Landscape Client

  1. Bug #1531150
  2. Comment #0

Comment 0 for bug 1531150

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

The package reporter is not getting the proxy settings set in /etc/landscape/client.conf. It will honor the environment variables if they are somehow set when landscape-client is started, but not if the values are just defined in that configuration file.

As a result, the following fails:
- fetching hash-id-database file
- running the SUID root /usr/lib/landscape/apt-update helper. Even though the binary it calls in turn fails (apt-get itself), the exit code is 0. It's only seen in the logs if using debug mode.

Logs from a run on a test system which is prohibited from accessing the internet directly, but does have the proxy settings in client.conf:
2016-01-05 12:41:25,678 DEBUG [MainThread] '/usr/lib/landscape/apt-update' exited with status 0 (out='Err http://archive.ubuntu.com trusty InRelease

Err http://archive.ubuntu.com trusty-updates InRelease

Err http://archive.ubuntu.com trusty-security InRelease

Err http://archive.ubuntu.com trusty Release.gpg
  Unable to connect to archive.ubuntu.com:http:
Err http://archive.ubuntu.com trusty-updates Release.gpg
  Unable to connect to archive.ubuntu.com:http:
Err http://archive.ubuntu.com trusty-security Release.gpg
  Unable to connect to archive.ubuntu.com:http:
Reading package lists...
', err='W: Failed to fetch http://archive.ubuntu.com//ubuntu/dists/trusty/InRelease

W: Failed to fetch http://archive.ubuntu.com//ubuntu/dists/trusty-updates/InRelease

W: Failed to fetch http://archive.ubuntu.com//ubuntu/dists/trusty-security/InRelease

W: Failed to fetch http://archive.ubuntu.com//ubuntu/dists/trusty/Release.gpg Unable to connect to archive.ubuntu.com:http:

W: Failed to fetch http://archive.ubuntu.com//ubuntu/dists/trusty-updates/Release.gpg Unable to connect to archive.ubuntu.com:http:

W: Failed to fetch http://archive.ubuntu.com//ubuntu/dists/trusty-security/Release.gpg Unable to connect to archive.ubuntu.com:http:

W: Some index files failed to download. They have been ignored, or old ones used instead.
')
2016-01-05 12:41:27,861 WARNING [MainThread] Couldn't download hash=>id database: Error 7: Failed to connect to landscape.canonical.com port 443: Connection refused
2016-01-05 12:41:28,012 DEBUG [MainThread] Started firing stop.
2016-01-05 12:41:28,012 DEBUG [MainThread] Finished firing stop.

Broker exchanges work just fine, as do the client pings.

One has to be careful when trying to reproduce this bug, as there are many ways the environment values can leak into the process and invalidate the test.

For example, if you have the http_proxy and https_proxy variables in root's environment, and restart the client, it will inherit those, and invalidate the test.

Or let's say you have them in ubuntu's environment, and use sudo to restart the client. They won't be propagated to the daemon by default unless -E is used, and/or the proxy variables are whitelisted in /etc/sudoers.