[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953

Dan Streetman ddstreet at canonical.com
Thu Nov 14 20:39:27 UTC 2019 

with testcase setup from description, system A is -remote and system B
is -d

ubuntu at lp1847527-remote:~$ dpkg -l systemd|grep ii
ii  systemd        240-6ubuntu5.7 amd64        system and service manager
ubuntu at lp1847527-d:~$ dpkg -l systemd|grep ii
ii  systemd        240-6ubuntu5.7 amd64        system and service manager
ubuntu at lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service 
-- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:19:34 UTC. --
Nov 14 20:19:03 lp1847527-d systemd[1]: Started Journal Remote Upload Service.
Nov 14 20:19:03 lp1847527-d systemd-journal-upload[721]: Upload to http://192.168.122.184:19532/upload failed with code 411: gth Required
Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Main process exited, code=exited, status=1/FAILURE
Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Failed with result 'exit-code'.


Fix must be applied to system A (where systemd-journal-remote.serivce is
running):

ubuntu at lp1847527-remote:~$ dpkg -l systemd|grep ii
ii  systemd        240-6ubuntu5.8 amd64        system and service manager
ubuntu at lp1847527-d:~$ dpkg -l systemd|grep ii
ii  systemd        240-6ubuntu5.7 amd64        system and service manager
ubuntu at lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service 
-- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:34:28 UTC. --
Nov 14 20:33:33 lp1847527-d systemd[1]: Started Journal Remote Upload Service.


and upgrading system B, it still works correctly (as long as system A has been upgraded):

ubuntu at lp1847527-d:~$ dpkg -l systemd|grep ii
ii  systemd        240-6ubuntu5.8 amd64        system and service manager
ubuntu at lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service 
-- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:38:38 UTC. --
Nov 14 20:38:35 lp1847527-d systemd[1]: Started Journal Remote Upload Service.


** Tags removed: verification-needed verification-needed-disco
** Tags added: verification-done verification-done-disco

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1847527

Title:
  Backport systemd-journal-remote fix PR #11953

Status in openstack-ansible:
  New
Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Bionic:
  Invalid
Status in systemd source package in Disco:
  Fix Committed
Status in systemd source package in Eoan:
  Fix Released

Bug description:
  [impact]

  upstream commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd broke remote journal upload, because it added a check to verify the Content-Length header, but the upload may use Transfer-Encoding of 'chunked' which does
  not specify Content-Length.

  [test case]

  setup 2 systems, A and B.  Install systemd-journal-remote on both.

  On A:

  $ sudo systemctl edit systemd-journal-remote.service

  in the editor, add:

  [Service]
  ExecStart=
  ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/

  
  Then enable/start the socket:

  $ sudo systemctl enable systemd-journal-remote.socket
  $ sudo systemctl start systemd-journal-remote.socket

  Optionally, start the service and verify it is running (not required,
  since the socket will start the service):

  $ sudo systemctl start systemd-journal-remote.service
  $ sudo systemctl status systemd-journal-remote.service | grep Active
     Active: active (running) since Thu 2019-11-14 20:08:48 UTC; 7min ago

  
  On B:

  Edit the file /etc/systemd/journal-upload.conf:

  [Upload]
  URL=http://192.168.122.184:19532

  
  Replacing the IP address with the actual ip addr of node A.  Then enable/start the service:

  $ sudo systemctl enable systemd-journal-upload.service
  $ sudo systemctl start systemd-journal-upload.service

  Check for failure:

  ubuntu at lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service 
  -- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:19:34 UTC. --
  Nov 14 20:19:03 lp1847527-d systemd[1]: Started Journal Remote Upload Service.
  Nov 14 20:19:03 lp1847527-d systemd-journal-upload[721]: Upload to http://192.168.122.184:19532/upload failed with code 411: gth Required
  Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Main process exited, code=exited, status=1/FAILURE
  Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Failed with result 'exit-code'.

  
  [regression potential]

  this limits the Transfer-Encoding to only be either unspecified, or
  'chunked'.  Any other value will fail.  However, journal-upload.c does
  not ever use any other Transfer-Encoding than 'chunked', and this fix
  comes from upstream and has not changed since applied there.

  Any regression would likely result in the failure to upload a remote
  journal.

  [other info]

  the commit that caused this is not included in Bionic, and the commit
  to fix this is already in Eoan; this is needed only in Disco.

  original description:
  --

  I'm requesting that systemd 240 receive the fix in upstream PR 11953
  found here https://github.com/systemd/systemd/pull/11953

  This fixes remote journal shipping using systemd components. I believe
  only Disco (19.04) is impacted by this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions

More information about the foundations-bugs mailing list