[Bug 1499000] [NEW] interfaces not brought up when ovs is started
Public bug reported: when ovs is started [e.g. systemctl start openvswitch-switch.service], the services [ovsdb-server and ovs-vswitchd] are started, but no interfaces are brought up. running ifup --allow=ovs br0 manually after ovs starts does bring up the interfaces. >cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # bridge #auto br0 allow-ovs br0 iface br0 inet manual ovs_typeOVSBridge ovs_ports eth0 br0-host # physical interface #auto eth0 allow-br0 eth0 iface eth0 inet manual ovs_typeOVSPort ovs_bridge br0 # internal interface [host os] allow-br0 br0-host iface br0-host inet static ovs_typeOVSIntPort ovs_bridge br0 ovs_options tag=681 address 10.68.40.120/17 gateway 10.68.60.1 additionally, stopping ovs stops the services, but the interfaces remain. 1] >lsb_release -rd Description:Ubuntu 15.04 Release:15.04 2] >apt-cache policy openvswitch-switch openvswitch-switch: Installed: 2.3.1-0ubuntu1 Candidate: 2.3.1-0ubuntu1 Version table: *** 2.3.1-0ubuntu1 0 500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages 100 /var/lib/dpkg/status 3] i expected the configured interfaces to be brought up 4] they were not ** Affects: openvswitch (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openvswitch in Ubuntu. https://bugs.launchpad.net/bugs/1499000 Title: interfaces not brought up when ovs is started To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1499000/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1452087] Re: slapd [or its init script] does not create necessary directory for nssov socket and fails to start
there was an apparmor message logged:
May 6 22:52:05 server kernel: audit: type=1400
audit(1430967118.381:12): apparmor=DENIED operation=mkdir
profile=/usr/sbin/slapd name=/run/nslcd/ pid=1419 comm=slapd
requested_mask=c denied_mask=c fsuid=108 ouid=108
adding to /etc/apparmor.d/local/usr.sbin.slapd [among some other
things]:
/etc/ldap/pki/** rw,
/{,var/}run/slapd/* rw,
/{,var/}run/nslcd/ rw,
/{,var/}run/nslcd/* rw,
seems to have addressed that, but the directory still isn't created.
temporarily changing /run/ to 777 seem to reinforce rtandy's reference.
the directory is then created, but not with adequate permissions:
dr-xr-xr-x 2 openldap openldap 40 May 6 23:01 nslcd/
slapd[2357]: nssov: bind() to /var/run/nslcd/socket failed: Permission
denied
adjusting them manually after creation confirms this, and slapd then
starts.
at the moment, i've added the following to the init script:
NSSOV_SOCKETDIR='/var/run/nslcd'
start_slapd() {
[ -d ${NSSOV_SOCKETDIR} ] || ( mkdir -m 755 ${NSSOV_SOCKETDIR} ; \
chown openldap.openldap ${NSSOV_SOCKETDIR} )
which solves the problem for me [albeit the wrong way, imo], since it's
blindly doing it regardless of if the overlay is actually in use.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1452087
Title:
slapd [or its init script] does not create necessary directory for
nssov socket and fails to start
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1452087/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1452087] [NEW] slapd [or its init script] does not create necessary directory for nssov socket and fails to start
Public bug reported: when used with the nss overlay, slapd fails to start, because /var/run/nslcd/ does not exist, and slap cannot then create the socket for this. additionally, creating the directory manually does not help, because it disappears after every reboot. 1] lsb_release -rd Description:Ubuntu 15.04 Release:15.04 2] apt-cache policy slapd slapd: Installed: 2.4.31-1+nmu2ubuntu12 Candidate: 2.4.31-1+nmu2ubuntu12 Version table: *** 2.4.31-1+nmu2ubuntu12 0 500 http://us.archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages 100 /var/lib/dpkg/status 3] i expected the necessary directory to be created when starting slapd if the nss overlay is in use 4] it was not ** Affects: openldap (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1452087 Title: slapd [or its init script] does not create necessary directory for nssov socket and fails to start To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1452087/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1417288] [NEW] unable to create snapshot
Public bug reported: the following occurs when attempting to create a snapshot: virsh # snapshot-create-as template-generic 'test_snapshot' 'test snapshot' --disk-only --atomic error: unsupported configuration: cannot generate external snapshot name for disk 'vda' without source virsh # snapshot-create-as template-generic 'test_snapshot' 'test snapshot' --atomic error: internal error: Child process (/usr/bin/qemu-img snapshot -c test_snapshot) unexpected exit status 1: qemu-img: Expecting one image file name Try 'qemu-img --help' for more information the guest is not running: virsh # list --all IdName State - template-generic shut off here is the guest xml: virsh # dumpxml template-generic domain type='kvm' nametemplate-generic/name uuidc2fcf78b-5919-45f6-af1f-cc540fa5f218/uuid descriptiongeneric template/description memory unit='KiB'1048576/memory currentMemory unit='KiB'1048576/currentMemory vcpu placement='static'1/vcpu os type arch='x86_64' machine='pc-q35-2.1'hvm/type boot dev='hd'/ /os features acpi/ apic/ /features cpu mode='host-passthrough' /cpu clock offset='utc'/ on_poweroffdestroy/on_poweroff on_rebootrestart/on_reboot on_crashdestroy/on_crash devices emulator/usr/bin/qemu-system-x86_64/emulator disk type='volume' device='disk' driver name='qemu' type='qcow2' cache='none'/ source pool='disks-local' volume='template-generic.qcow2'/ target dev='vda' bus='virtio'/ address type='pci' domain='0x' bus='0x02' slot='0x03' function='0x0'/ /disk controller type='usb' index='0' model='ich9-ehci1' address type='pci' domain='0x' bus='0x02' slot='0x02' function='0x7'/ /controller controller type='usb' index='0' model='ich9-uhci1' master startport='0'/ address type='pci' domain='0x' bus='0x02' slot='0x02' function='0x0' multifunction='on'/ /controller controller type='sata' index='0' address type='pci' domain='0x' bus='0x00' slot='0x1f' function='0x2'/ /controller controller type='pci' index='0' model='pcie-root'/ controller type='pci' index='1' model='dmi-to-pci-bridge' address type='pci' domain='0x' bus='0x00' slot='0x1e' function='0x0'/ /controller controller type='pci' index='2' model='pci-bridge' address type='pci' domain='0x' bus='0x01' slot='0x01' function='0x0'/ /controller interface type='network' mac address='52:54:00:5c:51:ce'/ source network='virtual-bridge' portgroup='it_net_admins'/ model type='virtio'/ driver name='vhost' txmode='iothread'/ address type='pci' domain='0x' bus='0x02' slot='0x01' function='0x0'/ /interface input type='keyboard' bus='usb'/ input type='tablet' bus='usb'/ input type='mouse' bus='ps2'/ input type='keyboard' bus='ps2'/ graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0' listen type='address' address='0.0.0.0'/ /graphics video model type='qxl' ram='65536' vram='65536' heads='1'/ address type='pci' domain='0x' bus='0x00' slot='0x01' function='0x0'/ /video memballoon model='virtio' address type='pci' domain='0x' bus='0x02' slot='0x04' function='0x0'/ /memballoon /devices /domain 1] lsb_release -rd Description:Ubuntu 14.10 Release:14.10 2] apt-cache policy libvirt-bin libvirt-bin: Installed: 1.2.8-0ubuntu11.2 Candidate: 1.2.8-0ubuntu11.2 Version table: *** 1.2.8-0ubuntu11.2 0 500 http://us.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.2.8-0ubuntu11.1 0 500 http://security.ubuntu.com/ubuntu/ utopic-security/main amd64 Packages 1.2.8-0ubuntu11 0 500 http://us.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages 3] i expected a snapshot to be created 4] the above errors ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1417288 Title: unable to create snapshot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1417288/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1153364] Re: trouble with guest network connectivity when host is using a bonded interface
apport information ** Description changed: i'm seeing poor/intermittent/degrading network connectivity for guests, when the host is using a bonded interface. in a nutshell, the network configuration is as follows: the physical interfaces [eth0 and eth1] are bonded together as bond0 [i've tried various bond modes - see below]. a bridge interface [br0] is configured with bond0 attached to it. all guests use br0 as their forward interface. my tests have generally included a single host, with two guests running on it. both guests are running ubuntu 12.10. it depends slightly on the particulars of the configuration, but the most prevalent symptom is that a newly booted guest will at first respond to pings [with little to no loss], and the guest will be able to ping other hosts on the network, but as time passes, more and more packets are dropped. eventually, virtually all ping requests go unanswered. in some cases, it appears that restarting networking on the guest will fix this, partially and temporarily. the guest will begin to reply 4-5 packets after restarting networking, but does not respond consistently, eventually failing again as before. i've also noticed that in some cases where ping against the guest has not yet begun to fail, if i ping something else on the network from the guest, this causes the pings against the guest to abruptly fail. i know this is all quite abstract - i've spent quite a bit a time trying to isolate various variables, and while i've made some progress, i think some guidance would be helpful. what i have noticed specifically is if i attach a physical device [e.g. eth0 or eth1] to the bridge [instead of bond0], things seem to work ok. also, if i use active-backup as the bonding mode, things seem to work ok. i was initially using balance-alb as the bonding mode, and have also tested balance-rr as the bonding mode. both exhibit the above symptoms. i've also tried various network card models for the guests [realtek, e1000, and virtio]. this has not had any impact on the symptoms. lastly, the two guests have been able to ping each other, with no issues, regardless of the various network settings. at the moment, i have switched back to active-backup, so this is reflected in the below information. here is a bit of configuration info: host os/package info: lsb_release -rd Description: Ubuntu 12.10 Release: 12.10 apt-cache policy qemu-kvm qemu-kvm: Installed: 1.2.0+noroms-0ubuntu2.12.10.3 Candidate: 1.2.0+noroms-0ubuntu2.12.10.3 Version table: *** 1.2.0+noroms-0ubuntu2.12.10.3 0 500 http://us.archive.ubuntu.com/ubuntu/ quantal-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.2.0+noroms-0ubuntu2.12.10.2 0 500 http://security.ubuntu.com/ubuntu/ quantal-security/main amd64 Packages 1.2.0+noroms-0ubuntu2 0 500 http://us.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages dpkg -l | grep -i virt ii libvirt-bin0.9.13-0ubuntu12.2 amd64programs for the libvirt library ii libvirt0 0.9.13-0ubuntu12.2 amd64library for interfacing with different virtualization systems ii python-libvirt 0.9.13-0ubuntu12.2 amd64libvirt Python bindings ii qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.3 amd64Full virtualization on supported hardware ii virtinst 0.600.2-1ubuntu1 all Programs to create and clone virtual machines dpkg -l | grep -i qemu ii qemu-common1.2.0+noroms-0ubuntu2.12.10.3 all qemu common functionality (bios, documentation, etc) ii qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.3 amd64Full virtualization on supported hardware ii qemu-utils 1.2.0+noroms-0ubuntu2.12.10.3 amd64qemu utilities ii vgabios0.7a-3ubuntu2 all VGA BIOS software for the Bochs and Qemu emulated VGA card host network config: egrep -v '(^[[:space:]]*#|^[[:space:]]*$)' /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet manual bond-master bond0 auto eth1 iface eth1 inet manual bond-master bond0 auto bond0 iface bond0 inet manual bond-mode active-backup bond-slaves eth0 eth1 bond-primary eth0 bond-primary_reselect better auto br0 iface br0 inet static bridge_ports bond0 bridge_stp off bridge_waitport 0 bridge_maxwait 0 bridge_maxage 0 bridge_fd 0 bridge_ageing 0
[Bug 1153364] Re: trouble with guest network connectivity when host is using a bonded interface
i've added iptables -t mangle -A POSTROUTING -o br0 -p udp -m udp -j CHECKSUM --checksum-fill: iptables -vnt mangle -L --lin Chain PREROUTING (policy ACCEPT 44532 packets, 46M bytes) num pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 44307 packets, 46M bytes) num pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 37675 packets, 25M bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 37675 packets, 25M bytes) num pkts bytes target prot opt in out source destination 1 301 27725 CHECKSUM udp -- * br0 0.0.0.0/0 0.0.0.0/0udp CHECKSUM fill it doesn't appear it's had much impact though. pings are still exhibiting the generally erratic behaviors discussed. a possibly unrelated note - reading through bug 1029430, i thought i'd also try not using vhost_net. i unloaded the module [as well as the macvtap module], and edited the guest's config, removing the driver name='vhost' txmode='iothread'/ line: interface type='network' mac address='52:54:00:f3:b2:32'/ source network='host-bridge'/ model type='virtio'/ address type='pci' domain='0x' bus='0x00' slot='0x03' function='0x0'/ /interface however, when starting the guest, the kernel modules are automatically loaded, and the guest appears to still be using the vhost_net module, according to ps output such as in my earlier note. i'm probably doing this wrong, but i'm not sure what. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1153364 Title: trouble with guest network connectivity when host is using a bonded interface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1153364/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1153364] Re: trouble with guest network connectivity when host is using a bonded interface
apport information ** Tags added: apport-collected ** Description changed: i'm seeing poor/intermittent/degrading network connectivity for guests, when the host is using a bonded interface. in a nutshell, the network configuration is as follows: the physical interfaces [eth0 and eth1] are bonded together as bond0 [i've tried various bond modes - see below]. a bridge interface [br0] is configured with bond0 attached to it. all guests use br0 as their forward interface. my tests have generally included a single host, with two guests running on it. both guests are running ubuntu 12.10. it depends slightly on the particulars of the configuration, but the most prevalent symptom is that a newly booted guest will at first respond to pings [with little to no loss], and the guest will be able to ping other hosts on the network, but as time passes, more and more packets are dropped. eventually, virtually all ping requests go unanswered. in some cases, it appears that restarting networking on the guest will fix this, partially and temporarily. the guest will begin to reply 4-5 packets after restarting networking, but does not respond consistently, eventually failing again as before. i've also noticed that in some cases where ping against the guest has not yet begun to fail, if i ping something else on the network from the guest, this causes the pings against the guest to abruptly fail. i know this is all quite abstract - i've spent quite a bit a time trying to isolate various variables, and while i've made some progress, i think some guidance would be helpful. what i have noticed specifically is if i attach a physical device [e.g. eth0 or eth1] to the bridge [instead of bond0], things seem to work ok. also, if i use active-backup as the bonding mode, things seem to work ok. i was initially using balance-alb as the bonding mode, and have also tested balance-rr as the bonding mode. both exhibit the above symptoms. i've also tried various network card models for the guests [realtek, e1000, and virtio]. this has not had any impact on the symptoms. lastly, the two guests have been able to ping each other, with no issues, regardless of the various network settings. at the moment, i have switched back to active-backup, so this is reflected in the below information. here is a bit of configuration info: host os/package info: lsb_release -rd Description: Ubuntu 12.10 Release: 12.10 apt-cache policy qemu-kvm qemu-kvm: Installed: 1.2.0+noroms-0ubuntu2.12.10.3 Candidate: 1.2.0+noroms-0ubuntu2.12.10.3 Version table: *** 1.2.0+noroms-0ubuntu2.12.10.3 0 500 http://us.archive.ubuntu.com/ubuntu/ quantal-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.2.0+noroms-0ubuntu2.12.10.2 0 500 http://security.ubuntu.com/ubuntu/ quantal-security/main amd64 Packages 1.2.0+noroms-0ubuntu2 0 500 http://us.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages dpkg -l | grep -i virt ii libvirt-bin0.9.13-0ubuntu12.2 amd64programs for the libvirt library ii libvirt0 0.9.13-0ubuntu12.2 amd64library for interfacing with different virtualization systems ii python-libvirt 0.9.13-0ubuntu12.2 amd64libvirt Python bindings ii qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.3 amd64Full virtualization on supported hardware ii virtinst 0.600.2-1ubuntu1 all Programs to create and clone virtual machines dpkg -l | grep -i qemu ii qemu-common1.2.0+noroms-0ubuntu2.12.10.3 all qemu common functionality (bios, documentation, etc) ii qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.3 amd64Full virtualization on supported hardware ii qemu-utils 1.2.0+noroms-0ubuntu2.12.10.3 amd64qemu utilities ii vgabios0.7a-3ubuntu2 all VGA BIOS software for the Bochs and Qemu emulated VGA card host network config: egrep -v '(^[[:space:]]*#|^[[:space:]]*$)' /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet manual bond-master bond0 auto eth1 iface eth1 inet manual bond-master bond0 auto bond0 iface bond0 inet manual bond-mode active-backup bond-slaves eth0 eth1 bond-primary eth0 bond-primary_reselect better auto br0 iface br0 inet static bridge_ports bond0 bridge_stp off bridge_waitport 0 bridge_maxwait 0 bridge_maxage 0 bridge_fd 0
[Bug 1153364] Re: trouble with guest network connectivity when host is using a bonded interface
no worries. i'm a bit embarrassed i couldn't offer a more directed initial report. i do believe the vhost_net module is installed and working: lsmod | grep -i vhost vhost_net 31874 1 macvtap18294 1 vhost_net pp | grep -i vhost root 2534 1 3 22:11 ?00:00:22 /usr/bin/kvm -name aurora -S -M pc-1.0 -cpu core2duo,+lahf_lm,+dca,+xtpr,+cx16,+tm2,+est,+vmx,+ds_cpl,+pbe,+tm,+ht,+ss,+acpi,+ds -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -uuid 542c39da-f539-6014-6f91-36575f0aef4e -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/aurora.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -device ahci,id=ahci0,bus=pci.0,addr=0x4 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/srv/vc/disks/aurora,if=none,id=drive-sata0-0-0,format=qcow2 -device ide-hd,bus=ahci0.0,drive=drive-sata0-0-0,id=sata0-0-0,bootindex=1 -drive if=none,media=cdrom,id=drive-sata0-0-1,readonly=on,format=raw -device ide-cd,bus=ahci0.1,drive=drive-sata0-0-1,id=sata0-0-1 -netdev tap,fd=21,id=hostnet0,vhost=on,vhostfd=22 -device virtio-net-pci,tx=bh,netdev=hostnet0,id=net0,mac=52:54:00:f3:b2:32,bus=pci.0,addr=0x3 -vnc 0.0.0.0:0 -vga cirrus -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 i've tested with lxc as you ask - it seems to not exhibit this problem. pings both from the container/guest against other devices on the network, as well as pings against the container/guest. i did notice, with some consistency, duplicate pings - but i know that this is sometimes simply just a largely innocuous side affect of certain types of load balancing, so i'm not necessarily terribly concerned about that. in addition, connectivity to the guest/container in general seemed to be fine, which which not the case with the prior testing. a couple of other notes to add that i've come across [or remembered] since my previous post. i have since also tested with balance-tlb, and this seems to work ok, with no symptoms of intermittent network connectivity - both for my kvm guests, as well as the lxc container/guest. also, i had forgotten about it when i initially wrote up this submission, but initially, i was using macvtap for my kvm guest network connectivity, and this is where i first saw the symptoms. i then switched to using a bridged setup, partially to test things further, but also for also reasons related to some of the limitations of macvtap [specifically guests not being able to communicate with the host when using the same interface]. ultimately, i intend to stay with the bridged configuration, because of this, but wanted to mention that the symptoms do appear to be present with both. lastly, one other possibly interesting bit of info - as i was testing again this morning with balance-alb and lxc, i tested again with a kvm guest to ensure the symptom was still present. this time when pinging, not only were the symptoms still present, i saw some behavior i hadn't noticed previously: ping aurora PING aurora.example.com (192.168.1.70): 56 data bytes 64 bytes from 192.168.1.70: icmp_seq=0 ttl=64 time=0.466 ms 92 bytes from xenon.example.com (192.168.1.60): Redirect Host(New addr: 192.168.1.70) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 7b83 0 3f 01 7c14 192.168.1.123 192.168.1.70 64 bytes from 192.168.1.70: icmp_seq=1 ttl=64 time=0.279 ms 92 bytes from xenon.example.com (192.168.1.60): Redirect Host(New addr: 192.168.1.70) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 19c2 0 3f 01 ddd5 192.168.1.123 192.168.1.70 64 bytes from 192.168.1.70: icmp_seq=2 ttl=64 time=0.306 ms 92 bytes from xenon.example.com (192.168.1.60): Redirect Host(New addr: 192.168.1.70) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 8fc5 0 3f 01 67d2 192.168.1.123 192.168.1.70 64 bytes from 192.168.1.70: icmp_seq=3 ttl=64 time=0.278 ms 92 bytes from xenon.example.com (192.168.1.60): Redirect Host(New addr: 192.168.1.70) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 08f0 0 3f 01 eea7 192.168.1.123 192.168.1.70 64 bytes from 192.168.1.70: icmp_seq=4 ttl=64 time=0.285 ms 92 bytes from xenon.example.com (192.168.1.60): Redirect Host(New addr: 192.168.1.70) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 438e 0 3f 01 b409 192.168.1.123 192.168.1.70 64 bytes from 192.168.1.70: icmp_seq=5 ttl=64 time=0.327 ms 64 bytes from 192.168.1.70: icmp_seq=5 ttl=64 time=0.329 ms (DUP!) 64 bytes from 192.168.1.70: icmp_seq=6 ttl=64 time=0.292 ms 64 bytes from 192.168.1.70: icmp_seq=7 ttl=64 time=0.266 ms 92 bytes from xenon.example.com (192.168.1.60): Redirect Host(New addr: 192.168.1.70) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 2be0 0 3f 01 cbb7 192.168.1.123 192.168.1.70
[Bug 1153364] [NEW] trouble with guest network connectivity when host is using a bonded interface
Public bug reported: i'm seeing poor/intermittent/degrading network connectivity for guests, when the host is using a bonded interface. in a nutshell, the network configuration is as follows: the physical interfaces [eth0 and eth1] are bonded together as bond0 [i've tried various bond modes - see below]. a bridge interface [br0] is configured with bond0 attached to it. all guests use br0 as their forward interface. my tests have generally included a single host, with two guests running on it. both guests are running ubuntu 12.10. it depends slightly on the particulars of the configuration, but the most prevalent symptom is that a newly booted guest will at first respond to pings [with little to no loss], and the guest will be able to ping other hosts on the network, but as time passes, more and more packets are dropped. eventually, virtually all ping requests go unanswered. in some cases, it appears that restarting networking on the guest will fix this, partially and temporarily. the guest will begin to reply 4-5 packets after restarting networking, but does not respond consistently, eventually failing again as before. i've also noticed that in some cases where ping against the guest has not yet begun to fail, if i ping something else on the network from the guest, this causes the pings against the guest to abruptly fail. i know this is all quite abstract - i've spent quite a bit a time trying to isolate various variables, and while i've made some progress, i think some guidance would be helpful. what i have noticed specifically is if i attach a physical device [e.g. eth0 or eth1] to the bridge [instead of bond0], things seem to work ok. also, if i use active-backup as the bonding mode, things seem to work ok. i was initially using balance-alb as the bonding mode, and have also tested balance-rr as the bonding mode. both exhibit the above symptoms. i've also tried various network card models for the guests [realtek, e1000, and virtio]. this has not had any impact on the symptoms. lastly, the two guests have been able to ping each other, with no issues, regardless of the various network settings. at the moment, i have switched back to active-backup, so this is reflected in the below information. here is a bit of configuration info: host os/package info: lsb_release -rd Description:Ubuntu 12.10 Release:12.10 apt-cache policy qemu-kvm qemu-kvm: Installed: 1.2.0+noroms-0ubuntu2.12.10.3 Candidate: 1.2.0+noroms-0ubuntu2.12.10.3 Version table: *** 1.2.0+noroms-0ubuntu2.12.10.3 0 500 http://us.archive.ubuntu.com/ubuntu/ quantal-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.2.0+noroms-0ubuntu2.12.10.2 0 500 http://security.ubuntu.com/ubuntu/ quantal-security/main amd64 Packages 1.2.0+noroms-0ubuntu2 0 500 http://us.archive.ubuntu.com/ubuntu/ quantal/main amd64 Packages dpkg -l | grep -i virt ii libvirt-bin0.9.13-0ubuntu12.2 amd64programs for the libvirt library ii libvirt0 0.9.13-0ubuntu12.2 amd64library for interfacing with different virtualization systems ii python-libvirt 0.9.13-0ubuntu12.2 amd64libvirt Python bindings ii qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.3 amd64Full virtualization on supported hardware ii virtinst 0.600.2-1ubuntu1 all Programs to create and clone virtual machines dpkg -l | grep -i qemu ii qemu-common1.2.0+noroms-0ubuntu2.12.10.3 all qemu common functionality (bios, documentation, etc) ii qemu-kvm 1.2.0+noroms-0ubuntu2.12.10.3 amd64Full virtualization on supported hardware ii qemu-utils 1.2.0+noroms-0ubuntu2.12.10.3 amd64qemu utilities ii vgabios0.7a-3ubuntu2 all VGA BIOS software for the Bochs and Qemu emulated VGA card host network config: egrep -v '(^[[:space:]]*#|^[[:space:]]*$)' /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet manual bond-master bond0 auto eth1 iface eth1 inet manual bond-master bond0 auto bond0 iface bond0 inet manual bond-mode active-backup bond-slaves eth0 eth1 bond-primary eth0 bond-primary_reselect better auto br0 iface br0 inet static bridge_ports bond0 bridge_stp off bridge_waitport 0 bridge_maxwait 0 bridge_maxage 0 bridge_fd 0 bridge_ageing 0 address 192.168.1.60 netmask 255.255.255.0 gateway 192.168.1.1 brctl show bridge name bridge id STP enabled interfaces br0 8000.0019b9ec43f3
[Bug 1153364] Re: trouble with guest network connectivity when host is using a bonded interface
some more information - while running a ping from another physical host, against a guest, i did a bit of testing with tshark: 192.168.1.123 - other physical host on network 192.168.1.60 - virtual host 192.168.1.70 - virtual guest on the virtual host, the current active slave is eth0, so i started there: cat /proc/net/bonding/bond0 Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011) Bonding Mode: adaptive load balancing Primary Slave: None Currently Active Slave: eth0 MII Status: up MII Polling Interval (ms): 0 Up Delay (ms): 0 Down Delay (ms): 0 Slave Interface: eth0 MII Status: up Speed: 100 Mbps Duplex: full Link Failure Count: 0 Permanent HW addr: 00:19:b9:ec:43:f1 Slave queue ID: 0 tshark appears to indicate that the ping requests are reaching the physical interface on the virtual host: tshark -i eth0 'icmp[icmptype]==icmp-echo' Capturing on eth0 0.00 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=540/7170, ttl=64 1.000273 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=541/7426, ttl=64 2.001328 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=542/7682, ttl=64 3.002381 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=543/7938, ttl=64 ^C4 packets captured next, tshark appears to indicate that the ping requests are reaching the bond interface: tshark -i bond0 'icmp[icmptype]==icmp-echo' Capturing on bond0 0.00 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=796/7171, ttl=64 1.001077 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=797/7427, ttl=64 2.001996 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=798/7683, ttl=64 3.002751 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=799/7939, ttl=64 ^C4 packets captured continuing on, tshark appears to indicate that the ping requests are reaching the bridge interface: tshark -i br0 'icmp[icmptype]==icmp-echo' Capturing on br0 0.00 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=665/39170, ttl=64 1.001045 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=666/39426, ttl=64 2.001173 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=667/39682, ttl=64 3.002232 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=668/39938, ttl=64 4.003298 192.168.1.123 - 192.168.1.70 ICMP 98 Echo (ping) request id=0xa494, seq=669/40194, ttl=64 ^C5 packets captured while doing each of these captures, i was running a matching capture on the guest, and did not see any of these packets. while i'm not quite sure what [if any] the implication is, it would seem that somehow, the packets are getting lost on their way to the guest, after they reach the bridge interface. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1153364 Title: trouble with guest network connectivity when host is using a bonded interface To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/1153364/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1045444] Re: amavisd-new tries to load perl modules that don't exist
sure - see below: perl --version This is perl 5, version 14, subversion 2 (v5.14.2) built for x86_64-linux-gnu-thread-multi (with 53 registered patches, see perl -V for more detail) Copyright 1987-2011, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using man perl or perldoc perl. If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. which perl /usr/bin/perl -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in Ubuntu. https://bugs.launchpad.net/bugs/1045444 Title: amavisd-new tries to load perl modules that don't exist To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1045444/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1045444] [NEW] amavisd-new tries to load perl modules that don't exist
Public bug reported: when starting amavisd-new, the following can be seen in the log: INFO: no optional modules: unicore::Canonical.pl unicore::Exact.pl unicore::PVA.pl those modules don't appear to be part of any ubuntu perl packages, and iiuc, haven't been part of perl since ~5.8/5.9? i'm wondering what functions those modules provide, if those functions are now handled by other perl modules. thanks -ben ** Affects: amavisd-new (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in Ubuntu. https://bugs.launchpad.net/bugs/1045444 Title: amavisd-new tries to load perl modules that don't exist To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1045444/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1045444] Re: amavisd-new tries to load perl modules that don't exist
additional details: lsb_release -rd Description:Ubuntu 12.04.1 LTS Release:12.04 apt-cache policy amavisd-new amavisd-new: Installed: 1:2.6.5-0ubuntu3.2 Candidate: 1:2.6.5-0ubuntu3.2 Version table: *** 1:2.6.5-0ubuntu3.2 0 500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 100 /var/lib/dpkg/status 1:2.6.5-0ubuntu3 0 500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages i expected amavis to not attempt to load those modules if they've been replaced with something else. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to amavisd-new in Ubuntu. https://bugs.launchpad.net/bugs/1045444 Title: amavisd-new tries to load perl modules that don't exist To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/amavisd-new/+bug/1045444/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1033096] request to have sha2 module in contrib included in package
On Aug 05, 2012, at 10.17, Clint Byrum wrote: Hi Ben. This seems like a reasonable request. You should note that upstream would prefer that people not use these password methods and instead focus on SCRAM based methods. See the discussion on why this module isn't in core here: http://www.openldap.org/its/index.cgi/Contrib?id=7278;page=4 hi- thanks for the reference, i hadn't heard of scram before. -ben -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1033096 Title: request to have sha2 module in contrib included in package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1033096/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1033096] Re: request to have sha2 module in contrib included in package
i gather this means that this module is independently implementing the algorithm rather than using existing [openssl/gnutls/etc] libraries? is there a compromise that might be reached? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1033096 Title: request to have sha2 module in contrib included in package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1033096/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1033096] [NEW] request to have sha2 module in contrib included in package
Public bug reported:
there is an sha2 module in the openldap source contrib directory which
implements the following sha2 password hashing schemes:
{SSHA-512}
{SSHA-384}
{SSHA-256}
{SHA-512}
{SHA-384}
{SHA-256}
i'd like to have it included in the slapd package.
the module can be found in contrib/slapd-modules/passwd/sha2/
following the standard make depend when building openldap, the module
can be built by running make in its directory. note that i had to add
-fPIC to CCFLAGS in order to get it to build - e.g:
CCFLAGS = -Wall -g -fPIC
this may or may not be the right way to do this.
regards
-ben
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1033096
Title:
request to have sha2 module in contrib included in package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1033096/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 898004] [NEW] post installation script fails with exit status 1
Public bug reported: lsb_release -rd Description:Ubuntu 11.10 Release:11.10 apt-cache policy bind9 bind9: Installed: 1:9.7.3.dfsg-1ubuntu4.1 Candidate: 1:9.7.3.dfsg-1ubuntu4.1 Version table: *** 1:9.7.3.dfsg-1ubuntu4.1 0 500 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages 100 /var/lib/dpkg/status 1:9.7.3.dfsg-1ubuntu4 0 500 http://us.archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages when installing bind9, installation fails, leaving the package half installed: apt-get install bind9 Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: dnsutils bind9-doc resolvconf ufw The following NEW packages will be installed: bind9 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 331 kB of archives. After this operation, 1106 kB of additional disk space will be used. Get:1 http://us.archive.ubuntu.com/ubuntu/ oneiric-updates/main bind9 amd64 1:9.7.3.dfsg-1ubuntu4.1 [331 kB] Fetched 331 kB in 1s (282 kB/s) Preconfiguring packages ... Selecting previously deselected package bind9. (Reading database ... 17868 files and directories currently installed.) Unpacking bind9 (from .../bind9_1%3a9.7.3.dfsg-1ubuntu4.1_amd64.deb) ... Processing triggers for ureadahead ... Processing triggers for man-db ... Setting up bind9 (1:9.7.3.dfsg-1ubuntu4.1) ... Adding group `bind' (GID 107) ... Done. Adding system user `bind' (UID 105) ... Adding new user `bind' (UID 105) with group `bind' ... Not creating home directory `/var/cache/bind'. Auto configuration failed 139717989152576:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 79 dpkg: error processing bind9 (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: bind9 E: Sub-process /usr/bin/dpkg returned an error code (1) dpkg -l bind9 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Description +++-===-===-== iF bind9 1:9.7.3.dfsg-1ubuntu4.1 Internet Domain Name Server dpkg --configure bind9 Setting up bind9 (1:9.7.3.dfsg-1ubuntu4.1) ... Auto configuration failed 139873104557888:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 79 dpkg: error processing bind9 (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: bind9 ./bind9.postinst 'configure' Auto configuration failed 140732604843840:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 79 looking a bit closer at the post install script, it's revealed that the rndc-confgen command is actually what's failing: rndc-confgen -r /dev/urandom -a Auto configuration failed 140093146728256:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:618:line 79 - and the error is actually an openssl error. it turns out that there was a variable in openssl.cnf, pointing to a file which didn't exist [inadvertently left over from some other modifications made to openssl.cnf]: private_key = $dir/private/cakey.pem removing this line from the config allows rndc-confgen to complete successfully, and thus the package installation completes successfully: apt-get install bind9 Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: dnsutils bind9-doc resolvconf ufw The following NEW packages will be installed: bind9 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/331 kB of archives. After this operation, 1106 kB of additional disk space will be used. Preconfiguring packages ... Selecting previously deselected package bind9. (Reading database ... 17868 files and directories currently installed.) Unpacking bind9 (from .../bind9_1%3a9.7.3.dfsg-1ubuntu4.1_amd64.deb) ... Processing triggers for ureadahead ... Processing triggers for man-db ... Setting up bind9 (1:9.7.3.dfsg-1ubuntu4.1) ... Adding group `bind' (GID 107) ... Done. Adding system user `bind' (UID 105) ... Adding new user `bind' (UID 105) with group `bind' ... Not creating home directory `/var/cache/bind'. wrote key file /etc/bind/rndc.key # * Starting domain name service... bind9 [ OK ] i know that the init script relies on rndc, but i
[Bug 675391] [NEW] nssov overlay is missing
Public bug reported:
it appears that in 2.4.23-0ubuntu3, the nssov overlay is absent from the
package. this was not the case in the previous version
(2.4.21-0ubuntu5.2). the following files are missing:
/usr/lib/ldap/nssov.la
/usr/lib/ldap/nssov.so
/usr/lib/ldap/nssov.so.0
/usr/lib/ldap/nssov.so.0.0.0
this severely breaks installations that were using the overlay, as it is
referenced from the config, but cannot be loaded, resulting in dpkg
failing and completely breaking the upgrade process:
Setting up slapd (2.4.23-0ubuntu3.2) ...
Backing up /etc/ldap/slapd.d/ in /var/backups/slapd-2.4.21-0ubuntu5.3... done.
Moving old database directories to /var/backups:
Loading from /var/backups/slapd-2.4.21-0ubuntu5.3:
- directory dc=example,dc=com... failed.
Loading the database from the LDIF dump failed with the following
error while running slapadd:
lt_dlopenext failed: (nssov) file not found
config error processing cn=module{0},cn=config: olcModuleLoad handler
exited with 1
slapadd: bad configuration directory!
dpkg: error processing slapd (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
slapd
E: Sub-process /usr/bin/dpkg returned an error code (1)
1) lsb_release -rd
Description:Ubuntu 10.10
Release:10.10
2) apt-cache policy slapd
slapd:
Installed: 2.4.23-0ubuntu3.2
Candidate: 2.4.23-0ubuntu3.2
Version table:
*** 2.4.23-0ubuntu3.2 0
500 http://us.archive.ubuntu.com/ubuntu/ maverick-updates/main i386
Packages
100 /var/lib/dpkg/status
2.4.23-0ubuntu3 0
500 http://us.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages
3) i expected the nssov overlay to load
4) it did not, causing slapd to fail, which in turn caused dpkg to fail.
** Affects: openldap (Ubuntu)
Importance: Undecided
Status: New
--
nssov overlay is missing
https://bugs.launchpad.net/bugs/675391
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 341817] Re: dhcpd wont start due to rndc.key permissions
i'd like to bump this entry a bit - if nothing else, to understand
better why exactly this doesn't work.
as the user dhcpd runs as (dhcpd), i can read the key file (by way of a
symlink, in my case):
whoami
dhcpd
id dhcpd
uid=105(dhcpd) gid=113(dhcpd) groups=113(dhcpd),999(ddns)
ls -Alh
total 20K
lrwxrwxrwx 1 root root29 2010-03-07 16:12 ddns-key-1.key -
/etc/bind/keys/ddns-key-1.key
-rw-r- 1 root dhcpd 148 2009-12-01 20:14 ddns-key-1.key.old
drwxr-xr-x 2 root root 4.0K 2010-02-15 20:29 dhclient-enter-hooks.d
drwxr-xr-x 2 root root 4.0K 2009-12-16 12:17 dhclient-exit-hooks.d
-rw-r- 1 root dhcpd 4.1K 2009-12-01 20:17 dhcpd.conf
ls -alh /etc/bind/keys/ddns-key-1.key
-rw-r- 1 root ddns 148 2009-12-01 15:24 /etc/bind/keys/ddns-key-1.key
cat ddns-key-1.key
key ddns-key-1 {
algorithm hmac-md5;
secret xx;
};
yet (as in the initial report) when started via it's init script,
/usr/sbin/dhcpd can not:
/etc/init.d/dhcp3-server start
dhcpd self-test failed. Please fix the config file.
The error was:
Internet Systems Consortium DHCP Server V3.1.2
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Can't open /etc/dhcp3/ddns-key-1.key: Permission denied
why doesn't this work? what is different when dhcpd is started via it's
init script and privs are dropped to the user named dhcpd? i've
adjusted the apparmor settings for dhcpd, and there are no audit entries
for apparmor being logged - what is preventing this file from being
read?
--
dhcpd wont start due to rndc.key permissions
https://bugs.launchpad.net/bugs/341817
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dhcp3 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 508190] [NEW] slapo-nssov not able to write socket file
Public bug reported: the nss overlay attempts to write it's socket file to /var/run/nslcd/socket, but is prevented from doing so by apparmor: type=1503 audit(1263524239.632:23): operation=mknod pid=17179 parent=1 profile=/usr/sbin/slapd requested_mask=w:: denied_mask=w:: fsuid=107 ouid=107 name=/var/run/nslcd/socket adjusting /etc/apparmor/usr.sbin.slapd to accommodate this resolves the issue: # pid files and sockets /var/run/slapd/* w, /var/run/nslcd/* w, additionally, i don't believe that the slapd package created the /var/run/nslcd/ directory: drwxr-xr-x 2 openldap openldap 80 2010-01-15 18:28 /var/run/nslcd/ ** Affects: openldap (Ubuntu) Importance: Undecided Status: New -- slapo-nssov not able to write socket file https://bugs.launchpad.net/bugs/508190 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 508190] Re: slapo-nssov not able to write socket file
i neglected to include the following information: source package: 2.4.18-0ubuntu1 lsb_release -rd Description:Ubuntu 9.10 Release:9.10 apt-cache policy slapd slapd: Installed: 2.4.18-0ubuntu1 Candidate: 2.4.18-0ubuntu1 Version table: *** 2.4.18-0ubuntu1 0 500 http://us.archive.ubuntu.com karmic/main Packages 100 /var/lib/dpkg/status -- slapo-nssov not able to write socket file https://bugs.launchpad.net/bugs/508190 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 507728] [NEW] man page missing for slapo-nssov
Public bug reported: source package: openldap (2.4.18-0ubuntu1) lsb_release -rd Description:Ubuntu 9.10 Release:9.10 apt-cache policy slapd slapd: Installed: 2.4.18-0ubuntu1 Candidate: 2.4.18-0ubuntu1 Version table: *** 2.4.18-0ubuntu1 0 500 http://us.archive.ubuntu.com karmic/main Packages 100 /var/lib/dpkg/status the man page for the nss overlay (e.g. slapo-nssov) is not present. ** Affects: openldap (Ubuntu) Importance: Undecided Status: New -- man page missing for slapo-nssov https://bugs.launchpad.net/bugs/507728 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
