Re: [Bug 574665] Re: kvm + virtio disk corrupts large volumes (1TB).
Unfortunately, I no longer have that particular configuration available for testing. (It's now in production, and I can no longer risk destroying the data on the disks.) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. https://bugs.launchpad.net/bugs/574665 Title: kvm + virtio disk corrupts large volumes (1TB). -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573171] Re: vmbuilder sometimes ignores --raw option
I didn't see a debug log appear; is there something special I need to do to get it? Are you unable to duplicate this bug? What options are you using that are different from mine? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in ubuntu. https://bugs.launchpad.net/bugs/573171 Title: vmbuilder sometimes ignores --raw option -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 574665] Re: kvm + virtio disk corrupts large volumes (1TB).
On 2010-06-24 22:24 - (Thu), Steven Wagner wrote: As mentioned in comment #3, could this be related to a specific SATA chipset?...Ive noticed no difference for if the guest is using virtio or ide mode. For me the guests work fine in IDE mode; it's only virtio that has a problem. So, in a word, no. -- kvm + virtio disk corrupts large volumes (1TB). https://bugs.launchpad.net/bugs/574665 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 574665] Re: kvm + virtio disk corrupts large volumes (1TB).
masc, the bug you pointed out appears to be when using a particular hardware SATA chipset; KVM isn't mentioned anywhere there. Are you saying that this happens with KVM guests when running on hosts without this problem? Using dd, I wrote new 60GB file (writing zeros) on a guest using the KVM IDE emulation, and saw no errors on either guest or host. -- kvm + virtio disk corrupts large volumes (1TB). https://bugs.launchpad.net/bugs/574665 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 574665] [NEW] kvm + virtio disk corrupts large volumes (1TB).
Public bug reported: Binary package hint: qemu-kvm See this bug: http://sourceforge.net/tracker/index.php?func=detailaid=2933400group_id=180599atid=893831 I have confirmed that this happens with 10.04 host and guest. Giving kvm a logical virtio volume of 1024 GB works; a logical volume of 1048 GB fails to install and produces disk errors on the guest (but not on the host). Changing the kvm configuration to use an IDE volume instead works fine even with a 1.7TB volume. Note that, because this can introduce disk corruption, this *really* needs to go into the release notes. ** Affects: qemu-kvm (Ubuntu) Importance: Undecided Status: New ** Tags: kvm virtio -- kvm + virtio disk corrupts large volumes (1TB). https://bugs.launchpad.net/bugs/574665 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573171] [NEW] vmbuilder sometimes ignores --raw option
Public bug reported: Using the following command: {{{ vmbuilder kvm ubuntu -v --debug \ --overwrite \ --raw=/dev/mapper/xxx --part=priv.partition \ --user=xxx --name=xxx --uid=1234 --gid=1234 \ --pass=xxx --ssh-user-key=/home/xxx/.ssh/authorized_keys \ --arch=amd64 --suite=lucid --flavour=virtual \ --mirror=http://192.168.1.1:/ubuntu/ \ --timezone=Asia/Tokyo \ --cpus=1 --mem=512 \ --hostname=xxx.example.com \ --bridge=br2 \ --ip=123.123.123.123. --mask=255.255.255.128 \ --gw=123.123.123.122 --dns=123.123.123.122 \ --libvirt=qemu:///system \ --addpkg=acpid --addpkg=openssh-server \ --addpkg=git-core --addpkg=etckeeper \ }}} vmbuilder will ignore the --raw option and instead create a new ubuntu-kvm/tmpt5wDhN.qcow2 or similar file under the current directory. Removoing the --part option makes it use /dev/mapper/xxx, but it of course creates just a 5 MB root partition there. Also, the --rootsize and --swapsize options appear to have no effect. Furthermore, the raw option appears to be ignored in the config file, at least when in the [DEFAULT] section. It's not clear for any of the options if there's a particular section in which they need to be placed in order to be used. I could go on, but I suggest you rewrite the options code to a) use all the options given, however, specified, and b) for the sake of debugging, print out very early on in the process exactly what it's going to do so one doesn't have to wait for a full system build to find out that it's ignoring options you specified. This was all run under 10.04 amd64, by the way. ** Affects: vm-builder (Ubuntu) Importance: Undecided Status: New -- vmbuilder sometimes ignores --raw option https://bugs.launchpad.net/bugs/573171 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 573171] Re: vmbuilder sometimes ignores --raw option
Actually, come to think of it, I would be perfectly happy if you'd change vmbuilder to take no command line options whatsoever, except perhaps to turn on debug output, and just take a config file with the myriad details necessary for setting up a new VM. -- vmbuilder sometimes ignores --raw option https://bugs.launchpad.net/bugs/573171 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to vm-builder in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242956] Re: Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
I'm glad to hear you had good success with this with OpenBSD. It's also been working on NetBSD for many, many years now. -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242956] Re: Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
As related in the original ticket description, all this stuff is working fine under NetBSD; the issue is not with the data, but with Ubuntu. In particular, there's certainly an issue with Ubuntu glibc that will simply not allow it to check the AD bit. While we only reported this recently, I'm wondering if this bug has languished for years in glibc because nobody understands what the AD bit is used for. Let me give you one example of the current situation: 1. Try to ssh to foo.cynic.net, with authentication forwarding. 2. OpenSSH looks up the IP address in DNS, but this has been intercepted by the attacker. 3. The resolver cannot authenticate so we carry on. 4. Look up the SSHFP record in DNS, which may also have been intercepted by the attacker. 5. The resolver cannot authenticate this, so OpenSSH (correctly) refuses to use it. 6. User gets an, Unknown host, fingerprint is blah blah message. At this point, it goes one of two different ways. 7. User foolishly says, it's ok, continue, and connects to hostile system. 8. Hostile system uses user's SSH authentication channel to log in to and subvert other systems to which the user has access. 9. User a few seconds later, realizes he's on some weird system and logs out, but the damage is done. Or, if the user is a bit smarter: 7. User says, no don't connect to an untrusted host. 8. User tries to find some out-of-band way to figure out the fingerprint of the host he really wants to connect to. 9. User then realizes that he's under attack. We get around this by manually generating and copying around (to /etc/ssh/ssh_known_hosts) a file of public keys for our systems. This costs us time and money. -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242956] Re: Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
Note also that the definition of RES_USE_DNSSEC (defined to be 0x0020) must be added to /usr/include/resolv.h in order for OpenSSH's openbsd-compat/getrrsetbyname.c to be able to set that bit when edns0 is set. -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 242956] Re: Bind9 (8.04) not returning 'ad' flag when dnssec is enabled
It gets worse; I tried the above, and getrrsetbyname still doesn't get back a record with the AD bit set. (I verified that RES_USE_DNSSEC was set in the options passed to res_query.) Is the resolver broken? -- Bind9 (8.04) not returning 'ad' flag when dnssec is enabled https://bugs.launchpad.net/bugs/242956 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs