=== zz_natorious is now known as natorious | ||
=== natorious is now known as zz_natorious | ||
=== zz_natorious is now known as natorious | ||
=== natorious is now known as zz_natorious | ||
=== gamename is now known as gamename[away] | ||
=== gamename[away] is now known as gamename | ||
Seth_Karlo | Hey all, I'm having an odd issue. Does Cloud-Init usually run as the root user or a sub-user? | 10:06 |
---|---|---|
Seth_Karlo | I'm strace-ing a run and I see it downloading the chef omnibus installer into /tmp/ with permissions 0700, but then getting a permission denied on the script a second later and failing | 10:07 |
Odd_Bloke | Seth_Karlo: Hmm, that is strange; does the file end up with the expected permissions? | 10:20 |
Seth_Karlo | File is deleted before I can take a look at it | 10:20 |
Seth_Karlo | This is what I see: [pid 11304] execve("/tmp/tmpfpIQua/chef-omnibus-install", ["/tmp/tmpfpIQua/chef-omnibus-install"], [/* 21 vars */]) = -1 EACCES (Permission denied) | 10:22 |
Odd_Bloke | Seth_Karlo: What version of cloud-init are you using (and on what distro)? | 10:32 |
Seth_Karlo | cloud-init 0.7.5 on CentOS 7.103 | 10:32 |
Odd_Bloke | Seth_Karlo: So the code that is running is in cloudinit/config/cc_chef.py; if you add a sleep at around line 114 wherever that file is installed, then you'll have some time to check the file looks sensible. | 10:35 |
Seth_Karlo | Odd_Bloke: Understood, testing now | 10:36 |
Odd_Bloke | Seth_Karlo: "import time; time.sleep(N)", if you aren't a Python person. :) | 10:36 |
Seth_Karlo | Odd_Bloke: Perfect, thanks! | 10:38 |
Seth_Karlo | Odd_Bloke: Is N in seconds or ms? | 10:43 |
Odd_Bloke | Seth_Karlo: Seconds. | 10:43 |
Seth_Karlo | Odd_Bloke: Seemed to completely ignore it at line 114 in /usr/lib/python2.7/site-packages/cloudinit/config/cc_chef.py | 10:44 |
Odd_Bloke | Seth_Karlo: Can you pastebin your modified bit of the file? | 10:45 |
Seth_Karlo | Odd_Bloke: https://gist.github.com/Seth-Karlo/96e129c004e63d5cc331 | 10:45 |
Odd_Bloke | Seth_Karlo: Ah, put it a line up. | 10:47 |
Odd_Bloke | Seth_Karlo: util.subp is what's running the file. | 10:47 |
Seth_Karlo | Odd_Bloke: In between the util. ones? | 10:47 |
Odd_Bloke | Seth_Karlo: Yep. | 10:48 |
Seth_Karlo | Done, testing now :) | 10:48 |
Seth_Karlo | Odd_Bloke: Aaaaaah, I see the issue! | 10:49 |
Seth_Karlo | Odd_Bloke: My /tmp is mounted noexec! | 10:49 |
Seth_Karlo | Odd_Bloke: Now working, thank you very very much for your help. Kudos and my gratitude | 10:51 |
Odd_Bloke | Seth_Karlo: I'm always happy to help when it turns out there isn't a bug for me to fix. ;) | 10:52 |
Seth_Karlo | Odd_Bloke: Haha, I'll let you know if I find more! :P | 10:52 |
Odd_Bloke | :D | 10:52 |
openstackgerrit | Claudiu Popa proposed stackforge/cloud-init: Add a draft spec for the parallel discovery of data sources https://review.openstack.org/220095 | 11:51 |
openstackgerrit | Claudiu Popa proposed stackforge/cloud-init: Add a draft spec for the parallel discovery of data sources https://review.openstack.org/220095 | 11:54 |
=== alexpilotti_ is now known as alexpilotti | ||
Odd_Bloke | claudiupopa: I think you might have done an incomplete naming change in the "FacadaParallelSearch" example in that spec. | 14:34 |
Odd_Bloke | claudiupopa: (Also Facada is a typo :p) | 14:34 |
claudiupopa | Oh, yep. :p | 14:34 |
smoser | claudiupopa, are you going to tokyo ? | 14:44 |
smoser | for openstack su mmit ? | 14:44 |
claudiupopa | Nope. | 14:44 |
smoser | Odd_Bloke, didnt you do something wrt testing bin/cloud-init in 0.7 ? | 14:46 |
=== zz_natorious is now known as natorious | ||
Odd_Bloke | smoser: I did, yeah. Why do you ask? | 14:47 |
smoser | where is it ? | 14:48 |
Odd_Bloke | smoser: http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/tests/unittests/test_cli.py | 14:49 |
smoser | thanks | 14:49 |
Odd_Bloke | :) | 14:49 |
smoser | Odd_Bloke, do you happen to know... | 15:08 |
smoser | http://paste.ubuntu.com/12263593/ | 15:09 |
smoser | probably easier to read | 15:10 |
smoser | http://paste.ubuntu.com/12263608/ | 15:10 |
Odd_Bloke | smoser: In a meeting right now, will look in a bit. :) | 15:13 |
=== alexpilotti_ is now known as alexpilotti | ||
j^2 | hey smoser i sent you a response :D | 15:27 |
smoser | j^2, thnks | 15:27 |
j^2 | we can sync later today? | 15:27 |
smoser | sure. ping me here is fine | 15:27 |
j^2 | perfect | 15:27 |
smoser | where'd you send rsponse ? | 15:28 |
Odd_Bloke | smoser: Given that those are all in the HTTP request, I would assume that they can all be logged. | 15:32 |
Odd_Bloke | Because the NSA has them anyway. :p | 15:32 |
Odd_Bloke | But I don't know that for sure. | 15:32 |
smoser | thats what i thought too, Odd_Bloke | 15:32 |
smoser | they're its supposed to work over http/ untrusted. | 15:33 |
smoser | so you'd think it'd bad if there was secrets there | 15:33 |
Odd_Bloke | Yeah. | 15:34 |
smoser | j^2, stuff for cloud-init 0.7.X is still on launchpad | 16:06 |
smoser | so your review was at the correct place | 16:06 |
j^2 | ah, which is the one that shipped “in general” now-a-days? | 16:15 |
Odd_Bloke | j^2: 0.7.x is still shipped in general, 2.0 is still in early development. | 16:16 |
j^2 | Odd_Bloke: ah cool, then i’ll keep with 0.7.0 then | 16:16 |
j^2 | thanks | 16:17 |
harlowja | smoser whatever happened to enabling the launchpad + git stuff | 17:38 |
harlowja | is that possible still? | 17:38 |
smoser | harlowja, yes. still possible. | 17:39 |
harlowja | +2 :) | 17:39 |
harlowja | can u press a button somewhere to make that happen ;) | 17:39 |
harlowja | ye-olde button | 17:40 |
smoser | the button i'd rather push is 'make harlowja work enough on cloud-init 2.0 that he stops caring about 0.7' | 17:43 |
smoser | do you have one of those buttons? | 17:43 |
harlowja | smoser ya, mainly this is for the y! CI system, that still pulls from 0.7, but really only knows how to interface with git :-P | 17:43 |
harlowja | it doesn't quite know bzr, and nobody seems willing to add bzr support :-P | 17:53 |
harlowja | claudiupopa in regard to https://review.openstack.org/#/c/220095/ let me know if u have any questions on how this got pulled off in taskflow (the parallel running based on dependencies ...) | 20:01 |
harlowja | because its awfully similar i think, ha | 20:01 |
claudiupopa | So they're similar? | 20:05 |
* harlowja makes an example, but yes | 20:05 | |
claudiupopa | Looking right now in the link. | 20:05 |
harlowja | k | 20:06 |
harlowja | claudiupopa http://paste.openstack.org/show/444643/ | 20:09 |
harlowja | output from running that | 20:09 |
harlowja | http://paste.openstack.org/show/444646/ | 20:10 |
harlowja | soooo it does something like u want i think, ha | 20:10 |
harlowja | and it can run in parallel as well :-P | 20:10 |
harlowja | u can run that by just cloning https://github.com/openstack/taskflow and making a venv and installing its requirements, then running it locally... | 20:10 |
claudiupopa | Nicee, why don't we use it for cloud-init v2 then? | 20:11 |
harlowja | could be done :-P | 20:11 |
harlowja | i am top maintainer/creator of that lib, so maybe we could, ha | 20:11 |
harlowja | but depends on others thoughts, ha | 20:11 |
harlowja | bb | 20:12 |
claudiupopa | The capabilities are represented by default_provides? | 20:12 |
harlowja | claudiupopa correct, or they could be | 20:54 |
harlowja | just something to think about, taskflow might be to big of a dependency, idk | 20:55 |
Odd_Bloke | smoser: So my HTTP friend tells me that in theory we should be able to store all the OAuth info in the log, but that assumes a good OAuth server implementation. | 22:04 |
Odd_Bloke | smoser: So we're probably better off not logging it. | 22:04 |
=== natorious is now known as zz_natorious | ||
=== zz_natorious is now known as natorious |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!