Ubuntu kickstart uses ubuntu servers, even when told not to



6 years ago
5 years ago


(Reporter: dustin, Assigned: dustin)



The KS profile contains

  url --url http://repos/repos/apt/ubuntu

but the installed system contains packages like
that were added to precise-security only a few days ago -- months after we mirrored the puppetagain repo.  Searching the mirrored repos on the puppet masters confirms no such package.

I haven't looked *too* hard to see if I can figure out why this is the case, or if there's a workaround.  I think our immediate fix will be to re-mirror precise-security.
These are the first five entries in apt/history.log on the newly-installed system:

Start-Date: 2013-02-21  09:23:31
Commandline: apt-get -o APT::Status-Fd=4 -o APT::Keep-Fds::=5 -o APT::Keep-Fds::=6 -q -y --no-remove install linux-generic
Install: libnl-3-200:amd64 (3.2.3-2ubuntu2, automatic), linux-image-3.2.0-37-generic:amd64 (3.2.0-37.58), wireless-regdb:amd64 (2011.04.28-1ubuntu3, automatic), linux-headers-3.2.0-37:amd64 (3.2.0-37.58, automatic), linux-generic:amd64 (, linux-headers-3.2.0-37-generic:amd64 (3.2.0-37.58, automatic), linux-firmware:amd64 (1.79), libnl-genl-3-200:amd64 (3.2.3-2ubuntu2, automatic), crda:amd64 (1.1.2-1ubuntu1, automatic), linux-headers-generic:amd64 (, linux-image-generic:amd64 (
End-Date: 2013-02-21  09:23:54

Start-Date: 2013-02-21  09:23:55
Commandline: apt-get -o APT::Status-Fd=4 -o APT::Keep-Fds::=5 -o APT::Keep-Fds::=6 -q -y --no-remove install pciutils
Install: libpci3:amd64 (3.1.8-2ubuntu5, automatic), pciutils:amd64 (3.1.8-2ubuntu5)
End-Date: 2013-02-21  09:23:57

Start-Date: 2013-02-21  09:23:58
Commandline: apt-get -o APT::Status-Fd=4 -o APT::Keep-Fds::=5 -o APT::Keep-Fds::=6 -q -y --no-remove install usbutils
Install: usbutils:amd64 (005-1), libusb-1.0-0:amd64 (1.0.9~rc3-2ubuntu1, automatic)
End-Date: 2013-02-21  09:24:00

Start-Date: 2013-02-21  09:24:19
Commandline: apt-get -o APT::Status-Fd=4 -o APT::Keep-Fds::=5 -o APT::Keep-Fds::=6 -q -y install tasksel
Install: python-debian:amd64 (0.1.21ubuntu1, automatic), tasksel-data:amd64 (2.88ubuntu9, automatic), laptop-detect:amd64 (0.13.7ubuntu2, automatic), xz-lzma:amd64 (5.1.1alpha+20110809-3, automatic), iso-codes:amd64 (3.31-1, automatic), perl:amd64 (5.14.2-6ubuntu2.2, automatic), libsub-name-perl:amd64 (0.05-1build2, automatic), libparse-debianchangelog-perl:amd64 (1.2.0-1ubuntu1, automatic), aptitude:amd64 (0.6.6-1ubuntu1, automatic), python-apt:amd64 (0.8.3ubuntu7, automatic), libtimedate-perl:amd64 (1.2000-1, automatic), perl-modules:amd64 (5.14.2-6ubuntu2.2, automatic), python-apt-common:amd64 (0.8.3ubuntu7, automatic), libsigc++-2.0-0c2a:amd64 (2.2.10-0ubuntu2, automatic), libcwidget3:amd64 (0.5.16-3.1ubuntu1, automatic), libboost-iostreams1.46.1:amd64 (1.46.1-7ubuntu3, automatic), libclass-isa-perl:amd64 (0.36-3, automatic), libgdbm3:amd64 (1.8.3-10, automatic), python-xapian:amd64 (1.2.8-1, automatic), apt-xapian-index:amd64 (0.44ubuntu5, automatic), libxapian22:amd64 (1.2.8-1, automatic), python-chardet:amd64 (2.0.1-2build1, automatic), libio-string-perl:amd64 (1.08-2, automatic), libswitch-perl:amd64 (2.16-2, automatic), tasksel:amd64 (2.88ubuntu9), libept1.4.12:amd64 (1.0.6~exp1ubuntu1, automatic), libclass-accessor-perl:amd64 (0.34-1, automatic), dmidecode:amd64 (2.11-4, automatic)
Upgrade: perl-base:amd64 (5.14.2-6ubuntu2, 5.14.2-6ubuntu2.2)
End-Date: 2013-02-21  09:24:40

Start-Date: 2013-02-21  09:24:50
Commandline: apt-get -o APT::Status-Fd=4 -o APT::Keep-Fds::=5 -o APT::Keep-Fds::=6 -q -y -o APT::Install-Recommends=false -o DPkg::options=--force-confnew upgrade
Upgrade: libc-bin:amd64 (2.15-0ubuntu10, 2.15-0ubuntu10.2), libdbus-1-3:amd64 (1.4.18-1ubuntu1, 1.4.18-1ubuntu1.3), libapt-inst1.4:amd64 (0.8.16~exp12ubuntu10, 0.8.16~exp12ubuntu10.7), libexpat1:amd64 (2.0.1-7.2ubuntu1, 2.0.1-7.2ubuntu1.1), apt-utils:amd64 (0.8.16~exp12ubuntu10, 0.8.16~exp12ubuntu10.7), apt:amd64 (0.8.16~exp12ubuntu10, 0.8.16~exp12ubuntu10.7), sudo:amd64 (1.8.3p1-1ubuntu3, 1.8.3p1-1ubuntu3.2), multiarch-support:amd64 (2.15-0ubuntu10, 2.15-0ubuntu10.2), libapt-pkg4.12:amd64 (0.8.16~exp12ubuntu10, 0.8.16~exp12ubuntu10.7), isc-dhcp-client:amd64 (4.1.ESV-R4-0ubuntu5, 4.1.ESV-R4-0ubuntu5.5), tzdata:amd64 (2012b-1, 2012e-0ubuntu0.12.04.1), gpgv:amd64 (1.4.11-3ubuntu2, 1.4.11-3ubuntu2.2), isc-dhcp-common:amd64 (4.1.ESV-R4-0ubuntu5, 4.1.ESV-R4-0ubuntu5.5), libc6:amd64 (2.15-0ubuntu10, 2.15-0ubuntu10.2), libssl1.0.0:amd64 (1.0.1-4ubuntu3, 1.0.1-4ubuntu5.6), gnupg:amd64 (1.4.11-3ubuntu2, 1.4.11-3ubuntu2.2)
End-Date: 2013-02-21  09:25:10

You can see the fifth installed the version of libssl1.0.0 that's not available on our mirrors.
From https://help.ubuntu.com/12.04/installation-guide/amd64/preseed-contents.html


Apt setup

Setup of the /etc/apt/sources.list and basic configuration options is fully automated based on your installation method and answers to earlier questions. You can optionally add other (local) repositories.

# You can choose to install restricted and universe software, or to install
# software from the backports repository.
#d-i apt-setup/restricted boolean true
#d-i apt-setup/universe boolean true
#d-i apt-setup/backports boolean true
# Uncomment this if you don't want to use a network mirror.
#d-i apt-setup/use_mirror boolean false
# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
#d-i apt-setup/services-select multiselect security
#d-i apt-setup/security_host string security.ubuntu.com
#d-i apt-setup/security_path string /ubuntu

# Additional repositories, local[0-9] available
#d-i apt-setup/local0/repository string \
#       http://local.server/ubuntu precise main
#d-i apt-setup/local0/comment string local server
# Enable deb-src lines
#d-i apt-setup/local0/source boolean true
# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out
#d-i apt-setup/local0/key string http://local.server/key

# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
#d-i debian-installer/allow_unauthenticated boolean true


However, having just re-mirrored, I don't have a good way to determine if this is effective.  I'll leave this open until the next time it rears its head, and we can try adding

preseed apt-setup/services-select multiselect security
preseed apt-setup/security_host string repos
preseed apt-setup/security_path string /repos/apt/ubuntu

to the kickstart config.
This bit me again.  Grr.  I'm going to add those lines to the KS config in infra puppet and retry.
Last Resolved: 6 years ago
Resolution: --- → FIXED
Component: Server Operations: RelEng → RelOps
Product: mozilla.org → Infrastructure & Operations
You need to log in before you can comment on or make changes to this bug.