[Ubuntu-ha] [Bug 1627083] Re: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead
commit 92c49b6f2847546f3f938b10a2a97021774f0be3 Author: Jan Pokorný Date: Wed Dec 4 14:36:59 2019 +0100 IPaddr2: ipt_CLUSTERIP "iptables" extension not "nft" backend compatible Reference: https://lists.clusterlabs.org/pipermail/users/2019-December/026674.html (thread also sketches a future ambition for a [presumably, to revert the habit of a functional overloading] separate agent to use "xt_cluster" extension/cluster match). Signed-off-by: Jan Pokorný --- It is a well known upstream decision and it has been recently documented in v4.5.0 of "resource-agents". The following resource-agent description is about to get added to Focal when FFe: https://bugs.launchpad.net/ubuntu/+source/resource-agents/+bug/1866383 is accepted and merge is finished. ** Also affects: resource-agents (Ubuntu) Importance: Undecided Status: New ** No longer affects: strongswan (Ubuntu) ** No longer affects: pacemaker (Ubuntu) ** Changed in: resource-agents (Ubuntu) Importance: Undecided => Wishlist ** Changed in: resource-agents (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to pacemaker in Ubuntu. https://bugs.launchpad.net/bugs/1627083 Title: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead Status in resource-agents package in Ubuntu: Confirmed Bug description: pacemaker still uses iptable's "CLUSTERIP" -- and dmesg shows a deprecation warning: [ 15.027333] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 15.027464] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead ~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination CLUSTERIP all -- anywhere proxy.charite.de CLUSTERIP hashmode=sourceip-sourceport clustermac=EF:EE:6B:F9:7B:67 total_nodes=4 local_node=2 hash_init=0 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: pacemaker 1.1.14-2ubuntu1.1 ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 Uname: Linux 4.4.0-38-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 17:26:01 2016 InstallationDate: Installed on 2014-08-19 (766 days ago) InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3) SourcePackage: pacemaker UpgradeStatus: Upgraded to xenial on 2016-09-22 (1 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/resource-agents/+bug/1627083/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-ha Post to : ubuntu-ha@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
[Ubuntu-ha] [Bug 1627083] Re: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead
** Tags added: ubuntu-ha -- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to pacemaker in Ubuntu. https://bugs.launchpad.net/bugs/1627083 Title: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead Status in pacemaker package in Ubuntu: Triaged Status in strongswan package in Ubuntu: Triaged Bug description: pacemaker still uses iptable's "CLUSTERIP" -- and dmesg shows a deprecation warning: [ 15.027333] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 15.027464] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead ~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination CLUSTERIP all -- anywhere proxy.charite.de CLUSTERIP hashmode=sourceip-sourceport clustermac=EF:EE:6B:F9:7B:67 total_nodes=4 local_node=2 hash_init=0 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: pacemaker 1.1.14-2ubuntu1.1 ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 Uname: Linux 4.4.0-38-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 17:26:01 2016 InstallationDate: Installed on 2014-08-19 (766 days ago) InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3) SourcePackage: pacemaker UpgradeStatus: Upgraded to xenial on 2016-09-22 (1 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pacemaker/+bug/1627083/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-ha Post to : ubuntu-ha@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
[Ubuntu-ha] [Bug 1627083] Re: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead
For strongswan, I found a reference in a 2018 workshop to work on xt_cluster support: https://wiki.strongswan.org/projects/strongswan/wiki/Linux_IPsec_Workshop_2018 No open bug reports about moving from ipt_CLUSTERIP to xt_cluster, just references in old bugs about how that was wanted, but just not done yet. For pacemaker, I couldn't find results even mentioning the problem, other than this bug. Looks like it will be some time still until ipt_CLUSTERIP is abandoned. ** Changed in: strongswan (Ubuntu) Importance: Undecided => Wishlist ** Changed in: pacemaker (Ubuntu) Importance: Undecided => Wishlist ** Changed in: strongswan (Ubuntu) Status: New => Triaged ** Changed in: pacemaker (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to pacemaker in Ubuntu. https://bugs.launchpad.net/bugs/1627083 Title: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead Status in pacemaker package in Ubuntu: Triaged Status in strongswan package in Ubuntu: Triaged Bug description: pacemaker still uses iptable's "CLUSTERIP" -- and dmesg shows a deprecation warning: [ 15.027333] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 15.027464] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead ~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination CLUSTERIP all -- anywhere proxy.charite.de CLUSTERIP hashmode=sourceip-sourceport clustermac=EF:EE:6B:F9:7B:67 total_nodes=4 local_node=2 hash_init=0 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: pacemaker 1.1.14-2ubuntu1.1 ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 Uname: Linux 4.4.0-38-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 17:26:01 2016 InstallationDate: Installed on 2014-08-19 (766 days ago) InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3) SourcePackage: pacemaker UpgradeStatus: Upgraded to xenial on 2016-09-22 (1 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pacemaker/+bug/1627083/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-ha Post to : ubuntu-ha@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
[Ubuntu-ha] [Bug 1627083] Re: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead
And yeah I have seen the kernel code reference calling it deprecated [1] for years [2]. But still that would be an upstream feature request. The same applies btw to the strongswan hw plugin [1]: https://github.com/torvalds/linux/blob/master/net/ipv4/netfilter/ipt_CLUSTERIP.c#L510 [2]: https://github.com/torvalds/linux/commit/43270b1bc5f1e33522dacf3d3b9175c29404c36c ** Also affects: strongswan (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu High Availability Team, which is subscribed to pacemaker in Ubuntu. https://bugs.launchpad.net/bugs/1627083 Title: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead Status in pacemaker package in Ubuntu: New Status in strongswan package in Ubuntu: New Bug description: pacemaker still uses iptable's "CLUSTERIP" -- and dmesg shows a deprecation warning: [ 15.027333] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 15.027464] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead ~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination CLUSTERIP all -- anywhere proxy.charite.de CLUSTERIP hashmode=sourceip-sourceport clustermac=EF:EE:6B:F9:7B:67 total_nodes=4 local_node=2 hash_init=0 ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: pacemaker 1.1.14-2ubuntu1.1 ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 Uname: Linux 4.4.0-38-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.1 Architecture: amd64 Date: Fri Sep 23 17:26:01 2016 InstallationDate: Installed on 2014-08-19 (766 days ago) InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3) SourcePackage: pacemaker UpgradeStatus: Upgraded to xenial on 2016-09-22 (1 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pacemaker/+bug/1627083/+subscriptions ___ Mailing list: https://launchpad.net/~ubuntu-ha Post to : ubuntu-ha@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-ha More help : https://help.launchpad.net/ListHelp
