1
diff --git a/debian/changelog b/debian/changelog
2
index 6e04bd0..eaa086d 100644
3
--- a/debian/changelog
4
+++ b/debian/changelog
5
@@ -1,3 +1,17 @@
6
1
hibagent (1.0.1-0ubuntu1.20.04.2) focal; urgency=medium
7
2
8
3
  * Use imdsv2 and do nothing if ODH is configured (LP: #2043739).
9
4
    - d/p/disable-hibernate-test.patch: disable a test that only works on an
10
5
      actual EC2 instance.
11
6
    - d/p/use-imdsv2: use IMDSv2 instead of IMDSv1. This is important because
12
7
      IMDSv1 is an insecure protocol.
13
8
    - d/control: add python3-requests as Depends.
14
9
    - d/p/do-nothing-if-ODH-is-configured.patch: do nothing if ODH is configured
15
10
      this fixes an issue when this package and ec2-hibinit-agent are installed
16
11
      and configured at the same time.
17
12
18
13
 -- Mitchell Dzurick <mitchell.dzurick@canonical.com>  Thu, 16 Nov 2023 16:19:12 -0700
19
14
20
1
hibagent (1.0.1-0ubuntu1.20.04.1) focal; urgency=medium
15
hibagent (1.0.1-0ubuntu1.20.04.1) focal; urgency=medium
21
2
16
22
3
  * d/p/lp1896638-set-resume-device-by-partition-uuid: Set resume device
17
  * d/p/lp1896638-set-resume-device-by-partition-uuid: Set resume device
23
diff --git a/debian/control b/debian/control
24
index 25d37a7..74f1d40 100644
25
--- a/debian/control
26
+++ b/debian/control
27
@@ -7,6 +7,7 @@ Build-Depends: debhelper (>= 9),
28
7
               dh-python,
7
               dh-python,
29
8
               python3-all,
8
               python3-all,
30
9
               python3-pytest,
9
               python3-pytest,
31
10
               python3-requests,
32
10
               python3-setuptools
11
               python3-setuptools
33
11
Standards-Version: 3.9.6
12
Standards-Version: 3.9.6
34
12
X-Python3-Version: >= 3.3
13
X-Python3-Version: >= 3.3
35
diff --git a/debian/patches/disable-hibernate-test.patch b/debian/patches/disable-hibernate-test.patch
36
13
new file mode 100644
14
new file mode 100644
37
index 0000000..9e3c5e7
38
--- /dev/null
39
+++ b/debian/patches/disable-hibernate-test.patch
40
@@ -0,0 +1,18 @@
41
1
IDescription: Skip test needing EC2 instance
42
2
 The polling test now actually needs to be run on an EC2 instance as it tries
43
3
 to contact an HTTP endpoint on a hardcoded link-local IP that matches the monitoring
44
4
 system at AWS. We don't have this in our builders or autopkgtests.
45
5
Author: Simon Chopin <schopin@ubuntu.com>
46
6
Last-Update: 2023-02-16
47
7
---
48
8
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
49
9
--- a/test/hibagent_test.py
50
10
+++ b/test/hibagent_test.py
51
11
@@ -261,6 +261,7 @@
52
12
         except:
53
13
             pass
54
14
 
55
15
+    @unittest.skip("can only run on an actual EC2 instance")
56
16
     def test_itn_polls(self):
57
17
         fi = FakeInitializer()
58
18
         poller = hibagent.ItnPoller("http://localhost:%d/blah" % self.server.port,
59
diff --git a/debian/patches/do-nothing-if-ODH-is-configured.patch b/debian/patches/do-nothing-if-ODH-is-configured.patch
60
0
new file mode 100644
19
new file mode 100644
61
index 0000000..8be4ec2
62
--- /dev/null
63
+++ b/debian/patches/do-nothing-if-ODH-is-configured.patch
64
@@ -0,0 +1,77 @@
65
1
Description: Update the Spot hibernate agent to do nothing if ODH is configured
66
2
Author: Jeongin Cho <achojeon@amazon.com>
67
3
Origin: upstream, https://github.com/aws/ec2-hibernate-linux-agent/commit/2ee4ae3fd1333fb3c9aab25bf02b109c3b7b8d9f
68
4
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/hibagent/+bug/2043739
69
5
Last-Update: 2023-11-16
70
6
---
71
7
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
72
8
--- a/agent/hibagent
73
9
+++ b/agent/hibagent
74
10
@@ -18,6 +18,7 @@
75
11
 import struct
76
12
 import sys
77
13
 import syslog
78
14
+import requests
79
15
 from subprocess import check_call, check_output
80
16
 from threading import Thread
81
17
 from math import ceil
82
18
@@ -39,6 +40,9 @@
83
19
 log_to_syslog = True
84
20
 log_to_stderr = True
85
21
 
86
22
+IMDS_BASEURL = 'http://169.254.169.254'
87
23
+IMDS_API_TOKEN_PATH = 'latest/api/token'
88
24
+IMDS_SPOT_ACTION_PATH = 'latest/meta-data/hibernation/configured'
89
25
 
90
26
 def log(message):
91
27
     if log_to_syslog:
92
28
@@ -511,6 +515,37 @@
93
29
         log("Failed to adjust pm_freeze_timeout to %d. Error: %s" % (timeout, str(e)))
94
30
         exit(1)
95
31
 
96
32
+def get_imds_token(seconds=21600):
97
33
+    """ Get a token to access instance metadata. """
98
34
+    log("Requesting new IMDSv2 token.")
99
35
+    request_header = {'X-aws-ec2-metadata-token-ttl-seconds': '{}'.format(seconds)}
100
36
+    token_url = '{}/{}'.format(IMDS_BASEURL, IMDS_API_TOKEN_PATH)
101
37
+    response = requests.put(token_url, headers=request_header)
102
38
+    response.close()
103
39
+    if response.status_code != requests.codes.ok:
104
40
+        return None
105
41
+
106
42
+    return response.text
107
43
+
108
44
+def hibernation_enabled():
109
45
+    """Returns a boolean indicating whether hibernation-option.configured is enabled or not."""
110
46
+
111
47
+    imds_token = get_imds_token()
112
48
+    if imds_token is None:
113
49
+        log("IMDS_V2 http endpoint is disabled")
114
50
+        # IMDS http endpoint is disabled
115
51
+        return False
116
52
+
117
53
+    request_header = {'X-aws-ec2-metadata-token': imds_token}
118
54
+    response = requests.get("{}/{}".format(IMDS_BASEURL, IMDS_SPOT_ACTION_PATH),
119
55
+                 headers=request_header)
120
56
+    response.close()
121
57
+    if response.status_code != requests.codes.ok or response.text.lower() == "false":
122
58
+        return False
123
59
+
124
60
+    log("Hibernation Configured Flag found")
125
61
+
126
62
+    return True
127
63
 
128
64
 def main():
129
65
     # Parse arguments
130
66
@@ -550,6 +585,11 @@
131
67
 
132
68
     log("Effective config: %s" % config)
133
69
 
134
70
+    # Let's first check if we need to kill the Spot Hibernate Agent
135
71
+    if hibernation_enabled():
136
72
+        log("Spot Instance Launch has enabled Hibernation Configured Flag. hibagent exiting!!")
137
73
+        exit(0)
138
74
+
139
75
     target_swap_size = config.swap_mb * 1024 * 1024
140
76
     ram_bytes = os.sysconf('SC_PAGE_SIZE') * os.sysconf('SC_PHYS_PAGES')
141
77
     swap_percentage_size = ram_bytes * config.swap_percentage // 100
142
diff --git a/debian/patches/series b/debian/patches/series
143
index 68b33b1..e3435d5 100644
144
--- a/debian/patches/series
145
+++ b/debian/patches/series
146
@@ -8,3 +8,6 @@ add-lsb-init-info.patch
147
8
fix-enable-ec2-spot-hibernation.patch
8
fix-enable-ec2-spot-hibernation.patch
148
9
lp1896638-set-resume-device-by-partition-uuid.patch
9
lp1896638-set-resume-device-by-partition-uuid.patch
149
10
lp2013336-do-not-modify-GRUB-config-on-GRUB2-systems.patch
10
lp2013336-do-not-modify-GRUB-config-on-GRUB2-systems.patch
150
11
use-imdsv2.patch
151
12
do-nothing-if-ODH-is-configured.patch
152
13
disable-hibernate-test.patch
153
diff --git a/debian/patches/use-imdsv2.patch b/debian/patches/use-imdsv2.patch
154
11
new file mode 100644
14
new file mode 100644
155
index 0000000..6c91a91
156
--- /dev/null
157
+++ b/debian/patches/use-imdsv2.patch
158
@@ -0,0 +1,44 @@
159
1
Description: IMDS V2 updates
160
2
Author: shivasan@ <shivasan@amazon.com>
161
3
Origin: upstream, https://github.com/aws/ec2-hibernate-linux-agent/commit/559558f28de4456f14b38539eed967df6e1f9217
162
4
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/hibagent/+bug/2043739
163
5
Last-Update: 2023-11-16
164
6
---
165
7
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
166
8
--- a/agent/hibagent
167
9
+++ b/agent/hibagent
168
10
@@ -315,16 +315,28 @@
169
11
 
170
12
     def poll_for_termination(self):
171
13
         # noinspection PyBroadException
172
14
-        response = None
173
15
+        response1 = None
174
16
+        response2 = None
175
17
         try:
176
18
-            response = urlopen(self.url)
177
19
-            res_str = response.read()
178
20
-            return b"hibernate" in res_str
179
21
+            request1 = Request("http://169.254.169.254/latest/api/token")
180
22
+            request1.add_header('X-aws-ec2-metadata-token-ttl-seconds', '21600')
181
23
+            request1.get_method = lambda:"PUT"
182
24
+            response1 = urlopen(request1)
183
25
+
184
26
+            token = response1.read()
185
27
+
186
28
+            request2 = Request(self.url)
187
29
+            request2.add_header('X-aws-ec2-metadata-token', token)
188
30
+            response2 = urlopen(request2)
189
31
+            res = response2.read()
190
32
+            return b"hibernate" in res
191
33
         except:
192
34
             return False
193
35
         finally:
194
36
-            if response:
195
37
-                response.close()
196
38
+            if response1:
197
39
+                response1.close()
198
40
+            if response2:
199
41
+                response2.close()
200
42
 
201
43
     def do_hibernate(self):
202
44
         log("Attempting to hibernate")
Reviewer	Review Type	Date Requested	Status
git-ubuntu import		2023-11-17	Pending
Review via email: mp+455813@code.launchpad.net