DuckCorp Projects: Issues
https://projects.duckcorp.org/
https://projects.duckcorp.org/favicon.ico?1669909042
2020-07-08T19:49:29Z
DuckCorp Projects
Redmine
DuckCorp Infrastructure - Review #705 (Rejected): ansible-role-httpd_php_fpm: create Unix group u...
https://projects.duckcorp.org/issues/705
2020-07-08T19:49:29Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/ansible-role-httpd_php_fpm" class="external"><code>ansible-role-httpd_php_fpm/create_unix_group_for_pool_workers</code></a></p>
<p>Create Unix group used for pool workers.</p>
<p>Fix this error:</p>
<pre>
TASK [zabbix : Generate Zabbix UI configuration]
task path: duckcorp-infra/ansible/roles/zabbix/tasks/webui.yml:30
fatal: [Orthos]: FAILED! => {
"changed": false,
"owner": "root",
"group": "root",
"mode": "0644",
"msg": "chgrp failed: failed to look up group php_sup.duckcorp.org",
"path": "/etc/zabbix/zabbix.conf.php",
"state": "file",
}
</pre>
DuckCorp Infrastructure - Review #704 (Resolved): duckcorp-infra: move supervision server
https://projects.duckcorp.org/issues/704
2020-07-08T03:04:18Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Repository/branch: <a href="https://vcs-git-viewer.duckcorp.org/?p=duckcorp/duckcorp-infra.git" class="external"><code>duckcorp-infra/move_sup_server</code></a></p>
<p>Supervision server: use Orthos instead of Nicecity</p>
<p>Tested with check mode enabled only using the following command:<br /><pre>
ansible-playbook --check -vv --diff playbooks/dc.yml -l Orthos -e_pg_version=11 -ehttpd_version=2.4.38 -ephp_minor_version=7.3
</pre></p>
DuckCorp Infrastructure - Review #687 (Resolved): encrypt ansible vault password (locally)
https://projects.duckcorp.org/issues/687
2020-03-10T15:53:45Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<ol>
<li><code>duckcorp/admin:encrypt_vault_password</code> branch: encrypt Ansible Vault password</li>
<li><code>duckcorp/duckcorp-infra:decrypt_vault_password</code> branch: decrypt Ansible Vault password when needed</li>
</ol>
DuckCorp Infrastructure - Review #632 (Resolved): dropbear in initramfs: ansibilize
https://projects.duckcorp.org/issues/632
2018-08-26T00:03:37Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<pre>
$ apt-get install dropbear-initramfs
$ cp /root/.ssh/authorized_keys /etc/dropbear-initramfs/authorized_keys
$ update-initramfs -u -k all # when above command is changed
# Because default configuration doesn't work:
# @GRUB_CMDLINE_LINUX="ip=192.168.3.5::192.168.3.1:255.255.255.0::enp3s0f0:none cgroup_enable=memory swapaccount=1"@ in /etc/default/grub
$ update-grub # above command is changed when
<pre></pre>
DuckCorp Infrastructure - Review #551 (Resolved): Orfeo: "sdb1: WRITE SAME failed. Manually zeroi...
https://projects.duckcorp.org/issues/551
2017-06-16T22:24:23Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Orfeo, in <code>/var/log/syslog</code>:</p>
<pre>
Jun 11 13:44:58 orfeo kernel: [11104758.581132] sd 4:1:2:0: [sdb]
Jun 11 13:44:58 orfeo kernel: [11104758.581192] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Jun 11 13:44:58 orfeo kernel: [11104758.581252] sd 4:1:2:0: [sdb]
Jun 11 13:44:58 orfeo kernel: [11104758.581301] Sense Key : Illegal Request [current]
Jun 11 13:44:58 orfeo kernel: [11104758.581361] sd 4:1:2:0: [sdb]
Jun 11 13:44:58 orfeo kernel: [11104758.581409] Add. Sense: No additional sense information
Jun 11 13:44:59 orfeo kernel: [11104758.581469] sd 4:1:2:0: [sdb] CDB:
Jun 11 13:44:59 orfeo kernel: [11104758.581518] Write Same(10): 41 00 00 30 64 9f 00 00 18 00
Jun 11 13:44:59 orfeo kernel: [11104758.581608] end_request: I/O error, dev sdb, sector 3171487
Jun 11 13:44:59 orfeo kernel: [11104758.581688] sdb1: WRITE SAME failed. Manually zeroing.
[...]
Jun 11 13:46:35 orfeo kernel: [11104855.008330] sd 4:1:2:0: [sdb]
Jun 11 13:46:35 orfeo kernel: [11104855.008379] Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Jun 11 13:46:35 orfeo kernel: [11104855.008438] sd 4:1:2:0: [sdb]
Jun 11 13:46:35 orfeo kernel: [11104855.008486] Sense Key : Illegal Request [current]
Jun 11 13:46:35 orfeo kernel: [11104855.008545] sd 4:1:2:0: [sdb]
Jun 11 13:46:35 orfeo kernel: [11104855.008593] Add. Sense: No additional sense information
Jun 11 13:46:35 orfeo kernel: [11104855.008651] sd 4:1:2:0: [sdb] CDB:
Jun 11 13:46:35 orfeo kernel: [11104855.008700] Write Same(10): 41 00 00 74 44 1f 00 00 08 00
Jun 11 13:46:35 orfeo kernel: [11104855.008795] sdb1: WRITE SAME failed. Manually zeroing.
</pre>
<p>The error seems to slow down the system (for example <code>slapd</code> was unavailable while this message was logged).</p>
<p>I guess we should apply this proposed solution: <a class="external" href="https://access.redhat.com/solutions/1394733">https://access.redhat.com/solutions/1394733</a>.</p>
<p>Currently <code>max_write_same_blocks</code> is enabled for <code>sdb</code>.</p>
DuckCorp Infrastructure - Review #518 (In Progress): Review branch backup
https://projects.duckcorp.org/issues/518
2017-04-03T11:58:27Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>This is a start: the committed configuration backups only PostgreSQL databases hosted on Toushirou.</p>
<p>Other hosts/directories will be added latter.</p>
DuckCorp Infrastructure - Review #507 (Resolved): Review branch entropy_role
https://projects.duckcorp.org/issues/507
2017-02-06T16:12:56Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
Bip - Bug #477 (Resolved): error in 'channel_name_list' function
https://projects.duckcorp.org/issues/477
2015-09-03T03:45:20Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Trou reported an error:</p>
<pre>
#0 0x00007ffff739d107 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff739e4e8 in __GI_abort () at abort.c:89
#2 0x00007ffff73db214 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff74ce000 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3 0x00007ffff73e09ee in malloc_printerr (action=1, str=0x7ffff74ca13f "malloc(): memory corruption", ptr=<optimized out>) at malloc.c:4996
#4 0x00007ffff73e2669 in _int_malloc (av=av@entry=0x7ffff770b620 <main_arena>, bytes=bytes@entry=257) at malloc.c:3447
#5 0x00007ffff73e4080 in __GI___libc_malloc (bytes=bytes@entry=257) at malloc.c:2891
#6 0x000055555556ff62 in bip_malloc (size=size@entry=257) at src/util.c:50
#7 0x0000555555565d01 in channel_name_list (server=0x555555806010, c=c@entry=0x5555559f3ba0) at src/irc.c:129
#8 0x0000555555565f04 in irc_send_join (chan=0x5555559f3ba0, ic=<optimized out>, ic=<optimized out>) at src/irc.c:548
#9 0x0000555555568386 in irc_cli_make_join (ic=0x555555aafe60) at src/irc.c:664
#10 irc_cli_startup (bip=bip@entry=0x7fffffffb000, ic=ic@entry=0x555555aafe60, line=<optimized out>) at src/irc.c:824
#11 0x0000555555568914 in irc_cli_pass (line=<optimized out>, ic=<optimized out>, bip=<optimized out>) at src/irc.c:884
#12 irc_dispatch_loging_client (line=0x555555abcad0, ic=0x555555aafe60, bip=0x7fffffffb000) at src/irc.c:1251
#13 irc_dispatch (bip=bip@entry=0x7fffffffb000, l=l@entry=0x555555aafe60, line=line@entry=0x555555abcad0) at src/irc.c:1266
#14 0x000055555556a70f in bip_on_event (bip=bip@entry=0x7fffffffb000, conn=0x555555ab45a0) at src/irc.c:2488
#15 0x000055555556a943 in irc_main (bip=0x7fffffffb000) at src/irc.c:2563
#16 0x000055555555b3e0 in main (argc=<optimized out>, argv=<optimized out>) at src/bip.c:1323
</pre>
<p>Reporter uses revision <a class="changeset" title="Allow to configure the delay before a reconnection Initial patch submitted by Romain Gayon, than..." href="https://projects.duckcorp.org/projects/bip/repository/bip/revisions/4eec0844521fd52b6dec8edd67bf5ea3a5082092">4eec0844</a>.</p>
Bip - Bug #432 (Resolved): authenticated bip users could stop bip daemon
https://projects.duckcorp.org/issues/432
2015-01-15T03:56:50Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Fran found that these commands allow an authenticated bip user to stop bip daemon:<br /><pre>
{ echo PASS bipnick:mysecretpassword:freenode; echo NICK Pilou; echo USER Pilou 0 Pilou :blah; sleep 2; } | telnet 127.0.0.1 7778 | read
</pre></p>
<pre>
15-01-2015 04:26:44 DEBUG: Trying to accept new client on 0
15-01-2015 04:26:44 DEBUG: New client on socket 41 !
15-01-2015 04:26:44 DEBUG: fd:41 Connection established !
15-01-2015 04:26:44 DEBUG: "PASS bipnick:mysecretpassword:freenode"
15-01-2015 04:26:44 DEBUG: "NICK Pilou"
15-01-2015 04:26:44 DEBUG: "USER Pilou 0 Pilou :blah"
15-01-2015 04:26:44 DEBUG: Connection close asked. FD:41
15-01-2015 04:26:44 DEBUG: A client connected
15-01-2015 04:26:44 FATAL: select(): Bad file descriptor
</pre>
Bip - Enhancement #343 (New): Allow to blreset all queries or all channels
https://projects.duckcorp.org/issues/343
2014-07-24T00:21:01Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p><code>blreset</code> command allows to reset backlog of an entire connection, a chan, a query.</p>
<p>Be able to reset all queries or all channels would be a nice feature.</p>
Bip - Bug #342 (New): 'list connections' command doesn't display status of channels
https://projects.duckcorp.org/issues/342
2014-07-24T00:13:06Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>It seems that output of <code>list connections</code> command should use a suffix on channels without backlog: <a class="source" href="https://projects.duckcorp.org/projects/bip/repository/bip/entry/src/bip.c#L1395">source:src/bip.c#L1395</a>, but this is not the case.</p>
<p><code>list connections</code> doesn't display a suffix on any channel:</p>
<pre>
02:04:18 Pilou | list connections
[...]
02:04:18 -bip | * milkypond to milkypond as "pilou" (pilou!pilou) :
02:04:18 -bip | Options:
02:04:18 -bip | Channels (* with key, ` no backlog) #test #milkypond #DuckCorp
02:04:18 -bip | Status: connected !
</pre>
Bip - Bug #341 (New): 'bip list connections' command should display queries
https://projects.duckcorp.org/issues/341
2014-07-24T00:01:23Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>The command <code>bip list connections</code> lists channels for all connections.</p>
<p>Queries could be listed too.</p>
Bip - Bug #339 (Rejected): Client side ssl not working
https://projects.duckcorp.org/issues/339
2014-06-10T14:02:00Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>kick wrote on irc:</p>
<blockquote>
<p>I copied my working config file from my bip 0.8.8-2<br />and I've got ssl handshake problems.. <br />I'm using a ubnutu trusty for bip 0.8.9-1 <br />I have a bip.pem set, with good owner and permissions.</p>
</blockquote>
<p>Error in client:</p>
<blockquote>
<p>connexion a échoué. Erreur : (336151568) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure</p>
</blockquote>
<p>bip.log contains:</p>
<blockquote>
<p>139638493165216:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1358:ERROR: Error in SSL handshake.</p>
</blockquote>
<p><strong>bip 0.8.8-2, sslv3</strong><br /><pre>
openssl s_client -ssl3 -connect edited.bip.server:7778
CONNECTED(00000003)
depth=0 C = fr, O = Sexy boys, OU = Bip, CN = Bip
verify error:num=18:self signed certificate
verify return:1
depth=0 C = fr, O = Sexy boys, OU = Bip, CN = Bip
verify return:1
---
Certificate chain
0 s:/C=fr/O=Sexy boys/OU=Bip/CN=Bip
i:/C=fr/O=Sexy boys/OU=Bip/CN=Bip
---
Server certificate
-----BEGIN CERTIFICATE-----
EDITED XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
subject=/C=fr/O=Sexy boys/OU=Bip/CN=Bip
issuer=/C=fr/O=Sexy boys/OU=Bip/CN=Bip
---
No client certificate CA names sent
---
SSL handshake has read 2318 bytes and written 364 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Session-ID: EDITED XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: EDITED XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1402406408
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
</pre></p>
<p><strong>bip 0.8.8-2, tls1</strong><br /><pre>
openssl s_client -tls1 -connect server.bip.edited:7778
CONNECTED(00000003)
depth=0 C = fr, O = Sexy boys, OU = Bip, CN = Bip
verify error:num=18:self signed certificate
verify return:1
depth=0 C = fr, O = Sexy boys, OU = Bip, CN = Bip
verify return:1
---
Certificate chain
0 s:/C=fr/O=Sexy boys/OU=Bip/CN=Bip
i:/C=fr/O=Sexy boys/OU=Bip/CN=Bip
---
Server certificate
-----BEGIN CERTIFICATE-----
Edited XXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
subject=/C=fr/O=Sexy boys/OU=Bip/CN=Bip
issuer=/C=fr/O=Sexy boys/OU=Bip/CN=Bip
---
No client certificate CA names sent
---
SSL handshake has read 2454 bytes and written 423 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: Edited XXXXXXXXXXXXXXXXXXXXXXX
Session-ID-ctx:
Master-Key: Edited XXXXXXXXXXXXXXXXXXXXXXX
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 60 (seconds)
TLS session ticket:
0000 - 0d b9 57 57 8b b7 cd bf-70 3c 72 79 d0 f4 6f 81 ..WW....p<ry..o.
0010 - e4 30 64 d1 97 96 62 05-8c ed 45 8e d8 36 d6 52 .0d...b...E..6.R
0020 - 37 65 b5 7d 6d 19 5c 8e-22 ab 31 4c a5 b9 ac 6a 7e.}m.\.".1L...j
Edited XXXXXXXXXXXXXXXXXXXXXXX
0080 - f7 cc ab e5 18 cc 33 28-b0 7a 12 46 3f 21 ba 1b ......3(.z.F?!..
0090 - c0 9b 4c 8b 61 3a 4d d4-78 e8 77 91 80 b9 ab a1 ..L.a:M.x.w.....
Start Time: 1402406391
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
---
</pre></p>
<p><strong>bip 0.8.9-1, sslv3</strong><br /><pre>
openssl s_client -ssl3 -connect edited:7778
CONNECTED(00000003)
140228681320096:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
140228681320096:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1402406211
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
</pre></p>
<p><strong>bip 0.8.9-1, tls1</strong><br /><pre>
openssl s_client -tls1 -connect edited:7778
CONNECTED(00000003)
140587600295584:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
140587600295584:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1402406299
Timeout : 7200 (sec)
Verify return code: 0 (ok)
</pre></p>
Bip - Bug #325 (Resolved): Segfault: "/BIP DEL_CONN <connection name>" and "/BIP ADD_CONN <connec...
https://projects.duckcorp.org/issues/325
2014-04-13T17:36:25Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>As a bip administrator (<code>bip.conf</code>: <code>admin = true;</code> in <code>user</code> section) when using the following commands:</p>
<pre>
/BIP DEL_CONN <connection name>
/BIP ADD_CONN <connection name> <network>
</pre>
<p>a segfault occurs:</p>
<pre>
[317679.982877] traps: bip[4515] general protection ip:7fb5eb171ec9 sp:7fff7a0b3ad0 error:0 in bip[7fb5eb15f000+26000]
</pre>
<p>Sometimes only the first command <code>/BIP DEL_CONN <connection name></code> is enough to trigger the segfault.</p>
<p>I have listed two different backtraces:</p>
<ol>
<li><code>irc_cli_startup</code><br /><pre>
#0 0x00007f8df68ebeeb in irc_cli_startup (bip=bip@entry=0x7fff016b2180, ic=ic@entry=0x7f8df7cb7d90, line=<optimized out>) at src/irc.c:737
#1 0x00007f8df68ec773 in irc_cli_pass (line=<optimized out>, ic=<optimized out>, bip=<optimized out>) at src/irc.c:873
#2 irc_dispatch_loging_client (line=0x7f8df7c9dbb0, ic=0x7f8df7cb7d90, bip=0x7fff016b2180) at src/irc.c:1240
#3 irc_dispatch (bip=bip@entry=0x7fff016b2180, l=l@entry=0x7f8df7cb7d90, line=line@entry=0x7f8df7c9dbb0) at src/irc.c:1255
#4 0x00007f8df68ee48f in bip_on_event (bip=bip@entry=0x7fff016b2180, conn=0x7f8df7c7ed00) at src/irc.c:2482
#5 0x00007f8df68ee6c3 in irc_main (bip=0x7fff016b2180) at src/irc.c:2557
#6 0x00007f8df68df338 in main (argc=<optimized out>, argv=<optimized out>) at src/bip.c:1318
</pre></li>
<li><code>irc_server_lag_compute</code><br /><pre>
#0 irc_server_lag_compute (l=l@entry=0x7f442613d930) at src/irc.c:2206
#1 0x00007f4425b4a162 in bip_tick (bip=bip@entry=0x7fffc20c4650) at src/irc.c:2398
#2 0x00007f4425b4a718 in irc_main (bip=0x7fffc20c4650) at src/irc.c:2546
#3 0x00007f4425b3b338 in main (argc=<optimized out>, argv=<optimized out>) at src/bip.c:1318
</pre></li>
</ol>
Bip - Bug #313 (Resolved): Bip fails to build without ssl
https://projects.duckcorp.org/issues/313
2013-11-04T07:48:44Z
Pierre-Louis Bonicoli
pierre-louis.bonicoli@ir5.eu
<p>Reported by Whoopie.</p>
<p>Bip fails to build without ssl.</p>
<p>How to reproduce:</p>
<pre>
autoreconf -i -Wall
./configure --enable-maintainer-mode --without-openssl
make
</pre>
<p>Error is:<br /><pre>
depbase=`echo src/bip.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DHAVE_CONFIG_H -I. -I./src -Wall -Wextra -Werror -g -O2 -fPIE -MT src/bip.o -MD -MP -MF $depbase.Tpo -c -o src/bip.o src/bip.c &&\
mv -f $depbase.Tpo $depbase.Po
src/bip.c: In function 'adm_bip':
src/bip.c:2259:3: error: implicit declaration of function 'adm_trust' [-Werror=implicit-function-declaration]
return adm_trust(ic, line);
^
cc1: all warnings being treated as errors
make[1]: *** [src/bip.o] Error 1
make[1]: Leaving directory `/tmp/bip2'
make: *** [all] Error 2
</pre><br />Whoopie suggested this patch:<br /><a class="external" href="http://freetz.org/browser/trunk/make/bip/patches/111-no_ssl.patch">http://freetz.org/browser/trunk/make/bip/patches/111-no_ssl.patch</a></p>