[SRU] CloudStack data source will always set password to "HTTP/1.0 200 OK" on CloudStack 4.5.1 and later

[ubuntu-server-builder]

This bug was originally filed in Launchpad as LP: #1464253

Launchpad details

affected_projects = ['cloud-init (Ubuntu)', 'cloud-init (Ubuntu Precise)', 'cloud-init (Ubuntu Trusty)', 'cloud-init (Ubuntu Utopic)', 'cloud-init (Ubuntu Vivid)', 'cloud-init (Ubuntu Wily)']
assignee = oddbloke
assignee_name = Dan Watkins
date_closed = 2015-11-09T11:11:42.422471+00:00
date_created = 2015-06-11T13:27:29.471259+00:00
date_fix_committed = 2015-06-29T12:07:25.581106+00:00
date_fix_released = 2015-11-09T11:11:42.422471+00:00
id = 1464253
importance = undecided
is_complete = True
lp_url = https://bugs.launchpad.net/cloud-init/+bug/1464253
milestone = None
owner = oddbloke
owner_name = Dan Watkins
private = False
status = fix_released
submitter = oddbloke
submitter_name = Dan Watkins
tags = ['verification-done']
duplicates = []

Launchpad user Dan Watkins(oddbloke) wrote on 2015-06-11T13:27:29.471259+00:00

First reported in https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1440263/comments/6

Older versions of CloudStack return the password as the first thing on the socket after an HTTP request (eschewing the tradition of HTTP response headers), which is what we take and use.

This lack of proper HTTP headers has been fixed in ACS 4.5.1, which means we will always use the status line of the HTTP response as the password.

[Impact]
Ubuntu instances deployed on more recent versions of CloudStack will always set the root password to "HTTP/1.0 200 OK".

[Test Case]
Launch an instance in a recent CloudStack environment and try to log in using "HTTP/1.0 200 OK" and the password provided by the environment. The former should fail and the latter should work.

[Regression Potential]
This change moves to using wget rather than our own custom client, which is more inline with CloudStack's own scripting around this. We shouldn't regress on new or old CloudStack environments.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2015-06-12T13:52:19.624030+00:00

Status changed to 'Confirmed' because the bug affects multiple users.

[ubuntu-server-builder]

Launchpad user Scott Moser(smoser) wrote on 2015-07-22T13:35:55.325697+00:00

marking as fix-committed in cloud-init trunk. fix-released will go with the 0.7.7 release.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2015-07-22T21:46:25.731185+00:00

This bug was fixed in the package cloud-init - 0.7.7~bzr1127-0ubuntu1

---

cloud-init (0.7.7~bzr1127-0ubuntu1) wily; urgency=medium

[ Scott Moser ]

• d/README.source, debian/cherry-pick-rev: improve packaging tool

[ Daniel Watkins ]

• d/cloud-init.templates: Include SmartOS data source in the default list
  and choices. (LP: #1398997)

[ Scott Moser ]

• New upstream snapshot.
  • check for systemd using sd_booted symantics (LP: #1461201)
  • fix importing of gpg keys in python3 (LP: #1463373)
  • fix specification of devices to growpart (LP: #1465436)
  • reliably detect and use Azure disks using udev rules (LP: #1411582)
  • support selection of Ubuntu mirrors on GCE (LP: #1470890)
  • ssh: generate ed25519 host keys if supported (LP: #1461242)
  • test fixes and cleanups
  • fix reading of availability-zone on GCE (LP: #1470880)
  • fix cloudsigma datasource with python3 (LP: #1475215)
  • fix rightscale user-data
  • fix consumption of CloudStack passwords on newer CloudStack platforms
    (LP: #1440263, #1464253)

-- Scott Moser smoser@ubuntu.com Wed, 22 Jul 2015 17:06:18 -0400

[ubuntu-server-builder]

Launchpad user Chris J Arges(arges) wrote on 2015-07-23T14:54:10.216130+00:00

Hello Dan, or anyone else affected,

Accepted cloud-init into vivid-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.7.7~bzr1091-0ubuntu4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

[ubuntu-server-builder]

Launchpad user Chris J Arges(arges) wrote on 2015-07-23T14:57:07.393922+00:00

Hello Dan, or anyone else affected,

Accepted cloud-init into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.7.5-0ubuntu1.7 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

[ubuntu-server-builder]

Launchpad user Chris J Arges(arges) wrote on 2015-07-23T15:00:34.182549+00:00

Hello Dan, or anyone else affected,

Accepted cloud-init into precise-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/0.6.3-0ubuntu1.18 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

[ubuntu-server-builder]

Launchpad user Dan Watkins(oddbloke) wrote on 2015-07-24T09:22:39.108277+00:00

Thomas,

Would you be able to perform validation that this is fixed in the new package? I don't have access to an appropriate CloudStack environment to do so.

Thanks,

Dan

[ubuntu-server-builder]

Launchpad user Dan Watkins(oddbloke) wrote on 2015-08-10T16:50:10.630511+00:00

I have verified that we have not broken password on pre 4.5 versions of CloudStack.

I haven't been able to confirm that this is fixed on 4.5+, because we haven't been able to find such a test environment. It certainly won't have regressed (as it was already broken), so I'm marking this as verification-done.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2015-08-10T17:28:13.159724+00:00

This bug was fixed in the package cloud-init - 0.7.7~bzr1091-0ubuntu4

---

cloud-init (0.7.7~bzr1091-0ubuntu4) vivid; urgency=medium

• d/patches/lp-1456684-eu-central-1.patch: Add central as a direction for
  EC2 availability zones (LP: #1456684).
• d/patches/lp-1464253-handle-new-cloudstack-passwords.patch: Handle both
  old and new CloudStack password servers (LP: #1464253).
• d/patches/lp-1475215-fix-cloudsigma-cepko.patch: Fix CloudSigma datasource
  under Python 3 (LP: #1475215).
• d/patches/lp-1463373-fix-apt-gpg-key-fetching.patch: Fix a Python 3
  problem with the writing out of the script that fetches GPG keys for apt
  repos (LP: #1463373).

-- Daniel Watkins daniel.watkins@canonical.com Mon, 29 Jun 2015 12:48:33 +0100

[ubuntu-server-builder]

Launchpad user Chris J Arges(arges) wrote on 2015-08-10T17:28:31.946334+00:00

The verification of the Stable Release Update for cloud-init has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2015-08-10T17:29:39.107220+00:00

This bug was fixed in the package cloud-init - 0.7.5-0ubuntu1.7

---

cloud-init (0.7.5-0ubuntu1.7) trusty; urgency=medium

• d/patches/lp-1456684-eu-central-1.patch:
  • Add central as a direction for EC2 availability zones (LP: #1456684).
• d/patches/lp-1464253-handle-new-cloudstack-passwords.patch:
  • Handle both old and new CloudStack password servers (LP: #1464253).
• Add python-serial to Build-Depends (LP: #1381776).

-- Daniel Watkins daniel.watkins@canonical.com Thu, 16 Jul 2015 17:34:01 +0100

[ubuntu-server-builder]

Launchpad user Launchpad Janitor(janitor) wrote on 2015-08-10T17:30:10.303294+00:00

This bug was fixed in the package cloud-init - 0.6.3-0ubuntu1.18

---

cloud-init (0.6.3-0ubuntu1.18) precise; urgency=medium

• d/patches/lp-1456684-eu-central-1.patch:
  • Add central as a direction for EC2 availability zones (LP: #1456684).
• d/patches/lp-1464253-handle-new-cloudstack-passwords.patch:
  • Handle both old and new CloudStack password servers (LP: #1464253).
• Add python-serial to Depends (LP: #1381776).

-- Daniel Watkins daniel.watkins@canonical.com Thu, 16 Jul 2015 17:14:18 +0100