Canonical Livepatch On-Prem

Patch filters are not getting applied properly

Bug #2054415 reported by Muhammad Ahmad on 2024-02-20

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Livepatch On-Prem	Fix Released	High	Unassigned

Bug Description

After deploying livepatch-server with some patch filters in charm config (sync_flavors, sync_minimum_kernel_version), not all the filters are getting enforced.

If we observe the list of patches downloaded by livepatch-server in postgress/local-storage, we are seeing that it is conforming to 'sync_flavors' filter but not the 'sync_minimum_kernel_version'.

How to reproduce:

1- Deploy livepatch-server with the following charm options:
sync_flavors=generic
sync_minimum_kernel_version=5.15.0

2- Run the sync-trigger action:
livepatch-admin sync trigger --format yaml --wait

3- Using the livepatch-admin CLI, observe that the patches for kernel versions older than 5.15.0 are
   getting downloaded:
     livepatch-admin storage refresh
     livepatch-admin storage patches

This is causing unnecessary patches to be downloaded and wastage of db storage-space/performance.

Tags:

Revision history for this message

Muhammad Ahmad (ahmadfsbd) wrote on 2024-02-20 (last edit on 2024-02-20):

#1

The config in /etc/livepatchd.yaml looks ok but we have patches for older kernel versions getting downloaded:

patch_sync:
  enabled: true
  flavors:
  - generic
  id: ab1867e3-4b8b-4875-8f4a-adee5e44ac18
  interval: 1h
  machine_count_strategy: unit
  minimum_kernel_version: 5.15.0
  proxy:
    enabled: false
  send_machine_reports: false

Revision history for this message

Kian Parvin (kian-parvin) wrote on 2024-02-20:

#2

Hi,

Thanks for the report. Can you let us know the charm version you have deployed with `juju status`.

Revision history for this message

Muhammad Ahmad (ahmadfsbd) wrote on 2024-02-20:

#3

Hi,

livepatch active 1 canonical-livepatch-server latest/stable 39 no ✓ Livepatch server running.

Revision history for this message

Kian Parvin (kian-parvin) wrote on 2024-02-20:

#4

Thanks, looks like the min-kernel-version config parameter is not being passed correctly. Will update here as the fix and QA progresses.

Changed in livepatch-onprem:
importance:	Undecided → High
status:	New → Triaged

Revision history for this message

Kian Parvin (kian-parvin) wrote on 2024-02-22:

#5

A fix has been released to the latest/stable channel of the Livepatch server charm. The new charm revision is 51.

Changed in livepatch-onprem:
status:	Triaged → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.