[Bug 1847527] Re: Backport systemd-journal-remote fix PR #11953

Launchpad Bug Tracker 1847527 at bugs.launchpad.net
Mon Nov 25 11:18:51 UTC 2019 

This bug was fixed in the package systemd - 240-6ubuntu5.8

---------------
systemd (240-6ubuntu5.8) disco; urgency=medium

  [ Victor Tapia ]
  * d/p/resolved_disable-connection-downgrade-when-DNSSEC-yes.patch
    Fix regression introduced by
    resolved-Mitigate-DVE-2018-0001-by-retrying-NXDOMAIN-with.patch when
    DNSSEC=yes (LP: #1796501)

  [ Dan Streetman ]
  * d/p/lp1840640-shared-seccomp-add-sync_file_range2.patch:
    allow sync_file_range2 in nspawn container (LP: #1840640)
  * d/p/lp1847527-journal-remote-do-not-request-Content-Length-if-Tran.patch:
    do not request Content-Length if Transfer-Encoding is chunked
    (LP: #1847527)
  * d/t/storage: fix flaky test
    (LP: #1847815)
  * d/p/lp1843381-dell_passthrough_skip_rename_retry.patch,
    debian/extra/rules/73-usb-net-by-mac.rules:
    fix rename delay for systems using "Dell MAC passthrough"
    (LP: #1843381)
  * d/p/lp1849733/0001-resolved-if-we-can-t-append-EDNS-OPT-RR-then-indicat.patch,
    d/p/lp1849733/0002-resolved-don-t-let-EDNS0-OPT-dgram-size-affect-TCP.patch:
    ignore EDNS0 payload limit when responding over TCP (LP: #1849733)
  * d/p/lp1849658-resolved-set-stream-type-during-DnsStream-creation.patch:
    - Fix bug in refcounting TCP stream types (LP: #1849658)
  * d/extra/dhclient-enter-resolved-hook:
    - only restart resolved if dhclient conf changed (LP: #1805183)

  [ Balint Reczey ]
  * d/p/test-execute-Filter-dev-.lxc-in-exec-dynamicuser-statedir.patch:
    fix test breakage due to running in nested lxd container
    (LP: #1845337)

 -- Dan Streetman <ddstreet at canonical.com>  Fri, 04 Oct 2019 09:06:58
-0400

** Changed in: systemd (Ubuntu Disco)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1847527

Title:
  Backport systemd-journal-remote fix PR #11953

Status in openstack-ansible:
  New
Status in systemd:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in systemd source package in Bionic:
  Invalid
Status in systemd source package in Disco:
  Fix Released
Status in systemd source package in Eoan:
  Fix Released

Bug description:
  [impact]

  upstream commit 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd broke remote journal upload, because it added a check to verify the Content-Length header, but the upload may use Transfer-Encoding of 'chunked' which does
  not specify Content-Length.

  [test case]

  setup 2 systems, A and B.  Install systemd-journal-remote on both.

  On A:

  $ sudo systemctl edit systemd-journal-remote.service

  in the editor, add:

  [Service]
  ExecStart=
  ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/

  
  Then enable/start the socket:

  $ sudo systemctl enable systemd-journal-remote.socket
  $ sudo systemctl start systemd-journal-remote.socket

  Optionally, start the service and verify it is running (not required,
  since the socket will start the service):

  $ sudo systemctl start systemd-journal-remote.service
  $ sudo systemctl status systemd-journal-remote.service | grep Active
     Active: active (running) since Thu 2019-11-14 20:08:48 UTC; 7min ago

  
  On B:

  Edit the file /etc/systemd/journal-upload.conf:

  [Upload]
  URL=http://192.168.122.184:19532

  
  Replacing the IP address with the actual ip addr of node A.  Then enable/start the service:

  $ sudo systemctl enable systemd-journal-upload.service
  $ sudo systemctl start systemd-journal-upload.service

  Check for failure:

  ubuntu at lp1847527-d:~$ journalctl -b -u systemd-journal-upload.service 
  -- Logs begin at Thu 2019-11-14 16:34:08 UTC, end at Thu 2019-11-14 20:19:34 UTC. --
  Nov 14 20:19:03 lp1847527-d systemd[1]: Started Journal Remote Upload Service.
  Nov 14 20:19:03 lp1847527-d systemd-journal-upload[721]: Upload to http://192.168.122.184:19532/upload failed with code 411: gth Required
  Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Main process exited, code=exited, status=1/FAILURE
  Nov 14 20:19:03 lp1847527-d systemd[1]: systemd-journal-upload.service: Failed with result 'exit-code'.

  
  [regression potential]

  this limits the Transfer-Encoding to only be either unspecified, or
  'chunked'.  Any other value will fail.  However, journal-upload.c does
  not ever use any other Transfer-Encoding than 'chunked', and this fix
  comes from upstream and has not changed since applied there.

  Any regression would likely result in the failure to upload a remote
  journal.

  [other info]

  the commit that caused this is not included in Bionic, and the commit
  to fix this is already in Eoan; this is needed only in Disco.

  original description:
  --

  I'm requesting that systemd 240 receive the fix in upstream PR 11953
  found here https://github.com/systemd/systemd/pull/11953

  This fixes remote journal shipping using systemd components. I believe
  only Disco (19.04) is impacted by this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openstack-ansible/+bug/1847527/+subscriptions

More information about the foundations-bugs mailing list