apt proxy setting in cloud-init data not honored by Ubuntu 14.04 lxc image

[Roadmaster]

Github issues are used for bug reports. For support questions, please use our forum.

Please fill the template below as it will greatly help us track down your issue and reproduce it on our side.
Feel free to remove anything which doesn't apply to you and add more information where it makes sense.

Required information

• Distribution: Ubuntu
• Distribution version: 17.10
• The output of "lxc info" or if that fails:
  • Kernel version:
  • LXC version:
  • LXD version:
  • Storage backend in use:

$ lxc info
config:
  images.auto_update_interval: "0"
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
api_status: stable
api_version: "1.0"
auth: trusted
public: false
environment:
  addresses: []
  architectures:
  - x86_64
  - i686
  certificate: |
    -----BEGIN CERTIFICATE-----
    (cert elided)
    -----END CERTIFICATE-----
  certificate_fingerprint: 56a79561fdc0e0522eee7344b887e6f39fe3f71b7a3e4ad10a222a04c50dd591
  driver: lxc
  driver_version: 2.1.0
  kernel: Linux
  kernel_architecture: x86_64
  kernel_version: 4.13.0-16-generic
  server: lxd
  server_pid: 6765
  server_version: "2.18"
  storage: dir
  storage_version: "1"

Issue description

This could be a cloud-init issue, let me know if that's the case and I'll file it with them, but cloud-init has supposedly supported apt proxy config since 2013 or so :(.

When passing a profile with an apt proxy defined in cloud-config data, it isn't honored for Ubuntu 14.04, but it is for 16.04 and 17.10 (I've only tried those).

Steps to reproduce

Assuming you have an apt-cacher-ng or similar at 1.2.3.4:

lxc profile create aptcache2
cat << EOF | lxc profile edit aptcache2
name: aptcache
description: set up apt caching via 1.2.3.4
config:
  user.vendor-data: |
    #cloud-config
    apt:
      proxy: "http://1.2.3.4:3142"
EOF

lxc launch -p default -p aptcache2 ubuntu:14.04 y-u-no-cache
lxc launch -p default -p aptcache2 ubuntu:16.04 i-do-cache

lxc exec y-u-no-cache -- grep -r 3142 /etc/apt/apt.conf.d
lxc exec i-do-cache -- grep -r 3142 /etc/apt/apt.conf.d

Expected result:
Both lxc exec commands should show something like:

/etc/apt/apt.conf.d/90cloud-init-aptproxy:Acquire::http::Proxy "http://1.2.3.4:3142";

Actual result:
Only the command on the 16.04 container shows this, the other container has no proxy settings.

THe 14.04 image has cloud-init Installed: 0.7.5-0ubuntu1.22
The 16.04 image has Installed: 0.7.9-233-ge586fe35-0ubuntu1~16.04.2

Information to attach

• Any relevant kernel output (dmesg)
• Container log (lxc info NAME --show-log)
• Container configuration (lxc config show NAME --expanded)
• Main daemon log (at /var/log/lxd/lxd.log or /var/snap/lxd/common/lxd/logs/lxd.log)
• Output of the client with --debug
• Output of the daemon with --debug (alternatively output of lxc monitor while reproducing the issue)

[stgraber]

I'm reasonably sure that this is because cloud-init in trusty doesn't know about vendor-data. Testing here to confirm.

[stgraber]

hmm, no, vendor-data works fine, only proxy is ignored

[stgraber]

Yeah, the cloud-init version in trusty doesn't support that particular configuration.
Looks like it supports an alternative syntax though.

[stgraber]

stgraber@castiana:~$ lxc init ubuntu:14.04 trusty
Creating trusty
stgraber@castiana:~$ lxc config edit trusty
stgraber@castiana:~$ lxc start trusty
stgraber@castiana:~$ lxc exec trusty bash
root@trusty:~# grep -ri http://1.2 /etc/
/etc/apt/apt.conf.d/95cloud-init-proxy:Acquire::HTTP::Proxy "http://1.2.3.4:3142";
root@trusty:~# exit
stgraber@castiana:~$ lxc config show trusty
architecture: x86_64
config:
  image.architecture: amd64
  image.description: ubuntu 14.04 LTS amd64 (release) (20171010)
  image.label: release
  image.os: ubuntu
  image.release: trusty
  image.serial: "20171010"
  image.version: "14.04"
  user.vendor-data: |
    #cloud-config
    apt_proxy: "http://1.2.3.4:3142"
  volatile.base_image: 3fe4ea80da7f2fe116b88e30d8003c5ff4c3de72bd3d48c73294d3b36e011867
  volatile.eth0.hwaddr: 00:16:3e:a3:41:3d
  volatile.eth0.name: eth0
  volatile.idmap.base: "0"
  volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.power: RUNNING
devices: {}
ephemeral: false
profiles:
- default
stateful: false
description: ""

Looks like this syntax is still supported in xenial, so switching to that for both should fix it.

Closing this since it's not a LXD issue in the first place and the example above should be a valid workaround.

[stgraber]

Might be worth a bug against cloud-init to try to get things in sync in 14.04 though.

[Roadmaster]

Thanks!