yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1574113] Re: curtin/maas don't support multiple (derived) archives/repositories with custom keys

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Scott Moser <ssmoser2+ubuntu@xxxxxxxxx>
Date: Fri, 15 Dec 2017 22:10:26 -0000
Reply-to: Bug 1574113 <1574113@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug is believed to be fixed in curtin in 17.1. If this is still a
problem for you, please make a comment and set the state back to New

Thank you.

** Changed in: curtin
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1574113

Title:
  curtin/maas don't support multiple (derived) archives/repositories
  with custom keys

Status in cloud-init:
  Fix Released
Status in curtin:
  Fix Released
Status in MAAS:
  Fix Released
Status in MAAS 1.9 series:
  Won't Fix
Status in cloud-init package in Ubuntu:
  Fix Released
Status in curtin package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Committed
Status in curtin source package in Xenial:
  Fix Released

Bug description:
  [Impact]

   * Curtin doesn't support multiple derived archive/repositories with
     custom keys as typically deployed in an offline Landscape deployment.
     Adding the custom key resulted in an error when processing the
     apt_source configuration as provided in this setup.

     Curtin has been updated to support the updated apt-source model
     implemented in cloud-init as well.  Together the existing Landscape
     deployments for offline users can now supply an apt-source config
     that updates curtin to use the specified derived repository with a
     custom key.
     
  [Test Case]

   * Install proposed curtin package and deploy a system behind a
     Landscape Offline configuration with a derived repo.

    PASS: Curtin will successfully accept the derived repo and install the
          system from the specified apt repository.

    FAIL: Curtin will fail to install the OS with an error like:

    W: GPG error: http://100.107.231.166 trusty InRelease:
    The following signatures couldn't be verified because the public key
    is not available: NO_PUBKEY 2C6F2731D2B38BD3
    E: There are problems and -y was used without --force-yes

    Unexpected error while running command.
    Command: ['chroot', '/tmp/tmpcEfTLw/target', 'eatmydata', 'apt-get',
              '--quiet', '--assume-yes',
              '--option=Dpkg::options::=--force-unsafe-io',
              '--option=Dpkg::Options::=--force-confold', 'install',
              'lvm2', 'ifenslave']
    Exit code: 100
    

  [Regression Potential]

   * Other users of previous curtin 'apt_source' configurations may not
     continue to work without re-formatting the apt_source configuration.

  
  [Original Description]

  In a customer environment I have to deploy using offline resources (no
  internet connection at all), so I created apt mirror and MAAS images
  mirror. I configured MAAS  to use the local  mirrors and I'm able to
  commission the nodes but I'm not able to deploy the nodes because
  there is no way to add gpg key of the local repo in target before the
  'late' stage'.

  Using curtin I'm able to add the key but too late, in fact  according
  with http://bazaar.launchpad.net/~curtin-
  dev/curtin/trunk/view/head:/curtin/commands/install.py#L52 "late"
  stage is executed  after "curthooks" this prevent to add the key.

  I checked also apt_config function in curthooks.py  I did't see code
  that add the key for each mirror.

  It should be possible to add gpg public of the repository in maas.

  ----------------------------------
  configs/config-000.cfg
  ----------------------------------

  #cloud-config
  debconf_selections:
   maas: |
    cloud-init   cloud-init/datasources  multiselect MAAS
    cloud-init   cloud-init/maas-metadata-url  string http://100.107.231.164/MAAS/metadata/
    cloud-init   cloud-init/maas-metadata-credentials  string oauth_token_key=8eZmzQWSSQzsUkaLnE&oauth_token_secret=LKmn8sHgzEXfvzSZePAa9jUXvTMRrFNP&oauth_consumer_key=htwDZJFtmv2YvQXhUW
    cloud-init   cloud-init/local-cloud-config  string apt_preserve_sources_list: true\nmanage_etc_hosts: false\nmanual_cache_clean: true\nreporting:\n  maas: {consumer_key: htwDZJFtmv2YvQXhUW, endpoint: 'http://100.107.231.164/MAAS/metadata/status/node-61b6987c-07a7-11e6-9d23-5254003d2515',\n    token_key: 8eZmzQWSSQzsUkaLnE, token_secret: LKmn8sHgzEXfvzSZePAa9jUXvTMRrFNP,\n    type: webhook}\nsystem_info:\n  package_mirrors:\n  - arches: [i386, amd64]\n    failsafe: {primary: 'http://archive.ubuntu.com/ubuntu', security: 'http://security.ubuntu.com/ubuntu'}\n    search:\n      primary: ['http://100.107.231.166/']\n      security: ['http://100.107.231.166/']\n  - arches: [default]\n    failsafe: {primary: 'http://ports.ubuntu.com/ubuntu-ports', security: 'http://ports.ubuntu.com/ubuntu-ports'}\n    search:\n      primary: ['http://ports.ubuntu.com/ubuntu-ports']\n      security: ['http://ports.ubuntu.com/ubuntu-ports']\n
  late_commands:
    maas: [wget, '--no-proxy', 'http://100.107.231.164/MAAS/metadata/latest/by-id/node-61b6987c-07a7-11e6-9d23-5254003d2515/', '--post-data', 'op=netboot_off', '-O', '/dev/null']
    apt_key: ["curtin", "in-target", "--", "sh", "-c", "/usr/bin/wget --no-proxy -qO - http://100.107.231.166/magellan.key | apt-key add -"]
  power_state:
    mode: reboot
  apt_mirrors:
    ubuntu_archive: http://100.107.231.166//
    ubuntu_security: http://100.107.231.166//

  ----- curtin end of log ------
  Leaving 'diversion of /etc/init/ureadahead.conf to /etc/init/ureadahead.conf.disabled by cloud-init'
  Setting up swapspace version 1, size = 8388604 KiB
  no label, UUID=e2fe91bc-91e9-4e43-b50f-209dfcf04089
  Get:1 http://100.107.231.166 trusty InRelease [17.7 kB]
  Get:2 http://100.107.231.166 trusty-updates InRelease [17.7 kB]
  Get:3 http://100.107.231.166 trusty-security InRelease [17.7 kB]
  Ign http://100.107.231.166 trusty InRelease
  Get:4 http://100.107.231.166 trusty/main amd64 Packages [412 kB]
  Ign http://100.107.231.166 trusty-updates InRelease
  Ign http://100.107.231.166 trusty-security InRelease
  Get:5 http://100.107.231.166 trusty/restricted amd64 Packages [20 B]
  Get:6 http://100.107.231.166 trusty/universe amd64 Packages [20 B]
  Get:7 http://100.107.231.166 trusty/multiverse amd64 Packages [20 B]
  Get:8 http://100.107.231.166 trusty-updates/main amd64 Packages [33.0 kB]
  Get:9 http://100.107.231.166 trusty-updates/restricted amd64 Packages [20 B]
  Get:10 http://100.107.231.166 trusty-updates/universe amd64 Packages [20 B]
  Get:11 http://100.107.231.166 trusty-updates/multiverse amd64 Packages [20 B]
  Get:12 http://100.107.231.166 trusty-security/main amd64 Packages [6,578 B]
  Get:13 http://100.107.231.166 trusty-security/restricted amd64 Packages [20 B]
  Get:14 http://100.107.231.166 trusty-security/universe amd64 Packages [20 B]
  Get:15 http://100.107.231.166 trusty-security/multiverse amd64 Packages [20 B]
  Fetched 505 kB in 0s (3,772 kB/s)
  Reading package lists...
  W: GPG error: http://100.107.231.166 trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3
  W: GPG error: http://100.107.231.166 trusty-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3
  W: GPG error: http://100.107.231.166 trusty-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3
  Reading package lists...
  Building dependency tree...
  Reading state information...
  The following extra packages will be installed:
    libdevmapper-event1.02.1 libreadline5 watershed
  Suggested packages:
    thin-provisioning-tools
  The following NEW packages will be installed:
    ifenslave libdevmapper-event1.02.1 libreadline5 lvm2 watershed
  0 upgraded, 5 newly installed, 0 to remove and 10 not upgraded.
  Need to get 635 kB of archives.
  After this operation, 1,885 kB of additional disk space will be used.
  WARNING: The following packages cannot be authenticated!
    libdevmapper-event1.02.1 libreadline5 ifenslave watershed lvm2
  E: There are problems and -y was used without --force-yes
  Unexpected error while running command.
  Command: ['chroot', '/tmp/tmpcEfTLw/target', 'eatmydata', 'apt-get', '--quiet', '--assume-yes', '--option=Dpkg::options::=--force-unsafe-io', '--option=Dpkg::Options::=--force-confold', 'install', 'lvm2', 'ifenslave']
  Exit code: 100
  Reason: -
  Stdout: ''
  Stderr: ''
  builtin command failed
  Installation failed with exception: Unexpected error while running command.
  Command: ['curtin', 'curthooks']
  Exit code: 3
  Reason: -
  Stdout: "Leaving 'diversion of /etc/init/ureadahead.conf to /etc/init/ureadahead.conf.disabled by cloud-init'\nSetting up swapspace version 1, size = 8388604 KiB\nno label, UUID=e2fe91bc-91e9-4e43-b50f-209dfcf04089\nGet:1 http://100.107.231.166 trusty InRelease [17.7 kB]\nGet:2 http://100.107.231.166 trusty-updates InRelease [17.7 kB]\nGet:3 http://100.107.231.166 trusty-security InRelease [17.7 kB]\nIgn http://100.107.231.166 trusty InRelease\nGet:4 http://100.107.231.166 trusty/main amd64 Packages [412 kB]\nIgn http://100.107.231.166 trusty-updates InRelease\nIgn http://100.107.231.166 trusty-security InRelease\nGet:5 http://100.107.231.166 trusty/restricted amd64 Packages [20 B]\nGet:6 http://100.107.231.166 trusty/universe amd64 Packages [20 B]\nGet:7 http://100.107.231.166 trusty/multiverse amd64 Packages [20 B]\nGet:8 http://100.107.231.166 trusty-updates/main amd64 Packages [33.0 kB]\nGet:9 http://100.107.231.166 trusty-updates/restricted amd64 Packages [20 B]\nGet:10 http://100.107.231.166 trusty-updates/universe amd64 Packages [20 B]\nGet:11 http://100.107.231.166 trusty-updates/multiverse amd64 Packages [20 B]\nGet:12 http://100.107.231.166 trusty-security/main amd64 Packages [6,578 B]\nGet:13 http://100.107.231.166 trusty-security/restricted amd64 Packages [20 B]\nGet:14 http://100.107.231.166 trusty-security/universe amd64 Packages [20 B]\nGet:15 http://100.107.231.166 trusty-security/multiverse amd64 Packages [20 B]\nFetched 505 kB in 0s (3,772 kB/s)\nReading package lists...\nW: GPG error: http://100.107.231.166 trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3\nW: GPG error: http://100.107.231.166 trusty-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3\nW: GPG error: http://100.107.231.166 trusty-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3\nReading package lists...\nBuilding dependency tree...\nReading state information...\nThe following extra packages will be installed:\n  libdevmapper-event1.02.1 libreadline5 watershed\nSuggested packages:\n  thin-provisioning-tools\nThe following NEW packages will be installed:\n  ifenslave libdevmapper-event1.02.1 libreadline5 lvm2 watershed\n0 upgraded, 5 newly installed, 0 to remove and 10 not upgraded.\nNeed to get 635 kB of archives.\nAfter this operation, 1,885 kB of additional disk space will be used.\nWARNING: The following packages cannot be authenticated!\n  libdevmapper-event1.02.1 libreadline5 ifenslave watershed lvm2\nE: There are problems and -y was used without --force-yes\nUnexpected error while running command.\nCommand: ['chroot', '/tmp/tmpcEfTLw/target', 'eatmydata', 'apt-get', '--quiet', '--assume-yes', '--option=Dpkg::options::=--force-unsafe-io', '--option=Dpkg::Options::=--force-confold', 'install', 'lvm2', 'ifenslave']\nExit code: 100\nReason: -\nStdout: ''\nStderr: ''\n"
  Stderr: ''
  failed posting event: finish: cmd-install: FAIL: curtin command install [[http://100.107.231.164/MAAS/metadata/status/node-61b6987c-07a7-11e6-9d23-5254003d2515] http error: 400]
  Unexpected error while running command.
  Command: ['curtin', 'curthooks']
  Exit code: 3
  Reason: -
  Stdout: "Leaving 'diversion of /etc/init/ureadahead.conf to /etc/init/ureadahead.conf.disabled by cloud-init'\nSetting up swapspace version 1, size = 8388604 KiB\nno label, UUID=e2fe91bc-91e9-4e43-b50f-209dfcf04089\nGet:1 http://100.107.231.166 trusty InRelease [17.7 kB]\nGet:2 http://100.107.231.166 trusty-updates InRelease [17.7 kB]\nGet:3 http://100.107.231.166 trusty-security InRelease [17.7 kB]\nIgn http://100.107.231.166 trusty InRelease\nGet:4 http://100.107.231.166 trusty/main amd64 Packages [412 kB]\nIgn http://100.107.231.166 trusty-updates InRelease\nIgn http://100.107.231.166 trusty-security InRelease\nGet:5 http://100.107.231.166 trusty/restricted amd64 Packages [20 B]\nGet:6 http://100.107.231.166 trusty/universe amd64 Packages [20 B]\nGet:7 http://100.107.231.166 trusty/multiverse amd64 Packages [20 B]\nGet:8 http://100.107.231.166 trusty-updates/main amd64 Packages [33.0 kB]\nGet:9 http://100.107.231.166 trusty-updates/restricted amd64 Packages [20 B]\nGet:10 http://100.107.231.166 trusty-updates/universe amd64 Packages [20 B]\nGet:11 http://100.107.231.166 trusty-updates/multiverse amd64 Packages [20 B]\nGet:12 http://100.107.231.166 trusty-security/main amd64 Packages [6,578 B]\nGet:13 http://100.107.231.166 trusty-security/restricted amd64 Packages [20 B]\nGet:14 http://100.107.231.166 trusty-security/universe amd64 Packages [20 B]\nGet:15 http://100.107.231.166 trusty-security/multiverse amd64 Packages [20 B]\nFetched 505 kB in 0s (3,772 kB/s)\nReading package lists...\nW: GPG error: http://100.107.231.166 trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3\nW: GPG error: http://100.107.231.166 trusty-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3\nW: GPG error: http://100.107.231.166 trusty-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2C6F2731D2B38BD3\nReading package lists...\nBuilding dependency tree...\nReading state information...\nThe following extra packages will be installed:\n  libdevmapper-event1.02.1 libreadline5 watershed\nSuggested packages:\n  thin-provisioning-tools\nThe following NEW packages will be installed:\n  ifenslave libdevmapper-event1.02.1 libreadline5 lvm2 watershed\n0 upgraded, 5 newly installed, 0 to remove and 10 not upgraded.\nNeed to get 635 kB of archives.\nAfter this operation, 1,885 kB of additional disk space will be used.\nWARNING: The following packages cannot be authenticated!\n  libdevmapper-event1.02.1 libreadline5 ifenslave watershed lvm2\nE: There are problems and -y was used without --force-yes\nUnexpected error while running command.\nCommand: ['chroot', '/tmp/tmpcEfTLw/target', 'eatmydata', 'apt-get', '--quiet', '--assume-yes', '--option=Dpkg::options::=--force-unsafe-io', '--option=Dpkg::Options::=--force-confold', 'install', 'lvm2', 'ifenslave']\nExit code: 100\nReason: -\nStdout: ''\nStderr: ''\n"
  Stderr: ''

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1574113/+subscriptions