2015-10-13 12:24:05 |
Rolf Leggewie |
bug |
|
|
added bug |
2015-10-18 04:10:22 |
cell |
attachment added |
|
Minimal patch to work-around this bug. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498637/+files/apt-avahi-discover.patch |
|
2015-10-18 04:16:50 |
Ubuntu Foundations Team Bug Bot |
tags |
trusty |
patch trusty |
|
2015-10-18 04:16:57 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
2015-10-18 04:34:55 |
cell |
attachment removed |
Minimal patch to work-around this bug. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498637/+files/apt-avahi-discover.patch |
|
|
2015-10-18 04:36:54 |
cell |
attachment added |
|
Minimal patch to work-around this bug. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498665/+files/apt-avahi-discover.patch |
|
2015-10-18 04:41:43 |
cell |
attachment added |
|
Revised, syslog-based solution. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498666/+files/apt-avahi-discover-syslog.patch |
|
2015-10-19 08:53:52 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Server Team |
2015-10-19 12:43:58 |
Rolf Leggewie |
bug |
|
|
added subscriber Michael Vogt |
2015-10-19 12:44:20 |
Rolf Leggewie |
nominated for series |
|
Ubuntu Trusty |
|
2015-10-19 12:44:49 |
Rolf Leggewie |
squid-deb-proxy (Ubuntu): status |
New |
In Progress |
|
2016-01-29 22:04:28 |
varacanero |
bug |
|
|
added subscriber varacanero |
2016-01-29 22:05:03 |
varacanero |
removed subscriber varacanero |
|
|
|
2016-01-29 22:05:13 |
varacanero |
bug |
|
|
added subscriber varacanero |
2019-05-04 23:25:58 |
Rolf Leggewie |
squid-deb-proxy (Ubuntu): status |
In Progress |
Confirmed |
|
2019-05-06 17:50:38 |
Andreas Hasenack |
squid-deb-proxy (Ubuntu): status |
Confirmed |
Fix Released |
|
2020-04-24 10:00:38 |
Rolf Leggewie |
squid-deb-proxy (Ubuntu): status |
Fix Released |
Confirmed |
|
2020-04-24 10:01:55 |
Rolf Leggewie |
bug |
|
|
added subscriber Andreas Hasenack |
2020-04-24 10:06:52 |
Rolf Leggewie |
tags |
patch trusty |
bionic patch trusty |
|
2020-04-24 10:06:57 |
Rolf Leggewie |
tags |
bionic patch trusty |
bionic focal patch trusty |
|
2020-05-02 00:10:02 |
Rolf Leggewie |
bug task added |
|
python2.7 (Ubuntu) |
|
2021-08-17 19:05:20 |
Lucas Kanashiro |
nominated for series |
|
Ubuntu Bionic |
|
2021-08-17 19:05:20 |
Lucas Kanashiro |
bug task added |
|
python2.7 (Ubuntu Bionic) |
|
2021-08-17 19:05:20 |
Lucas Kanashiro |
bug task added |
|
squid-deb-proxy (Ubuntu Bionic) |
|
2021-08-17 19:05:20 |
Lucas Kanashiro |
nominated for series |
|
Ubuntu Focal |
|
2021-08-17 19:05:20 |
Lucas Kanashiro |
bug task added |
|
python2.7 (Ubuntu Focal) |
|
2021-08-17 19:05:20 |
Lucas Kanashiro |
bug task added |
|
squid-deb-proxy (Ubuntu Focal) |
|
2021-09-30 07:02:43 |
Christian Ehrhardt |
description |
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. |
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
|
2021-10-05 08:26:37 |
Christian Ehrhardt |
description |
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
|
2021-10-05 08:43:30 |
Christian Ehrhardt |
squid-deb-proxy (Ubuntu): assignee |
|
Miriam España Acebal (mirespace) |
|
2021-10-05 08:43:43 |
Christian Ehrhardt |
tags |
bionic focal patch trusty |
bionic focal patch server-next trusty |
|
2021-10-05 08:43:53 |
Christian Ehrhardt |
squid-deb-proxy (Ubuntu Bionic): assignee |
|
Miriam España Acebal (mirespace) |
|
2021-10-05 08:43:59 |
Christian Ehrhardt |
squid-deb-proxy (Ubuntu Focal): assignee |
|
Miriam España Acebal (mirespace) |
|
2021-10-05 08:44:05 |
Christian Ehrhardt |
nominated for series |
|
Ubuntu Hirsute |
|
2021-10-05 08:44:05 |
Christian Ehrhardt |
bug task added |
|
python2.7 (Ubuntu Hirsute) |
|
2021-10-05 08:44:05 |
Christian Ehrhardt |
bug task added |
|
squid-deb-proxy (Ubuntu Hirsute) |
|
2021-10-05 08:44:15 |
Christian Ehrhardt |
squid-deb-proxy (Ubuntu Hirsute): assignee |
|
Miriam España Acebal (mirespace) |
|
2021-10-05 08:44:22 |
Christian Ehrhardt |
bug task deleted |
python2.7 (Ubuntu) |
|
|
2021-10-05 08:44:27 |
Christian Ehrhardt |
bug task deleted |
python2.7 (Ubuntu Bionic) |
|
|
2021-10-05 08:44:30 |
Christian Ehrhardt |
bug task deleted |
python2.7 (Ubuntu Focal) |
|
|
2021-10-05 08:44:33 |
Christian Ehrhardt |
bug task deleted |
python2.7 (Ubuntu Hirsute) |
|
|
2021-10-05 08:58:21 |
Miriam España Acebal |
nominated for series |
|
Ubuntu Impish |
|
2021-10-05 08:58:21 |
Miriam España Acebal |
bug task added |
|
squid-deb-proxy (Ubuntu Impish) |
|
2021-10-05 10:41:08 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/409645 |
|
2021-10-05 13:26:34 |
Christian Ehrhardt |
bug |
|
|
added subscriber Christian Ehrhardt |
2021-10-05 13:26:51 |
Christian Ehrhardt |
summary |
"uncaptured python exception" |
python exceptions bleeding into stdout |
|
2021-10-06 07:56:34 |
Miriam España Acebal |
squid-deb-proxy (Ubuntu Impish): status |
Confirmed |
In Progress |
|
2021-10-06 11:22:40 |
Launchpad Janitor |
squid-deb-proxy (Ubuntu Impish): status |
In Progress |
Fix Released |
|
2021-10-15 08:53:46 |
Miriam España Acebal |
squid-deb-proxy (Ubuntu Bionic): status |
New |
In Progress |
|
2021-10-15 08:53:49 |
Miriam España Acebal |
squid-deb-proxy (Ubuntu Focal): status |
New |
In Progress |
|
2021-10-15 08:53:52 |
Miriam España Acebal |
squid-deb-proxy (Ubuntu Hirsute): status |
New |
In Progress |
|
2021-10-15 09:56:18 |
Miriam España Acebal |
description |
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout,
not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able
to figure out what the proxy URL is.
[Test Plan]
Steps to reproduce (by @cpaelzer ... thanks a lot!)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
### Testing also with without extra network interfaces:
$ sudo apt install avahi-utils squid-deb-proxy-client
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.12 2.1;3142;
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://192.168.122.1:3142/
# break it in the host by disabling cacher
$ systemctl stop apt-cacher-ng.service
# ensure it is gone
$ curl 192.168.122.1:3142
# check the output now
# redirect stderr to show it is not gone
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/ asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/ asyncore.py|handle_connect_event|425])
### Appliying the fix (here the example is for impish, but is the same for H,F & B)
Upgrade:
ubuntu@i-deb-proxy2:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
accountsservice language-selector-common libaccountsservice0 net-tools
Use 'sudo apt autoremove' to remove them.
The following packages have been kept back:
libgirepository-1.0-1 libglib2.0-0 libglib2.0-bin libp11-kit0 libpython3.9
libpython3.9-minimal libpython3.9-stdlib python3-cffi-backend python3-gi python3.9
python3.9-minimal
The following packages will be upgraded:
squid-deb-proxy-client
1 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.
Need to get 9124 B of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://ppa.launchpad.net/mirespace/impish-squid-deb-proxy-lp1505670-apt-avahi-discover/ubuntu impish/ main amd64 squid-deb-proxy-client all 0.8.15+nmu1ubuntu1.1~ppa-mirespace [9124 B]
Fetched 9124 B in 1s (7007 B/s)
(Reading database ... 95211 files and directories currently installed.)
Preparing to unpack .../squid-deb-proxy-client_0.8.15+nmu1ubuntu1.1~ppa-mirespace_all.deb ...
Unpacking squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) over (0.8.15+nmu1) ...
Setting up squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) ...
Scanning processes...
Scanning candidates...
Scanning linux images...
Restarting services...
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart getty@tty1.service
systemctl restart networkd-dispatcher.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
No containers need to be restarted.
User sessions running outdated binaries:
ubuntu @ session #1: sshd[1208,1305]
ubuntu @ user manager service: systemd[1211]
### Good response
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
/usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://192.168.122.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
|
2021-10-15 10:33:17 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/410286 |
|
2021-10-15 10:35:59 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/410287 |
|
2021-10-15 10:41:27 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/410288 |
|
2021-10-18 10:52:08 |
Miriam España Acebal |
description |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout,
not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able
to figure out what the proxy URL is.
[Test Plan]
Steps to reproduce (by @cpaelzer ... thanks a lot!)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
### Testing also with without extra network interfaces:
$ sudo apt install avahi-utils squid-deb-proxy-client
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.12 2.1;3142;
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://192.168.122.1:3142/
# break it in the host by disabling cacher
$ systemctl stop apt-cacher-ng.service
# ensure it is gone
$ curl 192.168.122.1:3142
# check the output now
# redirect stderr to show it is not gone
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/ asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/ asyncore.py|handle_connect_event|425])
### Appliying the fix (here the example is for impish, but is the same for H,F & B)
Upgrade:
ubuntu@i-deb-proxy2:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
accountsservice language-selector-common libaccountsservice0 net-tools
Use 'sudo apt autoremove' to remove them.
The following packages have been kept back:
libgirepository-1.0-1 libglib2.0-0 libglib2.0-bin libp11-kit0 libpython3.9
libpython3.9-minimal libpython3.9-stdlib python3-cffi-backend python3-gi python3.9
python3.9-minimal
The following packages will be upgraded:
squid-deb-proxy-client
1 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.
Need to get 9124 B of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://ppa.launchpad.net/mirespace/impish-squid-deb-proxy-lp1505670-apt-avahi-discover/ubuntu impish/ main amd64 squid-deb-proxy-client all 0.8.15+nmu1ubuntu1.1~ppa-mirespace [9124 B]
Fetched 9124 B in 1s (7007 B/s)
(Reading database ... 95211 files and directories currently installed.)
Preparing to unpack .../squid-deb-proxy-client_0.8.15+nmu1ubuntu1.1~ppa-mirespace_all.deb ...
Unpacking squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) over (0.8.15+nmu1) ...
Setting up squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) ...
Scanning processes...
Scanning candidates...
Scanning linux images...
Restarting services...
Service restarts being deferred:
/etc/needrestart/restart.d/dbus.service
systemctl restart getty@tty1.service
systemctl restart networkd-dispatcher.service
systemctl restart systemd-logind.service
systemctl restart unattended-upgrades.service
No containers need to be restarted.
User sessions running outdated binaries:
ubuntu @ session #1: sshd[1208,1305]
ubuntu @ user manager service: systemd[1211]
### Good response
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
/usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://192.168.122.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is.
[Test Plan]
The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery.
Note: In comment #22 there's a very straightforward test without need of extra ifaces.
Steps to reproduce (thanks to @cpaelzer and @sergiodj):
# 1
# Creating VM and the IPv4 addresses
$ for i in 1 2 3 4; do lxc network create testnet${i}; done
$ lxc network list
$ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm
$ lxc stop test-bug1505670-focal
$ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done
$ lxc start test-bug1505670-focal
$ lxc shell test-bug1505670-focal
$ sudo apt update
#2
# check if all are interfaces are configured
$ ip a
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed):
$ vim /etc/netplan/50-cloud-init.yaml
network:
version: 2
renderer: networked
ethernet:
enp5s0:
dhcp4: true
enp6s0:
dhcp4: true
enp7s0:
dhcp4: true
enp8s0:
dhcp4: true
enp09s0:
dhcp4: true
#apply the changes to the ifaces:
$ sudo netplan apply
# 3
#Caching
$ sudo apt install -y apt-cacher-ng
# 4
# avahi probes all ifaces
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142;
=;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142;
=;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142;
=;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142;
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142;
# 5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
# Check it is now dead from the guests POV with curl <addr>:3142, i.e.:
$ curl 10.8.60.155:3142
curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused
$ curl 10.232.244.137:3142
curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused
$ curl 10.115.171.242:3142
curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused
$ curl 10.47.127.209:3142
curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
[...]
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
http://10.115.171.1:3142/
### Good response, after applying the fix from proposed package
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://10.115.171.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
|
2021-10-18 10:54:34 |
Miriam España Acebal |
description |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is.
[Test Plan]
The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery.
Note: In comment #22 there's a very straightforward test without need of extra ifaces.
Steps to reproduce (thanks to @cpaelzer and @sergiodj):
# 1
# Creating VM and the IPv4 addresses
$ for i in 1 2 3 4; do lxc network create testnet${i}; done
$ lxc network list
$ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm
$ lxc stop test-bug1505670-focal
$ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done
$ lxc start test-bug1505670-focal
$ lxc shell test-bug1505670-focal
$ sudo apt update
#2
# check if all are interfaces are configured
$ ip a
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed):
$ vim /etc/netplan/50-cloud-init.yaml
network:
version: 2
renderer: networked
ethernet:
enp5s0:
dhcp4: true
enp6s0:
dhcp4: true
enp7s0:
dhcp4: true
enp8s0:
dhcp4: true
enp09s0:
dhcp4: true
#apply the changes to the ifaces:
$ sudo netplan apply
# 3
#Caching
$ sudo apt install -y apt-cacher-ng
# 4
# avahi probes all ifaces
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142;
=;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142;
=;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142;
=;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142;
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142;
# 5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
# Check it is now dead from the guests POV with curl <addr>:3142, i.e.:
$ curl 10.8.60.155:3142
curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused
$ curl 10.232.244.137:3142
curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused
$ curl 10.115.171.242:3142
curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused
$ curl 10.47.127.209:3142
curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
[...]
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
http://10.115.171.1:3142/
### Good response, after applying the fix from proposed package
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://10.115.171.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is.
[Test Plan]
The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Here you can see the test for Focal, but it has been the same behaviour for Hirsute, Bionic and Impish.
Note: In comment #22 there's a very straightforward test (Impish) without the need for extra ifaces.
Steps to reproduce (thanks to @cpaelzer and @sergiodj):
# 1
# Creating VM and the IPv4 addresses
$ for i in 1 2 3 4; do lxc network create testnet${i}; done
$ lxc network list
$ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm
$ lxc stop test-bug1505670-focal
$ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done
$ lxc start test-bug1505670-focal
$ lxc shell test-bug1505670-focal
$ sudo apt update
#2
# check if all are interfaces are configured
$ ip a
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed):
$ vim /etc/netplan/50-cloud-init.yaml
network:
version: 2
renderer: networked
ethernet:
enp5s0:
dhcp4: true
enp6s0:
dhcp4: true
enp7s0:
dhcp4: true
enp8s0:
dhcp4: true
enp09s0:
dhcp4: true
#apply the changes to the ifaces:
$ sudo netplan apply
# 3
#Caching
$ sudo apt install -y apt-cacher-ng
# 4
# avahi probes all ifaces
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142;
=;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142;
=;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142;
=;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142;
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142;
# 5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
# Check it is now dead from the guests POV with curl <addr>:3142, i.e.:
$ curl 10.8.60.155:3142
curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused
$ curl 10.232.244.137:3142
curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused
$ curl 10.115.171.242:3142
curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused
$ curl 10.47.127.209:3142
curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
[...]
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
http://10.115.171.1:3142/
### Good response, after applying the fix from proposed package
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://10.115.171.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
|
2021-10-26 15:00:42 |
Miriam España Acebal |
description |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is.
[Test Plan]
The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Here you can see the test for Focal, but it has been the same behaviour for Hirsute, Bionic and Impish.
Note: In comment #22 there's a very straightforward test (Impish) without the need for extra ifaces.
Steps to reproduce (thanks to @cpaelzer and @sergiodj):
# 1
# Creating VM and the IPv4 addresses
$ for i in 1 2 3 4; do lxc network create testnet${i}; done
$ lxc network list
$ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm
$ lxc stop test-bug1505670-focal
$ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done
$ lxc start test-bug1505670-focal
$ lxc shell test-bug1505670-focal
$ sudo apt update
#2
# check if all are interfaces are configured
$ ip a
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed):
$ vim /etc/netplan/50-cloud-init.yaml
network:
version: 2
renderer: networked
ethernet:
enp5s0:
dhcp4: true
enp6s0:
dhcp4: true
enp7s0:
dhcp4: true
enp8s0:
dhcp4: true
enp09s0:
dhcp4: true
#apply the changes to the ifaces:
$ sudo netplan apply
# 3
#Caching
$ sudo apt install -y apt-cacher-ng
# 4
# avahi probes all ifaces
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142;
=;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142;
=;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142;
=;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142;
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142;
# 5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
# Check it is now dead from the guests POV with curl <addr>:3142, i.e.:
$ curl 10.8.60.155:3142
curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused
$ curl 10.232.244.137:3142
curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused
$ curl 10.115.171.242:3142
curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused
$ curl 10.47.127.209:3142
curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
[...]
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
http://10.115.171.1:3142/
### Good response, after applying the fix from proposed package
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://10.115.171.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
[Impact]
As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is.
[Test Plan]
The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Here you can see the test for Focal, but it has been the same behaviour for Hirsute, Bionic and Impish.
Note: In comment #22 there's a very straightforward test (Impish) without the need for extra ifaces.
Steps to reproduce (thanks to @cpaelzer and @sergiodj):
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest VM to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
# 1
# On the Host, create the IPv4 addresses and the VM. Stop the VM to
# attach the ifaces and start again the VM to log in.
$ for i in 1 2 3 4; do lxc network create testnet${i}; done
$ lxc network list
$ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm
$ lxc stop test-bug1505670-focal
$ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done
$ lxc start test-bug1505670-focal
$ lxc shell test-bug1505670-focal
# Now at the VM, install prereq packages
$ sudo apt update
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured
$ ip a
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed):
$ vim /etc/netplan/50-cloud-init.yaml
network:
version: 2
renderer: networked
ethernet:
enp5s0:
dhcp4: true
enp6s0:
dhcp4: true
enp7s0:
dhcp4: true
enp8s0:
dhcp4: true
enp09s0:
dhcp4: true
#apply the changes to the ifaces:
$ sudo netplan apply
# 4
# avahi probes all ifaces
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
+;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142;
=;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142;
=;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142;
=;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142;
+;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local
=;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142;
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142;
=;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142;
=;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142;
=;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142;
# 5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
# Check it is now dead from the guests POV with curl <addr>:3142, i.e.:
$ curl 10.8.60.155:3142
curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused
$ curl 10.232.244.137:3142
curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused
$ curl 10.115.171.242:3142
curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused
$ curl 10.47.127.209:3142
curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
[...]
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142
apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142
### Bad response:
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py|read|83] [/usr/lib/python3.8/asyncore.py|handle_read_event|417] [/usr/lib/python3.8/asyncore.py|handle_connect_event|425])
http://10.115.171.1:3142/
### Good response, after applying the fix from proposed package
# now no output bleeding through
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
# actually since there is no proxy left there is juts nothing now in this setup
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
# But as soon as the cacher is back up it works:
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
http://10.115.171.1:3142/
[Where problems could occur]
As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular.
[Other Info]
The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo)
[Original Report]
-------------------------------------------------------------------
Steps to reproduce (for later SRU work)
#0
# On the test Host install apt-cacher-ng
# you need to do so before creating the guest to propagate
# and configure correctly when spawned
$ sudo apt install apt-cacher-ng
#1
# create a VM guest or container with at least three IPv4 adresses
# In the example below I used 4 virtio net in KVM all with DHCP configured
#2
# install prereq packages
$ sudo apt install avahi-utils squid-deb-proxy-client
#3
# check if all are interfaces are configured and avahi probes them all
# (you might need to edit netplan or E/N/I to e.g. dhcp on all of them)
$ avahi-browse -kprtf _apt_proxy._tcp
+;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local
+;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
+;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local
=;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142;
=;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000;
=;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000;
=;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000;
=;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000;
=;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000;
=;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000;
=;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000;
=;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000;
#5
# After being announced stop the cacher on the host
$ sudo systemctl stop apt-cacher-ng.service
#6
Check it is now dead from the guests POV
$ curl 192.168.122.1:3142
curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused
#7
# Ensure that it is still announced in avahi in the guest
$ avahi-browse -kprtf _apt_proxy._tcp | grep '^=' | cut -d";" -f 4,8-9 | grep -v '::'
...
apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142
#8
# Now run apt-avahi-discover which shows the python errors
# bleeding into the output even with stderr redirected
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py|read|83] [/usr/lib/python3.9/asyncore.py|handle_read_event|417] [/usr/lib/python3.9/asyncore.py|handle_connect_event|425])
http://192.168.122.42:8000/
P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported.
---
I get the following error when running the discovery script on the command line.
$ /usr/share/squid-deb-proxy-client/apt-avahi-discover
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py|read|83] [/usr/lib/python2.7/asyncore.py|handle_read_event|446] [/usr/lib/python2.7/asyncore.py|handle_connect_event|454])
http://172.24.74.145:3142/
The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.
To trigger the bug the environment setup needs to be in a specific way.
It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp
and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it.
TODO: a sample output of the above command in an affected environment could be helpful.
TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well. |
|
2021-10-27 16:32:46 |
Robie Basak |
squid-deb-proxy (Ubuntu Hirsute): status |
In Progress |
Fix Committed |
|
2021-10-27 16:32:47 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2021-10-27 16:32:50 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
2021-10-27 16:32:56 |
Robie Basak |
tags |
bionic focal patch server-next trusty |
bionic focal patch server-next trusty verification-needed verification-needed-hirsute |
|
2021-10-27 16:33:15 |
Robie Basak |
squid-deb-proxy (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
2021-10-27 16:33:22 |
Robie Basak |
tags |
bionic focal patch server-next trusty verification-needed verification-needed-hirsute |
bionic focal patch server-next trusty verification-needed verification-needed-focal verification-needed-hirsute |
|
2021-10-27 16:33:35 |
Robie Basak |
squid-deb-proxy (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2021-10-27 16:33:42 |
Robie Basak |
tags |
bionic focal patch server-next trusty verification-needed verification-needed-focal verification-needed-hirsute |
bionic focal patch server-next trusty verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute |
|
2021-10-27 16:47:21 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
2021-10-28 08:24:36 |
Miriam España Acebal |
bug |
|
|
added subscriber Miriam España Acebal |
2021-10-31 21:54:23 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Bionic): importance |
Undecided |
Low |
|
2021-10-31 21:54:26 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Focal): importance |
Undecided |
Low |
|
2021-10-31 21:54:29 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Hirsute): importance |
Undecided |
Low |
|
2021-10-31 22:05:01 |
Mathew Hodson |
bug task added |
|
squid-deb-proxy (Ubuntu Trusty) |
|
2021-10-31 22:05:11 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Trusty): status |
New |
Won't Fix |
|
2021-10-31 22:05:14 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Trusty): importance |
Undecided |
Low |
|
2021-10-31 22:06:16 |
Mathew Hodson |
nominated for series |
|
Ubuntu Xenial |
|
2021-10-31 22:06:16 |
Mathew Hodson |
bug task added |
|
squid-deb-proxy (Ubuntu Xenial) |
|
2021-10-31 22:06:25 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Xenial): status |
New |
Won't Fix |
|
2021-10-31 22:06:33 |
Mathew Hodson |
squid-deb-proxy (Ubuntu Xenial): importance |
Undecided |
Low |
|
2021-11-04 08:09:03 |
Christian Ehrhardt |
tags |
bionic focal patch server-next trusty verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute |
bionic focal patch server-next trusty verification-done verification-done-bionic verification-done-focal verification-done-hirsute |
|
2021-11-04 19:36:56 |
Launchpad Janitor |
squid-deb-proxy (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
2021-11-04 19:36:59 |
Brian Murray |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2021-11-04 19:40:32 |
Launchpad Janitor |
squid-deb-proxy (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2021-11-04 19:42:47 |
Launchpad Janitor |
squid-deb-proxy (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|