kholkinadpb1 hi! do you know an answer for my question published yesterday?08:42
kholkinacannot find full logs for this channel08:43
dpb1kholkina: perhaps in a few more hours.  yesterday was a US holiday, most of the contributers were off.10:22
=== shardy is now known as shardy_lunch
=== shardy_lunch is now known as shardy
rharperkholkina: w.r.t user-data; cloud-init does not currently watch the metadata url for changes.  Unless your instance-id changes, cloud-init does not re-read the metadata and take action.   Adding a scripts_user/always won't help if cloud-init has already booted and initialized the instance.   Do you have any background on what you're trying to do?14:16
kholkinarharper: I want to have an ability to get (and execute) updated userdata on instance reboot. What is the better way to do this?14:23
rharperjust a single key or you really want the whole instance to be reconfigured; I don't know all of what you have in your user-data14:23
rharperany background about the data change? are you adding a user or installing a package; things that cloud-init normally does during boot?14:25
kholkinajust a single key in the section 'cloud-config'14:25
kholkinanow I'm trying to manipulate ssh-keys14:26
rharperlooking to add a key, or modify existing ones?14:28
smoserother question is "host" or "user/public" keys14:29
kholkinamodify keys in 'default_user/.ssh/authorized_keys'14:29
smoserkholkina: right. so for now, cloud-init will only do that once per instance. you could possibly change something to make it do it every boot, but it really only appends keys.14:33
kholkinasmoser: Yes, I've found that it's possible only to add new keys on reboot. But I need to delete some files from /var/lib/cloud to do this. So would be nice if you can suggest better solution to get an updated data14:39
smoserkholkina: well, you could change the frequency of 'ssh' config module14:41
smoserbut doing so would have the unwanted side affect of re-generating ssh keys for the host14:41
smoserkholkina: i dont have a good suggesiton for you at the moment. :-(14:43
smoserwe do plan to make cloud-init more dynamic in this regard, but nothing right now/14:43
smoserwhat cloud is this?14:43
smoseryeah, k'm sorry. i dont have a good answer for you. :-(14:48
kholkinado I need to remove a cache or it will work just with [ssh, always] in cloud.cfg?14:49
rharperI kind of think that you don't want to have it regen the host keys;  might be better to watch the metadata URL yourself and read-and-apply the change outside of cloud-init for now14:51
rharpersmoser: for cached openstack, re-invoking cloud-init single wouldn't have it re-read metadata URL would it?14:53
smoserno, it wont.14:53
rharperif you removed the obj cache, it might, right ?14:54
smoserwell, but then it would probably mostly think it was a new isntance.14:54
rharperhrm, yeah14:54
smoseran dif that wasnt the behavior it did have, then i wouldnt want to tell someone to rely on that14:54
dojordan@blackboxsw - question about the dhcp-discovery. I am getting a permission denied on the temp dir in /run/cloud-init when calling dhclient, but there is a comment in the method saying to use /var/tmp since /run/cloud-init is mounted noexcec... Not really sure why its using the wrong directory: Command: ['/run/cloud-init/tmp/cloud-init-dhcp-zz0g2p4_/dhclient', '-1', '-v', '-lf', '/run/cloud-init/tmp/cloud-init-dhcp-zz0g2p4_/dhc20:20
meetingologydojordan: Error: Missing "]".  You may want to quote your arguments with double quotes in order to prevent extra brackets from being evaluated as nested commands.20:20
rharperwow, uhm, thanks? meetingology ?20:27
naccrharper: did someone forget to stop a meeting?20:27
rharperthat'd be blackboxsw20:27
* nacc thought the bot didn't listen outside of meetings20:27
* nacc may not have perm if they didn't start it20:28
rharperI think blackboxsw might need to do that20:28
rharperprolly forgot since open hours last week, I suspect20:28
naccalthough i thought the bot changed the topic too, but maybe i'm wrong20:28
naccyeah, likely20:28
rharperyeah, this is the same instance as the other ubuntu channels, so maybe blackboxsw has it tweaked some20:28
dojordandumb question, but cloud-init runs as root, correct? if so, how come when mkdtemp runs as root it returns /run/cloud-init even though it is mounted noexec?21:41
rharperdojordan: two things going on;  1) systemd makes /tmp and /var/tmp unusable as the systemd tmp cleaning service can nuke those at any time; so cloud-init moved it's "tmp" space under a path cloud-init owns (/run/cloud-init)  2)  specifically around the dhclient and tmp dirs is related to apparmor policy around dhclient21:50
dojordan2) makes sense, and I believe I am running into that. However, the temp_utils.py:_tempfile_dir_arg first checks if _TMPDIR has already been set and if so returns it21:52
dojordantherefore it does not honor the needs_exe if it is not the first invocation of the function, right?21:52
rharperlemme look at the code21:53
rharperoh, I see21:53
rharperif a non-exec user  calls it first, the second caller cannot reset it21:54
rharperthat's bit naughtly;21:54
rharperwell, one hammer is to fetch the global and reset _TMPDIR = None to recall it; but that seems wrong21:55
dojordanwhat's the point of the global21:55
rharpermakes a singleton21:55
dojordanmaybe im missing something21:55
rharperonce we've figured out a TMPDIR, we just keep reusing it21:55
rharperwe don't need a per-call different tmp directory21:55
rharperjust need to find one tmpdir with the required features and they all callers use that one21:56
dojordanunless we have an needs_exe=False then needs_exe=True21:56
rharperyeah, that seems like an issue; I suspect if your datasource is not running local, it's request to have a  tmpdir with needs_exec set isn't the first one; it seems like trouble to re-issue on (if it's currently non-empty)21:57
rharpersince the EC2 datasource was moved to run at localtime, it is likely a first user of that and gets to set the needs_exec=True first;21:58
dojordanwhat's weird is it is running local but i guess there must be an earlier call still21:58
rharperit seems so21:59
rharperazure's OpenSSLManager uses mkdtmp22:00
dojordanyup, just found that22:00
dojordanthoughts on best fix? one option is looks at needs_exe first. If it is true then just use the _EXE_ROOT_TMPDIR22:02
rharperI'm not sure yet22:03
rharperthat's one way; but I22:03
rharperi'm somewhat concerned with changing the global if the dir is populated;22:04
dojordanmy thought was not to change the global22:04
dojordansince the _EXE_ROOT_TMPDIR is static anyway22:04
rharperright; one could just return the different directory (assuming it exists)22:04
rharpernot clear if that could cause confusion w.r.t where a callers files are22:05
dojordanbut the only way to guarantee one directory then is always use the exe root one, which seems wrong too22:08
rharperyay blackboxsw has returned22:09
blackboxswsorry was afk for a kiddo dr checkup. reading scroll back22:10
rharperdojordan: I *think* it could be OK for the root case to use the need_exec to pick the path it returns, despite what's set in the global22:10
blackboxswbut looks like endmeeting didn't close anything ( and I thought Ihad already posted the closing logs from last meeting last week at cloud-init.github.io22:10
rharperblackboxsw: yeah, no idea; maybe meetingology just needs a kick in the pid22:11
blackboxswwill ping in #meetingology channel on that, not sure why it responded to that earlier message, all cmds should start with a #22:12
blackboxswtesting in a side channel, any command that starts with @ also seems to get parsed by meetinology22:15
dojordan@blackboxsw, I am testing out the ephemeral ipv4 stuff now, but for some reason broadcast address is not in the lease file. any thoughts?23:19
rharperdojordan: is the netmask included? if so you can derive broadcast IIRC23:27
dojordanokay cool. that was my backup plan :)23:28
dojordando I apply the mask to the fixed address or the router to get the broadcast address?23:29
dojordani guess fixed is probably more reliable23:29
blackboxswhrm, I thought we had a helper function for deriving that broadcast addr23:33
* blackboxsw checks around23:34
blackboxswnah was net_prefix_to_ipv4_mask and it's ilk in cloudinit/net/network_state.py23:40
blackboxswI thought I saw a discussion on one branch that discussed potentially writing a utility to do that calculation.23:40
blackboxswif a helper function is writting dojordan to calculate broadcast, I guess I'd like to see if live in cloudinit/net/network_state.py like the other net-related helper funcs23:42
blackboxswif a helper function is written*23:43
dojordancool, i'll put it there23:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!