[Bug 1561019] [NEW] copied cpu flags don't match host cpu
Public bug reported: Using wily (libvirt 1.2.16-2ubuntu11.15.10.3) in a AMD FX-8350 nested KVM doesn't work, unless in the definition of the vm the cpu is configured with mode='host-passthrough', for other CPUs the manifestation could be different. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: libvirt-bin 1.2.16-2ubuntu11.15.10.3 ProcVersionSignature: Ubuntu 4.2.0-34.39-generic 4.2.8-ckt4 Uname: Linux 4.2.0-34-generic x86_64 NonfreeKernelModules: nvidia ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 Date: Wed Mar 23 11:20:11 2016 InstallationDate: Installed on 2014-12-06 (472 days ago) InstallationMedia: Ubuntu 14.10 "Utopic Unicorn" - Release amd64 (20141022.1) SourcePackage: libvirt UpgradeStatus: Upgraded to wily on 2016-03-08 (14 days ago) modified.conffile..etc.apparmor.d.usr.lib.libvirt.virt.aa.helper: [modified] modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu/networks/default.xml'] mtime.conffile..etc.apparmor.d.usr.lib.libvirt.virt.aa.helper: 2016-03-14T13:22:07.751461 ** Affects: libvirt Importance: Unknown Status: Unknown ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug third-party-packages wily ** Bug watch added: Red Hat Bugzilla #870071 https://bugzilla.redhat.com/show_bug.cgi?id=870071 ** Also affects: libvirt via https://bugzilla.redhat.com/show_bug.cgi?id=870071 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1561019 Title: copied cpu flags don't match host cpu To manage notifications about this bug go to: https://bugs.launchpad.net/libvirt/+bug/1561019/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1516989] Re: juju status broken
** Also affects: juju-core (Ubuntu) Importance: Undecided Status: New ** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1516989 Title: juju status broken To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1516989/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1506257] Re: rpcapi version mismatch possible on upgrade
** Tags added: openstack sts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1506257 Title: rpcapi version mismatch possible on upgrade To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1506257/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1475294] Re: mysql 5.5.44, 5.6.25 security update tracking bug
mysql 5.6.25 also fixes CVE-2012-5615[0], quoting from cve.mitre.org[1] : """ Oracle MySQL 5.5.38 and earlier, **5.6.19 and earlier**, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames. """ [0] http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-5615.html [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-5615 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-5.6 in Ubuntu. https://bugs.launchpad.net/bugs/1475294 Title: mysql 5.5.44, 5.6.25 security update tracking bug To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mysql-5.5/+bug/1475294/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
This is fixed in Debian and Wily, so we just need get Vivid fixed, the patch is already attached to this bug report ** Description changed: [Impact] When trying to install python-tempest-lib and python3-tempest-lib in Vivid, I got the following error Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 I would expect to be able to install both packages and be able to run python scripts using version 2 or 3 of the interpreter. The patch renames /usr/bin/skip-tracker generated with '#!/usr/bin/python3.4' shebang to /usr/bin/python3-skip-tracker + + This problem was already fixed in Debian and Wily. [Test Case] To reproduce just run: $ sudo apt-get update $ sudo apt-get install python-tempest-lib python3-tempest-lib Expected result: both packages get installed Actual result: Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 [Regression Potential] None expected. skip-tracker is registered with update-alternatives, so no changes will be done from a user's point of view. [Other Info] None. ** Patch removed: "lp1461573_wily.debdiff" https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409511/+files/lp1461573_wily.debdiff ** Tags removed: package-conflict wily -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: [SRU] Custom vendor data causes cloud-init failure on 0.7.5
The package available in trusty-proposed fixes this bug. $nova console-log 7a2e57a7-df5c-4c61-8f69-c98a41a1de5f ... ubuntu login: Cloud-init v. 0.7.5 running 'modules:final' at Tue, 22 Sep 2015 02:39:29 +. Up 26.16 seconds. 2015-09-22 02:39:30,077 - util.py[WARNING]: Running ssh-authkey-fingerprints () failed ec2: ec2: # ec2: -BEGIN SSH HOST KEY FINGERPRINTS- ec2: -END SSH HOST KEY FINGERPRINTS- ec2: # -BEGIN SSH HOST KEY KEYS- -END SSH HOST KEY KEYS- Cloud-init v. 0.7.5 finished at Tue, 22 Sep 2015 02:39:30 +. Datasource DataSourceOpenStack [net,ver=2]. Up 26.33 seconds $ nova console-log trusty-patched ... Cloud-init v. 0.7.5 running 'modules:final' at Tue, 22 Sep 2015 02:41:53 +. Up 30.54 seconds. ci-info: ++Authorized keys from /home/ubuntu/.ssh/authorized_keys for user ubuntu+++ ci-info: +-+-+-+---+ ci-info: | Keytype |Fingerprint (md5)| Options | Comment | ci-info: +-+-+-+---+ ci-info: | ssh-rsa | bd:37:fc:87:b5:3a:c6:4b:86:cf:ab:e1:29:81:aa:7f |- | Generated-by-Nova | ci-info: +-+-+-+---+ ec2: ec2: # ec2: -BEGIN SSH HOST KEY FINGERPRINTS- ec2: 1024 35:8e:8c:4d:86:ff:2c:a0:01:da:f0:fd:db:dc:da:94 root@trusty-patched (DSA) ec2: 256 72:f7:f1:6e:5d:74:ad:ad:13:25:2a:3f:25:83:8b:5c root@trusty-patched (ECDSA) ec2: 256 33:cb:4f:2a:70:08:30:8f:dc:3e:60:68:1a:19:a9:cc root@trusty-patched (ED25519) ec2: 2048 60:cb:95:fe:11:1f:01:14:fc:44:6e:a6:43:1b:81:31 root@trusty-patched (RSA) ec2: -END SSH HOST KEY FINGERPRINTS- ec2: # -BEGIN SSH HOST KEY KEYS- ecdsa-sha2-nistp256 E2VjZHNhLXNoYTItbmlzdHAyNTYIbmlzdHAyNTYAAABBBGp6OpR/cqHVcQmks95ANFCbgi67E+Opr4CmhOIDZl1zRkT6hwW2qGZa3P0Y9PAisNorgaidbpq+Vfi13MKsV5o= root@trusty-patched ssh-ed25519 C3NzaC1lZDI1NTE5IPy5DB2nOuBzAL+R+0x4xPn3bfdGCSlLgEK1B7PIUzyB root@trusty-patched ssh-rsa B3NzaC1yc2EDAQABAAABAQDCY7NO6k1FBQ27JfcQSuewZ74NNCWhC0ZllDtGi3j/WoQooGn7zRWcY36yibvFu7JP1k9ajrPqUD9P0wlDLhfdSaOzyKWOEqP/pSW2/o1R+o/L7+mOFdZoOblzjd+hHvjkZ+xXMRAn0o/fvRo7kButtKyijscGvUZ8yAFRRNauseJxzsMBBdX0/AWLRNG6LFMjrsWwgooDOwjCNK7tRSU8KulBEGMEMrvnScbNmoDvwYwUZFVK8tW8MSeWH+pbD8GR6rJjSmiTikkH1ChZI6o+A+AkHhVaNoH044Ddea6x3CvwEYO9HXOADmZZfwUgx2cym6V6D/jw4QtqriXCdspf root@trusty-patched -END SSH HOST KEY KEYS- Cloud-init v. 0.7.5 finished at Tue, 22 Sep 2015 02:41:54 +. Datasource DataSourceOpenStack [net,ver=2]. Up 30.81 seconds ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1469260 Title: [SRU] Custom vendor data causes cloud-init failure on 0.7.5 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1469260/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: [SRU] Custom vendor data causes cloud-init failure on 0.7.5
Rebased patch on top of latest cloud-init available in trusty-updates. ** Patch removed: "lp1469260_trusty.debdiff" https://bugs.launchpad.net/cloud-init/+bug/1469260/+attachment/4434870/+files/lp1469260_trusty.debdiff ** Patch added: "lp1469260_trusty.debdiff" https://bugs.launchpad.net/cloud-init/+bug/1469260/+attachment/4460581/+files/lp1469260_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1469260 Title: [SRU] Custom vendor data causes cloud-init failure on 0.7.5 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1469260/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381776] Re: cloud init depends on python-serial but does not declare it
cloud-init from -proposed for precise is pulling in python-serial now, no problems detected after installing this new version ubuntu@foo2:~$ dpkg -l python-serial Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Description +++-===-===-== un python-serial none (no description available) ubuntu@foo2:~$ sudo apt-get install -q cloud-init Reading package lists... Building dependency tree... Reading state information... The following extra packages will be installed: python-serial Suggested packages: python-wxgtk2.8 python-wxgtk2.6 python-wxgtk The following NEW packages will be installed: python-serial The following packages will be upgraded: cloud-init 1 upgraded, 1 newly installed, 0 to remove and 55 not upgraded. Need to get 210 kB of archives. After this operation, 383 kB of additional disk space will be used. Do you want to continue [Y/n]? Get:1 http://archive.ubuntu.com/ubuntu/ precise/main python-serial all 2.5-2.1build1 [74.3 kB] Get:2 http://archive.ubuntu.com/ubuntu/ precise-proposed/main cloud-init all 0.6.3-0ubuntu1.18 [136 kB] Fetched 210 kB in 1s (174 kB/s) Preconfiguring packages ... Selecting previously unselected package python-serial. (Reading database ... 47512 files and directories currently installed.) Unpacking python-serial (from .../python-serial_2.5-2.1build1_all.deb) ... Preparing to replace cloud-init 0.6.3-0ubuntu1.17 (using .../cloud-init_0.6.3-0ubuntu1.18_all.deb) ... Unpacking replacement cloud-init ... Processing triggers for ureadahead ... Setting up python-serial (2.5-2.1build1) ... Setting up cloud-init (0.6.3-0ubuntu1.18) ... Leaving 'diversion of /etc/init/ureadahead.conf to /etc/init/ureadahead.conf.disabled by cloud-init' ubuntu@foo2:~$ dpkg -l python-serial cloud-init Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Description +++-===-===-== ii cloud-init 0.6.3-0ubuntu1.18 Init scripts for cloud instances ii python-serial 2.5-2.1build1 pyserial - module encapsulating access for the serial port ** Tags added: verification-done-precise -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1381776 Title: cloud init depends on python-serial but does not declare it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1381776/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1381776] Re: cloud init depends on python-serial but does not declare it
cloud-init from trusty is already depending on python-serial. Why does it need to get added explicitly? Package: cloud-init Priority: extra Section: admin Installed-Size: 964 Maintainer: Scott Moser smo...@ubuntu.com Architecture: all Version: 0.7.5-0ubuntu1 Replaces: ec2-init ( 0.5.3) Provides: ec2-init Depends: cloud-guest-utils | cloud-utils, ifupdown (= 0.6.10ubuntu5), procps, python (= 2.7), python-requests (= 0.8.2), software-properties-common, debconf (= 0.5) | debconf-2.0, python ( 2.8), python:any (= 2.7.1-0ubuntu2), python-cheetah, python-prettytable, python-oauth, python-serial, python-configobj, python-yaml, python-jsonpatch Recommends: eatmydata Conflicts: ec2-init ( 0.5.3) Filename: pool/main/c/cloud-init/cloud-init_0.7.5-0ubuntu1_all.deb Size: 190622 MD5sum: cc0d636ccbdff6f6969505eb33da29cc SHA1: 05aef5df1b3b7c0f4612b4b08cc5b8931efbf43f SHA256: e669b7b7bc7176219f013c1895e8662640e25e70f7fa0e76ba8333b9244fa397 Description-en: Init scripts for cloud instances Cloud instances need special scripts to run during initialisation to retrieve and install ssh keys and to let the user run various scripts. Description-md5: 8719ef0e4178017b7147590b1fde082e Python-Version: 2.7 Bugs: https://bugs.launchpad.net/ubuntu/+filebug Origin: Ubuntu Supported: 5y Task: cloud-image ubuntu@foo:~$ dpkg -l python-serial Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Architecture Description +++-===---=== ii python-serial 2.6-1build1 all pyserial - module encapsulating access for the serial port ubuntu@foo:~$ sudo apt-get remove python-serial Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: libfreetype6 os-prober Use 'apt-get autoremove' to remove them. The following packages will be REMOVED: cloud-init python-serial 0 upgraded, 0 newly installed, 2 to remove and 99 not upgraded. After this operation, 1,410 kB disk space will be freed. Do you want to continue? [Y/n] ^Cubuntu@foo:~$ dpkg -l cloud-init Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ NameVersion Architecture Description +++-===---=== ii cloud-init 0.7.5-0ubuntu1.5 all Init scripts for cloud instances -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1381776 Title: cloud init depends on python-serial but does not declare it To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1381776/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: Custom vendor data causes cloud-init failure on 0.7.5
Utopic is already EOL, so I'm marking it as Invalid ** Changed in: cloud-init (Ubuntu Utopic) Status: New = Invalid ** Tags added: sts ** Tags added: openstack -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1469260 Title: Custom vendor data causes cloud-init failure on 0.7.5 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1469260/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: Custom vendor data causes cloud-init failure on 0.7.5
cloud-init misbehaves when a vendor data json comes with information that won't be consumed by it, a fix was added in rev 1013[0]. I backported this patch to Trusty and prepared a patched image, having a custom vendor data doesn't break cloud-init functionality. I'll submit a SRU to fix this in Trusty as soon as possible. [0] http://bazaar.launchpad.net/~cloud-init-dev/cloud- init/trunk/revision/1013 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1469260 Title: Custom vendor data causes cloud-init failure on 0.7.5 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1469260/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: Custom vendor data causes cloud-init failure on 0.7.5
** Description changed:
+ [Impact]
+
+ When a vendor data json provides a dictionary without a 'cloud-init'
+ key, cloud-init renders a non functional user-data, so any configuration
+ (i.e. ssh public keys to use) is missed.
+
+ This prevents cloud providers from publishing a vendor data that is not
+ intended to be consumed by cloud-init.
+
+ This patch checks for the existence of 'cloud-init' key and tries to get
+ None, a string or a list as value, if this process fails or cloud-init
+ key is missing the vendor data is set to None.
+
+ [Test Case]
+
+ * deploy an OpenStack cloud (easy right? :) )
+ - the easiest way is to branch
https://code.launchpad.net/~ost-maintainers/openstack-charm-testing/trunk and
run: juju deployer -c default.yaml -d -v -s 10 trusty-kilo
+ * configure vendor data
+ - Edit /etc/nova/nova.conf in neutron-gateway unit(s), include the
following two lines:
+ vendordata_driver=nova.api.metadata.vendordata_json.JsonFileVendorData
+ vendordata_jsonfile_path=/etc/nova/vendordata.json
+ - Create /etc/nova/vendordata.json in neutron-gateway unit(s) with the
following content:
+ {custom: {a: 1, b: [2, 3]}}
+ - Restart nova-api-metadata (sudo service nova-api-metadata restart)
+ * Launch an instance using trusty
+
+ Expected result:
+ - the new instance is launched and is accesible according to the
configuration used
+
+ Actual result:
+ - cloud-init fails to configure the ssh public key
+
+ [Regression Potential]
+
+ * This patch is already part of Vivid and there are no known issues.
+ * This proposed fix was tested with a custom image and no issues were
detected.
+
+ [Other Info]
+
I encountered this issue when adding custom vendor data via nova-
compute. Originally the bug manifested as SSH host key generation
failing to fire when vendor data was present (example vendor data
below).
{msg: , uuid: 4996e2b67d2941818646481453de1efe, users:
[{username: erhudy, sshPublicKeys: [], uuid: erhudy}], name:
TestTenant}
I launched a volume-backed instance, waited for it to fail, then
terminated it and mounted its root volume to examine the logs. What I
found was that cloud-init was failing to process vendor-data into MIME
multipart (note the absence of the line that indicates that cloud-init
is writing vendor-data.txt.i):
2015-06-25 21:41:02,178 - util.py[DEBUG]: Writing to
/var/lib/cloud/instance/obj.pkl - wb: [256] 9751 bytes
2015-06-25 21:41:02,178 - util.py[DEBUG]: Writing to
/var/lib/cloud/instances/65c9fb0c-0700-4f87-a22f-c59534e98dfb/user-data.txt -
wb: [384] 0 bytes
2015-06-25 21:41:02,184 - util.py[DEBUG]: Writing to
/var/lib/cloud/instances/65c9fb0c-0700-4f87-a22f-c59534e98dfb/user-data.txt.i -
wb: [384] 345 bytes
2015-06-25 21:41:02,185 - util.py[DEBUG]: Writing to
/var/lib/cloud/instances/65c9fb0c-0700-4f87-a22f-c59534e98dfb/vendor-data.txt -
wb: [384] 234 bytes
2015-06-25 21:41:02,185 - util.py[DEBUG]: Reading from /proc/uptime
(quiet=False)
After following the call chain all the way down, I found the problematic
code in user_data.py:
# Coverts a raw string into a mime message
def convert_string(raw_data, headers=None):
- if not raw_data:
- raw_data = ''
- if not headers:
- headers = {}
- data = util.decomp_gzip(raw_data)
- if mime-version: in data[0:4096].lower():
- msg = email.message_from_string(data)
- for (key, val) in headers.iteritems():
- _replace_header(msg, key, val)
- else:
- mtype = headers.get(CONTENT_TYPE, NOT_MULTIPART_TYPE)
- maintype, subtype = mtype.split(/, 1)
- msg = MIMEBase(maintype, subtype, *headers)
- msg.set_payload(data)
- return msg
+ if not raw_data:
+ raw_data = ''
+ if not headers:
+ headers = {}
+ data = util.decomp_gzip(raw_data)
+ if mime-version: in data[0:4096].lower():
+ msg = email.message_from_string(data)
+ for (key, val) in headers.iteritems():
+ _replace_header(msg, key, val)
+ else:
+ mtype = headers.get(CONTENT_TYPE, NOT_MULTIPART_TYPE)
+ maintype, subtype = mtype.split(/, 1)
+ msg = MIMEBase(maintype, subtype, *headers)
+ msg.set_payload(data)
+ return msg
raw_data in the case that is failing is a dictionary rather than the
expected string, so slicing into data causes a TypeError: unhashable
type exception.
I think this bug was fixed after a fashion in 0.7.7, where the call to
util.decomp_gzip() is now wrapped by util.decode_binary(), which appears
to always return a string.
** Summary changed:
- Custom vendor data causes cloud-init failure on 0.7.5
+ [SRU] Custom vendor data causes cloud-init failure on 0.7.5
** Patch added: lp1469260_trusty.debdiff
https://bugs.launchpad.net/cloud-init/+bug/1469260/+attachment/4434870/+files/lp1469260_trusty.debdiff
** Changed in: cloud-init (Ubuntu Trusty)
Status: New = In
[Bug 1456335] Re: neutron-vpn-netns-wrapper missing in Ubuntu Package
** Bug watch added: Debian Bug tracker #793421 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793421 ** Also affects: neutron-vpnaas (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793421 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to neutron-vpnaas in Ubuntu. https://bugs.launchpad.net/bugs/1456335 Title: neutron-vpn-netns-wrapper missing in Ubuntu Package To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1456335/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: Custom vendor data causes cloud-init failure on 0.7.5
A vendor data file should be a dict with a cloud-init key and the value
for that key is expected to be a string or a list[0], the docs provide a
simple example[1]
Here is another example that will add a user called cloudy, upgrade the
system and install htop:
{cloud-init: #cloud-config\nusers:\n - name: cloudy\n ssh-import-
id: cloudy\npackage_upgrade: True\npackages:\n - htop}
So a yaml cloud-config compatible has to be passed a string.
[0]
http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/cloudinit/sources/helpers/openstack.py#L470
[1]
http://cloudinit.readthedocs.org/en/latest/topics/datasources.html?highlight=vendor#vendor-data
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1469260
Title:
Custom vendor data causes cloud-init failure on 0.7.5
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1469260/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469260] Re: Custom vendor data causes cloud-init failure on 0.7.5
** Changed in: cloud-init (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/1469260 Title: Custom vendor data causes cloud-init failure on 0.7.5 To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1469260/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1456335] Re: neutron-vpn-netns-wrapper missing in Ubuntu Package
** Also affects: neutron-vpnaas (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to neutron-vpnaas in Ubuntu. https://bugs.launchpad.net/bugs/1456335 Title: neutron-vpn-netns-wrapper missing in Ubuntu Package To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1456335/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1469744] Re: [needs-packaging] 1.22.6 is not packaged in trusty
Curtis, is this version going to be proposed for vivid as well to make sure there is a proper upgrade path across series? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1469744 Title: [needs-packaging] 1.22.6 is not packaged in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju-core/+bug/1469744/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319145] Re: cannot use openstack python client libraries from python3
** Changed in: python-keystoneclient (Ubuntu) Assignee: Felipe Reyes (freyes) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1319145 Title: cannot use openstack python client libraries from python3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova-adminclient/+bug/1319145/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319145] Re: cannot use openstack python client libraries from python3
** Changed in: python-keystoneclient (Ubuntu) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1319145 Title: cannot use openstack python client libraries from python3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova-adminclient/+bug/1319145/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] [NEW] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
Public bug reported: When trying to install python-tempest-lib and python3-tempest-lib in Vivid, I got the following error Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 I would expect to be able to install both packages and be able to run python scripts using version 2 or 3 of the interpreter. ** Affects: python-tempest-lib (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
** Changed in: python-tempest-lib (Ubuntu) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1319145] Re: cannot use openstack python client libraries from python3
** Also affects: python-keystoneclient (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1319145 Title: cannot use openstack python client libraries from python3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova-adminclient/+bug/1319145/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
** Summary changed: - trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib + [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
Attaching patch for wily ** Description changed: - When trying to install python-tempest-lib and python3-tempest-lib in - Vivid, I got the following error + [Impact] + + When trying to install python-tempest-lib and python3-tempest-lib in Vivid, I + got the following error Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 - I would expect to be able to install both packages and be able to run - python scripts using version 2 or 3 of the interpreter. + I would expect to be able to install both packages and be able to run python + scripts using version 2 or 3 of the interpreter. + + The patch renames /usr/bin/skip-tracker generated with '#!/usr/bin/python3.4' + shebang to /usr/bin/python3-skip-tracker + + [Test Case] + + To reproduce just run: + + $ sudo apt-get update + $ sudo apt-get install python-tempest-lib python3-tempest-lib + + Expected result: both packages get installed + + Actual result: + Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... + dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): + trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 + + + [Regression Potential] + + Users that only installed python3-tempest-lib and are using + /usr/bin/skip-tracker expecting it's run with python3 will have to use + /usr/bin/python3-skip-tracker instead. This is already the case for + /usr/bin/subunit-trace + + [Other Info] + + None. ** Patch added: lp1461573_wily.debdiff https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409198/+files/lp1461573_wily.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
Attaching patch for vivid ** Patch added: lp1461573_vivid.debdiff https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409199/+files/lp1461573_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461753] [NEW] python3-stevedore doesn't have the stevedore for python3
Public bug reported: The package python3-stevedore doesn't contain the code, list of files: $ dpkg -L python3-stevedore /. /usr /usr/share /usr/share/doc /usr/share/doc/python3-stevedore /usr/share/doc/python3-stevedore/copyright /usr/share/doc/python3-stevedore/changelog.Debian.gz Test case: $ sudo apt-get install python3-stevedore $ python3 -c 'import stevedore' Traceback (most recent call last): File string, line 1, in module ImportError: No module named 'stevedore' While for python2 works fine. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: python3-stevedore 1.3.0-0ubuntu1 Uname: Linux 4.0.0-999-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: amd64 Date: Thu Jun 4 01:43:28 2015 InstallationDate: Installed on 2015-03-26 (69 days ago) InstallationMedia: Ubuntu 14.10 Utopic Unicorn - Release amd64 (20141022.1) PackageArchitecture: all SourcePackage: stevedore UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: stevedore (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug vivid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to stevedore in Ubuntu. https://bugs.launchpad.net/bugs/1461753 Title: python3-stevedore doesn't have the stevedore for python3 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/stevedore/+bug/1461753/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
My bad, I just realized that subunit-trace uses alternatives, I'll update my patches. ** Patch removed: lp1461573_wily.debdiff https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409198/+files/lp1461573_wily.debdiff ** Patch removed: lp1461573_vivid.debdiff https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409199/+files/lp1461573_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
** Patch added: lp1461573_vivid.debdiff https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409510/+files/lp1461573_vivid.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
** Patch added: lp1461573_wily.debdiff https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+attachment/4409511/+files/lp1461573_wily.debdiff ** Description changed: [Impact] When trying to install python-tempest-lib and python3-tempest-lib in Vivid, I got the following error Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): - trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 + trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 I would expect to be able to install both packages and be able to run python scripts using version 2 or 3 of the interpreter. The patch renames /usr/bin/skip-tracker generated with '#!/usr/bin/python3.4' shebang to /usr/bin/python3-skip-tracker [Test Case] To reproduce just run: $ sudo apt-get update $ sudo apt-get install python-tempest-lib python3-tempest-lib Expected result: both packages get installed Actual result: Unpacking python3-tempest-lib (0.4.0-0ubuntu1) ... dpkg: error processing archive /var/cache/apt/archives/python3-tempest-lib_0.4.0-0ubuntu1_all.deb (--unpack): - trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 + trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib 0.4.0-0ubuntu1 + [Regression Potential] - [Regression Potential] - - Users that only installed python3-tempest-lib and are using - /usr/bin/skip-tracker expecting it's run with python3 will have to use - /usr/bin/python3-skip-tracker instead. This is already the case for - /usr/bin/subunit-trace + None expected. skip-tracker is registered with update-alternatives, so + no changes will be done from a user's point of view. [Other Info] None. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1461573] Re: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib
Dear Maintainers, I was taking a look to the debian package and it uses update- alternatives to handle skip-tracker and subunit-trace[0], should I pursue a patch to follow that same behavior? or do you pretend to re- sync the package with Debian during this cycle (wily)? Best, [0] http://anonscm.debian.org/cgit/openstack/python-tempest- lib.git/tree/debian/python3-tempest-lib.postinst -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-tempest-lib in Ubuntu. https://bugs.launchpad.net/bugs/1461573 Title: [SRU] trying to overwrite '/usr/bin/skip-tracker', which is also in package python-tempest-lib To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-tempest-lib/+bug/1461573/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434150] Re: [SRU] missing (anti) affinity support
** Changed in: python-novaclient (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1434150 Title: [SRU] missing (anti) affinity support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
** Changed in: openldap (Ubuntu Precise) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Utopic) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: openldap (Ubuntu Vivid) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
Marc,
I tested these patches against two scenarios: 1) single node with
default configuration and phpldapadmin, 2) a two nodes scenario, 1 node
configures a relay and translucent proxy and connects to the second one
which has a default configuration. For details of each configuration
please see at the end.
Is there any specific configuration that you would like me to test?.
Best,
SCENARIO 1, this is a single node configuration running a default
configuration and phpldapadmin
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
sudo dpkg-reconfigure slapd
# Omit OpenLDAP server configuration? No
# DNS domain? ldap.example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo apt-get install -y phpldapadmin
sudo sed -i s/127.0.0.1/10.0.3.196/ /etc/phpldapadmin/config.php
sudo sed -i s/dc=example,dc.com/dc=ldap,dc=example,dc=com/
/etc/phpldapadmin/config.php
sudo service apache2 restart
cat EOF /tmp/foo.ldif
dn: ou=People,dc=ldap,dc=example,dc=com
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=ldap,dc=example,dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: uid=user1,ou=People,dc=ldap,dc=example,dc=com
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}Az/RBEIomiu0c
shadowLastChange: 15192
shadowMin: 0
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/user1
dn: cn=user1,ou=Group,dc=ldap,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
gidNumber: 1001
EOF
ldapadd -x -w ubuntu -D cn=admin,dc=ldap,dc=example,dc=com -f /tmp/foo.ldif
ldapsearch -x -w ubuntu -D cn=admin,dc=ldap,dc=example,dc=com -b
dc=ldap,dc=example,dc=com | tail -n1 | egrep -e '# numEntries: 6$' || echo
ERROR adding ldif
sensible-browser http://$IP/phpldapadmin
# login and check entries created with phpldapadmin
#+END_SRC
SCENARIO 2: this is a 2 nodes setup, one of the nodes configures a relay and a
translucent proxy.
node 1 config:
#+BEGIN_SRC shell
echo 10.0.3.240 ldap.example.com | sudo tee -a /etc/hosts # IP of node number
2
sudo apt-get install -y slapd ldap-utils
cat EOF /etc/ldap/slapd.conf
pidfile /var/run/slapd.pid
TLSCACertificateFile/etc/ssl/certs/ca-certificates.crt
modulepath /usr/lib/ldap
moduleload back_hdb.la
moduleload back_relay.la
moduleload back_ldap.la
moduleload rwm.la
moduleload translucent.la
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/openldap.schema
accessto attrs=userPassword by * auth
accessto * by * read
backend hdb
backend relay
database hdb
directory /var/lib/ldap
suffixdc=foo,dc=example,dc=com
rootdncn=admin,dc=foo,dc=example,dc=com
rootpwubuntu
index objectClass eq
database relay
suffixdc=example,dc=com
overlay rwm
rwm-suffixmassage dc=foo,dc=example,dc=com
overlay translucent
uri ldap://ldap.example.com
EOF
sudo slaptest -f /etc/ldap/slapd.conf -F /etc/ldap/slapd.d
sudo chown -R openldap: /etc/ldap/slapd.d
sudo touch /var/run/slapd.pid
sudo chown openldap: /var/run/slapd.pid
sudo service slapd restart
#+END_SRC
node 2 (ldap.example.com) configuration:
#+BEGIN_SRC shell
sudo apt-get install -y slapd ldap-utils
# Omit OpenLDAP server configuration? No
# DNS domain? example.com
# Organization name? example
# Administrator password? ubuntu
# Database backend to use? HDB
# Remove the database when slapd is purged? No
# Move old database? Yes
# Allow LDAPv2 protocol? No
sudo service slapd restart
cat EOF /tmp/enable-debug
# config
dn: cn=config
changetype: modify
replace:olcLogLevel
olcLogLevel: 7
EOF
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f /tmp/enable-debug
# create a few records
cat EOF /tmp/foo.ldif
dn: ou=People,dc=example,dc=com
ou: People
description: All people
objectClass: top
objectClass: organizationalUnit
dn: ou=Group,dc=example,dc=com
ou: Group
description: All groups
objectClass: top
objectClass: organizationalUnit
dn: uid=user1,ou=People,dc=example,dc=com
uid: user1
cn: user1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {CRYPT}Az/RBEIomiu0c
shadowLastChange: 15192
shadowMin: 0
shadowMax: 9
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/users/user1
dn: cn=user1,ou=Group,dc=example,dc=com
objectClass: posixGroup
objectClass: top
cn: user1
userPassword: {crypt}x
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
Patch for utopic to fix CVE-2013-4449 and CVE-2015-1545 ** Patch added: lp1446809_utopic.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400528/+files/lp1446809_utopic.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
Patch for trusty to fix CVE-2013-4449 and CVE-2015-1545 ** Patch added: lp1446809_trusty.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400527/+files/lp1446809_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1450043] Re: spice package for trusty contains a malformed patch
The patches can be applied and removed now ubuntu@trusty-affinity:~/spice-0.12.4$ quilt push -a File series fully applied, ends at patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch ubuntu@trusty-affinity:~/spice-0.12.4$ quilt pop -a Removing patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch Restoring server/reds.c Removing patch enable_subdir-objects.patch Restoring spice-common/configure.ac Removing patch link-server-test-with-libm-libpthread.patch Restoring server/tests/Makefile.am Removing patch make-celt-to-be-optional.patch Restoring server/snd_worker.c Restoring configure.ac Restoring client/audio_channels.h Restoring client/playback_channel.cpp Restoring client/record_channel.cpp Removing patch fix-tests-warnings.patch Restoring server/tests/basic_event_loop.c Restoring server/tests/test_display_base.c No patches applied ubuntu@trusty-affinity:~/spice-0.12.4$ quilt push -a Applying patch fix-tests-warnings.patch patching file server/tests/basic_event_loop.c patching file server/tests/test_display_base.c Applying patch make-celt-to-be-optional.patch patching file client/audio_channels.h patching file client/playback_channel.cpp patching file client/record_channel.cpp patching file configure.ac patching file server/snd_worker.c Applying patch link-server-test-with-libm-libpthread.patch patching file server/tests/Makefile.am Applying patch enable_subdir-objects.patch patching file spice-common/configure.ac Applying patch fix-buffer-overflow-when-decrypting-client-spice-ticket.patch patching file server/reds.c Now at patch fix-buffer-overflow-when-decrypting-client-spice- ticket.patch ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to spice in Ubuntu. https://bugs.launchpad.net/bugs/1450043 Title: spice package for trusty contains a malformed patch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/spice/+bug/1450043/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434150] Re: [SRU] missing (anti) affinity support
I tested the version available in proposed and it works as expected. Console log of test http://pastebin.ubuntu.com/11231743/ ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1434150 Title: [SRU] missing (anti) affinity support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
On Tue, 19 May 2015 19:56:07 - Ryan Tandy 1446...@bugs.launchpad.net wrote: The precise debdiff adds d/p/0001-ITS-7723-fix-reference-counting.patch which is the same as CVE-2013-4449.patch but not used in d/p/series. Right, my bad, a leftover of an import I dismissed. Do you want me to reupload the patch? Best, -- Felipe Reyes Software Sustaining Engineer @ Canonical STS Engineering Team # Email: felipe.re...@canonical.com (GPG:0x9B1FFF39) # Phone: +56 9 7640 7887 # Launchpad: ~freyes | IRC: freyes -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
Patch for vivid to fix CVE-2013-4449 and CVE-2015-1545 ** Patch added: lp1446809_vivid.patch https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400529/+files/lp1446809_vivid.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545)
** Summary changed: - [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) + [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query (CVE-2012-1164, CVE-2013-4449, CVE-2015-1545) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4449 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-1545 ** Attachment removed: lp1446809_precise.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4392199/+files/lp1446809_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
Here I'm attaching a new version of the patch for precise that includes fixes for CVE-2012-1164, CVE-2013-4449 and CVE-2015-1545 Pending to add patches to fix CVE-2013-4449 and CVE-2015-1545 in trusty, utopic, vivid and wily. ** Description changed: [Impact] - * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a - denial of service (assertion failure and daemon exit) via an LDAP search - query with attrsOnly set to true, which causes empty attributes to be - returned. + * CVE-2012-1164: + - slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. + - Trusty ships 2.4.31 which comes with a fix for this. - * Trusty ships 2.4.31 which comes with a fix for this. + * CVE-2013-4449 + - The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. + - This bug affects all the series (precise, trusty, utopic, vivid and wily) - [Test Case] - - TBD + * CVE-2015-1545 + - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. + - This bug affects all the series (precise, trusty, utopic, vivid and wily) [Regression Potential] * this set of patches adds validations to avoid segfaults, so no regression is expected. [Other Info] - * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 - * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html - * Patches backported: - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) + * CVE-2012-1164: + - Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 + - http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html + - Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) + + * CVE-2013-4449 + - Upstream bug report http://www.openldap.org/its/index.cgi/Incoming?id=7723 + - Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=924389d9dd9dbb6ffe5db6c0fc65ecfe6814a1af + + * CVE-2015-1545 + - Upstream bug report http://www.openldap.org/its/?findid=8027 + - Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 ** Patch added: lp1446809_precise.debdiff https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400520/+files/lp1446809_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** Description changed: [Impact] * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. * Trusty ships 2.4.31 which comes with a fix for this. [Test Case] TBD [Regression Potential] TBD [Other Info] - + * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html + * Patches backported: + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** Patch added: lp1446809_precise.debdiff https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+attachment/4392199/+files/lp1446809_precise.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** Summary changed: - denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) + [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** Description changed: [Impact] * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. * Trusty ships 2.4.31 which comes with a fix for this. [Test Case] TBD [Regression Potential] - TBD + * this set of patches adds validations to avoid segfaults, so no + regression is expected. [Other Info] * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html * Patches backported: - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) - - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=ef2f5263de8802794e528cc2648ecfca369302ae (p1) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=430256fafb85028443d7964a5ab1f4bbf8b2db38 (p2) + - http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=463c1fa25d45e393dc1f1ea235286f79e872fad0 (p3) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1439649] Re: Pacemaker unable to communicate with corosync on restart under lxc
** Tags added: sts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1439649 Title: Pacemaker unable to communicate with corosync on restart under lxc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1439649/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1439649] Re: Pacemaker unable to communicate with corosync on restart under lxc
I'm seeing this problem in another environment, similar deployment (3 lxc containers) Apr 20 16:39:26 juju-machine-3-lxc-4 crm_verify[31774]: notice: crm_log_args: Invoked: crm_verify -V -p Apr 20 16:39:27 juju-machine-3-lxc-4 cibadmin[31786]: notice: crm_log_args: Invoked: cibadmin -p -P Apr 20 16:50:01 juju-machine-3-lxc-4 cib[780]:error: pcmk_cpg_dispatch: Connection to the CPG API failed: Library error (2) Apr 20 16:50:01 juju-machine-3-lxc-4 cib[780]:error: cib_cs_destroy: Corosync connection lost! Exiting. Apr 20 16:50:01 juju-machine-3-lxc-4 crmd[785]:error: crmd_quorum_destroy: connection terminated Apr 20 16:50:01 juju-machine-3-lxc-4 attrd[783]:error: pcmk_cpg_dispatch: Connection to the CPG API failed: Library error (2) Apr 20 16:50:01 juju-machine-3-lxc-4 stonith-ng[781]:error: pcmk_cpg_dispatch: Connection to the CPG API failed: Library error (2) Apr 20 16:50:01 juju-machine-3-lxc-4 crmd[785]: notice: crmd_exit: Forcing immediate exit: Link has been severed (67) Apr 20 16:50:01 juju-machine-3-lxc-4 lrmd[782]: warning: qb_ipcs_event_sendv: new_event_notification (782-785-6): Bad file descriptor (9) Apr 20 16:50:01 juju-machine-3-lxc-4 lrmd[782]: warning: send_client_notify: Notification of client crmd/8ad990ba-cf09-4ba3-b74b-a7d05d377a1b failed Apr 20 16:50:01 juju-machine-3-lxc-4 lrmd[782]:error: crm_abort: crm_glib_handler: Forked child 760 to record non-fatal assert at logging.c:63 : Source ID 4601370 was not found when attempting to remove it Apr 20 16:50:01 juju-machine-3-lxc-4 pacemakerd[773]:error: pcmk_child_exit: Child process cib (780) exited: Invalid argument (22) Apr 20 16:50:01 juju-machine-3-lxc-4 pacemakerd[773]: notice: pcmk_process_exit: Respawning failed child process: cib Apr 20 16:50:01 juju-machine-3-lxc-4 pacemakerd[773]:error: pcmk_child_exit: Child process crmd (785) exited: Link has been severed (67) Apr 20 16:50:01 juju-machine-3-lxc-4 pacemakerd[773]: notice: pcmk_process_exit: Respawning failed child process: crmd Apr 20 16:50:01 juju-machine-3-lxc-4 attrd[783]: crit: attrd_cs_destroy: Lost connection to Corosync service! Apr 20 16:50:01 juju-machine-3-lxc-4 attrd[783]: notice: main: Exiting... Apr 20 16:50:01 juju-machine-3-lxc-4 attrd[783]: notice: main: Disconnecting client 0x7ff985e478e0, pid=785... Apr 20 16:50:01 juju-machine-3-lxc-4 pacemakerd[773]:error: pcmk_cpg_dispatch: Connection to the CPG API failed: Library error (2) Apr 20 16:50:01 juju-machine-3-lxc-4 pacemakerd[773]:error: mcp_cpg_destroy: Connection destroyed Apr 20 16:50:01 juju-machine-3-lxc-4 attrd[783]:error: attrd_cib_connection_destroy: Connection to the CIB terminated... Apr 20 16:50:01 juju-machine-3-lxc-4 cib[761]:debug: crm_update_callsites: Enabling callsites based on priority=7, files=(null), functions=(null), formats=(null), tags=(null) Apr 20 16:50:01 juju-machine-3-lxc-4 crmd[767]:debug: crm_update_callsites: Enabling callsites based on priority=7, files=(null), functions=(null), formats=(null), tags=(null) Apr 20 16:50:01 juju-machine-3-lxc-4 crmd[767]: notice: main: CRM Git Version: 42f2063 Apr 20 16:50:01 juju-machine-3-lxc-4 stonith-ng[781]:error: stonith_peer_cs_destroy: Corosync connection terminated Apr 20 16:50:01 juju-machine-3-lxc-4 cib[761]: notice: crm_cluster_connect: Connecting to cluster infrastructure: corosync Apr 20 16:50:01 juju-machine-3-lxc-4 cib[761]:error: cluster_connect_cpg: Could not connect to the Cluster Process Group API: 2 Apr 20 16:50:01 juju-machine-3-lxc-4 cib[761]: crit: cib_init: Cannot sign in to the cluster... terminating Apr 20 16:50:02 juju-machine-3-lxc-4 crmd[767]: warning: do_cib_control: Couldn't complete CIB registration 1 times... pause and retry Apr 20 16:50:05 juju-machine-3-lxc-4 crmd[767]: warning: do_cib_control: Couldn't complete CIB registration 2 times... pause and retry These are the only processes running in one of the nodes: root 782 0.0 0.0 81464 1828 ?Ss Feb12 25:13 /usr/lib/pacemaker/lrmd haclust+ 784 0.0 0.0 73920 776 ?Ss Feb12 8:25 /usr/lib/pacemaker/pengine root 780 0.8 0.0 130256 4152 ?Ssl 16:50 0:00 /usr/sbin/corosync A possible explanation could be: http://thread.gmane.org/gmane.linux.highavailability.corosync/592/focus=639 I only have logs for one of the nodes, I'm trying to get logs of the other 2 nodes to get a better understanding of what was happening with the communication. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1439649 Title: Pacemaker unable to communicate with corosync on restart under lxc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1439649/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or
[Bug 1446809] Re: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** Tags removed: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: [SRU] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434150] Re: [SRU] missing (anti) affinity support
Attaching a newer rebased on top of the latest version ** Patch removed: lp_1434150_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+attachment/4350107/+files/lp_1434150_trusty.debdiff ** Patch added: lp_1434150_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+attachment/4391616/+files/lp_1434150_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1434150 Title: [SRU] missing (anti) affinity support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] Re: denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-1164 ** Changed in: openldap (Ubuntu) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1446809] [NEW] denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164)
Public bug reported: [Impact] * slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned. * Trusty ships 2.4.31 which comes with a fix for this. [Test Case] TBD [Regression Potential] TBD [Other Info] * Upstream bug report http://www.openldap.org/its/index.cgi/Software%2520Bugs?id=7143 * http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1164.html ** Affects: openldap (Ubuntu) Importance: Undecided Status: New ** Tags: cts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1446809 Title: denial of service via an LDAP search query with attrsOnly set to true (CVE-2012-1164) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434150] Re: [SRU] missing (anti) affinity support
** Description changed: [Impact] OpenStack Icehouse deprecates GroupAffinityFilter in favor of ServerGroupAffinityFilter[0], but python-novaclient 2.17 doesn't support server-group creation[1] and policy definition during instance creation, this a bug in terms that the client isn't complete. [Test Case] * Deploy an icehouse cloud with ServerGroupAffinityFilter enabled (the default if using juju charms) * Create a server group $ nova server-group-create --policy affinity group-1 * Boot two instances using the previously created group $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm01 $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm02 * Both instances must be running in the same compute node, this can be verified running, as admin: $ nova show INSTANCE_UUID [Regression Potential] None expected, this change adds a new command line parameter and a test for it. [Other Info] * This problem only affects Trusty, because Utopic ships python-novaclient 2.19 which comes with support for server groups creation. * Patch that adds 'server-group-create' operation https://github.com/openstack/python-novaclient/commit/c40891b2824805458db40067ab669d961ecfdfed * Patch that adds --policy to nova boot https://github.com/openstack/python-novaclient/commit/376fd9f5bb825e2ce01fc9141c7477f25ac10101 + * How to use Affinity and Anti-Affinity in OpenStack Icehouse + http://dev.cloudwatt.com/en/blog/affinity-and-anti-affinity-in-openstack.html [0] http://docs.openstack.org/icehouse/config-reference/content/section_compute-scheduler.html [1] http://docs.openstack.org/icehouse/config-reference/content/section_compute-scheduler.html#servergroupaffinityfilter -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1434150 Title: [SRU] missing (anti) affinity support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434150] [NEW] [SRU] missing (anti) affinity support
Public bug reported: [Impact] OpenStack Icehouse deprecates GroupAffinityFilter in favor of ServerGroupAffinityFilter[0], but python-novaclient 2.17 doesn't support server-group creation[1] and policy definition during instance creation, this a bug in terms that the client isn't complete. [Test Case] * Deploy an icehouse cloud with ServerGroupAffinityFilter enabled (the default if using juju charms) * Create a server group $ nova server-group-create --policy affinity group-1 * Boot two instances using the previously created group $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm01 $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm02 * Both instances must be running in the same compute node, this can be verified running, as admin: $ nova show INSTANCE_UUID [Regression Potential] None expected, this change adds a new command line parameter and a test for it. [Other Info] * This problem only affects Trusty, because Utopic ships python-novaclient 2.19 which comes with support for server groups creation. * Patch that adds 'server-group-create' operation https://github.com/openstack/python-novaclient/commit/c40891b2824805458db40067ab669d961ecfdfed * Patch that adds --policy to nova boot https://github.com/openstack/python-novaclient/commit/376fd9f5bb825e2ce01fc9141c7477f25ac10101 [0] http://docs.openstack.org/icehouse/config-reference/content/section_compute-scheduler.html [1] http://docs.openstack.org/icehouse/config-reference/content/section_compute-scheduler.html#servergroupaffinityfilter ** Affects: python-novaclient (Ubuntu) Importance: Undecided Status: New ** Tags: cts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1434150 Title: [SRU] missing (anti) affinity support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1434150] Re: missing (anti) affinity support
Here I'm attaching a debdiff which adds two patches to fix this issue. ** Patch added: lp_1434150_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+attachment/4350107/+files/lp_1434150_trusty.debdiff ** Summary changed: - missing (anti) affinity support + [SRU] missing (anti) affinity support ** Description changed: [Impact] OpenStack Icehouse deprecates GroupAffinityFilter in favor of ServerGroupAffinityFilter[0], but python-novaclient 2.17 doesn't support server-group creation[1] and policy definition during instance creation, this a bug in terms that the client isn't complete. [Test Case] * Deploy an icehouse cloud with ServerGroupAffinityFilter enabled (the default if using juju charms) * Create a server group -$ nova server-group-create --policy affinity group-1 + $ nova server-group-create --policy affinity group-1 * Boot two instances using the previously created group - $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm01 - $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm02 + $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm01 + $ nova boot --image IMAGE_ID --flavor 1 --hint group=SERVER_GROUP_UUID vm02 * Both instances must be running in the same compute node, this can be verified running, as admin: $ nova show INSTANCE_UUID [Regression Potential] - TBD + None expected, this change adds a new command line parameter and a test + for it. [Other Info] * This problem only affects Trusty, because Utopic ships python-novaclient 2.19 which comes with support for server groups creation. * Patch that adds 'server-group-create' operation - https://github.com/openstack/python-novaclient/commit/c40891b2824805458db40067ab669d961ecfdfed + https://github.com/openstack/python-novaclient/commit/c40891b2824805458db40067ab669d961ecfdfed * Patch that adds --policy to nova boot - https://github.com/openstack/python-novaclient/commit/376fd9f5bb825e2ce01fc9141c7477f25ac10101 + https://github.com/openstack/python-novaclient/commit/376fd9f5bb825e2ce01fc9141c7477f25ac10101 [0] http://docs.openstack.org/icehouse/config-reference/content/section_compute-scheduler.html [1] http://docs.openstack.org/icehouse/config-reference/content/section_compute-scheduler.html#servergroupaffinityfilter -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-novaclient in Ubuntu. https://bugs.launchpad.net/bugs/1434150 Title: [SRU] missing (anti) affinity support To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-novaclient/+bug/1434150/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386840] Re: [SRU] failure to start a container
Here I'm attaching a patch built on top of the latest version of the package (1.1.0~alpha2-0ubuntu3.1) ** Patch removed: utopic_lp1386840.debdiff https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+attachment/4311145/+files/utopic_lp1386840.debdiff ** Patch added: lp1386840_utopic.debdiff https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+attachment/4313368/+files/lp1386840_utopic.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1386840 Title: [SRU] failure to start a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386840] Re: [SRU] failure to start a container
** Tags added: cts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1386840 Title: [SRU] failure to start a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386840] Re: failure to start a container
Patch to backport the fix into utopic. ** Description changed: + [Impact] + + Without this patch containers that don't have a complete apparmor + configuration fail to start. Making lxc unusable to run Debian Sid and Jessie + (at least). + + This bug is not present in Trusty, which ships 1.0.7 (Debian Sid runs + OK). + + [Test Case] + + - Create a debian sid container + $ sudo env SUITE=sid lxc-create -t debian -n sid + + - Start the container + $ sudo lxc-start -n sid + + Expected behavior: + + The container is started + + Actual behavior: + + $ sudo lxc-start -F -n sid + lxc-start: lsm/apparmor.c: mount_feature_enabled: 61 Permission denied - Error mounting securityfs + lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set + lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1 + lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file + lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4 + lxc-start: start.c: __lxc_start: 1087 failed to spawn 'sid' + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing name=systemd:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing perf_event:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing net_prio:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing net_cls:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing memory:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing hugetlb:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing freezer:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing devices:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpuset:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpuacct:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpu:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing blkio:lxc/sid-2 + lxc-start: lxc_start.c: main: 337 The container failed to start. + lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options. + + + [Regression Potential] + + No regressions expected, different versions of Ubuntu and Debian containers + were tested with this patch applied. + + [Other Info] + On utopic using lxc version 1.1.0~alpha2-0ubuntu3, I was unable to start a container. $ sudo lxc-start -F -n lxc-errors lxc-start: lsm/apparmor.c: mount_feature_enabled: 61 Permission denied - Error mounting securityfs lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1 lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4 lxc-start: start.c: __lxc_start: 1087 failed to spawn 'lxc-errors' lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing name=systemd:lxc/lxc-errors-2 Switching to the version of lxc in http://ppa.launchpad.net/ubuntu- lxc/daily/ resolved the failure to start for me. ** Summary changed: - failure to start a container + [SRU] failure to start a container ** Changed in: lxc (Ubuntu Trusty) Assignee: Felipe Reyes (freyes) = (unassigned) ** Patch added: utopic_lp1386840.debdiff https://bugs.launchpad.net/ubuntu
[Bug 1386840] Re: failure to start a container
** Changed in: lxc (Ubuntu Trusty) Assignee: (unassigned) = Felipe Reyes (freyes) ** Changed in: lxc (Ubuntu Utopic) Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1386840 Title: failure to start a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404110] Re: [SRU] Wrong hint key in volume create function
Hi, The package from -proposed worked as expected creating volumes with scheduler_hints enabled. Thanks, ** Attachment added: test_scheduler_hints_from_proposed.log https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+attachment/4306619/+files/test_scheduler_hints_from_proposed.log ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cinderclient in Ubuntu. https://bugs.launchpad.net/bugs/1404110 Title: [SRU] Wrong hint key in volume create function To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404110] Re: [SRU] Wrong hint key in volume create function
New version of the patch with the correct bug number in the debian/changelog. ** Patch removed: lp_1404110_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+attachment/4283947/+files/lp_1404110_trusty.debdiff ** Patch added: lp_1404110_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+attachment/4298488/+files/lp_1404110_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cinderclient in Ubuntu. https://bugs.launchpad.net/bugs/1404110 Title: [SRU] Wrong hint key in volume create function To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404110] Re: [SRU] Wrong hint key in volume create function
** Tags added: openstack -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cinderclient in Ubuntu. https://bugs.launchpad.net/bugs/1404110 Title: [SRU] Wrong hint key in volume create function To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404110] Re: [SRU] Wrong hint key in volume create function
** Attachment added: test_scheduler_hints.py output https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+attachment/4283948/+files/test_scheduler_hints.log -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cinderclient in Ubuntu. https://bugs.launchpad.net/bugs/1404110 Title: [SRU] Wrong hint key in volume create function To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404110] Re: [SRU] Wrong hint key in volume create function
** Patch added: lp_1404110_trusty.debdiff https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+attachment/4283947/+files/lp_1404110_trusty.debdiff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to python-cinderclient in Ubuntu. https://bugs.launchpad.net/bugs/1404110 Title: [SRU] Wrong hint key in volume create function To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1404110] [NEW] [SRU] Wrong hint key in volume create function
Public bug reported:
[Impact]
Heat uses 'scheduler hints' to instruct the cloud that some resources
need special treatment, for instance that two cinder volumes have to be
created on different backends.
Without this patch, cinder client is broken and hints aren't properly
formatted leaving without effect the hints sent.
[Test Case]
Use script test_scheduler_hints.py against cinder API v2, the request
sent will contain scheduler_hints: {same_host: SOME_ID} while the
service expects OS-SCH-HNT:scheduler_hints: {same_host: SOME_ID}
An example output can be found in the file test_scheduler_hints.log
[Regression Potential]
No regression expected. Currently the key is being discarded by the
service and this patch just format it properly
[Other Info]
Please refer to upstream commit:
https://review.openstack.org/#/c/72059/5
Blueprint: Support Cinder scheduler hints
https://github.com/openstack/heat-specs/blob/master/specs/kilo/cinder-scheduler-hints.rst
Definition of the key:
https://github.com/openstack/cinder/blob/stable/icehouse/cinder/api/contrib/scheduler_hints.py#L31
https://github.com/openstack/cinder/blob/stable/icehouse/cinder/api/contrib/scheduler_hints.py#L54
** Affects: python-cinderclient (Ubuntu)
Importance: Undecided
Status: New
** Tags: cts
** Attachment added: script to verify badly formatted request
https://bugs.launchpad.net/bugs/1404110/+attachment/4283946/+files/test_scheduler_hints.py
** Tags added: cts
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to python-cinderclient in Ubuntu.
https://bugs.launchpad.net/bugs/1404110
Title:
[SRU] Wrong hint key in volume create function
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-cinderclient/+bug/1404110/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1374999] Re: iSCSI volume detach does not correctly remove the multipath device descriptors
** Changed in: nova Assignee: (unassigned) = Felipe Reyes (freyes) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/1374999 Title: iSCSI volume detach does not correctly remove the multipath device descriptors To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1374999/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1290920] Re: non-default lxc-dir breaks local provider
** Tags added: cts -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-core in Ubuntu. https://bugs.launchpad.net/bugs/1290920 Title: non-default lxc-dir breaks local provider To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1290920/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1346815] Re: lxc-clone causes duplicate MAC address and IP address
I'm running utopic, after upgrading to lxc-1.1.0~alpha2-0ubuntu3, the bug went away -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1346815 Title: lxc-clone causes duplicate MAC address and IP address To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1346815/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 615545] Re: Instances launched in a VPC cannot access ec2.archive.ubuntu.com
The workaround used to know if the instance is inside a VPC isn't working for me, I launched a EC2 instance and I assigned an Elastic IP (all these using cloud formation), when cloud-init gets the metadata this is what it gets: # curl http://169.254.169.254/latest/meta-data/ ami-id ami-launch-index ami-manifest-path block-device-mapping/ hostname instance-action instance-id instance-type kernel-id local-hostname local-ipv4 mac metrics/ network/ placement/ profile public-ipv4 public-keys/ reservation-id security-groups $ curl http://169.2st/meta-data/public-ipv4 184.72.x.x As you can see the field public-ipv4 appears in the metadata, so cloud- init thinks the instance isn't running in a VPC and sets the apt mirror to us-east1... and it takes me to the original situation. No access to the repositories. I fixed this behavior with the sugested key in cloud-config.yaml (apt_mirror: http://us.archive.ubuntu.com/ubuntu/). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to cloud-init in Ubuntu. https://bugs.launchpad.net/bugs/615545 Title: Instances launched in a VPC cannot access ec2.archive.ubuntu.com To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/615545/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
