[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
I have verified the fixed package, see attached terminal output. Steps taken: - check package version - verify nf_tables is used - check default chains have not been created yet - run test case - check if default chain has been created After that I upgraded the iptables packages on my neutron and compute hosts and rebooted them. Without any manual intervention the linuxbridge-agent was started and I could start a new instance which entered the "Running" state and had network connectivity. The linuxbridge-agent logs did not contain errors regarding iptables after the reboot. ** Attachment added: "bug1898547_verification" https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1898547/+attachment/5431817/+files/bug1898547_verification ** Tags removed: verification-needed-groovy ** Tags added: verification-done-groovy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 Status in Ubuntu on IBM z Systems: Fix Committed Status in iptables package in Ubuntu: Fix Committed Status in neutron package in Ubuntu: Invalid Status in iptables source package in Groovy: Fix Committed Status in neutron source package in Groovy: Invalid Status in iptables source package in Hirsute: Fix Committed Status in neutron source package in Hirsute: Invalid Bug description: [Impact] With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start. The log file shows many errors like: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr: iptables-restore: line 29 failed This can be demonstrated with a simple test case: iptables-restore
[Touch-packages] [Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
I could reproduce the issue by building git v1.8.5 and the issue was fixed after cherry-picking "iptables-nft: fix basechain policy configuration" $ git log commit 8d985eb4eb7a23fd98b75d71179af40169144cc5 (HEAD -> bug1898547) Author: Pablo Neira Ayuso Date: Fri Oct 2 13:44:36 2020 +0200 iptables-nft: fix basechain policy configuration Previous to this patch, the basechain policy could not be properly configured if it wasn't explictly set when loading the ruleset, leading to iptables-nft-restore (and ip6tables-nft-restore) trying to send an invalid ruleset to the kernel. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso commit 14ac250946289e280fb09ef978a45042871275b0 (tag: v1.8.5) Author: Pablo Neira Ayuso Date: Wed Jun 3 11:37:52 2020 +0200 configure: bump version for 1.8.5 release Signed-off-by: Pablo Neira Ayuso ** Also affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to iptables in Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 Status in iptables package in Ubuntu: New Status in neutron package in Ubuntu: Invalid Bug description: Ubuntu Groovy (20.10) kernel 5.8.0-20-generic neutron-linuxbridge-agent: 2:17.0.0~git2020091014.215a541bd4-0ubuntu1 iptables: 1.8.5-3ubuntu1 (nf_tables) iptables-restore points to xtables-nft-multi After upgrading iptables from 1.8.4 to 1.8.5 and rebooting the neutron network node, neutron-linuxbridge-agent didn't properly start anymore. The log file shows many errors like: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr: iptables-restore: line 29 failed Downgrading iptables to 1.8.4 solves the problem. Trying to do what the linuxbridge agent does: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent *filter 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent :FORWARD - [0:0] shows that iptables-restore
[Touch-packages] [Bug 1756846] Re: bridge-utils incompatible with ifupdown on bionic
apt-cache show bridge-utils | grep -E "Pack|Vers|Confl" Package: bridge-utils Version: 1.5-15ubuntu1 Conflicts: ifupdown (<< 0.8.17) So that conflict applies to ifupdown 0.8.16ubuntu2 in Bionic -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bridge-utils in Ubuntu. https://bugs.launchpad.net/bugs/1756846 Title: bridge-utils incompatible with ifupdown on bionic Status in bridge-utils package in Ubuntu: Confirmed Bug description: $ apt-cache policy ifupdown bridge-utils ifupdown: Installed: (none) Candidate: 0.8.16ubuntu2 Version table: 0.8.16ubuntu2 500 500 http://gb.archive.ubuntu.com/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status bridge-utils: Installed: 1.5-15ubuntu1 Candidate: 1.5-15ubuntu1 Version table: *** 1.5-15ubuntu1 500 500 http://gb.archive.ubuntu.com/ubuntu bionic/main amd64 Packages 100 /var/lib/dpkg/status $ sudo apt-get install ifupdown Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: rdnssd The following packages will be REMOVED bridge-utils The following NEW packages will be installed ifupdown 0 to upgrade, 1 to newly install, 1 to remove and 0 not to upgrade. Need to get 55.2 kB of archives. After this operation, 119 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://gb.archive.ubuntu.com/ubuntu bionic/main amd64 ifupdown amd64 0.8.16ubuntu2 [55.2 kB] Fetched 55.2 kB in 0s (1,280 kB/s) (Reading database ... 251311 files and directories currently installed.) Removing bridge-utils (1.5-15ubuntu1) ... Selecting previously unselected package ifupdown. (Reading database ... 251286 files and directories currently installed.) Preparing to unpack .../ifupdown_0.8.16ubuntu2_amd64.deb ... Unpacking ifupdown (0.8.16ubuntu2) ... Setting up ifupdown (0.8.16ubuntu2) ... Processing triggers for ureadahead (0.100.0-20) ... ureadahead will be reprofiled on next reboot Processing triggers for systemd (237-3ubuntu4) ... Processing triggers for man-db (2.8.2-1) ... $ sudo apt-get install bridge-utils Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: ifupdown The following packages will be REMOVED ifupdown The following NEW packages will be installed bridge-utils 0 to upgrade, 1 to newly install, 1 to remove and 0 not to upgrade. Need to get 0 B/30.1 kB of archives. After this operation, 119 kB disk space will be freed. Do you want to continue? [Y/n] y (Reading database ... 251318 files and directories currently installed.) Removing ifupdown (0.8.16ubuntu2) ... Selecting previously unselected package bridge-utils. (Reading database ... 251286 files and directories currently installed.) Preparing to unpack .../bridge-utils_1.5-15ubuntu1_amd64.deb ... Unpacking bridge-utils (1.5-15ubuntu1) ... Setting up bridge-utils (1.5-15ubuntu1) ... Processing triggers for man-db (2.8.2-1) ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bridge-utils/+bug/1756846/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp