| lordievader | Good morning | 07:19 |
|---|---|---|
| === Napsterbater is now known as Guest23378 | ||
| === Napsterbater_ is now known as Napsterbater | ||
| arielfe | how can i shut down pycharms database tool connection to a local postgresql from a terminal? | 11:05 |
| === bpsecret- is now known as bpsecret | ||
| === Wryhder is now known as Lucas_Gray | ||
| coreycb | jamespage: for bug 1866361, I think I'm just going to bump python-openstacksdk from 0.26.0 to 0.27.0 for stein inline with upstream. the new minor release only includes the patch for this fix and it includes an API change. | 13:35 |
| ubottu | bug 1866361 in Ubuntu Cloud Archive stein "[SRU] Connections to Neutron are not closed properly in v0.26.0" [Undecided,Triaged] https://launchpad.net/bugs/1866361 | 13:35 |
| jamespage | coreycb: sounds sensible | 13:35 |
| === Wryhder is now known as Lucas_Gray | ||
| === oerheks1 is now known as oerheks | ||
| runelind_q | how can I pass environment variables to a user in a systemd startup script? I created /etc/systemd/system/<service>.d/override.conf | 17:21 |
| runelind_q | and put in Environment="VARIABLE=value" in the file | 17:21 |
| runelind_q | but from what I can tell, it doesn't seem to be passed properly. | 17:22 |
| sdeziel | runelind_q: have you run 'sudo systemctl daemon-reload' ? after creating the override.conf file? | 17:25 |
| runelind_q | I did | 17:25 |
| sdeziel | runelind_q: and restarted the unit in question? | 17:25 |
| runelind_q | correct | 17:26 |
| runelind_q | I'm supposed to be able to do systemctl --user show-environment, but I get "Failed to connect to bus: No such file or directory" | 17:27 |
| sdeziel | runelind_q: the override you created is for the system instance, not the user one | 17:27 |
| runelind_q | sorry it is /etc/systemd/system/traefik.service.d/override.conf | 17:28 |
| runelind_q | (I'm working with traefik, obvs) | 17:28 |
| sdeziel | runelind_q: this is still in the system instance, nothing you can see with systemctl --user | 17:29 |
| sdeziel | runelind_q: that said, show-environment won't show you the env vars exported to the unit you overrode | 17:29 |
| runelind_q | ah ok, so it looks like I potentially need to do /etc/systemd/system/user@.traefik.d/ ? | 17:30 |
| sdeziel | runelind_q: to see those, you'd probably need to do something like this: sudo grep -a VARIABLE /proc/$traefik_pid/environ | 17:30 |
| runelind_q | (am reading https://wiki.archlinux.org/index.php/Systemd/User#Environment_variables) | 17:31 |
| runelind_q | I'm launching traefik with the traefik user and group | 17:31 |
| sdeziel | runelind_q: right but that traefik unit is run/managed by the system instance of systemd | 17:32 |
| sdeziel | runelind_q: could you pastebin the output of: systemctl cat traefik.service | 17:33 |
| runelind_q | sdeziel: https://pastebin.com/EmYdEZ17 | 17:34 |
| runelind_q | it looks like some stuff got cut off, but it appears to be only comments. | 17:35 |
| runelind_q | (copied the startup script from someone else) | 17:35 |
| sdeziel | runelind_q: so I think the issue is that you pass Environment= twice | 17:35 |
| sdeziel | runelind_q: only the last one is effective | 17:35 |
| runelind_q | the traefik user needs CF_API_EMAIL and CF_API_KEY to be able to run traefik properly | 17:36 |
| sdeziel | err, sorry, I can't read man pages, scratch that | 17:36 |
| sdeziel | runelind_q: since the content of /etc/systemd/system/traefik.service.d/override.conf, I'd recommend tweaking it's ownership/permissions BTW | 17:36 |
| sdeziel | runelind_q: your setup looks sane to me, what exactly makes you conclude it's not 'passing the env vars properly'? | 17:37 |
| runelind_q | because traefik complains about missing values for CF_API_EMAIL or CF_API_KEY | 17:38 |
| runelind_q | if I run traefik as root with those values manually exported, everything works fine. | 17:38 |
| runelind_q | sdeziel: interesting if I grep -a CF_API_KEY /proc/22095/environ I do see it, same with EMAIL | 17:40 |
| runelind_q | sdeziel: so I must be doing something else wrong :( | 17:40 |
| sdeziel | sudo grep -a CF_API_ /proc/$(systemctl show --value -p MainPID traefik)/environ | 17:40 |
| sdeziel | ah, I was too slow ;) | 17:41 |
| runelind_q | but your command was fancier :) | 17:41 |
| runelind_q | I guess I can go ask the traefik peeps | 17:42 |
| runelind_q | oh wait hold on | 17:44 |
| runelind_q | this is with the manually exported values. Let me kill my root process and systemctl start it with the traefik user | 17:44 |
| * runelind_q facepalms | 17:44 | |
| sdeziel | runelind_q: word of advise when doing tests as root: any file created when doing your test will be impossible to write by the low-priv user afterwards... which may cause you headaches | 17:45 |
| runelind_q | noted | 17:45 |
| runelind_q | ok, now that I'm running it as the traefik user, I don't see the environment variables at all. | 17:47 |
| sdeziel | runelind_q: what do you get from: sudo grep -a CF_API_ /proc/$(systemctl show --value -p MainPID traefik)/environ | 17:49 |
| runelind_q | nothing in return at all | 17:49 |
| runelind_q | if I just cat it I get some values back | 17:49 |
| runelind_q | LANG=C.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binHOME=/var/wwwLOGNAME=traefikUSER=traefikINVOCATION_ID=b52587803e364c05beb88ca0dd98914dJOURNAL_STREAM=9:6600383 | 17:49 |
| runelind_q | but I definitely got more values back when running as root | 17:50 |
| sdeziel | when running as root, it probably inherited your whole environment | 17:50 |
| runelind_q | yes | 17:51 |
| sdeziel | does "systemctl show --value -p Environment traefik" looks sane? | 17:52 |
| runelind_q | also returns blank | 17:53 |
| runelind_q | but ps -ax | grep traefik shows a pid of 28299 | 17:53 |
| runelind_q | so I did cat /proc/28299/environ | 17:53 |
| runelind_q | and the results were pasted above | 17:53 |
| sdeziel | does that match the value returned by: systemctl show --value -p MainPID traefik | 17:54 |
| runelind_q | it does | 17:54 |
| sdeziel | runelind_q: I'm out of good ideas, at this point I'd try adding 'ExecStartPre=/usr/bin/env' and see if the env ends up in the unit's logs | 17:56 |
| sdeziel | runelind_q: I just noticed that your override file doesn't have the [Service] header | 17:58 |
| runelind_q | oh, that's a good catch. | 17:59 |
| runelind_q | ok, now they show up in systemctl show --value -p Environment traefik :D | 18:01 |
| sdeziel | runelind_q: meanwhile, I got this log message when trying to restrict access to a config file: systemd[1]: Configuration file /etc/systemd/system/foo.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. | 18:05 |
| sdeziel | runelind_q: because of this, you might want to switch to using EnvironmentFile= pointing to a file that's readable by root only if you care about keeping the API key secret | 18:08 |
| runelind_q | sdeziel: thanks, I'll look into it | 18:09 |
| sdeziel | you are welcome | 18:10 |
| runelind_q | sdeziel: going to wander off and grab some lunch and do further testing in a bit. Thank you very much for your help! | 18:10 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!