I have proposed an upstream PR to fix this inconsistency in handling
excluded drivers for azure in stages at https://github.com/canonical
/cloud-init/pull/914

Given that Xenial is currently in Extended Security Maintenance for
support, I don't know if we will be able to publish a fix into xenial-
updates to fix this corner case.

This will only affect fresh launches of Azure Ubuntu PRO FIPS 16.04
(Xenial) images which also have Accelerated networking enabled.

Two posible workarounds in the absence of a cloud-init fix in xenial-updates:
 1. Provide the following #cloud-config userdata during Ubuntu PRO FIPS 16.04 
with accelerated networking (Attached as azure-xenial-pro-fips-workaround.yaml)

#cloud-config
bootcmd:
- "sed -i '/distro = self._distro/i \\                if self.datasource.dsname 
== \"Azure\":\\n                    self._distro.networking.blacklist_drivers = 
[\"mlx4_core\", \"mlx5_core\"]' 
/usr/lib/python3/dist-packages/cloudinit/stages.py"


OR 

 2. Launch a Ubuntu PRO 16.04 (Xenial) with Accelerated networking
enable FIPS & reboot:

   ssh <azure_pro_xenial_vm>
   # Add overrides to /etc/ubuntu-advantage/uaclient.conf
   $ echo "features:\n  allow_xenial_fips_on_cloud: true" | sudo tee -a 
/etc/ubuntu-advantage/uaclient.conf
   $ sudo ua enable fips --assume-yes
   $ sudo reboot
 

The reason option 2 works is because SSH keys will have already been
generated so the Traceback on duplicate mac addresses won't affect
accessibility of VM once it reboots into FIPS mode.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1927124

Title:
  Azure/Xenial Pro FIPS: RuntimeError: duplicate mac found!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1927124/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to