yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #67513
[Bug 1701325] Re: attempt to read dmi data can cause warning and stacktrace in logs in a container.
This bug was fixed in the package cloud-init -
0.7.9-233-ge586fe35-0ubuntu1~16.04.1
---------------
cloud-init (0.7.9-233-ge586fe35-0ubuntu1~16.04.1) xenial-proposed; urgency=medium
* debian/cloud-init.templates: enable Scaleway cloud.
* debian/cloud-init.templates: enable Aliyun cloud.
* drop the following cherry picks, now incorporated in snapshot.
+ debian/patches/cpick-5fb49bac-azure-identify-platform...
+ debian/patches/cpick-003c6678-net-remove-systemd-link...
+ debian/patches/cpick-1cd4323b-azure-remove-accidental...
+ debian/patches/cpick-ebc9ecbc-Azure-Add-network-config...
+ debian/patches/cpick-11121fe4-systemd-make-cloud-final...
* debian/patches/stable-release-no-jsonschema-dep.patch:
add patch to remove optional dependency on jsonschema.
* New upstream snapshot.
- cloudinit.net: add initialize_network_device function and tests
[Chad Smith]
- makefile: fix ci-deps-ubuntu target [Chad Smith]
- tests: adjust locale integration test to parse default locale.
- tests: remove 'yakkety' from releases as it is EOL.
- centos: do not package systemd-fsck drop-in.
- systemd: make systemd-fsck run after cloud-init.service (LP: #1691489)
- tests: Add initial tests for EC2 and improve a docstring.
- locale: Do not re-run locale-gen if provided locale is system default.
- archlinux: fix set hostname usage of write_file. [Joshua Powers]
- sysconfig: support subnet type of 'manual'.
- tools/run-centos: make running with no argument show help.
- Drop rand_str() usage in DNS redirection detection
[Bob Aman] (LP: #1088611)
- sysconfig: use MACADDR on bonds/bridges to configure mac_address
[Ryan Harper]
- net: eni route rendering missed ipv6 default route config
[Ryan Harper] (LP: #1701097)
- sysconfig: enable mtu set per subnet, including ipv6 mtu
[Ryan Harper]
- sysconfig: handle manual type subnets [Ryan Harper]
- sysconfig: fix ipv6 gateway routes [Ryan Harper]
- sysconfig: fix rendering of bond, bridge and vlan types.
[Ryan Harper]
- Templatize systemd unit files for cross distro deltas. [Ryan Harper]
- sysconfig: ipv6 and default gateway fixes. [Ryan Harper]
- net: fix renaming of nics to support mac addresses written in upper
case. (LP: #1705147)
- tests: fixes for issues uncovered when moving to python 3.6.
- sysconfig: include GATEWAY value if set in subnet
[Ryan Harper]
- Scaleway: add datasource with user and vendor data for Scaleway.
[Julien Castets]
- Support comments in content read by load_shell_content.
- cloudinitlocal fail to run during boot [Hongjiang Zhang]
- doc: fix disk setup example table_type options [Sandor Zeestraten]
- tools: Fix exception handling. [Joonas Kylmälä]
- tests: fix usage of mock in GCE test.
- test_gce: Fix invalid mock of platform_reports_gce to return False
[Chad Smith]
- test: fix incorrect keyid for apt repository. [Joshua Powers]
- tests: Update version of pylxd [Joshua Powers]
- write_files: Remove log from helper function signatures.
[Andrew Jorgensen]
- doc: document the cmdline options to NoCloud [Brian Candler]
- read_dmi_data: always return None when inside a container. (LP: #1701325)
- requirements.txt: remove trailing white space.
- Tests: Simplify the check on ssh-import-id [Joshua Powers]
- tests: update ntp tests after sntp added [Joshua Powers]
- FreeBSD: Make freebsd a variant, fix unittests and
tools/build-on-freebsd.
- FreeBSD: fix test failure
- FreeBSD: replace ifdown/ifup with "ifconfig down" and "ifconfig up".
[Hongjiang Zhang]
- FreeBSD: fix cdrom mounting failure if /mnt/cdrom/secure did not exist.
[Hongjiang Zhang]
- main: Don't use templater to format the welcome message
[Andrew Jorgensen]
- docs: Automatically generate module docs form schema if present.
[Chad Smith]
- debian: fix path comment in /etc/hosts template. [Jens Sandmann]
- suse: add hostname and fully qualified domain to template.
[Jens Sandmann]
- write_file(s): Print permissions as octal, not decimal [Andrew Jorgensen]
- ci deps: Add --test-distro to read-dependencies to install all deps
[Chad Smith]
- tools/run-centos: cleanups and move to using read-dependencies
- pkg build ci: Add make ci-deps-<distro> target to install pkgs
[Chad Smith]
- selinux: Allow restorecon to be non-fatal. [Ryan Harper]
- net: Allow netinfo subprocesses to return 0 or 1 due to selinux.
[Ryan Harper]
- net: Allow for NetworkManager configuration [Ryan McCabe]
- Use distro release version to determine if we use systemd in redhat spec
[Ryan Harper]
- net: normalize data in network_state object
- Integration Testing: tox env, pyxld 2.2.3, and revamp framework
[Wesley Wiedenmeier]
- Chef: Update omnibus url to chef.io, minor doc changes. [JJ Asghar]
- tools: add centos scripts to build and test [Joshua Powers]
- Drop cheetah python module as it is not needed by trunk [Ryan Harper]
- rhel/centos spec cleanups.
- cloud.cfg: move to a template. setup.py changes along the way.
- Makefile: add deb-src and srpm targets. use PYVER more places.
- makefile: fix python 2/3 detection in the Makefile [Chad Smith]
- snap: Removing snapcraft plug line [Joshua Powers]
- RHEL/CentOS: Fix default routes for IPv4/IPv6 configuration.
[Andreas Karis]
- test: Fix pyflakes complaint of unused import. [Joshua Powers]
- NoCloud: support seed of nocloud from smbios information
[Vladimir Pouzanov] (LP: #1691772)
- net: when selecting a network device, use natural sort order
[Marc-Aurèle Brothier]
- fix typos and remove whitespace in various docs [Stephan Telling]
- systemd: Fix typo in comment in cloud-init.target. [Chen-Han Hsiao]
- Tests: Skip jsonschema related unit tests when dependency is absent.
[Chad Smith]
- tools/net-convert.py: support old cloudinit versions by using kwargs.
- ntp: Add schema definition and passive schema validation.
[Chad Smith] (LP: #1692916)
- Fix eni rendering for bridge params that require repeated key for
values. [Ryan Harper] (LP: #1706752)
- AliYun: Enable platform identification and enable by default.
[Junjie Wang] (LP: #1638931)
-- Scott Moser <smoser@xxxxxxxxxx> Mon, 31 Jul 2017 16:36:16 -0400
** Changed in: cloud-init (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1701325
Title:
attempt to read dmi data can cause warning and stacktrace in logs in a
container.
Status in cloud-init:
Fix Committed
Status in cloud-init package in Ubuntu:
Fix Released
Status in cloud-init source package in Xenial:
Fix Released
Status in cloud-init source package in Zesty:
Fix Released
Bug description:
=== Begin SRU Template ===
[Impact]
lxc containers would show warnings in /var/log/cloud-init.log.
This was because attempts were made to read dmi information from
inside the (unpriviledged) container. Such attempts to read
dmi data like /sys/class/dmi/id/product_serial would then result
in an attempt to run dmidecode which would also fail.
[Test Case]
To test this, simply
a.) create an lxd instance from a image with -proposed version of cloud-init
$ release=xenial
$ ref=$release-1701325
$ lxc-proposed-snapshot --proposed --publish $release $ref
$ lxc launch $ref $name
b.) lxc exec $name -- grep WARN /var/log/cloud-init.log
[Regression Potential]
A regression caused by this change is possible on some system where
systemd identified the system as a container but the container platform provided
simulated/virtualized dmi information in /sys/class/dmi/id.
The check for for container is done with:
systemd-detect-virt --quite --container
[Other Info]
Upstream commit at
https://git.launchpad.net/cloud-init/commit/?id=4d9f24f5c3
This was actually a regression of the upstream fix for bug 1691772.
That never entered a stable Ubuntu release. The testing here is
actually a test against regression.
The upstream commit for that change is at
https://git.launchpad.net/cloud-init/commit/?id=802e7cb2da
lxc-proposed-snapshot is
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/tree/bin/lxc-proposed-snapshot
It publishes an image to lxd with proposed enabled and cloud-init upgraded.
=== End SRU Template ===
I launched an instance of artful.
Looked in /var/log/cloud-init.log and saw:
2017-06-29 16:00:15,222 - util.py[DEBUG]: Reading from /sys/class/dmi/id/product_serial (quiet=False)
2017-06-29 16:00:15,222 - util.py[WARNING]: failed read of /sys/class/dmi/id/product_serial
2017-06-29 16:00:15,223 - util.py[DEBUG]: failed read of /sys/class/dmi/id/product_serial
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 2359, in _read_dmi_syspath
key_data = load_file(dmi_key_path, decode=False)
File "/usr/lib/python3/dist-packages/cloudinit/util.py", line 1283, in load_file
with open(fname, 'rb') as ifh:
PermissionError: [Errno 13] Permission denied: '/sys/class/dmi/id/product_serial'
2017-06-29 16:00:15,225 - util.py[DEBUG]: Running command ['/usr/sbin/dmidecode', '--string', 'system-serial-number'] with allowed return codes [0] (shell=False, capture=True)
2017-06-29 16:00:15,228 - util.py[DEBUG]: failed dmidecode cmd: ['/usr/sbin/dmidecode', '--string', 'system-serial-number']
Unexpected error while running command.
Command: ['/usr/sbin/dmidecode', '--string', 'system-serial-number']
Exit code: 1
Reason: -
Stdout: -
Stderr: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
/dev/mem: No such file or directory
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: cloud-init 0.7.9-197-gebc9ecbc-0ubuntu1
ProcVersionSignature: Ubuntu 4.10.0-22.24-generic 4.10.15
Uname: Linux 4.10.0-22-generic x86_64
ApportVersion: 2.20.5-0ubuntu5
Architecture: amd64
Date: Thu Jun 29 16:47:51 2017
PackageArchitecture: all
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
LANG=C.UTF-8
SourcePackage: cloud-init
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1701325/+subscriptions
References
