** Description changed: + [Impact] + + Users cannot enable the Ubuntu Cloud Archive using squid-deb-proxy + without changing its configuration by hand. + + [Test Case] + + $ export http_proxy=http://localhost:8000 + $ wget -O/dev/null http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/precise-updates/folsom/Release + + This command should succeed, but if the problem is present then it fails + with 403 Forbidden. + + [Development Fix] + + Fixed in upstream trunk and in Raring 0.6.7. + + [Stable Fix] + + Merge proposal attached. This just tweaks mirror-dstdomain.acl the same + way as in the development fix. + + [Regression Potential] + + Only access to archives in archive.canonical.com will be affected. I + have verified that ".archive.canonical.com" also matches + "archive.canonical.com" by getting a 404 (and not a 403) if I hit it + with this change applied. + + [Original Description] + To setup OpenStack Folsom on Ubuntu 12.04 LTS by MAAS+JuJu, it needs access ubuntu cloud archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu precise-updates/folsom main But by default, it's not ok. Error logs from juju shows apt-get update failed by 403 forbidden. ======================================LOG========================================================= 2012-12-05 14:34:28,960 unit:keystone/1: hook.executor DEBUG: started 2012-12-05 14:34:29,003 unit:keystone/1: statemachine DEBUG: unitworkflowstate: transition install (None -> installed) {} 2012-12-05 14:34:29,003 unit:keystone/1: statemachine DEBUG: unitworkflowstate: execute action do_install 2012-12-05 14:34:29,050 unit:keystone/1: hook.output DEBUG: Cached relation hook contexts: [] 2012-12-05 14:34:29,051 unit:keystone/1: hook.executor DEBUG: Running hook: /var/lib/juju/units/keystone-1/charm/hooks/install 2012-12-05 14:34:29,972 unit:keystone/1: unit.hook.api DEBUG: Get unit setting: 'private-address' 2012-12-05 14:34:30,443 unit:keystone/1: unit.hook.api DEBUG: Get unit setting: 'private-address' 2012-12-05 14:34:30,523 unit:keystone/1: hook.output INFO: Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.YQ7MyOjrEG --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 5EDB1B62EC4926EA 2012-12-05 14:34:30,527 unit:keystone/1: hook.output ERROR: gpg: 2012-12-05 14:34:30,528 unit:keystone/1: hook.output ERROR: requesting key EC4926EA from hkp server keyserver.ubuntu.com 2012-12-05 14:34:34,702 unit:keystone/1: hook.output ERROR: gpg: 2012-12-05 14:34:34,703 unit:keystone/1: hook.output ERROR: key EC4926EA: "Canonical Cloud Archive Signing Key <[email protected]>" not changed 2012-12-05 14:34:34,704 unit:keystone/1: hook.output ERROR: gpg: 2012-12-05 14:34:34,704 unit:keystone/1: hook.output ERROR: Total number processed: 1 2012-12-05 14:34:34,705 unit:keystone/1: hook.output ERROR: gpg: 2012-12-05 14:34:34,705 unit:keystone/1: hook.output ERROR: unchanged: 1 2012-12-05 14:34:51,882 unit:keystone/1: unit.hook.api INFO: FATAL ERROR: ERROR: command apt-get update return non-zero. 2012-12-05 14:34:51,920 unit:keystone/1: hook.output DEBUG: hook install exited, exit code Traceback (most recent call last): Failure: juju.errors.CharmInvocationError: Error processing '/var/lib/juju/units/keystone-1/charm/hooks/install': exit code 1. . 2012-12-05 14:34:51,921 unit:keystone/1: hook.executor DEBUG: Hook error: /var/lib/juju/units/keystone-1/charm/hooks/install Error processing '/var/lib/juju/units/keystone-1/charm/hooks/install': exit code 1. 2012-12-05 14:34:51,922 unit:keystone/1: statemachine DEBUG: unitworkflowstate: executing error transition error_install, Error processing '/var/lib/juju/units/keystone-1/charm/hooks/install': exit code 1. 2012-12-05 14:34:51,954 unit:keystone/1: statemachine DEBUG: unitworkflowstate: transition error_install (None -> install_error) {} 2012-12-05 14:34:52,001 unit:keystone/1: statemachine DEBUG: unitworkflowstate: transition complete error_install (state install_error) {} 2012-12-05 14:34:52,015 unit:keystone/1: juju.agents.unit DEBUG: Configuration Changed 2012-12-05 14:34:52,015 unit:keystone/1: juju.agents.unit DEBUG: Configuration updated on service in a non-started state 2012-12-05 14:34:52,032 unit:keystone/1: juju.agents.unit INFO: No upgrade flag set. W: Failed to fetch http://ubuntu- cloud.archive.canonical.com/ubuntu/dists/precise-updates/folsom/main /binary-amd64/Packages 403 Forbidden W: Failed to fetch http://ubuntu- cloud.archive.canonical.com/ubuntu/dists/precise- updates/folsom/main/binary-i386/Packages 403 Forbidden E: Some index files failed to download. They have been ignored, or old ones used instead. =================================================================================================== The solution is: Change /etc/squid-deb-proxy/mirror_dstdomain.acl, line 14: --archive.canonical.com ++.archive.canonical.com Restart squid-deb-proxy service.
** Branch linked: lp:~racb/ubuntu/precise/squid-deb-proxy/cloud-archive -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1087145 Title: maas proxy prevent nodes access cloud archive To manage notifications about this bug go to: https://bugs.launchpad.net/squid-deb-proxy/+bug/1087145/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
