[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Thanks for everyone's work on this - much appreciated. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
http://people.canonical.com/~ubuntu-archive/pending-sru.html indicates there is allegedly a regression in svn. Last build is here: https://jenkins.qa.ubuntu.com/job/trusty-adt- subversion/lastBuild/ARCH=amd64,label=adt/ and indeed the build log shows a failure here: https://jenkins.qa.ubuntu.com/job/trusty-adt- subversion/lastBuild/ARCH=amd64,label=adt/artifact/results/log cjwatson suggested on #ubuntu-devel: This might just mean that the fix for https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1393832 needs to be cherry-picked as well, but I'm not sure. Perhaps rbasak can investigate. I tried replicating this with adt locally, but can't get it to fail the test either before OR after the change. I'd suggest that the test suite running would have failed both before and after this change. If this is indeed https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1393832 it will need someone to propose an SRU for it. My feeling is however that it is unrelated to this change. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Thanks. Verified that this works with the original test cases, and marked verification-done. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Thanks Robie. If it helps, we have been running this patch on many tens of machines of machines since early Nov 2014 (so approximately 4 months) without any ill effects, with and without SSL (though we don't use stapling). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Any update on this one? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Robie: can I ping you once more re the backport to trusty? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Robie: I've verified that the Vivid version works fine. Can I ping you re getting the SRU done for Trusty? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1400775] Re: CVE-2014-8106 insufficient blit region check
Made this public as the links to which it refers are public. ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1400775 Title: CVE-2014-8106 insufficient blit region check To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1400775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Robie: this is me poking you after a couple of weeks, as requested. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Robie: no apology needed, and yes I would be happy to check Vivid. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
I have added [Impact] and [Regression potential] sections. Do the SRU requirements mean we need a patch for U too? I'm not sure what current development release means right now given that U is out. I believe the upstream 2.4.10 patch should apply straight to U. It's upstream, so V will presumably get whatever upstream has. I'll ask for someone to nominate this but I think you may need to take it from here, Robie. ** Description changed: Apache2 crashes with multiple SSL sites. + + [Impact] + + Apache may SEGV on initialisation (and thus refuse to start) when using + multiple SSL sites in a moderately complex configuration. Though the + crash is caused by OCSP stapling code, it is not necessary for OCSP to + be enabled to cause the problem. As the problem is caused by a memory + address changing between reads of the config file, in theory any + configuration with one SSL site could refuse to run, though in practice + a degree of complexity appears to be necessary to cause sufficient + memory allocation to trigger the crash. + + The bug is thus serious as any SSL apache configuration may not load. + + [Testcase] + + See comment #1 + + [Regression Potential] + + The most likely regression potential is a failure of OCSP to work + properly. OCSP is relatively new and little used code, and hence is less + well tested than other areas. Though the work was done upstream and has + been approved by OCSP-familiar apache authors, it is possible a change + to the OCSP code will cause some OCSP functionality defect. However, the + comparative lack of use of OCSP (compared to SSL) means the impact of + any such failure should be limited. + + + Detailed description follows: When starting apache2 with multiple SSL sites I get a SEGV like this: (gdb) bt #0 0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so #1 0x729647a6 in int_free_ex_data (class_index=optimized out, obj=0x55af7460, ad=0x55af7488) at ex_data.c:522 #2 0x72a05061 in x509_cb (operation=operation@entry=3, pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, - exarg=exarg@entry=0x0) at x_x509.c:113 + exarg=exarg@entry=0x0) at x_x509.c:113 #3 0x72a08fea in asn1_item_combine_free (pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, combine=combine@entry=0) - at tasn_fre.c:173 + at tasn_fre.c:173 #4 0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71 #5 0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141 #6 0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275 #7 0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized out, ptemp=0x77fbf028, base_server=0x77fc1de0) - at ssl_engine_init.c:194 + at ssl_engine_init.c:194 #8 0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103 #9 0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765 This is 100% repeatable. This looks very like: - https://bugzilla.redhat.com/show_bug.cgi?id=1074406 + https://bugzilla.redhat.com/show_bug.cgi?id=1074406 save that I am not using Auth at all. However, ssl itself requires the socache logic, so perhaps it has the same root cause. Disabling a couple of SSL sites normally resolves the problem. What I expected to happen: apache2 to start without SEGV What actually happened: apache2 did not start due to SEGV root@nimtest:/root# lsb_release -rd Description: Ubuntu 14.04.1 LTS Release: 14.04 root@nimtest:/root# apt-cache policy apache2-bin apache2-bin: - Installed: 2.4.7-1ubuntu4.1 - Candidate: 2.4.7-1ubuntu4.1 - Version table: - *** 2.4.7-1ubuntu4.1 0 - 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages - 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages - 100 /var/lib/dpkg/status - 2.4.7-1ubuntu4 0 - 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages + Installed: 2.4.7-1ubuntu4.1 + Candidate: 2.4.7-1ubuntu4.1 + Version table: + *** 2.4.7-1ubuntu4.1 0 + 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages + 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages + 100 /var/lib/dpkg/status + 2.4.7-1ubuntu4 0 + 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)' ii apache2 2.4.7-1ubuntu4.1 amd64Apache HTTP Server ii apache2-bin 2.4.7-1ubuntu4.1 amd64Apache HTTP Server (binary files and
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
I have attached a backport to 2.4.7 to this comment. This is a backport of the backport to 2.4.x in upstream svn. More details in the commit message. This is a straight patch to the source (produced from git) rather than a proper packaged up patch, if you see what I mean. I've put this up on github too for ease of review: https://github.com/abligh/apache2-2.4.7-ubuntu-trusty/commit/6e24e496c7aee8aa1ff13a41dae71c91fe8c0bbe ** Patch added: LP#1366174: Backport PR54357 to 2.4.7 - Crash during restart or at startup in mod_ssl, in certinfo_free() function registered by ssl_stapling_ex_init() https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1366174/+attachment/4254782/+files/0001-LP-1366174-Backport-PR54357-to-2.4.7-Crash-during-re.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
This has now been merged into 2.4. See https://issues.apache.org/bugzilla/show_bug.cgi?id=54357 Any chance this can now be backported to Trusty? The impact is pretty severe. ** Bug watch added: Apache Software Foundation Bugzilla #54357 http://issues.apache.org/bugzilla/show_bug.cgi?id=54357 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
The fix for this is now committed in trunk. A 2.4 backport is available. See: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?r1=1631030r2=1631029 Patch (per the above) at: https://people.apache.org/~kbrand/mod_ssl-2.4.x-PR54357.diff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
Yes, we did talk on IRC :-) As far as I can tell, utopic 2.4.10-1ubuntu1 does not build modident (still). I suspect what might have been fixed in the debian bug my report got merged into (https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=711925) is the constant removal of any module called modident wherever you load it from. However, this doesn't address the problem that modident is missing in the first place. ** Bug watch added: Debian Bug tracker #711925 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711925 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
Yep, though I think that was what https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=752922 asked for. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Robie: removing the reference to certinfo_free where X509_get_ex_new_index is called within ssl_stapling_ex_init works around the 2.4.10 bug at the expense of a memory leak. I haven't (yet) verified this entirely fixes 2.4.7 though I suspect it will. I'll test that in a bit. Obviously this solution is pretty foul, but is probably better than the current situation. A better solution from upstream would be welcomed. The underlying issue is that not all SSL resources are being correctly individually freed, and for various reasons the cleanup function can't be used to clean them all up. If I've understood this bug right, any apache config that uses SSL is vulnerable to a crash on startup; it just needs to be reasonably complex (sufficiently complex to cause dlopen() to choose a different memory address to load the SSL module). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
I can confirm that the above workaround fixes 2.4.7, both my testcase and our real world version. I attach a patch. This is probably 'better than nothing'. ** Patch added: Patch to avoid calling certinfo_free (ugly workaround) https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1366174/+attachment/4199615/+files/apache2-dont-use-certinfo-free.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Robie: that attitude is quite understandable. I'm willing to do some work bisecting it, but I fear the root problem is going to be that addressed this commit: http://svn.apache.org/viewvc?view=revisionrevision=1573360 The ssl_pphrase_Handle routine is misleadingly named, and in fact is pretty much the core SSL initialisation routine for all the sites. What appears to be going wrong is one of the addresses for the callback going awry. The above commit rewrites this completely (which is an intrusive change) - the author's opinion of the previous code is evident from the commit message. As you can see, upstream's proposed fix was 'upgrade'. I don't think this will qualify as a 'minimal patch'. As far as I can tell from playing so far, the root problem seems to be connected to .so file loading. modphp + moddbd postgresql tickles it, but I suspect other combinations will as well. If it's going to be difficult to fix this against 2.4.7, would getting 2.4.10 (the Utopic version) into trusty-backports be permissible? That way at least I'd get security updates. I can confirm this builds out of the box with no issues. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Turns out 2.4.10 also has the bug after all (it's just more difficult to trigger). I think I have found the root cause. I've put details upstream. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
I think I've got about the minimal case for replication. Attached is a tiny perl script which generates a number of SSL sites of the form: VirtualHost 127.0.0.1:$port ServerName 127.0.0.1:$port SSLEngine on SSLCertificateFile/etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key DBDriver pgsql /VirtualHost When the numebr of sites exceeds 61 (on my machine), I get an illegal instruction error. The DBDriver pgsql itself is important, but I don't think this is a DBD problem. About anything that loads a module causes a problem. ** Attachment added: Perl file to make configuration to replicate the problem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1366174/+attachment/4197022/+files/makeconf.pl -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
Actually DBDriver pgsql causes the issue, but not DBDriver mysql, and it can be outside the virtual host block. So I think this might be a pgsql driver issue. Reported upstream at: https://issues.apache.org/bugzilla/show_bug.cgi?id=56919 ** Bug watch added: Apache Software Foundation Bugzilla #56919 http://issues.apache.org/bugzilla/show_bug.cgi?id=56919 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] Re: apache2 SEGV with multiple SSL sites
The number of sites required appears to vary. Also it appears to be necessary to have mod php5 enabled. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1366174 Title: apache2 SEGV with multiple SSL sites To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1366174/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1366174] [NEW] apache2 SEGV with multiple SSL sites
Public bug reported: Apache2 crashes with multiple SSL sites. When starting apache2 with multiple SSL sites I get a SEGV like this: (gdb) bt #0 0x705faaf3 in ?? () from /usr/lib/apache2/modules/mod_ssl.so #1 0x729647a6 in int_free_ex_data (class_index=optimized out, obj=0x55af7460, ad=0x55af7488) at ex_data.c:522 #2 0x72a05061 in x509_cb (operation=operation@entry=3, pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, exarg=exarg@entry=0x0) at x_x509.c:113 #3 0x72a08fea in asn1_item_combine_free (pval=pval@entry=0x7fffc218, it=it@entry=0x72cc0780 X509_it, combine=combine@entry=0) at tasn_fre.c:173 #4 0x72a091c5 in ASN1_item_free (val=val@entry=0x55af7460, it=it@entry=0x72cc0780 X509_it) at tasn_fre.c:71 #5 0x72a0514c in X509_free (a=a@entry=0x55af7460) at x_x509.c:141 #6 0x705ee0b8 in ssl_pphrase_Handle (s=s@entry=0x77fc1de0, p=p@entry=0x77fbf028) at ssl_engine_pphrase.c:275 #7 0x705e3658 in ssl_init_Module (p=0x77ff0028, plog=optimized out, ptemp=0x77fbf028, base_server=0x77fc1de0) at ssl_engine_init.c:194 #8 0x555aa2a9 in ap_run_post_config (pconf=0x77ff0028, plog=0x77fbd028, ptemp=0x77fbf028, s=0x77fc1de0) at config.c:103 #9 0x5558ae07 in main (argc=6, argv=0x7fffe5a8) at main.c:765 This is 100% repeatable. This looks very like: https://bugzilla.redhat.com/show_bug.cgi?id=1074406 save that I am not using Auth at all. However, ssl itself requires the socache logic, so perhaps it has the same root cause. Disabling a couple of SSL sites normally resolves the problem. What I expected to happen: apache2 to start without SEGV What actually happened: apache2 did not start due to SEGV root@nimtest:/root# lsb_release -rd Description:Ubuntu 14.04.1 LTS Release:14.04 root@nimtest:/root# apt-cache policy apache2-bin apache2-bin: Installed: 2.4.7-1ubuntu4.1 Candidate: 2.4.7-1ubuntu4.1 Version table: *** 2.4.7-1ubuntu4.1 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 100 /var/lib/dpkg/status 2.4.7-1ubuntu4 0 500 http://gb.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages root@nimtest:/root# dpkg --list | egrep '\b(apache2|libssl|openssl)' ii apache2 2.4.7-1ubuntu4.1 amd64Apache HTTP Server ii apache2-bin 2.4.7-1ubuntu4.1 amd64Apache HTTP Server (binary files and modules) ii apache2-data 2.4.7-1ubuntu4.1 all Apache HTTP Server (common files) ii apache2-dbg 2.4.7-1ubuntu4.1 amd64Apache debugging symbols ii apache2-utils2.4.7-1ubuntu4.1 amd64Apache HTTP Server (utility programs for web servers) ii libgnutls-openssl27:amd642.12.23-12ubuntu2.1 amd64GNU TLS library - OpenSSL wrapper ii libssl1.0.0:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - shared libraries ii libssl1.0.0-dbg:amd641.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - debug information ii openssl 1.0.1f-1ubuntu2.5 amd64Secure Sockets Layer toolkit - cryptographic utility ii python-openssl 0.13-2ubuntu6 amd64Python 2 wrapper around the OpenSSL library Modules in use: root@nimtest:/root# ls -1 /etc/apache2/mods-enabled/ access_compat.load alias.conf alias.load auth_basic.load authn_core.load authn_file.load authz_core.load authz_groupfile.load authz_host.load authz_user.load autoindex.conf autoindex.load cgi.load dbd.load deflate.conf deflate.load dir.conf dir.load env.load filter.load headers.load ident2.load lbmethod_byrequests.load mime.conf mime.load mpm_prefork.conf mpm_prefork.load negotiation.conf negotiation.load php5.conf php5.load proxy.conf proxy.load proxy_balancer.conf proxy_balancer.load proxy_http.load reqtimeout.conf reqtimeout.load rewrite.load setenvif.conf setenvif.load slotmem_shm.load socache_shmcb.load ssl.conf ssl.load status.conf status.load substitute.load websocket.load websocket_draft76.load Here's a startup log plus 'bt full' root@nimtest:/root# APACHE_LOCK_DIR=/var/lock/apache2 APACHE_RUN_USER=www-data gdb --args /usr/sbin/apache2 -k start -X -e Debug GNU gdb (Ubuntu 7.7-0ubuntu3.1) 7.7 Copyright (C) 2014 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by
[Bug 1358242] [NEW] libxen-4.4 has no corresponding debug package
Public bug reported: libxen-4.4 has no corresponding debug package with debugging symbols in. ** Affects: xen (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to xen in Ubuntu. https://bugs.launchpad.net/bugs/1358242 Title: libxen-4.4 has no corresponding debug package To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xen/+bug/1358242/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
This gets worse. You can't even use your own mod_ident, because whenever apache2 is upgraded, it runs this: OBSOLETE_CONFFILES=... /etc/apache2/mods-available/ident.load ... ... if [ -n $2 ] || obsolete_conffile_exists ; then prepare_rm_conffile prepare_mv_conffile fi which goes and removes its .load file. What is the justification for mandatory removal of functional configuration files shipped with the upstream package, just because someone decided they shouldn't be used by default? It's almost as if someone has made it deliberately near impossible to use these modules. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1291321] Re: migration fails between 12.04 Precise and 14.04 Trusty
This is pretty annoying. In a situation where you have many customer VMs running on 12.04, and want to migrate them to a host running 14.04 (so you can do a rolling OS upgrade), I'm afraid shut down all your customer VMs and restart isn't really an option for obvious reasons. Equally, installing two versions of qemu, or custom versions of qemu is not really an option. In my situation I'm not using virsh / libvirt, so adding '-machine pc-1.0 -global cirrus-vga.vgamem_mb=10' or similar would be a reasonable fix; when the VM is eventually rebooted, I can reboot without that, and the hardware will appear to be upgraded (not great, but ok). However, this doesn't work as (as far as I can tell) there is no way to get past: 'Length mismatch: :00:03.0/virtio-net-pci.rom: 1 in != 2' through command-line skulduggery. What it seems to me one should do is define a pc-1.0-precise machine type (which is obviously not going to be used by anyone using raring etc.), and use this solely for incoming migrations. I'd produce the patch myself save I've not yet discovered where the relevant tweak for changing virtio-net-pci.rom size is. If I find it (I've contributed to qemu before) would you take this as an SRU? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1291321 Title: migration fails between 12.04 Precise and 14.04 Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1291321/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1291321] Re: migration fails between 12.04 Precise and 14.04 Trusty
Looks like there is a patch here: http://pkgs.fedoraproject.org/cgit/qemu.git/tree/0001-Fix-migration-from-qemu-kvm.patch?h=f20 but it's either take it (and break inbound migrates from quantal etc.) or don't (and break inbound migrates from precise). Another possibility (unhelpful for libvirt possibly), would simply be a second binary for this purpose. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu in Ubuntu. https://bugs.launchpad.net/bugs/1291321 Title: migration fails between 12.04 Precise and 14.04 Trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1291321/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1337262] [NEW] kmod should permit use of compressed modules
Public bug reported: kmod should permit use of compressed modules. This enables images that boot from RAM to be much smaller. In essence this requires only changing a build option. Uncompressed modules are still supported. A patch is here: https://github.com/abligh/kmod/commit/31795c8078ba9ccb6f064d11d0c9e640f8e0fab1 ** Affects: kmod (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1337262 Title: kmod should permit use of compressed modules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/1337262/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1337262] Re: kmod should permit use of compressed modules
gah this got filed under apache2 even though I said affects kmod. - apologies all ** Package changed: apache2 (Ubuntu) = kmod (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/1337262 Title: kmod should permit use of compressed modules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kmod/+bug/1337262/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
Reported to Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752922 ** Bug watch added: Debian Bug tracker #752922 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752922 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
Arguably the real fix to this is to configure apache with --reallyall (compile everything), then perhaps put the more esoteric modules in a secondary package (libapache2-mod-extra or something). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] [NEW] mod_ident no longer included in apache
Public bug reported: Precise included mod_ident in apache2.2. Trusty does not include mod_ident in apache2.4. There appears to be no other package containing mod_ident.so. Therefore an upgrade between Precise (LTS) and Trusty (LTS) will unfixably break anything using mod_ident. This affects me sufficiently that I will happily build and contribute a mod_ident package for apache 2.4 (assuming I can pull it out the source), but I am reliably informed fixing this merely requires adding '--enable-ident' to debian/rules (not yet verified). This would seem the obvious fix. ** Affects: apache2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
The attached patch appear to result in it building, and being able to be inserted as a module. root@trustytest:/home/ubuntu/apache2/apache2-2.4.7# for i in ../*.deb ; do echo $i ; dpkg -c $i | fgrep ident ; done ../apache2_2.4.7-1ubuntu4_amd64.deb -rw-r--r-- root/root62 2014-06-23 20:00 ./etc/apache2/mods-available/ident.load ../apache2.2-bin_2.4.7-1ubuntu4_amd64.deb ../apache2-bin_2.4.7-1ubuntu4_amd64.deb -rw-r--r-- root/root 10248 2014-06-23 20:04 ./usr/lib/apache2/modules/mod_ident.so ../apache2-data_2.4.7-1ubuntu4_all.deb ../apache2-dbg_2.4.7-1ubuntu4_amd64.deb -rw-r--r-- root/root 28316 2014-06-23 20:04 ./usr/lib/debug/usr/lib/apache2/modules/mod_ident.so ../apache2-dev_2.4.7-1ubuntu4_amd64.deb ../apache2-doc_2.4.7-1ubuntu4_all.deb -rw-r--r-- root/root 10502 2014-06-23 20:03 ./usr/share/doc/apache2-doc/manual/ja/mod/mod_ident.html -rw-r--r-- root/root 9993 2014-06-23 20:03 ./usr/share/doc/apache2-doc/manual/fr/mod/mod_ident.html -rw-r--r-- root/root 9550 2014-06-23 20:03 ./usr/share/doc/apache2-doc/manual/en/mod/mod_ident.html -rw-r--r-- root/root 9068 2014-06-23 20:03 ./usr/share/doc/apache2-doc/manual/ko/mod/mod_ident.html lrwxrwxrwx root/root 0 2014-06-23 20:04 ./usr/share/doc/apache2-doc/manual/zh-cn/mod/mod_ident.html - ../../en/mod/mod_ident.html lrwxrwxrwx root/root 0 2014-06-23 20:04 ./usr/share/doc/apache2-doc/manual/da/mod/mod_ident.html - ../../en/mod/mod_ident.html lrwxrwxrwx root/root 0 2014-06-23 20:04 ./usr/share/doc/apache2-doc/manual/de/mod/mod_ident.html - ../../en/mod/mod_ident.html lrwxrwxrwx root/root 0 2014-06-23 20:04 ./usr/share/doc/apache2-doc/manual/pt-br/mod/mod_ident.html - ../../en/mod/mod_ident.html lrwxrwxrwx root/root 0 2014-06-23 20:04 ./usr/share/doc/apache2-doc/manual/tr/mod/mod_ident.html - ../../en/mod/mod_ident.html lrwxrwxrwx root/root 0 2014-06-23 20:04 ./usr/share/doc/apache2-doc/manual/es/mod/mod_ident.html - ../../en/mod/mod_ident.html ../apache2-mpm-event_2.4.7-1ubuntu4_amd64.deb ../apache2-mpm-itk_2.4.7-1ubuntu4_amd64.deb ../apache2-mpm-prefork_2.4.7-1ubuntu4_amd64.deb ../apache2-mpm-worker_2.4.7-1ubuntu4_amd64.deb ../apache2-suexec_2.4.7-1ubuntu4_amd64.deb ../apache2-suexec-custom_2.4.7-1ubuntu4_amd64.deb ../apache2-suexec-pristine_2.4.7-1ubuntu4_amd64.deb ../apache2-utils_2.4.7-1ubuntu4_amd64.deb ../libapache2-mod-macro_2.4.7-1ubuntu4_amd64.deb ../libapache2-mod-proxy-html_2.4.7-1ubuntu4_amd64.deb root@trustytest:/home/ubuntu/apache2/apache2-2.4.7# a2enmod ident Enabling module ident. To activate the new configuration, you need to run: service apache2 restart root@trustytest:/home/ubuntu/apache2/apache2-2.4.7# service apache2 restart * Restarting web server apache2 AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message ** Patch added: Patch to add mod_ident https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+attachment/4137677/+files/0001-LP-188-add-mod_ident.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1333388] Re: mod_ident no longer included in apache
If you prefer this as a separate module, this would appear to compile and load as a module: https://github.com/abligh/libapache-mod-ident Direction on which you would prefer would be useful and I will get testing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/188 Title: mod_ident no longer included in apache To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/188/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1275656] Re: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build
That's a shame, but thanks for the info. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1275656 Title: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cunit/+bug/1275656/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1275656] Re: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build
Hi, I tried to test this and couldn't get it to work, though I may have done something stupid. I run precise, and upgraded to the lts-trusty kernel. I then removed open-vm-tools ( friends), and inserted the custom built precise package. That all worked fine, but I still can't mount vmhgfs as I did before I did the kernel upgrade in the first place (more precisely, my /etc/fstab line worked, whereas now the system still hangs on boot until I press 'S' at the console). I note the above says The modules which fail to build have been merged upstream, ***with the exception of the host-guest file system (hgfs) module which has been replaced with an hgfs FUSE helper***. These modules are available in v3.9 of the kernel and later (Saucy and later) (my emphasis). That rather implies that the FUSE helper is now included within the package(s). If so, how do I use it as the previous syntax does not appear to work. If not, how does one get the FUSE helper? Alex amb@nimrod-ubuntu:~$ fgrep vmhgfs /etc/fstab .host:/amb-nimrod /home/amb/nimrod vmhgfs none 0 0 amb@nimrod-ubuntu:~$ sudo mount -t vmhgfs .host:/amb-nimrod /home/amb/nimrod Error: cannot mount filesystem: No such device amb@nimrod-ubuntu:~$ uname -a Linux nimrod-ubuntu 3.13.0-29-generic #53~precise1-Ubuntu SMP Wed Jun 4 22:06:25 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux amb@nimrod-ubuntu:~$ dpkg --list | egrep '(open-vm|linux-image|linux-headers)' ii linux-headers-3.13.0-29 3.13.0-29.53~precise1 Header files related to Linux kernel version 3.13.0 ii linux-headers-3.13.0-29-generic 3.13.0-29.53~precise1 Linux kernel headers for version 3.13.0 on 64 bit x86 SMP ii linux-headers-3.2.0-64 3.2.0-64.97 Header files related to Linux kernel version 3.2.0 ii linux-headers-3.2.0-64-generic 3.2.0-64.97 Linux kernel headers for version 3.2.0 on 64 bit x86 SMP ii linux-headers-3.8.0-35 3.8.0-35.52~precise1 Header files related to Linux kernel version 3.8.0 ii linux-headers-3.8.0-35-generic 3.8.0-35.52~precise1 Linux kernel headers for version 3.8.0 on 64 bit x86 SMP ii linux-headers-generic 3.2.0.64.76 Generic Linux kernel headers ii linux-headers-generic-lts-trusty3.13.0.29.25 Generic Linux kernel headers ii linux-image-3.13.0-29-generic 3.13.0-29.53~precise1 Linux kernel image for version 3.13.0 on 64 bit x86 SMP ii linux-image-3.2.0-48-generic3.2.0-48.74 Linux kernel image for version 3.2.0 on 64 bit x86 SMP ii linux-image-3.2.0-57-generic3.2.0-57.87 Linux kernel image for version 3.2.0 on 64 bit x86 SMP ii linux-image-3.2.0-58-generic3.2.0-58.88 Linux kernel image for version 3.2.0 on 64 bit x86 SMP ii linux-image-3.2.0-64-generic3.2.0-64.97 Linux kernel image for version 3.2.0 on 64 bit x86 SMP ii linux-image-3.8.0-35-generic3.8.0-35.52~precise1 Linux kernel image for version 3.8.0 on 64 bit x86 SMP ii linux-image-generic 3.2.0.64.76 Generic Linux kernel image ii linux-image-generic-lts-trusty 3.13.0.29.25 Generic Linux kernel image ii open-vm-tools-lts-trusty 2:9.4.0-1280544-5ubuntu6~precise1Open VMware Tools for virtual machines hosted on VMware (CLI) ii open-vm-tools-lts-trusty-dbg 2:9.4.0-1280544-5ubuntu6~precise1Open VMware Tools for virtual machines hosted on VMware (debug) ii open-vm-tools-lts-trusty-desktop 2:9.4.0-1280544-5ubuntu6~precise1Open VMware Tools for virtual machines hosted on VMware (GUI) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1275656 Title: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cunit/+bug/1275656/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1275656] Re: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build
Further playing about suggests I need (somehow) vmware-hgfsclient, but the package seems devoid of any documentation or manual pages. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1275656 Title: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cunit/+bug/1275656/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1068756] Re: IPv6 Privacy Extensions enabled on Ubuntu Server by default
** Also affects: cloud-init (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1068756 Title: IPv6 Privacy Extensions enabled on Ubuntu Server by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1068756/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1068756] Re: IPv6 Privacy Extensions enabled on Ubuntu Server by default
Neil: the metadata is just one example (though that's not happening). The firewall rule thing applies irrespective of the metadata. The cloud environment created requires only /128 addresses it knows about to be accessible, and firewalls everything else out. Reasons for this include prevention of spoofing of IP addresses on outbound traffic. We want each UEC image to come up with the IPv6 address(es) we have assigned, and not a random one in the same /64. This is not an unreasonable requirement. We would use DHCPv6 for this if it weren't for the fact that DHCPv6 is broken in different ways and has little support. IPv6 *as designed* says RFC4941 SHOULD (RFC capitalisation) be turned off by default. So the argument that applications should be using it 'as designed' is bogus, as if it was deployed *as designed* (i.e. per the RFC) it would work. There would be no problem with (e.g.) Network Manager turning this on in a desktop environment. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1068756 Title: IPv6 Privacy Extensions enabled on Ubuntu Server by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1068756/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1068756] Re: IPv6 Privacy Extensions enabled on Ubuntu Server by default
This affects 14.04 too -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1068756 Title: IPv6 Privacy Extensions enabled on Ubuntu Server by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1068756/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1068756] Re: IPv6 Privacy Extensions enabled on Ubuntu Server by default
That doesn't work if (for instance) you have 2 machines on the same SDN virtual LAN, which is a /64, and you want to prevent source spoofing between them. For avoidance of doubt, we do use /64s. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1068756 Title: IPv6 Privacy Extensions enabled on Ubuntu Server by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1068756/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1083719] Re: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build [error: implicit declaration of function ‘d_alloc_root’]
Just as a note, the new kernels are not only needed on LTS for hardware enablement (and I'm guessing relatively few people need hardware enablement in a VMware guest), but also to run Docker, which I suspect affects more people (me included). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to open-vm-tools in Ubuntu. https://bugs.launchpad.net/bugs/1083719 Title: open-vm-dkms 2011.12.20-562307-0ubuntu1: open-vm-tools kernel module failed to build [error: implicit declaration of function ‘d_alloc_root’] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/open-vm-tools/+bug/1083719/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086775] Re: Maintainer scripts mishandle /var/cache/bind permissions
** Description changed: Affects: 1:9.7.0.dfsg.P1-1ubuntu0.8, 1:9.8.1.dfsg.P1-4ubuntu0.4, 1:9.8.4 .dfsg-1ubuntu1. bind9.postinst only sets permissions on /var/cache/bind on a fresh install. When the bind9 package is removed but not purged, /var/cache/bind is removed, but /etc/bind is left alone (as expected). When the bind9 package is reinstalled from this state, the postinst fails to correct the default 755 permissions on /var/cache/bind. This is particularly a problem for users upgrading from Lucid, since this - situation causes 100% CPU usage due to bug 695264. + situation causes 100% CPU usage due to bug 1038199. Steps to reproduce: 1. Start with a Lucid system 2. apt-get install bind9 3. apt-get remove bind9 4. apt-get install bind9 Note broken permissions in /var/cache/bind. This isn't directly reproducible in Raring because files are now left behind in /var/cache/bind causing /var/cache/bind to not be removed when the package is removed (is this a separate bug?) However, if from Lucid you then do: 5. do-release-upgrade Then the problem propagates to Raring, and you'll see bug 1038199 (100% CPU usage). Workaround: # chown root.bind /var/cache/bind # chmod 775 /var/cache/bind # service bind9 restart Logs from the upgraded machine (see 'working directory not writeable' and 'permission denied') 05-Dec-2012 12:23:35.719 found 2 CPUs, using 2 worker threads 05-Dec-2012 12:23:35.720 using up to 4096 sockets 05-Dec-2012 12:23:35.726 loading configuration from '/etc/bind/named.conf' 05-Dec-2012 12:23:35.727 reading built-in trusted keys from file '/etc/bind/bind.keys' 05-Dec-2012 12:23:35.727 using default UDP/IPv4 port range: [1024, 65535] 05-Dec-2012 12:23:35.728 using default UDP/IPv6 port range: [1024, 65535] 05-Dec-2012 12:23:35.729 listening on IPv6 interfaces, port 53 05-Dec-2012 12:23:35.731 listening on IPv4 interface lo, 127.0.0.1#53 05-Dec-2012 12:23:35.732 listening on IPv4 interface eth0, 10.40.0.5#53 05-Dec-2012 12:23:35.734 listening on IPv4 interface eth1, 10.157.128.1#53 05-Dec-2012 12:23:35.735 listening on IPv4 interface eth1, 10.161.208.1#53 05-Dec-2012 12:23:35.736 listening on IPv4 interface eth0.60, 10.157.16.12#53 05-Dec-2012 12:23:35.738 generating session key for dynamic DNS 05-Dec-2012 12:23:35.738 sizing zone task pool based on 7 zones 05-Dec-2012 12:23:35.744 using built-in root key for view _default 05-Dec-2012 12:23:35.744 set up managed keys zone for view _default, file 'managed-keys.bind' 05-Dec-2012 12:23:35.744 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones 05-Dec-2012 12:23:35.744 automatic empty zone: 254.169.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 2.0.192.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 100.51.198.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 113.0.203.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: D.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 8.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 9.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: A.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: B.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA 05-Dec-2012 12:23:35.749 command channel listening on 127.0.0.1#953 05-Dec-2012 12:23:35.749 command channel listening on ::1#953 05-Dec-2012 12:23:35.749 the working directory is not writable 05-Dec-2012 12:23:35.749 ignoring config file logging statement due to -g option 05-Dec-2012 12:23:35.750 zone 0.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.750 zone 157.10.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.751 zone 127.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.752 zone 255.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.753 zone extility.install/IN: loaded serial 1300877104 05-Dec-2012 12:23:35.754 zone localhost/IN: loaded serial 2 05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found 05-Dec-2012 12:23:35.754 managed-keys.bind.jnl: create: permission denied 05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: sync_keyzone:dns_journal_open - unexpected error -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1086775 Title: Maintainer scripts mishandle /var/cache/bind permissions To manage notifications about this bug go to:
[Bug 1038199] Re: Bind9 9.8.1 high CPU utilization when managed-keys-directory option is omitted from config
Note that upgrades from Lucid to Precise can trigger this bug as the directory permissions may preclude writing to /var/cache/bind - see bug 1086775 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1038199 Title: Bind9 9.8.1 high CPU utilization when managed-keys-directory option is omitted from config To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1038199/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086775] [NEW] bind9 uses high CPU after lucid-precise upgrade
Public bug reported: Summary: bind9 uses very high CPU after an upgrade from Lucid to Precise. I have traced this to a directory permissions problem as /var/cache/bind is not writeable by the bind group after an upgrade, but is writeable after a clean install. Ubuntu release: root@dev1-kvm-cluster:~# lsb_release -rd Description:Ubuntu 12.04.1 LTS Release:12.04 Package version: root@dev1-kvm-cluster:~# apt-cache policy bind9 bind9: Installed: 1:9.8.1.dfsg.P1-4ubuntu0.4 Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.4 Version table: *** 1:9.8.1.dfsg.P1-4ubuntu0.4 0 500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages 100 /var/lib/dpkg/status 1:9.8.1.dfsg.P1-4 0 500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages Expected behaviour: Upgrading Lucid-Precise when bind9 is installed does not use 100% CPU Observed behaviour: Upgrading Lucid-Precise when bind9 is installed does not use 100% CPU Root cause: On an upgraded machine: root@dev1-kvm-cluster:~# ls -la /var/cache/bind total 8 drwxr-xr-x 2 root bind 4096 Jun 5 2012 . drwxr-xr-x 14 root root 4096 Dec 5 10:18 .. On a clean install of Precise: amb@adamant:~$ ls -la /var/cache/bind total 16 drwxrwxr-x 2 root bind 4096 Dec 4 21:00 . drwxr-xr-x 8 root root 4096 Dec 3 20:54 .. -rw-r--r-- 1 bind bind 698 Dec 4 21:00 managed-keys.bind -rw-r--r-- 1 bind bind 512 Dec 4 21:00 managed-keys.bind.jnl Workaround: # chmod 775 /var/cache/bind # service bind9 restart Logs from the upgraded machine (see 'working directory not writeable' and 'permission denied') 05-Dec-2012 12:23:35.719 found 2 CPUs, using 2 worker threads 05-Dec-2012 12:23:35.720 using up to 4096 sockets 05-Dec-2012 12:23:35.726 loading configuration from '/etc/bind/named.conf' 05-Dec-2012 12:23:35.727 reading built-in trusted keys from file '/etc/bind/bind.keys' 05-Dec-2012 12:23:35.727 using default UDP/IPv4 port range: [1024, 65535] 05-Dec-2012 12:23:35.728 using default UDP/IPv6 port range: [1024, 65535] 05-Dec-2012 12:23:35.729 listening on IPv6 interfaces, port 53 05-Dec-2012 12:23:35.731 listening on IPv4 interface lo, 127.0.0.1#53 05-Dec-2012 12:23:35.732 listening on IPv4 interface eth0, 10.40.0.5#53 05-Dec-2012 12:23:35.734 listening on IPv4 interface eth1, 10.157.128.1#53 05-Dec-2012 12:23:35.735 listening on IPv4 interface eth1, 10.161.208.1#53 05-Dec-2012 12:23:35.736 listening on IPv4 interface eth0.60, 10.157.16.12#53 05-Dec-2012 12:23:35.738 generating session key for dynamic DNS 05-Dec-2012 12:23:35.738 sizing zone task pool based on 7 zones 05-Dec-2012 12:23:35.744 using built-in root key for view _default 05-Dec-2012 12:23:35.744 set up managed keys zone for view _default, file 'managed-keys.bind' 05-Dec-2012 12:23:35.744 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones 05-Dec-2012 12:23:35.744 automatic empty zone: 254.169.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 2.0.192.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 100.51.198.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 113.0.203.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: D.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 8.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 9.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: A.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: B.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA 05-Dec-2012 12:23:35.749 command channel listening on 127.0.0.1#953 05-Dec-2012 12:23:35.749 command channel listening on ::1#953 05-Dec-2012 12:23:35.749 the working directory is not writable 05-Dec-2012 12:23:35.749 ignoring config file logging statement due to -g option 05-Dec-2012 12:23:35.750 zone 0.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.750 zone 157.10.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.751 zone 127.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.752 zone 255.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.753 zone extility.install/IN: loaded serial 1300877104 05-Dec-2012 12:23:35.754 zone localhost/IN: loaded serial 2 05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found 05-Dec-2012 12:23:35.754 managed-keys.bind.jnl: create: permission denied 05-Dec-2012 12:23:35.754 managed-keys-zone ./IN: sync_keyzone:dns_journal_open - unexpected error ** Affects: bind9 (Ubuntu) Importance: Undecided Status: New -- You
[Bug 1086775] Re: bind9 uses high CPU after lucid-precise upgrade
** Description changed: Summary: bind9 uses very high CPU after an upgrade from Lucid to Precise. I have traced this to a directory permissions problem as /var/cache/bind is not writeable by the bind group after an upgrade, but is writeable after a clean install. Ubuntu release: root@dev1-kvm-cluster:~# lsb_release -rd Description: Ubuntu 12.04.1 LTS Release: 12.04 Package version: root@dev1-kvm-cluster:~# apt-cache policy bind9 bind9: - Installed: 1:9.8.1.dfsg.P1-4ubuntu0.4 - Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.4 - Version table: - *** 1:9.8.1.dfsg.P1-4ubuntu0.4 0 - 500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages - 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages - 100 /var/lib/dpkg/status - 1:9.8.1.dfsg.P1-4 0 - 500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages + Installed: 1:9.8.1.dfsg.P1-4ubuntu0.4 + Candidate: 1:9.8.1.dfsg.P1-4ubuntu0.4 + Version table: + *** 1:9.8.1.dfsg.P1-4ubuntu0.4 0 + 500 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages + 500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages + 100 /var/lib/dpkg/status + 1:9.8.1.dfsg.P1-4 0 + 500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages Expected behaviour: Upgrading Lucid-Precise when bind9 is installed does not use 100% CPU Observed behaviour: Upgrading Lucid-Precise when bind9 is installed - does not use 100% CPU + uses 100% CPU Root cause: On an upgraded machine: root@dev1-kvm-cluster:~# ls -la /var/cache/bind total 8 drwxr-xr-x 2 root bind 4096 Jun 5 2012 . drwxr-xr-x 14 root root 4096 Dec 5 10:18 .. On a clean install of Precise: amb@adamant:~$ ls -la /var/cache/bind total 16 drwxrwxr-x 2 root bind 4096 Dec 4 21:00 . drwxr-xr-x 8 root root 4096 Dec 3 20:54 .. -rw-r--r-- 1 bind bind 698 Dec 4 21:00 managed-keys.bind -rw-r--r-- 1 bind bind 512 Dec 4 21:00 managed-keys.bind.jnl Workaround: # chmod 775 /var/cache/bind # service bind9 restart Logs from the upgraded machine (see 'working directory not writeable' and 'permission denied') 05-Dec-2012 12:23:35.719 found 2 CPUs, using 2 worker threads 05-Dec-2012 12:23:35.720 using up to 4096 sockets 05-Dec-2012 12:23:35.726 loading configuration from '/etc/bind/named.conf' 05-Dec-2012 12:23:35.727 reading built-in trusted keys from file '/etc/bind/bind.keys' 05-Dec-2012 12:23:35.727 using default UDP/IPv4 port range: [1024, 65535] 05-Dec-2012 12:23:35.728 using default UDP/IPv6 port range: [1024, 65535] 05-Dec-2012 12:23:35.729 listening on IPv6 interfaces, port 53 05-Dec-2012 12:23:35.731 listening on IPv4 interface lo, 127.0.0.1#53 05-Dec-2012 12:23:35.732 listening on IPv4 interface eth0, 10.40.0.5#53 05-Dec-2012 12:23:35.734 listening on IPv4 interface eth1, 10.157.128.1#53 05-Dec-2012 12:23:35.735 listening on IPv4 interface eth1, 10.161.208.1#53 05-Dec-2012 12:23:35.736 listening on IPv4 interface eth0.60, 10.157.16.12#53 05-Dec-2012 12:23:35.738 generating session key for dynamic DNS 05-Dec-2012 12:23:35.738 sizing zone task pool based on 7 zones 05-Dec-2012 12:23:35.744 using built-in root key for view _default 05-Dec-2012 12:23:35.744 set up managed keys zone for view _default, file 'managed-keys.bind' 05-Dec-2012 12:23:35.744 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones 05-Dec-2012 12:23:35.744 automatic empty zone: 254.169.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 2.0.192.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 100.51.198.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 113.0.203.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: D.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 8.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 9.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: A.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: B.E.F.IP6.ARPA 05-Dec-2012 12:23:35.744 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA 05-Dec-2012 12:23:35.749 command channel listening on 127.0.0.1#953 05-Dec-2012 12:23:35.749 command channel listening on ::1#953 05-Dec-2012 12:23:35.749 the working directory is not writable 05-Dec-2012 12:23:35.749 ignoring config file logging statement due to -g option 05-Dec-2012 12:23:35.750 zone 0.in-addr.arpa/IN: loaded serial 1 05-Dec-2012 12:23:35.750 zone 157.10.in-addr.arpa/IN: loaded
[Bug 1086775] Re: bind9 uses high CPU after lucid-precise upgrade
The server concerns was automatically installed from a CD-ROM built from Ubuntu sources and (in respect of bind) it has only had automatic updates run on it. I am very confident it was not operator error. It was upgraded with 'do-release-upgrade'. I can tell you I am not the only person experiencing this. See for instance: http://ubuntuforums.org/showthread.php?t=1971471 https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1038199 (same root cause I'm guessing) I would have thought that given 1 people are seeing this, a chmod in the postinst file would do no harm. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1086775 Title: bind9 uses high CPU after lucid-precise upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086775] Re: bind9 uses high CPU after lucid-precise upgrade
Well I'm pretty sure the problem is this. I've just gone to another (unconnected) Lucid box, and: root@extility-developers:~# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 10.04.4 LTS Release:10.04 Codename: lucid root@extility-developers:~# ls -ln /etc/bind/rndc.key -rw-r- 1 103 108 77 2012-06-14 14:23 /etc/bind/rndc.key See rndc.key is owned by UID 103, which is not equal to 0. So the Precise postinst script does not do the chmod. You may not have received reports because bind actually works, just uses high CPU. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1086775 Title: bind9 uses high CPU after lucid-precise upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086775] Re: bind9 uses high CPU after lucid-precise upgrade
OK so my working hypothesis is this. On Lucid /var/cache/bind is created simply by virtue of it being a directory within the package (see the bind9.list file). The group write permission is added by the postinst. If the Lucid package was installed, then removed, then installed again, the following happens: 1. the first install would create /var/cache/bind with whatever ownership is in the package, and also /etc/bind/rndc.key with root ownership. The postinst thens runs and fixes the group write permission on /var/cache/bind. 2. the removal would delete /var/cache/bind as it is not a conffile, but not /etc/bind/rndc.key 3. the second install would create /var/cache/bind again with (possibly) the wrong permissions, and the postinst script would not fix it. This probably doesn't go wrong in Lucid because nothing writes to the cache directory and/or bind survives without the cache. It's certainly empty here on our Lucid boxes pre upgrade to Precise. But the Precise upgrade requires to write there, and then dies. The above would happen (AFAICT) if *ANY* version ever released of the Lucid bind9.deb had broken permissions, as subsequent upgrades would not fix it. The problem with only fixing permissions if some rather random file in /etc/ is owned by root is it is inherently fragile. Is there any reason why the bind cache directory should ever not be writeable by the group that owns it? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1086775 Title: bind9 uses high CPU after lucid-precise upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086775] Re: bind9 uses high CPU after lucid-precise upgrade
To follow this up, the .deb at least on Lucid does NOT have the write permission set. amb@nimrod-ubuntu:~/bind-test$ dpkg -c bind9_9.7.0.dfsg.P1-1ubuntu0.8_amd64.deb | fgrep cache drwxr-xr-x root/root 0 2012-10-09 14:13 ./var/cache/ drwxr-xr-x root/root 0 2012-10-09 14:13 ./var/cache/bind/ I've tried this on a pristine Precise box and it doesn't go wrong because Precise does not remove /var/cache/bind as it is populated (unlike on at least some Lucid installs). However, if I manually remove the cache directory, it does go wrong: root@adamant:~# dpkg --list bind9 Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii bind9 1:9.8.1.dfsg.P Internet Domain Name Server root@adamant:~# ls -lnd /var/cache/bind /etc/bind/rndc.key -rw-r- 1 103 108 77 Dec 3 20:56 /etc/bind/rndc.key drwxrwxr-x 2 0 108 4096 Dec 4 21:00 /var/cache/bind root@adamant:~# aptitude remove bind9 The following packages will be REMOVED: bind9 0 packages upgraded, 0 newly installed, 1 to remove and 0 not upgraded. Need to get 0 B of archives. After unpacking 963 kB will be freed. (Reading database ... 47095 files and directories currently installed.) Removing bind9 ... * Stopping domain name service... bind9 waiting for pid 859 to die ...done. Processing triggers for ufw ... Processing triggers for ureadahead ... ureadahead will be reprofiled on next reboot Processing triggers for man-db ... root@adamant:~# ls -lnd /var/cache/bind /etc/bind/rndc.key -rw-r- 1 103 108 77 Dec 3 20:56 /etc/bind/rndc.key drwxrwxr-x 2 0 108 4096 Dec 5 19:13 /var/cache/bind root@adamant:~# ls -la /var/cache/bind total 16 drwxrwxr-x 2 root bind 4096 Dec 5 19:13 . drwxr-xr-x 8 root root 4096 Dec 3 20:54 .. -rw-r--r-- 1 bind bind 698 Dec 4 21:00 managed-keys.bind -rw-r--r-- 1 bind bind 512 Dec 4 21:00 managed-keys.bind.jnl root@adamant:~# rm -rf /var/cache/bind root@adamant:~# aptitude install bind9 The following NEW packages will be installed: bind9 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 343 kB of archives. After unpacking 963 kB will be used. Get: 1 http://gb.archive.ubuntu.com/ubuntu/ precise-updates/main bind9 amd64 1:9.8.1.dfsg.P1-4ubuntu0.4 [343 kB] Fetched 343 kB in 0s (621 kB/s) Preconfiguring packages ... Selecting previously unselected package bind9. (Reading database ... 47062 files and directories currently installed.) Unpacking bind9 (from .../bind9_1%3a9.8.1.dfsg.P1-4ubuntu0.4_amd64.deb) ... Processing triggers for man-db ... Processing triggers for ureadahead ... Processing triggers for ufw ... Setting up bind9 (1:9.8.1.dfsg.P1-4ubuntu0.4) ... * Starting domain name service... bind9 ...done. root@adamant:~# ls -lnd /var/cache/bind /etc/bind/rndc.key -rw-r- 1 103 108 77 Dec 3 20:56 /etc/bind/rndc.key drwxr-xr-x 2 0 0 4096 Oct 9 14:06 /var/cache/bind -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1086775 Title: bind9 uses high CPU after lucid-precise upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1086775] Re: bind9 uses high CPU after lucid-precise upgrade
Robie, No problem - I'm just glad I wasn't imagining it. I agree the 100% CPU problem can't be reproduced on precise. To be honest I don't quite understand why /var/cache/bind isn't in /var/run (given it's a cache) but I may be wrong about that. Alex -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to bind9 in Ubuntu. https://bugs.launchpad.net/bugs/1086775 Title: bind9 uses high CPU after lucid-precise upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1086775/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 961226] [NEW] cloud-init should run resize2fs in the background
Public bug reported: cloud-init should run resize2fs in the background. In a development environment I am looking at, the resize takes 2 minutes. Scott Moser pointed out that as it runs on a mounted file system, there is no reason not to complete the boot process whilst it runs. ** Affects: cloud-init (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/961226 Title: cloud-init should run resize2fs in the background To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/961226/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 961240] Re: cloud-init does not run grub on PV Xen and KVM has issues
** Patch added: untested patch to fix loop over devices https://bugs.launchpad.net/bugs/961240/+attachment/2910439/+files/cc_grub_dpkg.py.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/961240 Title: cloud-init does not run grub on PV Xen and KVM has issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/961240/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 961240] [NEW] cloud-init does not run grub on PV Xen and KVM has issues
Public bug reported: On paravirtualised Xen, cloud-init will not rerun grub. KVM may also have issues. The problem is at: http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/cloudinit/CloudConfig/cc_grub_dpkg.py line 47. The 'if' condition at line 36 handles the case where a block major device is presented as /dev/sda1 (or /dev/xvda1), which it detects by the absence of /dev/sda or /dev/xvda (as appropriate). This takes into account the odd EC2 way of doing things. The else condition at line 42 is run in a non-EC2 mode, where either the block major itself is a filing system, or the block major contains a partition table. The for loop at line 47 then runs through 'all' the first block minor devices (i.e. first partitions), then (if it fails to find any) the block majors. The first issue is that running on Xen on HVM with PV drivers, the emulated device is PCI unplugged early in the boot sequence, so there is no /dev/sda or /dev/sda1, just /dev/xvda and /dev/xvda1. Line 47 will thus not pick this up. /dev/xvda and /dev/xvda1 should thus be added to this line. The second issue is that I /think/ /dev/vda should be listed before /dev/sda, and /dev/vda1 before /dev/sda1. This is because running on kvm, both devices will appear under some circumstances (e.g. where the cloud provider cannot determine whether the OS has PV drivers or not so provides both emulated and PV drevice), and I think it's desirable that grub thinks it is installing on the virtual device /dev/vda1. IE I think the line should be: for dev in (/dev/xvda, /dev/vda, /dev/sda, /dev/xvda1, /dev/vda1, /dev/sda1): Complete untested patch attached. ** Affects: cloud-init (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/961240 Title: cloud-init does not run grub on PV Xen and KVM has issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/961240/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 961226] Re: cloud-init should run resize2fs in the background
The particular development platform I was trying this has an I/O speed about the same as a floppy disk drive, so this is perhaps not as important as one might think. However, it might still be useful as a feature to speed up boot time. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/961226 Title: cloud-init should run resize2fs in the background To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/961226/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
We have Maverick running in Xen quite extensively. We use debootstrap images with normal grub (not pvgrub), i.e. we are passing a full HD image to Xen (and I know we aren't the only ones to do this). We do however modify /etc/fstab etc., and aren't using -virtual (I think we use -server) precisely because of this sort of problem. It would be nice to have it in Maverick, but (data point with sample size 1) for use the most important releases to work are the latest LTS (Lucid) and the latest non-LTS (Natty). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/684875/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 724601] Re: UEC images should disable udev persistent net rules
No, these are different bugs I think, though they relate to the same sort of issue. Bug 726635 says that even on conventional (non-UEC) images, MAC addresses ranges used by Virtualbox should be ignored in the persistent udev rules. That's fair enough, though I note Xen and KVM were treated differently last time I looked (Xen is triggered by subsystem, which fails to match HVM emulated net devices but matches PV on HVM devices). This bug says that on a UEC image, then by definition ANY udev persistent net rules handling is unnecessary and can only cause problems. The net interfaces are ALWAYS virtual, and may do things which are unexpected and undesirable in certain environments. An example is where the image comes up with a different MAC address when booted on a different compute node/cluster that provides a different MAC range; this is just about guaranteed to happen if you move an image with a persistent boot disk between one cloud and another. Another example of it causing problems is running on older Xen (see above). So on the UEC image persistent interface naming should always be disabled, irrespective of MAC address whitelist and subsystem checking (which is not reliable). I believe Scott Moser at Canonical has had problems too (I'm not sure precisely what); he encouraged me to report this so he may be able to add detail. A less drastic alternative to completely disabling it would be to look at something in /etc/defaults which could then be used by people running non-UEC images on virtual systems too. I'm not sufficiently familiar with udev language to know how that could be incorporated into lib/udev/rules.d/75-persistent-net-generator.rules -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/724601 Title: UEC images should disable udev persistent net rules -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 724601] Re: UEC images should disable udev persistent net rules
From the manpage of udev: Rule files are required to have a unique name, duplicate file names are ignored. Files in /etc/udev/rules.d/ have precedence over files with the same name in /lib/udev/rules.d/. This can be used to ignore a default rules file if needed.. Untested, but perhaps on UEC images, creating an /etc/udev/rules.d/75 -persistent-net-generator.rules (NOT 70-persistent-net.rules) which essentially empty would do the trick. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/724601 Title: UEC images should disable udev persistent net rules -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 724601] Re: UEC images should disable udev persistent net rules
Further example of why this is needed: see my comment on Bug 726635. VirtualBox appears to use a borrowed MAC range, rather than an officiant assignment. That means it's probably not a great idea to use that MAC address range as a basis for black/whitelisting. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/724601 Title: UEC images should disable udev persistent net rules -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 724601] [NEW] UEC images should disable udev persistent net rules
Public bug reported: Binary package hint: cloud-init Persistent interface naming should be disabled in UEC images, as it causes more harm that good. Firstly, cloud systems generally expect the interfaces to be created in the order they are created in the hypervisor. Renaming them (particularly when some images are persistent, and some are not) is confusing. Secondly, it causes inconsistency, in that the Xen pv interfaces (for instance) are ignored, whereas the kvm ones aren't. Thirdly, it causes terrible problems (read unbootable machines) on old Xen (and perhaps newer Xen), where the same interface appears twice - once as an emulated HVM interface, and one as a PV on HVM interface each with the same MAC address. That makes for confusion, particularly given one subsystem is ignored and one isn't. Essentially the interfaces constantly rename. The (very easy) solution is to disable persistent net interface renaming. ** Affects: cloud-init (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/724601 Title: UEC images should disable udev persistent net rules -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
I have tested this on Xen 3.3.1 in HVM mode and now correctly get /dev/xvda etc. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
Further notes: 1. non-ubuntu specific: to get HVM devices to work on Xen pre 3.4.something, you need to use emulunplug=unnecessary or perhaps emulunplug=unnecessary,all on the command line. Otherwise Xen's non- support of PCI unplug means that failure to unplug the emulated devices stops the HVM devices initialising. 2. It is desirable that if both devices come up, /dev/block/byuuid/... maps to /dev/xvdX not /dev/sdX if mount by UUID is to work. I haven't yet checked this. It requires module init order to be right. I'm not sure you can work around this by blacklisting sd_mod as I think sd is built in. I have some patches to allow early init of old style xen block devices somewhere which I might be able to dig out. 3. historical experience tells us that having 2 NICs (emulated and not) with the same Mac address confuses udev fatally. In general in a virtual environment you don't want udev renaming NICs anyway, so start up scripts should remove this. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
xen-devel thread is here: http://www.gossamer-threads.com/lists/xen/devel/192003 I've been asked to point out there are really two problems: 1. If the emulated devices (i.e. the real sda) is not unplugged, there is a device name clash. The emulated devices cannot be unplugged on xen 3.3 (because it doesn't support it), but unless you pass unplug=unnecessary, it won't actually allow the PV drivers, so you lose PV support. On 3.4 and onwards you might pass unplug=unnecessary anyway to get consistent device mapping with xen 2.6.18 supplied kernel, in which case you will get the device name clash. 2. Even if the unplugging works, you then get inconsistent device mapping, because both mainline, 2.6.18 and everything else expect to see virtual devices under /dev/xvda, not /dev/sda, so although you won't get the clash (i.e. the failure to register the device), the device will have an unexpected name which can and will break stuff. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
My understanding is that the patch currently applies to all kernel variants, so has the potential to cause problems for: * Anyone running Xen versions pre 3.4 * Anyone running any version of Xen hoping for stable device naming between Ubuntu kernels and any others (e.g. mainline, Debian , the kernels provided by Xen/Citrix, other PV driver enabeld kernels they run etc. etc.) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684804] [NEW] cloud-init should fetch image-data as well as user-data
Public bug reported: Binary package hint: cloud-init cloud-init should fetch data specific to the image (and the platform) prior to fetching user-data, and treat it the same way. It should be an objective of ubuntu cloud images that they will run on multiple cloud platforms without customization. As cloud platforms differ, if the image is not customized, it is necessary for the image to perform certain platform-specific operations on first boot. These tend to be image specific too. An example would be to map PV driver disks. Currently cloud-init sucks down and run a user-data script if supplied. It gets this by default by reading http://169.254.169.254/user-data Cloud platform providers cannot provide data there because there is no agreed format for user-data (i.e. not every user uses the MIME format ubuntu's cloud-init uses), meaning that (a) we would corrupt the user-data blob, and (b) even prepending another MIME part, we'd run into problems with bad MIME etc. It is suggested that instead cloud-init FIRST gets a user-data script from http://169.254.169.254/image-data or similar. This would be platform specific data (as opposed to instance specific data) that would be run first. This could do platform specific stuff (for instance, change UUID, use custom first password code, disable bits of udev, and so forth). Added to the end of the URL would be GET parameters describing the operating system type, release, etc. that could be used to help the platform provider interpret what they should send down (although this could form part of the metadata of the image itself, in a situation where a server is e.g. installed manually on a blank disk it won't be there). This should be a pretty trivial addition to cloud-init. ** Affects: cloud-init (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684804 Title: cloud-init should fetch image-data as well as user-data -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
EC2 specifies 'root=sda1' on the kernel command line. EC2 should fix that then, as it's plain wrong. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 684875] Re: Patch to Natty 2.6.37-virtual breaks non-EC2 users
Though a compromise solution would be to register as sda only if the unplug of the original sda device succeeded / is going to be tried. Otherwise it's just going to cause a kernel bug. I think xen_unplug_emulated_devices() is called sufficiently early you could choose the name when the driver is init'ed, so something like the attached patch (completely untested, may not even compile). But even so, if you rename the xen block device, you will be running /dev/sdX with a non-standard block major and block minor number (you are not changing the block major / minor numbers). I can't help but think that's a recipe for disaster. ** Patch added: completely untested illustrative patch for dynamically chosing name of device https://bugs.launchpad.net/ubuntu/+source/linux/+bug/684875/+attachment/1754610/+files/blkfront.devname.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in ubuntu. https://bugs.launchpad.net/bugs/684875 Title: Patch to Natty 2.6.37-virtual breaks non-EC2 users -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 400349] Re: dhclient-script fails with apparmor
This bug appears in Jaunty if a new kernel is loaded - strace below. Is it really working as designed if loading a new kernel causes dhcp to fail? 508 execve(/sbin/dhclient-script, [/sbin/dhclient-script], [/* 4 vars */]) = 0 2508 brk(0)= 0x215c000 2508 fcntl(0, F_GETFD) = 0 2508 fcntl(1, F_GETFD) = 0 2508 fcntl(2, F_GETFD) = 0 2508 access(/etc/suid-debug, F_OK) = -1 ENOENT (No such file or directory) 2508 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5fa3e92000 2508 access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such file or directory) 2508 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5fa3e9 2508 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such file or directory) 2508 open(/etc/ld.so.cache, O_RDONLY) = -1 EACCES (Permission denied) 2508 open(/lib/tls/x86_64/libncurses.so.5, O_RDONLY) = -1 ENOENT (No such file or directory) 2508 stat(/lib/tls/x86_64, 0x7fffa0d10530) = -1 ENOENT (No such file or directory) 2508 open(/lib/tls/libncurses.so.5, O_RDONLY) = -1 ENOENT (No such file or directory) 2508 stat(/lib/tls, 0x7fffa0d10530) = -1 ENOENT (No such file or directory) 2508 open(/lib/x86_64/libncurses.so.5, O_RDONLY) = -1 ENOENT (No such file or directory) 2508 stat(/lib/x86_64, 0x7fffa0d10530) = -1 ENOENT (No such file or directory) 2508 open(/lib/libncurses.so.5, O_RDONLY) = -1 EACCES (Permission denied) -- dhclient-script fails with apparmor https://bugs.launchpad.net/bugs/400349 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
