Inheriting MAAS Apt Settings via "container-inherit-properties"

Introduction

This post deals with a subset of allowable values for container-inherit-properties, namely apt_primary, apt_security and apt_sources - all those dealing with package repositories.

The model config setting container-inherit-properties is documented as allowing:

a limited set of cloudinit parameters enabled on a Juju machine to be inherited by any hosted containers.

(reference)

This description turns out to be overly general; the settings are specifically intended as a way for MAAS repository configuration to apply to containers in addition to the MAAS-provisioned hosts.

Prior to MAAS 2.5, these happened to be written under /etc/cloud/cloud.cfg.d with a structure similar to the example below.

  apt:
    primary:
    - arches: [default]
      uri: http://nl.archive.ubuntu.com/

The Problem

Since the release of MAAS 2.5, the logic for representing MAAS repository settings on hosts has changed. It is handled by Curtin instead of Cloud-Init, and the location and structure of the data has changed. It now resides in /root/curtin-install-cfg.yaml and is represented as the contents of what would go in /etc/apt/sources.list under a single key, like this:

  sources_list: 'deb http://my-custom.archive.ubuntu.com/ubuntu/ $RELEASE multiverse
    restricted universe main

    # deb-src http://nl.archive.ubuntu.com/ubuntu/ $RELEASE multiverse restricted
    universe main

    deb http://nl.archive.ubuntu.com/ubuntu/ $RELEASE-updates multiverse restricted
    universe main

    # deb-src http://nl.archive.ubuntu.com/ubuntu/ $RELEASE-updates multiverse
    restricted universe main

    deb http://nl.archive.ubuntu.com/ubuntu/ $RELEASE-security multiverse restricted
    universe main

    # deb-src http://nl.archive.ubuntu.com/ubuntu/ $RELEASE-security multiverse
    restricted universe main

    deb http://nl.archive.ubuntu.com/ubuntu/ $RELEASE-backports multiverse
    restricted universe main

    # deb-src http://nl.archive.ubuntu.com/ubuntu/ $RELEASE-backports multiverse
    restricted universe main

This means the feature no longer works on MAAS 2.5+ and a bug has been raised accordingly.

Adding a new search location to the configuration retrieval is not difficult, but the problem posed is that of extracting the allowed key values from the new sources_list.

Solution Proposal

Handling the MAAS 2.5+ case could be done as follows:

  • Include /root/curtin-install-cfg.yaml in the data searched for inherited keys.
  • Effectively ignore apt-primary and apt-security for these MAAS versions.
  • If apt-sources is set, pull the value for the sources_list key into the inherited Cloud-Init values.
  • Modify the documentation for the additional behaviour, and perhaps elaborate for the configuration option generally to inform of the MAAS-specific usage.

An alternative would be to include a new key, so that for MAAS 2.5+, the operator would have to use apt-sources_list as an inherited key.

For posterity, the issue was addressed in this patch.