Error when using "os" hardening since 19.10
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Charm Helpers |
New
|
Undecided
|
Unassigned |
Bug Description
Hello,
Hit the following error [3] while using "juju config ceph-mon harden="os ssh apache mysql". Commit [1] replaces python3-apt import with a helper class, but does not handle [2].
At the moment "os" hardening cannot be used in any charm due to that.
[1] https:/
[3] 2019-12-12 15:16:54 DEBUG juju-log Hardening function 'config_changed'
2019-12-12 15:16:54 DEBUG juju-log Executing hardening module 'run_os_checks'
2019-12-12 15:16:54 DEBUG juju-log Starting OS hardening checks.
2019-12-12 15:16:54 DEBUG juju-log Found user-provided config overrides file '/var/lib/
2019-12-12 15:16:54 DEBUG juju-log No overrides found for 'os'
2019-12-12 15:16:54 DEBUG juju-log Running 'AptConfig' check
2019-12-12 15:16:54 DEBUG config-changed Traceback (most recent call last):
2019-12-12 15:16:54 DEBUG config-changed File "/var/lib/
2019-12-12 15:16:54 DEBUG config-changed hooks.execute(
2019-12-12 15:16:54 DEBUG config-changed File "/var/lib/
2019-12-12 15:16:54 DEBUG config-changed self._hooks[
2019-12-12 15:16:54 DEBUG config-changed File "/var/lib/
2019-12-12 15:16:54 DEBUG config-changed hardener()
2019-12-12 15:16:54 DEBUG config-changed File "/var/lib/
2019-12-12 15:16:54 DEBUG config-changed check.ensure_
2019-12-12 15:16:54 DEBUG config-changed File "/var/lib/
2019-12-12 15:16:54 DEBUG config-changed self.verify_
2019-12-12 15:16:54 DEBUG config-changed File "/var/lib/
2019-12-12 15:16:54 DEBUG config-changed value = apt_pkg.
2019-12-12 15:16:54 DEBUG config-changed AttributeError: module 'charmhelpers.
2019-12-12 15:16:54 ERROR juju.worker.
The removal of the python-apt dependency has its origin in enabling reactive charms venv to not include system Python packages and at the same time have one charm binary support a span of Ubuntu distributions. The need for this came out of the move to Python 3.7 on Ubuntu Disco. python-apt is not developed in a backwards or forward compatible manner and it is tightly coupled with whichever version of the compiled C library version distributed with a system. It is not suitable for distribution as a wheel together with a charm binary.
To fix the specific bug here either the hardening library for apt should learn to call out to `apt-config` or something similar or a wrapper for that could be added to the python-apt compability shim if you think other consumers have an issue with lack for apt-config support.