| 2020-09-18 21:38:42 |
dann frazier |
bug |
|
|
added bug |
| 2020-09-21 17:38:13 |
dann frazier |
nominated for series |
|
Ubuntu Groovy |
|
| 2020-09-21 17:38:13 |
dann frazier |
bug task added |
|
clevis (Ubuntu Groovy) |
|
| 2020-09-21 17:38:13 |
dann frazier |
nominated for series |
|
Ubuntu Focal |
|
| 2020-09-21 17:38:13 |
dann frazier |
bug task added |
|
clevis (Ubuntu Focal) |
|
| 2020-09-21 17:38:13 |
dann frazier |
nominated for series |
|
Ubuntu Bionic |
|
| 2020-09-21 17:38:13 |
dann frazier |
bug task added |
|
clevis (Ubuntu Bionic) |
|
| 2020-09-21 17:38:40 |
dann frazier |
clevis (Ubuntu Groovy): status |
New |
In Progress |
|
| 2020-09-21 17:38:43 |
dann frazier |
clevis (Ubuntu Groovy): assignee |
|
dann frazier (dannf) |
|
| 2020-09-21 17:38:48 |
dann frazier |
clevis (Ubuntu Focal): status |
New |
Triaged |
|
| 2020-09-21 17:38:50 |
dann frazier |
clevis (Ubuntu Bionic): status |
New |
Triaged |
|
| 2020-09-21 20:52:57 |
Launchpad Janitor |
clevis (Ubuntu Groovy): status |
In Progress |
Fix Released |
|
| 2020-09-28 21:54:37 |
dann frazier |
description |
[Impact]
If a user has multiple NICs, and only one of them can reach the tang server, the default experience with clevis is unpredictable. initramfs-tools' configure_networking() function will try to configure each interface until one succeeds. But the one that configures fastest may not be the one that can communicate with the server.
[Fix]
In a multi-NIC case, the only way for configure_networking() to know which interface is the correct one is for the user to tell it. This can be done using the standard ip= command line parameter. However, there are currently no in-band recommendations for the user to know to do this. Since the failure mode will likely be intermittent due to the race, it can be difficult to identify the cause and therefore the solution. We can detect the situation at boot time though, and warn the user, as done in this upstream commit:
https://github.com/latchset/clevis/commit/ae3249ed5ff102aa57650c3171330c47a41c95e8
[Test Case]
1) Boot a system w/ 2 NICs and no ip= parameter; verify that the warning is displayed.
2) Boot a system w/ 2 NICs and an ip= parameter; verify that the warning is *not* displayed
In both situations, verify that the system still unlocks automatically.
[Regression Potential]
A coding error here could break auto-unlocking of a LUKs root device, requiring the user to manually enter a passphrase on the console. |
[Impact]
If a user has multiple NICs, and only one of them can reach the tang server, the default experience with clevis is unpredictable. initramfs-tools' configure_networking() function will try to configure each interface until one succeeds. But the one that configures fastest may not be the one that can communicate with the server. This could cause the system to fail to automatically unlock a LUKS volume, requiring physical access to enter a passphrase to unlock
[Fix]
In a multi-NIC case, the only way for configure_networking() to know which interface is the correct one is for the user to tell it. This can be done using the standard ip= command line parameter. However, there are currently no in-band recommendations for the user to know to do this. Since the failure mode will likely be intermittent due to the race, it can be difficult to identify the cause and therefore the solution. We can detect the situation at boot time though, and warn the user, as done in this upstream commit:
https://github.com/latchset/clevis/commit/ae3249ed5ff102aa57650c3171330c47a41c95e8
[Test Case]
1) Boot a system w/ 2 NICs and no ip= parameter; verify that the warning is displayed.
2) Boot a system w/ 2 NICs and an ip= parameter; verify that the warning is *not* displayed
In both situations, verify that the system still unlocks automatically.
[Regression Potential]
A coding error here could break auto-unlocking of a LUKs root device, requiring the user to manually enter a passphrase on the console. |
|
| 2020-10-13 22:54:34 |
dann frazier |
clevis (Ubuntu Focal): status |
Triaged |
In Progress |
|
| 2020-10-13 22:54:36 |
dann frazier |
clevis (Ubuntu Bionic): status |
Triaged |
In Progress |
|
| 2020-10-13 22:54:39 |
dann frazier |
clevis (Ubuntu Bionic): assignee |
|
dann frazier (dannf) |
|
| 2020-10-13 22:54:42 |
dann frazier |
clevis (Ubuntu Focal): assignee |
|
dann frazier (dannf) |
|
| 2020-10-20 21:20:16 |
Brian Murray |
clevis (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-10-20 21:20:18 |
Brian Murray |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-10-20 21:20:21 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2020-10-20 21:20:24 |
Brian Murray |
tags |
|
verification-needed verification-needed-focal |
|
| 2020-10-20 22:11:16 |
Brian Murray |
clevis (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
| 2020-10-20 22:11:22 |
Brian Murray |
tags |
verification-needed verification-needed-focal |
verification-needed verification-needed-bionic verification-needed-focal |
|
| 2020-10-20 23:23:04 |
dann frazier |
tags |
verification-needed verification-needed-bionic verification-needed-focal |
verification-done-focal verification-needed verification-needed-bionic |
|
| 2020-10-23 20:07:19 |
dann frazier |
tags |
verification-done-focal verification-needed verification-needed-bionic |
verification-done verification-done-bionic verification-done-focal |
|
| 2020-10-28 01:17:24 |
Launchpad Janitor |
clevis (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
| 2020-10-28 01:30:44 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2020-10-28 01:41:43 |
Launchpad Janitor |
clevis (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
