Keypair cannot be retrieved when an outscale_vm declared a tag which contains the symbol "/" in the key

aboulay commented 5 months ago

Hi team,

We found a problem with the outscale_vm creation behavior when the machine contains a tag with the "/" in the key. Here is more information about this:

Terraform Version

terraform 1.5.4
on linux_amd64
+ provider registry.terraform.io/hashicorp/time v0.10.0
+ provider registry.terraform.io/outscale/outscale v0.10.0

Terraform Configuration Files

We are currently trying to create an outscale_vm with a tag which contains a "/" symbol inside its key. We are in the eu-west-2 region.

resource "outscale_vm" "this" {
  image_id     = "ami-92fd685b" # debian-11 official image from https://docs.outscale.com/en/userguide/Debian-11-2023.11.17-0.html
  vm_type      = "tinav5.c12r32p2"
  keypair_name = "my-keypair"
  subnet_id          = "subnet-XXXXXXX"
  security_group_ids = ["sg-XXXXXXX"]
  tags {
    key   = "a/b"
    value = "ab"
  }
}

Debug Output

N/A

Crash Output

From the Cockpit Vm output interface:

<...>
[   25.931930] device-mapper: uevent: version 1.0.3
[   25.933142] device-mapper: ioctl: 4.43.0-ioctl (2020-10-01) initialised: dm-devel@redhat.com
[[0;32m  OK  [0m] Finished [0;1;39mApply the settings specified in cloud-config[0m.
         Starting [0;1;39mExecute cloud user/final scripts[0m...
[   27.262286] cloud-init[734]: Cloud-init v. 20.4.1 running 'modules:final' at Thu, 25 Jan 2024 16:24:48 +0000. Up 27.22 seconds.
ci-info: no authorized SSH keys fingerprints found for user outscale.
[   27.294031] cloud-init[734]: ci-info: no authorized SSH keys fingerprints found for user outscale.
<14>Jan 25 16:24:48 ec2: 
<14>Jan 25 16:24:48 ec2: #############################################################
<14>Jan 25 16:24:48 ec2: -----BEGIN SSH HOST KEY FINGERPRINTS-----
<...>

Expected Behavior

The SSH key should be handled by the cloud-init and we should be able to connect to the instance with SSH.

Actual Behavior

The SSH connection is blocked because the SSH key cannot be retrieved during the cloud-init step.

Steps to Reproduce

Setup a keypair in your account
Setup a security group (with an SSH account) and subnet in the code. The instance should have a public IP.
terraform init
terraform apply
try to connect with SSH to the instance

Normally, you should not be able to connect with the instance. If you check the output logs of the instance, you should see the log in the Crash Output.

Additional Context

After investigation, we find the main cause of this happens only when the tag which contains the symbol "/" is created during the cloud-init execution. If the tag is created after, this does not make any problem.

Initially, we were following the Kubernetes CCM documentation for Outscale and we found this after execution and investigation. It is probably due to the assign tags which is done directly after the VM creation query.

This cannot be done directly from the interface because the UI does not permits to have tags on the instance with the "Create VM" flow.

References

We don't find any issues related to this problem (open or closed)

outscale-mdr commented 5 months ago

Hello @aboulay,

Thank you for reaching us.

This issue is a bug but not on the terraform provider, on the metadata server. We have contributed to cloud-init to fix the crash when retrieving the metadata. You can find what we did here cloud-init#1686. The fix is available in the 22.4 release of cloud init.

Unfortunately, the debian OMI that you use only has the cloud-init 20.4 and not 22.4.

Could you use Debian 12 (OMI: ami-8be8ac39) instead ? It includes the right version of cloud init.

Thank you, Regards,

aboulay commented 5 months ago

Thank you for the quick answer.

It will be a bit complicated to upgrade the image for the moment. We are not sure the system will run correctly on the new image. However, we have found a quickly fix simply by comment at the initialization of the vm and uncomment in a second execution. It is a bit ugly but it avoids the use of the outscale_tag resource which is deprecated. We will update the omi once we are sure the new image is compatible on our side.

I think we can close this issue if this is ok for you.

outscale-mdr commented 5 months ago

You could try to update the cloud-init manually but it might some configuration.

Do not hesitate to reopened the issue if it is not working for you.

outscale / terraform-provider-outscale