** Description changed: + === Begin SRU Information === + [Impact] + * If a user launches an cloud-image in an environment where the DNS + server does DNS redirection (also known as DNS hijacking), then the + system will configure itself to use a mirror at + http://ubuntu-mirror/ubuntu . + + This behavior was by design in cloud-init. It was intended to allow + a cloud provider to set up a mirror at 'ubuntu-mirror' and have + cloud-init select the mirror transparently. However, this causes + failure if dns hijacking ins being used. + + * The fix is two fold: + a.) cloud-init's code that checks for DNS entries is now protected + by logic that detects the dns hijacking and does not consider + such entries as valid. + b.) the selection of the "search dns for 'ubuntu-mirror'" behavior + has been disabled by default. + + [Test Case] + * download cloud image from cloud-images.ubuntu.com, and convert for use + $ url="http://cloud-images.ubuntu.com/server/releases/precise/release-20121026.1/"; + $ wget "$url/ubuntu-12.04-server-cloudimg-i386-disk1.img" -O disk.img.orig + $ qemu-img convert -O raw disk.img.orig disk.raw.dist + + * have *some* way to add 'ubuntu-mirror' to the dns for kvm guests (or + just have a service provider that uses dns hijacking) + + I used dnsmasq on a server system, and can control this by adding entries + to /etc/hosts. You need to be able to configure your system such + that 'host ubuntu-mirror' returns something: + $ host ubuntu-mirror + ubuntu-mirror has address 192.168.1.1 + + * boot kvm guest (cloud-localds from 12.10 cloud-utils) + $ qemu-img create -f qcow2 disk.img disk.raw.dist + # this user-data just sets password so you can log in + $ cat user-data.txt + #cloud-config + password: passw0rd + chpasswd: { expire: False } + ssh_pwauth: True + + $ cloud-localds seed.img user-data.txt + $ kvm -m 512 -curses -drive file=seed.img,if=virtio \ + -drive file=disk.img,if=virtio + + * login and see problem. + looking at sources.list will show 'ubuntu-mirror' entry + + [Regression Potential] + * A regression is possible due to this designed change in behavior. If + someone was expecting the 'ubuntu-mirror' mirror to be automatically + located they will subsequently have to take different means to + accomplish this. That can be either: + a.) modifying the image to set 'apt_mirror_search_dns: true' + b.) doing 'a' through user-data user-data + * The change made in quantal was tested for regression as described in + comment 5 below. + + [Other Info] + * The changes here also enable 2 other fixes + * allowing region/availability-zone to be part of mirror (bug 1037727) + * making mirror selection arch aware (bug #1028501) + + === End SRU Information === + + + === original bug report === Hi, I have Rogers as an ISP in the great white north, and use their DNS servers. However they run DNS redirectors so that when you get a bad domain then it does bogus things to the hostname. Anyways this resolves in unresovalble hosts in my /etc/apt/sources.list when Im running an openstack instance. ubuntu@server-5:/var/log$ host nov.ec2.archive.ubuntu.com nov.ec2.archive.ubuntu.com has address 8.15.7.107 nov.ec2.archive.ubuntu.com has address 63.251.179.17 Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN) Host nov.ec2.archive.ubuntu.com not found: 3(NXDOMAIN) The console output is the following: http://paste.ubuntu.com/916324/ If you have any questions please let me know. Regards chuck
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/974509 Title: cloud-init selects wrong mirror with dns server redirection To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/974509/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
