group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #07067
[Bug 1578833] Re: pollinate should not run in containers and only for first boot
This bug was fixed in the package pollinate - 4.21-0ubuntu1~14.04
---------------
pollinate (4.21-0ubuntu1~14.04) trusty-proposed; urgency=medium
[ Dustin Kirkland ]
* pollinate:
- fix broken printing of binary data, this was breaking check_pollen
nagios scripts on the server
[ Junien Fridrick ]
* entropy.ubuntu.com.pem:
- simplify CA cert to just the DigiCert chain (drop GoDaddy)
pollinate (4.20-0ubuntu1) yakkety; urgency=medium
* debian/control:
- drop the anerd references, hasn't existed in basically forever
- update description
- add dummy | dh-apparmor dependency to get this building on precise,
where dh-systemd doesn't exist
- drop run-one dependency, no longer needed
- make the bsdutils dependency (for logger) explicit, add epoch
* debian/rules:
- use systemd, when possible
* pollinate:
- fix breakage on older (trusty, precise) Ubuntu, where logger does not
support --id=[ID]; check version of bsdutils (provides logger) to
ensure that it's at least ubuntu wily
- cloud-init version string
* debian/pollinate.service, debian/pollinate.upstart:
- improve the init messages logged
pollinate (4.19-0ubuntu1) yakkety; urgency=medium
[ Martin Pitt ]
* debian/pollinate.service: Move installation from network.target to
multi-user.target. network.target is too early and causes dependency loops
with e. g. NFS. (LP: #1576333)
* debian/pollinate.preinst: Clean up old enablement symlink on upgrade. This
needs to be kept until after 18.04 LTS.
pollinate (4.18-0ubuntu1) yakkety; urgency=medium
* debian/pollinate.service:
- move to later in boot, after network starts, but before ssh starts
pollinate (4.17-0ubuntu1) yakkety; urgency=medium
* debian/pollinate.service:
- use the right flag file for LP: #1578833
pollinate (4.16-0ubuntu1) yakkety; urgency=medium
[ Martin Pitt ]
* Don't run pollinate.service in containers (as containers can't and should
not write the host's random pool) and when we already have a saved random
seeds (i. e. only on first boot). (LP: #1578833)
* Bump Standards-Version to 3.9.8 (no changes needed).
[ Dustin Kirkland ]
* pollinate: use timeout(1) to limit curl, related to LP: #1578833
pollinate (4.15-0ubuntu1) xenial; urgency=medium
* pollinate: LP: #1555362
- log the right pid
pollinate (4.14-0ubuntu1) xenial; urgency=medium
* pollinate, pollinate.1: LP: #1554152
- change the failure mode of pollinate, so as to more cleanly
tolerate network failures
- add a --strict option to re-enable the previous behavior,
ie, strictly exit non-zero if pollinate fails for any reason
- we've always promised that pollinate would operate on a best-effort
basis, improving the prng seeding when possible, but failing
gracefully when not possible; as such, we've made good on the first
half of that promise, however, the latter half has proven
troublesome; this is due to the fact that if pollinate exits
non-zero, then its callers (cloud-init, maas, etc.) may well
interpret the behavior strictly as a failure to boot the system,
when in fact that's not the case; instead, we'll clearly print
a warning to syslog, and we'll retry the seeding on next pollinate
service start (e.g. a reboot); moreover, we'll carry a --strict
flag in the case that users want to opt into the previous behavior
pollinate (4.13-0ubuntu1) wily; urgency=medium
[ Robie Basak ]
* entropy.ubuntu.com.pem:
- Add "DigiCert Global Root CA" certificate from ca-certificates
package to entropy.ubuntu.com.pem. This is required to correctly
verify against the new entropy.ubuntu.com SSL certificate.
pollinate (4.12-0ubuntu1) wily; urgency=medium
* pollinate:
- add cpu hardware model to user agent
* entropy.ubuntu.com.pem:
- entropy.ubuntu.com SSL is coming up for renewal on 2015-09-15
- update the certs for the pollinate package
- Note that this changes the issuing CA to DigiCert, which requires
a new intermediary.
-- Dustin Kirkland <kirkland@xxxxxxxxxx> Mon, 11 Jul 2016 10:52:57
-0500
** Changed in: pollinate (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1578833
Title:
pollinate should not run in containers and only for first boot
Status in pollinate package in Ubuntu:
Fix Released
Status in pollinate source package in Trusty:
Fix Released
Status in pollinate source package in Xenial:
Fix Released
Bug description:
Booting a xenial cloud image in lxd shows that pollinate by far is the
biggest bottleneck:
$ systemd-analyze blame
2.756s pollinate.service
656ms cloud-init-local.service
598ms cloud-init.service
509ms cloud-config.service
393ms cloud-final.service
147ms networking.service
[...]
This is the second boot, so cloud-init should not actually do anything
any more (it takes muuuch longer on the first boot).
pollinate should not run in containers at all, as containers take
randomness from the host. Also, for VMs it should only run for the
first boot. Both upstart and systemd save the random seed on shutdown
and load it at boot, which is a lot faster than pollinate.
So pollinate.service should grow
ConditionVirtualization=!container
ConditionPathExists=!/var/lib/systemd/random-seed
== SRU ==
[IMPACT]
Some Xenial boots take longer than they should. Pollinate should only run once, at first boot, and never in containers. And should never take longer than 3 seconds.
[TEST CASE]
Boot a new Xenial instance. Ensure that pollinate runs the first time it boots. You can check that in /var/log/syslog and ensure that /var/cache/pollinate/seeded exists /var/cache/pollinate/log. Now reboot that instance. Ensure that more, new entries do *not* show up.
[REGRESSION POTENTIAL]
The regression potential is important. We need to ensure that we don't somehow *never* pollinate the first time.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1578833/+subscriptions
