Canonical Juju

apt-mirror does not override security.ubuntu.com for controller

Bug #1606487 reported by Nobuto Murata on 2016-07-26

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Triaged	Low	Unassigned

Bug Description

Similar with https://bugs.launchpad.net/juju-core/+bug/1599886, but different stage. When trying to bootstrap LXD provider with offline, bootstrap server is still trying to connect to security.ubuntu.com.

$ juju version
2.0-beta13-xenial-amd64

$ cat config.yaml
default-series: xenial
agent-stream: devel
apt-mirror: http://10.0.8.114/mirror/apt-mirror/mirror/archive.ubuntu.com/ubuntu
agent-metadata-url: http://10.0.8.114/mirror/tools
image-metadata-url: https://10.0.8.114/mirror/cloud-images

$ juju bootstrap --config config.yaml localhost lxd --debug
...
Attempting to connect to 10.0.8.153:22
2016-07-26 09:00:25 DEBUG juju.utils.ssh ssh.go:292 using OpenSSH ssh client
Warning: Permanently added '10.0.8.153' (ECDSA) to the list of known hosts.
sudo: unable to resolve host juju-ee9769-0: Connection timed out
Logging to /var/log/cloud-init-output.log on remote host
Changing apt mirror to http://10.0.8.114/mirror/apt-mirror/mirror/archive.ubuntu.com/ubuntu
Running apt-get update
...

[/var/log/cloud-init-output.log on controller]
Cloud-init v. 0.7.7 finished at Tue, 26 Jul 2016 09:00:22 +0000. Datasource DataSourceNoCloud [seed=/var/lib/cloud/seed/nocloud-net][dsmode=net]. Up 8.0 seconds
Err:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Get:2 http://10.0.8.114/mirror/apt-mirror/mirror/archive.ubuntu.com/ubuntu xenial InRelease [247 kB]
...
Get:21 http://10.0.8.114/mirror/apt-mirror/mirror/archive.ubuntu.com/ubuntu xenial-backports/universe Translation-en [300 B]
Fetched 10.3 MB in 1s (5698 kB/s)
Reading package lists...
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

Tags:

Revision history for this message

Anastasia (anastasia-macmood) wrote on 2016-07-26:

We do look into all location known to Juju. This means trying to connect to all defaults.

In most case, though, we try to connect to user-specified locations first. It does not appear to be the case here.

Did you bootstrap successfully?

Changed in juju-core:
assignee:	nobody → Anastasia (anastasia-macmood)
status:	New → Incomplete
assignee:	Anastasia (anastasia-macmood) → nobody

Revision history for this message

Nobuto Murata (nobuto) wrote on 2016-07-27:

Bootstrapping itself succeeds as Juju just ignores the warning. My understanding that "$old_mirror" in the "sed" command only covers archive.ubuntu.com, not security.ubuntu.com.
https://github.com/juju/juju/blob/juju-2.0-beta13/cloudconfig/cloudinit/cloudinit_ubuntu.go#L151-L158

$ juju bootstrap --config config.yaml localhost lxd --debug
...
logging to /var/log/cloud-init-output.log on remote host
Changing apt mirror to http://10.0.8.78/mirror/archive.ubuntu.com/ubuntu
Running apt-get update
Running apt-get upgrade
Installing package: curl
Installing package: cpu-checker
Installing package: bridge-utils
Installing package: cloud-utils
Installing package: cloud-image-utils
Installing package: tmux
Fetching tools: curl -sSfw 'tools from %{url_effective} downloaded: HTTP %{http_code}; time %{time_total}s; size %{size_download} bytes; speed %{speed_download} bytes/s ' --retry 10 -o $bin/tools.tar.gz <[http://10.0.8.78/mirror/juju/tools/agent/2.0-beta13/juju-2.0-beta13-xenial-amd64.tgz]>
Bootstrapping Juju machine agent
Starting Juju machine agent (jujud-machine-0)
...

[/etc/apt/sources.list in the controller]
...
deb http://10.0.8.78/mirror/archive.ubuntu.com/ubuntu xenial main restricted
deb-src http://10.0.8.78/mirror/archive.ubuntu.com/ubuntu xenial main restricted
...
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb-src http://security.ubuntu.com/ubuntu xenial-security main restricted
...

Nobuto Murata (nobuto) on 2016-07-27

Changed in juju-core:
status:	Incomplete → New

Anastasia (anastasia-macmood) on 2016-07-27

Changed in juju-core:
status:	New → Triaged
importance:	Undecided → Medium
milestone:	none → 2.0-rc1

Anastasia (anastasia-macmood) on 2016-08-09

Changed in juju-core:
milestone:	2.0-rc1 → 2.0.0

Canonical Juju QA Bot (juju-qa-bot) on 2016-08-23

affects:	juju-core → juju
Changed in juju:
milestone:	2.0.0 → none
milestone:	none → 2.0.0

Curtis Hovey (sinzui) on 2016-10-06

Changed in juju:
milestone:	2.0.0 → 2.0.1

Curtis Hovey (sinzui) on 2016-10-28

Changed in juju:
milestone:	2.0.1 → none

Revision history for this message

Adam Stokes (adam-stokes) wrote on 2019-11-07:

This is still an issue when attempting to do a juju bootstrap/deploy within a restricted environment. Setting `apt-mirror` does not rewrite the urls for `http://security.ubuntu.com/ubuntu` thus making it impossible for a bootstrap to succeed without mucking around with cloud-init data.

The referenced bug https://bugs.launchpad.net/juju/+bug/1599886/comments/12 mentioned some sort of model config to allow us to override this particular setting in the apt sources file, is that something we can consider?

Thanks,
Adam

Revision history for this message

Canonical Juju QA Bot (juju-qa-bot) wrote on 2022-11-03:

This bug has not been updated in 2 years, so we're marking it Low importance. If you believe this is incorrect, please update the importance.

Changed in juju:
importance:	Medium → Low
tags:	added: expirebugs-bot

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.