From 6fd871dec4dba27611e6eade68f1d160af837dda Mon Sep 17 00:00:00 2001
From: Jack Kelly <jack@jackkelly.name>
Date: Sat, 21 Nov 2020 11:59:30 +1000
Subject: [PATCH] rl-21.03: describe EC2 instance user/meta data reloading

---
 nixos/doc/manual/release-notes/rl-2103.xml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml
index 55c1229a164..5bdc44365ed 100644
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@@ -211,6 +211,22 @@
       and <literal>slaptest</literal> is buggy with schemas directly in the config file.
     </para>
    </listitem>
+   <listitem>
+     <para>
+       Amazon EC2 and OpenStack Compute (nova) images now re-fetch instance meta data and user data from the instance
+       metadata service (IMDS) on each boot. For example: stopping an EC2 instance, changing its user data, and
+       restarting the instance will now cause it to fetch and apply the new user data.
+     </para>
+     <warning>
+       <para>
+         Specifically, <literal>/etc/ec2-metadata</literal> is re-populated on each boot. Some NixOS scripts that read
+         from this directory are guarded to only run if the files they want to manipulate do not already exist, and so
+         will not re-apply their changes if the IMDS response changes. Examples: <literal>root</literal>'s SSH key is
+         only added if <literal>/root/.ssh/authorized_keys</literal> does not exist, and SSH host keys are only set from
+         user data if they do not exist in <literal>/etc/ssh</literal>.
+       </para>
+     </warning>
+   </listitem>
   </itemizedlist>
  </section>