[Bug 1818680] Please test proposed package

Corey Bryant corey.bryant at canonical.com
Tue Mar 17 15:15:46 UTC 2020 

Hello Andrea, or anyone else affected,

Accepted vaultlocker into queens-proposed. The package will build now
and be available in the Ubuntu Cloud Archive in a few hours, and then in
the -proposed repository.

Please help us by testing this new package. To enable the -proposed
repository:

  sudo add-apt-repository cloud-archive:queens-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-queens-needed to verification-queens-done. If it does
not fix the bug for you, please add a comment stating that, and change
the tag to verification-queens-failed. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance!

** Changed in: cloud-archive/queens
       Status: Triaged => Fix Committed

** Tags added: verification-queens-needed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1818680

Title:
  booting should succeed even if vault is unavailable

Status in Bionic Backports:
  Fix Released
Status in OpenStack ceph-osd charm:
  Invalid
Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive queens series:
  Fix Committed
Status in vaultlocker:
  Fix Released
Status in vaultlocker package in Ubuntu:
  Fix Released
Status in vaultlocker source package in Cosmic:
  Fix Released
Status in vaultlocker source package in Disco:
  Fix Released

Bug description:
  [Impact]
  decrypt of vaultlocker encrypted block devices blocks the network-online.target; this means that if vault is hosted on the same hardware which is using vaultlocker for encryption at rest, the server will fail to boot fully in the event that all servers are rebooted at the same time.

  [Test Case]
  Deploy ceph+vaultlocker+vault
  Power cycle all servers
  Servers never get to multiuser.target as vaultlocker-decrypt services block network-online.target so LXD containers never get started.

  [Regression Potential]
  The proposed fix drops the Before=network-online.target stanza from the vaultlocker-decrypt systemd unit so minimal impact.

  [Original bug report]
  If ceph is using vault secrets to encrypt its volumes and vault is not available, booting is not possible without manual intervention, as the ceph-volume and vaultlocker-decrypt services will hang forever.
  In case of a full cloud outage, bootstrapping the mysql and vault nodes will require quite a bit of manual intervention, as all required nodes will have to be booted in single user mode to bypass the volume decryption services.

  Decryption of the ceph volumes should instead timeout, and allow the
  rest of the machine to complete the boot sequence.

To manage notifications about this bug go to:
https://bugs.launchpad.net/bionic-backports/+bug/1818680/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list