** Also affects: ubuntu-z-systems
Importance: Undecided
Status: New
** Changed in: ubuntu-z-systems
Status: New => Fix Committed
** Changed in: ubuntu-z-systems
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to iptables in Ubuntu.
https://bugs.launchpad.net/bugs/1898547
Title:
neutron-linuxbridge-agent fails to start with iptables 1.8.5
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in iptables package in Ubuntu:
Fix Committed
Status in neutron package in Ubuntu:
Invalid
Status in iptables source package in Groovy:
Fix Committed
Status in neutron source package in Groovy:
Invalid
Status in iptables source package in Hirsute:
Fix Committed
Status in neutron source package in Hirsute:
Invalid
Bug description:
[Impact]
With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start.
The log file shows many errors like:
2020-10-05 10:20:37.998 551 ERROR
neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr:
iptables-restore: line 29 failed
This can be demonstrated with a simple test case:
iptables-restore <<EOF
*filter
:INPUT - [0:0]
COMMIT
EOF
This fails with iptables 1.8.5 and is a known upstream bug that was
subsequently fixed in upstream commit
https://git.netfilter.org/iptables/commit/?id=0bd7a8eaf3582159490ab355b1217a4e42ed021f
As such, neutron-linuxbridge-agent is not able to be used successfully
on groovy. This fix to iptables is required to allow neutron-
linuxbridge-agent to successfully run.
In hirsute, iptables 1.8.5-3ubuntu3 has been uploaded which fixes this
bug by backporting the upstream fix from commit
0bd7a8eaf3582159490ab355b1217a4e42ed021f above. This is currently
sitting in hirsute-proposed waiting for autopkgtests to complete to
finish migration.
For groovy, iptables 1.8.5-3ubuntu2.20.10.1 is sitting in Unapproved
and is the subject of this SRU (this is simply 1.8.5-3ubuntu3 packaged
for groovy)
[Test Case]
This can be reproduced by the test case.
[Regression Potential]
* This is a low risk update since it only affects the behaviour when
a policy of '-' is specified and so does not affect any users of
iptables that specify an explicit policy (like ACCEPT, REJECT etc).
Since this '-' behaviour is currently broken it has a very low chance
of causing a regression as it does not affect any code paths the use
an explicit policy.
* In the event of a regression, iptables can be reverted back to a
rebuild of 1.8.5-3ubuntu1 by simply backing out this patch.
[Other Info]
* Details regarding an explicit test verification of
neutron-linuxbridge-agent will be added soon.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
