** Description changed: + SRU Information: + + IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is marginal. + FIX: Patch supplied by upstream to permit minor time differences between nodes in Rampart configuration - this formed part of the 2.0.3 security release of Eucalyptus. + PATCH: see attached clock_drift.patch and associated branches for each release. + TEST CASE: + - Requires at minimum a two node eucalyptus installation. + - Clock difference between the two nodes should be introduced. + - Webservice messages will then be dropped between the two nodes. + REGRESSION POTENTIAL: Minimal - patch supplied from upstream released version so should be well tested. + + >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + + Original Bug Report: + In both EucalyptusNC/services.xml and EucalyptusCC/services.xml there's no ClockSkewBuffer (nor TimeToLive nor PrecisionInMilliseconds), therefore messages "from the future" (from the webservice's point of view) won't be accepted, even if the difference in time is minimal. This happens on a default Ubuntu 11.04 x64 cloud server installation, after a full upgrade (apt-get update && apt-get dist-upgrade) and a reboot. Eucalyptus' package version is 2.0.1+bzr1256-0ubuntu4.1 - For a more detailed description on this issue, see a question I asked in ServerFault: http://serverfault.com/questions/313200/ubuntu-enterprise- cloud-ncs-down-and-time-synchronization
** Description changed: SRU Information: - IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is marginal. + IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is minimal. FIX: Patch supplied by upstream to permit minor time differences between nodes in Rampart configuration - this formed part of the 2.0.3 security release of Eucalyptus. PATCH: see attached clock_drift.patch and associated branches for each release. TEST CASE: - Requires at minimum a two node eucalyptus installation. - Clock difference between the two nodes should be introduced. - Webservice messages will then be dropped between the two nodes. REGRESSION POTENTIAL: Minimal - patch supplied from upstream released version so should be well tested. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Original Bug Report: In both EucalyptusNC/services.xml and EucalyptusCC/services.xml there's no ClockSkewBuffer (nor TimeToLive nor PrecisionInMilliseconds), therefore messages "from the future" (from the webservice's point of view) won't be accepted, even if the difference in time is minimal. This happens on a default Ubuntu 11.04 x64 cloud server installation, after a full upgrade (apt-get update && apt-get dist-upgrade) and a reboot. Eucalyptus' package version is 2.0.1+bzr1256-0ubuntu4.1 For a more detailed description on this issue, see a question I asked in ServerFault: http://serverfault.com/questions/313200/ubuntu-enterprise- cloud-ncs-down-and-time-synchronization -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to eucalyptus in Ubuntu. https://bugs.launchpad.net/bugs/854946 Title: [SRU] Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
