=== vrubiolo1 is now known as vrubiolo [14:07] blackboxsw: I have raised a pull request https://github.com/canonical/cloud-init/pull/584 for contributing PowerVM specific modules. Can you review the code? I am first time contributor. I am not able to add reviewer to the PR. [15:10] +1 amansi26 I'll check that out today. [15:10] looks like smoser got a first pass on it too [15:11] Working on those comments from smoser [15:15] amansi26: thanks for starting this upstream for config modules. I think we'll have a couple of iterations on it to align it with how some of the other config modules behave. [16:02] blackboxsw: it's been merged [16:28] +1 meena [16:28] thanks again for attending the summit this year. it was super helpful [16:29] thanks all who attended the virtual cloud-init summit this year. It felt useful to reconnect for discussion and "face" time [16:31] ananke: I'm reading apt-key's manpage again, and on buster it says "Instead of using this command a keyring should be placed directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive name and either "gpg" or "asc" as file extension." Were you using .asc as the file extension when trying to put ASCII-armored keys there? [16:44] Odd_Bloke: yes, I've tried both .gpg and .asc, neither of them seemed to work [16:45] Hmm, interesting. [16:45] on a side note, apt-key appears to be deprecated for the most part [16:46] Yeah, it is 100% deprecated. [16:46] We need to move off of it, for sure. [16:46] so while using the original key with apt-key 'add' command would work (I've tested it), but that also requires gnupg [16:47] the result is added to the main keyring [16:47] so my current approach is to use write_file module, where the contents is populated by the following: [16:47] wget -q -O - https://deb.parrotsec.org/parrot/misc/parrotsec.gpg | gpg --no-default-keyring --keyring ./tempfile.gpg --import [16:47] gpg --no-default-keyring --keyring ./tempfile.gpg --export | gzip | base64 [16:48] this exports the keyring in format that's accepted by apt, and can be dropped into /etc/apt/trusted.gpg.d/ [16:48] But it's broken in Debian because gnupg isn't present; if we need to convert given keys to a specific format for trusted.gpg.d then we need gnupg regardless and dropping apt-key usage won't help us with that. [16:48] yep [16:49] the nasty side effect of my current approach is the user-data limit imposed by AWS. I keep having to trim comments/etc, and moving code to external scripts [17:08] ananke: Can you give me a sources.list.d snippet and a package that's reliably installable from the third-party repo you're configuring, so I can play around a bit locally? [17:53] Odd_Bloke: sure thing, here is a trimmed sample: https://dpaste.com/A2ZF5HHW6 [17:53] this is fed to the official debian 10.5 AMI [18:36] ananke: Hmm, I'm not using an AMI but I don't see certificate issues but do see "Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. Could not handshake: Error in the certificate verification. [IP: 137.226.34.46 443]" [18:36] This is using apt directly, not via cloud-init. [19:14] Odd_Bloke: have you imported the key? [19:15] the two lines earlier should work on vanilla debian, second line can be simply: gpg --no-default-keyring --keyring ./tempfile.gpg --export > /etc/apt/trusted.gpg.d/parrotos.gpg [19:59] Hello all! I'm running into a situation in a cloud-config a command in our `runcmd` block is erroring out but the config script continues to run and because the last command in the block exits with a zero exit code, cloud-init thinks that the script passed! Any advice on this front? [20:05] ayyvee: You could add `set -e` to your script, which would cause it to exit if any command (or, rather, pipeline) exits non-zero. [20:06] Note that you may discover that other things in your script exit non-zero which you don't want to be fatal; you'll either want to address the reason those are exiting non-zero, or ensure that the pipeline exits zero by appending `|| true` [20:14] Can you do that in ` #cloud-config` file? Or do you just add `set -e` as the first entry in the list after `runcmd`? [20:16] ayyvee: Ah, apologies, I think I misunderstood your question! Are you able to pastebin (http://paste.ubuntu.com) your cloud-config? [20:38] https://paste.ubuntu.com/p/6DDSP585hx/ [21:02] Odd_Bloke lmk if i should provide anything else [21:16] ayyvee: runcmd is converted into a single shell script;, you can see the output by looking at /var/lib/cloud/instance/scripts/runcmd ; [21:17] ayyvee: to your point; I believe if you add the set -e ; then it should exit on error rather than running to completion; [21:21] ayyvee: https://paste.ubuntu.com/p/BKyGjfK4RY/ [21:26] ah! excellent thank you all! [21:26] very helpful :)