corosync-qdevice (3.0.0-2ubuntu1 to 3.0.0-4) autopkgtests regression

Bug #1837090 reported by Rafael David Tinoco
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
corosync-qdevice (Ubuntu)
Fix Released
Medium
Rafael David Tinoco

Bug Description

[Impact]

 * All autopkgtests that rely on corosync won't work correctly if started in an unprivileged container. This happens because corosync daemon needs some privileged kernel calls that aren't available if UID != 0 (like roots under unprivileged lxd containers).

[Test Case]

 * You can try to start corosync daemon in an unprivileged lxd container for any architecture. You will face the bug:
https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1837064

[Regression Potential]

 * Changes are being done only in debian/tests/* files and are being placed only in Eoan so we can pass all excuses, for all HA related packages.
 * Best fix here, in a near future, would be to have a way to skip tests if they're running in unprivileged containers.

[Other Info]

ORIGINAL DESCRIPTION

There is an autopkgtest failure for corosync-qdevice:

corosync-qdevice (3.0.0-2ubuntu1 to 3.0.0-4)
Maintainer: Debian HA Maintainers
Section: universe/misc
163 days old
autopkgtest for corosync-qdevice/3.0.0-4: amd64: Pass, arm64: Pass, armhf: Regression ♻ , i386: Pass, ppc64el: Pass, s390x: Pass
Not considered

For armhf:

Certificate request stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.crq
Signing cluster certificate
Certificate stored in /etc/corosync/qnetd/nssdb/cluster-debian.crt
Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12
Reloading corosync.conf...
Could not initialize corosync configuration API error CS_ERR_LIBRARY
autopkgtest [17:47:43]: test qdevice: -----------------------]
autopkgtest [17:47:46]: test qdevice: - - - - - - - - - - results - - - - - - - - - -
qdevice FAIL non-zero exit status 1
autopkgtest [17:47:48]: @@@@@@@@@@@@@@@@@@@@ summary
qnetd PASS
qdevice FAIL non-zero exit status 1

Tags: patch
Changed in corosync-qdevice (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Rafael David Tinoco (rafaeldtinoco)
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

corosync-qdevice tests corosync daemon (obviously) and it is currently failing armhf only. That happens, specially now, because we've disabled corosync tests (and daemon startup) for unprivileged armhf containers (since it won't support memset max limit setting, that corosync daemon requires).

The change needed here is the same as the one did in:

corosync (3.0.1-2ubuntu1) eoan; urgency=medium

  * Skip autopkgtest for unprivileged containers: (LP: #1828228)
    - d/t/control: mark corosync test as skippable
    - d/t/corosync: skip if memlock can't be set to unlimited by root

pacemaker (2.0.1-4ubuntu2) eoan; urgency=medium

   * Skip autopkgtest for unprivileged containers: (LP: #1828228)
     - d/t/control: mark pacemaker test as skippable
     - d/t/pacemaker: skip if memlock can't be set to unlimited by root

 -- Rafael David Tinoco <email address hidden> Thu, 25 Jul 2019 16:50:01 +0000

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

To prove, I ran the autopkgtest in a unprivileged LXD:

Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12
Reloading corosync.conf...
Could not initialize corosync configuration API error CS_ERR_LIBRARY
autopkgtest [18:10:13]: test qdevice: -----------------------]
autopkgtest [18:10:13]: test qdevice: - - - - - - - - - - results - - - - - - - - - -
qdevice FAIL non-zero exit status 1
autopkgtest [18:10:13]: @@@@@@@@@@@@@@@@@@@@ summary
qdevice FAIL non-zero exit status 1

And got the same error from the 2nd test: corosync-qnetd

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

NOTE:

ulimit -H -l unlimited 2>/dev/null || {
    # https://bugs.launchpad.net/bugs/1828228
    echo "test disabled for unprivileged namespaces"
    exit 77
}

This is the test we are using to check if autopkgtest is running in an unprivileged container (as root, with "needs_root" work in debian/tests/control. Since this is the 3rd package already we have to do this test, and SKIP the test if needed, it would be good to have a way to skip test by a keyword in control file, like "no-unpriv-container" or something like it.

Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :
description: updated
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Uploaded:
$ dput ubuntu corosync-qdevice_3.0.0-4ubuntu1_source.changes
Checking signature on .changes
gpg: /home/ubuntu/x/corosync-qdevice_3.0.0-4ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: /home/ubuntu/x/corosync-qdevice_3.0.0-4ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading corosync-qdevice_3.0.0-4ubuntu1.dsc: done.
  Uploading corosync-qdevice_3.0.0-4ubuntu1.debian.tar.xz: done.
  Uploading corosync-qdevice_3.0.0-4ubuntu1_source.buildinfo: done.
  Uploading corosync-qdevice_3.0.0-4ubuntu1_source.changes: done.
Successfully uploaded packages.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "corosync-qdevice_3.0.0-4ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
Rafael David Tinoco (rafaeldtinoco) wrote :

Thank you!

TODO (mine): observe excuses now only and check if it passes.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package corosync-qdevice - 3.0.0-4ubuntu1

---------------
corosync-qdevice (3.0.0-4ubuntu1) eoan; urgency=medium

  * Skip autopkgtest for unprivileged containers: (LP: #1837090)
    - d/t/control: mark corosync-qnetd test as skippable
    - d/t/qdevice: skip if memlock can't be set to unlimited by root

 -- Rafael David Tinoco <email address hidden> Thu, 08 Aug 2019 18:28:45 +0000

Changed in corosync-qdevice (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers