[Group.of.nepali.translators] [Bug 1880959] Re: Rules from the policy directory files are not reapplied after changes to the primary policy file

[OpenStack Infra]

Reviewed:  https://review.opendev.org/731218
Committed: 
https://git.openstack.org/cgit/openstack/oslo.policy/commit/?id=75677a31108243e0adddc89f1fbf669053f9573b
Submitter: Zuul
Branch:master

commit 75677a31108243e0adddc89f1fbf669053f9573b
Author: Dmitrii Shcherbakov 
Date:   Wed May 27 17:06:25 2020 +0300

Reload files in policy_dirs on primary file change

It was determined that rules from policy files located in the directory
specified in the policy_dirs option (/etc//policy.d by
default) are not re-applied after the rules from the primary policy file
is re-applied due to a change.

This change introduces additional behavior to make sure the rules from
policy_dirs are reapplied if there is a change to the primary policy
file.

Change-Id: I8a6f8e971d881365c41ea409966723319d5b239a
Closes-Bug: #1880959
Related-Bug: #1880847


** Changed in: oslo.policy
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1880959

Title:
  Rules from the policy directory files are not reapplied after changes
  to the primary policy file

Status in Ubuntu Cloud Archive:
  Triaged
Status in Ubuntu Cloud Archive mitaka series:
  Triaged
Status in Ubuntu Cloud Archive queens series:
  Triaged
Status in Ubuntu Cloud Archive rocky series:
  Triaged
Status in Ubuntu Cloud Archive stein series:
  Triaged
Status in Ubuntu Cloud Archive train series:
  Triaged
Status in Ubuntu Cloud Archive ussuri series:
  Triaged
Status in oslo.policy:
  Fix Released
Status in python-oslo.policy package in Ubuntu:
  Triaged
Status in python-oslo.policy source package in Xenial:
  Triaged
Status in python-oslo.policy source package in Bionic:
  Triaged
Status in python-oslo.policy source package in Eoan:
  Triaged
Status in python-oslo.policy source package in Groovy:
  Triaged

Bug description:
  [Impact]
  Based on the investigation here 
https://bugs.launchpad.net/charm-keystone/+bug/1880847 it was determined that 
rules from policy files located in the directory specified in the policy_dirs 
option (/etc//policy.d by default) are not re-applied after the 
rules from the primary policy file is re-applied due to a change.

  This leads to scenarios where incorrect rule combinations are active.

  Example from the test case in 1880847:

  * policy.json gets read with the following rule;
  "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml from policy.d is read with the following rule;
  {'identity:list_credentials': '!'}
  * policy.json's mtime gets updated (with or without a content change) and 
overrides the rule to be
  "identity:list_credentials": "rule:admin_required or user_id:%(user_id)s",
  * rule.yaml doesn't get reapplied since it hasn't changed.

  [Test Case]
  For a particular version of oslo.policy:

  * put the attached test (https://bugs.launchpad.net/ubuntu/+source
  /python-
  oslo.policy/+bug/1880959/+attachment/5377753/+files/test_1880959.py)
  under oslo_policy/tests/test_1880959.py;

  * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest;
  * observe the failure;
  # ...
  testtools.matchers._impl.MismatchError: 'role:fakeA' != 'rule:admin'
  Ran 1 tests in 0.005s (+0.001s)
  FAILED (id=1, failures=1)

  * apply the patch;
  * run tox -e cover -- oslo_policy.tests.test_1880959.EnforcerTest
  * observe that the failure is no longer there.

  
  [Regression Potential]
  The regression potential is low given that there is test coverage in the 
olso.policy unit tests.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1880959/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1813007] Re: Unable to install new flows on compute nodes when having broken security group rules

[OpenStack Infra]

Reviewed:  https://review.openstack.org/640252
Committed: 
https://git.openstack.org/cgit/openstack/neutron/commit/?id=18c578aa10c19a6befdf1f1510645200f173eb44
Submitter: Zuul
Branch:master

commit 18c578aa10c19a6befdf1f1510645200f173eb44
Author: Brian Haley 
Date:   Thu Feb 28 22:19:16 2019 -0500

Fix KeyError in OVS firewall

When merging port ranges, the code never assumed the
conjunction ID might not be present in the set due to
already being removed.

In this case there were two security groups, both using
the same remote security group, but the first security
group does not define a port range and the second one does.
Or more generally, the first SG port range is a subset
of the second, as no port-range means the full range.

Change-Id: I17ab643abbd2ec21eda4ae1dfb9abf2d4b0657f2
Closes-bug: #1813007


** Changed in: neutron
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1813007

Title:
  Unable to install new flows on compute nodes when having broken
  security group rules

Status in Ubuntu Cloud Archive:
  Triaged
Status in Ubuntu Cloud Archive pike series:
  Triaged
Status in Ubuntu Cloud Archive queens series:
  Triaged
Status in Ubuntu Cloud Archive rocky series:
  Triaged
Status in Ubuntu Cloud Archive stein series:
  Triaged
Status in neutron:
  Fix Released
Status in OpenStack Security Advisory:
  Incomplete
Status in neutron package in Ubuntu:
  Triaged
Status in neutron source package in Xenial:
  Triaged
Status in neutron source package in Bionic:
  Triaged
Status in neutron source package in Cosmic:
  Triaged
Status in neutron source package in Disco:
  Triaged

Bug description:
  It appears that we have found that neutron-openvswitch-agent appears to have 
a bug where two security group rules that have two different port ranges that 
overlap tied to the same parent security group will cause neutron to not be 
able to configure networks on the compute nodes where those security groups are 
present.
  Those are the broken security rules: 
https://pastebin.canonical.com/p/wSy8RSXt85/
  Here is the log when we discovered the issue: 
https://pastebin.canonical.com/p/wvFKjNWydr/

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1813007/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1559072] Re: [SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"

[OpenStack Infra]

Reviewed:  https://review.openstack.org/541170
Committed: 
https://git.openstack.org/cgit/openstack/python-troveclient/commit/?id=0b28b04ebbfaed981f4e00e69e4c7a8e0ed75395
Submitter: Zuul
Branch:master

commit 0b28b04ebbfaed981f4e00e69e4c7a8e0ed75395
Author: Zhao Chao 
Date:   Tue Feb 6 15:31:42 2018 +0800

Handle error response for webob>=1.6.0

WebOb change https://github.com/Pylons/webob/pull/230 changed
the way in which the error response body is formatted such that
it's no longer a nested dict. So we have to handle both the
old convention of an error message key to the response body error
dict and the new way with just the error body dict.

This was reported upstream:
https://github.com/Pylons/webob/issues/235

But given this was apparently implemented as a long-overdue change
in WebOb the behavior is not likely to change.

Change-Id: Id8bfde6277640de48768bbe5a5e4252b97253ed2
Closes-Bug: #1559072
Co-Authored-By: Matt Riedemann 
Signed-off-by: Zhao Chao 


** Changed in: python-troveclient
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1559072

Title:
  [SRU] exceptions.from_response with webob 1.6.0 results in
  "AttributeError: 'unicode' object has no attribute 'get'"

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive mitaka series:
  Fix Released
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Ubuntu Cloud Archive ocata series:
  Fix Released
Status in Ubuntu Cloud Archive pike series:
  Fix Released
Status in networking-midonet:
  Fix Released
Status in python-cinderclient:
  Fix Released
Status in python-novaclient:
  Fix Released
Status in python-openstackclient:
  Invalid
Status in python-troveclient:
  Fix Released
Status in python-cinderclient package in Ubuntu:
  Fix Released
Status in python-novaclient package in Ubuntu:
  Fix Released
Status in python-cinderclient source package in Xenial:
  Fix Released
Status in python-novaclient source package in Xenial:
  Fix Released
Status in python-cinderclient source package in Yakkety:
  Won't Fix
Status in python-novaclient source package in Yakkety:
  Fix Released
Status in python-cinderclient source package in Zesty:
  Fix Released
Status in python-novaclient source package in Zesty:
  Fix Released

Bug description:
  [Impact] [Testcase]
  Running on Ubuntu 14.04.
  After installing nova from source in either the Liberty release or Mitaka, 
with WebOb 1.6.0, running any nova command generated this error:
  root@openstack-ubu-controller:~# nova service-list
  ERROR (AttributeError): 'unicode' object has no attribute 'get'

  The equivalent openstack commands work correctly. After downgrading
  WebOb to 1.5.1 AND restarting the nova-api service everything works.

  Detailed output from nova -debug service-list with the error:

  root@openstack-ubu-controller:~# nova --debug service-list
  DEBUG (extension:157) found extension EntryPoint.parse('v2token = 
keystoneauth1.loading._plugins.identity.v2:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('admin_token = 
keystoneauth1.loading._plugins.admin_token:AdminToken')
  DEBUG (extension:157) found extension EntryPoint.parse('v3oidcauthcode = 
keystoneauth1.loading._plugins.identity.v3:OpenIDConnectAuthorizationCode')
  DEBUG (extension:157) found extension EntryPoint.parse('v2password = 
keystoneauth1.loading._plugins.identity.v2:Password')
  DEBUG (extension:157) found extension EntryPoint.parse('v3password = 
keystoneauth1.loading._plugins.identity.v3:Password')
  DEBUG (extension:157) found extension EntryPoint.parse('v3oidcpassword = 
keystoneauth1.loading._plugins.identity.v3:OpenIDConnectPassword')
  DEBUG (extension:157) found extension EntryPoint.parse('token = 
keystoneauth1.loading._plugins.identity.generic:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('v3token = 
keystoneauth1.loading._plugins.identity.v3:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('password = 
keystoneauth1.loading._plugins.identity.generic:Password')
  DEBUG (session:248) REQ: curl -g -i -X GET http://10.0.1.3:5000/v2.0 -H 
"Accept: application/json" -H "User-Agent: keystoneauth1/2.3.0 
python-requests/2.9.1 CPython/2.7.6"
  INFO (connectionpool:207) Starting new HTTP connection (1): 10.0.1.3
  DEBUG (connectionpool:387) "GET /v2.0 HTTP/1.1" 200 334
  DEBUG (session:277) RESP: [200] Content-Length: 334 Vary: X-Auth-Token 
Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: 
Keep-Alive Date: Fri, 18 Mar 2016 12:41:58 GMT Content-Type: application/json 
x-openstack-request-id: req-a0c68cd5-ea29-4391-942f-130cc69d15f8
  RESP BODY: {"version": {"status": 

[Group.of.nepali.translators] [Bug 1642679] Re: The OpenStack network_config.json implementation fails on Hyper-V compute nodes

[OpenStack Infra]

Reviewed:  https://review.openstack.org/400883
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=f559be35a03f5801f527355895a97c89cdc3c336
Submitter: Jenkins
Branch:master

commit f559be35a03f5801f527355895a97c89cdc3c336
Author: Scott Moser 
Date:   Fri Mar 31 17:01:33 2017 -0400

Limit exposure of network device types to the guest.

Previously, the 'type' of the hypervisor network device, was exposed to
the guest directly. That does not make sense, as
a.) this leaks needless information into the guest
b.) the guest cannot be reasonably expected to make decisions
based on a type of link that is present underneath the
virtual device that is presented to the guest.
c.) guests then are forced to either continuously track these types
or to assume that unknown type is "phy".

This limits the exposure of types to a specific list. Any other
type will be shown to the guest as 'phy'.

Change-Id: Iea458fba29596cd2773d8d3565451af60b02bcca
Closes-Bug: #1642679


** Changed in: nova
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1642679

Title:
  The OpenStack network_config.json implementation fails on Hyper-V
  compute nodes

Status in cloud-init:
  Fix Released
Status in OpenStack Compute (nova):
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  When a config drive provides network_data.json on Azure OpenStack,
  cloud-init will fail to configure networking.

  Console log and /var/log/cloud-init.log will show:
   ValueError: Unknown network_data link type: hyperv

  This woudl also occur when the type of the network device as declared
  to cloud-init was 'hw_veb', 'hyperv', or 'vhostuser'.

  [Test Case]
  Launch an instance with config drive on hyperv cloud.

  [Regression Potential]
  Low to none.   cloud-init is relaxing requirements and will accept things
  now that it previously complained were invalid.
  === End SRU Template ===

  We have discovered an issue when booting Xenial instances on OpenStack
  environments (Liberty or newer) and Hyper-V compute nodes using config
  drive as metadata source.

  When applying the network_config.json, cloud-init fails with this error:
  http://paste.openstack.org/show/RvHZJqn48JBb0TO9QznL/

  The fix would be to add 'hyperv' as a link type here:
  /usr/lib/python3/dist-packages/cloudinit/sources/helpers/openstack.py, line 
587

  Related bugs:
   * bug 1674946: cloud-init fails with "Unknown network_data link type: dvs
   * bug 1642679: OpenStack network_config.json implementation fails on Hyper-V 
compute nodes

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1642679/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1627656] Re: missing alembic migrations due to use of git based workflows

[OpenStack Infra]

Reviewed:  https://review.openstack.org/376381
Committed: 
https://git.openstack.org/cgit/openstack/tap-as-a-service/commit/?id=55a387744dacb837b92556d714d2b6b5bb6c0e4f
Submitter: Jenkins
Branch:master

commit 55a387744dacb837b92556d714d2b6b5bb6c0e4f
Author: James Page 
Date:   Mon Sep 26 11:45:35 2016 +0100

Include alembic migrations in module

Explicitly include all alembic data in installed python module,
ensuring that installations directly from git repositories are
fully functional when compared to use of sdist generated tarballs
from tarballs.openstack.org or pypi.

Closes-Bug: 1627656

Change-Id: I445481445b6b5c0649a95f775042ba4067e83aa3


** Changed in: tap-as-a-service
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1627656

Title:
  missing alembic migrations due to use of git based workflows

Status in networking-l2gw:
  New
Status in networking-odl:
  Fix Released
Status in networking-sfc:
  Fix Released
Status in tap-as-a-service:
  Fix Released
Status in networking-l2gw package in Ubuntu:
  Fix Released
Status in networking-odl package in Ubuntu:
  Fix Released
Status in neutron-taas package in Ubuntu:
  Fix Released
Status in networking-l2gw source package in Xenial:
  New
Status in networking-odl source package in Xenial:
  Triaged
Status in neutron-taas source package in Xenial:
  Invalid
Status in networking-l2gw source package in Yakkety:
  Fix Released
Status in networking-odl source package in Yakkety:
  Fix Released
Status in neutron-taas source package in Yakkety:
  Fix Released

Bug description:
  Various openstack related packages are missing required neutron
  database migrations due to the direct use of a git based workflow of
  merging upstream tags and generating orig.tar.xz directly from the git
  tree for packaging.  This is *not* the same process as generated a
  sdist tarball, and as a result, files that need to reside in the
  python module get missed - this includes alembic migrations.

  Known impacts:

networking-odl
vmware-nsx (bug 1574610)

  A simple fix is to switch to using the upstream published release
  artefacts, rather than directly using git.

To manage notifications about this bug go to:
https://bugs.launchpad.net/networking-l2gw/+bug/1627656/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1559072] Re: [SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"

[OpenStack Infra]

Reviewed:  https://review.openstack.org/407422
Committed: 
https://git.openstack.org/cgit/openstack/python-cinderclient/commit/?id=19befa69651a41534c7d25b1a0d3a0cd407afb44
Submitter: Jenkins
Branch:master

commit 19befa69651a41534c7d25b1a0d3a0cd407afb44
Author: Akira KAMIO 
Date:   Tue Dec 6 14:10:38 2016 +0900

Handle error response for webob>=1.6.0

WebOb change https://github.com/Pylons/webob/pull/230 changed
the way in which the error response body is formatted such that
it's no longer a nested dict. So we have to handle both the
old convention of an error message key to the response body error
dict and the new way with just the error body dict.

This was reported upstream:

https://github.com/Pylons/webob/issues/235

But given this was apparently implemented as a long-overdue change
in WebOb the behavior is not likely to change.Handle error response for
webob>=1.6.0

Change-Id: I7d589415aa024588faf77c8234ac026110f6c3cd
Closes-Bug: #1559072


** Changed in: python-cinderclient
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1559072

Title:
  [SRU] exceptions.from_response with webob 1.6.0 results in
  "AttributeError: 'unicode' object has no attribute 'get'"

Status in networking-midonet:
  Fix Released
Status in python-cinderclient:
  Fix Released
Status in python-novaclient:
  Fix Released
Status in python-openstackclient:
  Invalid
Status in python-novaclient package in Ubuntu:
  Fix Released
Status in python-novaclient source package in Xenial:
  Fix Released
Status in python-novaclient source package in Yakkety:
  Fix Released

Bug description:
  [Impact] [Testcase]
  Running on Ubuntu 14.04.
  After installing nova from source in either the Liberty release or Mitaka, 
with WebOb 1.6.0, running any nova command generated this error:
  root@openstack-ubu-controller:~# nova service-list
  ERROR (AttributeError): 'unicode' object has no attribute 'get'

  The equivalent openstack commands work correctly. After downgrading
  WebOb to 1.5.1 AND restarting the nova-api service everything works.

  Detailed output from nova -debug service-list with the error:

  root@openstack-ubu-controller:~# nova --debug service-list
  DEBUG (extension:157) found extension EntryPoint.parse('v2token = 
keystoneauth1.loading._plugins.identity.v2:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('admin_token = 
keystoneauth1.loading._plugins.admin_token:AdminToken')
  DEBUG (extension:157) found extension EntryPoint.parse('v3oidcauthcode = 
keystoneauth1.loading._plugins.identity.v3:OpenIDConnectAuthorizationCode')
  DEBUG (extension:157) found extension EntryPoint.parse('v2password = 
keystoneauth1.loading._plugins.identity.v2:Password')
  DEBUG (extension:157) found extension EntryPoint.parse('v3password = 
keystoneauth1.loading._plugins.identity.v3:Password')
  DEBUG (extension:157) found extension EntryPoint.parse('v3oidcpassword = 
keystoneauth1.loading._plugins.identity.v3:OpenIDConnectPassword')
  DEBUG (extension:157) found extension EntryPoint.parse('token = 
keystoneauth1.loading._plugins.identity.generic:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('v3token = 
keystoneauth1.loading._plugins.identity.v3:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('password = 
keystoneauth1.loading._plugins.identity.generic:Password')
  DEBUG (session:248) REQ: curl -g -i -X GET http://10.0.1.3:5000/v2.0 -H 
"Accept: application/json" -H "User-Agent: keystoneauth1/2.3.0 
python-requests/2.9.1 CPython/2.7.6"
  INFO (connectionpool:207) Starting new HTTP connection (1): 10.0.1.3
  DEBUG (connectionpool:387) "GET /v2.0 HTTP/1.1" 200 334
  DEBUG (session:277) RESP: [200] Content-Length: 334 Vary: X-Auth-Token 
Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: 
Keep-Alive Date: Fri, 18 Mar 2016 12:41:58 GMT Content-Type: application/json 
x-openstack-request-id: req-a0c68cd5-ea29-4391-942f-130cc69d15f8
  RESP BODY: {"version": {"status": "stable", "updated": 
"2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": 
"application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": 
[{"href": "http://10.0.1.3:5000/v2.0/;, "rel": "self"}, {"href": 
"http://docs.openstack.org/;, "type": "text/html", "rel": "describedby"}]}}

  DEBUG (v2:63) Making authentication request to 
http://10.0.1.3:5000/v2.0/tokens
  DEBUG (connectionpool:387) "POST /v2.0/tokens HTTP/1.1" 200 2465
  DEBUG (session:248) REQ: curl -g -i -X GET 
http://10.0.1.3:8774/v1.1/b77d640e127e488fb42a7c0716ba53a5 -H "User-Agent: 
python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 
{SHA1}381893576ad46c62b587f4963d769b89441b919a"
  INFO (connectionpool:207) 

[Group.of.nepali.translators] [Bug 1559072] Re: [SRU] exceptions.from_response with webob 1.6.0 results in "AttributeError: 'unicode' object has no attribute 'get'"

[OpenStack Infra]

** Changed in: python-cinderclient
   Status: Invalid => In Progress

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1559072

Title:
  [SRU] exceptions.from_response with webob 1.6.0 results in
  "AttributeError: 'unicode' object has no attribute 'get'"

Status in networking-midonet:
  Fix Released
Status in python-cinderclient:
  In Progress
Status in python-novaclient:
  Fix Released
Status in python-openstackclient:
  Invalid
Status in python-novaclient package in Ubuntu:
  Fix Released
Status in python-novaclient source package in Xenial:
  Fix Released
Status in python-novaclient source package in Yakkety:
  Fix Released

Bug description:
  [Impact] [Testcase]
  Running on Ubuntu 14.04.
  After installing nova from source in either the Liberty release or Mitaka, 
with WebOb 1.6.0, running any nova command generated this error:
  root@openstack-ubu-controller:~# nova service-list
  ERROR (AttributeError): 'unicode' object has no attribute 'get'

  The equivalent openstack commands work correctly. After downgrading
  WebOb to 1.5.1 AND restarting the nova-api service everything works.

  Detailed output from nova -debug service-list with the error:

  root@openstack-ubu-controller:~# nova --debug service-list
  DEBUG (extension:157) found extension EntryPoint.parse('v2token = 
keystoneauth1.loading._plugins.identity.v2:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('admin_token = 
keystoneauth1.loading._plugins.admin_token:AdminToken')
  DEBUG (extension:157) found extension EntryPoint.parse('v3oidcauthcode = 
keystoneauth1.loading._plugins.identity.v3:OpenIDConnectAuthorizationCode')
  DEBUG (extension:157) found extension EntryPoint.parse('v2password = 
keystoneauth1.loading._plugins.identity.v2:Password')
  DEBUG (extension:157) found extension EntryPoint.parse('v3password = 
keystoneauth1.loading._plugins.identity.v3:Password')
  DEBUG (extension:157) found extension EntryPoint.parse('v3oidcpassword = 
keystoneauth1.loading._plugins.identity.v3:OpenIDConnectPassword')
  DEBUG (extension:157) found extension EntryPoint.parse('token = 
keystoneauth1.loading._plugins.identity.generic:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('v3token = 
keystoneauth1.loading._plugins.identity.v3:Token')
  DEBUG (extension:157) found extension EntryPoint.parse('password = 
keystoneauth1.loading._plugins.identity.generic:Password')
  DEBUG (session:248) REQ: curl -g -i -X GET http://10.0.1.3:5000/v2.0 -H 
"Accept: application/json" -H "User-Agent: keystoneauth1/2.3.0 
python-requests/2.9.1 CPython/2.7.6"
  INFO (connectionpool:207) Starting new HTTP connection (1): 10.0.1.3
  DEBUG (connectionpool:387) "GET /v2.0 HTTP/1.1" 200 334
  DEBUG (session:277) RESP: [200] Content-Length: 334 Vary: X-Auth-Token 
Keep-Alive: timeout=5, max=100 Server: Apache/2.4.7 (Ubuntu) Connection: 
Keep-Alive Date: Fri, 18 Mar 2016 12:41:58 GMT Content-Type: application/json 
x-openstack-request-id: req-a0c68cd5-ea29-4391-942f-130cc69d15f8
  RESP BODY: {"version": {"status": "stable", "updated": 
"2014-04-17T00:00:00Z", "media-types": [{"base": "application/json", "type": 
"application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": 
[{"href": "http://10.0.1.3:5000/v2.0/;, "rel": "self"}, {"href": 
"http://docs.openstack.org/;, "type": "text/html", "rel": "describedby"}]}}

  DEBUG (v2:63) Making authentication request to 
http://10.0.1.3:5000/v2.0/tokens
  DEBUG (connectionpool:387) "POST /v2.0/tokens HTTP/1.1" 200 2465
  DEBUG (session:248) REQ: curl -g -i -X GET 
http://10.0.1.3:8774/v1.1/b77d640e127e488fb42a7c0716ba53a5 -H "User-Agent: 
python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 
{SHA1}381893576ad46c62b587f4963d769b89441b919a"
  INFO (connectionpool:207) Starting new HTTP connection (1): 10.0.1.3
  DEBUG (connectionpool:387) "GET /v1.1/b77d640e127e488fb42a7c0716ba53a5 
HTTP/1.1" 404 112
  DEBUG (session:277) RESP: [404] Date: Fri, 18 Mar 2016 12:41:59 GMT 
Connection: keep-alive Content-Type: application/json; charset=UTF-8 
Content-Length: 112 X-Compute-Request-Id: 
req-f10a2016-9a88-48fd-af1d-5f800fc9e11a
  RESP BODY: {"message": "The resource could not be found.\n\n\n", 
"code": "404 Not Found", "title": "Not Found"}

  DEBUG (shell:894) 'unicode' object has no attribute 'get'
  Traceback (most recent call last):
    File "/usr/local/lib/python2.7/dist-packages/novaclient/shell.py", line 
892, in main
  OpenStackComputeShell().main(argv)
    File "/usr/local/lib/python2.7/dist-packages/novaclient/shell.py", line 
726, in main
  api_version = api_versions.discover_version(self.cs, api_version)
    File "/usr/local/lib/python2.7/dist-packages/novaclient/api_versions.py", 
line 267, in discover_version
  client)
    File "/usr/local/lib/python2.7/dist-packages/novaclient/api_versions.py", 
line 

[Group.of.nepali.translators] [Bug 1627656] Re: missing alembic migrations due to use of git based workflows

[OpenStack Infra]

Reviewed:  https://review.openstack.org/376378
Committed: 
https://git.openstack.org/cgit/openstack/networking-sfc/commit/?id=a640a99527ee2c51179278823b50661bc6038278
Submitter: Jenkins
Branch:master

commit a640a99527ee2c51179278823b50661bc6038278
Author: James Page 
Date:   Mon Sep 26 11:23:11 2016 +0100

Include alembic migrations in module

Explicitly include all alembic data in installed python module,
ensuring that installations direct from git repositories are
fully functional when compared to use of sdist generated tarballs
from tarballs.openstack.org or pypi.

Closes-Bug: 1627656

Change-Id: I246672cd6a343583daa96720e433c8c0a62086fc


** Changed in: networking-sfc
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1627656

Title:
  missing alembic migrations due to use of git based workflows

Status in networking-l2gw:
  New
Status in networking-odl:
  Fix Released
Status in networking-sfc:
  Fix Released
Status in tap-as-a-service:
  New
Status in networking-l2gw package in Ubuntu:
  Fix Released
Status in networking-odl package in Ubuntu:
  Fix Released
Status in neutron-taas package in Ubuntu:
  Fix Released
Status in networking-l2gw source package in Xenial:
  New
Status in networking-odl source package in Xenial:
  Triaged
Status in neutron-taas source package in Xenial:
  Invalid
Status in networking-l2gw source package in Yakkety:
  Fix Released
Status in networking-odl source package in Yakkety:
  Fix Released
Status in neutron-taas source package in Yakkety:
  Fix Released

Bug description:
  Various openstack related packages are missing required neutron
  database migrations due to the direct use of a git based workflow of
  merging upstream tags and generating orig.tar.xz directly from the git
  tree for packaging.  This is *not* the same process as generated a
  sdist tarball, and as a result, files that need to reside in the
  python module get missed - this includes alembic migrations.

  Known impacts:

networking-odl
vmware-nsx (bug 1574610)

  A simple fix is to switch to using the upstream published release
  artefacts, rather than directly using git.

To manage notifications about this bug go to:
https://bugs.launchpad.net/networking-l2gw/+bug/1627656/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1623871] Re: Nova hugepage support does not include aarch64

[OpenStack Infra]

Reviewed:  https://review.openstack.org/372304
Committed: 
https://git.openstack.org/cgit/openstack/nova/commit/?id=50e0106d35ec1a3204c18f3912b0dc6cf6632305
Submitter: Jenkins
Branch:master

commit 50e0106d35ec1a3204c18f3912b0dc6cf6632305
Author: VeenaSL 
Date:   Mon Sep 19 13:36:53 2016 +0530

Adding hugepage and NUMA support check for aarch64

Nova ignores aarch64 while verifying for hugepage and NUMA support.
AARCH64 also supports hugepage and NUMA on the same libvirt versions as of 
x86.
Hence adding this chek for aarch64 also.

Change-Id: I7b5ae1dbdca4fdd0aee2eefd4099c4c4953b609a
Closes-bug: #1623871


** Changed in: nova
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1623871

Title:
  Nova hugepage support does not include aarch64

Status in OpenStack Compute (nova):
  Fix Released
Status in nova package in Ubuntu:
  Fix Released
Status in nova source package in Xenial:
  In Progress

Bug description:
  [Impact]
  Although aarch64 supports spawning a vm with hugepages, in nova code, the 
libvirt driver considers only x86_64 and I686. Both for NUMA and Hugepage 
support, AARCH64 needs to be added. Due to this bug, vm can not be launched 
with hugepage using OpenStack on aarch64 servers.

  Note: this depends on the fix for LP: #1627926.

  [Test Case]
  Steps to reproduce:
  On an openstack environment running on aarch64:
  1. Configure compute to use hugepages.
  2. Set mem_page_size="2048" for a flavor
  3. Launch a VM using the above flavor.

  Expected result:
  VM should be launched with hugepages and the libvirt xml should have

    
    
  
    
    

  Actual result:
  VM is launched without hugepages.

  There are no error logs in nova-scheduler.

  [Regression Risk]
  Risk is minimized by the fact that this change is just enabling the same code 
for arm64 that is already enabled for Ubuntu/x86.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1623871/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

[OpenStack Infra]

Reviewed:  https://review.openstack.org/375526
Committed: 
https://git.openstack.org/cgit/openstack/glance/commit/?id=69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
Submitter: Jenkins
Branch:master

commit 69a9b659fd48aa3c1f84fc7bc9ae236b6803d31f
Author: Hemanth Makkapati 
Date:   Fri Sep 23 09:29:12 2016 -0500

Adding constraints around qemu-img calls

* All "qemu-img info" calls are now run under resource limitations
  that limit CPU time to 2 seconds and address space usage to 1 GB.
  This helps avoid any DoS attacks via malicious images.
* All "qemu-img convert" calls now specify the import format so that
  it does not have to be inferred by qemu-img.

SecurityImpact

Change-Id: Ib900bbc05cb9ccd90c6f56ccb4bf2006e30cdc80
Closes-Bug: #1449062


** Changed in: glance
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1449062

Title:
  qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Status in Cinder:
  Fix Released
Status in Cinder mitaka series:
  In Progress
Status in Cinder newton series:
  Fix Released
Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive liberty series:
  Fix Committed
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Glance:
  Fix Released
Status in Glance liberty series:
  New
Status in Glance mitaka series:
  New
Status in Glance newton series:
  Fix Committed
Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  In Progress
Status in python-oslo.concurrency package in Ubuntu:
  Fix Released
Status in python-oslo.concurrency source package in Wily:
  Fix Committed
Status in python-oslo.concurrency source package in Xenial:
  Fix Released
Status in python-oslo.concurrency source package in Yakkety:
  Fix Released

Bug description:
  Reported via private E-mail from Richard W.M. Jones.

  Turns out qemu image parser is not hardened against malicious input
  and can be abused to allocated an arbitrary amount of memory and/or
  dump a lot of information when used with "--output=json".

  The solution seems to be: limit qemu-img ressource using ulimit.

  Example of abuse:

  -- afl1.img --

  $ /usr/bin/time qemu-img info afl1.img
  image: afl1.img
  [...]
  0.13user 0.19system 0:00.36elapsed 92%CPU (0avgtext+0avgdata 
642416maxresident)k
  0inputs+0outputs (0major+156927minor)pagefaults 0swaps

  The original image is 516 bytes, but it causes qemu-img to allocate
  640 MB.

  -- afl2.img --

  $ qemu-img info --output=json afl2.img | wc -l
  589843

  This is a 200K image which causes qemu-img info to output half a
  million lines of JSON (14 MB of JSON).

  Glance runs the --output=json variant of the command.

  -- afl3.img --

  $ /usr/bin/time qemu-img info afl3.img
  image: afl3.img
  [...]
  0.09user 0.35system 0:00.47elapsed 94%CPU (0avgtext+0avgdata 
1262388maxresident)k
  0inputs+0outputs (0major+311994minor)pagefaults 0swaps

  qemu-img allocates 1.3 GB (actually, a bit more if you play with
  ulimit -v).  It appears that you could change it to allocate
  arbitrarily large amounts of RAM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1449062/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1627656] Re: missing alembic migrations due to use of git based workflows

[OpenStack Infra]

Reviewed:  https://review.openstack.org/376390
Committed: 
https://git.openstack.org/cgit/openstack/networking-odl/commit/?id=7fd14d19106ad930f0072b45e1d3af4bd78c4b3f
Submitter: Jenkins
Branch:master

commit 7fd14d19106ad930f0072b45e1d3af4bd78c4b3f
Author: James Page 
Date:   Mon Sep 26 11:52:32 2016 +0100

Include alembic migrations in module

Explicitly include all alembic data in installed python module,
ensuring that installations directly from git repositories are
fully functional when compared to use of sdist generated tarballs
from tarballs.openstack.org or pypi.

Closes-Bug: 1627656

Change-Id: Ieb4272bdbf65e4b63a0e8d875847d29470c2


** Changed in: networking-odl
   Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1627656

Title:
  missing alembic migrations due to use of git based workflows

Status in networking-l2gw:
  New
Status in networking-odl:
  Fix Released
Status in networking-sfc:
  New
Status in tap-as-a-service:
  New
Status in networking-l2gw package in Ubuntu:
  Fix Released
Status in networking-odl package in Ubuntu:
  Fix Released
Status in neutron-taas package in Ubuntu:
  Fix Released
Status in networking-l2gw source package in Xenial:
  New
Status in networking-odl source package in Xenial:
  Triaged
Status in neutron-taas source package in Xenial:
  Invalid
Status in networking-l2gw source package in Yakkety:
  Fix Released
Status in networking-odl source package in Yakkety:
  Fix Released
Status in neutron-taas source package in Yakkety:
  Fix Released

Bug description:
  Various openstack related packages are missing required neutron
  database migrations due to the direct use of a git based workflow of
  merging upstream tags and generating orig.tar.xz directly from the git
  tree for packaging.  This is *not* the same process as generated a
  sdist tarball, and as a result, files that need to reside in the
  python module get missed - this includes alembic migrations.

  Known impacts:

networking-odl
vmware-nsx (bug 1574610)

  A simple fix is to switch to using the upstream published release
  artefacts, rather than directly using git.

To manage notifications about this bug go to:
https://bugs.launchpad.net/networking-l2gw/+bug/1627656/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1449062] Re: qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

[OpenStack Infra]

Reviewed:  https://review.openstack.org/375099
Committed: 
https://git.openstack.org/cgit/openstack/cinder/commit/?id=78f17f0ad79380ee3d9c50f2670252bcc559b62b
Submitter: Jenkins
Branch:master

commit 78f17f0ad79380ee3d9c50f2670252bcc559b62b
Author: Sean McGinnis 
Date:   Thu Sep 22 15:31:37 2016 -0500

Limit memory & CPU when running qemu-img info

It was found that a modified or corrupted image file can cause a DoS
on the host when getting image info with qemu-img.

This uses the newer 'prlimit' parameter for oslo.concurrency execute
to set an address space limit of 1GB and CPU time limit of 2 seconds
when running the qemu-img info command.

Change-Id: If5b7129b266ef065642bc7898ce9dcf93722a053
Closes-bug: #1449062


** Changed in: cinder
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1449062

Title:
  qemu-img calls need to be restricted by ulimit (CVE-2015-5162)

Status in Cinder:
  Fix Released
Status in Cinder mitaka series:
  New
Status in Cinder newton series:
  Fix Released
Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive liberty series:
  Fix Committed
Status in Ubuntu Cloud Archive mitaka series:
  Fix Committed
Status in Ubuntu Cloud Archive newton series:
  Fix Released
Status in Glance:
  New
Status in Glance liberty series:
  New
Status in Glance mitaka series:
  New
Status in Glance newton series:
  New
Status in OpenStack Compute (nova):
  Fix Released
Status in OpenStack Security Advisory:
  In Progress
Status in python-oslo.concurrency package in Ubuntu:
  Fix Released
Status in python-oslo.concurrency source package in Wily:
  Fix Committed
Status in python-oslo.concurrency source package in Xenial:
  Fix Released
Status in python-oslo.concurrency source package in Yakkety:
  Fix Released

Bug description:
  Reported via private E-mail from Richard W.M. Jones.

  Turns out qemu image parser is not hardened against malicious input
  and can be abused to allocated an arbitrary amount of memory and/or
  dump a lot of information when used with "--output=json".

  The solution seems to be: limit qemu-img ressource using ulimit.

  Example of abuse:

  -- afl1.img --

  $ /usr/bin/time qemu-img info afl1.img
  image: afl1.img
  [...]
  0.13user 0.19system 0:00.36elapsed 92%CPU (0avgtext+0avgdata 
642416maxresident)k
  0inputs+0outputs (0major+156927minor)pagefaults 0swaps

  The original image is 516 bytes, but it causes qemu-img to allocate
  640 MB.

  -- afl2.img --

  $ qemu-img info --output=json afl2.img | wc -l
  589843

  This is a 200K image which causes qemu-img info to output half a
  million lines of JSON (14 MB of JSON).

  Glance runs the --output=json variant of the command.

  -- afl3.img --

  $ /usr/bin/time qemu-img info afl3.img
  image: afl3.img
  [...]
  0.09user 0.35system 0:00.47elapsed 94%CPU (0avgtext+0avgdata 
1262388maxresident)k
  0inputs+0outputs (0major+311994minor)pagefaults 0swaps

  qemu-img allocates 1.3 GB (actually, a bit more if you play with
  ulimit -v).  It appears that you could change it to allocate
  arbitrarily large amounts of RAM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1449062/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp