Ubuntu
open-iscsi package

Bug #1785108
Comment #0

Comment 0 for bug 1785108

Revision history for this message

Scott Moser (smoser) wrote on 2018-08-02:

=== Begin SRU Template ===
[Impact]
Incorrect handling of udev events by open-iscsi's net-interface-handler
results in nameserver and dns search entries being removed from
/etc/resolv.conf and thus potentially breaking dns on a system.

This problem is limited to iscsi-root systems, but is easily tripped
by common use of linux networking. This was first discovered on
Oracle Public Cloud, which utilizes iscsi-root for its systems.

[Test Case]
1. Start a system with iscsi root. One such easily obtained environment is Oracle Public Cloud.
2. Collect resolvconf and ifupdown state
   mkdir before
   cp -a /run/resolvconf before/run-resolvconf
   cp /etc/resolv.conf before/etc-resolv.conf
   cp -a /run/network before/run-network
3. Create a tun/tap device
   sudo ip tuntap add mode tap user root mytap0
4. Remove the tun/tap device.
   sudo ip tuntap del mode tap mytap0
5. Collect resolvconf and ifupdown state and compare against '2'. The creation and removal of a tuntap device should not have affected resolvconf or ifupdown state.
   mkdir after
   cp -a /run/resolvconf after/run-resolvconf
   cp /etc/resolv.conf after/etc-resolv.conf
   cp -a /run/network after/run-network

diff -Naur before/ after/

[Regression Potential]
The codepath executed was and is entirely limited to systems with iscsi-root.
So regressions should also be limited as such. The most likely regression
would seem to be the failure to add or remove entries to resolvconf for the
iscsi-root interface. Before this was happening to often. A bad fix could
result in it happening not enough.

[Other Info]
net-interface-handler is currently executing 'resolvconf -a' on all
new network interfaces and 'resolvconf -d' on removal of all network
interfaces.

The problem with that is that an add and remove of any new interface
will have the result of effectively marking the iscsi-root interface down.
That includes removing the resolvconf entries for that interface.

This add/remove can happen for any number of reasons. Two such examples:
a.) docker container create/delete
     - sudo apt-get install -qy docker.io
     - sudo docker run --rm busybox date
b.) add/remove of a tuntap device.
     - sudo ip tuntap add mode tap user root mytap0
     - sudo ip tuntap del mode tap mytap0
=== End SRU Template ===

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.4 [modified: lib/open-iscsi/net-interface-handler]
ProcVersionSignature: User Name 4.4.0-130.156-generic 4.4.134
Uname: Linux 4.4.0-130-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Thu Aug 2 17:18:06 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: open-iscsi
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.iscsi.iscsid.conf: [inaccessible: [Errno 13] Permission denied: '/etc/iscsi/iscsid.conf']

=== Begin SRU Template ===
[Impact]
Incorrect handling of udev events by open-iscsi's net-interface-handler
results in nameserver and dns search entries being removed from 
/etc/resolv.conf and thus potentially breaking dns on a system.

This problem is limited to iscsi-root systems, but is easily tripped
by common use of linux networking.  This was first discovered on
Oracle Public Cloud, which utilizes iscsi-root for its systems.

[Test Case]
1. Start a system with iscsi root.  One such easily obtained environment is Oracle Public Cloud.
2. Collect resolvconf and ifupdown state
   mkdir before
   cp -a /run/resolvconf before/run-resolvconf
   cp /etc/resolv.conf before/etc-resolv.conf
   cp -a /run/network before/run-network
3. Create a tun/tap device
   sudo ip tuntap add mode tap user root mytap0
4. Remove the tun/tap device.
   sudo ip tuntap del mode tap mytap0
5. Collect resolvconf and ifupdown state and compare against '2'.  The creation and removal of a tuntap device should not have affected resolvconf or ifupdown state.
   mkdir after
   cp -a /run/resolvconf after/run-resolvconf
   cp /etc/resolv.conf after/etc-resolv.conf
   cp -a /run/network after/run-network

diff -Naur before/ after/

[Regression Potential]
The codepath executed was and is entirely limited to systems with iscsi-root.
So regressions should also be limited as such.  The most likely regression
would seem to be the failure to add or remove entries to resolvconf for the
iscsi-root interface.  Before this was happening to often.  A bad fix could
result in it happening not enough.

[Other Info]
net-interface-handler is currently executing 'resolvconf -a' on all
new network interfaces and 'resolvconf -d' on removal of all network
interfaces.

This add/remove can happen for any number of reasons.  Two such examples:
 a.) docker container create/delete
     - sudo apt-get install -qy docker.io
     - sudo docker run --rm busybox date
 b.) add/remove of a tuntap device.
     - sudo ip tuntap add mode tap user root mytap0
     - sudo ip tuntap del mode tap mytap0
=== End SRU Template ===

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: open-iscsi 2.0.873+git0.3b4b4500-14ubuntu3.4 [modified: lib/open-iscsi/net-interface-handler]
ProcVersionSignature: User Name 4.4.0-130.156-generic 4.4.134
Uname: Linux 4.4.0-130-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
Date: Thu Aug  2 17:18:06 2018
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: open-iscsi
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.iscsi.iscsid.conf: [inaccessible: [Errno 13] Permission denied: '/etc/iscsi/iscsid.conf']

Ubuntuopen-iscsi package

Comment 0 for bug 1785108

Ubuntu
open-iscsi package