[Sts-sponsors] [Bug 1915072] Re: [plugin][ovn-central][ovn-host] include logs
This bug was fixed in the package sosreport - 4.0-1ubuntu7 --- sosreport (4.0-1ubuntu7) hirsute; urgency=medium [Edward Hope-Morley] * d/p/0017-ovn-extend-information.patch (LP: #1915072) - Extend ovn informations -- Eric Desrochers Thu, 11 Feb 2021 11:06:31 -0500 ** Changed in: sosreport (Ubuntu Hirsute) Status: In Progress => Fix Released -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1915072 Title: [plugin][ovn-central][ovn-host] include logs Status in sosreport package in Ubuntu: Fix Released Status in sosreport source package in Bionic: New Status in sosreport source package in Focal: New Status in sosreport source package in Groovy: New Status in sosreport source package in Hirsute: Fix Released Bug description: https://github.com/sosreport/sos/pull/2410 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1915072/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : sts-sponsors@lists.launchpad.net Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
[Sts-sponsors] [Bug 1906720] Re: Fix the disable_ssl_certificate_validation option
the python-oslo.vmware failures are almost certainly the same as bug 1912792 -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1906720 Title: Fix the disable_ssl_certificate_validation option Status in python-httplib2 package in Ubuntu: Fix Released Status in python-httplib2 source package in Bionic: Fix Committed Status in python-httplib2 source package in Focal: Fix Released Status in python-httplib2 source package in Groovy: Fix Released Status in python-httplib2 source package in Hirsute: Fix Released Bug description: [Impact] * On Bionic, MAAS CLI fails to work with apis over https with self-signed certificates due to broken disable_ssl_certificate_validation option with python 3.5 and later. [Steps to Reproduce] 1. prepare a maas server (it doesn't have to be HA to reproduce) 2. prepare a set of certificate, key and ca-bundle 3. place a new conf in /etc/nginx/sites-enabled and `sudo systemctl restart nginx` 4. add the ca certificates to the host sudo mkdir /usr/share/ca-certificates/extra sudo cp -v ca-bundle.crt /usr/share/ca-certificates/extra/ dpkg-reconfigure ca-certificates 5. login with a new profile over https url 6. if the certificate is not trusted by the root store, it fails to login 7. adding the '--insecure' flag should disable the certificate check [Where Problems Could Occur] * Potential issues could happen if we disable certificate validation for all TLS interactions, any connection https related. * Should not break existing python3 versions. * Should not affect previously working python2 versions. [Other Info] This change should fix the issue with python3, and you should be able to connect with python2 as before. python2 => python-httplib2_0.9.2+dfsg-1ubuntu0.3_all.deb python3 => python3-httplib2_0.9.2+dfsg-1ubuntu0.3_all.deb *both are build from the same source package helpful urls: https://maas.io/docs/deb/2.8/cli/installation https://maas.io/docs/deb/2.8/cli/configuration-journey https://maas.io/docs/deb/2.8/ui/configuration-journey [Test Case] # create bionic VM/lxc container lxc launch ubuntu:bionic lp1906720 # get source code from repo pull-lp-source python-httplib2 bionic # install maas-cli apt-get install maas-cli # install maas server apt-get install maas # init maas sudo maas init # answer questions # generate self signed cert and key openssl req -newkey rsa:4096 -x509 -sha256 -days 60 -nodes -out localhost.crt -keyout localhost.key # add certs sudo cp -v localhost.crt /usr/share/ca-certificates/extra/ # add new cert to list sudo dpkg-reconfigure ca-certificates [1] # select yes with spacebar # save and it will reload with 1 new certificate # create api key files touch api_key touch api-key-file # remove any packages with this # or this python3-httplib2 apt-cache search python-httplib2 apt-get remove python-httplib2 apt-get remove python3-httplib2 # create 2 admin users sudo maas createadmin testadmin sudo maas createadmin secureadmin # generate maas api keys sudo maas apikey --username=testadmin > api_key sudo maas apikey --username=secureadmin > api-key-file # setup nginx proxy sudo apt update sudo apt install nginx touch /etc/nginx/sites-available/maas-https-default # contents of maas-https-default server { listen 443 ssl http2; server_name _; ssl_certificate /home/ubuntu/localhost.crt; ssl_certificate_key /home/ubuntu/localhost.key; location / { proxy_pass http://localhost:5240; include /etc/nginx/proxy_params; } location /MAAS/ws { proxy_pass http://127.0.0.1:5240/MAAS/ws; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } } sudo service nginx restart # make sure you can login to maas-cli without TLS # by running this script # this is for the non-tls user # this goes into a script called maas-login.sh touch maas-login.sh sudo chmod +rwx maas-login.sh #!/bin/sh PROFILE=testadmin API_KEY_FILE=/home/ubuntu/api_key API_SERVER=127.0.0.1:5240 MAAS_URL=http://$API_SERVER/MAAS maas login $PROFILE $MAAS_URL - < $API_KEY_FILE sudo chmod +rwx https-maas.sh # another script called https-maas.sh # for the tls user #!/bin/sh PROFILE=secureadmin API_KEY_FILE=/home/ubuntu/api-key-file API_SERVER=127.0.0.1 MAAS_URL=https://$API_SERVER/MAAS maas login $PROFILE $MAAS_URL - < $API_KEY_FILE # try to login ./maas-login.sh cd /etc/nginx/sites-enabled sudo touch maas-https-default #example nginx config for maas https server { listen 443 ssl http2; server_name _; ssl_certificate /home/ubuntu/localhost.crt; ssl_certificate_key
[Sts-sponsors] [Bug 1915072] Re: [plugin][ovn-central][ovn-host] include logs
[sts-sponsors][hirsute] Sponsored in active development release: "[ubuntu/hirsute-proposed] sosreport 4.0-1ubuntu7 (Accepted)" As stated in #1, an SRU template will be required to kickoff the SRU. - Eric -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1915072 Title: [plugin][ovn-central][ovn-host] include logs Status in sosreport package in Ubuntu: In Progress Status in sosreport source package in Bionic: New Status in sosreport source package in Focal: New Status in sosreport source package in Groovy: New Status in sosreport source package in Hirsute: In Progress Bug description: https://github.com/sosreport/sos/pull/2410 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sosreport/+bug/1915072/+subscriptions -- Mailing list: https://launchpad.net/~sts-sponsors Post to : sts-sponsors@lists.launchpad.net Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
[Sts-sponsors] [Bug 1906720] Re: Fix the disable_ssl_certificate_validation option
and apport/amd64 played tricks on us, but it does pass now. it passed on bionic-updates, which suggests a regression on bionic-proposed; but another rereun with bionic-proposed now passed.. well. it's good now! :) from [1]: 2.20.9-0ubuntu7.23 python-httplib2/0.9.2+dfsg-1ubuntu0.3 2021-02-10 23:43:24 UTC 0h 12m 27s mfo passlog artifacts 2.20.9-0ubuntu7.23 python-httplib2/0.9.2+dfsg-1ubuntu0.2 2021-02-10 23:01:31 UTC 0h 10m 15s mfo passlog artifacts 2.20.9-0ubuntu7.23 python-httplib2/0.9.2+dfsg-1ubuntu0.3 2021-02-10 13:34:34 UTC 0h 13m 01s mfo faillog artifacts 2.20.9-0ubuntu7.23 python-httplib2/0.9.2+dfsg-1ubuntu0.3 2021-02-09 22:41:05 UTC 0h 11m 19s - faillog artifacts [1] https://autopkgtest.ubuntu.com/packages/apport/bionic/amd64 -- You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1906720 Title: Fix the disable_ssl_certificate_validation option Status in python-httplib2 package in Ubuntu: Fix Released Status in python-httplib2 source package in Bionic: Fix Committed Status in python-httplib2 source package in Focal: Fix Released Status in python-httplib2 source package in Groovy: Fix Released Status in python-httplib2 source package in Hirsute: Fix Released Bug description: [Impact] * On Bionic, MAAS CLI fails to work with apis over https with self-signed certificates due to broken disable_ssl_certificate_validation option with python 3.5 and later. [Steps to Reproduce] 1. prepare a maas server (it doesn't have to be HA to reproduce) 2. prepare a set of certificate, key and ca-bundle 3. place a new conf in /etc/nginx/sites-enabled and `sudo systemctl restart nginx` 4. add the ca certificates to the host sudo mkdir /usr/share/ca-certificates/extra sudo cp -v ca-bundle.crt /usr/share/ca-certificates/extra/ dpkg-reconfigure ca-certificates 5. login with a new profile over https url 6. if the certificate is not trusted by the root store, it fails to login 7. adding the '--insecure' flag should disable the certificate check [Where Problems Could Occur] * Potential issues could happen if we disable certificate validation for all TLS interactions, any connection https related. * Should not break existing python3 versions. * Should not affect previously working python2 versions. [Other Info] This change should fix the issue with python3, and you should be able to connect with python2 as before. python2 => python-httplib2_0.9.2+dfsg-1ubuntu0.3_all.deb python3 => python3-httplib2_0.9.2+dfsg-1ubuntu0.3_all.deb *both are build from the same source package helpful urls: https://maas.io/docs/deb/2.8/cli/installation https://maas.io/docs/deb/2.8/cli/configuration-journey https://maas.io/docs/deb/2.8/ui/configuration-journey [Test Case] # create bionic VM/lxc container lxc launch ubuntu:bionic lp1906720 # get source code from repo pull-lp-source python-httplib2 bionic # install maas-cli apt-get install maas-cli # install maas server apt-get install maas # init maas sudo maas init # answer questions # generate self signed cert and key openssl req -newkey rsa:4096 -x509 -sha256 -days 60 -nodes -out localhost.crt -keyout localhost.key # add certs sudo cp -v localhost.crt /usr/share/ca-certificates/extra/ # add new cert to list sudo dpkg-reconfigure ca-certificates [1] # select yes with spacebar # save and it will reload with 1 new certificate # create api key files touch api_key touch api-key-file # remove any packages with this # or this python3-httplib2 apt-cache search python-httplib2 apt-get remove python-httplib2 apt-get remove python3-httplib2 # create 2 admin users sudo maas createadmin testadmin sudo maas createadmin secureadmin # generate maas api keys sudo maas apikey --username=testadmin > api_key sudo maas apikey --username=secureadmin > api-key-file # setup nginx proxy sudo apt update sudo apt install nginx touch /etc/nginx/sites-available/maas-https-default # contents of maas-https-default server { listen 443 ssl http2; server_name _; ssl_certificate /home/ubuntu/localhost.crt; ssl_certificate_key /home/ubuntu/localhost.key; location / { proxy_pass http://localhost:5240; include /etc/nginx/proxy_params; } location /MAAS/ws { proxy_pass http://127.0.0.1:5240/MAAS/ws; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; } } sudo service nginx restart # make sure you can login to maas-cli without TLS # by running this script # this is for the non-tls user # this goes into a script called maas-login.sh touch