View Issue Details

IDProjectCategoryView StatusLast Update
0006239Kali LinuxGeneral Bugpublic2020-04-22 14:33
Reporterananke Assigned Torhertzog  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2020.1 
Fixed in Version2020.2 
Summary0006239: cloud-init in Kali AWS image persists in 'running' state
Description

Hello,

We're trying to leverage cloud-init's ability to report whether a given EC2 instance is running and all configuration changes took place. However, both Kali 2019.03 and 2020.01 are displaying the same behavior: 'cloud-init status' shows 'running' state, so 'cloud-init status --wait' never completes.

Steps To Reproduce
  1. Start a new Kali 2020.01 ec2 instance
  2. Wait until SSH service is accessible, connect to the system
  3. Run 'cloud-init status'. Normal boot should result in: 'status: done', Kali returns 'status: running'
Additional Information

First Kali boot also results in a long timeout:

root@kali:~# cloud-init analyze blame
-- Boot Record 01 --
     51.15300s (init-local/search-Ec2Local)
     00.75200s (init-network/config-growpart)
     00.49100s (init-network/config-users-groups)
     00.42600s (init-network/config-ssh)
     00.15800s (init-network/config-resizefs)
     00.00300s (init-network/consume-user-data)
     00.00300s (init-network/check-cache)
     00.00200s (init-network/config-timezone)
     00.00100s (init-network/config-write-files)
     00.00100s (init-network/config-update_hostname)
     00.00100s (init-network/config-set_hostname)
     00.00100s (init-network/config-seed_random)
     00.00100s (init-network/config-rsyslog)
     00.00100s (init-network/config-migrator)
     00.00100s (init-network/config-ca-certs)
     00.00100s (init-network/activate-datasource)
     00.00000s (init-network/setup-datasource)
     00.00000s (init-network/consume-vendor-data)
     00.00000s (init-network/config-update_etc_hosts)
     00.00000s (init-network/config-bootcmd)
     00.00000s (init-local/check-cache)

The 'running' status may be related to cloud-init waiting for 'network-online.target' to complete.

Thank you in advance!

Activities

ananke

ananke

2020-03-30 16:39

reporter   ~0012569

More information: it appears that both cloud-config.service and cloud-final.service are disabled, thus rendering cloud-init half usable. That's likely the root cause here, which begs the question: why are those disabled in the official AMIs?

rhertzog

rhertzog

2020-03-30 20:26

administrator   ~0012570

I updated the default systemd presets in base-files to allow for the cloud-init service to run by default.

This is in base-files 1:2020.2.0. Hopefully this will help. But I'm not sure if cloud-init has a good default behaviour on Kali.

ananke

ananke

2020-03-30 20:39

reporter   ~0012571

Thanks! Cloud-init is de-facto the standard approach for all distributions on AWS, so having it configured and running properly would be a good idea. Ubuntu, Debian, CentOS, and other major have good examples of working cloud-init in their official AMIs. There are other problems that we've been able to identify with the assistance of cloud-init developers, which probably should be addressed at this point:

1) There are three services that need to be enabled:

cloud-init-local.service
cloud-config.service
cloud-final.service

2) Currently cloud-init support for apt assumes presence of 'security' repository, which Kali doesn't have. As a result, starting cloud-config.service breaks because /etc/cloud/cloud.cfg has the following:

   package_mirrors:
     - arches: [default]
       failsafe:
         primary: http://http.kali.org/kali

Cloud-init developers suggested the following workaround, which we've tested and it works:

  package_mirrors:
    - arches: [default]
      failsafe:
        primary: http://http.kali.org/kali
        security: http://http.kali.org/kali

3) This one is less important, but it appears that during the build stage Kali creates user 'kali'. With cloud-init that's typically accomplished via the existing /etc/cloud/cloud.cfg section:

system_info:
   # This will affect which distro class gets used
   distro: debian
   # Default user name + that default users groups (if added/used)
   default_user:
     name: ec2-user
     lock_passwd: True
     gecos: Debian
     groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video]
     sudo: ["ALL=(ALL) NOPASSWD:ALL"]
     shell: /bin/bash

The existing current setup means the user 'kali' is present at uid 1000, so cloud-init creates another user 'ec2-user' with uid 1001. To follow the convention of the rest of AWS AMIs, there would be no need to create the user 'kali', and just letting cloud-init create an appropriate user. This way consumers can override it easily with user-data.

Thank you so much for your help with this!

rhertzog

rhertzog

2020-04-22 14:33

administrator   ~0012664

I have added a new /etc/cloud/cloud.cfg.d/20_kali.cfg with the appropriate configuration and this package will be installed in the next AMI so that should fix this.

see https://gitlab.com/kalilinux/packages/kali-defaults/-/commit/95cbe90c8c20f9b94c9ad5e569777b3bd12b0596

Issue History

Date Modified Username Field Change
2020-03-30 15:13 ananke New Issue
2020-03-30 16:39 ananke Note Added: 0012569
2020-03-30 20:26 rhertzog Note Added: 0012570
2020-03-30 20:26 rhertzog Assigned To => rhertzog
2020-03-30 20:26 rhertzog Status new => assigned
2020-03-30 20:39 ananke Note Added: 0012571
2020-04-22 14:33 rhertzog Status assigned => resolved
2020-04-22 14:33 rhertzog Resolution open => fixed
2020-04-22 14:33 rhertzog Fixed in Version => 2020.2
2020-04-22 14:33 rhertzog Note Added: 0012664