Ubuntu
squid-deb-proxy package

Bug #1505670
Activity log

Activity log for bug #1505670

Date	Who	What changed	Old value	New value	Message
2015-10-13 12:24:05	Rolf Leggewie	bug			added bug
2015-10-18 04:10:22	cell	attachment added		Minimal patch to work-around this bug. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498637/+files/apt-avahi-discover.patch
2015-10-18 04:16:50	Ubuntu Foundations Team Bug Bot	tags	trusty	patch trusty
2015-10-18 04:16:57	Ubuntu Foundations Team Bug Bot	bug			added subscriber Ubuntu Review Team
2015-10-18 04:34:55	cell	attachment removed	Minimal patch to work-around this bug. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498637/+files/apt-avahi-discover.patch
2015-10-18 04:36:54	cell	attachment added		Minimal patch to work-around this bug. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498665/+files/apt-avahi-discover.patch
2015-10-18 04:41:43	cell	attachment added		Revised, syslog-based solution. https://bugs.launchpad.net/ubuntu/+source/squid-deb-proxy/+bug/1505670/+attachment/4498666/+files/apt-avahi-discover-syslog.patch
2015-10-19 08:53:52	Robie Basak	bug			added subscriber Ubuntu Server Team
2015-10-19 12:43:58	Rolf Leggewie	bug			added subscriber Michael Vogt
2015-10-19 12:44:20	Rolf Leggewie	nominated for series		Ubuntu Trusty
2015-10-19 12:44:49	Rolf Leggewie	squid-deb-proxy (Ubuntu): status	New	In Progress
2016-01-29 22:04:28	varacanero	bug			added subscriber varacanero
2016-01-29 22:05:03	varacanero	removed subscriber varacanero
2016-01-29 22:05:13	varacanero	bug			added subscriber varacanero
2019-05-04 23:25:58	Rolf Leggewie	squid-deb-proxy (Ubuntu): status	In Progress	Confirmed
2019-05-06 17:50:38	Andreas Hasenack	squid-deb-proxy (Ubuntu): status	Confirmed	Fix Released
2020-04-24 10:00:38	Rolf Leggewie	squid-deb-proxy (Ubuntu): status	Fix Released	Confirmed
2020-04-24 10:01:55	Rolf Leggewie	bug			added subscriber Andreas Hasenack
2020-04-24 10:06:52	Rolf Leggewie	tags	patch trusty	bionic patch trusty
2020-04-24 10:06:57	Rolf Leggewie	tags	bionic patch trusty	bionic focal patch trusty
2020-05-02 00:10:02	Rolf Leggewie	bug task added		python2.7 (Ubuntu)
2021-08-17 19:05:20	Lucas Kanashiro	nominated for series		Ubuntu Bionic
2021-08-17 19:05:20	Lucas Kanashiro	bug task added		python2.7 (Ubuntu Bionic)
2021-08-17 19:05:20	Lucas Kanashiro	bug task added		squid-deb-proxy (Ubuntu Bionic)
2021-08-17 19:05:20	Lucas Kanashiro	nominated for series		Ubuntu Focal
2021-08-17 19:05:20	Lucas Kanashiro	bug task added		python2.7 (Ubuntu Focal)
2021-08-17 19:05:20	Lucas Kanashiro	bug task added		squid-deb-proxy (Ubuntu Focal)
2021-09-30 07:02:43	Christian Ehrhardt 	description	I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1.	I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.
2021-10-05 08:26:37	Christian Ehrhardt 	description	I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.	Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.
2021-10-05 08:43:30	Christian Ehrhardt 	squid-deb-proxy (Ubuntu): assignee		Miriam España Acebal (mirespace)
2021-10-05 08:43:43	Christian Ehrhardt 	tags	bionic focal patch trusty	bionic focal patch server-next trusty
2021-10-05 08:43:53	Christian Ehrhardt 	squid-deb-proxy (Ubuntu Bionic): assignee		Miriam España Acebal (mirespace)
2021-10-05 08:43:59	Christian Ehrhardt 	squid-deb-proxy (Ubuntu Focal): assignee		Miriam España Acebal (mirespace)
2021-10-05 08:44:05	Christian Ehrhardt 	nominated for series		Ubuntu Hirsute
2021-10-05 08:44:05	Christian Ehrhardt 	bug task added		python2.7 (Ubuntu Hirsute)
2021-10-05 08:44:05	Christian Ehrhardt 	bug task added		squid-deb-proxy (Ubuntu Hirsute)
2021-10-05 08:44:15	Christian Ehrhardt 	squid-deb-proxy (Ubuntu Hirsute): assignee		Miriam España Acebal (mirespace)
2021-10-05 08:44:22	Christian Ehrhardt 	bug task deleted	python2.7 (Ubuntu)
2021-10-05 08:44:27	Christian Ehrhardt 	bug task deleted	python2.7 (Ubuntu Bionic)
2021-10-05 08:44:30	Christian Ehrhardt 	bug task deleted	python2.7 (Ubuntu Focal)
2021-10-05 08:44:33	Christian Ehrhardt 	bug task deleted	python2.7 (Ubuntu Hirsute)
2021-10-05 08:58:21	Miriam España Acebal	nominated for series		Ubuntu Impish
2021-10-05 08:58:21	Miriam España Acebal	bug task added		squid-deb-proxy (Ubuntu Impish)
2021-10-05 10:41:08	Launchpad Janitor	merge proposal linked		https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/409645
2021-10-05 13:26:34	Christian Ehrhardt 	bug			added subscriber Christian Ehrhardt 
2021-10-05 13:26:51	Christian Ehrhardt 	summary	"uncaptured python exception"	python exceptions bleeding into stdout
2021-10-06 07:56:34	Miriam España Acebal	squid-deb-proxy (Ubuntu Impish): status	Confirmed	In Progress
2021-10-06 11:22:40	Launchpad Janitor	squid-deb-proxy (Ubuntu Impish): status	In Progress	Fix Released
2021-10-15 08:53:46	Miriam España Acebal	squid-deb-proxy (Ubuntu Bionic): status	New	In Progress
2021-10-15 08:53:49	Miriam España Acebal	squid-deb-proxy (Ubuntu Focal): status	New	In Progress
2021-10-15 08:53:52	Miriam España Acebal	squid-deb-proxy (Ubuntu Hirsute): status	New	In Progress
2021-10-15 09:56:18	Miriam España Acebal	description	Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] Steps to reproduce (by @cpaelzer ... thanks a lot!) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ ### Testing also with without extra network interfaces: $ sudo apt install avahi-utils squid-deb-proxy-client $ avahi-browse -kprtf _apt_proxy._tcp +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.12 2.1;3142; $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://192.168.122.1:3142/ # break it in the host by disabling cacher $ systemctl stop apt-cacher-ng.service # ensure it is gone $ curl 192.168.122.1:3142 # check the output now # redirect stderr to show it is not gone $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/ asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/ asyncore.py\|handle_connect_event\|425]) ### Appliying the fix (here the example is for impish, but is the same for H,F & B) Upgrade: ubuntu@i-deb-proxy2:~$ sudo apt upgrade Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: accountsservice language-selector-common libaccountsservice0 net-tools Use 'sudo apt autoremove' to remove them. The following packages have been kept back: libgirepository-1.0-1 libglib2.0-0 libglib2.0-bin libp11-kit0 libpython3.9 libpython3.9-minimal libpython3.9-stdlib python3-cffi-backend python3-gi python3.9 python3.9-minimal The following packages will be upgraded: squid-deb-proxy-client 1 upgraded, 0 newly installed, 0 to remove and 11 not upgraded. Need to get 9124 B of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://ppa.launchpad.net/mirespace/impish-squid-deb-proxy-lp1505670-apt-avahi-discover/ubuntu impish/ main amd64 squid-deb-proxy-client all 0.8.15+nmu1ubuntu1.1~ppa-mirespace [9124 B] Fetched 9124 B in 1s (7007 B/s) (Reading database ... 95211 files and directories currently installed.) Preparing to unpack .../squid-deb-proxy-client_0.8.15+nmu1ubuntu1.1~ppa-mirespace_all.deb ... Unpacking squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) over (0.8.15+nmu1) ... Setting up squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) ... Scanning processes... Scanning candidates... Scanning linux images... Restarting services... Service restarts being deferred: /etc/needrestart/restart.d/dbus.service systemctl restart getty@tty1.service systemctl restart networkd-dispatcher.service systemctl restart systemd-logind.service systemctl restart unattended-upgrades.service No containers need to be restarted. User sessions running outdated binaries: ubuntu @ session #1: sshd[1208,1305] ubuntu @ user manager service: systemd[1211] ### Good response # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://192.168.122.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.
2021-10-15 10:33:17	Launchpad Janitor	merge proposal linked		https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/410286
2021-10-15 10:35:59	Launchpad Janitor	merge proposal linked		https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/410287
2021-10-15 10:41:27	Launchpad Janitor	merge proposal linked		https://code.launchpad.net/~mirespace/ubuntu/+source/squid-deb-proxy/+git/squid-deb-proxy/+merge/410288
2021-10-18 10:52:08	Miriam España Acebal	description	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] Steps to reproduce (by @cpaelzer ... thanks a lot!) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ ### Testing also with without extra network interfaces: $ sudo apt install avahi-utils squid-deb-proxy-client $ avahi-browse -kprtf _apt_proxy._tcp +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.12 2.1;3142; $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://192.168.122.1:3142/ # break it in the host by disabling cacher $ systemctl stop apt-cacher-ng.service # ensure it is gone $ curl 192.168.122.1:3142 # check the output now # redirect stderr to show it is not gone $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/ asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/ asyncore.py\|handle_connect_event\|425]) ### Appliying the fix (here the example is for impish, but is the same for H,F & B) Upgrade: ubuntu@i-deb-proxy2:~$ sudo apt upgrade Reading package lists... Done Building dependency tree... Done Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: accountsservice language-selector-common libaccountsservice0 net-tools Use 'sudo apt autoremove' to remove them. The following packages have been kept back: libgirepository-1.0-1 libglib2.0-0 libglib2.0-bin libp11-kit0 libpython3.9 libpython3.9-minimal libpython3.9-stdlib python3-cffi-backend python3-gi python3.9 python3.9-minimal The following packages will be upgraded: squid-deb-proxy-client 1 upgraded, 0 newly installed, 0 to remove and 11 not upgraded. Need to get 9124 B of archives. After this operation, 0 B of additional disk space will be used. Do you want to continue? [Y/n] Y Get:1 http://ppa.launchpad.net/mirespace/impish-squid-deb-proxy-lp1505670-apt-avahi-discover/ubuntu impish/ main amd64 squid-deb-proxy-client all 0.8.15+nmu1ubuntu1.1~ppa-mirespace [9124 B] Fetched 9124 B in 1s (7007 B/s) (Reading database ... 95211 files and directories currently installed.) Preparing to unpack .../squid-deb-proxy-client_0.8.15+nmu1ubuntu1.1~ppa-mirespace_all.deb ... Unpacking squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) over (0.8.15+nmu1) ... Setting up squid-deb-proxy-client (0.8.15+nmu1ubuntu1.1~ppa-mirespace) ... Scanning processes... Scanning candidates... Scanning linux images... Restarting services... Service restarts being deferred: /etc/needrestart/restart.d/dbus.service systemctl restart getty@tty1.service systemctl restart networkd-dispatcher.service systemctl restart systemd-logind.service systemctl restart unattended-upgrades.service No containers need to be restarted. User sessions running outdated binaries: ubuntu @ session #1: sshd[1208,1305] ubuntu @ user manager service: systemd[1211] ### Good response # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://192.168.122.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Note: In comment #22 there's a very straightforward test without need of extra ifaces. Steps to reproduce (thanks to @cpaelzer and @sergiodj): # 1 # Creating VM and the IPv4 addresses $ for i in 1 2 3 4; do lxc network create testnet${i}; done $ lxc network list $ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm $ lxc stop test-bug1505670-focal $ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done $ lxc start test-bug1505670-focal $ lxc shell test-bug1505670-focal $ sudo apt update #2 # check if all are interfaces are configured $ ip a # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed): $ vim /etc/netplan/50-cloud-init.yaml network: version: 2 renderer: networked ethernet: enp5s0: dhcp4: true enp6s0: dhcp4: true enp7s0: dhcp4: true enp8s0: dhcp4: true enp09s0: dhcp4: true #apply the changes to the ifaces: $ sudo netplan apply # 3 #Caching $ sudo apt install -y apt-cacher-ng # 4 # avahi probes all ifaces $ avahi-browse -kprtf _apt_proxy._tcp +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142; =;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142; =;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142; =;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142; +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142; # 5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 # Check it is now dead from the guests POV with curl <addr>:3142, i.e.: $ curl 10.8.60.155:3142 curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused $ curl 10.232.244.137:3142 curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused $ curl 10.115.171.242:3142 curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused $ curl 10.47.127.209:3142 curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' [...] apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) http://10.115.171.1:3142/ ### Good response, after applying the fix from proposed package # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup $ /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://10.115.171.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.
2021-10-18 10:54:34	Miriam España Acebal	description	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Note: In comment #22 there's a very straightforward test without need of extra ifaces. Steps to reproduce (thanks to @cpaelzer and @sergiodj): # 1 # Creating VM and the IPv4 addresses $ for i in 1 2 3 4; do lxc network create testnet${i}; done $ lxc network list $ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm $ lxc stop test-bug1505670-focal $ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done $ lxc start test-bug1505670-focal $ lxc shell test-bug1505670-focal $ sudo apt update #2 # check if all are interfaces are configured $ ip a # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed): $ vim /etc/netplan/50-cloud-init.yaml network: version: 2 renderer: networked ethernet: enp5s0: dhcp4: true enp6s0: dhcp4: true enp7s0: dhcp4: true enp8s0: dhcp4: true enp09s0: dhcp4: true #apply the changes to the ifaces: $ sudo netplan apply # 3 #Caching $ sudo apt install -y apt-cacher-ng # 4 # avahi probes all ifaces $ avahi-browse -kprtf _apt_proxy._tcp +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142; =;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142; =;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142; =;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142; +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142; # 5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 # Check it is now dead from the guests POV with curl <addr>:3142, i.e.: $ curl 10.8.60.155:3142 curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused $ curl 10.232.244.137:3142 curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused $ curl 10.115.171.242:3142 curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused $ curl 10.47.127.209:3142 curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' [...] apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) http://10.115.171.1:3142/ ### Good response, after applying the fix from proposed package # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup $ /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://10.115.171.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Here you can see the test for Focal, but it has been the same behaviour for Hirsute, Bionic and Impish. Note: In comment #22 there's a very straightforward test (Impish) without the need for extra ifaces. Steps to reproduce (thanks to @cpaelzer and @sergiodj): # 1 # Creating VM and the IPv4 addresses $ for i in 1 2 3 4; do lxc network create testnet${i}; done $ lxc network list $ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm $ lxc stop test-bug1505670-focal $ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done $ lxc start test-bug1505670-focal $ lxc shell test-bug1505670-focal $ sudo apt update #2 # check if all are interfaces are configured $ ip a # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed): $ vim /etc/netplan/50-cloud-init.yaml network: version: 2 renderer: networked ethernet: enp5s0: dhcp4: true enp6s0: dhcp4: true enp7s0: dhcp4: true enp8s0: dhcp4: true enp09s0: dhcp4: true #apply the changes to the ifaces: $ sudo netplan apply # 3 #Caching $ sudo apt install -y apt-cacher-ng # 4 # avahi probes all ifaces $ avahi-browse -kprtf _apt_proxy._tcp +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142; =;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142; =;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142; =;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142; +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142; # 5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 # Check it is now dead from the guests POV with curl <addr>:3142, i.e.: $ curl 10.8.60.155:3142 curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused $ curl 10.232.244.137:3142 curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused $ curl 10.115.171.242:3142 curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused $ curl 10.47.127.209:3142 curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' [...] apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) http://10.115.171.1:3142/ ### Good response, after applying the fix from proposed package # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup $ /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://10.115.171.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.
2021-10-26 15:00:42	Miriam España Acebal	description	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Here you can see the test for Focal, but it has been the same behaviour for Hirsute, Bionic and Impish. Note: In comment #22 there's a very straightforward test (Impish) without the need for extra ifaces. Steps to reproduce (thanks to @cpaelzer and @sergiodj): # 1 # Creating VM and the IPv4 addresses $ for i in 1 2 3 4; do lxc network create testnet${i}; done $ lxc network list $ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm $ lxc stop test-bug1505670-focal $ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done $ lxc start test-bug1505670-focal $ lxc shell test-bug1505670-focal $ sudo apt update #2 # check if all are interfaces are configured $ ip a # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed): $ vim /etc/netplan/50-cloud-init.yaml network: version: 2 renderer: networked ethernet: enp5s0: dhcp4: true enp6s0: dhcp4: true enp7s0: dhcp4: true enp8s0: dhcp4: true enp09s0: dhcp4: true #apply the changes to the ifaces: $ sudo netplan apply # 3 #Caching $ sudo apt install -y apt-cacher-ng # 4 # avahi probes all ifaces $ avahi-browse -kprtf _apt_proxy._tcp +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142; =;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142; =;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142; =;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142; +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142; # 5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 # Check it is now dead from the guests POV with curl <addr>:3142, i.e.: $ curl 10.8.60.155:3142 curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused $ curl 10.232.244.137:3142 curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused $ curl 10.115.171.242:3142 curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused $ curl 10.47.127.209:3142 curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' [...] apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) http://10.115.171.1:3142/ ### Good response, after applying the fix from proposed package # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup $ /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://10.115.171.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.	[Impact] As @cell explains, the problem here is that the errors are going to stdout, not to stderr. This means apt's Acquire::http::ProxyAutoDetect is not able to figure out what the proxy URL is. [Test Plan] The idea is to create a VM with several interfaces, to cache them plus to check configuration and do the discovery. Here you can see the test for Focal, but it has been the same behaviour for Hirsute, Bionic and Impish. Note: In comment #22 there's a very straightforward test (Impish) without the need for extra ifaces. Steps to reproduce (thanks to @cpaelzer and @sergiodj): #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest VM to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng # 1 # On the Host, create the IPv4 addresses and the VM. Stop the VM to # attach the ifaces and start again the VM to log in. $ for i in 1 2 3 4; do lxc network create testnet${i}; done $ lxc network list $ lxc launch ubuntu-daily:focal test-bug1505670-focal --vm $ lxc stop test-bug1505670-focal $ for i in 1 2 3 4; do lxc network attach testnet${i} test-bug1505670-focal; done $ lxc start test-bug1505670-focal $ lxc shell test-bug1505670-focal # Now at the VM, install prereq packages $ sudo apt update $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured $ ip a # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) to have the following content (check the names of your interfaces from the 'ip a' command above and change them if needed): $ vim /etc/netplan/50-cloud-init.yaml network: version: 2 renderer: networked ethernet: enp5s0: dhcp4: true enp6s0: dhcp4: true enp7s0: dhcp4: true enp8s0: dhcp4: true enp09s0: dhcp4: true #apply the changes to the ifaces: $ sudo netplan apply # 4 # avahi probes all ifaces $ avahi-browse -kprtf _apt_proxy._tcp +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local +;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.8.60.155;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.232.244.137;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.115.171.242;3142; =;enp5s0;IPv6;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142; =;enp5s0;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;10.47.127.209;3142; =;lo;IPv4;apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;_apt_proxy._tcp;local;test-bug1505670-focal.local;127.0.0.1;3142; +;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local =;enp8s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:701b:b04:c7ab::1;3142; =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.8.60.1;3142; =;enp6s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:bddd:a962:e084::1;3142; =;enp7s0;IPv6;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;fd42:3406:c5ba:899a::1;3142; =;enp6s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.115.171.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Camelot-TITAN;_apt_proxy._tcp;local;Camelot-TITAN.local;10.232.244.1;3142; # 5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 # Check it is now dead from the guests POV with curl <addr>:3142, i.e.: $ curl 10.8.60.155:3142 curl: (7) Failed to connect to 10.8.60.155 port 3142: Connection refused $ curl 10.232.244.137:3142 curl: (7) Failed to connect to 10.232.244.137 port 3142: Connection refused $ curl 10.115.171.242:3142 curl: (7) Failed to connect to 10.115.171.242 port 3142: Connection refused $ curl 10.47.127.209:3142 curl: (7) Failed to connect to 10.47.127.209 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... root@test-bug1505670-focal:~# avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' [...] apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:701b:b04:c7ab:216:3eff:feda:f1e7;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:3406:c5ba:899a:216:3eff:fecd:de74;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:bddd:a962:e084:216:3eff:fe11:a50c;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;fd42:ce31:bcba:21af:216:3eff:fe79:c522;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.8.60.155;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.232.244.137;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.115.171.242;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;10.47.127.209;3142 apt-cacher-ng\032proxy\032on\032test-bug1505670-focal;127.0.0.1;3142 ### Bad response: #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null root@test-bug1505670-focal:~# /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:701b:b04:c7ab:216:3eff:feda:f1e7', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:3406:c5ba:899a:216:3eff:fecd:de74', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:bddd:a962:e084:216:3eff:fe11:a50c', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('fd42:ce31:bcba:21af:216:3eff:fe79:c522', 3142, 0, 0): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.8.60.155', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.232.244.137', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.115.171.242', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.47.127.209', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('127.0.0.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.8/asyncore.py\|read\|83] [/usr/lib/python3.8/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.8/asyncore.py\|handle_connect_event\|425]) http://10.115.171.1:3142/ ### Good response, after applying the fix from proposed package # now no output bleeding through $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null # actually since there is no proxy left there is juts nothing now in this setup $ /usr/share/squid-deb-proxy-client/apt-avahi-discover # But as soon as the cacher is back up it works: $ /usr/share/squid-deb-proxy-client/apt-avahi-discover http://10.115.171.1:3142/ [Where problems could occur] As the change itself redirects the errors to the proper logs using the proper output flow (stderr), the risk of losing any kind of information is avoided as well as the risk to produce any kind of interference with the rest of the system. It uses standard python calls to do it, so it doesn't have to rely on anything in particular. [Other Info] The change is cherry-picked from upstream for fixing this bug precisely: https://github.com/mvo5/squid-deb-proxy/commit/604ba3f98beff25a8fd51783d3ffc4db5e987dab (Thanks to @mvo) [Original Report] ------------------------------------------------------------------- Steps to reproduce (for later SRU work) #0 # On the test Host install apt-cacher-ng # you need to do so before creating the guest to propagate # and configure correctly when spawned $ sudo apt install apt-cacher-ng #1 # create a VM guest or container with at least three IPv4 adresses # In the example below I used 4 virtio net in KVM all with DHCP configured #2 # install prereq packages $ sudo apt install avahi-utils squid-deb-proxy-client #3 # check if all are interfaces are configured and avahi probes them all # (you might need to edit netplan or E/N/I to e.g. dhcp on all of them) $ avahi-browse -kprtf _apt_proxy._tcp +;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local +;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local +;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local =;enp8s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp7s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp1s0;IPv4;apt-cacher-ng\032proxy\032on\032Keschdeichel;_apt_proxy._tcp;local;Keschdeichel.local;192.168.122.1;3142; =;enp9s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp8s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe73:b27d;8000; =;enp7s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe3a:53e7;8000; =;enp1s0;IPv6;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;fe80::5054:ff:fe4e:2923;8000; =;enp9s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.125;8000; =;enp8s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.202;8000; =;enp7s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.186;8000; =;enp1s0;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;192.168.122.42;8000; =;lo;IPv4;Squid\032deb\032proxy\032on\032i-deb-proxy;_apt_proxy._tcp;local;i-deb-proxy.local;127.0.0.1;8000; #5 # After being announced stop the cacher on the host $ sudo systemctl stop apt-cacher-ng.service #6 Check it is now dead from the guests POV $ curl 192.168.122.1:3142 curl: (7) Failed to connect to 192.168.122.1 port 3142: Connection refused #7 # Ensure that it is still announced in avahi in the guest $ avahi-browse -kprtf _apt_proxy._tcp \| grep '^=' \| cut -d";" -f 4,8-9 \| grep -v '::' ... apt-cacher-ng\032proxy\032on\032Keschdeichel;192.168.122.1;3142 #8 # Now run apt-avahi-discover which shows the python errors # bleeding into the output even with stderr redirected $ /usr/share/squid-deb-proxy-client/apt-avahi-discover 2>/dev/null error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) error: uncaptured python exception, closing channel <AptAvahiClient> ('192.168.122.1', 3142): 9223372036854775807 (<class 'ConnectionRefusedError'>:[Errno 111] Connection refused [/usr/lib/python3.9/asyncore.py\|read\|83] [/usr/lib/python3.9/asyncore.py\|handle_read_event\|417] [/usr/lib/python3.9/asyncore.py\|handle_connect_event\|425]) http://192.168.122.42:8000/ P.S. I'm (paelzer) not entirely sure we need "multiple" IPs an announced but down entry might be enough, but we want to stick close to what was reported. --- I get the following error when running the discovery script on the command line. $ /usr/share/squid-deb-proxy-client/apt-avahi-discover error: uncaptured python exception, closing channel <AptAvahiClient> ('10.1.2.3', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('10.0.3.1', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) error: uncaptured python exception, closing channel <AptAvahiClient> ('172.24.74.129', 3142): 2147483647 (<class 'socket.error'>:[Errno 111] Connection refused [/usr/lib/python2.7/asyncore.py\|read\|83] [/usr/lib/python2.7/asyncore.py\|handle_read_event\|446] [/usr/lib/python2.7/asyncore.py\|handle_connect_event\|454]) http://172.24.74.145:3142/ The last line still returns the proper proxy URI so as far as I can tell things are still working. The IP 10.1.2.3 is for an n2n VPN. This is on trusty with version 0.8.6ubuntu1. To trigger the bug the environment setup needs to be in a specific way. It seems for the problem to occur it need more than one host/IP discovered via avahi. This can be probed via $ avahi-browse -kprtf _apt_proxy._tcp and e.g. the common LXD setup of IPv4 + ipv6 is NOT enough to trigger it. TODO: a sample output of the above command in an affected environment could be helpful. TODO: if possible outlining how the environment can be configured to have this multi host/IP reply in avahi would be helpful as well.
2021-10-27 16:32:46	Robie Basak	squid-deb-proxy (Ubuntu Hirsute): status	In Progress	Fix Committed
2021-10-27 16:32:47	Robie Basak	bug			added subscriber Ubuntu Stable Release Updates Team
2021-10-27 16:32:50	Robie Basak	bug			added subscriber SRU Verification
2021-10-27 16:32:56	Robie Basak	tags	bionic focal patch server-next trusty	bionic focal patch server-next trusty verification-needed verification-needed-hirsute
2021-10-27 16:33:15	Robie Basak	squid-deb-proxy (Ubuntu Focal): status	In Progress	Fix Committed
2021-10-27 16:33:22	Robie Basak	tags	bionic focal patch server-next trusty verification-needed verification-needed-hirsute	bionic focal patch server-next trusty verification-needed verification-needed-focal verification-needed-hirsute
2021-10-27 16:33:35	Robie Basak	squid-deb-proxy (Ubuntu Bionic): status	In Progress	Fix Committed
2021-10-27 16:33:42	Robie Basak	tags	bionic focal patch server-next trusty verification-needed verification-needed-focal verification-needed-hirsute	bionic focal patch server-next trusty verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute
2021-10-27 16:47:21	Robie Basak	bug			added subscriber Robie Basak
2021-10-28 08:24:36	Miriam España Acebal	bug			added subscriber Miriam España Acebal
2021-10-31 21:54:23	Mathew Hodson	squid-deb-proxy (Ubuntu Bionic): importance	Undecided	Low
2021-10-31 21:54:26	Mathew Hodson	squid-deb-proxy (Ubuntu Focal): importance	Undecided	Low
2021-10-31 21:54:29	Mathew Hodson	squid-deb-proxy (Ubuntu Hirsute): importance	Undecided	Low
2021-10-31 22:05:01	Mathew Hodson	bug task added		squid-deb-proxy (Ubuntu Trusty)
2021-10-31 22:05:11	Mathew Hodson	squid-deb-proxy (Ubuntu Trusty): status	New	Won't Fix
2021-10-31 22:05:14	Mathew Hodson	squid-deb-proxy (Ubuntu Trusty): importance	Undecided	Low
2021-10-31 22:06:16	Mathew Hodson	nominated for series		Ubuntu Xenial
2021-10-31 22:06:16	Mathew Hodson	bug task added		squid-deb-proxy (Ubuntu Xenial)
2021-10-31 22:06:25	Mathew Hodson	squid-deb-proxy (Ubuntu Xenial): status	New	Won't Fix
2021-10-31 22:06:33	Mathew Hodson	squid-deb-proxy (Ubuntu Xenial): importance	Undecided	Low
2021-11-04 08:09:03	Christian Ehrhardt 	tags	bionic focal patch server-next trusty verification-needed verification-needed-bionic verification-needed-focal verification-needed-hirsute	bionic focal patch server-next trusty verification-done verification-done-bionic verification-done-focal verification-done-hirsute
2021-11-04 19:36:56	Launchpad Janitor	squid-deb-proxy (Ubuntu Hirsute): status	Fix Committed	Fix Released
2021-11-04 19:36:59	Brian Murray	removed subscriber Ubuntu Stable Release Updates Team
2021-11-04 19:40:32	Launchpad Janitor	squid-deb-proxy (Ubuntu Focal): status	Fix Committed	Fix Released
2021-11-04 19:42:47	Launchpad Janitor	squid-deb-proxy (Ubuntu Bionic): status	Fix Committed	Fix Released

Ubuntusquid-deb-proxy package

Activity log for bug #1505670

Ubuntu
squid-deb-proxy package