[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
*** This bug is a duplicate of bug 1870244 *** https://bugs.launchpad.net/bugs/1870244 Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: cloud-utils (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
*** This bug is a duplicate of bug 1870244 *** https://bugs.launchpad.net/bugs/1870244 ** This bug has been marked a duplicate of bug 1870244 ec2metadata does not speak EC2 IMDSv2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
The attachment "sample fix" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
https://github.com/fred-vogt/cloud- utils/blob/bug/1882389-IMDSv2-support/bin/ec2metadata -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
Tested on an 'm5d.large' EC2 instance in us-west-2. ** Patch added: "sample fix" https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+attachment/539/+files/ec2metadata-IMDSv2.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
** Description changed:
AWS EC2 Metadata Service v2 uses session tokens:
+
+ $ ec2metadata
+ Traceback (most recent call last):
+ File "/usr/bin/ec2metadata", line 249, in
+ main()
+ File "/usr/bin/ec2metadata", line 245, in main
+ display(metaopts, burl, prefix)
+ File "/usr/bin/ec2metadata", line 192, in display
+ value = m.get(metaopt)
+ File "/usr/bin/ec2metadata", line 177, in get
+ return self._get('meta-data/' + metaopt)
+ File "/usr/bin/ec2metadata", line 137, in _get
+ resp = urllib_request.urlopen(urllib_request.Request(url))
+ File "/usr/lib/python3.8/urllib/request.py", line 222, in urlopen
+ return opener.open(url, data, timeout)
+ File "/usr/lib/python3.8/urllib/request.py", line 531, in open
+ response = meth(req, response)
+ File "/usr/lib/python3.8/urllib/request.py", line 640, in http_response
+ response = self.parent.error(
+ File "/usr/lib/python3.8/urllib/request.py", line 569, in error
+ return self._call_chain(*args)
+ File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
+ result = func(*args)
+ File "/usr/lib/python3.8/urllib/request.py", line 649, in http_error_default
+ raise HTTPError(req.full_url, code, msg, hdrs, fp)
+ urllib.error.HTTPError: HTTP Error 401: Unauthorized
Basic flow: obtain a session token with a PUT request
IMDSv2_TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 30" -sL
"http://169.254.169.254/latest/api/token;)
IMDSv2_HEADER="-H X-aws-ec2-metadata-token:${IMDSv2_TOKEN}"
Send the session token when querying
curl -fs $IMDSv2_HEADER http://169.254.169.254/latest/.../
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1882389
Title:
ec2metadata doesn't support AWS EC2 IMDSv2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
For reference here is a patched version of `apt-transport-s3`: https://github.com/fred-vogt/apt-transport-s3/commit/a6f9e35932cec7083b2e18f78a779a32c2d7d907 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1882389] Re: ec2metadata doesn't support AWS EC2 IMDSv2
Oops. Didn't file the bug correctly. I've looked into the locating the sources for the package / python script. https://git.launchpad.net/cloud-utils/tree/bin/ec2metadata Indeed this doesn't have support for IMDSv2 session tokens. This github gist has support for it: https://gist.github.com/fred-vogt/9c2e773fdacf12e71260c71e7fd17e68 I'll submit a patch shortly. ** Summary changed: - cloud-guest-utils ec2metadata doesn't support AWS EC2 IMDSv2 + ec2metadata doesn't support AWS EC2 IMDSv2 ** Project changed: launchpad => cloud-utils (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1882389 Title: ec2metadata doesn't support AWS EC2 IMDSv2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-utils/+bug/1882389/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
