Bug#954363: cloud-init fails to obtain an IMDS API token on Amazon EC2
Package: cloud-init
Version: 20.1-1
Severity: important
Cloud-init 20.1 attempts to obtain an API token for use with Amazon EC2
instance metadata service (IMDS). On EC2, this operation should always
succeed, whether using IMDSv1 or v2, and cloud-init will always access
IMDS in v2 mode. However, this fails on EC2:
2020-03-20 18:25:10,331 - DataSourceEc2.py[DEBUG]: Fetching Ec2 IMDSv2 API Token
2020-03-20 18:25:10,332 - url_helper.py[DEBUG]: [0/1] open 'http://169.254.169.254/latest/api/token' with {'url': 'http://169.254.169.254/latest/api/token', 'allow_redirects': True, 'method': 'PUT', 'timeout': 1.0, 'headers': {'User-Agent': 'Cloud-Init/20.1', 'X-aws-ec2-metadata-token-ttl-seconds': 'REDACTED'}} configuration
2020-03-20 18:25:10,336 - url_helper.py[DEBUG]: Read from http://169.254.169.254/latest/api/token (400, 0b) after 1 attempts
2020-03-20 18:25:10,336 - DataSourceEc2.py[WARNING]: Calling 'http://169.254.169.254/latest/api/token' failed [0/1s]: empty response [400]
2020-03-20 18:25:10,344 - url_helper.py[DEBUG]: Please wait 1 seconds while we wait to try again
With 20.1, cloud-init will fall back to using IMDSv1 in this case, but
this behavior will change in future versions, which will always use v2
mode (it is backwards-compatible with v1), and only use v1 mode for
compatibility with non-AWS services providing IMDS-compatible metadata
endpoints.
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-4-cloud-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cloud-init depends on:
ii fdisk 2.34-0.1
ii gdisk 1.0.5-1
ii ifupdown 0.8.35+b1
ii locales 2.30-2
ii lsb-base 11.1.0
ii lsb-release 11.1.0
ii net-tools 1.60+git20180626.aebd88e-1
ii procps 2:3.3.16-4
ii python3 3.8.2-1
ii python3-configobj 5.0.6-3
ii python3-jinja2 2.10.1-2
ii python3-jsonpatch 1.23-3
ii python3-jsonschema 3.0.2-4
ii python3-oauthlib 3.1.0-1
ii python3-requests 2.22.0-2
ii python3-six 1.14.0-2
ii python3-yaml 5.3.1-1
ii util-linux 2.34-0.1
Versions of packages cloud-init recommends:
ii cloud-guest-utils 0.31-1
pn eatmydata <none>
ii sudo 1.8.31-1
Versions of packages cloud-init suggests:
pn btrfs-progs <none>
ii e2fsprogs 1.45.5-2
pn xfsprogs <none>
-- debconf information:
* cloud-init/datasources: Ec2
Reply to: