Launchpad itself

security.py needs to be smarter

Bug #54009 reported by Stuart Bishop
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Stuart Bishop
Launchpad itself 10.12

Bug Description

security.py should be smarter and only change permissions when it needs to,
rather than its current method of resetting everything and rebuilding from
scratch. This would make it possible to run the script against a live
database in most cases

 affects /products/launchpad
 assignee stub
 status confirmed

--
Stuart Bishop <email address hidden> http://www.canonical.com/
Canonical Ltd. http://www.ubuntu.com/

Stuart Bishop (stub)
Changed in launchpad:
importance: Untriaged → Wishlist
Revision history for this message
Stuart Bishop (stub) wrote :

This causes an outage of the login servers during upgrades.

security.py revokes all permissions and then resets then per config. This creates a window where the login servers do not have permission to read the tables they need to.

Changed in launchpad-foundations:
assignee: Stuart Bishop (stub) → nobody
importance: Low → High
milestone: none → 3.1.11
Gary Poster (gary)
Changed in launchpad-foundations:
milestone: 3.1.11 → none
Revision history for this message
Tom Haddon (mthaddon) wrote :

This is a virtual necessity now, especially given the drive towards continuous rollout. It has bitten us most recently with https://wiki.canonical.com/IncidentReports/2010-10-12-Branching-Ubuntu

tags: added: canonical-losa-lp
Gary Poster (gary)
Changed in launchpad-foundations:
assignee: nobody → Stuart Bishop (stub)
Stuart Bishop (stub)
Changed in launchpad-foundations:
status: Triaged → In Progress
milestone: none → 10.12
Revision history for this message
Launchpad QA Bot (lpqabot) wrote : Bug fixed by a commit

Fixed in db-stable r9977 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-stable/revision/9977>.

tags: added: qa-needstesting
Changed in launchpad-foundations:
status: In Progress → Fix Committed
Revision history for this message
Tom Haddon (mthaddon) wrote :

Is this a new option, or something that just happens automatically? Just wondering how we can apply this/test.

Revision history for this message
Robert Collins (lifeless) wrote : Re: [Bug 54009] Re: security.py needs to be smarter

Its a new option - we can test it on qastaging: make the automatic
deploys run the --norevoke version only, and at the monthly deploy run
the full version when we test the full database patch story.

Revision history for this message
Launchpad QA Bot (lpqabot) wrote : Bug fixed by a commit

Fixed in db-stable r9984 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/db-stable/revision/9984>.

Revision history for this message
Stuart Bishop (stub) wrote :

So to be clear:
 - Update code on database host
 - Run security.py --no-revoke
 - Update code on the rest of the systems

By granting the new permissions and not revoking old permissions, we no longer have a window where database permissions do not patch permissions required by running code.

If we want, after the update we can run normal security.py to revoke permissions that should no longer be needed, but I don't think this gains us anything and just makes it more likely to shoot ourselves in the foot.

Revision history for this message
Gary Poster (gary) wrote :

Thank you Stuart. Have you called the LOSAs' attention to this? Alternatively, can a LOSA ack Stuart's message?

Stuart Bishop (stub)
tags: added: qa-ok
removed: qa-needstesting
Curtis Hovey (sinzui)
Changed in launchpad-foundations:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.