diff options
| author | Chad Smith <chad.smith@canonical.com> | 2020-03-05 17:38:28 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-03-05 17:38:28 -0700 |
| commit | 1f860e5ac7ebb5b809c72d8703a0b7cb3e84ccd0 (patch) | |
| tree | 0ba9d804209eeecde0b87f0c68df76e6516056c8 /doc/rtd/topics/instancedata.rst | |
| parent | fa639704f67539d9c1d8668383f755cb0213fd4a (diff) | |
| download | vyos-cloud-init-1f860e5ac7ebb5b809c72d8703a0b7cb3e84ccd0.tar.gz vyos-cloud-init-1f860e5ac7ebb5b809c72d8703a0b7cb3e84ccd0.zip | |
ec2: Do not fallback to IMDSv1 on EC2 (#216)
The EC2 Data Source needs to handle 3 states of the Instance
Metadata Service configured for a given instance:
1. HttpTokens : optional & HttpEndpoint : enabled
Either IMDSv2 or IMDSv1 can be used.
2. HttpTokens : required & HttpEndpoint : enabled
Calls to IMDS without a valid token (IMDSv1 or IMDSv2 with expired token)
will return a 401 error.
3. HttpEndpoint : disabled
The IMDS http endpoint will return a 403 error.
Previous work to support IMDSv2 in cloud-init handled case 1 and case 2.
This commit handles case 3 by bypassing the retry block when IMDS returns HTTP
status code >= 400 on official AWS cloud platform.
It shaves 2 minutes when rebooting an instance that has its IMDS http token endpoint
disabled but creates some inconsistencies. An instance that doesn't set
"manual_cache_clean" to "True" will have its /var/lib/cloud/instance symlink
removed altogether after it has failed to find a datasource.
Diffstat (limited to 'doc/rtd/topics/instancedata.rst')
0 files changed, 0 insertions, 0 deletions