Package: release.debian.org Severity: normal Tags: stretch User: [email protected] Usertags: pu
Hi, I'd like to push for an update of Nova, to fix the nova-placement-api package. Indeed, /usr/bin/nova-placement-api is *not* a Daemon, but a WSGI application, that can work for example with libapache-mod-wsgi or others. As a consequence, the init script for the start of nova-placement-api simply doesn't work. So I'd like to make use of uwsgi, which is a very good way to run WSGI applications. I've added a runtime depends on uwsgi, and modified the startup script to use that. As I've used uwsgi in other daemons, the modification is just 2 lines in the init template system of openstack-pkg-tools, as per the attached debdiff. This update, I'd like to push it in the soon comming security update for Nova, through a security upload fixing CVE-2017-16239 / #882009. This update is currently on hold, because the upstream patch adds a DoS hole. Though the security team (ie: Sebastien Delafond) advised me wisely to start the discussion with the release team about this new dependency for nova-placement-api. So, does the SRM agree to the attached change? (note: I've stripped out the CVE fix from it) Cheers, Thomas Goirand (zigo)
diff -Nru nova-14.0.0/debian/changelog nova-14.0.0/debian/changelog --- nova-14.0.0/debian/changelog 2017-04-02 10:52:50.000000000 +0000 +++ nova-14.0.0/debian/changelog 2017-11-17 15:41:15.000000000 +0000 @@ -1,3 +1,13 @@ +nova (2:14.0.0-4+deb9u1) stretch-security; urgency=medium + + * Fixed nova-placement-api init to use uwsgi. The old init file was simply + not working at all. + + -- Thomas Goirand <[email protected]> Fri, 17 Nov 2017 15:41:15 +0000 + nova (2:14.0.0-4) unstable; urgency=medium [ David Rabel ] diff -Nru nova-14.0.0/debian/control nova-14.0.0/debian/control --- nova-14.0.0/debian/control 2017-04-02 10:52:50.000000000 +0000 +++ nova-14.0.0/debian/control 2017-11-17 15:41:15.000000000 +0000 @@ -653,6 +653,7 @@ Architecture: all Depends: debconf, nova-common (= ${binary:Version}), + uwsgi-plugin-python, ${misc:Depends}, ${ostack-lsb-base}, ${python:Depends}, diff -Nru nova-14.0.0/debian/nova-placement-api.init.in nova-14.0.0/debian/nova-placement-api.init.in --- nova-14.0.0/debian/nova-placement-api.init.in 2017-04-02 10:52:50.000000000 +0000 +++ nova-14.0.0/debian/nova-placement-api.init.in 2017-11-17 15:41:15.000000000 +0000 @@ -14,3 +14,5 @@ DESC="OpenStack Compute Placement API" PROJECT_NAME=nova NAME=${PROJECT_NAME}-placement-api +DAEMON=/usr/bin/uwsgi_python +DAEMON_ARGS="--master --die-on-term --logto /var/log/nova/nova-placement-api.log --http-socket :8778 --wsgi-file /usr/bin/nova-placement-api"
