[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
This bug was fixed in the package systemd - 240-6ubuntu5.8 --- systemd (240-6ubuntu5.8) disco; urgency=medium [ Victor Tapia ] * d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch Fix regression introduced by resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch when DNSSEC=yes (LP: #1796501) [ Dan Streetman ] * d/p/lp1840640-shared-seccomp-add-sync_file_range2.patch: allow sync_file_range2 in nspawn container (LP: #1840640) * d/p/lp1847527-journal-remote-do-not-request-Content-Length-if-Tran.patch: do not request Content-Length if Transfer-Encoding is chunked (LP: #1847527) * d/t/storage: fix flaky test (LP: #1847815) * d/p/lp1843381-dell_passthrough_skip_rename_retry.patch, debian/extra/rules/73-usb-net-by-mac.rules: fix rename delay for systems using "Dell MAC passthrough" (LP: #1843381) * d/p/lp1849733/0001-resolved-if-we-can-t-append-EDNS-OPT-RR-then-indicat.patch, d/p/lp1849733/0002-resolved-don-t-let-EDNS0-OPT-dgram-size-affect-TCP.patch: ignore EDNS0 payload limit when responding over TCP (LP: #1849733) * d/p/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch: - Fix bug in refcounting TCP stream types (LP: #1849658) * d/extra/dhclient-enter-resolved-hook: - only restart resolved if dhclient conf changed (LP: #1805183) [ Balint Reczey ] * d/p/test-execute-Filter-dev-.lxc-in-exec-dynamicuser-statedir.patch: fix test breakage due to running in nested lxd container (LP: #1845337) -- Dan Streetman Fri, 04 Oct 2019 09:06:58 -0400 ** Changed in: systemd (Ubuntu Disco) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
with testcase setup from description, system A is -remote and system B is -d ubuntu@lp1847527-remote:~$ dpkg -l systemd|grep ii ii systemd240-6ubuntu5.7 amd64system and service manager ubuntu@lp1847527-d:~$ dpkg -l systemd|grep ii ii systemd240-6ubuntu5.7 amd64system and service manager ubuntu@lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service -- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:19:34 UTC. -- Nov 14 20:19:03 lp1847527-d systemd[1]: Started Journal Remote Upload Service. Nov 14 20:19:03 lp1847527-d systemd-journal-upload[721]: Upload to http://192.168.122.184:19532/upload failed with code 411: gth Required Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Main process exited, code=exited, status=1/FAILURE Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Failed with result 'exit-code'. Fix must be applied to system A (where systemd-journal-remote.serivce is running): ubuntu@lp1847527-remote:~$ dpkg -l systemd|grep ii ii systemd240-6ubuntu5.8 amd64system and service manager ubuntu@lp1847527-d:~$ dpkg -l systemd|grep ii ii systemd240-6ubuntu5.7 amd64system and service manager ubuntu@lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service -- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:34:28 UTC. -- Nov 14 20:33:33 lp1847527-d systemd[1]: Started Journal Remote Upload Service. and upgrading system B, it still works correctly (as long as system A has been upgraded): ubuntu@lp1847527-d:~$ dpkg -l systemd|grep ii ii systemd240-6ubuntu5.8 amd64system and service manager ubuntu@lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service -- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:38:38 UTC. -- Nov 14 20:38:35 lp1847527-d systemd[1]: Started Journal Remote Upload Service. ** Tags removed: verification-needed verification-needed-disco ** Tags added: verification-done verification-done-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
> I'm currently traveling for work, but will verify the fix this evening hopefully. Thanks - I did a quick verification but it would be good if you could verify it works for you as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
I'm currently traveling for work, but will verify the fix this evening hopefully. Thanks On Thu, Nov 14, 2019, 10:41 Dan Streetman wrote: > @drdabbles can you please verify the fix in systemd in proposed > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1847527 > > Title: > Backport systemd-journal-remote fix PR #11953 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
** Description changed: [impact] upstream commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd broke remote journal upload, because it added a check to verify the Content-Length header, but the upload may use Transfer-Encoding of 'chunked' which does not specify Content-Length. [test case] - see comment 5 + setup 2 systems, A and B. Install systemd-journal-remote on both. + + On A: + + $ sudo systemctl edit systemd-journal-remote.service + + in the editor, add: + + [Service] + ExecStart= + ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/ + + + Then enable/start the socket: + + $ sudo systemctl enable systemd-journal-remote.socket + $ sudo systemctl start systemd-journal-remote.socket + + Optionally, start the service and verify it is running (not required, + since the socket will start the service): + + $ sudo systemctl start systemd-journal-remote.service + $ sudo systemctl status systemd-journal-remote.service | grep Active +Active: active (running) since Thu 2019-11-14 20:08:48 UTC; 7min ago + + + On B: + + Edit the file /etc/systemd/journal-upload.conf: + + [Upload] + URL=http://192.168.122.184:19532 + + + Replacing the IP address with the actual ip addr of node A. Then enable/start the service: + + $ sudo systemctl enable systemd-journal-upload.service + $ sudo systemctl start systemd-journal-upload.service + + Check for failure: + + ubuntu@lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service + -- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:19:34 UTC. -- + Nov 14 20:19:03 lp1847527-d systemd[1]: Started Journal Remote Upload Service. + Nov 14 20:19:03 lp1847527-d systemd-journal-upload[721]: Upload to http://192.168.122.184:19532/upload failed with code 411: gth Required + Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Main process exited, code=exited, status=1/FAILURE + Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Failed with result 'exit-code'. + [regression potential] this limits the Transfer-Encoding to only be either unspecified, or 'chunked'. Any other value will fail. However, journal-upload.c does not ever use any other Transfer-Encoding than 'chunked', and this fix comes from upstream and has not changed since applied there. Any regression would likely result in the failure to upload a remote journal. [other info] the commit that caused this is not included in Bionic, and the commit to fix this is already in Eoan; this is needed only in Disco. original description: -- I'm requesting that systemd 240 receive the fix in upstream PR 11953 found here https://github.com/systemd/systemd/pull/11953 This fixes remote journal shipping using systemd components. I believe only Disco (19.04) is impacted by this issue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
@drdabbles can you please verify the fix in systemd in proposed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
Hello Tom, or anyone else affected, Accepted systemd into disco-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/240-6ubuntu5.8 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-disco to verification-done-disco. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-disco. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: systemd (Ubuntu Disco) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-disco -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
** Description changed: + [impact] + + upstream commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd broke remote journal upload, because it added a check to verify the Content-Length header, but the upload may use Transfer-Encoding of 'chunked' which does + not specify Content-Length. + + [test case] + + see comment 5 + + [regression potential] + + this limits the Transfer-Encoding to only be either unspecified, or + 'chunked'. Any other value will fail. However, journal-upload.c does + not ever use any other Transfer-Encoding than 'chunked', and this fix + comes from upstream and has not changed since applied there. + + Any regression would likely result in the failure to upload a remote + journal. + + [other info] + + original description: + -- + I'm requesting that systemd 240 receive the fix in upstream PR 11953 found here https://github.com/systemd/systemd/pull/11953 This fixes remote journal shipping using systemd components. I believe only Disco (19.04) is impacted by this issue. ** Description changed: [impact] upstream commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd broke remote journal upload, because it added a check to verify the Content-Length header, but the upload may use Transfer-Encoding of 'chunked' which does not specify Content-Length. [test case] see comment 5 [regression potential] this limits the Transfer-Encoding to only be either unspecified, or 'chunked'. Any other value will fail. However, journal-upload.c does not ever use any other Transfer-Encoding than 'chunked', and this fix comes from upstream and has not changed since applied there. Any regression would likely result in the failure to upload a remote journal. [other info] + the commit that caused this is not included in Bionic, and the commit to + fix this is already in Eoan; this is needed only in Disco. + original description: -- I'm requesting that systemd 240 receive the fix in upstream PR 11953 found here https://github.com/systemd/systemd/pull/11953 This fixes remote journal shipping using systemd components. I believe only Disco (19.04) is impacted by this issue. ** Also affects: systemd (Ubuntu Eoan) Importance: Undecided Status: Fix Released ** Also affects: systemd (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu Bionic) Status: New => Invalid ** Changed in: systemd (Ubuntu Disco) Status: New => In Progress ** Changed in: systemd (Ubuntu Disco) Assignee: (unassigned) => Dan Streetman (ddstreet) ** Changed in: systemd (Ubuntu Disco) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
@ddstreet any configuration that ships lots to a remote host will trigger this. The server always responds with the bug, so the configuration effectively doesn't matter. As long as one host is attempting to send journals to another in Disco, this bug will be triggered. Examples configs: ### # Server 1 Config # ### $ cat /etc/systemd/system/systemd-journal-remote.service [Unit] Description=Journal Remote Sink Service Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5) Requires=systemd-journal-remote.socket [Service] ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/ LockPersonality=yes LogsDirectory=journal/remote MemoryDenyWriteExecute=yes NoNewPrivileges=yes PrivateDevices=yes PrivateNetwork=yes PrivateTmp=yes ProtectControlGroups=yes ProtectHome=yes ProtectHostname=yes ProtectKernelModules=yes ProtectKernelTunables=yes ProtectSystem=strict RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes RestrictSUIDSGID=yes SystemCallArchitectures=native User=systemd-journal-remote WatchdogSec=3min # If there are many split up journal files we need a lot of fds to access them # all in parallel. LimitNOFILE=524288 [Install] Also=systemd-journal-remote.socket ### # Server 2 Config # ### $ cat /etc/systemd/journal-upload.conf [Upload] URL=http://server1:19532 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
@drdabbles can you provide steps and/or conf files to reproduce this please -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
This is fixed with v242, present in Eoan. ** Also affects: systemd (Ubuntu Disco) Importance: Undecided Status: New ** Changed in: systemd (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: systemd (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
** Also affects: openstack-ansible Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
** Changed in: systemd Status: Unknown => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953
For those that may try to search for this bug in the future, the error I received was Error 411: gth required The issue is that libmicrohttpd exhibits a bug when Content-Length is omitted, even if Transfer-Encoding is set to "chunked". The HTTP/1.1 spec allows Content-Length to be omitted when the length is unknown as long as Transfer-Encoding: Chunked is specified. The proper behavior would be for journald to return an error to the client when it has received too much data. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1847527 Title: Backport systemd-journal-remote fix PR #11953 To manage notifications about this bug go to: https://bugs.launchpad.net/systemd/+bug/1847527/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
