← Back to team overview

canonical-ubuntu-qa team mailing list archive

  1. canonical-ubuntu-qa team
  2. Mailing list archive
  3. Message #05008

[Bug 2074381] [NEW] autopkgtest-cloud LXD worker is incompatible with LXD 6.1

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Following the release of LXD 6.1, autopkgtest-cloud-lxd worker needs to
be updated, or LXD needs to be pinned to <6.1 releases.

This is due to the removal of the `core.trust_password` option [1], that
is used in the `cloud-config` of the workers [2] to set a pre-shared
secret later used on the worker [3] to automatically add the remotes.

Documentation on alternatives [4] shows it's replaced by two different
methods: importing the TLS certificate directly, or through a generated
token. Both would require changing the worker charm to adapt to the new
method.

On suggestion would be to pre-generate a client key and certificate [5], then deploy that automatically, the certificate effectively acting as a pre-shared secret.
The certificate is imported like this on the LXD server [6].
And placed on the LXD client (worker unit) in here `/var/snap/lxd/common/lxc/{client.crt,client.key}`.
This path `/var/snap/lxd/common/lxc/servercerts` also has a role to play apparently, not sure exactly which one.

One alternative approach would be to just stop running armhf test in LXD
containers, and boot armhf images in an arm64 cloud, to run them the
same way we run all the other architectures.


[1]: https://discourse.ubuntu.com/t/lxd-6-1-has-been-released/46259#removal-of-trust-password-feature-7
[2]: https://git.launchpad.net/autopkgtest-cloud/tree/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/armhf-lxd.userdata#n64
[3]: https://git.launchpad.net/autopkgtest-cloud/tree/charms/focal/autopkgtest-cloud-worker/units/autopkgtest-lxd-remote@.service#n12
[4]: https://documentation.ubuntu.com/lxd/en/latest/authentication/#authentication-tls-certs
[5]: https://github.com/canonical/lxd-ci/blob/5b455198bda80ee436fddaaba3c839e342e01c88/bin/helpers#L211-L217
[6]: https://github.com/canonical/lxd-ci/blob/5b455198bda80ee436fddaaba3c839e342e01c88/tests/cluster#L116-L118

** Affects: auto-package-testing
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of
Canonical's Ubuntu QA, which is subscribed to Auto Package Testing.
https://bugs.launchpad.net/bugs/2074381

Title:
  autopkgtest-cloud LXD worker is incompatible with LXD 6.1

Status in Auto Package Testing:
  New

Bug description:
  Following the release of LXD 6.1, autopkgtest-cloud-lxd worker needs
  to be updated, or LXD needs to be pinned to <6.1 releases.

  This is due to the removal of the `core.trust_password` option [1],
  that is used in the `cloud-config` of the workers [2] to set a pre-
  shared secret later used on the worker [3] to automatically add the
  remotes.

  Documentation on alternatives [4] shows it's replaced by two different
  methods: importing the TLS certificate directly, or through a
  generated token. Both would require changing the worker charm to adapt
  to the new method.

  On suggestion would be to pre-generate a client key and certificate [5], then deploy that automatically, the certificate effectively acting as a pre-shared secret.
  The certificate is imported like this on the LXD server [6].
  And placed on the LXD client (worker unit) in here `/var/snap/lxd/common/lxc/{client.crt,client.key}`.
  This path `/var/snap/lxd/common/lxc/servercerts` also has a role to play apparently, not sure exactly which one.

  One alternative approach would be to just stop running armhf test in
  LXD containers, and boot armhf images in an arm64 cloud, to run them
  the same way we run all the other architectures.

  
  [1]: https://discourse.ubuntu.com/t/lxd-6-1-has-been-released/46259#removal-of-trust-password-feature-7
  [2]: https://git.launchpad.net/autopkgtest-cloud/tree/charms/focal/autopkgtest-cloud-worker/autopkgtest-cloud/tools/armhf-lxd.userdata#n64
  [3]: https://git.launchpad.net/autopkgtest-cloud/tree/charms/focal/autopkgtest-cloud-worker/units/autopkgtest-lxd-remote@.service#n12
  [4]: https://documentation.ubuntu.com/lxd/en/latest/authentication/#authentication-tls-certs
  [5]: https://github.com/canonical/lxd-ci/blob/5b455198bda80ee436fddaaba3c839e342e01c88/bin/helpers#L211-L217
  [6]: https://github.com/canonical/lxd-ci/blob/5b455198bda80ee436fddaaba3c839e342e01c88/tests/cluster#L116-L118

To manage notifications about this bug go to:
https://bugs.launchpad.net/auto-package-testing/+bug/2074381/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next