canonical-ci-engineering team mailing list archive

[Jean-Baptiste Lallement <jean-baptiste.lallement@xxxxxxxxxxxxx>]

On 10/11/2013 03:05 PM, Stéphane Graber wrote:
> Hmm, I just connected to dx-autopilot-intel and I can't seem to
> reproduce the issue there. The container starts and so does the whole
> user session.
That is because it needed latest dbus on the image or the base 
container. Upgrading it inside a running container was not enough 
because the container must be restarted afterwards.
Using ubuntu desktop 20131011 to reprovision the containers fixed it.

> On Fri, Oct 11, 2013 at 09:50:20AM +0300, Timo Jyrinki wrote:
> > Hi all,
> >
> > Thanks for all the updates and work! I've dist-ugpraded the LXC
> > container and host with last night's lxc + dbus updates, but I'm still
> > getting:
> >
> > http://10.97.0.1:8080/job/autopilot-saucy-daily_release/label=autopilot-intel/2511/console
> >
> > -Timo
> >
> >
> > On Thu, Oct 10, 2013 at 7:14 PM, Vincent Ladeuil <vila+ci@xxxxxxxxxxxxx> wrote:
> > > With dmesg really attached and jibel added in CC.
> > >
> > > > > > > > Vincent Ladeuil <vila+ci@xxxxxxxxxxxxx> writes:
> > >
> > > > > > > > Stéphane Graber <stephane.graber@xxxxxxxxxxxxx> writes:
> > >      >> On Thu, Oct 10, 2013 at 10:12:39AM +0300, Timo Jyrinki wrote:
> > >      >>> Hi,
> > >      >>>
> > >      >>> Thanks to the efforts yesterday, an lxc problem was identified and
> > >      >>> fixed (https://lists.ubuntu.com/archives/saucy-changes/2013-October/011959.html)
> > >      >>> during the night my time.
> > >      >>>
> > >      >>> However, cyphermox reported to me that he updated the containers and
> > >      >>> the 'check' (autopilot) jobs of cu2d continue to fail. So the dbus <->
> > >      >>> apparmor <-> lxc triangle is not yet in complete harmony. He suggested
> > >      >>> checking the /var/log/upstart/lightdm.log and sending it to stgraber /
> > >      >>> security team. So here goes:
> > >      >>>
> > >      >>> http://pastebin.ubuntu.com/6216936/
> > >      >>>
> > >      >>> It's taken from dx-autopilot-intel and the latest container
> > >      >>> saucy-i386-20131010-0216.
> > >      >>>
> > >      >>> -Timo
> > >      >>>
> > >      >>> ps. thanks Evan for the ubuntu-engineering post
> > >
> > >      >> Can you make sure the host is up to date,
> > >
> > >      > It is.
> > >
> > >      >> reboot it after that
> > >
> > >      > Done.
> > >
> > >      >> (since the dbus apparmor changes came through a kernel change) and
> > >      >> then tell me what version of LXC is on the host
> > >
> > >      > root@dx-autopilot-intel:/var/lib/jenkins# apt-cache policy lxc
> > >      > lxc:
> > >      >   Installed: 1.0.0~alpha1-0ubuntu10
> > >      >   Candidate: 1.0.0~alpha1-0ubuntu10
> > >      >   Version table:
> > >      >  *** 1.0.0~alpha1-0ubuntu10 0
> > >      >         500 http://us.archive.ubuntu.com/ubuntu/ saucy/main i386 Packages
> > >      >         100 /var/lib/dpkg/status
> > >
> > >      >> and attach the "dmesg" output right after a failure.
> > >
> > >      > dmesg attached.
> > >
> > >      >> If it's really still an apparmor profile issue, there will be denials in
> > >      >> the dmesg output, if not, then it's something else that's breaking your
> > >      >> tests.
> > >
> > >      > Now, otto (which is creating the lxc container) mounts an iso and as
> > >      > such requires a loop device. To get that it disables:
> > >
> > >      > root@dx-autopilot-intel:/etc/apparmor.d/disable# ls -lart
> > >      > total 8
> > >      > lrwxrwxrwx 1 root root   33 Jun  4 10:34 usr.sbin.rsyslogd -> /etc/apparmor.d/usr.sbin.rsyslogd
> > >      > drwxr-xr-x 9 root root 4096 Oct 10 13:14 ..
> > >      > lrwxrwxrwx 1 root root   33 Oct 10 13:15 usr.bin.lxc-start -> /etc/apparmor.d/usr.bin.lxc-start
> > >      > drwxr-xr-x 2 root root 4096 Oct 10 13:15 .
> > >
> > >      > Not sure how that interacts with the profiles but without them the
> > >      > container can't be started and use its iso.
> > >
> > >      >           Vincent


--
Jean-Baptiste
IRC: jibel