cloud-init is there a way to force an execution order?

Question

I'm running Debian 9.1 and I want to configure my VPS on creation by using cloud-init and I have a particular configuration problem.

This is the default values of cloud.cfg from the provided snapshot:

# The modules that run in the 'init' stage
cloud_init_modules:
 - migrator
 - seed_random
 - bootcmd
 - write-files
 - growpart
 - resizefs
 - disk_setup
 - mounts
 - set_hostname
 - update_hostname
 - update_etc_hosts
 - ca-certs
 - rsyslog
 - users-groups
 - ssh

# The modules that run in the 'config' stage
cloud_config_modules:
# Emit my cloud config ready event
# this can be used by upstart jobs for 'start on cloud-config'.
 - emit_upstart
 - ssh-import-id
 - locale
 - set-passwords
 - grub-dpkg
 - apt-pipelining
 - apt-configure
 - ntp
 - timezone
 - disable-ec2-metadata
 - runcmd
 - byobu

# The modules that run in the 'final' stage
cloud_final_modules:
 - package-update-upgrade-install
 - fan
 - puppet
 - chef
 - salt-minion
 - mcollective
 - rightscale_userdata
 - scripts-vendor
 - scripts-per-once
 - scripts-per-boot
 - scripts-per-instance
 - scripts-user
 - ssh-authkey-fingerprints
 - keys-to-console
 - phone-home
 - final-message
 - power-state-change

As you can see, runcmd will be executed in the config stage, after apt-configure.

As part of my configuration I'm installing multiple packages, one of which requires that I add a new source and to import a key from a keyserver. There's a problem because importing a key requires dirmngr to be installed on the system but Debian 9.1 doesn't have it installed by default.

However, since apt-configure is executed before runcmd, I can't install dirmngr before trying to import a key. As a result, the rest of the configuration will fail and the system will be in an unwanted state.

How can I get around this problem?

Answer 1

Regarding the specific case of missing dirmngr package on Debian 9.1 causing failure of the apt-configure module, I have had success with adding the following bootcmd entry to my cloud-init configuration:

# APT fails to acquire GPG keys if package dirmngr is missing
bootcmd:
  - [ cloud-init-per, once, dirmngr-aptupdate, apt-get, update ]
  - [ cloud-init-per, once, dirmngr-aptinstall, apt-get, install, dirmngr ]

Since the cloud-init configuration is obtained from the network (I'm using EC2 userdata), network is guaranteed to be up when bootcmd is executed. The cloud-init-per program make it easy to ensure that these commands are not reexecuted on further instance boot.