turnkeylinux.org connection, why?

[gabfather]

Hi,

I have a Proxmox environment with strict policy rules. The machines allow to reach only a few things, such as specific repositories, the necessary activation site (shop.maurer), proxmox repo (enterprise.proxmox.com). It's works fine, but I got that kind of mails:

Subject: Cron <root@hostname> test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

/etc/cron.daily/pve:
command 'apt-get update' failed: exit code 100

The machines want to connect to the http://releases.turnkeylinux.org/pve/aplinfo.dat.asc . What is this site? Is this necessary to reach it? if its not necessary, can i disable it somehow?

Thanks,
gab

 

[t.lamprecht]

Hi,

https://pve.proxmox.com/wiki/Turnkey_Linux_Templates It's necessary for the Turnkey Templates/Appliances.

There no easy way to disable it at the moment, AFAIK. But also no worries about trusting them.
It loads a GPG signature and a (gzip compressed) txt file with the list to all Appliances of Turnkey (which get's checked if they are valid and not compromised).

Whats your pveversion -v?

 

[alen]

Hi gabfather,

can you post the content of your (following) repository lists:

/etc/apt/sources.list

/etc/apt/sources.list.d/pve-enterprise.list

 

[gabfather]

Thanks for your reply,

I like the hard way too Look, it's a serious company and everything needs a good reason.

the apt files output:

cat /etc/apt/sources.list
deb http://ftp.bme.hu/debian wheezy main contrib non-free
deb http://ftp.bme.hu/debian wheezy/updates main contrib non-free
deb-src http://ftp.bme.hu/debian wheezy main contrib non-free
deb-src http://ftp.bme.hu/debian wheezy/updates main contrib non-free

cat /etc/apt/sources.list.d/pve-enterprise.list
deb https://enterprise.proxmox.com/debian wheezy pve-enterprise

Regards,
gab

 

[gabfather]

Hi Alen,

Thanks for your reply,

cat /etc/apt/sources.list.d/pve-enterprise.list
deb https://enterprise.proxmox.com/debian wheezy pve-enterprise

cat /etc/apt/sources.list

deb http://ftp.bme.hu/debian wheezy main contrib non-free
deb http://ftp.bme.hu/debian wheezy/updates main contrib non-free
deb-src http://ftp.bme.hu/debian wheezy main contrib non-free
deb-src http://ftp.bme.hu/debian wheezy/updates main contrib non-free

 

[t.lamprecht]

I like the hard way too Look, it's a serious company and everything needs a good reason.

Ok, you take the responsibility.

open your /etc/cron.daily/pve file in an editor (e.g.: nano) and somewhere in the beginning you should see some lines like:

my $dccfg = PVE::Cluster::cfs_read_file('datacenter.cfg');
eval { PVE::APLInfo::update($dccfg->{http_proxy}); };
if (my $err = $@) {
    syslog ('err', "update appliance info failed - see /var/log/pveam.log for details");
}

Delete them, save the file and you're finished.

Note: the connection to turnkey didn't let apt-get update fail, has your node also access to http://ftp.bme.hu ? The debian repo you use.