[14:07] <amansi26> blackboxsw: I have raised a pull request https://github.com/canonical/cloud-init/pull/584 for contributing PowerVM specific modules. Can you review the code? I am first time contributor. I am not able to add reviewer to the PR.
[15:10] <blackboxsw> +1 amansi26 I'll check that out today.
[15:10] <blackboxsw> looks like smoser got a first pass on it too
[15:11] <amansi26> Working on those comments from smoser
[15:15] <blackboxsw> amansi26: thanks for starting this upstream for config modules. I think we'll have a couple of iterations on it to align it with how some of the other config modules behave.
[16:02] <meena> blackboxsw: it's been merged
[16:28] <blackboxsw> +1 meena
[16:28] <blackboxsw> thanks again for attending the summit this year. it was super helpful
[16:29] <blackboxsw> thanks all who attended the virtual cloud-init summit this year. It felt useful to reconnect for discussion and "face" time
[16:31] <Odd_Bloke> ananke: I'm reading apt-key's manpage again, and on buster it says "Instead of using this command a keyring should be placed directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive name and either "gpg" or "asc" as file extension."  Were you using .asc as the file extension when trying to put ASCII-armored keys there?
[16:44] <ananke> Odd_Bloke: yes, I've tried both .gpg and .asc, neither of them seemed to work
[16:45] <Odd_Bloke> Hmm, interesting.
[16:45] <ananke> on a side note, apt-key appears to be deprecated for the most part
[16:46] <Odd_Bloke> Yeah, it is 100% deprecated.
[16:46] <Odd_Bloke> We need to move off of it, for sure.
[16:46] <ananke> so while using the original key with apt-key 'add' command would work (I've tested it), but that also requires gnupg
[16:47] <ananke> the result is added to the main keyring
[16:47] <ananke> so my current approach is to use write_file module, where the contents is populated by the following:
[16:47] <ananke> wget -q -O - https://deb.parrotsec.org/parrot/misc/parrotsec.gpg | gpg --no-default-keyring --keyring ./tempfile.gpg --import
[16:47] <ananke> gpg --no-default-keyring --keyring ./tempfile.gpg --export | gzip | base64
[16:48] <ananke> this exports the keyring in format that's accepted by apt, and can be dropped into /etc/apt/trusted.gpg.d/
[16:48] <Odd_Bloke> But it's broken in Debian because gnupg isn't present; if we need to convert given keys to a specific format for trusted.gpg.d then we need gnupg regardless and dropping apt-key usage won't help us with that.
[16:48] <ananke> yep
[16:49] <ananke> the nasty side effect of my current approach is the user-data limit imposed by AWS. I keep having to trim comments/etc, and moving code to external scripts
[17:08] <Odd_Bloke> ananke: Can you give me a sources.list.d snippet and a package that's reliably installable from the third-party repo you're configuring, so I can play around a bit locally?
[17:53] <ananke> Odd_Bloke: sure thing, here is a trimmed sample: https://dpaste.com/A2ZF5HHW6
[17:53] <ananke> this is fed to the official debian 10.5 AMI
[18:36] <Odd_Bloke> ananke: Hmm, I'm not using an AMI but I don't see certificate issues but do see "Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 137.226.34.46 443]"
[18:36] <Odd_Bloke> This is using apt directly, not via cloud-init.
[19:14] <ananke> Odd_Bloke: have you imported the key?
[19:15] <ananke> the two lines earlier should work on vanilla debian, second line can be simply: gpg --no-default-keyring --keyring ./tempfile.gpg --export > /etc/apt/trusted.gpg.d/parrotos.gpg
[19:59] <ayyvee> Hello all! I'm running into a situation in a cloud-config a command in our `runcmd` block is erroring out but the config script continues to run and because the last command in the block exits with a zero exit code, cloud-init thinks that the script passed! Any advice on this front?
[20:05] <Odd_Bloke> ayyvee: You could add `set -e` to your script, which would cause it to exit if any command (or, rather, pipeline) exits non-zero.
[20:06] <Odd_Bloke> Note that you may discover that other things in your script exit non-zero which you don't want to be fatal; you'll either want to address the reason those are exiting non-zero, or ensure that the pipeline exits zero by appending `|| true`
[20:14] <ayyvee> Can you do that in ` #cloud-config` file? Or do you just add `set -e` as the first entry in the list after `runcmd`?
[20:16] <Odd_Bloke> ayyvee: Ah, apologies, I think I misunderstood your question!  Are you able to pastebin (http://paste.ubuntu.com) your cloud-config?
[20:38] <ayyvee> https://paste.ubuntu.com/p/6DDSP585hx/
[21:02] <ayyvee> Odd_Bloke lmk if i should provide anything else
[21:16] <rharper> ayyvee: runcmd is converted into a single shell script;, you can see the output by looking at /var/lib/cloud/instance/scripts/runcmd  ;
[21:17] <rharper> ayyvee: to your point;  I believe if you add the set -e ; then it should exit on error rather than running to completion;
[21:21] <rharper> ayyvee:  https://paste.ubuntu.com/p/BKyGjfK4RY/
[21:26] <ayyvee> ah! excellent thank you all!
[21:26] <ayyvee> very helpful :)