group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1938207] Re: ubuntu-advantage-tools.postinst and cloud-id are not robust against failure

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1938207@xxxxxxxxxxxxxxxxxx>
Date: Tue, 02 Nov 2021 16:49:42 -0000
Reply-to: Bug 1938207 <1938207@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
This bug was fixed in the package ubuntu-advantage-tools - 27.3~20.04.1

---------------
ubuntu-advantage-tools (27.3~20.04.1) focal; urgency=medium

  * Backport new upstream release: (LP: #1942929) to focal

ubuntu-advantage-tools (27.3~21.10.1) impish; urgency=medium

  * d/tools.postinst:
    - consider cloud to be "none" on any cloud-id error
    - purge old ua-messaging.timer/service files
    - keep ua-timer.timer disabled if ua-messaging.timer was disabled by
      the user
    - properly configure both ubuntu-advantage-timer and
      ubuntu-advantage-licence-check logs
  * d/tools.postrm:
    - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs
      during purge
  * systemd:
    - remove ua-messaging.timer/service
    - add new ua-timer.timer that runs every 6 hours
    - add new ua-license_check.timer that runs every 5 minutes only if
      activated by ua-license-check.path
  * New upstream release 27.3 (LP: #1942929)
    - ros:
      + add beta support to enable ros and ros-updates
      + add support for "required services" so that esm-infra and esm-apps
        get auto-enabled when enabling ros or ros-updates
      + add support for "dependent services" so that user gets prompted to
        disable ros/ros-updates if they disable esm-infra/esm-apps
    - fips:
      + allow fips on GCP bionic now that optimized kernel is ready
      + disallow enabling fips on focal on clouds until cloud-optimized focal
        fips-certified kernel is ready (LP: #1939449, LP: #1939932)
      + print warning about generic fips kernel if cloud-id fails
    - cloud:
      + rely only on cloud-id to determine cloud type (LP: #1940131)
      + catch errors when determining cloud type
        (LP: #1938207, LP: #1944676) (GH: #1541)
    - azure:
      + bump IMDS API version to support Azure published images
    - cli:
      + collect-logs command that creates a tar file with debug-relevant logs
        and status info (GH: #463)
      + clean locks on exceptions more thoroughly to avoid false "Operation in
        progress" status messages
      + retain past service state after detach
      + shows better error message when a port value in a proxy is invalid
    - non-unicode locale support:
      + remove unicode-only characters from help file
      + don't print unicode-only characters in ua fix if non-utf8 locale
        (GH: #1463)
    - logrotate:
      + add logrotate functionality for ubuntu-advantage-timer.log.
      + Fix root:root logrotate permissions.
    - ua-timer.timer:
      + introduce a single systemd timer to handle ua recurring jobs
      + timer runs every 2 hours to support most frequent timer job
      + recurring job intervals are configurable in uaclient.conf
      + individual jobs are disabled if their interval is set to 0
      - status job:
        + update ua status every 12 hours
      - messaging job:
        + update APT/MOTD ESM messaging every 6 hours
      - metering job:
        + disabled until infrastructure is ready
        + for attached machines only, periodically update contract server with
          status information for proper contract metering
    - ua-license-check.timer:
      + only runs on LTS GCP instances that are not attached
      + runs every 5 minutes to check if gcp instance has license required to
        auto-attach
    - logs:
      + fixes duplicate logging (GH: #553)
    - tests and support:
      + remove groovy integration tests
      + various improvements to integration tests

 -- Grant Orndorff <grant.orndorff@xxxxxxxxxxxxx>  Thu, 23 Sep 2021
16:42:04 -0400

** Changed in: ubuntu-advantage-tools (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1938207

Title:
  ubuntu-advantage-tools.postinst and cloud-id are not robust against
  failure

Status in ubuntu-advantage-tools package in Ubuntu:
  Fix Committed
Status in ubuntu-advantage-tools source package in Xenial:
  Fix Released
Status in ubuntu-advantage-tools source package in Bionic:
  Fix Released
Status in ubuntu-advantage-tools source package in Focal:
  Fix Released
Status in ubuntu-advantage-tools source package in Hirsute:
  Fix Released
Status in ubuntu-advantage-tools source package in Impish:
  Fix Released

Bug description:
  [Impact]

  If cloud-id fails in a different way from what our postinst currently
  checks for, then the postinst script will fail, breaking whatever apt
  process was running.

  We fixed this by changing the line that calls cloud-id to

  cloud_id=$(cloud-id 2>/dev/null) || cloud_id=""

  The commit with this change is here:
  https://github.com/canonical/ubuntu-advantage-
  client/commit/8ac323b1f2e2031afa8018112d20479085c0e4f7

  By doing this, any error in cloud-id will be handled by assuming we
  are not on a cloud. This is a safe assumption for the purposes of our
  postinst script.

  [Test Plan]

  You can verify that this problem is addressed in version 27.3 by
  running the following script:

  ------------------------------------------------------------
  import pycloudlib
  import os

  
  lxd = pycloudlib.LXDVirtualMachine("vm")

  name = 'pycloudlib-vm'
  release = "bionic"
  pub_key_path = "lxd-pubkey"
  priv_key_path = "lxd-privkey"

  userdata_cloud_id_fail = """\
  #cloud-config
  bootcmd:
   - cp /usr/bin/cloud-id /usr/bin/cloud-id.orig
   - 'echo "error" > /usr/bin/cloud-id'
   - chmod 755 /usr/bin/cloud-id
  """

  pub_key, priv_key = lxd.create_key_pair()

  with open(pub_key_path, "w") as f:
      f.write(pub_key)

  with open(priv_key_path, "w") as f:
      f.write(priv_key)

  lxd.use_key(
      public_key_path=pub_key_path,
      private_key_path=priv_key_path
  )

  image_id = lxd.released_image(release=release)
  instance = lxd.launch(
      name=name,
      image_id=image_id,
      user_data=userdata_cloud_id_fail
  )

  print("--- Creating base instance")
  print("ip address: ", instance.ip)
  print("--- Make cloud-id command fail by changing the binary")
  cloud_id = instance.execute("cloud-id")
  print(cloud_id.stderr)
  print("--- Running postinst script for current version of uaclient")
  dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
  print(instance.execute("ua version"))
  print(dpkg_out.stderr)
  print("------------------")

  print("--- Updating ua package")
  instance.execute("sudo add-apt-repository ppa:ua-client/staging -y")
  instance.execute("sh -c 'sudo apt-get update -q > /dev/null'")
  instance.execute("sh -c 'sudo apt-get install ubuntu-advantage-tools > /dev/null'")
  print(instance.execute("ua version"))
  dpkg_out = instance.execute("sudo dpkg-reconfigure ubuntu-advantage-tools")
  print(dpkg_out.stderr)
  print("------------------")
  instance.delete()
  ----------------------------------------------------------

  This script relies on the pycloudlib project which can be found
  here:
  https://github.com/canonical/pycloudlib/tree/main/pycloudlib

  
  [Where problems could occur]

  Any change to postinst is particularly dangerous because a mistake
  could cause it to fail and therefore cause apt installs/upgrades to
  fail. Because ua-client is on all ubuntu images, we need to be
  particularly careful here.

  Further, by changing the code that fixed a critical bug, we run the
  risk of reintroducing that bug. We've mitigated this by introducing an
  integration test scenario to cover that bug.

  [Other Info]

  The cloud id is used in postinst for doing 2 things:

  1. notifying the user if they stumbled into an using an unsupported fips kernel on the cloud
  2. activating the gcp_auto_attach job

  It is not critical if the cloud is falsely detected as none. The worst
  that could happen is that a user would not be notified of the
  unsupported fips kernel or that a user would not have the
  gcp_auto_attach job activated.

  [Original Description]

  As discovered in regression bug 1936833:

   1) "cloud-id" can sometimes crash; perhaps it should return something
  more sensible if a cloud-id is not available

   2) ubuntu-advantage-tools.postinst might crash if cloud-id crashes;
  perhaps it should be generally resilient against cloud-id crashing,
  instead of trying to predict if it will work or not (additionally the
  current prediction method seems to be based on an internal
  implementation detail that might change)

  I wonder if one or both of these things can be improved. For example,
  define the failure behaviour of cloud-id when it cannot function, and
  have the postinst test for that, and further, adjust the postinst to
  be robust against _any_ failure of cloud-id.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1938207/+subscriptions