[13:47] <fr3fou> hello
[13:49] <fr3fou> I'm trying to use cloud-init on Linode which unfortunately, doesn't have support for cloud-init, so I have to do some magic using their "StackScript" thing. I copied this script from GitHub but I think something is wrong because it doesn't seem to be running my cloud config. Can anyone take a look?
[13:49] <fr3fou> https://gist.github.com/fr3fou/1d559364c08fcd274b9a33da44dbc57a
[13:50] <minimal> fr3fou: as Linode do not support cloud-init directly I never saw the point of wrapping cloud-init inside StackScript rather than just using StackScript only
[13:51] <fr3fou> I don't want to rewrite my cloud-init script which is in yaml :/
[13:51] <fr3fou> one thing I couldn't find in the docs for cloud-init - where am I supposed to place my config files? i.e the "userdata"
[13:52] <fr3fou> one thing I couldn't find in the docs for cloud-init - where am I supposed to place my config files? i.e the "userdata". The script I sent places it in `/var/lib/cloud/seed/nocloud-net/user-data`
[13:53] <minimal> don't you provide this when you create the VM in Linode?
[13:55] <minimal> so, for example, if using the linode-cli command you use "--stackscript_data" option
[13:55] <fr3fou> yeah, I provide the cloud-config as a base64 encoded yaml file which then the script decodes and places it in the path I sent above
[13:55] <fr3fou> the file is there, I can cat it
[13:55] <fr3fou> but it doesn't seem to have run
[13:56] <minimal> ok, so did you look at /var/log/cloud-init.log to see what happened?
[13:56] <fr3fou> yeah, can't seem to find logs related to my config
[13:56] <minimal> you may want to enable debugging to get more information in that logfile
[13:58] <fr3fou> I'll do that in a bit
[13:58] <fr3fou> meanwhile, is that the correct directory to place the user-data?
[14:01] <minimal> I think so, however I've never put config there myself
[14:02] <minimal> you can increase logging/debug by changing the file /etc/cloud/cloud.cfg.d/05_logging.cfg
[14:02] <minimal> change the references of "INFO" to "DEBUG"
[14:03] <fr3fou> there are no "INFO" references
[14:03] <fr3fou> they are all set to DEBUG
[14:03] <fr3fou> they are all set to "DEBUG"
[14:04] <minimal> ok, so there should be a lot of details in /var/log/cloud-int.log
[14:05] <fr3fou> http://0x0.st/-h6D.log
[14:05] <fr3fou> here's the full log
[14:11] <minimal> does the file /var/lib/cloud/instance/user-data.txt contain the user-data you provided?
[14:12] <fr3fou> just saw that log line, nope
[14:12] <fr3fou> root@localhost:~# cat /var/lib/cloud/instances/nocloud/user-data.txt
[14:12] <fr3fou> #!/bin/bash
[14:12] <fr3fou> rm -rf -- /var/lib/cloud/seed/nocloud
[14:12] <fr3fou> root@localhost:~# cat /var/lib/cloud/instances/nocloud/user-data.txt.i
[14:12] <fr3fou> Content-Type: multipart/mixed; boundary="[14:12] <fr3fou> MIME-Version: 1.0
[14:12] <fr3fou> Number-Attachments: 1
[14:12] <fr3fou> root@localhost:~# cat /var/lib/cloud/instances/nocloud/user-data.txt
[14:12] <fr3fou> ```
[14:12] <fr3fou> #!/bin/bash
[14:12] <fr3fou> rm -rf -- /var/lib/cloud/seed/nocloud
[14:12] <fr3fou> root@localhost:~# cat /var/lib/cloud/instances/nocloud/user-data.txt.i
[14:12] <fr3fou> Content-Type: multipart/mixed; boundary="[14:12] <fr3fou> MIME-Version: 1.0
[14:12] <fr3fou> Number-Attachments: 1
[14:12] <fr3fou> ```
[14:14] <minimal> so try changing the FILE_USERDATA and FILE_METADATA values to use "nocloud" instead of "nocloud-net" perhaps? where did you get that script from?
[14:15] <fr3fou> https://github.com/displague/terraform-linode-cloudinit-example/blob/master/stackscript.sh
[14:18] <fr3fou> changed it, will test it rn
[14:20] <minimal> just wondering where the "rm -rf -- /var/lib/cloud/seed/nocloud" is coming from
[14:21] <fr3fou> sam
[14:21] <fr3fou> same
[14:23] <fr3fou> root@localhost:~# cat /var/lib/cloud/instances/nocloud/user-data.txt
[14:23] <fr3fou> #!/bin/bash
[14:23] <fr3fou> rm -rf -- /var/lib/cloud/seed/nocloud
[14:23] <fr3fou> sitll the same content wtf
[14:28] <minimal> so you have the init.tpl file with the user-data contents that you want to use?
[14:30] <fr3fou> it's slightly different in my code
[14:30] <fr3fou>   stackscript_id   = linode_stackscript.cloud-init.id
[14:30] <fr3fou>   stackscript_data = {
[14:30] <fr3fou>     "userdata" = base64encode(templatefile("cloud-init/setup.tmpl.yaml", {
[14:30] <fr3fou>       ip_whitelist_string = join(" ", var.ip_whitelist)
[14:30] <fr3fou>       domain              = var.root_domain
[14:30] <fr3fou>       default_ssh_key     = var.default_ssh_key
[14:30] <fr3fou>     }))
[14:30] <fr3fou>   }
[14:30] <fr3fou> here's my terraform config
[14:32] <fr3fou> my file is there though
[14:36] <minimal> not sure what is going on. Have you tried testing the original Terraform including the original user-data?
[14:37] <minimal> if that works then it would point to your changes introducing problems
[14:37] <minimal> if the original does not work however then that's a different situation
[14:38] <fr3fou> lemme see
[14:39] <minimal> for example the original had stackscript_id  = "${linode_stackscript.cloudinit_stackscript.id}", which is clearly assigning a variable value
[14:39] <minimal> whereas your code has stackscript_id   = linode_stackscript.cloud-init.id
[14:39] <fr3fou> that's just old terraform syntax
[14:39] <fr3fou> it's the same thing
[14:40] <fr3fou> the way the original one uses the template resource is also deprecated
[14:40] <minimal> no "${}". I'm not saying that is the issue, just that its a difference. Yes I realise terraform syntax has changed over time, I haven't kept up with the changes :-)
[14:41] <fr3fou> my IDE tells me I can remove the "${}" when wrapping it with "${}"
[14:42] <minimal> anyway I'd recommend trying to get the original stuff working (with any revisions necessary for recent Terraform changes) before introducing your own changes.
[14:46] <fr3fou> sure
[14:57] <fr3fou> nope, doesn't seem to work
[14:58] <minimal> is it behaving the same? the same user-data contents visible in /var/lib/cloud/instance/user-data?
[14:58] <fr3fou> cat /var/lib/cloud/instances/nocloud/user-data.txt
[14:58] <fr3fou> #!/bin/bash
[14:58] <fr3fou> rm -rf -- /var/lib/cloud/seed/nocloud
[14:58] <fr3fou> yeah
[15:03] <minimal> fr3fou: how do you view a stackscript?
[15:04] <fr3fou> where? on linode?
[15:05] <minimal> yes, trying to see the actual contents of the stackscript that terraform is using
[15:06] <fr3fou> https://i.imgur.com/1Bj4vqf.png
[15:08] <minimal> though the original author's stackscript was a "community" script that would be viewable in some way without a Lindone account (just to verify its contents make the github repo's contents), I guess not
[15:09] <fr3fou> thing is, I'm not using the author's stackscript
[15:09] <fr3fou> I just copy pasted it in my own repo and uploaded my own which has the same contents
[15:17] <minimal> ok. I don't see that "rm -rf" anywhere in the author's repo
[15:24] <fr3fou> yeah, I'm super confused as well
[15:25] <fr3fou> I think I'll just rewrite my cloud-config to a shellscript..
[15:25] <fr3fou> thanks a lot for your time ^^
[15:30] <minimal> I'm interested in figuring out why its not working as I build Alpine Linux cloud-init images intended for various cloud providers, I just haven't gotten around to looking at Linode so far as the whole StackScript thing made it awkward
[15:42] <fr3fou> did I miss something? had to leave for a bit
[15:43] <minimal> nope, its quiet on here today
[15:56] <fr3fou> does the entire runcmd block continue if the previous command failed?
[16:30] <fr3fou> can anyone help me translate this block to shell commands?
[16:30] <fr3fou> users:
[16:30] <fr3fou>   - name: push
[16:30] <fr3fou>     groups:
[16:30] <fr3fou>       - docker
[16:30] <fr3fou>     lock_passwd: true
[16:30] <fr3fou>     shell: /bin/bash
[16:30] <fr3fou>     ssh-authorized-keys:
[16:30] <fr3fou>       - ${default_ssh_key}
[16:30] <fr3fou>     sudo:
[16:30] <fr3fou>       - ALL=(ALL) NOPASSWD:ALL
[16:30] <fr3fou> can't figure out the sudo flags
[17:28] <minimal> fr3fou: with debugging on you should see the resultant shell commands in /var/log/cloud-init.log
[17:29] <minimal> fr3fou: for sudo in user-data I typically use "sudo: ["ALL=(ALL) NOPASSWD:ALL"]"
[17:30] <minimal> however having it the way you do should also work *if* you add quotes around it
[17:30] <minimal> i.e. - "ALL=(ALL) NOPASSWD:ALL"
[17:30] <fr3fou> that cloud config has worked on my DO droplet for 1 month
[17:30] <fr3fou> 🤷‍♂️
[17:39] <minimal> ok, quotes might not be *required* but I use them myself
[17:39] <minimal> anyway as I pointed out the logs, with debug, show the shell command run
[17:40] <minimal> it won't show the sudo stuff though as that's written by Python, not shell, to the sudoers file
[17:51] <fr3fou> is it a good or bad idea to have nopasswd though?
[17:52] <minimal> you mean locked password?
[17:52] <fr3fou> I mean not requiring the password when trying to sudo
[17:53] <minimal> personally I have sshd set for keys only and "lock_passwd: True" for the default user
[17:54] <minimal> so "ssh_pwauth: False" in /etc/cloud/cloud.cfg
[17:54] <fr3fou> right okay
[17:59] <minimal> also best to set "disable_root: True" in the same file to prevent root login via SSH
[18:00] <fr3fou> yeah, I have that