Ubuntu Server team update - 5 Aug 2019

Hi everyone, below you will find the updates of the Ubuntu Server team members from the last week. If you are interested in discussing a topic please start a thread in the Server area of this Discourse site.

1 Like

Packaging

  • LP: #1797836 SRU for logwatch
    • Uploaded logwatch SRU and subbed sru team
  • LP: #1835968 SRU for ruby2.5
    • Uploaded ruby2.5 SRU and subbed sru team
    • Read up on bileto, used it to do the package build in a way that will be consistent with security pocket requirements.
  • Merge for python-boto 2.49.0-2 done and posted for review.
  • Merge for python-seamicroclient 0.4.0+2016.05.20.git.40ee44c664 posted for review.
  • Merges for exim4 4.92-10 and rabbitmq-server 3.7.8-5 started

Development

  • php 7.2 to 7.3 transition
    • GPG signing inside LXC container
    • The package builds had been failing due to dependencies between themselves, so I restructured the transition.sh script to build and install things in phases. With this sorted, these packages now have their dependencies and build properly: php-apcu-bc, php-igbinary, php-memcached, php-pecl-http, php-redis.
    • Created git repo under php-ubuntu team for php-dev-tools, and generalized the transition.sh script so it can hopefully be used to streamline future php transitions.
  • git-ubuntu
    • Continued review feedback on Coverity fix from past week
  • usmerges tool
    • Added functionality to prioritize packages that are included in Ubuntu Server seeds
    • Implemented ability to identify new upstream releases not yet included in Debian
    • Updated report code to display the above info concisely

Reviews

  • tgt merge for Andreas. Approved.
  • sssd merge for Andreas. Approved.
3 Likes

cloud-init

  • Filed and started digging into bug 1838564 for introducing first-class dracut support in to cloud-init’s network configuration determination
    • This will ensure that we can handle the network configuration emitted by a dracut-generated initramfs, in the same way we handle network configuration emitted by an initramfs-tools-generated initramfs today
  • Continued work debugging bug 1834875
    • We have reached the conclusion that this is happening in the kernel, and testing with the generic kernel suggests it’s specific to the Azure custom kernel
    • Continuing thanks to Tobias Koch!
  • Assisted a couple of community members with getting started on development and unblocking in-progress work
  • Reviewed MP 370348
    • Rick was quick with his feedback, so we iterated a couple of times; thanks Rick!
  • Reviewed the new Exoscale data source
  • Filed bug 1838794 for a documentation issue and submitted MP 370927 to address it
  • Submitted server-test-script PR #30 to see better information about cloud-init COPR build failures when they happen

curtin

  • Reviewed MP 370800 before Ryan decided on a substantially different direction
    • As it happens, my review comments were on some code that was lifted from cloud-init, so I may consider applying some of my review comments over there myself
  • Reviewed MP 370843

ubuntu-advantage-client

  • Submitted PR #697 to fix handling contracts with expiry timestamps
  • Reviewed PR #688
  • Started triaging issue #698 with Kyle

Miscellaneous

  • The only cloud-init/curtin/Ubuntu Advantage squad member working normally for the first part of this week
    • Did bug triage Monday/Tuesday as a result
  • Some Jenkins/QA code review
    • In particular, cosmic went EOL so we’ve been dropping it from our testing (e.g. MP 370712)
  • This Python Exceptions guide is a good primer on Python exceptions that I happened across this week
  • Had some internal conversations about Python code formatters
    • No concrete outcome from this as yet
  • Set up a WriteFreely instance for my personal blog; this content is reproduced over there too
2 Likes

I haven’t posted anything last week because we were at Debconf19, happening in Curitiba/Brazil. It was quite a good experience watching so many different presentations. From all of them I would recommend as “should definitely watch” the following:

Debconf19 Videos

  1. Using Git for Ubuntu Packaging from @ahasenack.
  2. How Ubuntu and Debian packages are structured from @ahasenack.
  3. Apt 2.0 and other news from @juliank.
  4. One git to package them all, and on salsa.
  5. Reproducible Builds
  6. Secure Boot in Debian Buster. Really.
  7. State of RDMA in Debian.
    (Thanks Mellanox Engineers for answering so many questions from myself).
  8. Symbolic Execution of Maintainers Scripts.
  9. Whats new in the Linux Kernel

Virtualization Work

LP: #1828495 is the public bug @paelzer and I are making QEMU changes for different HW security mitigations of new CPUs (Intel xxxLake CPUs). Christian has merged a pretty recent QEMU version into Eoan and we’ve been working in backporting the security features (+arch-capabilities,+ssbd,+md-clear,+rdctl-no,+ibrs-all,+skip-l1dfl-vmentry,+mds-no -m 2048 -realtime mlock=off ) to Disco and Bionic.
Bionic is already in -proposed and we missed MDS-NO feature, so we included it in qemu 1:2.11+dfsg-1ubuntu7.17 and also pushed it into -proposed repo. Disco already had the MDS-NO patch so its -proposed version, 1:3.1+dfsg-2ubuntu3.3, was already good.
If you want to check how to enable those features (without the libvirt support, which we’re working on) you can check comment #50 for Bionic and comment #46 for Ubuntu Disco.
We are going to create a wiki page specifying exactly how to enable the mitigation flags in order to tell KVM guests which HW mitigations are supported for the specified vCPU.

Ubuntu HA Work

Our focus now is basically clean up the autopkgtest regressions we had in the new corosync and pacemaker versions. Dependant packages had their tests failing because of multiple reasons and I’m cleaning those.
An example is that our autopkgtest environment for armhf architecture runs in an unprivileged container and corosync now needs to set memlock limits in the beginning (in the new version test checks for capabilities and skips instead of failing).

MySQL Update

@rbasak has done a huge amount of work to upgrade MySQL to 8 in Ubuntu Eoan. This week I have helped this effort just a bit, with 2 related packages:

  1. dbconfig-common (Upstream Debian Merge Request): Because of cacti (2) I had to create a debconf variable to set MySQL authentication plugin to be used by dbconfig-common consumers. Because of MySQL 8 changes, ALTER SQL commands had to be altered also.
  2. cacti (Upstream Debian Merge Request and Upstream Merge Request): MySQL 8 does not allow ALTER to create a USER by default anymore AND its default authentication plugin is caching_sha2_password, not supported by some PHP packages.
2 Likes

Debconf19
At debconf19 from July 21st through July 27th

Merges

Reviews

  • python-boto, python-seamicroclient, samba ctdb fixes from @rafaeldtinoco, postgresql, bind9 and nut for @paelzer

Belated update:
Short week: on vacation Mon-Wed

ubuntu-advantage-tools

  • Address review comments on per-series APT key support for new ua client (PR #690)
  • Address first round of review comments on non-zero exit code during auto-enablement (PR #580)
  • Read UA client UX updated spec per in-depth product owner review

cloud-init

  • Write a minispec on DataSourceOVF feature to merge config data from both IMC and OVA to allow for static IP configuration plus user ssh imports. Sent out for team review
  • Azure add route-metrics to azure v2 networking branch for secondary network interfaces