=== vrubiolo1 is now known as vrubiolo | ||
amansi26 | blackboxsw: I have raised a pull request https://github.com/canonical/cloud-init/pull/584 for contributing PowerVM specific modules. Can you review the code? I am first time contributor. I am not able to add reviewer to the PR. | 14:07 |
---|---|---|
blackboxsw | +1 amansi26 I'll check that out today. | 15:10 |
blackboxsw | looks like smoser got a first pass on it too | 15:10 |
amansi26 | Working on those comments from smoser | 15:11 |
blackboxsw | amansi26: thanks for starting this upstream for config modules. I think we'll have a couple of iterations on it to align it with how some of the other config modules behave. | 15:15 |
meena | blackboxsw: it's been merged | 16:02 |
blackboxsw | +1 meena | 16:28 |
blackboxsw | thanks again for attending the summit this year. it was super helpful | 16:28 |
blackboxsw | thanks all who attended the virtual cloud-init summit this year. It felt useful to reconnect for discussion and "face" time | 16:29 |
Odd_Bloke | ananke: I'm reading apt-key's manpage again, and on buster it says "Instead of using this command a keyring should be placed directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive name and either "gpg" or "asc" as file extension." Were you using .asc as the file extension when trying to put ASCII-armored keys there? | 16:31 |
ananke | Odd_Bloke: yes, I've tried both .gpg and .asc, neither of them seemed to work | 16:44 |
Odd_Bloke | Hmm, interesting. | 16:45 |
ananke | on a side note, apt-key appears to be deprecated for the most part | 16:45 |
Odd_Bloke | Yeah, it is 100% deprecated. | 16:46 |
Odd_Bloke | We need to move off of it, for sure. | 16:46 |
ananke | so while using the original key with apt-key 'add' command would work (I've tested it), but that also requires gnupg | 16:46 |
ananke | the result is added to the main keyring | 16:47 |
ananke | so my current approach is to use write_file module, where the contents is populated by the following: | 16:47 |
ananke | wget -q -O - https://deb.parrotsec.org/parrot/misc/parrotsec.gpg | gpg --no-default-keyring --keyring ./tempfile.gpg --import | 16:47 |
ananke | gpg --no-default-keyring --keyring ./tempfile.gpg --export | gzip | base64 | 16:47 |
ananke | this exports the keyring in format that's accepted by apt, and can be dropped into /etc/apt/trusted.gpg.d/ | 16:48 |
Odd_Bloke | But it's broken in Debian because gnupg isn't present; if we need to convert given keys to a specific format for trusted.gpg.d then we need gnupg regardless and dropping apt-key usage won't help us with that. | 16:48 |
ananke | yep | 16:48 |
ananke | the nasty side effect of my current approach is the user-data limit imposed by AWS. I keep having to trim comments/etc, and moving code to external scripts | 16:49 |
Odd_Bloke | ananke: Can you give me a sources.list.d snippet and a package that's reliably installable from the third-party repo you're configuring, so I can play around a bit locally? | 17:08 |
ananke | Odd_Bloke: sure thing, here is a trimmed sample: https://dpaste.com/A2ZF5HHW6 | 17:53 |
ananke | this is fed to the official debian 10.5 AMI | 17:53 |
Odd_Bloke | ananke: Hmm, I'm not using an AMI but I don't see certificate issues but do see "Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 137.226.34.46 443]" | 18:36 |
Odd_Bloke | This is using apt directly, not via cloud-init. | 18:36 |
ananke | Odd_Bloke: have you imported the key? | 19:14 |
ananke | the two lines earlier should work on vanilla debian, second line can be simply: gpg --no-default-keyring --keyring ./tempfile.gpg --export > /etc/apt/trusted.gpg.d/parrotos.gpg | 19:15 |
ayyvee | Hello all! I'm running into a situation in a cloud-config a command in our `runcmd` block is erroring out but the config script continues to run and because the last command in the block exits with a zero exit code, cloud-init thinks that the script passed! Any advice on this front? | 19:59 |
Odd_Bloke | ayyvee: You could add `set -e` to your script, which would cause it to exit if any command (or, rather, pipeline) exits non-zero. | 20:05 |
Odd_Bloke | Note that you may discover that other things in your script exit non-zero which you don't want to be fatal; you'll either want to address the reason those are exiting non-zero, or ensure that the pipeline exits zero by appending `|| true` | 20:06 |
ayyvee | Can you do that in ` #cloud-config` file? Or do you just add `set -e` as the first entry in the list after `runcmd`? | 20:14 |
Odd_Bloke | ayyvee: Ah, apologies, I think I misunderstood your question! Are you able to pastebin (http://paste.ubuntu.com) your cloud-config? | 20:16 |
ayyvee | https://paste.ubuntu.com/p/6DDSP585hx/ | 20:38 |
ayyvee | Odd_Bloke lmk if i should provide anything else | 21:02 |
rharper | ayyvee: runcmd is converted into a single shell script;, you can see the output by looking at /var/lib/cloud/instance/scripts/runcmd ; | 21:16 |
rharper | ayyvee: to your point; I believe if you add the set -e ; then it should exit on error rather than running to completion; | 21:17 |
rharper | ayyvee: https://paste.ubuntu.com/p/BKyGjfK4RY/ | 21:21 |
ayyvee | ah! excellent thank you all! | 21:26 |
ayyvee | very helpful :) | 21:26 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!