enabling networkd appears to eat up entropy

Bug #1712921 reported by Dimitri John Ledkov on 2017-08-24
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nplan (Ubuntu)
Critical
Mathieu Trudel-Lapierre
Xenial
Undecided
Unassigned
Zesty
Undecided
Unassigned
Artful
Critical
Mathieu Trudel-Lapierre
Bionic
Critical
Mathieu Trudel-Lapierre
openssh (Ubuntu)
Critical
Dimitri John Ledkov
Xenial
Undecided
Unassigned
Zesty
Undecided
Unassigned
Artful
Critical
Dimitri John Ledkov
Bionic
Critical
Dimitri John Ledkov
systemd (Ubuntu)
Critical
Dimitri John Ledkov
Xenial
Undecided
Unassigned
Zesty
Undecided
Unassigned
Artful
Critical
Dimitri John Ledkov
Bionic
Critical
Dimitri John Ledkov

Bug Description

[Impact]
Booting systems have a limited amount of entropy, especially in some of the cloud cases. We should avoid using it up unnecessarily.

[Test cases]

== netplan ==
1) Boot system with netplan config; using networkd renderer
2) Validate that it starts and does not cause undue delay.
2b) strace nplan at boottime (the netplan generator at /lib/systemd/system-generators/netplan) and validate it does not call get_random() / uuid_generate().
3) Validate that config with NetworkManager renderer generates UUIDs.

[Regression potential]
Netplan depends on UUID generation to create correct networkManager configuration for VLANs. This is a specific use-case that is typically not hit, but any failure to generate valid NetworkManager configuration would be a regression from this SRU.

---

enabling networkd appears to eat up entropy

as seen in openssh autopkgtest failing, when networkd is enabled by default.

See http://autopkgtest.ubuntu.com/packages/openssh/artful/amd64 with triggers systemd/234-2ubuntu9

tags: added: adt-fail
Changed in systemd (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
Changed in openssh (Ubuntu):
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → Dimitri John Ledkov (xnox)
Changed in systemd (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:7.5p1-7ubuntu2

---------------
openssh (1:7.5p1-7ubuntu2) artful; urgency=medium

  * Enable haveged during autopkgtest, as virtual machines appear to run
    out of entropy when networkd is enabled in the instance at the same
    time. This will be further investigated, as it is not reasonable for
    networkd to eat up all the previously available entropy. LP: #1712921

 -- Dimitri John Ledkov <email address hidden> Thu, 24 Aug 2017 22:55:53 +0100

Changed in openssh (Ubuntu):
status: Triaged → Fix Released
Steve Langasek (vorlon) on 2017-08-31
tags: removed: rls-aa-incoming
tags: added: id-59a82980f80facbe02e40d09

There's a bit of netplan in that too.

Changed in nplan (Ubuntu Artful):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Mathieu Trudel-Lapierre (cyphermox)
tags: added: id-59e93e7ff29828fb76a5a779
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nplan - 0.32

---------------
nplan (0.32) bionic; urgency=medium

  * src/nm.c: better handle the UUID generation; the order of iterating
    through interaces may affect things here. Also make sure the tests catch
    a null UUID.

 -- Mathieu Trudel-Lapierre <email address hidden> Tue, 14 Nov 2017 08:53:51 -0500

Changed in nplan (Ubuntu Bionic):
status: In Progress → Fix Released

Hello Dimitri, or anyone else affected,

Accepted nplan into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nplan/0.32~17.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in nplan (Ubuntu Zesty):
status: New → Fix Committed
tags: added: verification-needed verification-needed-zesty
Łukasz Zemczak (sil2100) wrote :

Hello Dimitri, or anyone else affected,

Accepted nplan into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nplan/0.32~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in nplan (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial

nplan 0.32~16.04.2 fails to build because I mismerged 0.32 and broke the code skipping the test_routes_v6 test in the NetworkManager case. Therefore, it can't possibly pass SRU verification.

tags: added: verification-failed-xenial
removed: verification-needed-xenial
Brian Murray (brian-murray) wrote :

Hello Dimitri, or anyone else affected,

Accepted nplan into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nplan/0.32~16.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed-xenial
removed: verification-failed-xenial

Autopktests still failing for xenial; the test is still not being skipped (we know it won't work on Xenial due to the version of NM shipped there). Marking verification-failed-xenial.

tags: added: verification-failed-xenial
removed: verification-needed-xenial
Łukasz Zemczak (sil2100) wrote :

Hello Dimitri, or anyone else affected,

Accepted nplan into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nplan/0.32~17.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in nplan (Ubuntu Artful):
status: In Progress → Fix Committed
tags: added: verification-needed-artful
Łukasz Zemczak (sil2100) wrote :

Hello Dimitri, or anyone else affected,

Accepted nplan into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nplan/0.32~16.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed-xenial
removed: verification-failed-xenial

Verification-done:
xenial: 0.32~16.04.3
zesty: 0.32~17.04.1
artful: 0.32~17.10.1

netplan running at boot-time no longer appears to block on missing entropy; does not appear to be calling to uuid_generate() while setting this up for the networkd generator (uuid generation is still required for NetworkManager and also appears to still work).

tags: added: verification-done-artful verification-done-xenial verification-done-zesty
removed: verification-needed-artful verification-needed-xenial verification-needed-zesty
tags: removed: verification-needed
tags: removed: adt-fail
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nplan - 0.32~17.10.1

---------------
nplan (0.32~17.10.1) artful; urgency=medium

  * Backport 0.32 to Ubuntu 17.10. (LP: #1713142)

nplan (0.32) bionic; urgency=medium

  * src/nm.c: better handle the UUID generation; the order of iterating
    through interaces may affect things here. Also make sure the tests catch
    a null UUID.

nplan (0.31) bionic; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * src/nm.c: generate a UUID for a connection only as needed; when we're
    dealing with NM VLANs. (LP: #1712921)
  * debian/tests/autostart: Make the autostart test more verbose and avoid
    failing right from the start when systemd-networkd is disabled.
    (LP: #1699371)
  * tests/integration.py: bump the NetworkManager timeout for settling to
    120 seconds, autopkgtest infrastructure tends to be a little slow for the
    network device configuration to be applied and noticed by NM.
    (LP: #1699371)

  [ Dimitri John Ledkov ]
  * Reload udevd to invalidate configuration cache of .rules/.link files
    as generate step may have changed them. LP: #1669564

  [ Dan Streetman ]
  * Add another interface driver exception to netplan replug to prevent unbind
    of the Xen VIF interfaces. (LP: #1729573)

 -- Mathieu Trudel-Lapierre <email address hidden> Thu, 23 Nov 2017 12:30:51 -0500

Changed in nplan (Ubuntu Artful):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for nplan has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in openssh (Ubuntu Zesty):
status: New → Won't Fix
Changed in openssh (Ubuntu Xenial):
status: New → Won't Fix
Changed in systemd (Ubuntu Xenial):
status: New → Invalid
Changed in systemd (Ubuntu Zesty):
status: New → Invalid
Changed in systemd (Ubuntu Artful):
status: Triaged → Invalid
Changed in systemd (Ubuntu Bionic):
status: Triaged → Invalid
Launchpad Janitor (janitor) wrote :
Download full text (5.3 KiB)

This bug was fixed in the package nplan - 0.32~16.04.3

---------------
nplan (0.32~16.04.3) xenial; urgency=medium

  * tests/integration.py: Really fix skipping test_routes_v6 for the NM
    backend.

nplan (0.32~16.04.2) xenial; urgency=medium

  * tests/integration.py: Fix test_routes_v6 that I clobbered when I re-applied
    the skip rules for 16.04 after merging in 0.32.

nplan (0.32~16.04.1) xenial; urgency=medium

  * Backport netplan 0.32 to 16.04. (LP: #1713142)
  * debian/control: Depend on systemd (>= 229-4ubuntu20) for the PrimarySlave
    feature backported in that revision.
  * tests/integration.py: Skip tests that are still not yet supported in xenial

nplan (0.32) bionic; urgency=medium

  * src/nm.c: better handle the UUID generation; the order of iterating
    through interaces may affect things here. Also make sure the tests catch
    a null UUID.

nplan (0.31) bionic; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * src/nm.c: generate a UUID for a connection only as needed; when we're
    dealing with NM VLANs. (LP: #1712921)
  * debian/tests/autostart: Make the autostart test more verbose and avoid
    failing right from the start when systemd-networkd is disabled.
    (LP: #1699371)
  * tests/integration.py: bump the NetworkManager timeout for settling to
    120 seconds, autopkgtest infrastructure tends to be a little slow for the
    network device configuration to be applied and noticed by NM.
    (LP: #1699371)

  [ Dimitri John Ledkov ]
  * Reload udevd to invalidate configuration cache of .rules/.link files
    as generate step may have changed them. LP: #1669564

  [ Dan Streetman ]
  * Add another interface driver exception to netplan replug to prevent unbind
    of the Xen VIF interfaces. (LP: #1729573)

nplan (0.30) artful; urgency=medium

  * Add an "optional" syntax node for now to all devices. This is unimplemented
    for now, but intended to allow users to mark some devices as optional: to
    make sure they do not delay boot when configured. (LP: #1664844)

nplan (0.29) artful; urgency=medium

  * Fix autopkgtests in a world where /run/NetworkManager/conf.d already
    exists. nplan is enabled by default, so it might well have the directory
    already created on the filesystem.

nplan (0.28) artful; urgency=medium

  * Revert 56cd3eec which disabled IPv6 Router Advertisements by default. It
    broke default network config in LXD and was contrary to the defaults used
    by the kernel. Reopens LP: 1655440. (LP: #1717404)
  * Add "accept-ra:" key for all device types; this will default to OFF but
    allow users to disable processing Router Advertisements when required by
    their network setup. (LP: #1655440)

nplan (0.27) artful; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * Fix crash in systemd generator if called by an user on the command-line
  * coverage: fix exclusions to properly not cover our "never reached defaults"

  [ Dimitri John Ledkov ]
  * tests/integration.py: In teardown, stop systemd-networkd.socket.
  * src/networkd.c: Set UseMTU=true by default, whenever DHCP is in use.
    (LP: #1717471)
  * tests/integration.py: fix resolved detection.

nplan (0.26) artful; urgency=medium

 ...

Read more...

Changed in nplan (Ubuntu Xenial):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (4.8 KiB)

This bug was fixed in the package nplan - 0.32~17.04.1

---------------
nplan (0.32~17.04.1) zesty; urgency=medium

  * Backport 0.32 to 17.04. (LP: #1713142)

nplan (0.32) bionic; urgency=medium

  * src/nm.c: better handle the UUID generation; the order of iterating
    through interaces may affect things here. Also make sure the tests catch
    a null UUID.

nplan (0.31) bionic; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * src/nm.c: generate a UUID for a connection only as needed; when we're
    dealing with NM VLANs. (LP: #1712921)
  * debian/tests/autostart: Make the autostart test more verbose and avoid
    failing right from the start when systemd-networkd is disabled.
    (LP: #1699371)
  * tests/integration.py: bump the NetworkManager timeout for settling to
    120 seconds, autopkgtest infrastructure tends to be a little slow for the
    network device configuration to be applied and noticed by NM.
    (LP: #1699371)

  [ Dimitri John Ledkov ]
  * Reload udevd to invalidate configuration cache of .rules/.link files
    as generate step may have changed them. LP: #1669564

  [ Dan Streetman ]
  * Add another interface driver exception to netplan replug to prevent unbind
    of the Xen VIF interfaces. (LP: #1729573)

nplan (0.30) artful; urgency=medium

  * Add an "optional" syntax node for now to all devices. This is unimplemented
    for now, but intended to allow users to mark some devices as optional: to
    make sure they do not delay boot when configured. (LP: #1664844)

nplan (0.29) artful; urgency=medium

  * Fix autopkgtests in a world where /run/NetworkManager/conf.d already
    exists. nplan is enabled by default, so it might well have the directory
    already created on the filesystem.

nplan (0.28) artful; urgency=medium

  * Revert 56cd3eec which disabled IPv6 Router Advertisements by default. It
    broke default network config in LXD and was contrary to the defaults used
    by the kernel. Reopens LP: 1655440. (LP: #1717404)
  * Add "accept-ra:" key for all device types; this will default to OFF but
    allow users to disable processing Router Advertisements when required by
    their network setup. (LP: #1655440)

nplan (0.27) artful; urgency=medium

  [ Mathieu Trudel-Lapierre ]
  * Fix crash in systemd generator if called by an user on the command-line
  * coverage: fix exclusions to properly not cover our "never reached defaults"

  [ Dimitri John Ledkov ]
  * tests/integration.py: In teardown, stop systemd-networkd.socket.
  * src/networkd.c: Set UseMTU=true by default, whenever DHCP is in use.
    (LP: #1717471)
  * tests/integration.py: fix resolved detection.

nplan (0.26) artful; urgency=medium

  * Bonding:
    - Add support for specifying a primary slave. (LP: #1709135)
  * Rebind:
    - Fix brcmfmac harder. Treat any 'brcmfmac' driver as not supporting
      rebind. (LP: #1712224)
  * Autopkgtests:
    - Add allow-stderr. Systemd now bleats about a the networkd socket still
      being around and enabled when we restart the service; but we don't need
      to care since we're /restarting/ the service to load the new config.
    - Fix the autostart package to be more sensible: we don't really care if
 ...

Read more...

Changed in nplan (Ubuntu Zesty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers