Sahara

Invalid security repo in MapR plugin

Bug #1618397 reported by Grigoriy
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Sahara
Fix Released
High
Grigoriy
Sahara newton-3 "n3"
Mitaka
Fix Released
Critical
Unassigned

Bug Description

lucid-security is not now available at http://security.ubuntu.com/ubuntu, it is available at http://old-releases.ubuntu.com/ubuntu, but MapR plugin still uses old repo.

Revision history for this message
Vitalii Gridnev (vgridnev) wrote :

https://review.openstack.org/362757

Changed in sahara:
milestone: none → newton-3
assignee: nobody → Grigoriy (groghkov)
importance: Undecided → High
status: New → In Progress
Revision history for this message
Luigi Toscano (ltoscano) wrote :

I commented on the review, but is this a real bug? Does MapR really requires Ubuntu 10.04 Lucid, which is out of support?

Revision history for this message
Grigoriy (groghkov) wrote :

Lucid is really not required, so it can be just removed.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (master)

Reviewed: https://review.openstack.org/362757
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=1400bbeba7d7ac8854c93f92cbd3ed5ff870c558
Submitter: Jenkins
Branch: master

commit 1400bbeba7d7ac8854c93f92cbd3ed5ff870c558
Author: Grigoriy Rozhkov <email address hidden>
Date: Tue Aug 30 13:13:03 2016 +0300

    Fix invalid security repo

    Change-Id: I0365b7430ff17348fa2e0a4b8a3476b149a7ccca
    Closes-Bug: #1618397

Changed in sahara:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/sahara 5.0.0.0b3

This issue was fixed in the openstack/sahara 5.0.0.0b3 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to sahara (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/402015

Revision history for this message
Robert Duncan (rduncan-t) wrote :
Download full text (12.0 KiB)

I don't think it's the add_security_repos.sh resource - I have removed the line referring to lucid repo as per the patch but still get the same error on deployment (restarted sahara, heat, memcached) - After the latest failure I logged into the worker node to look at the script in /tmp

here again is the error:

RemoteCommandException: Error during command execution: "sudo -u root /tmp/8feafa4a-c2f6-4306-93c4-1f6cfb5dfd0a.sh Ubuntu" Return code: 100 STDERR: W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/lucid-security/main/binary-amd64/Packages 404 Not Found

here is my add_security_repo.sh

#!/bin/sh

cat >> /etc/apt/sources.list.d/security_repo.list <<- EOF
deb http://security.ubuntu.com/ubuntu precise-security main
EOF
apt-get update

and here is the script in the /tmp directory

ubuntu@mapper-mapr-500mr2-default-worker-1:/tmp$ ls
8feafa4a-c2f6-4306-93c4-1f6cfb5dfd0a.sh
ubuntu@mapper-mapr-500mr2-default-worker-1:/tmp$ cat 8feafa4a-c2f6-4306-93c4-1f6cfb5dfd0a.sh
#!/bin/sh
if [ "$1" = "Ubuntu" ]; then
    sudo apt-get update
    cat >> /etc/apt/sources.list.d/maprtech.list <<- EOF
    deb http://package.mapr.com/releases/v5.1.0/ubuntu/ mapr optional
    deb http://package.mapr.com/releases/ecosystem-5.x/ubuntu binary/
EOF
    sudo apt-get install -y --force-yes wget
    wget -O - http://package.mapr.com/releases/pub/maprgpg.key | \
                                                            sudo apt-key add -
    sudo apt-get update

elif [ "$1" = 'CentOS' -o "$1" = 'RedHatEnterpriseServer' ]; then
    cat >> /etc/yum.repos.d/maprtech.repo <<- EOF
[maprtech]
name=MapR Technologies
baseurl=http://package.mapr.com/releases/v5.1.0/redhat/
enabled=1
gpgcheck=0
protect=1

[maprecosystem]
name=MapR Technologies
baseurl=http://package.mapr.com/releases/ecosystem-5.x/redhat
enabled=1
gpgcheck=0
protect=1
EOF
    rpm --import http://package.mapr.com/releases/pub/maprgpg.key
    yum install -y wget
    release=`cat /etc/*-release`
    if [[ $release =~ 6\.[0-9] ]]; then
        rpm -q epel-release-6-8 || \
            rpm -i http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
    elif [[ $release =~ 7\.[0-9] ]]; then
        rpm -q epel-release-7-5 || \
            rpm -i http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
    else
        echo "Unsupported distribution version"
        exit 1
    fi
else
    echo "Unknown distribution"
    exit 1
fi

-----------------

If I run the script I get this:

 ./8feafa4a-c2f6-4306-93c4-1f6cfb5dfd0a.sh Ubuntu
Ign file: binary/ InRelease
Ign file: binary/ InRelease
Ign file: binary/ Release.gpg
Ign file: binary/ Release.gpg
Ign file: binary/ Release
Ign file: binary/ Release
Get:1 http://security.ubuntu.com trusty-security InRelease [65.9 kB]
Get:2 http://security.ubuntu.com precise-security InRelease [55.7 kB]
Ign http://security.ubuntu.com lucid-security InRelease
Hit http://package.mapr.com mapr InRelease
Ign http://package.mapr.com binary/ InRelease
Hit http://package.mapr.com mapr/optional amd64 Packages
Get:3 http://security.ubuntu.com trusty-security/main Sources [122 kB]
Ign http://package.mapr.com binary/ Release.gpg
Ign http:/...

Revision history for this message
Robert Duncan (rduncan-t) wrote :

- So, its simply because the sahara-image-create includes apt sources for lucid in the image by default.

ubuntu@test1:~$ cat /etc/apt/sources.list.d/security_repo.list
deb http://security.ubuntu.com/ubuntu precise-security main
deb http://security.ubuntu.com/ubuntu lucid-security main

If I modify the script to empty that file first, it works:
so add_security_repos.sh should look like this to work with the default images:

#!/bin/sh
> /etc/apt/source.list.d/security_repo.list
 cat >> /etc/apt/sources.list.d/security_repo.list <<- EOF
deb http://security.ubuntu.com/ubuntu precise-security main
EOF
apt-get update

Revision history for this message
Robert Duncan (rduncan-t) wrote :

sorry there is a typo in the above: this is correct (sources.list not source.list)

#!/bin/sh
> /etc/apt/sources.list.d/security_repo.list
 cat >> /etc/apt/sources.list.d/security_repo.list <<- EOF
deb http://security.ubuntu.com/ubuntu precise-security main
EOF
apt-get update

Revision history for this message
Luigi Toscano (ltoscano) wrote :

sahara-image-elements was fixed in https://review.openstack.org/#/c/336908/

Maybe the repository was not needed there as well.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to sahara-image-elements (stable/mitaka)

Related fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/402171

Revision history for this message
Robert Duncan (rduncan-t) wrote :

then it must be that the Mirantis mitaka images are broken, as is the official mapr image

http://sahara-files.mirantis.com/images/upstream/mitaka/sahara-mitaka-mapr-5.1.0-ubuntu.qcow2
http://sahara-images.s3.amazonaws.com/ubuntu_trusty_mapr_5.1.0_latest.qcow2

both images have a lucid repo already set.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to sahara-image-elements (stable/mitaka)

Reviewed: https://review.openstack.org/402171
Committed: https://git.openstack.org/cgit/openstack/sahara-image-elements/commit/?id=1c8609c356cbde895fde67e43b6d4a6f71c7ba13
Submitter: Jenkins
Branch: stable/mitaka

commit 1c8609c356cbde895fde67e43b6d4a6f71c7ba13
Author: Evgeny Sikachev <email address hidden>
Date: Sun Jul 3 13:43:18 2016 +0300

    Fix Mapr security repo

    lucid-security moved to old-releases.ubuntu.com

    Related-Bug: 1618397
    Change-Id: Ibf2802ca0f62c0eabc0acfc3e90c6d079d20e884
    (cherry picked from commit d55baf93c6029781d21063a6a81b2f37bdf07e61)

tags: added: in-stable-mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (stable/mitaka)

Reviewed: https://review.openstack.org/402015
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=06e18d80378c14025228f6069835cd091b37a8ad
Submitter: Jenkins
Branch: stable/mitaka

commit 06e18d80378c14025228f6069835cd091b37a8ad
Author: Grigoriy Rozhkov <email address hidden>
Date: Tue Aug 30 13:13:03 2016 +0300

    Fix invalid security repo

    Change-Id: I0365b7430ff17348fa2e0a4b8a3476b149a7ccca
    Closes-Bug: #1618397
    (cherry picked from commit 1400bbeba7d7ac8854c93f92cbd3ed5ff870c558)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/sahara 4.1.1

This issue was fixed in the openstack/sahara 4.1.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.