[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
Ćukasz Zemczak
1898547 at bugs.launchpad.net
Thu Nov 5 14:52:01 UTC 2020
Hello Albert, or anyone else affected,
Accepted iptables into groovy-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/iptables/1.8.5-3ubuntu2.20.10.1 in
a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed. Your feedback will aid us getting this
update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
groovy to verification-done-groovy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-groovy. In either case, without details of your testing we will
not be able to proceed.
Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in
advance for helping!
N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.
** Changed in: iptables (Ubuntu Groovy)
Status: In Progress => Fix Committed
** Tags added: verification-needed verification-needed-groovy
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Title:
neutron-linuxbridge-agent fails to start with iptables 1.8.5
Status in iptables package in Ubuntu:
Fix Committed
Status in neutron package in Ubuntu:
Invalid
Status in iptables source package in Groovy:
Fix Committed
Status in neutron source package in Groovy:
Invalid
Status in iptables source package in Hirsute:
Fix Committed
Status in neutron source package in Hirsute:
Invalid
Bug description:
[Impact]
With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start.
The log file shows many errors like:
2020-10-05 10:20:37.998 551 ERROR
neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr:
iptables-restore: line 29 failed
This can be demonstrated with a simple test case:
iptables-restore <<EOF
*filter
:INPUT - [0:0]
COMMIT
EOF
This fails with iptables 1.8.5 and is a known upstream bug that was
subsequently fixed in upstream commit
https://git.netfilter.org/iptables/commit/?id=0bd7a8eaf3582159490ab355b1217a4e42ed021f
As such, neutron-linuxbridge-agent is not able to be used successfully
on groovy. This fix to iptables is required to allow neutron-
linuxbridge-agent to successfully run.
In hirsute, iptables 1.8.5-3ubuntu3 has been uploaded which fixes this
bug by backporting the upstream fix from commit
0bd7a8eaf3582159490ab355b1217a4e42ed021f above. This is currently
sitting in hirsute-proposed waiting for autopkgtests to complete to
finish migration.
For groovy, iptables 1.8.5-3ubuntu2.20.10.1 is sitting in Unapproved
and is the subject of this SRU (this is simply 1.8.5-3ubuntu3 packaged
for groovy)
[Test Case]
This can be reproduced by the test case.
[Regression Potential]
* This is a low risk update since it only affects the behaviour when
a policy of '-' is specified and so does not affect any users of
iptables that specify an explicit policy (like ACCEPT, REJECT etc).
Since this '-' behaviour is currently broken it has a very low chance
of causing a regression as it does not affect any code paths the use
an explicit policy.
* In the event of a regression, iptables can be reverted back to a
rebuild of 1.8.5-3ubuntu1 by simply backing out this patch.
[Other Info]
* Details regarding an explicit test verification of neutron-linuxbridge-agent will be added soon.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list