MAAS

Trusty deployments fail when custom archive keys are configured

Bug #1743966 reported by Christian Reis on 2018-01-18

This bug affects 3 people

	Status	Importance	Assigned to	Milestone
MAAS	Fix Released	High	Andres Rodriguez	MAAS 2.4.0alpha2
2.3	Fix Released	High	Andres Rodriguez	MAAS 2.3.1
cloud-init (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

TLDR: when MAAS is configured to use custom archives, Trusty deployments fail.

When custom archive configurations are in use, MAAS renders cloud-init config which cloud-init reads in order to set up apt details.

The cloud-init config format it renders is only compatible with the cloud-init in Xenial. That version is currently:

0.7.9-153-g16a7302f-0ubuntu1~16.04.2

It looks something like this:

        apt:
          source1:
              source: "deb http://packages.chef.io/repos/apt/stable
              $RELEASE main"
                  key: |
                        -----BEGIN PGP PUBLIC KEY BLOCK-----

I fetched that example from http://cloudinit.readthedocs.io/en/latest/topics/examples.html

The cloud-init version in Trusty is 0.7.5-0ubuntu1.22 and the equivalent stanza looks like this:

        apt_sources:
         - source: "deb http://apt.opscode.com/ $RELEASE-0.10 main"
            key: |
                 -----BEGIN PGP PUBLIC KEY BLOCK-----

I fetched that example from http://cloudinit.readthedocs.io/en/0.7.7/topics/examples.html

Looking at src/maasserver/compose_preseed.py:get_archive_config() it seems that MAAS only supports the Xenial-hosted version's format. That breaks the custom archives feature.

Tags:

Related branches

~andreserl/maas:lp1743966_backport_trusty_repo_workaround

Merged into maas:2.3

Andres Rodriguez (community): Approve on 2018-02-21

~andreserl/maas:lp1743966_workaround_to_add_archive_key

Merged into maas:master

Blake Rouse (community): Approve on 2018-02-20

Gábor Mészáros (community): Approve on 2018-01-21

Revision history for this message

Christian Reis (kiko) wrote on 2018-01-18:

There are at least two ways this could be fixed:

1. To backport the cloud-init change to Trusty; note that cloud-init is backwards-compatible and widely tested, but also widely in use
2. To have MAAS generate stanzas in both formats, selecting the right one according to the ephemeral environment being used.

It would be worth considering what will happen as cloud-init continues to evolve and our LTS backlog grows due to ESM.

Revision history for this message

Christian Reis (kiko) wrote on 2018-01-18:

Note that https://help.ubuntu.com/community/CloudInit still documents the old stanza format.

Revision history for this message

Christian Reis (kiko) wrote on 2018-01-18:

(Presumably because it's still accepted by cloud-init)

Blake Rouse (blake-rouse) on 2018-01-18

Changed in maas:
status:	New → Triaged
importance:	Undecided → Critical

Andres Rodriguez (andreserl) on 2018-01-18

Changed in maas:
assignee:	nobody → Andres Rodriguez (andreserl)
importance:	Critical → High

Gábor Mészáros (gabor.meszaros) on 2018-01-18

tags:	added: cpe-onsite
tags:	added: 4010

Revision history for this message

Andres Rodriguez (andreserl) wrote on 2018-01-18:

@Kiko,

I've tested a deployment of trusty and confirm that the deployed system does end up with the configuration of the custom repository. This is because the configuration happens by curtin.

However, the difference between trusty and xenial is that the custom repository is not available in the ephemeral environment, which I'm guessing its what's affecting you.

As such, can you confirm what customizations you are doing that are causing the deployment failure ?

Changed in maas:
status:	Triaged → Incomplete

Andres Rodriguez (andreserl) on 2018-01-18

Changed in maas:
status:	Incomplete → In Progress
status:	In Progress → Triaged

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-01-18:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cloud-init (Ubuntu):
status:	New → Confirmed

Revision history for this message

Scott Moser (smoser) wrote on 2018-01-18:

I'm wondering if you possibly were hitting bug 1744038.

MAAS can declare (and actually, i think *does* declare) both old format configuration of apt and new format configuration. That would cover trusty and later. If you declare both, though, there is code in cloud-init that insists they are consistent with each other. Because otherwise it wouldnt know which value was "correct".

I'm marking incomplete. Can you give example of *what* is faling ?

Changed in cloud-init (Ubuntu):
status:	Confirmed → Incomplete

Revision history for this message

Christian Reis (kiko) wrote on 2018-01-19:

MAAS does? I am looking at src/maasserver/compose_preseed.py:get_archive_config() and I don't see apt_sources anyway.

Revision history for this message

Andres Rodriguez (andreserl) wrote on 2018-01-19:

For posterity, MAAS trusty configuration uses package_mirrors to change the archive the machines should access. Such configuration does not support specifying a key for a custom mirror.

That said, the deployed machine will end up with the correct configuration, but the deployment ephemeral environment doesn't.

The reason this is an issue is becuase that instead of creating an additional reposiutory with the software, a custom mirror is being created, with additional packages, and completely re-signed.

Andres Rodriguez (andreserl) on 2018-01-19

summary:

- Trusty deployments fail when custom archives are configured
+ Trusty deployments fail when custom archive keys are configured

Revision history for this message

Ondrej Kuchar (ondrej-kuchar) wrote on 2018-01-22:

maas Edit (3.8 KiB, text/plain)

I applied the patch on MaaS 2.2.3 and seems it broke deployment of nodes where `if third_party_drivers` condition is true in /etc/maas/preseeds/curtin_userdata.

I'm attaching part of /var/log/maas/regiond.log where it failed.

Revision history for this message

Ondrej Kuchar (ondrej-kuchar) wrote on 2018-01-22:

#10

curtin_userdata Edit (2.3 KiB, text/plain)

our curtin_userdata file

Andres Rodriguez (andreserl) on 2018-02-20

Changed in cloud-init (Ubuntu):
assignee:	nobody → Andres Rodriguez (andreserl)
importance:	Undecided → High
importance:	High → Undecided
assignee:	Andres Rodriguez (andreserl) → nobody
Changed in maas:
milestone:	none → 2.4.0alpha2

MAAS Lander (maas-lander) on 2018-02-20

Changed in maas:
status:	Triaged → Fix Committed

Andres Rodriguez (andreserl) on 2018-03-13

Changed in maas:
status:	Fix Committed → Fix Released

Michał Ajduk (majduk) on 2018-12-12

tags:

removed: 4010

Revision history for this message

Ryan Harper (raharper) wrote on 2019-04-04:

#11

I'm closing the cloud-init task; If there is further information about what cloud-init would need to do here, please reopen.

Changed in cloud-init (Ubuntu):
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.