Landscape Client should accept SSL CA certificates in the user data

Bug #605079 reported by Kevin McDermott on 2010-07-13
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Landscape Client
High
Kevin McDermott
landscape-client (Ubuntu)
Undecided
Unassigned
Jaunty
Undecided
Unassigned
Karmic
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned

Bug Description

landscape-client needs to accept a new user-data item ssl-ca-certificate which should be used to validate communication with the LDS instance.

Changed in landscape-client:
assignee: nobody → Kevin McDermott (bigkevmcd)
status: New → Confirmed
importance: Undecided → High
milestone: none → 1.5.4
Changed in landscape-client:
milestone: 1.5.4 → 1.5.5
Changed in landscape-client:
status: Confirmed → Fix Committed
milestone: 1.5.5 → 1.5.4
Changed in landscape-client:
status: Fix Committed → Fix Released
Changed in landscape-client (Ubuntu Maverick):
status: New → Fix Released

Accepted landscape-client into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in landscape-client (Ubuntu Lucid):
status: New → Fix Committed
tags: added: verification-needed
Martin Pitt (pitti) wrote :

Accepted landscape-client into jaunty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in landscape-client (Ubuntu Jaunty):
status: New → Fix Committed
Changed in landscape-client (Ubuntu Karmic):
status: New → Fix Committed
Martin Pitt (pitti) wrote :

Accepted landscape-client into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Andreas Hasenack (ahasenack) wrote :

Verified that landscape-client 1.5.4-0ubuntu0.10.04.0 in lucid-proposed fixes this bug. The CA certificate is downloaded, stored locally and specified in the client configuration:

# ls -la /var/lib/landscape/client/client.conf.ssl_public_key
-rw------- 1 landscape landscape 1103 2010-08-19 20:11 /var/lib/landscape/client/client.conf.ssl_public_key

# grep ssl_public_key /etc/landscape/client.conf
ssl_public_key = /var/lib/landscape/client/client.conf.ssl_public_key

# apt-cache policy landscape-client
landscape-client:
  Installed: 1.5.4-0ubuntu0.10.04.0
  Candidate: 1.5.4-0ubuntu0.10.04.0
  Version table:
 *** 1.5.4-0ubuntu0.10.04.0 0
        500 http://archive.ubuntu.com/ubuntu/ lucid-proposed/main Packages
        100 /var/lib/dpkg/status
     1.5.2.1-0ubuntu0.10.04.0 0
        500 http://archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
     1.5.0.1-0ubuntu0.10.04.0 0
        500 http://archive.ubuntu.com/ubuntu/ lucid/main Packages

Andreas Hasenack (ahasenack) wrote :

Verified that landscape-client 1.5.4-0ubuntu0.9.10.0 in karmic-proposed fixes this bug. The CA certificate is downloaded, stored locally and specified in the client configuration:

root@ip-172-56-125-36:~# ls -la /var/lib/landscape/client/client.conf.ssl_public_key
-rw------- 1 landscape landscape 1103 2010-08-19 20:42 /var/lib/landscape/client/client.conf.ssl_public_key

root@ip-172-56-125-36:~# grep ssl_public_key /etc/landscape/client.conf
ssl_public_key = /var/lib/landscape/client/client.conf.ssl_public_key

root@ip-172-56-125-36:~# apt-cache policy landscape-client
landscape-client:
  Installed: 1.5.4-0ubuntu0.9.10.0
  Candidate: 1.5.4-0ubuntu0.9.10.0
  Version table:
 *** 1.5.4-0ubuntu0.9.10.0 0
        500 http://archive.ubuntu.com karmic-proposed/main Packages
        100 /var/lib/dpkg/status
     1.5.2.1-0ubuntu0.9.10.0 0
        500 http://archive.ubuntu.com karmic-updates/main Packages
     1.3.2.4-0ubuntu0.9.10.0 0
        500 http://archive.ubuntu.com karmic/main Packages

Andreas Hasenack (ahasenack) wrote :

Verified that landscape-client 1.5.4-0ubuntu0.9.04.0 in jaunty-proposed fixes this bug. he CA certificate is downloaded, stored locally and specified in the client configuration:

root@domU-12-31-39-00-A8-67:~# ls -la /var/lib/landscape/client/client.conf.ssl_public_key
-rw------- 1 landscape landscape 1103 2010-08-19 21:10 /var/lib/landscape/client/client.conf.ssl_public_key
root@domU-12-31-39-00-A8-67:~# grep ssl_public_key /etc/landscape/client.conf
ssl_public_key = /var/lib/landscape/client/client.conf.ssl_public_key
root@domU-12-31-39-00-A8-67:~# apt-cache policy landscape-client
landscape-client:
  Installed: 1.5.4-0ubuntu0.9.04.0
  Candidate: 1.5.4-0ubuntu0.9.04.0
  Version table:
 *** 1.5.4-0ubuntu0.9.04.0 0
        500 http://archive.ubuntu.com jaunty-proposed/main Packages
        100 /var/lib/dpkg/status
     1.5.2.1-0ubuntu0.9.04.0 0
        500 http://ec2-us-east-mirror.rightscale.com jaunty-updates/main Packages
        500 http://ec2-us-east-mirror1.rightscale.com jaunty-updates/main Packages
        500 http://ec2-us-east-mirror2.rightscale.com jaunty-updates/main Packages
        500 http://ec2-us-east-mirror3.rightscale.com jaunty-updates/main Packages
     1.0.29.1-0ubuntu0.9.04.0 0
        500 http://ec2-us-east-mirror.rightscale.com jaunty/main Packages
        500 http://ec2-us-east-mirror1.rightscale.com jaunty/main Packages
        500 http://ec2-us-east-mirror2.rightscale.com jaunty/main Packages
        500 http://ec2-us-east-mirror3.rightscale.com jaunty/main Packages

Martin Pitt (pitti) on 2010-08-19
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package landscape-client - 1.5.4-0ubuntu0.10.04.0

---------------
landscape-client (1.5.4-0ubuntu0.10.04.0) lucid-proposed; urgency=low

  * New upstream version (LP: #610744):

    - The Eucalyptus management plugin reports the output of the
      'euca-describe-availability-zones verbose' command, which includes
      information about the available instance types and the maximum
      number of each instance type that the cloud can support (LP: #599338)

    - Check if the package directory exists before trying to check the
      package changer lock in the dbus-proxy. This fixes a bug when upgrading
      a dbus-landscape which never registered (LP: #603514).

    - Allow an LDS server to bootstrap new cloud instances with its own CA,
      which is picked up by the client, written to a file on the instance, and
      used in subsequent exchanges with the server (LP: #605079).

    - Skip loopback interface when reporting device info (LP: #608314)

    - Disable landscape-sysinfo when load is more than 1 (LP: #608278)
 -- Free Ekanayaka <email address hidden> Wed, 28 Jul 2010 08:14:02 +0200

Changed in landscape-client (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package landscape-client - 1.5.4-0ubuntu0.9.04.0

---------------
landscape-client (1.5.4-0ubuntu0.9.04.0) jaunty-proposed; urgency=low

  * New upstream version (LP: #610744):

    - The Eucalyptus management plugin reports the output of the
      'euca-describe-availability-zones verbose' command, which includes
      information about the available instance types and the maximum
      number of each instance type that the cloud can support (LP: #599338)

    - Check if the package directory exists before trying to check the
      package changer lock in the dbus-proxy. This fixes a bug when upgrading
      a dbus-landscape which never registered (LP: #603514).

    - Allow an LDS server to bootstrap new cloud instances with its own CA,
      which is picked up by the client, written to a file on the instance, and
      used in subsequent exchanges with the server (LP: #605079).

    - Skip loopback interface when reporting device info (LP: #608314)

    - Disable landscape-sysinfo when load is more than 1 (LP: #608278)
 -- Free Ekanayaka <email address hidden> Wed, 28 Jul 2010 08:14:02 +0200

Changed in landscape-client (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package landscape-client - 1.5.4-0ubuntu0.9.10.0

---------------
landscape-client (1.5.4-0ubuntu0.9.10.0) karmic-proposed; urgency=low

  * New upstream version (LP: #610744):

    - The Eucalyptus management plugin reports the output of the
      'euca-describe-availability-zones verbose' command, which includes
      information about the available instance types and the maximum
      number of each instance type that the cloud can support (LP: #599338)

    - Check if the package directory exists before trying to check the
      package changer lock in the dbus-proxy. This fixes a bug when upgrading
      a dbus-landscape which never registered (LP: #603514).

    - Allow an LDS server to bootstrap new cloud instances with its own CA,
      which is picked up by the client, written to a file on the instance, and
      used in subsequent exchanges with the server (LP: #605079).

    - Skip loopback interface when reporting device info (LP: #608314)

    - Disable landscape-sysinfo when load is more than 1 (LP: #608278)
 -- Free Ekanayaka <email address hidden> Wed, 28 Jul 2010 08:14:02 +0200

Changed in landscape-client (Ubuntu Karmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers