Ignition file not detected from OpenStack user data

I’m trying to deploy fedora coreos in OpenStack (I think v3.7, not sure) and I keep getting “Ignition: no config provided by user”

Here is my ignition file:
{"ignition":{"version":"3.1.0"},"passwd":{"users":[{"name":"core","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEJSIvZLaGSTX6KF+quBc6LYFIOzd5AT/33ztBBMR8wV core"]}]}}

I’ve tried providing this ignition file through ansible and through the UI, with and without a trailing newline, but each time I get “Ignition: no config provided by user” and I can’t SSH to the instance.

Attached is the full console logs, are there any clues in there?

Sorry I don’t have much more information. If it sounds like this could be an issue with my openstack provider, I can file a ticket with them to get more information.

You are most likely hitting https://github.com/coreos/ignition/issues/1056

1 Like

I downgraded to the previous stable version (fedora-coreos-32.20200629.3.0-openstack.x86_64.qcow2) as mentioned in that link, but I’m still getting “Ignition: no config provided by user”. The boot logs look a little better (it at least attempts to contact the metadata server at 169.254.169.254), but still no dice unfortunately: https://gist.github.com/mac-chaffee/4ba101a8198c318a6e7da3f4c9b6f82d#file-console2-txt

Consider opening an issue in the Fedora CoreOS tracker if you can not find an answer.

1 Like

Hmm, those logs look truncated. Can you paste the full logs when using the previous version? That way we can verify that networking did come up.

Also, how are you passing the userdata? Are you using e.g. openstack server create --user-data config.ign ...?

1 Like

Ah sorry, I guess only the last ~1000 lines or so are saved in openstack.

I’m passing the user data through the UI like this:

Here are the untruncated logs after pressing “Launch Instance” right after that screenshot was taken:
https://gist.githubusercontent.com/mac-chaffee/4ba101a8198c318a6e7da3f4c9b6f82d/raw/a27373c7297bdda8118bfd870f6aeb62ceeae813/console3.32.20200629.3.0.txt

Oh I’ve realized my mistake. I was booting this instance with a security group that only had “ALLOW IPv4 22/tcp from 0.0.0.0/0” (no outgoing connections allowed). As a result, the instance could not contact the metadata server to download the userdata.

The fix was to expand the security group to allow outgoing TCP traffic, at least to 169.254.169.254.
Here’s an example from the UI to allow all outgoing traffic:

Thanks for your help!

1 Like