[Bug 1379567] Re: maas-proxy is an open proxy with no ACLs; it should add networks automatically
I'm disappointed that maas being an open proxy isn't mentioned anywhere in the documentation, that I could find. It should be mentioned in big bold red letters, maybe blink or marquee. The, "not designed to be run on the internet" is fine, but it should be well documented and so should the reason why. Many corporate networks are just as sensitive to internal security issues as they are to exposing public internet. Having an open proxy in their private network may harm their intranet security design. We (team yellow) are running maas on an host on the internet. I customized the squid config that maas-proxy uses to prevent it from proxying for internet source request. I suspect that the next maas update will replace those changes, so I also added iptables rules to block traffic to those ports from the internet. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to maas in Ubuntu. https://bugs.launchpad.net/bugs/1379567 Title: maas-proxy is an open proxy with no ACLs; it should add networks automatically To manage notifications about this bug go to: https://bugs.launchpad.net/maas/+bug/1379567/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1551784] [NEW] the created /etc/ssl/certs/ssl-cert-snakeoil.pem cert is not able to sign itself according to X509v3 Basic Constraints
Public bug reported: The generated cert has incorrect X509v3 Basic Constraints: CA: FALSE. This prevents certificate validation even when the certificate has been added to another systems trusted CA. ** Affects: ssl-cert (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ssl-cert in Ubuntu. https://bugs.launchpad.net/bugs/1551784 Title: the created /etc/ssl/certs/ssl-cert-snakeoil.pem cert is not able to sign itself according to X509v3 Basic Constraints To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ssl-cert/+bug/1551784/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1456422] [NEW] limit nofile 64000 64000 or similar in an upstart job fails in a user lxc
Public bug reported: You can reproduce this by running an unprivileged lxc and attempting to install mongodb $ lxc-create -n crisp-Hadley -t ubuntu-cloud -- -r trusty -S ~/.ssh/id_rsa-canonical.pub $ lxc-start -n crisp-Hadley $ lxc-attach -n crisp-Hadley # apt-get install mongodb Setting up mongodb-server (1:2.4.9-1ubuntu2) ... start: Job failed to start invoke-rc.d: initscript mongodb, action "start" failed. dpkg: error processing package mongodb-server (--configure): subprocess installed post-installation script returned error exit status 1 Errors were encountered while processing: mongodb-server E: Sub-process /usr/bin/dpkg returned an error code (1) dpkg will fail because the postinst fails because the upstart job fails because the rlimit call fails. ** Affects: lxc Importance: Undecided Status: New ** Affects: upstart Importance: Undecided Status: New ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New ** Also affects: upstart Importance: Undecided Status: New ** Also affects: mongodb (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mongodb in Ubuntu. https://bugs.launchpad.net/bugs/1456422 Title: limit nofile 64000 64000 or similar in an upstart job fails in a user lxc To manage notifications about this bug go to: https://bugs.launchpad.net/lxc/+bug/1456422/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1417229] Re: in the LXC host mongodb server will not start if mongodb is already running in an LXC guest
** Branch linked: lp:~evarlast/ubuntu/trusty/mongodb/upstart-workaround- debian-bug-718702 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mongodb in Ubuntu. https://bugs.launchpad.net/bugs/1417229 Title: in the LXC host mongodb server will not start if mongodb is already running in an LXC guest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1417229/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1417229] Re: in the LXC host mongodb server will not start if mongodb is already running in an LXC guest
** Branch linked: lp:~evarlast/ubuntu/utopic/mongodb/upstart-workaround- debian-bug-718702 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mongodb in Ubuntu. https://bugs.launchpad.net/bugs/1417229 Title: in the LXC host mongodb server will not start if mongodb is already running in an LXC guest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1417229/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1417229] [NEW] in the LXC host mongodb server will not start if mongodb is already running in an LXC guest
Public bug reported: This is a specific instance of this bug. https://bugs.debian.org/cgi- bin/bugreport.cgi?bug=718702 ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mongodb in Ubuntu. https://bugs.launchpad.net/bugs/1417229 Title: in the LXC host mongodb server will not start if mongodb is already running in an LXC guest To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1417229/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1309678] Re: a value is required for the control bucket field
Nevermind the above SSL error message. I had python-websocket installed from juju-stable ppa. Testing without ppa package and with trusty and trusty-proposed packages works. $ juju-quickstart juju quickstart v1.3.1 bootstrapping the jrwren-aws environment (type: ec2) reusing the already bootstrapped jrwren-aws environment retrieving the environment status retrieving the Juju API address connecting to wss://ec2-54-208-132-174.compute-1.amazonaws.com:17070 bootstrap node series: trusty charm URL: cs:trusty/juju-gui-7 requesting juju-gui deployment juju-gui deployment request accepted exposing service juju-gui requesting new unit deployment juju-gui/0 deployment request accepted juju-gui/0 placed on ec2-54-208-132-174.compute-1.amazonaws.com juju-gui/0 deployment is pending machine 0 is started juju-gui/0 is installed juju-gui/0 is ready on machine 0 Juju GUI URL: https://ec2-54-208-132-174.compute-1.amazonaws.com password: *** connecting to the Juju GUI server done! Run "juju quickstart -e jrwren-aws" again if you want to reopen and log in to the GUI browser later. Run "juju quickstart -i" if you want to manage or bootstrap your Juju environments using the interactive session. Run "juju destroy-environment jrwren-aws [-y]" to destroy the environment you just bootstrapped. tagging verifiation-done ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-quickstart in Ubuntu. https://bugs.launchpad.net/bugs/1309678 Title: a value is required for the control bucket field To manage notifications about this bug go to: https://bugs.launchpad.net/juju-quickstart/+bug/1309678/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1309678] Re: a value is required for the control bucket field
I cannot reproduce using local. It would have been worth noting that this only effects openstack and ec2 providers. Using the versions from trusty-proposed juju=1.18.4+dfsg-0ubuntu0.14.04.1 juju-quickstart=1.3.1-0ubuntu1.1 I can't verify because of SSL certificate validation errors. juju bootstrap works and then juju-quickstart fails: $ juju-quickstart juju quickstart v1.3.1 bootstrapping the jrwren-aws environment (type: ec2) reusing the already bootstrapped jrwren-aws environment retrieving the environment status retrieving the Juju API address connecting to wss://ec2-54-208-132-174.compute-1.amazonaws.com:17070 12:31:37 WARNING app@connect:300 Retrying: unable to connect to the Juju API server on wss://ec2-54-208-132-174.compute-1.amazonaws.com:17070: [Errno 1] _ssl.c:510: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed It retries a number of time before giving up. Is this a new bug? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-quickstart in Ubuntu. https://bugs.launchpad.net/bugs/1309678 Title: a value is required for the control bucket field To manage notifications about this bug go to: https://bugs.launchpad.net/juju-quickstart/+bug/1309678/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1306537] Re: LXC local provider fails to provision precise instances from a trusty host
Forced use of precise with: juju-quickstart --gui-charm-url cs:~juju-gui/precise/juju-gui-169 Everything worked. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-quickstart in Ubuntu. https://bugs.launchpad.net/bugs/1306537 Title: LXC local provider fails to provision precise instances from a trusty host To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1306537/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1306537] Re: LXC local provider fails to provision precise instances from a trusty host
Tested with juju-quickstart 1.3.1-0ubuntu1.1 (from proposed) # juju version 1.18.4-trusty-amd64 quickstart defaults to default-series trusty, this works. Tested a second time with default-series precise, this also works, but deploys on trusty. I do not know how to test this, can someone give more specific instructions on how to force precise ? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to juju-quickstart in Ubuntu. https://bugs.launchpad.net/bugs/1306537 Title: LXC local provider fails to provision precise instances from a trusty host To manage notifications about this bug go to: https://bugs.launchpad.net/juju-core/+bug/1306537/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 887410] Re: plymouth ask-for-passphrase
Clint, I expect a prompt to be displayed to stdout and prompt for input on stdin. What actually happens is that I start apache via ssh and the prompt is displayed via plymouth on the server's console which I rarely see. It would be nice if the check was not just "if plymouth is running and available" but instead "if plymouth is running and available and the request was from a tty on which plymouth can prompt a request". Or maybe even just "and we are not on a pseudo terminal" Here is my patch for ask-for-password in /usr/share/apache2 @@ -23,7 +23,7 @@ prompt="Apache needs to decrypt your SSL Keys for $sitename ($keytype) Please enter passphrase:" -if [ -x /bin/plymouth ] && plymouth --ping ; then +if [ -x /bin/plymouth ] && plymouth --ping && ! `tty |grep pty`; then echo $prompt | logger exec plymouth ask-for-password --prompt="$prompt" else -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to apache2 in Ubuntu. https://bugs.launchpad.net/bugs/887410 Title: plymouth ask-for-passphrase To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/887410/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 749620] Re: ssh-keygen -h or ssh-keygen --help does not show help
Agreed, I doubt upstream will fix it. I can't mark this as Won't Fix. Maybe I should mark it as Invalid or Opinion? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/749620 Title: ssh-keygen -h or ssh-keygen --help does not show help -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 749620] [NEW] ssh-keygen -h or ssh-keygen --help does not show help
Public bug reported: I think the subject describes it all. I realize this should probably be a patch sent to openssh themselves. I'm tracking here for ubuntu usability. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/749620 Title: ssh-keygen -h or ssh-keygen --help does not show help -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs