[07:19] <lordievader> Good morning
[11:05] <arielfe> how can i shut down pycharms database tool connection to a local postgresql from a terminal?
[13:35] <coreycb> jamespage: for bug 1866361, I think I'm just going to bump python-openstacksdk from 0.26.0 to 0.27.0 for stein inline with upstream. the new minor release only includes the patch for this fix and it includes an API change.
[13:35] <jamespage> coreycb: sounds sensible
[17:21] <runelind_q> how can I pass environment variables to a user in a systemd startup script? I created /etc/systemd/system/<service>.d/override.conf
[17:21] <runelind_q> and put in Environment="VARIABLE=value" in the file
[17:22] <runelind_q> but from what I can tell, it doesn't seem to be passed properly.
[17:25] <sdeziel> runelind_q: have you run 'sudo systemctl daemon-reload' ? after creating the override.conf file?
[17:25] <runelind_q> I did
[17:25] <sdeziel> runelind_q: and restarted the unit in question?
[17:26] <runelind_q> correct
[17:27] <runelind_q> I'm supposed to be able to do systemctl --user show-environment, but I get "Failed to connect to bus: No such file or directory"
[17:27] <sdeziel> runelind_q: the override you created is for the system instance, not the user one
[17:28] <runelind_q> sorry it is /etc/systemd/system/traefik.service.d/override.conf
[17:28] <runelind_q> (I'm working with traefik, obvs)
[17:29] <sdeziel> runelind_q: this is still in the system instance, nothing you can see with systemctl --user
[17:29] <sdeziel> runelind_q: that said, show-environment won't show you the env vars exported to the unit you overrode
[17:30] <runelind_q> ah ok, so it looks like I potentially need to do /etc/systemd/system/user@.traefik.d/ ?
[17:30] <sdeziel> runelind_q: to see those, you'd probably need to do something like this: sudo grep -a VARIABLE /proc/$traefik_pid/environ
[17:31] <runelind_q> (am reading https://wiki.archlinux.org/index.php/Systemd/User#Environment_variables)
[17:31] <runelind_q> I'm launching traefik with the traefik user and group
[17:32] <sdeziel> runelind_q: right but that traefik unit is run/managed by the system instance of systemd
[17:33] <sdeziel> runelind_q: could you pastebin the output of: systemctl cat traefik.service
[17:34] <runelind_q> sdeziel: https://pastebin.com/EmYdEZ17
[17:35] <runelind_q> it looks like some stuff got cut off, but it appears to be only comments.
[17:35] <runelind_q> (copied the startup script from someone else)
[17:35] <sdeziel> runelind_q: so I think the issue is that you pass Environment= twice
[17:35] <sdeziel> runelind_q: only the last one is effective
[17:36] <runelind_q> the traefik user needs CF_API_EMAIL and CF_API_KEY to be able to run traefik properly
[17:36] <sdeziel> err, sorry, I can't read man pages, scratch that
[17:36] <sdeziel> runelind_q: since the content of /etc/systemd/system/traefik.service.d/override.conf, I'd recommend tweaking it's ownership/permissions BTW
[17:37] <sdeziel> runelind_q: your setup looks sane to me, what exactly makes you conclude it's not 'passing the env vars properly'?
[17:38] <runelind_q> because traefik complains about missing values for CF_API_EMAIL or CF_API_KEY
[17:38] <runelind_q> if I run traefik as root with those values manually exported, everything works fine.
[17:40] <runelind_q> sdeziel: interesting if I grep -a CF_API_KEY /proc/22095/environ I do see it, same with EMAIL
[17:40] <runelind_q> sdeziel: so I must be doing something else wrong :(
[17:40] <sdeziel> sudo grep -a CF_API_ /proc/$(systemctl show --value -p MainPID traefik)/environ
[17:41] <sdeziel> ah, I was too slow ;)
[17:41] <runelind_q> but your command was fancier :)
[17:42] <runelind_q> I guess I can go ask the traefik peeps
[17:44] <runelind_q> oh wait hold on
[17:44] <runelind_q> this is with the manually exported values.  Let me kill my root process and systemctl start it with the traefik user
[17:44]  * runelind_q facepalms
[17:45] <sdeziel> runelind_q: word of advise when doing tests as root: any file created when doing your test will be impossible to write by the low-priv user afterwards... which may cause you headaches
[17:45] <runelind_q> noted
[17:47] <runelind_q> ok, now that I'm running it as the traefik user, I don't see the environment variables at all.
[17:49] <sdeziel> runelind_q: what do you get from: sudo grep -a CF_API_ /proc/$(systemctl show --value -p MainPID traefik)/environ
[17:49] <runelind_q> nothing in return at all
[17:49] <runelind_q> if I just cat it I get some values back
[17:49] <runelind_q> LANG=C.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binHOME=/var/wwwLOGNAME=traefikUSER=traefikINVOCATION_ID=b52587803e364c05beb88ca0dd98914dJOURNAL_STREAM=9:6600383
[17:50] <runelind_q> but I definitely got more values back when running as root
[17:50] <sdeziel> when running as root, it probably inherited your whole environment
[17:51] <runelind_q> yes
[17:52] <sdeziel> does "systemctl show --value -p Environment traefik" looks sane?
[17:53] <runelind_q> also returns blank
[17:53] <runelind_q> but ps -ax | grep traefik shows a pid of 28299
[17:53] <runelind_q> so I did cat /proc/28299/environ
[17:53] <runelind_q> and the results were pasted above
[17:54] <sdeziel> does that match the value returned by: systemctl show --value -p MainPID traefik
[17:54] <runelind_q> it does
[17:56] <sdeziel> runelind_q: I'm out of good ideas, at this point I'd try adding 'ExecStartPre=/usr/bin/env' and see if the env ends up in the unit's logs
[17:58] <sdeziel> runelind_q: I just noticed that your override file doesn't have the [Service] header
[17:59] <runelind_q> oh, that's a good catch.
[18:01] <runelind_q> ok, now they show up in systemctl show --value -p Environment traefik :D
[18:05] <sdeziel> runelind_q: meanwhile, I got this log message when trying to restrict access to a config file: systemd[1]: Configuration file /etc/systemd/system/foo.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.
[18:08] <sdeziel> runelind_q: because of this, you might want to switch to using EnvironmentFile= pointing to a file that's readable by root only if you care about keeping the API key secret
[18:09] <runelind_q> sdeziel: thanks, I'll look into it
[18:10] <sdeziel> you are welcome
[18:10] <runelind_q> sdeziel: going to wander off and grab some lunch and do further testing in a bit.  Thank you very much for your help!