 | NixOS AWS | 64 Members |
| 16 Servers |
| NixOS AWS | 64 Members |
| 16 Servers |
| Sender | Message | Time |
|---|---|---|
| 22 Oct 2024 | ||
 Arian | The old AMI doesn't have that option set, so there is no implicit unsupported parameter | 01:05:54 |
 nh2 | Right. Bit of a brutal error message, The parameter MetadataOptions is not recognized; AWS could at least say it's an implicit parameter added by the Version. | 01:06:05 |
| Arian | Yeh this is something somewhere internally going wrong and then that error bubbling up 😅 | 01:07:09 |
| Arian | Classic AWS error message | 01:07:23 |
| nh2 | Not as good as Microsoft, where on OneDrive, if you download a large folder as a streamed ZIP, they randomly replace files by text files that contain internal error messages whent that machine OOMs, happens in ~30% of files I download from Microsoft | 01:08:19 |
| nh2 | The slightly annoying thing here is that this part of NixOps uses boto, not boto3.I'll have a look whether I can get the request to work by convincing that to use a newer Version.Then afterwards I guess I have to see if I can get the thing updated to a newer nixops, or switch it out (it'll be a long work and risky though). | 01:09:00 |
| Arian | Hope there are no coredumps in there lol | 01:09:02 |
| nh2 | Arian: Do you know if there's a list/changelog of Versions for EC2? | 01:10:22 |
| nh2 | Currently checking https://stackoverflow.com/questions/60366935/find-latest-aws-api-version-for-locking-the-version | 01:11:11 |
| Arian | https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html | 01:11:46 |
| Arian | The latest version is 2016-11-15 | 01:11:58 |
| Arian | They almost never make breaking changes. IMDSv2 was needed because enormous security hole | 01:12:45 |
| Arian | But i guess that means updating nixops might be enough? | 01:12:56 |
| Arian | Seems the lock file is from 2018 | 01:13:08 |
| Arian | https://github.com/boto/botocore/tree/develop/botocore/data/ec2 | 01:15:57 |
| nh2 | Alternatively, maybe I should just build my own AMI, and turn off the option there. Because I don't actually need any specific AMI. It's only needed to boot, the machine, in a reproducible fashion (and ideallly one that doesn't rename all devices after reboot when systemd decides that it's another year again where all network interfaces shall be renamed). After nixops has deployed and rebooted, the software specified by by nixpkgs pin runs anway. | 01:16:04 |
| Arian | Here are all the api versions! | 01:16:05 |
| nh2 | In reply to @arianvp:matrix.orgVersion-pinning that here: https://github.com/NixOS/amis/blob/99b494036de3f1418c65b62c8a4197e76c10ad74/upload-ami/src/upload_ami/upload_ami.py#L173 | 01:17:04 |
| Arian | Fwiw we ship udev rules that should give all network interfaces alt-names based on the AWS eni id | 01:18:36 |
| Arian | Which is stable even across instance types | 01:18:50 |
| Arian | (the systemd predictable interface names are not stable across instance types :( ) | 01:19:12 |
| Arian | At least I think we ship those udev rules... | 01:19:43 |
| nh2 | That is useful! I only had the problem on Hetzner dedicated so far. Upgrade to newer Nixops, be happy everything works. Next reboot, all machines disappear from the Internet | 01:20:09 |
| nh2 | Since then I add an UDEV rule also to call the one network interface Hetzner gives net0 not matter what | 01:20:46 |
| nh2 | The version is defined here: https://github.com/boto/boto/blob/8fac1878734c5ac085b781f619c70ea4b6e913c3/boto/ec2/connection.py#L75 | 01:23:28 |
| nh2 | Now we just apply the nixpkgs wisdom
| 01:24:15 |
| nh2 | * Now we just apply the nixpkgs wisdom
and should be good lol | 01:24:21 |
| Arian | Horror | 01:27:04 |
| Arian | I'm off to bed | 01:29:05 |
| nh2 | Ah, the version can actually be overriden by the caller: https://github.com/boto/boto/blob/8fac1878734c5ac085b781f619c70ea4b6e913c3/boto/ec2/connection.py#L86 So nixops can easily use it without having to modify | 01:29:21 |