corosync-qdevice (3.0.0-2ubuntu1 to 3.0.0-4) autopkgtests regression

Bug #1837090 reported by Rafael David Tinoco on 2019-07-18
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
corosync-qdevice (Ubuntu)
Medium
Rafael David Tinoco

Bug Description

[Impact]

 * All autopkgtests that rely on corosync won't work correctly if started in an unprivileged container. This happens because corosync daemon needs some privileged kernel calls that aren't available if UID != 0 (like roots under unprivileged lxd containers).

[Test Case]

 * You can try to start corosync daemon in an unprivileged lxd container for any architecture. You will face the bug:
https://bugs.launchpad.net/ubuntu/+source/corosync/+bug/1837064

[Regression Potential]

 * Changes are being done only in debian/tests/* files and are being placed only in Eoan so we can pass all excuses, for all HA related packages.
 * Best fix here, in a near future, would be to have a way to skip tests if they're running in unprivileged containers.

[Other Info]

ORIGINAL DESCRIPTION

There is an autopkgtest failure for corosync-qdevice:

corosync-qdevice (3.0.0-2ubuntu1 to 3.0.0-4)
Maintainer: Debian HA Maintainers
Section: universe/misc
163 days old
autopkgtest for corosync-qdevice/3.0.0-4: amd64: Pass, arm64: Pass, armhf: Regression ♻ , i386: Pass, ppc64el: Pass, s390x: Pass
Not considered

For armhf:

Certificate request stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.crq
Signing cluster certificate
Certificate stored in /etc/corosync/qnetd/nssdb/cluster-debian.crt
Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12
Reloading corosync.conf...
Could not initialize corosync configuration API error CS_ERR_LIBRARY
autopkgtest [17:47:43]: test qdevice: -----------------------]
autopkgtest [17:47:46]: test qdevice: - - - - - - - - - - results - - - - - - - - - -
qdevice FAIL non-zero exit status 1
autopkgtest [17:47:48]: @@@@@@@@@@@@@@@@@@@@ summary
qnetd PASS
qdevice FAIL non-zero exit status 1

Changed in corosync-qdevice (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Rafael David Tinoco (rafaeldtinoco)

corosync-qdevice tests corosync daemon (obviously) and it is currently failing armhf only. That happens, specially now, because we've disabled corosync tests (and daemon startup) for unprivileged armhf containers (since it won't support memset max limit setting, that corosync daemon requires).

The change needed here is the same as the one did in:

corosync (3.0.1-2ubuntu1) eoan; urgency=medium

  * Skip autopkgtest for unprivileged containers: (LP: #1828228)
    - d/t/control: mark corosync test as skippable
    - d/t/corosync: skip if memlock can't be set to unlimited by root

pacemaker (2.0.1-4ubuntu2) eoan; urgency=medium

   * Skip autopkgtest for unprivileged containers: (LP: #1828228)
     - d/t/control: mark pacemaker test as skippable
     - d/t/pacemaker: skip if memlock can't be set to unlimited by root

 -- Rafael David Tinoco <email address hidden> Thu, 25 Jul 2019 16:50:01 +0000

To prove, I ran the autopkgtest in a unprivileged LXD:

Importing signed cluster certificate
Notice: Trust flag u is set automatically if the private key is present.
pk12util: PKCS12 EXPORT SUCCESSFUL
Certificate stored in /etc/corosync/qdevice/net/nssdb/qdevice-net-node.p12
Reloading corosync.conf...
Could not initialize corosync configuration API error CS_ERR_LIBRARY
autopkgtest [18:10:13]: test qdevice: -----------------------]
autopkgtest [18:10:13]: test qdevice: - - - - - - - - - - results - - - - - - - - - -
qdevice FAIL non-zero exit status 1
autopkgtest [18:10:13]: @@@@@@@@@@@@@@@@@@@@ summary
qdevice FAIL non-zero exit status 1

And got the same error from the 2nd test: corosync-qnetd

NOTE:

ulimit -H -l unlimited 2>/dev/null || {
    # https://bugs.launchpad.net/bugs/1828228
    echo "test disabled for unprivileged namespaces"
    exit 77
}

This is the test we are using to check if autopkgtest is running in an unprivileged container (as root, with "needs_root" work in debian/tests/control. Since this is the 3rd package already we have to do this test, and SKIP the test if needed, it would be good to have a way to skip test by a keyword in control file, like "no-unpriv-container" or something like it.

description: updated
Andreas Hasenack (ahasenack) wrote :

Uploaded:
$ dput ubuntu corosync-qdevice_3.0.0-4ubuntu1_source.changes
Checking signature on .changes
gpg: /home/ubuntu/x/corosync-qdevice_3.0.0-4ubuntu1_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: /home/ubuntu/x/corosync-qdevice_3.0.0-4ubuntu1.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading corosync-qdevice_3.0.0-4ubuntu1.dsc: done.
  Uploading corosync-qdevice_3.0.0-4ubuntu1.debian.tar.xz: done.
  Uploading corosync-qdevice_3.0.0-4ubuntu1_source.buildinfo: done.
  Uploading corosync-qdevice_3.0.0-4ubuntu1_source.changes: done.
Successfully uploaded packages.

The attachment "corosync-qdevice_3.0.0-4ubuntu1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch

Thank you!

TODO (mine): observe excuses now only and check if it passes.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package corosync-qdevice - 3.0.0-4ubuntu1

---------------
corosync-qdevice (3.0.0-4ubuntu1) eoan; urgency=medium

  * Skip autopkgtest for unprivileged containers: (LP: #1837090)
    - d/t/control: mark corosync-qnetd test as skippable
    - d/t/qdevice: skip if memlock can't be set to unlimited by root

 -- Rafael David Tinoco <email address hidden> Thu, 08 Aug 2019 18:28:45 +0000

Changed in corosync-qdevice (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers