[Bug 854946] Re: [SRU] Rampart's configuration on Ubuntu's package doesn't define a default ClockSkewBuffer
James Page
james.page at ubuntu.com
Mon Sep 26 08:40:54 UTC 2011
** Description changed:
+ SRU Information:
+
+ IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is marginal.
+ FIX: Patch supplied by upstream to permit minor time differences between nodes in Rampart configuration - this formed part of the 2.0.3 security release of Eucalyptus.
+ PATCH: see attached clock_drift.patch and associated branches for each release.
+ TEST CASE:
+ - Requires at minimum a two node eucalyptus installation.
+ - Clock difference between the two nodes should be introduced.
+ - Webservice messages will then be dropped between the two nodes.
+ REGRESSION POTENTIAL: Minimal - patch supplied from upstream released version so should be well tested.
+
+ >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+
+ Original Bug Report:
+
In both EucalyptusNC/services.xml and EucalyptusCC/services.xml there's
no ClockSkewBuffer (nor TimeToLive nor PrecisionInMilliseconds),
therefore messages "from the future" (from the webservice's point of
view) won't be accepted, even if the difference in time is minimal.
This happens on a default Ubuntu 11.04 x64 cloud server installation,
after a full upgrade (apt-get update && apt-get dist-upgrade) and a
reboot.
Eucalyptus' package version is 2.0.1+bzr1256-0ubuntu4.1
-
For a more detailed description on this issue, see a question I asked in
ServerFault: http://serverfault.com/questions/313200/ubuntu-enterprise-
cloud-ncs-down-and-time-synchronization
** Description changed:
SRU Information:
- IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is marginal.
+ IMPATCT: If minor clock drift is encountered between Eucalyptus NC and CC then any messages that are in the future are rejected by RampartC, even if the time difference is minimal.
FIX: Patch supplied by upstream to permit minor time differences between nodes in Rampart configuration - this formed part of the 2.0.3 security release of Eucalyptus.
PATCH: see attached clock_drift.patch and associated branches for each release.
TEST CASE:
- Requires at minimum a two node eucalyptus installation.
- Clock difference between the two nodes should be introduced.
- Webservice messages will then be dropped between the two nodes.
REGRESSION POTENTIAL: Minimal - patch supplied from upstream released version so should be well tested.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Original Bug Report:
In both EucalyptusNC/services.xml and EucalyptusCC/services.xml there's
no ClockSkewBuffer (nor TimeToLive nor PrecisionInMilliseconds),
therefore messages "from the future" (from the webservice's point of
view) won't be accepted, even if the difference in time is minimal.
This happens on a default Ubuntu 11.04 x64 cloud server installation,
after a full upgrade (apt-get update && apt-get dist-upgrade) and a
reboot.
Eucalyptus' package version is 2.0.1+bzr1256-0ubuntu4.1
For a more detailed description on this issue, see a question I asked in
ServerFault: http://serverfault.com/questions/313200/ubuntu-enterprise-
cloud-ncs-down-and-time-synchronization
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in Ubuntu.
https://bugs.launchpad.net/bugs/854946
Title:
[SRU] Rampart's configuration on Ubuntu's package doesn't define a
default ClockSkewBuffer
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/854946/+subscriptions
More information about the Ubuntu-server-bugs
mailing list