If IMDSv2 is available from EC2 metadata, use it automatically.#13
If IMDSv2 is available from EC2 metadata, use it automatically.#13jepio merged 2 commits intoflatcar:flatcar-masterfrom
Conversation
|
This PR is basically equivalent to flatcar/ignition@585c029. |
|
Here's the go 1.18 upgrade: #14. |
In Flatcar we build this with go 1.18, and the following env variables set: But if we're touching the code then I'm happy to get this upgraded to normal modules. I've merged your other PR #14 , and am hoping to get github actions CI working in #16. |
|
Thanks for the quick turnaround! I'm still trying to get this running to test it manually - I haven't built a flatcar image with modified components before, and I'm on an M1 Mac which means the dev images aren't quite working right for me - lots of shared libraries that won't load - but I'll get back to you as fast as I can. |
|
Oh, funny, it's literally you who made that possible: flatcar/Flatcar#319 (comment). :) Thanks! |
|
Sure, why don't I try that. Thank you! |
|
It is building and running correctly now in arm64 on AWS - let me see if I can get it to cross-compile for amd64, too, while I'm at it. After all, almost everyone's using amd64 on AWS, not a lot of Graviton use relative to regular ol' CPUs just yet. |
|
Looks like you have that working in #16 - I'll rebase this onto that and check if it compiles. |
|
Yep, looks like it does. |
This pulls in these PRs: - flatcar/coreos-cloudinit#13 (imdsv2) - flatcar/coreos-cloudinit#14 (go.mod) Since go.mod is now present, rework the ebuild to remove unused bits and enable go module support.
|
I'm running integration tests in the coreos-overlay PR, will merge this as soon as those pass. |
This pulls in these PRs: - flatcar/coreos-cloudinit#13 (imdsv2) - flatcar/coreos-cloudinit#14 (go.mod) Since go.mod is now present, rework the ebuild to remove unused bits and enable go module support.
This pulls in these PRs: - flatcar/coreos-cloudinit#13 (imdsv2) - flatcar/coreos-cloudinit#14 (go.mod) Since go.mod is now present, rework the ebuild to remove unused bits and enable go module support.
This pulls in these PRs: - flatcar/coreos-cloudinit#13 (imdsv2) - flatcar/coreos-cloudinit#14 (go.mod) Since go.mod is now present, rework the ebuild to remove unused bits and enable go module support.
Use IMDSv2 if available.
AWS's IMDSv2 requires a token which you can fetch from the IMDS itself. If it's available, we'll fetch it and use it - if it's not, we'll revert to the previous behavior. This should be viable for both IMDSv1 and IMDSv2.
Little caveat: as it stands, if cloudinit runs for more than 6 hours, we'll wind up using an expired token. At the cost of somewhat more complex code, I can fix that - let me know.
Fixes flatcar/Flatcar#787.
How to use
Start any flatcar EC2 instance with only IMDSv2 enabled - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. If cloudinit works, this patch works. :)
Testing done
This has been pretty tricky since I can't get go 1.6 installed and this no longer builds with modern go. If you'd accept some patches to update to go 1.18, let me know - I'd be happy to add that in. Otherwise, I'm hoping to use existing CI to test.
changelog/directory (user-facing change, bug fix, security fix, update)