/srv/irclogs.ubuntu.com/2017/11/15/#cloud-init.txt

blackboxswsweet cloud-init 17.1.25  hit xenial17:51
blackboxswok blog post rework this afternoon17:51
jdandreaI see how to set http/s proxy and no_proxy for apt. Is there a way to set proxies for the default environment? Suspecting it's not wise to just blow away /etc/environment (and I can't append).20:23
smoserjdandrea: there is not.20:43
smoseryou could use boothook to intelligently update /etc/environment (boothooks run every boot)20:44
smoserbut generally speaking its just a pita when you try to set http_proxy globally20:44
smoserlike that20:44
jdandrea@smoser Ok. I ask because without that then the apt settings aren't as helpful for us on first boot.20:44
smoserso i really don't recommend it.20:44
jdandrea@smoser Hmm, ok. I wish this lab wasn't behind a proxy. :/20:44
smoserso.. why isnt it helpful for you on first boot ?20:45
smoserbasically, static http_proxy and https_proxy fall apart as soon as you try to use an address that isnt proxy-able20:45
jdandreaWe also set no_proxy tho20:45
smoseryes, but that is vastly insuffiicent20:45
jdandreaIndeed it is. I wish I had a better option.20:46
smosergnu tools read it sanely, and allow you to use wildcard and even cidr entries20:46
jdandreaIn another lab they have proxyless gateways so it's a sinch.20:46
smoserbut python (and other languages) do not.20:46
jdandreas/sinch/cinch20:46
smoserso they're uselss.20:46
smoseradn then, you do something like launch a container, and it has its own network that wasnt in your http_proxy and you are foobarred again20:46
jdandreaAye, and in those use cases that's already taken care of with install. I'm really more concerned with bootstrapping things.20:46
smoserhere is what i do:20:47
smoser http://bazaar.launchpad.net/~smoser/+junk/sstack-proxy/view/head:/sstack-proxy20:47
smoserso bootstrapping ? as in with maas ?20:47
jdandreaRight, I get that. Presuming I have a solid handle on communicating proxy settings down to various bits, I'm left with trying to get things to a happy state during cloud-init. In this case it's just cloud-init stuffs that are kicked off after an OpenStack nova boot.20:47
jdandreaReading...20:47
jdandreaThis particular lab already has a proxy server, thus I suspect something like tinyproxy wouldn't fly (?).20:48
smoserah. ok. i see.20:48
jdandreaBasically I wish they didn't have one, but ... hands tied.20:49
smoserjdandrea: oh. i run the tiny proxy on the host20:49
smoserand point http_proxy/https_proxy at *it*20:49
jdandrea@smoser Ah20:49
smoserthen you dont ever have to change your http_proxy/https_proxy vars20:50
jdandreaOhhhh20:50
smoserand you can just update tinyproxy and restart20:50
* jdandrea gets clue20:50
smoserand then all things get updated20:50
smoserthe issue is its slower than no proxy20:50
jdandreaRight, and in this case I'm betting folks won't like that. But hey, if I can get it to work sanely...20:50
jdandreaSo it requires at least one reboot, ya?20:51
jdandrea(Not necessarily a bad thing.)20:51
smoserwell, a new session after /etc/environmetn is wrtten, yeah.20:51
smoserand daemons restarted possibly.20:51
jdandreaOk20:51
jdandreaI will study this. Thank you!20:51
smoseractually , daemons do not read /etc/environment enerally speaking20:51
smoseryou can make similar change to systemd config...20:51
jdandreaRight. This is there purely so that the one-time scripts that are running at boot time can do their thing, and then they will communicate proxy settings to whatever services need them from that point on.20:52
smoseri dont think we added an  'environment' config to cloud-init20:52
smoserbut i have wanted to.20:52
jdandreaI think I can replace /etc/environment but I suspect that is a Very Bad Idea(tm). :D20:52
smoserie, cloud-init would read your settings in 'environment:' and update its environ.20:52
jdandreamhm mhm that's what I was looking for, like for apt.20:52
smoserjdandrea: i'm surprised at the amount of peole that write proxy data into e/tc/environment20:53
jdandreaWell, honestly? I'd rather not do that.20:53
smoserit seems without a solution like tinyproxy to be copmetely a broken idea to me.20:53
smoserso yeah, i'd stay out of taht.20:53
jdandreaBut it *looks* to me (and I could be wrong)... like Ubuntu needs to know about proxies early on in cloud-init. I may be wrong.20:53
smoserwhat is it that you ahve to do before then ?20:53
smoserwhat is "ubuntu" ?20:53
smoserin this case... what uses ?20:54
jdandreaBecause there are some things it's trying to get and it can't reach some servers. Ubuntu meaning Ubuntu 14.04 or 16.04.20:54
smoserapt will do the right thing.20:54
jdandreaLemme try and make a minimal paste to show...20:54
jdandreaI could also just be wrong. :)20:54
smosermy 'sstack-proxy' came from usage of a cloud that was simliarly configured.20:55
smoserin that you can't get to the interwebs without proxy20:55
smoserbut i only did things that *needed* access after cloud-init was up and hadn run that20:55
jdandrea@smoser So this is early on in cloud-init. The IPv6 I'd ignore. But the pollinate stuff overall... connecting to entropy: https://hastebin.com/ucaviyajuq.rb20:56
smoserhttp://paste.ubuntu.com/25969929/20:56
jdandreaThis is before any user scripts are run, methinks.20:56
smoserthats my user-data that i run20:56
smoserfor use case of general system i want to go to.20:56
jdandrea*nod*...20:57
smoseryou can probably ignore the pollinate.20:57
smoserthey shouldnt cause trouble generally.. failure shoudl not cause issue20:57
jdandreaOk, then in that case I don't need to touch environment.20:57
jdandreaWhew.20:57
smosertimeouts suck though20:57
jdandreaYeah. And y'know it may have absolutely nothing to do with proxies. Could also be noisy neighbors.20:57
jdandrea(Now seeing 1 minute downloads take 45. Um...)20:57
smoseryou can also i think tell cloud-init to disable pollinate. if you dont like its warnings.20:57
jdandreaTIL: can disable pollinate. Thanks! Good to know20:58
jdandreaHopefully we don't need the entropy. XD20:58
jdandreaAppreciate the insight. I will look at both of these pastes.20:59
smoseractually i'm wrong. you can't disable pollinate.20:59
smoserewll, you can, but not through cloud-init.20:59
smoser(you could with a bootcmd:20:59
jdandreaHehe. But... it's not a total disaster if it doesn't do its thing.20:59
jdandrea?20:59
jdandreaAh, ok.20:59
smoserln -sf /bin/true /usr/bin/pollinate21:00
smoserjdandrea: its supposed to be seeding random data.21:00
smoserso it reads some random information off of a remote web service and writes it to /dev/random21:00
smoserto help with entropy21:00
jdandrea*nodnod*21:00
smoserentropy quality in a vm is a complicated topic21:00
jdandreaBut if it can't reach it... "because proxy"... yeah.21:00
jdandreaOh yes, I can imagine.21:01
smoserpeople suggest that not having enough entropy when your ssh host keys are generated could leave you at risk of attack21:01
jdandreaRight. Threat models and all that. So... yeah. Something to ponder.21:02
smoseroh.21:02
smoseryou're runnign 14.04 there21:02
smoser16.04 i dont think will spew error to console21:02
jdandreaYup. BUT... 16.04 in some cases.21:03
jdandreaOk.21:03
smoserbasically your complaint was "fixed"' by siliently failing :)21:03
jdandreaBwahahaha!21:03
* jdandrea applauds21:03
smoserhttps://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/155415221:03
ubot5Launchpad bug 1554152 in pollinate (Ubuntu) "pollinate fails in many circumstances, cloud-init reports that failure, maas reports node failed deployment" [Critical,Fix released]21:03
jdandreaLet me just turn down that baby monitor... :p21:03
smoseractually, openstack21:04
smoserwill provid eyou with some blob of random data from the server21:04
smoserin metadata21:04
smoser(soo does azure)21:04
smoserand cloud-init will use that21:04
smoserso that provides locally to the cloud the value that pollinate would provide.21:05
jdandreaOk, then we're good.21:07
jdandreaBut really, beyond pollinate, I can set the proxies within a user script and it's fine.21:07
jdandreaAnd it's temporary. After that the service/VNF that comes up does the right thing.21:07
jdandreaI'm just glad I don't need to touch /etc/environment.21:07
smoseryeah./bu1321:19
blkadderPerhaps a silly question but why is touching /etc/environment considered such a bad thing? Reading through https://help.ubuntu.com/community/EnvironmentVariables there is nothing saying “OMG this is super bad don’t touch.”21:39
blackboxswsmoser: rharper just pushed a cut at sourcing logfile paths from the cloud-init cfg to https://code.launchpad.net/~chad.smith/cloud-init/+git/cloud-init/+merge/33351322:15
rharperblkadder: I suspect in general, system wide variables can cause problems in places that may be unexpected;  I would think per-application settings are generally preferred; reading the wiki page; it sounds like that's the line on /etc/environment; which is (IMO) sane policy22:15
blkadderDefinitely preferable to do per app but if this indeed was intended to be have a global, persistent effect that would seem to be the place to do it.22:16
blkadderTotally off-topic for here just found the earluer convo interesting…22:17
blkadderearlier...22:17
blkadderUnderstood about side-effects though.22:17
rharperblkadder: yeah, not that off topic for system initiazation22:23

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!