[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
Marking bugs as invalid as this codebase is no longer under MIR ** Changed in: juju (Ubuntu) Status: In Progress = Invalid ** Changed in: txaws (Ubuntu) Status: Fix Committed = Invalid ** Changed in: txzookeeper (Ubuntu) Status: Fix Committed = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
I am going to mark this back to 'In Progress'. The server team decided not to pursue juju for main inclusion in 12.04 so I am removing the conditional ACK until the bugs I outlined are fixed. ** Changed in: juju (Ubuntu) Status: Fix Committed = In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
= Review = Juju is a very flexible system for deploying services based on industry best practices and expertise. It is very capable and can deploy services to multiple providers. As such, though my review took quite a bit of time, it should still be considered a shallow audit. Understanding this, here is my security review: juju has support for different providers which are simply the types of cloud frameworks it can use. For example, there is an EC2 provider (which also works with OpenStack) and a Local (LXC) provider. More providers are expected. The providers are configured via ~/.juju/environments.yaml on the admin system. juju abstracts out the specifics of working with a provider one environments.yaml is correctly configured. juju admin host stores sensitive information in ~/.juju/environments.yaml. It does not enforce safe permissions currently (LP: #956009). juju's architecture is such that an admin runs juju commands on her system and they are delivered to a bootstrapping node. The bootstrapping node runs a zookeeper database and has the ability to start and stop units (nodes) and deliver setup code (charms) to the nodes. The nodes execute the charms code as root. In addition to setup code, charms provide other hooks like 'start' and 'stop' which are executed when the service unit is stopped or started. All the hooks run with root permissions. All the nodes share the same database, but there is only one zookeeper leader so nodes should not be able to be elected as a zookeeper leader (see server.* in /etc/zookeeper/conf/zoo.cfg). All nodes currently are able to read and write to the zookeeper database. With the Local provider, zookeeper is started as the user invoking juju (uses a high non-default port), not in a separate bootstrapping node. In all ways I could see, the admin's system is effectively the bootstrapping node with the Local provider. In terms of network connectivity, juju allows ssh access to all nodes. When the admin deploys a node via a charm, the node's new service is still not available over the network (but is to other nodes in the environment). Only when the service is 'exposed' does the application become available over the network. For example, if an admin deploys mysql and wordpress services, wordpress is only available to the world after the admin uses 'juju expose wordpress'. This is a good design as it allows the admin to verify the configuration, perform updates, etc before it is exposed to the world. Also, in this example, mysql is correctly not exposed to the world. This is all accomplished via security groups in EC2/OpenStack. In the current version of juju, network access is not a problem with the Local provider because zookeeper and the services are all on the libvirt NAT network and not exposed to the world directly. Expose/unexpose doesn't seem to have any meaning with the Local provider as no firewall rules are added via iptables and the service is not accessible from other hosts (besides the admin machine). There are many problems surrounding zookeeper access. Anyone who can connect zookeeper (ie, all nodes) can see and modify anything in the database. Note that this does not require subverting the juju agent-- all that is required is a network connection to the zookeeper server and standard tools. Some information appears to be rewritten each time (eg, /environments). While juju uses security groups for network access (thus limiting who can connect to it) for EC2/OpenStack, it would be best if this was explicit in the nodes firewall configuration (which is a requirement for Maas anyway). For example, these ports on the bootstrapping node are visible to other nodes in the environment: 2181/tcp open unknown 38830/tcp open unknown 2181 is for followers to connect to the leader and 38830 is presumably for leader election. juju uses ssh for communications with the nodes. The specified ssh key on the admin machine is copied to authorized_keys in the 'ubuntu' account on all nodes. The 'ubuntu' account has an entry in /etc/sudoers.d/90-cloudimg-ubuntu which allows full root access without a password. This mirrors Ubuntu's EC2 implementation and is acceptable. As mentioned, charm code is executed as root. Security-conscious users will need to verify all charms before deployment. Deploying charms from unknown sources is the equivalent of running executables or installing packages from unknown sources and should be avoided. The juju design of deploying hooks from the admin's machine (as opposed to pulling charms onto the bootstrap node) is good because it allows the admin to verify all charm code and track changes locally. That said, charms are cached onto the bootstrapping node when a charm is deployed. Various upgrade scenarios are documented as not being implemented yet (service upgrades-- https://juju.ubuntu.com/docs/upgrades.html). Charms provide an upgrade hook as well and work is ongoing to improve charm upgrades. While unattended-upgrades is
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
FYI, review is mostly complete. Discussing some things with the server team before posting here. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
txaws looks good. Thanks! Please feel free to seed. ** Changed in: txaws (Ubuntu) Status: In Progress = Fix Committed ** Changed in: txaws (Ubuntu) Assignee: Jamie Strandboge (jdstrand) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
txaws man pages are generated from help2man now, so its at least more discoverable. I also added indicator support to aws-status, a basic manpage, and a desktop file. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
These fixes, btw, are awaiting release team approval given beta freeze ** Changed in: txaws (Ubuntu) Assignee: Clint Byrum (clint-fewbar) = Jamie Strandboge (jdstrand) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
I just noticed that 'juju bootstrap' dies with: $ juju bootstrap 2012-03-14 08:54:00,190 INFO Bootstrapping environment 'local' (type: local)... 2012-03-14 08:54:00,191 INFO Checking for required packages... Missing packages apt-cacher-ng 2012-03-14 08:54:01,387 ERROR Missing packages apt-cacher-ng This dependency is not declared in the packaging though. Also, it seems odd that this is required. Perhaps making it a Suggests and then having juju have a configurable mirror would be good (I know personally I would rather point juju at a mirror than magic with apt-cacher-ng). Some environments may have squid installed also. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
apt-cacher-ng is already a Suggests of juju. Its only necessary for use in the local provider, and the error message is graceful enough that I'm comfortable with it as-is (notice that the other local-only requirements are recommends.. I dropped apt-cacher-ng to Suggests because it is not in main). Agreed that being strict about only using apt-cacher-ng is not the best plan. bug #897645 is open upstream for a more flexible way to specify the proxy to use. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
txzookeeper review: * no CVE history * no sudo fragments, dbus services, setuid binaries, initscripts or daemons * lintian clean * has test suite, but not run (LP: #912508). Wrote QRT script for this for now * code is very clean with more that 3x more test code than library code. I like that. :) * build depends are all in main * while the package is only in Ubuntu, it is supported by the server team and with upstream employed by Canonical With the above review, txzookeeper looks good for main. ** Changed in: txzookeeper (Ubuntu) Status: New = Fix Committed ** Changed in: txzookeeper (Ubuntu) Assignee: Jamie Strandboge (jdstrand) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
txaws review: * no CVE history * no sudo fragments, privileged operations, dbus services, setuid binaries, initscripts or daemons * has a test suite and it is run in the build and will fail the build on error * build logs are clean * lots of binaries without man pages * build depends are all in main * while the package is only in Ubuntu, it is supported by the server team and with upstream employed by Canonical * aws-status: uses gnome-keyring, which is fine, but this doesn't work with Unity (gtk.StatusIcon needs to move to app indicators). There is no documentation. Should be fixed and documented or dropped. Could alternatively leave binary in universe, but it is unusable atm so I'm not sure of the benefit there. Conditional ACK provided the following is fixed: * binaries have worthwhile man pages (--help is useful, but aws-status doesn't have it and at least txaws-discover is out of date) * aws-status be fixed and documented or dropped. Optionally put this binary in universe. ** Changed in: txaws (Ubuntu) Status: New = Fix Committed ** Changed in: txaws (Ubuntu) Assignee: Jamie Strandboge (jdstrand) = (unassigned) ** Changed in: txaws (Ubuntu) Status: Fix Committed = In Progress ** Changed in: txaws (Ubuntu) Assignee: (unassigned) = Clint Byrum (clint-fewbar) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 912861] Re: [MIR] juju, txaws, txzookeeper
** Changed in: juju (Ubuntu) Importance: Undecided = High ** Changed in: txaws (Ubuntu) Importance: Undecided = High ** Changed in: txzookeeper (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to txaws in Ubuntu. https://bugs.launchpad.net/bugs/912861 Title: [MIR] juju, txaws, txzookeeper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/juju/+bug/912861/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs