Bug 53558 - Veyon crashes if iTALC Client in Computerroom
Veyon crashes if iTALC Client in Computerroom
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Veyon
unspecified
Other Linux
: P5 normal (vote)
: UCS@school 5.0 v2
Assigned To: Felix Botner
Tobias Wenzel
:
Depends on:
Blocks: 54884
  Show dependency treegraph
 
Reported: 2021-07-09 12:41 CEST by Dirk Schnick
Modified: 2022-07-15 08:31 CEST (History)
13 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 3: A User would likely not purchase the product
User Pain: 0.257
Enterprise Customer affected?: Yes
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2021060921000233, 2021062921000455
Bug group (optional):
Max CVSS v3 score:


Attachments
dont add duplicate jobs (2.31 KB, patch)
2021-08-17 08:44 CEST, Julia Bremer
Details | Diff
docker.log (4.62 KB, text/plain)
2021-08-17 09:29 CEST, Dirk Schnick
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Schnick univentionstaff 2021-07-09 12:41:50 CEST
If a client is not switched from iTalk to Veyon f.e. opsi rollout failed on this client, the Veyon proxy and the computerroom module will crash or become not responsive. You need to restart both services.

The Veyon proxy app should be robust enough to handle a non Veyon speaking client.
Simply ignore would work, excellent would be a pop up like "Client XY is not configured using Veyon. Please check. Will ignore this client(s)"

Happened in two customer environments already.
Comment 1 Ingo Steuwer univentionstaff 2021-08-17 07:52:54 CEST
@patrick: we should check whether this can be fixed upstream
Comment 5 Dirk Schnick univentionstaff 2021-08-17 09:27:45 CEST
From my ticket I got the now attached docker.log. The same buffer overflow seems to be logged in kern.log as Daniel mentioned in the other pointed ticket.

I will try to reproduce that in my test environment to get more logs and closer details as f.e. network traffic log.
Comment 6 Dirk Schnick univentionstaff 2021-08-17 09:29:02 CEST
Created attachment 10801 [details]
docker.log
Comment 8 Tobias Junghans 2021-08-20 14:37:58 CEST
An updated Veyon WebAPI Proxy Docker container is available for testing. Please pull veyon/webapi-proxy:4.5.7.17 and check whether it fixes the issue when connecting to computers running the iTALC server. It contains several improvements to handle protocol errors during the authentication stage more reliably (see today's commits at https://github.com/veyon/veyon/commits/4.5) and even reports protocol mismatches via a new WebAPI error code (ProtocolMismatch=12 with HTTP status code 501). This new error code can be used to indicate Veyon deployment issues in the computer room module.

BTW the container no longer is based on Ubuntu 20.04. Instead debian:bullseye-slim is used as base image.
Comment 15 Felix Botner univentionstaff 2022-06-22 12:12:28 CEST
- 5.0 MR https://git.knut.univention.de/univention/ucsschoo/-/merge_requests/120
  - remove veyon session if it becomes invalid (e.g. after a docker restart ...)
  - spread update over time in run()
  - added 92_ucsschool-veyon (currently unused)

- Veyon App
  - new version 4.4/ucsschool-veyon-proxy=4.6.0.0-0 (UCS 4.4 and 5.0)
  - based on veyon/webapi-proxy:4.6.0.0
  - new app setting `veyon/WebAPI/ConnectionLimit` for the connection limit conf, new default 200 (instead of 5000), *.settings
  - new configure_host script to apply app settings
  - in the preinst we now so `--restart unless-stopped` for the app, so that after a crash the container is restarted
Comment 16 Felix Botner univentionstaff 2022-06-30 13:46:43 CEST
successful build
Package: ucs-school-umc-computerroom
Version: 12.0.11A~5.0.0.202206301342
Branch: ucs_5.0-0
Scope: ucs-school-5.0
Comment 17 Tobias Wenzel univentionstaff 2022-07-01 08:59:21 CEST
QA -> all ok

verify

changelog ok
advisory ok
code ok
jenkins happy
manual testing ok


I ran the provided test script: up to 200 connections are ok. 
With veyon/WebAPI/ConnectionLimit=200 the veyon webapi now returns 429.
After a crash, the container is restarted.
Comment 18 Tobias Wenzel univentionstaff 2022-07-15 08:31:11 CEST
UCS@school 5.0 v2 has been released.

https://docs.software-univention.de/changelog-ucsschool-5.0v2-de.html

If this error occurs again, please clone this bug.