[07:19] Good morning === Napsterbater is now known as Guest23378 === Napsterbater_ is now known as Napsterbater [11:05] how can i shut down pycharms database tool connection to a local postgresql from a terminal? === bpsecret- is now known as bpsecret === Wryhder is now known as Lucas_Gray [13:35] jamespage: for bug 1866361, I think I'm just going to bump python-openstacksdk from 0.26.0 to 0.27.0 for stein inline with upstream. the new minor release only includes the patch for this fix and it includes an API change. [13:35] bug 1866361 in Ubuntu Cloud Archive stein "[SRU] Connections to Neutron are not closed properly in v0.26.0" [Undecided,Triaged] https://launchpad.net/bugs/1866361 [13:35] coreycb: sounds sensible === Wryhder is now known as Lucas_Gray === oerheks1 is now known as oerheks [17:21] how can I pass environment variables to a user in a systemd startup script? I created /etc/systemd/system/.d/override.conf [17:21] and put in Environment="VARIABLE=value" in the file [17:22] but from what I can tell, it doesn't seem to be passed properly. [17:25] runelind_q: have you run 'sudo systemctl daemon-reload' ? after creating the override.conf file? [17:25] I did [17:25] runelind_q: and restarted the unit in question? [17:26] correct [17:27] I'm supposed to be able to do systemctl --user show-environment, but I get "Failed to connect to bus: No such file or directory" [17:27] runelind_q: the override you created is for the system instance, not the user one [17:28] sorry it is /etc/systemd/system/traefik.service.d/override.conf [17:28] (I'm working with traefik, obvs) [17:29] runelind_q: this is still in the system instance, nothing you can see with systemctl --user [17:29] runelind_q: that said, show-environment won't show you the env vars exported to the unit you overrode [17:30] ah ok, so it looks like I potentially need to do /etc/systemd/system/user@.traefik.d/ ? [17:30] runelind_q: to see those, you'd probably need to do something like this: sudo grep -a VARIABLE /proc/$traefik_pid/environ [17:31] (am reading https://wiki.archlinux.org/index.php/Systemd/User#Environment_variables) [17:31] I'm launching traefik with the traefik user and group [17:32] runelind_q: right but that traefik unit is run/managed by the system instance of systemd [17:33] runelind_q: could you pastebin the output of: systemctl cat traefik.service [17:34] sdeziel: https://pastebin.com/EmYdEZ17 [17:35] it looks like some stuff got cut off, but it appears to be only comments. [17:35] (copied the startup script from someone else) [17:35] runelind_q: so I think the issue is that you pass Environment= twice [17:35] runelind_q: only the last one is effective [17:36] the traefik user needs CF_API_EMAIL and CF_API_KEY to be able to run traefik properly [17:36] err, sorry, I can't read man pages, scratch that [17:36] runelind_q: since the content of /etc/systemd/system/traefik.service.d/override.conf, I'd recommend tweaking it's ownership/permissions BTW [17:37] runelind_q: your setup looks sane to me, what exactly makes you conclude it's not 'passing the env vars properly'? [17:38] because traefik complains about missing values for CF_API_EMAIL or CF_API_KEY [17:38] if I run traefik as root with those values manually exported, everything works fine. [17:40] sdeziel: interesting if I grep -a CF_API_KEY /proc/22095/environ I do see it, same with EMAIL [17:40] sdeziel: so I must be doing something else wrong :( [17:40] sudo grep -a CF_API_ /proc/$(systemctl show --value -p MainPID traefik)/environ [17:41] ah, I was too slow ;) [17:41] but your command was fancier :) [17:42] I guess I can go ask the traefik peeps [17:44] oh wait hold on [17:44] this is with the manually exported values. Let me kill my root process and systemctl start it with the traefik user [17:44] * runelind_q facepalms [17:45] runelind_q: word of advise when doing tests as root: any file created when doing your test will be impossible to write by the low-priv user afterwards... which may cause you headaches [17:45] noted [17:47] ok, now that I'm running it as the traefik user, I don't see the environment variables at all. [17:49] runelind_q: what do you get from: sudo grep -a CF_API_ /proc/$(systemctl show --value -p MainPID traefik)/environ [17:49] nothing in return at all [17:49] if I just cat it I get some values back [17:49] LANG=C.UTF-8PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binHOME=/var/wwwLOGNAME=traefikUSER=traefikINVOCATION_ID=b52587803e364c05beb88ca0dd98914dJOURNAL_STREAM=9:6600383 [17:50] but I definitely got more values back when running as root [17:50] when running as root, it probably inherited your whole environment [17:51] yes [17:52] does "systemctl show --value -p Environment traefik" looks sane? [17:53] also returns blank [17:53] but ps -ax | grep traefik shows a pid of 28299 [17:53] so I did cat /proc/28299/environ [17:53] and the results were pasted above [17:54] does that match the value returned by: systemctl show --value -p MainPID traefik [17:54] it does [17:56] runelind_q: I'm out of good ideas, at this point I'd try adding 'ExecStartPre=/usr/bin/env' and see if the env ends up in the unit's logs [17:58] runelind_q: I just noticed that your override file doesn't have the [Service] header [17:59] oh, that's a good catch. [18:01] ok, now they show up in systemctl show --value -p Environment traefik :D [18:05] runelind_q: meanwhile, I got this log message when trying to restrict access to a config file: systemd[1]: Configuration file /etc/systemd/system/foo.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. [18:08] runelind_q: because of this, you might want to switch to using EnvironmentFile= pointing to a file that's readable by root only if you care about keeping the API key secret [18:09] sdeziel: thanks, I'll look into it [18:10] you are welcome [18:10] sdeziel: going to wander off and grab some lunch and do further testing in a bit. Thank you very much for your help!