yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1554152] Re: pollinate fails in many circumstances, cloud-init reports that failure, maas reports node failed deployment

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1554152@xxxxxxxxxxxxxxxxxx>
Date: Wed, 24 Aug 2016 13:47:05 -0000
Reply-to: Bug 1554152 <1554152@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package pollinate - 4.21-0ubuntu1~14.04

---------------
pollinate (4.21-0ubuntu1~14.04) trusty-proposed; urgency=medium

  [ Dustin Kirkland ]
  * pollinate:
    - fix broken printing of binary data, this was breaking check_pollen
      nagios scripts on the server

  [ Junien Fridrick ]
  * entropy.ubuntu.com.pem:
    - simplify CA cert to just the DigiCert chain (drop GoDaddy)

pollinate (4.20-0ubuntu1) yakkety; urgency=medium

  * debian/control:
    - drop the anerd references, hasn't existed in basically forever
    - update description
    - add dummy | dh-apparmor dependency to get this building on precise,
      where dh-systemd doesn't exist
    - drop run-one dependency, no longer needed
    - make the bsdutils dependency (for logger) explicit, add epoch
  * debian/rules:
    - use systemd, when possible
  * pollinate:
    - fix breakage on older (trusty, precise) Ubuntu, where logger does not
      support --id=[ID]; check version of bsdutils (provides logger) to
      ensure that it's at least ubuntu wily
    - cloud-init version string
  * debian/pollinate.service, debian/pollinate.upstart:
    - improve the init messages logged

pollinate (4.19-0ubuntu1) yakkety; urgency=medium

  [ Martin Pitt ]
  * debian/pollinate.service: Move installation from network.target to
    multi-user.target. network.target is too early and causes dependency loops
    with e. g. NFS. (LP: #1576333)
  * debian/pollinate.preinst: Clean up old enablement symlink on upgrade. This
    needs to be kept until after 18.04 LTS.

pollinate (4.18-0ubuntu1) yakkety; urgency=medium

  * debian/pollinate.service:
    - move to later in boot, after network starts, but before ssh starts

pollinate (4.17-0ubuntu1) yakkety; urgency=medium

  * debian/pollinate.service:
    - use the right flag file for LP: #1578833

pollinate (4.16-0ubuntu1) yakkety; urgency=medium

  [ Martin Pitt ]
  * Don't run pollinate.service in containers (as containers can't and should
    not write the host's random pool) and when we already have a saved random
    seeds (i. e. only on first boot). (LP: #1578833)
  * Bump Standards-Version to 3.9.8 (no changes needed).

  [ Dustin Kirkland ]
  * pollinate: use timeout(1) to limit curl, related to LP: #1578833

pollinate (4.15-0ubuntu1) xenial; urgency=medium

  * pollinate: LP: #1555362
    - log the right pid

pollinate (4.14-0ubuntu1) xenial; urgency=medium

  * pollinate, pollinate.1: LP: #1554152
    - change the failure mode of pollinate, so as to more cleanly
      tolerate network failures
    - add a --strict option to re-enable the previous behavior,
      ie, strictly exit non-zero if pollinate fails for any reason
    - we've always promised that pollinate would operate on a best-effort
      basis, improving the prng seeding when possible, but failing
      gracefully when not possible; as such, we've made good on the first
      half of that promise, however, the latter half has proven
      troublesome;  this is due to the fact that if pollinate exits
      non-zero, then its callers (cloud-init, maas, etc.) may well
      interpret the behavior strictly as a failure to boot the system,
      when in fact that's not the case;  instead, we'll clearly print
      a warning to syslog, and we'll retry the seeding on next pollinate
      service start (e.g. a reboot);  moreover, we'll carry a --strict
      flag in the case that users want to opt into the previous behavior

pollinate (4.13-0ubuntu1) wily; urgency=medium

  [ Robie Basak ]
  * entropy.ubuntu.com.pem:
    - Add "DigiCert Global Root CA" certificate from ca-certificates
      package to entropy.ubuntu.com.pem. This is required to correctly
      verify against the new entropy.ubuntu.com SSL certificate.

pollinate (4.12-0ubuntu1) wily; urgency=medium

  * pollinate:
    - add cpu hardware model to user agent
  * entropy.ubuntu.com.pem:
    - entropy.ubuntu.com SSL is coming up for renewal on 2015-09-15
    - update the certs for the pollinate package
    - Note that this changes the issuing CA to DigiCert, which requires
      a new intermediary.

 -- Dustin Kirkland <kirkland@xxxxxxxxxx>  Mon, 11 Jul 2016 10:52:57
-0500

** Changed in: pollinate (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1554152

Title:
  pollinate fails in many circumstances, cloud-init reports that
  failure, maas reports node failed deployment

Status in cloud-init:
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released
Status in pollinate package in Ubuntu:
  Fix Released
Status in pollinate source package in Trusty:
  Fix Released

Bug description:
  cloud-init runs pollinate via 'cc_seed_random.py' config job.

  Some points
  a.) in addition to seeding via pollinate seed_random will seed the random device with data from the datasource if it is provided (azure and openstack provide a random seed for this purpose)
  b.) we really want seed_random to run before ssh , so that keys are generated with good entropy in place.
  c.) seed_random runs early via 'init_modules' mostly to accomplish 'b'.  Unfortunately, network is not guaranteed at this point if the datasource is a 'local' datasource (such as config drive).
  e.) in many cases pollinate will not have access to https://entropy.ubuntu.com (due to firewall or disconnected)
  f.) in xenial, cloud-init reports events to maas as they occur, and when this module fails, it reports that.
  g.) maas marks nodes as failed deployment when cloud-init reports failure

  End result, if you dont have access to entropy.ubuntu.com, then you
  fail deployment.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: cloud-init 0.7.7~bzr1176-0ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-10.25-generic 4.4.3
  Uname: Linux 4.4.0-10-generic x86_64
  NonfreeKernelModules: ufs qnx4 hfsplus hfs minix ntfs msdos
  ApportVersion: 2.20-0ubuntu3
  Architecture: amd64
  Date: Mon Mar  7 17:30:00 2016
  PackageArchitecture: all
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: cloud-init
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1554152/+subscriptions
References

[Bug 1554152] [NEW] pollinate fails in many circumstances, cloud-init reports that failure, maas reports node failed deployment
From: Scott Moser, 2016-03-07