[Bug 1267393] Juju MIR resposne
Tim Penhey
tim.penhey at canonical.com
Mon Sep 28 07:51:47 UTC 2015
This is an answer to some of the questions Seth asked
> In 1339770, in May 2015, it was mentioned that 1.18 was end-of-life and no
> further updates could be prepared for it. 1.18.0 was released just 13
> months earlier and 1.18.1 had been included in 14.04 LTS. Why was the 1.18
> infrastructure torn down so shortly after including 1.18 in a release with
> five-year support?
I believe that this change was primarily brought about by the change
from using bzr to git. The build and test infrastructure had to be
re-tooled to make this work.
> Have there been any similar changes in process that
> would prevent or delay issuing an update to the currently supported
> versions of juju already in the archive?
We are unlikely to change from git.
> It is currently impossible to upgrade from 14.04 LTS to 15.04 due to
> incorrect version numbers. Has anyone else noticed this yet? When will
> this be fixed? Are there any changes in process needed to ensure this
> doesn't happen in the future?
The older versions of Juju were not very good at handling unknown
series. I have targeted a previously created bug to address this:
https://bugs.launchpad.net/juju-core/+bug/1403689
There are work-arounds that have been used by IS to upgrade older
environments.
We do test a number of upgrade combinations, and I'm curious as to why
you say it is impossible to upgrade? What exactly is the situation you
are attempting?
> Will the juju team be asking for an MRE? Is it anticipated that new series
> (e.g., the 1.18 to 1.22 change) would be included as an MRE? What
> processes are in place to test updates before including updates into the
> archive? What processes are available to the security team to test
> updates that we would prepare?
There are CI tests around upgrading from older versions to the current
tested release. I believe that one of these tests includes going from
1.18 to the current tested release.
> I had more trouble reading the Juju code this review cycle than last
> review cycle -- the Facade indirection mechanism makes code navigating
> harder. I'm worried about it for a few reasons:
> - Strings to reference method names are brittle and can't be checked at
> compile time. What methods are in place to ensure that these aren't
> typoed?
There are unit tests in place that test both the client and server side
of every call, and in addition to that there are full feature tests that
make sure all the parts align.
> - Generic args and return types defeat type checking. What ensures types
> being returned or accepted have the desired properties?
The specified unit and feature tests.
> - Java has had significant problems with their Reflection mechanism,
> probably dozens of issues per year. At what points of a process
> lifetimes is the Facade mechanism dynamic?
During the low level RPC call from the client to the API server.
> Here's a few issues I found:
>
> - ./apiserver/apiserver.go logs passwords when tracing is enabled -- this
> is fine IFF this is loudly documented somewhere obvious. Is it? It'd be
> best to filter out passwords regardless.
I have created a bug to address this more completely:
https://bugs.launchpad.net/juju-core/+bug/1500298
> - Chown() doesn't quote the user or group
In which cases is this really necessary? All the chowns that the Juju
code base does is to either ubuntu, syslog or adm. Other chowns copy the
uid/gid directly from the source.
> - ./api/client.go WatchDebugLog() claims to read a line but looks like it
> may read up to 4096 bytes -- is this correct?
The first line returned in the WatchDebugLog is a serialized error, and
only a serialized error. The size of the error is always less than 200
bytes, but 4k is a nice block size. Once this initial error has been
returned, the websocket is used as a stream.
> - significant number of TODO comments; is there a method in place to find
> unowned comments and assign them somewhere? is there a process in place
> to ensure they get revisited?
I don't believe we have a formal process at this stage. New TODO
comments are expected to have an associated bug, and a date.
> - Which versions of the client work with which versions of the servers?
> Where's that described?
All clients from 1.18 on should work with any API server. This is the
expected behaviour until at least Juju 2.0.
> - ./api/keyupdater/authorisedkeys.go AuthorisedKeys(),
> WatchAuthorisedKeys() expects exactly one authorized key, this seems
> fragile
I believe it expects one string, which may be multi-line, and each key
is on a different line.
> - Is -static-libgo still being used?
No idea sorry.
> I'm concerned with how previous issues have been handled -- the three
> referenced bug reports have combined to represent the single most
> expensive consequence I've personally seen and all were known issues five
> months earlier. So I need reassurance that the Juju team will help the
> security team maintain Juju in our supported releases:
>
> - Ask for an MRE, if that's the most appropriate mechanism to update Juju.
> - Ask for special treatment that allow more frequent full-version updates,
> if that's the most appropriate mechanism to update Juju.
> - Commitment to help the security team diagnose and prepare fixes.
> - Commitment to help the security team backport fixes to all supported
> versions, as necessary.
> - Commitment to help the security team prepare test cases and use testing
> infrastructures.
Commitment to helping the security team deal with any Juju problem will
not be an issue. Of course the team is there to help.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gccgo-5 in Ubuntu.
https://bugs.launchpad.net/bugs/1267393
Title:
[MIR] juju-core, juju-mongodb, gccgo, golang
Status in gccgo-5 package in Ubuntu:
Fix Released
Status in gccgo-go package in Ubuntu:
Invalid
Status in golang package in Ubuntu:
Incomplete
Status in juju-core package in Ubuntu:
Confirmed
Status in juju-mongodb package in Ubuntu:
Incomplete
Bug description:
>> golang <<
Availability
------------
In universe, limited to amd64, i386 and armhf archs.
Rationale
---------
golang is the primary focus of Go toolchain development; scale testing
of juju with gccgo and golang gc built binaries revealed that the
gccgo built binaries consume a significant amount of memory compared
to golang gc built versions.
As juju is focussed on building scale out service deployments,
choosing the toolchain that produces the most scalable binaries on the
architectures that most users are going to be using would make sense.
Security
--------
Can't find any interesting security history.
QA
--
OK; the toolchain does have a test suite but its not run by default
(yet).
Dependencies
------------
All build-deps are in main; some non-core packages depend on package
in universe (kate, vim addons) - recommend that these are left in
universe.
golang-go.tools can be demoted to a suggested to limit scope of main
inclusion.
Standards compliance
--------------------
OK
Maintenance
-----------
>> gccgo-go <<
Availability
------------
In universe, available on all required architectures (x86, armhf,
arm64, ppc64el).
Rationale
---------
'go' build tool built using gccgo, avoiding the need to promote two
golang toolchains to Ubuntu main.
Security
--------
Searching for golang CVE's turned up nothing (this package is a rename
of the golang 1.2 source package).
Quality assurance
-----------------
Package installs cleanly, go tool installed using alternatives at
higher priority that golang-go version in universe.
Dependencies
------------
gccgo is in universe, all other dependencies in main.
Standards compliance
--------------------
OK
Maintenance
-----------
Some bugs expected upfront but should stabilize before release.
Probably picked up by ubuntu-server if foundations team don't want to.
Background information
----------------------
This package is a re-cut of the golang upstream codebase with selected
cherry-picks from upstream VCS for gccgo support, along with a patch
to support building using gccgo + Make.
The only code actually used is in src/cmd/go.
>> juju-mongodb <<
Availability
------------
In universe, available on all required architectures (x86, armhf,
arm64, ppc64el).
Rationale
---------
MongoDB is a dependency for operating a Juju deployed Ubuntu
environment.
Security
--------
MongoDB has had some CVE's in the past, related to the use of the V8
and Spidermonkey Javascript engine in the Mongo Shell; however juju-
mongodb builds without support for Javascript scripting, avoiding the
historic CVE's (which where fixed upstream anyway).
Quality assurance
-----------------
Package installs cleanly, package build process runs upstream smoke
tests (minus jstests due to disabling javascript support). Tests
pass on all architectures.
Dependencies
------------
All in main already
Standards compliance
--------------------
OK (well is scons but we won't hold that against it)
Maintenance
-----------
Upstream MongoDB run stable releases with point updates; its intended
that a MRE is applied for this package so point releases can be pushed
as SRU's.
Its also possible that we might need to bump a major version (2.4.x ->
2.6.x); as this package is specific to Juju, we can constrain the
impact and regression testing to Juju only.
Background information
----------------------
Why a separate package? it was agreed at the last vUDS that having a
separate package allows us to limit a) use of v8 (disabled) which was
a security concern and b) allows us to potentially update at a later
date if need be only impacting juju itself.
>> juju-core <<
Availability
------------
In universe.
Rationale
---------
Juju is the recommended service orchestration tool for Ubuntu; as such
it really needs to be a core part of Ubuntu.
Security
--------
No security history, but it was agreed that a security review would be
undertaken as part of the MIR process.
Quality assurance
-----------------
No tests are run as part of the package build process; however
upstream do run these tests for all target series (12.04 -> 14.04)
prior to release so the overall quality of the codebase it pretty
good.
The package has some basic DEP-8 tests that bootstrap a local Juju
environment to ensure everything hangs together OK.
Dependencies
------------
juju-mongodb (see above)
gccgo + gccgo-go
Currently all required go dependencies are snapshotted at specific
upstream commits and bundled with Juju.
Standards compliance
--------------------
OK
Maintenance
-----------
Upstream Juju team intend to manage stable point releases against the
version shipped in 14.04. Ubuntu Server team will own the package in
distro.
Background information
----------------------
Some decisions still need to be made, mainly around toolchain.
Specifically the aim is to support a single Go toolchain in Ubuntu
main for all architectures; golang-go does not support arm64 or
ppc64el yet, whereas the gccgo implementation does.
Required changes to support gccgo have been upstreamed into the Juju
codebase.
Its also worth noting that the package and binaries in Ubuntu are used
for:
client tool (juju)
juju agent (jujud) - but only for local provider and where --upload-tools is used
Upstream released jujud binaries are/will be distributed officially
via simplestreams using a documented build process (details TBC). The
juju client will use these tools on public clouds and potentially in
private cloud deployments where tools are synced into the cloud using
the juju client tool (juju sync-tools).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gccgo-5/+bug/1267393/+subscriptions
More information about the foundations-bugs
mailing list