[Bug 779702] New: Remote Update via "zypper dup" breaks when "openssh" is updated
https://bugzilla.novell.com/show_bug.cgi?id=779702 https://bugzilla.novell.com/show_bug.cgi?id=779702#c0 Summary: Remote Update via "zypper dup" breaks when "openssh" is updated Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Update Problems AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ralf@bj-ig.de QAContact: jsrain@suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.25 (KHTML, like Gecko) Version/6.0 Safari/536.25 I'm currently updating a server from Tumbleweed to 12.2 using "zypper dup". I did this via a ssh connection. The update broke when zypper updated openssh because the ssh connection was closed: [...] Installation von: pam_mktemp-1.1.1-2.1.2 [fertig] Installation von: pam_chroot-0.9.2-56.1.2 [fertig] Installation von: openssh-6.0p1-2.3.3 [97%]Connection to xxx closed by remote host. Connection to xxx closed. Reproducible: Always Steps to Reproduce: 1. zypper dup via ssh 2. wait until openssh is updated 3. connection closed, updated failed -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c
kk zhang
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c1
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c2
Ralf Müller
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c3
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c4
--- Comment #4 from Petr Cerny
In openSUSE 12.1, openssh did not contain a systemd service file and therefore the initscript was used. openSUSE 12.2 contains a service file.
My _guess_ is: Combine this with the usual behaviour of systemd when stopping a service (which means: kill all processes in the cgroup) and it could explain why your connection is killed.
I believe you are right. Init script by default does not kill existing sshd connections.
_If_ I'm right, then the only risk-less solution might be to document this in the 12.2 release notes and recommend to run zypper dup inside screen to let you re-connect easily.
Very good point. Additionally, when server access is complicated (i.e. no direct access and even no side channel in the form of a remote power control or hw-integrated management facility) having a spare sshd (note necessarily openssh, dropbear suffices) running on a different port (at least during the update) which wouldn't be affected by the update process, is a Good Idea. As it has to be done at some point I believe we could push the service file to 12.1 as well with the next maintenance update accompanied by the release notes. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c5
Christian Boltz
As it has to be done at some point I believe we could push the service file to 12.1 as well with the next maintenance update
If this means it kills open ssh connections when installing the update, please don't do it. That would be even worse than killing the connection on a distribution upgrade.
accompanied by the release notes.
I propose the following text: When upgrading from openSUSE 12.1 (or older), open SSH connections will be closed when the new openssh package is installed. If you are upgrading with "zypper dup" over SSH, run "zypper dup" inside "screen" so that you can re-connect easily. Karl, can you please add this to the release notes? (Unless Petr wants a different text, of course ;-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c6
--- Comment #6 from Petr Cerny
If this means it kills open ssh connections when installing the update, please don't do it. That would be even worse than killing the connection on a distribution upgrade.
Usually. On the other hand, our regular updates usually do not change APIs so interrupted update is IMHO less likely to render the system unusable.
I propose the following text:
I'm fine with your suggestion, although I would probably modify it slightly (mostly because I dislike screen): When upgrading from openSUSE 12.1 (or older), open SSH connections will be closed when the new openssh package is upgraded. If you are upgrading with "zypper dup" over SSH, run "zypper dup" inside a resumable terminal multiplexer (e.g. "screen" or "tmux") so that you can re-connect easily, or at least immune to connection loss (e.g. via "nohup"). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c7
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c8
Petr Cerny
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c9
--- Comment #9 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=779702
https://bugzilla.novell.com/show_bug.cgi?id=779702#c10
--- Comment #10 from Frederic Crozat
participants (1)
-
bugzilla_noreply@novell.com