1' with {'url': 'http://192.168.1.1', 'allow_redirects': True, 'method': 'POST', 'headers': {'User-Agent': 'Cloud-Init/22.2'}} configuration

[Regression Potential]
The parsing exceptions being caught should now be broad enough to handle any configuration we receive, but if not, we would still exit the module with exception.

[Other Info]
Github PR: #1500

=== End SRU Template ===

Initial bug:

Hi!

We have some user-data files where we use the phone-home module of cloud-init.
So far we did not use it's "tries" parameter and everything worked.
However now in version 22.2 there was a change which causes cloud-init to fail.
22.1...22.2#diff-a4aa83fbb946ba1ea7cf6c8dd5965cd62631dc9cb48d4baa50adddbfef06b82cL108

In our case this change in the exception handling throws a TypeError, instead of the ValueError that is excepted:

File "/usr/lib/python3/dist-packages/cloudinit/config/cc_phone_home.py", line 132, in handle
   tries = int(tries) # type: ignore
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

While we can add the "tries" parameter (and after that everything works just like before),
this exception should be handled properly.

Also according to guidelines:

1. Tell us your cloud provider
   None
2. Any appropriate cloud-init configuration you can provide us
   phone-home module
3. Perform the following on the system and attach it to this bug:
   no logs are necessary

Best regards:
Zsolt

[ubuntu-server-builder]

Launchpad user Schmidt Zsolt(schmidtzsolti91) wrote on 2022-06-08T09:03:37.267487+00:00

[ubuntu-server-builder]

Launchpad user Julien(xfennec) wrote on 2022-06-09T07:43:51.105819+00:00

We ran into the exact same issue.

All our VM creations suddenly starts failing yesterday, which was a bit surprising because that's why we were using LTS in the first place ;)

Adding the "tries" parameter to phone_home fixed the issue immediately.

[ubuntu-server-builder]

Launchpad user Chad Smith(chad.smith) wrote on 2022-06-09T17:38:24.534047+00:00

Upstream PR in flight on this, we expect a quick SRU release to fix this:
#1500

[ubuntu-server-builder]

Launchpad user Chad Smith(chad.smith) wrote on 2022-06-09T21:05:46.095867+00:00

Upstream commit landed that will address this issue
a2e6273

[ubuntu-server-builder]

Launchpad user Chad Smith(chad.smith) wrote on 2022-06-09T21:13:24.863613+00:00

cloud-init version 22.2-30 has been uploaded to Ubuntu 22.10 Kinetic.

We plan to queue uploads of cloud-init with this specific fix into Ubuntu 18.04. 20.04, 21.10 and 22.04. These fixes should updated cloudimages within a week.

[ubuntu-server-builder]

Launchpad user Steve Langasek(vorlon) wrote on 2022-06-10T18:48:23.930076+00:00

Hello Schmidt, or anyone else affected,

Accepted cloud-init into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~22.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

[ubuntu-server-builder]

Launchpad user Steve Langasek(vorlon) wrote on 2022-06-10T18:50:48.792639+00:00

Hello Schmidt, or anyone else affected,

Accepted cloud-init into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~21.10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-impish. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

[ubuntu-server-builder]

Launchpad user Steve Langasek(vorlon) wrote on 2022-06-10T18:51:57.666458+00:00

Hello Schmidt, or anyone else affected,

Accepted cloud-init into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~20.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

[ubuntu-server-builder]

Launchpad user Steve Langasek(vorlon) wrote on 2022-06-10T18:54:46.283876+00:00

Hello Schmidt, or anyone else affected,

Accepted cloud-init into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/22.2-0ubuntu1~18.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

[ubuntu-server-builder]

Launchpad user James Falcon(falcojr) wrote on 2022-06-10T21:20:05.758399+00:00

Created an ad hoc "test" that works with the cloud-init integration testing framework. This test uses the userdata from the bug description and then prints out the relevant section of the logs. The test file and test output are included in the attached tarball.

Note that tracebacks are seen in the logs, but both are expected. The type conversion traceback was the standard behavior before this bug was introduced, but module execution then continues. The web request traceback happens because the address isn't resolvable.
Launchpad attachments: test-artifacts.tar.gz

[ubuntu-server-builder]

Launchpad user Schmidt Zsolt(schmidtzsolti91) wrote on 2022-06-13T09:26:55.692855+00:00

Hi!

Tested by enabling proposed repositories.
Everything works as expected even with the "tries" parameter missing.
Thanks for the quick response.

Br:
Zsolt

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2022-06-14T16:51:25.741018+00:00

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~22.04.2

---

cloud-init (22.2-0ubuntu1~22.04.2) jammy; urgency=medium

• cherry-pick a2e6273: Fix cc_phone_home requiring 'tries' (Fix cc_phone_home requiring 'tries' (SC-1101) #1500)
  (LP: #1977952)

-- James Falcon james.falcon@canonical.com Thu, 09 Jun 2022 16:25:29 -0500

[ubuntu-server-builder]

Launchpad user Brian Murray(brian-murray) wrote on 2022-06-14T16:51:29.496791+00:00

The verification of the Stable Release Update for cloud-init has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2022-06-14T16:51:46.875177+00:00

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~21.10.2

---

cloud-init (22.2-0ubuntu1~21.10.2) impish; urgency=medium

• cherry-pick a2e6273: Fix cc_phone_home requiring 'tries' (Fix cc_phone_home requiring 'tries' (SC-1101) #1500)
  (LP: #1977952)

-- James Falcon james.falcon@canonical.com Thu, 09 Jun 2022 16:48:01 -0500

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2022-06-14T16:52:04.624037+00:00

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~20.04.2

---

cloud-init (22.2-0ubuntu1~20.04.2) focal; urgency=medium

• cherry-pick a2e6273: Fix cc_phone_home requiring 'tries' (Fix cc_phone_home requiring 'tries' (SC-1101) #1500)
  (LP: #1977952)

-- James Falcon james.falcon@canonical.com Thu, 09 Jun 2022 16:53:07 -0500

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2022-06-14T16:52:23.717435+00:00

This bug was fixed in the package cloud-init - 22.2-0ubuntu1~18.04.2

---

cloud-init (22.2-0ubuntu1~18.04.2) bionic; urgency=medium

• cherry-pick a2e6273: Fix cc_phone_home requiring 'tries' (Fix cc_phone_home requiring 'tries' (SC-1101) #1500)
  (LP: #1977952)

-- James Falcon james.falcon@canonical.com Thu, 09 Jun 2022 16:56:33 -0500

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2022-07-01T18:34:42.200978+00:00

This bug was fixed in the package cloud-init - 22.2-64-g1fcd55d6-0ubuntu1~22.10.1

---

cloud-init (22.2-64-g1fcd55d6-0ubuntu1~22.10.1) kinetic; urgency=medium

• d/control: add python3-debconf as Depends and Build-Depends
• d/gbp.conf d/gbp_format_changelog:
  • git-buildpackage customization for debian/changelog generation
• New upstream snapshot.
  • tests: mock dns lookup that causes long timeouts (tests: mock dns lookup that causes long timeouts #1555)
  • tox: add unpinned env for do_format and check_format (Add formating environments to tox for unpinned dependencies #1554)
  • cc_ssh_import_id: Substitute deprecated warn (cc_ssh_import_id: Substitute deprecated warn #1553)
    [Alberto Contreras]
  • Remove schema errors from log (Remove schema errors from log #1551) (LP: #1978422) (CVE-2022-2084)
  • Update WebHookHandler to run as background thread (SC-456) (Update WebHookHandler to run as background thread (SC-456) #1491)
    (LP: #1910552)
  • testing: Don't run custom cloud dir test on Bionic (testing: Don't run custom cloud dir test on Bionic (SC-1138) #1542)
  • bash completion: update schema command (Holmanb/completion schema fix #1543) (LP: #1979547)
  • CI: add non-blocking run against the linters tip versions (CI: add non-blocking run against the linters tip versions (SC-1119) #1531)
    [Paride Legovini]
  • Change groups within the users schema to support lists and strings
    (Change groups within the users schema to support lists and strings #1545) [RedKrieg]
  • make it clear which username should go in the contributing doc (doc: it isn't obvious which id to use on cla, fix it #1546)
  • Pin setuptools for Travis (SC-1136) (Pin setuptools for Travis (SC-1136) #1540)
  • Fix LXD datasource crawl when BOOT enabled (Fix LXD datasource crawl when BOOT enabled #1537)
  • testing: Fix wrong path in dual stack test (testing: Fix wrong path in dual stack test #1538)
  • cloud-config: honor cloud_dir setting (cloud-config: honor cloud_dir setting #1523) (LP: #1976564)
    [Alberto Contreras]
  • Add python3-debconf to pkg-deps.json Build-Depends (d/control: add python3-debconf to Build-Depends #1535)
    [Alberto Contreras]
  • redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
    (Centos copr builds udev #1536)
  • tests/azure: add test coverage for DisableSshPasswordAuthentication
    (tests/azure: add test coverage for DisableSshPasswordAuthentication #1534) [Chris Patterson]
  • summary: Add david-caro to the cla signers (Add dcaro to the cla signers #1527) [David Caro]
  • Add support for OpenMandriva (https://openmandriva.org/) (Add support for OpenMandriva #1520)
    [Bernhard Rosenkraenzer]
  • tests/azure: refactor ovf creation (tests/azure: refactor ovf creation #1533) [Chris Patterson]
  • Improve DataSourceOVF error reporting when script disabled (Rongz609 pr2976717 #1525)
    [rong]
  • tox: integration-tests-jenkins: softfail if only some test failed
    (tox: integration-tests-jenkins: softfail if only some test failed (SC-1117) #1528) [Paride Legovini]
  • CI: drop linters from Travis CI (moved to GH Actions) (CI: drop linters from Travis CI (moved to GH Actions) (SC-1118) #1530)
    [Paride Legovini]
  • sources/azure: remove unused encoding support for customdata (sources/azure: remove unused encoding support for customdata #1526)
    [Chris Patterson]
  • sources/azure: remove unused metadata captured when parsing ovf
    (sources/azure: remove unused metadata captured when parsing ovf #1524) [Chris Patterson]
  • sources/azure: remove dscfg parsing from ovf-env.xml (sources/azure: remove dscfg parsing from ovf-env.xml #1522)
    [Chris Patterson]
  • Remove extra space from ec2 dual stack crawl message (testing: update ec2 dual_stack test for new text (SC-1113) #1521)
  • tests/azure: use namespaces in generated ovf-env.xml documents (tests/azure: use namespaces in generated ovf-env.xml documents #1519)
    [Chris Patterson]
  • setup.py: adjust udev/rules default path (setup.py: adjust udev/rules default path #1513)
    [Emanuele Giuseppe Esposito]
  • Add python3-deconf dependency (Add python3-deconf dependency #1506) [Alberto Contreras]
  • Change match macadress param for network v2 config (Change match macadress param for network v2 config #1518)
    [Henrique Caricatti Capozzi]
  • sources/azure: remove unused userdata property from ovf (sources/azure: remove unused userdata property from ovf #1516)
    [Chris Patterson]
  • sources/azure: minor refactoring to network config generation (sources/azure: minor refactoring to network config generation #1497)
    [Chris Patterson]
  • net: Implement link-local ephemeral ipv6
  • Rename function to avoid confusion (Rename find_modules() to avoid confusion #1501)
  • Fix cc_phone_home requiring 'tries' (Fix cc_phone_home requiring 'tries' (SC-1101) #1500) (LP: #1977952)
  • datasources: replace networking functions with stdlib and
    cloudinit.net code
  • Remove xenial references (Remove xenial references #1472) [Alberto Contreras]
  • Oracle ds changes (Oracle ds changes #1474) (LP: #1967942) [Alberto Contreras]
  • improve runcmd docs (improve runcmd docs #1498)
  • add 3.11-dev to Travis CI (3.11 #1493)
  • Only run github actions on pull request (Only run github actions on pull request (SC-1094) #1496)
  • Fix integration test client creation (Fix integration test client creation #1494) [Alberto Contreras]
  • tox: add link checker environment, fix links (tox: add link checker environment, fix some links (SC-1087) #1480)
  • cc_ubuntu_advantage: Fix doc (cc_ubuntu_advantage: Fix doc #1487) [Alberto Contreras]
  • cc_yum_add_repo: Fix repo id canonicalization (cc_yum_add_repo: Fix repo id canonicalization #1489) (LP: #1975818)
    [Alberto Contreras]
  • Add linitio as contributor in the project (Add linitio as contributor in the project #1488) [Kevin Allioli]
  • net-convert: use yaml.dump for debugging python NetworkState obj
    (net-convert: use yaml.dump for debugging python NetworkState obj #1484) (LP: #1975907)
  • test_schema: no relative $ref URLs, replace $ref with local path
    (test_schema: no relative $ref URLs, replace $ref with local path #1486)
  • cc_set_hostname: do not write "localhost" when no hostname is given
    (cc_set_hostname: do not write "localhost" when no hostname is given #1453) [Emanuele Giuseppe Esposito]
  • Update .github-cla-signers (Add "rongz609" as contributor #1478) [rong]
  • schema: write_files defaults, versions $ref full URL and add vscode
    (schema: write_files defaults, versions $ref full URL and add vscode #1479)
  • docs: fix external links, add one more to the list (Holmanb/doc #1477)
  • doc: Document how to change module frequency (FAQ: How can I make a module run on every boot? #1481)
  • tests: bump pycloudlib (tests: bump pycloudlib #1482)
  • tests: bump pycloudlib pinned commit for kinetic Azure (tests: bump pycloudlib pinned commit for kinetic Azure #1476)
  • testing: fix test_status.py (testing: fix test_status.py #1475)
  • integration tests: If KEEP_INSTANCE = True, log IP (integration tests: If KEEP_INSTANCE = True, log IP (SC-1077) #1473)
  • Drop mypy excluded files (Drop mypy excluded files #1454) [Alberto Contreras]
  • Docs additions (Docs additions: #1470)
  • Add "formatting tests" to Github Actions
  • Remove unused arguments in function signature (Holmanb/sig #1471)
  • Changelog: correct errant classification of LP issues as GH (Changelog: correct errant classification of LP issues as GH #1464)
  • Use Network-Manager and Netplan as default renderers for RHEL and
    Fedora (Use Network-Manager and Netplan as default renderers for RHEL and Fedora #1465) [Emanuele Giuseppe Esposito]

-- James Falcon james.falcon@canonical.com Fri, 01 Jul 2022 10:07:15 -0500

[ubuntu-server-builder]

Launchpad user Brett Holman(holmanb) wrote on 2022-08-19T16:37:23.662042+00:00

This bug is believed to be fixed in cloud-init in version 22.3. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

[ubuntu-server-builder]

Launchpad user shixuantong(sxt1001) wrote on 2023-04-21T01:14:33.912703+00:00

What is the relationship between the current bug and CVE-2022-2084? I found out they were related.

https://launchpad.net/bugs/cve/CVE-2022-2084

[ubuntu-server-builder]

Launchpad user James Falcon(falcojr) wrote on 2023-04-21T01:50:08.501454+00:00

The CVE as added by mistake, likely because of the bot comment including the CVE number in a changelog description. I'm removing the link.