Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7278

[RHEL-8]Launching EC2 Instance in IPv6-Only subnet leads to unreachable instance

    • cloud-init-23.4-1.el8
    • None
    • Impediment
    • None
    • rhel-sst-virtualization-cloud
    • ssg_virtualization
    • None
    • QE ack
    • True
    • Hide

      Blocked on rebase to version 23.4

      Show
      Blocked on rebase to version 23.4
    • None
    • None
    • Enhancement
    • Hide
      .RHEL instances on EC2 now support IPv6 IMDS connections

      With this update, RHEL 8 and 9 instances on Amazon Elastic Cloud Compute (EC2) can use the IPv6 protocol to connect to Instance Metadata Service (IMDS). As a result, you can configure RHEL instances with `cloud-init` on EC2 with a dual-stack IPv4 and IPv6 connection. In addition, you can launch EC2 instances of RHEL with `cloud-init` in IPv6-only subnet.
      Show
      .RHEL instances on EC2 now support IPv6 IMDS connections With this update, RHEL 8 and 9 instances on Amazon Elastic Cloud Compute (EC2) can use the IPv6 protocol to connect to Instance Metadata Service (IMDS). As a result, you can configure RHEL instances with `cloud-init` on EC2 with a dual-stack IPv4 and IPv6 connection. In addition, you can launch EC2 instances of RHEL with `cloud-init` in IPv6-only subnet.
    • Done
    • None

      Description of problem:

      Launching a CentOS Stream/RHEL machine in AWS into an IPv6-Only subnet results in an unusable instance due to missing ipv4 routes.

      Support was added in cloud-init by this commit: https://github.com/canonical/cloud-init/pull/1160/

      I rebased the patch against EL8 here: https://git.rockylinux.org/sig/cloud/patch/cloud-init/-/blob/r8/ROCKY/_supporting/9998-Add-Ec2-IPV6-IMDS.patch

      There were three total chunks which failed to apply cleanly; two of them were in tests and trivial to fix. One patch for cloudinit/url_helper.py needed to be rebased slightly to match the EL8 source.

      Version-Release number of selected component (if applicable): 22.1-5.el8

      How reproducible:
      Always

      Steps to Reproduce:

      1) Create a VPC with and IPv6 CIDR block (using either your own or Amazon's IPv6 address space)
      2) Create an IPv6 only subnet by creating a new subnet and checking the "IPv6 Only" box
      3) Create a Rocky Linux instance and associate it with the IPv6 capable VPC and the IPv6-only subnet.
      4) After approximately 10 minutes, the instance will complete the boot process, but will have "1/2 checks passed" in the "Status Check" column, and "Instance reachability check failed" in the "Status Check" tab of the instance details section.
      5) The box will not be connected to the network

      Actual results:

      System reports the following during boot, and is unreachable once cloud-init times out due the failure.

      [ 12.865186] cloud-init[899]: 2022-09-12 20:05:50,230 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/latest/api/token' failed [0/120s]: request error [HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /latest/api/token (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fe4404f8128>: Failed to establish a new connection: [Errno 101] Network is unreachable',))]
      [ 13.648505] cloud-init[899]: 2022-09-12 20:05:51,234 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/latest/api/token' failed [1/120s]: request error [HTTPConnectionPool(host='169.254.169.254', port=80): Max retries exceeded with url: /latest/api/token (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fe4404f8a20>: Failed to establish a new connection: [Errno 101] Network is unreachable',))]

      These messages repeat many times before the final error messages:

      [ 131.835862] cloud-init[899]: 2022-09-12 20:07:49,433 - url_helper.py[WARNING]: Calling 'http://169.254.169.254/latest/api/token' failed [119/120s]: unexpected error [Attempted to set connect timeout to 0.0, but the timeout cannot be set to a value less than or equal to 0.]
      [ 138.843417] cloud-init[899]: 2022-09-12 20:07:56,440 - DataSourceEc2.py[WARNING]: IMDS's HTTP endpoint is probably disabled

      Expected results:

      Cloud-Init connects successfully to the EC2 metadata service and

      Additional info:

      Originally filed at https://bugs.rockylinux.org/view.php?id=279 - Verified on Rocky, Alma, CentOS Stream, and RHEL AMIs.

              rh-ee-anisinha Ani Sinha
              neilhanlon Neil Hanlon
              Ani Sinha Ani Sinha
              Amy Chen Amy Chen
              Jiří Herrmann Jiří Herrmann
              Votes:
              1 Vote for this issue
              Watchers:
              20 Start watching this issue

                Created:
                Updated:
                Resolved: