Bug#1031943: [pkg-netfilter-team] Bug#1031943: Should we do something?
I agree with Arturo, the proposed change should be harmless, but we were not able to reproduce the issue in any of the test performed so I was thinking to lower the severity and apply the patch but don't ask to be included in bookworm.
Bug#1031943: [pkg-netfilter-team] Bug#1031943: ebtables: symlink removal removal code in the postinst does not seem to be working
Hi Adrian and Jeremy, I was trying to reproduce the bug when I've read the reply from Jeremy, but like Jeremy I've not been able to reproduce it in sid (with or without merged usr). The change you propose is perfect (I agree it should be "-h" instead of "-e" for the test to check if the symlink exists), but it'd be good to have additional information to reproduce the bug and fix it properly. Can you please provide more information about the bug? Thanks! Alberto
Bug#1007829: [pkg-netfilter-team] Bug#1007829: arptables - Fails to install: Too many levels of symbolic links
Hi Thomas and thanks for resolving the bug. A few days ago I tried to upload a new version fixing the bug, but it was silently ignored. At the moment I'm very busy and I don't have time to debug the problem by uploading packages to the archive, so your help to solve the bug with a NMU is welcome :) Alberto
Bug#1007829: [pkg-netfilter-team] Bug#1007829: arptables - Fails to install: Too many levels of symbolic links
Thanks for reporting Bastian, I've reproduced the issue, but it seems not related to dpkg, arptables fails to install when iptables isn't installed. I must review and update arptables postinst script where alternatives are used. Alberto
Bug#984817: [pkg-netfilter-team] Bug#984817: Hardcoded program names in arptables-legacy-save and arptables-legacy-restore scripts
Hi Arkadiusz, Thanks for report this issue. The expected behaviour is to use the corresponding arptables-save and arptables-restore binaries to the arptables binary selected with the Debian alternatives system. This package provides arptables-legacy-* while arptables-nft-* are provided by the iptables package. Both arptables-legacy-save and arptables-legacy-restore are linked (defined as "slaves") to arptables when arptables-legacy is selected as alternative to provide arptables, so the symlink points to the corresponding arptables-* binary as expected. Perhaps it would be better to use arptables-legacy instead of full path to arptables in my $tool, but I didn't find them unusuble in the test I've made. Can you provide more info about the issue? Regards, Alberto
Bug#969207: Iptables/netbase dependency in backports makes ebtables uninstallable
On Sat, Aug 29, 2020 at 11:02:38AM +0100, r...@synca.io wrote: > Package: iptables > Version: 1.8.5-3~bpo10+1 > > Installing iptables (1.8.5-3~bpo10+1) pulls in netbase > 6. This version of > netbase has a dependency on ebtables that is not present in backports, and > this therefore makes ebtables uninstallable. > > This breaks some pretty important software (eg recent versions of > kubernetes) > Hi Ryan, You're right, a new ebtables release solving this issue will be uploaded to buster-backports based on ebtables 2.0.11-4 (testing) ASAP. Thanks for reporting Alberto
Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table
This bug has been fixed upstream and it will go in 1.8.5 release. Thanks for reporting. Alberto
Bug#876201: ITA: dnsproxy -- proxy for DNS queries
Package: wnpp Severity: normal I intend to adopt the dnsproxy package. The tentative repository for this package in salsa is: https://salsa.debian.org/alberto/pkg-dnsproxy
Bug#960683: ITA: dnsproxy -- proxy for DNS queries
Package: wnpp Severity: normal I intend to adopt the dnsproxy package. The tentative repository fot this package in salsa is: https://salsa.debian.org/alberto/pkg-dnsproxy
Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table
Control: forwarded -1 https://bugzilla.netfilter.org/show_bug.cgi?id=1407 Control: severity -1 normal Hi Christoph, I'm quoting a email from Jamie Strandboge, who is both the maintainer in Debian and the creator of ufw, and has kindly replied my question about this bug: [quote] ... These rules were not generated by ufw. The current released version of ufw does not do any management of the nat table. Furthermore, iptables-restore rules in /etc/ufw/*rules do not contain any '-F's. ... Now, the 'ufw-framework' man page documents how someone can adjust /etc/ufw/{before,after}{,6}.rules files to customize the firewall with iptables-restore directives for things that the ufw cli command does not expose and it is not uncommon for people to add things to other tables. The man page does *not* document use of -F in these files and instead has examples like: *nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.0.0.0/8 -o eth0 -j MASQUERADE COMMIT So I suspect what happened is the reporter used this mechanism to customize the firewall and accidentally added the second, errant -F. [/quote] In any case, the bug exists and it has been reported upstream. After some test, it seems that the problem is related to the flush of the rules after adding some of them (do you really want to do that?), because the next ruleset works well: *nat -F PREROUTING -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 -F POSTROUTING COMMIT And the same result will be obtained with: *nat -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 COMMIT Because the default iptables-restore behaviour is to flush (delete) all previous contents of the respective tables. I think you can workaround the bug rewriting your rules with special care in the inclusion of '-F' rules. I think it is correct that the error was initially reported with grave severity, but after this analysis I think it is appropriate to lower the severity to normal unless the segfault is discovered in a more general case. Regards, Alberto
Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table
On Thu, Feb 13, 2020 at 11:05:13AM +0100, Christoph Martin wrote: > > I choose the grave severity because the bug makes a reload of ufw fail > and then the firewall is off ! > Yes, I agree with you that it's a serious situation, but we have to determine if it's a general case of iptables (which it seems it's not) or if it's a problem with a specific ruleset. We need to determine if it's a grave severity in the iptables package in the stable branch. I'll contact with ufw maintainers to obtain more info. Thanks! Alberto
Bug#950535: [pkg-netfilter-team] Bug#950535: iptables-restore segfaults on nat table
Control: tag -1 moreinfo Hi Christoph, Is this ruleset a real one obtained from ufw? I ask because the next one doesn't result in segfault: *nat -F PREROUTING -F POSTROUTING -A PREROUTING -i eth0 -p tcp --dport 22 -j REDIRECT --to-ports 1194 COMMIT I don't understand the rule "-F PREROUTING" after a "-A ..." one. It seems that the segfault happens in this specific case (it's a bug of course, but not a bug with grave severity). After some tests I found this ruleset segfaults with iptables-nft-restore in several iptables releases (1.8.2-4, 1.8.3-2~bpo10+1 and 1.8.4-2) while iptables-legacy-restore executes as expected. Please, provide more info or a general ruleset to inform upstream and/or lower the severity. Thanks for reporting! Alberto
Bug#949518: [pkg-netfilter-team] Bug#949518: (no subject)
El mar., 11 feb. 2020 a las 14:03, Vasanth Srivatsa () escribió: > Is this bug fixed or still open? When can users expect a fix (approximate > time)? I have servers which are non-functional due to this bug. I just > updated them yesterday and they are blocking all incoming connections. > Hi Vasanth, This is not a debian specific bug, but an upstream one related to iptables 1.8.4 that affects the way ufw is using iptables-restore and Jamie Strandboge has opened a bug on netfilter as mentioned before (thanks Jamie!) In the meanwhile, the workaround is configure iptables to use iptables-legacy: update-alternatives --config iptables update-alternatives --config ip6tables Regards, Alberto
Bug#949172: iptables: -A INPUT -i lo -j ACCEPT opens all ports
Hi Anzulo, I can't reproduce the output you show using this basic rule. iptables -A INPUT -i lo -j ACCEPT iptables -L -nv Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/00.0.0.0/0 ... ip6tables -A INPUT -i lo -j ACCEPT ip6tables -L -nv Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all lo * ::/0 ::/0 ... Default source and destination addresses (not ports) are defined using both iptables and ip6tables instead you set a specific one in the rule and AFAIK this is the expected behaviour in iptables. Can you please provide more information or try to reproduce this issue in another machine? Regards, Alberto
Bug#949576: libiptc-dev: Breaks/Replaces missing between libiptc-dev and libip4tc-dev
On Wed, Jan 22, 2020 at 07:15:19PM +0100, Arturo Borrero Gonzalez wrote: > On 1/22/20 7:04 PM, Sven-Haegar Koch wrote: > > On Wed, 22 Jan 2020, Alberto Molina Coballes wrote: > > > >> A new commit which hopefully solves this bug has been uploaded [1], > >> but this bug is affecting only 1.8.4-1 and a new release will not be > >> uploaded inmediatly, but ASAP. > > > > Thanks for fixing it! > > > > This bug report was more for completeness - a second run of apt-get > > makes the packages install, as on retry the conflicting package got > > already upgraded, so the failed one is able to succeed. Also because it > > only affects unstable and does not break upgrading completely I did not > > give it a higher severity. > > Yes, because libiptc-dev includes a dependency upon libip4tc-dev > > That's true. > > I'm not sure a breaks+replaces is worth carrying over for a package version > that > was not even present in testing... > > @Alberto, I saw the commit. It is right, but perhaps it will pollute d/control > for no strong reason. We could revert if you want. Up to you! > Yes, this bug affects systems with libip4tc-dev 1.8.4-1, only unstable because testing it's still using 1.8.3-2. I don't know what's better, to revert or to remove Breaks/Replaces in the near future. Up to me? :) Alberto
Bug#949576: libiptc-dev: Breaks/Replaces missing between libiptc-dev and libip4tc-dev
Hi Haegar, A new commit which hopefully solves this bug has been uploaded [1], but this bug is affecting only 1.8.4-1 and a new release will not be uploaded inmediatly, but ASAP. Thanks for reporting! Alberto [1] https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/commit/d87a98ace73452f4c9f785f01ab7fe7156309e85
Bug#947176: [pkg-netfilter-team] Bug#947176: libiptc.pc non-functional
On Mon, Jan 13, 2020 at 10:56:58AM +0100, Arturo Borrero Gonzalez wrote: > On 1/11/20 12:04 PM, Michael Biebl wrote: > > Hi Arturo > > > > On Sun, 22 Dec 2019 15:06:02 +0100 Michael Biebl wrote: > >> > >> 1/ Have a single libiptc-dev package which contains all development files > >> 2/ Have a libip6tc-dev package which contains all development files > >> related to libip6tc, have a libip4tc-dev package which contains all > >> development files related to libip4tc and have libiptc-dev (convenience) > >> package which contains libiptc.pc and depends on both libip6tc-dev and > >> libip4tc-dev > >> > > > > Have you decided how you want to proceed from here? > > Would welcome your feedback. > > > > Option 2) is probably the way to go. > > I didn't have time to get to this yet. Perhaps @alberto have some spare > cycles? > Yes, I can handle this bug (hopefully next week) Alberto
Bug#946932: /usr/sbin/ebtables-nft-restore requires /etc/ethertypes
Hi, ebtables 2.0.11-3 has been uploaded to unstable including a Depends on netbase (>= 6.0). The same Depends on has been included in iptables [1] that closes this bug, but it's not yet released. Thanks Michael for reporting this bug and Marco for your willingness to solve it including /etc/ethertypes in netbase. Regards, Alberto [1] https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/commit/d7ad2173f0cd7d26d2ecf0b49d3708203973faf2
Bug#946932: /usr/sbin/ebtables-nft-restore requires /etc/ethertypes
On Thu, Dec 26, 2019 at 03:41:32PM +0100, Marco d'Itri wrote: > OK. One more thing: can I make the names lower case like in the other > numbers files or are they case sensitiv? > AFAIK they're not case sensitive, i.e. these two commands (one lowercase and the other uppercase) work as expected: # ebtables -A FORWARD -p arp -j ACCEPT # ebtables -A FORWARD -p IPv6 -j ACCEPT Listing the rules applied, there's no difference between the lowercase and the uppercase rule (both are listed in uppercase): # ebtables -L FORWARD Bridge table: filter Bridge chain: FORWARD, entries: 2, policy: ACCEPT -p ARP -j ACCEPT -p IPv6 -j ACCEPT But, those protocol names are obtained from ethertypes, if they're "lowercased" in /etc/ethertypes the output differs (now the rules are listed in lowercase): ... -p arp -j ACCEPT -p ipv6 -j ACCEPT So any tool reading from ebtables output can be broken. I think it's better not to put the names in lowercase. Thanks, Alberto
Bug#946932: /usr/sbin/ebtables-nft-restore requires /etc/ethertypes
Hi Marco, /etc/ethertypes is obtained directly from upstream (ebtables), no changes are made to its packaging in Debian and I suposse that the same file has not been modified for years, because ebtables is not under active development. It's fine to remove historical entries, especially including ethertype file in a package such as netbase. > Also, where do the names in the first column come from, since they are > not in the IANA registry? > I don't know, but they're used by ebtables to refer to ethertypes by name like it's shown in the original message of this bug. Regards, Alberto
Bug#946932: /usr/sbin/ebtables-nft-restore requires /etc/ethertypes
Hi, /etc/ethertypes has been removed from ebtables and 2.0.11-2 has been uploaded to unstable, please Marco include /etc/ethertypes in netbase with Replaces/Breaks ebtables (<< 2.0.11-2) and comment us when a new release is available in order to include Depends in both ebtables and iptables. Regards, Alberto
Bug#946932: /usr/sbin/ebtables-nft-restore requires /etc/ethertypes
On Wed, Dec 18, 2019 at 06:27:42PM +0100, Michael Biebl wrote: > > Alberto, Arturo, if you agree with moving /etc/ethertypes to netbase (I > assume this file is rather static and doesn't need constant updates), I > would propose the following: > > - ebtables drops the file in version X. You poke Marco once that is done. > - netbase gets an upload taking over the file with a Breaks/Replaces: > ebtables (<< X) in version Y > - Since netbase is only prio important and not an essential package, I > would make follow-up uploads for iptables and ebtables with an explicit > depends: netbase (>= Y). I think an Depends is justified given that > ebtables-restore does not handle it gracefully when the file is missing. > I agree, I think that it's a good solution and it can be done in a few days. What do you think Arturo? Regards, Alberto
Bug#946932: /usr/sbin/ebtables-nft-restore requires /etc/ethertypes
On Wed, Dec 18, 2019 at 12:17:48PM +0100, Arturo Borrero Gonzalez wrote: > > @Alberto, > > What do you think about this issue? Could you please handle it? > > regards. Hi, I think that Michael is right, /etc/ethertypes must be moved into another package, but the question is what's the right one? Create a package like ebtables-common? Request to include /etc/ethertypes in an package such as netbase? Regards, Alberto
Bug#929976: /usr/sbin/xtables-nft-multi: ebtables-nft-restore errors with -o option on chains which ebtables-legacy-restore accepts
Control: fixed 929976 1.8.4-1 The bug was fixed upstream [1] and included in the 1.8.4 release, so it's solved in debian since iptables 1.8.4-1 Thanks for reporting! Alberto [1] https://git.netfilter.org/iptables/commit/iptables/xtables-eb.c?id=e1ccd979e6849748578fad76475c688bdd16df0d
Bug#874375: ebtables: 32 bit binary cannot communicate with 64 bit kernel on arm platform
Hi Wang and Tomáš, When I adopted ebtables in 2018 and I was initially focused on putting the package in shape, but this bug has remained unattended for too many time. Now, installing i386 ebtables userspace tool on an amd64 kernel I can't reproduce this bug. I've tested both ebtables-legacy (provided by ebtables package) and ebtables-nft (provided by iptables package) on buster and sid, so I think that this bug has been solved at any moment since you reported on ebtables 2.0.10.4-3. ebtables versions tested: buster: ebtables:i386 2.0.10.4+snapshot20181205-3 i386 iptables 1.8.2-4 linux-image-4.19.0-6-amd64 4.19.67-2+deb10u2 sid: ebtables:i386 2.0.11-1 iptables 1.8.4-1 linux-image-5.3.0-3-amd64 5.3.15-1 In all the combinations tested the behaviour was the expected not the reported in your bug. Please, reply this message with any other information needed if the bug remains in other scenario. Regards, Alberto
Bug#927299: unblock: arptables/0.0.4+snapshot20181021-4
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package arptables A serious bug was opened on ebtables and arptables regarding an issue with usr merged systems. This patch solves this issue. The debdiff also includes a previous minor commit including salsa CI files, if you consider this must not be included, please let me know. unblock arptables/0.0.4+snapshot20181021-4 Thanks diff -Nru arptables-0.0.4+snapshot20181021/debian/arptables.prerm arptables-0.0.4+snapshot20181021/debian/arptables.prerm --- arptables-0.0.4+snapshot20181021/debian/arptables.prerm 2019-01-07 19:23:02.0 + +++ arptables-0.0.4+snapshot20181021/debian/arptables.prerm 2019-04-15 09:20:31.0 + @@ -7,12 +7,14 @@ fi if [ "$1" = "remove" ] ; then -LIST="arptables arptables-save arptables-restore" -for i in $LIST ; do - if [ -L "/sbin/$i" ] ; then - rm /sbin/$i - fi -done +if [ ! -L /sbin ] || [ "$(readlink /sbin)" != "usr/sbin" ]; then + LIST="arptables arptables-save arptables-restore" + for i in $LIST ; do + if [ -L "/sbin/$i" ] ; then + rm /sbin/$i + fi + done +fi fi #DEBHELPER# diff -Nru arptables-0.0.4+snapshot20181021/debian/changelog arptables-0.0.4+snapshot20181021/debian/changelog --- arptables-0.0.4+snapshot20181021/debian/changelog 2019-01-11 17:02:26.0 + +++ arptables-0.0.4+snapshot20181021/debian/changelog 2019-04-17 15:24:53.0 + @@ -1,3 +1,14 @@ +arptables (0.0.4+snapshot20181021-4) unstable; urgency=medium + + [ Arturo Borrero Gonzalez ] + * [88703e1] src:arptables: add salsa CI integration + + [ Alberto Molina Coballes ] + * [eb7a44d] d/arptables.prerm: Remove /sbin symlinks on not usr-merged systems +(Closes: #926728) + + -- Alberto Molina Coballes Wed, 17 Apr 2019 15:24:53 + + arptables (0.0.4+snapshot20181021-3) unstable; urgency=medium * [090bcbc] d/dirs: /sbin no longer required diff -Nru arptables-0.0.4+snapshot20181021/debian/gitlab-ci.yml arptables-0.0.4+snapshot20181021/debian/gitlab-ci.yml --- arptables-0.0.4+snapshot20181021/debian/gitlab-ci.yml 1970-01-01 00:00:00.0 + +++ arptables-0.0.4+snapshot20181021/debian/gitlab-ci.yml 2019-03-02 18:04:21.0 + @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + RELEASE: 'unstable'
Bug#927298: unblock: ebtables/2.0.10.4+snapshot20181205-3
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: unblock Please unblock package ebtables A serious bug was opened on ebtables and arptables regarding an issue with usr merged systems. This patch solves this issue. The debdiff also includes a previous minor commit including salsa CI files, if you consider this must not be included, please let me know. unblock ebtables/2.0.10.4+snapshot20181205-3 Thanks diff -Nru ebtables-2.0.10.4+snapshot20181205/debian/changelog ebtables-2.0.10.4+snapshot20181205/debian/changelog --- ebtables-2.0.10.4+snapshot20181205/debian/changelog 2019-02-02 19:31:28.0 + +++ ebtables-2.0.10.4+snapshot20181205/debian/changelog 2019-04-15 18:23:43.0 + @@ -1,3 +1,13 @@ +ebtables (2.0.10.4+snapshot20181205-3) unstable; urgency=medium + + [ Arturo Borrero Gonzalez ] + * [9b474c7] src:ebtables: add salsa CI integration + + [ Alberto Molina Coballes ] + * [5dbd22d] Remove /sbin symlinks on not usr-merged systems (Closes: #926728) + + -- Alberto Molina Coballes Mon, 15 Apr 2019 18:23:43 + + ebtables (2.0.10.4+snapshot20181205-2) unstable; urgency=medium [ Alberto Molina Coballes ] diff -Nru ebtables-2.0.10.4+snapshot20181205/debian/ebtables.prerm ebtables-2.0.10.4+snapshot20181205/debian/ebtables.prerm --- ebtables-2.0.10.4+snapshot20181205/debian/ebtables.prerm2019-01-27 20:33:36.0 + +++ ebtables-2.0.10.4+snapshot20181205/debian/ebtables.prerm2019-04-15 08:53:11.0 + @@ -7,12 +7,14 @@ fi if [ "$1" = "remove" ] ; then -LIST="ebtables ebtables-save ebtables-restore" -for i in $LIST ; do -if [ -L "/sbin/$i" ] ; then - rm /sbin/$i -fi -done +if [ ! -L /sbin ] || [ "$(readlink /sbin)" != "usr/sbin" ]; then + LIST="ebtables ebtables-save ebtables-restore" + for i in $LIST ; do +if [ -L "/sbin/$i" ] ; then + rm /sbin/$i +fi + done +fi fi #DEBHELPER# diff -Nru ebtables-2.0.10.4+snapshot20181205/debian/gitlab-ci.yml ebtables-2.0.10.4+snapshot20181205/debian/gitlab-ci.yml --- ebtables-2.0.10.4+snapshot20181205/debian/gitlab-ci.yml 1970-01-01 00:00:00.0 + +++ ebtables-2.0.10.4+snapshot20181205/debian/gitlab-ci.yml 2019-03-02 18:04:37.0 + @@ -0,0 +1,6 @@ +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml + +variables: + RELEASE: 'unstable'
Bug#919583: [pkg-netfilter-team] Bug#919583: ebtables: broken symlinks: /sbin/ebtables{, -restore, -save} -> /usr/sbin/ebtables{, -restore, -save}
El dom., 27 ene. 2019 a las 10:03, Laurent Bigonville () escribió: > > An other solution is to remove this version check and just remove > unconditionally these symlinks in /sbin as they are not created by any other > packages (including iptables) > Hi Laurent, I can also confirm this bug and you're right about the proposed solutions. The last one is the solution chosen [1] and a new ebtables package is going to be uploaded soon solving this and others pending bugs. Thanks, Alberto [1] https://salsa.debian.org/pkg-netfilter-team/pkg-ebtables/commit/25138b75764caed8ecb95996532c23292cb591d6
Bug#919013: RFS: arptables/0.0.4+snapshot20181021-3 - ARP table administration
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "arptables" * Package name: arptables Version : 0.0.4+snapshot20181021-3 Upstream Author : Bart De Schuymer * URL : http://www.netfilter.org * License : GPL-2 Section : net It builds those binary packages: arptables - ARP table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/arptables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/a/arptables/arptables_0.0.4+snapshot20181021-3.dsc More information about arptables can be obtained from https://www.example.com. Changes since the last upload: * [090bcbc] d/dirs: /sbin no longer required * [85e682e] d/patches: rename arptables-save and arptables-restore (Closes: #918900) * [a419984] d/arptables.manpages: rename arptables-* man pages * [b8fc52f] d/patch: Add CPPFLAGS Regards, Alberto Molina Coballes
Bug#918497: RFS: arptables/0.0.4+snapshot20181021-1 - ARP table administration
Thank you Adam and Arturo for reviewing the package and for your advices. A new packet has been uploaded to mentors [1] with this bug corrected (piuparts tests are OK) and #918715 marked to be closed in the corresponding commit. Is it necessary to open a new RFS bug? Thanks, Alberto [1] https://mentors.debian.net/debian/pool/main/a/arptables/arptables_0.0.4+snapshot20181021-2.dsc
Bug#848948: [pkg-netfilter-team] Bug#848948: ebtables FTCBFS: uses build architecture compiler
El dom., 6 ene. 2019 a las 22:18, Niels Thykier () escribió: > > I see you recently uploaded a version of ebtables. Could I convince you > to do another upload with this cross-building patch for buster (from > #848948)? > Hi Niels, Sure! This patch has not been previously applied because one of the first steps taken when this package was adopted was to symplify d/rules, so this patch can no longer be applied directly. I've no previous experience with cross-building, so any help is appreciated. Could you update the patch? > I am happy to sponsor it if you need that or simply do an NMU if it is > easier for you and you don't mind it. :) > Thanks! I don't mind at all if you do an NMU but I would prefer to do the change myself and learn a little bit about how to apply patches for cross-build. Thanks, Alberto
Bug#918497: RFS: arptables/0.0.4+snapshot20181021-1 - ARP table administration
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "arptables" * Package name: arptables Version : 0.0.4+snapshot20181021-1 Upstream Author : Bart De Schuymer * URL : http://www.netfilter.org * License : GPL-2 Section : net It builds those binary packages: arptables - ARP table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/arptables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/a/arptables/arptables_0.0.4+snapshot20181021-1.dsc More information about arptables can be obtained from https://www.example.com. * [2c7c7c6] New upstream version 0.0.4+snapshot20181021 * [c6b2324] d/patches: Adapt the default patch to the latest upstream version * [3076713] arptables: introduce /sbin compatibility symlinks * [4108b0d] arptables: introduce alternatives for /usr/sbin/arptables (Closes: #916106) * [f7b48be] d/control: bump std-version to 4.3.0 Regards, Alberto Molina Coballes
Bug#918046: RFS: ebtables/2.0.10.4+snapshot20181205-1 - Ethernet bridge frame table administration
Package: sponsorship-requests Severity: normal I am looking for a sponsor for my package "ebtables" * Package name: ebtables Version : 2.0.10.4+snapshot20181205-1 Upstream Author : Bart De Schuymer * URL : http://www.netfilter.org * License : GPL-2 Section : net It builds those binary packages: ebtables - Ethernet bridge frame table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ebtables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/e/ebtables/ebtables_2.0.10.4+snapshot20181205-1.dsc More information about ebtables can be obtained from https://www.example.com. Changes since the last upload: * [6222d5e] New upstream version 2.0.10.4+snapshot20181205 * [e8625b3] Adapt debian patches to the latest upstream version * [02842b0] ebtables: introduce /sbin compatibility symlinks * [1927aad] ebtables: introduce alternatives for /usr/sbin/ebtables (Closes: #912046) * [b649957] d/patches ebtables libraries in a specific directory Regards, Alberto Molina Coballes
Bug#898278: RFS: arptables/0.0.4-2 - ARP table administration
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "arptables" * Package name: arptables Version : 0.0.4-2 Upstream Author : Bart De Schuymer * URL : http://www.netfilter.org * License : GPL-2 Section : net It builds those binary packages: arptables - ARP table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/arptables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/a/arptables/arptables_0.0.4-2.dsc Changes since the last upload: * [1a26c32] d/patch: Add dpkg-buildflags * [5869fd6] d/patches: cleanup sysvinit script (Closes: #897976) Regards, Alberto Molina Coballes
Bug#898275: RFS: ebtables/2.0.10.4-5 - Ethernet bridge frame table administration
Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "ebtables" * Package name: ebtables Version : 2.0.10.4-5 Upstream Author : Bart De Schuymer * URL : http://www.netfilter.org * License : GPL-2 Section : net It builds those binary packages: ebtables - Ethernet bridge frame table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ebtables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/e/ebtables/ebtables_2.0.10.4-5.dsc More information about hello can be obtained from https://www.example.com. Changes since the last upload: * [3681e23] d/patches: Add dpkg-buildflags * [2663aba] d/patches: Modify makefile allowing parallel build (Closes: #897592) * [e30fe91] manpages: Add ebtables-save.8 and ebtables-restore.8 Regards, Alberto Molina Coballes
Bug#897976: arptables bash script installed in /
Hi Cesare, Thanks for report this bug! I've recently adopted this package and some important modifications have been made and it seems some mistakes also :) The bug reported is related to the init script, indeed it has been recently deleted in upstream [1], so that commit will be cherry picked and applied to debian package, closing this bug. Regards, Alberto [1] https://git.netfilter.org/arptables/commit/?id=988d6a4cd1b12718177bf3065f07faeabb208713
Bug#897592: ebtables: randomly FTBFS - makefile is not parallel safe
Thanks James, these kinds of errors are often difficult to deal with. Do you think that it should be enough disabling parallel build in dh? Tested on amd64 seems to work properly. Alberto
Bug#897038: RFS: ebtables/2.0.10.4-4 [ITA] - Ethernet bridge frame table administration
Package: sponsorship-requests Severity: normal Dear Maintainer, I'm intending to adopt ebtables and integrating it into the pkg-netfilter packaging team [0], Arturo Borrero González will sponsor it, but any comment will be appreciated. * Package name: ebtables Version : 2.0.10.4-4 Upstream Author : Bart De Schuymer * URL : http://www.netfilter.org * License : GPL-2 It builds those binary packages: ebtables - Ethernet bridge frame table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/ebtables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/e/ebtables/ebtables_2.0.10.4-4.dsc Changes since the last upload: [ Alberto Molina Coballes ] * [bf201c6] d/control: Updating maintainers and adding uploaders (Closes: #891769) * [0f4ede2] d/control: Updating Standards-Version to 4.1.3 * [3ce5061] d/control: Adding VCS-* headers * [481b022] d/control: Updating homepage * [16740e9] d/watch: Updating url * [6d94fde] d/control: Updating debhelper to 11 * [ea71db8] d/compat: Updating to 11 * [a80dc56] d/copyright: Updating according to DEP-5 [ Arturo Borrero Gonzalez ] * [1b1ac15] d/rules: use debhelper rather than cdbs * [dd20bc3] d/patches: add compilation_warning.patch [ Alberto Molina Coballes ] * [1aa6f5d] d/patches: set LIBDIR to /lib/ebtables * [01096e7] d/control: delete dh-systemd (>= 1.5) as build-dependence * [9232eca] d/patches: add -g to produce debugging information Regards, Alberto Molina Coballes
Bug#894839: RFS: arptables/0.0.4-1 [ITA]
Package: sponsorship-requests Severity: normal Dear mentors, I'm adopting arptables and integrating it into the pkg-netfilter packaging team [0], Arturo Borrero González (pkg-netfilter member) intends to sponsor it, but this is my first package uploaded to mentors so any comment will be appreciated. * Package name: arptables Version : 0.0.4-1 Upstream Author : Alberto Molina Coballes * URL : http://www.netfilter.org * License : GPL-2 Section : net It builds those binary packages: arptables - ARP table administration To access further information about this package, please visit the following URL: https://mentors.debian.net/package/arptables Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/a/arptables/arptables_0.0.4-1.dsc Changes since the last upload: [ Alberto Molina Coballes ] * [9e86b20] New upstream version 0.0.4 [ Arturo Borrero Gonzalez ] * [8d554a1] d/patches: replace 01_Makefile.diff with 0001-debian-defaults.patch * [5f8d185] d/patches: drop 02_manpage.diff * [3b3324a] d/patches: drop 03_type.diff * [b2d0146] d/patches: drop 04_arptables-save.diff [ Alberto Molina Coballes ] * [bbe8faf] Modifying debian/copyright according to DEP-5 * [fec4507] Updating debian/compat to 11 * [88f65fd] Updating maintainers and adding uploaders (Closes: #891758) * [1a66102] Adding VCS-* headers * [e87d9dd] Updating Homepage header * [84776dc] Updating to debhelper 11 * [b210e11] Updating Standards-Version to 4.1.3 * [d8b2837] d/patches: refresh 0001_debian-defaults.patch * [6623413] d/watch: updating upstream url Regards, Alberto Molina Coballes [0] https://wiki.debian.org/Teams/pkg-netfilter
Bug#891758: ITA: arptables -- ARP table administration
I'm adopting arptables. I have spoken to Arturo Borrero González , arptables will be integrated into the pkg-netfilter packaging team [0] and he's going to sponsor it. Regards, Alberto [0] https://wiki.debian.org/Teams/pkg-netfilter
Bug#858565: [PKG-Openstack-devel] Bug#858565: neutron-l3-agent: IPv6 Stateless Address Auto Configuration (SLAAC) mode fails when radvd is not installed on the host
2017-03-24 1:26 GMT+01:00 Thomas Goirand : > > Hi, > > Unfortunately, not everyone wants to use IPv6. For those who don't, > imposing radvd as a hard dependency is a bad idea. IMO, it's best to let > every user choose what it wants to do to match its use case, and > manually install radvd. > > Hi Thomas, There's no reference about the need to install radvd to configure neutron with IPv6 support in the documentation and IMO is confusing when a configuration option fails because a necessary package is not installed. radvd is a small package with no additional dependencies, so I don't think is bad idea to include it as a dependency. > We could add radvd as Suggests: though, but that is too late to ask for > a migration exception, so this change wont be in Stretch. > > Yes, I agree with you, it's too late for Stretch but maybe it could be included in the next release. Regards, Alberto
Bug#858565: neutron-l3-agent: IPv6 Stateless Address Auto Configuration (SLAAC) mode fails when radvd is not installed on the host
Package: neutron-l3-agent Version: 2:9.1.1-1 Severity: normal Dear Maintainer, When a IPv6 subnet is created in SLAAC mode, neutron-l3-agent fails if radvd is not installed: 2017-03-23 16:50:19.157 8667 ERROR neutron.agent.linux.utils [-] Exit code: 99; Stdin: ; Stdout: ; Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-23e0d727-e5ef-41a7-aa6c-6d1229968185 radvd -C /var/lib/neutron/ra/23e0d727-e5ef-41a7-aa6c-6d1229968185.radvd.conf -p /var/lib/neutron/external/pids/23e0d727-e5ef-41a7-aa6c-6d1229968185.pid.radvd -m syslog (no filter matched) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info [-] Exit code: 99; Stdin: ; Stdout: ; Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-23e0d727-e5ef-41a7-aa6c-6d1229968185 radvd -C /var/lib/neutron/ra/23e0d727-e5ef-41a7-aa6c-6d1229968185.radvd.conf -p /var/lib/neutron/external/pids/23e0d727-e5ef-41a7-aa6c-6d1229968185.pid.radvd -m syslog (no filter matched) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info Traceback (most recent call last): 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/common/utils.py", line 239, in call 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info return func(*args, **kwargs) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 1060, in process 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info self._process_internal_ports(agent.pd) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 556, in _process_internal_ports 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info self.enable_radvd(internal_ports) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/l3/router_info.py", line 470, in enable_radvd 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info self.radvd.enable(internal_ports) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ra.py", line 180, in enable 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info self._spawn_radvd(radvd_conf) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ra.py", line 168, in _spawn_radvd 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info pm.enable(reload_cfg=True) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/external_process.py", line 94, in enable 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info run_as_root=self.run_as_root) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 907, in execute 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info log_fail_as_error=log_fail_as_error, **kwargs) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 144, in execute 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info raise ProcessExecutionError(msg, returncode=returncode) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info ProcessExecutionError: Exit code: 99; Stdin: ; Stdout: ; Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-23e0d727-e5ef-41a7-aa6c-6d1229968185 radvd -C /var/lib/neutron/ra/23e0d727-e5ef-41a7-aa6c-6d1229968185.radvd.conf -p /var/lib/neutron/external/pids/23e0d727-e5ef-41a7-aa6c-6d1229968185.pid.radvd -m syslog (no filter matched) 2017-03-23 16:50:19.158 8667 ERROR neutron.agent.l3.router_info 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent [-] Failed to process compatible router: 23e0d727-e5ef-41a7-aa6c-6d1229968185 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent Traceback (most recent call last): 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent File "/usr/lib/python2.7/dist-packages/neutron/agent/l3/agent.py", line 508, in _process_router_update 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent self._process_router_if_compatible(router) 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent File "/usr/lib/python2.7/dist-packages/neutron/agent/l3/agent.py", line 443, in _process_router_if_compatible 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent self._process_added_router(router) 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent File "/usr/lib/python2.7/dist-packages/neutron/agent/l3/agent.py", line 451, in _process_added_router 2017-03-23 16:50:19.160 8667 ERROR neutron.agent.l3.agent r
Bug#809575: [PKG-Openstack-devel] Bug#809575: horizon: FTBFS: ImportError: cannot import name importlib
django.utils.importlib has been removed in django 1.9 [1] and this is indeed the django release available in both stretch or sid: python-django: Installed: 1.9-2 Candidate: 1.9-2 Version table: *** 1.9-2 500 500 http://http.debian.net/debian sid/main amd64 Packages 100 /var/lib/dpkg/status 1.9-1 500 500 http://http.debian.net/debian stretch/main amd64 Packages Whereas OpenStack Horizon still depends on Django < 1.9 [2] Alberto [1] https://docs.djangoproject.com/en/1.9/internals/deprecation/#deprecation-removed-in-1-9 [2] https://github.com/openstack/horizon/blob/master/requirements.txt
Bug#801579: nova-compute: Consider include rsync as a depency
Package: nova-compute Version: 2014.1.3-11 Severity: normal Dear Maintainer, When compute nodes are not using shared storage in OpenStack Icehouse, nova resize fails with the message "OSError: [Errno 2] No such file or directory": Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 133, in _dispatch_and_reply incoming.message)) File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 176, in _dispatch return self._do_dispatch(endpoint, method, ctxt, args) File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 122, in _do_dispatch result = getattr(endpoint, method)(ctxt, **new_args) File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 88, in wrapped payload) File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 71, in wrapped return f(self, context, *args, **kw) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 274, in decorated_function pass File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 260, in decorated_function return function(self, context, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 327, in decorated_function function(self, context, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 248, in decorated_function migration.instance_uuid, exc_info=True) File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 235, in decorated_function return function(self, context, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 303, in decorated_function e, sys.exc_info()) File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 290, in decorated_function return function(self, context, *args, **kwargs) File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 3472, in resize_instance block_device_info) File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 5062, in migrate_disk_and_power_off shared_storage) File "/usr/lib/python2.7/dist-packages/nova/openstack/common/excutils.py", line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/driver.py", line 5053, in migrate_disk_and_power_off libvirt_utils.copy_image(tmp_path, img_path, host=dest) File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/utils.py", line 468, in copy_image execute(\'rsync\', \'--sparse\', \'--compress\', \'--dry-run\', src, dest) File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/utils.py", line 53, in execute return utils.execute(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/nova/utils.py", line 165, in execute return processutils.execute(*cmd, **kwargs) File "/usr/lib/python2.7/dist-packages/nova/openstack/common/processutils.py", line 170, in execute shell=shell) File "/usr/lib/python2.7/dist-packages/eventlet/green/subprocess.py", line 44, in __init__ subprocess_orig.Popen.__init__(self, args, 0, *argss, **kwds) File "/usr/lib/python2.7/subprocess.py", line 710, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1335, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory This issue is solved installing rsync in compute nodes, so please consider include this package as a dependency of nova-compute (or another package if appropiate) Regards -- System Information: Debian Release: 8.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/24 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nova-compute depends on: ii adduser 3.113+nmu3 ii curl7.38.0-4+deb8u2 ii dpkg1.17.25 ii ebtables2.0.10.4-3 ii gawk1:4.1.1+dfsg-1 ii init-system-helpers 1.22 ii iptables1.4.21-2+b1 ii kpartx 0.5.0-6+deb8u1 ii lsb-base4.1+Debian13+nmu1 ii nova-common
Bug#774816: [PKG-Openstack-devel] Bug#774816: (no subject)
Does this mean that special characters are not allowed in RabbitMQ passwords? This sounds really strange to me and it doesn't correspond with my experience because I'm using them since OpenStack Essex without problems. Whatever the case, the bug was reported because openstack-pkg-tools is modifying in a weird way the value of rabbit_password when the password contains a '&' Regards Alberto
Bug#775133: neutron-l3-agent: conntrack package needed
Package: neutron-l3-agent Version: 2014.1.3-8 Severity: normal Dear Maintainer, After the last upgrade, nova-l3-agent shows these log messages when a floating IP is disassociated: ERROR neutron.agent.linux.interface [-] Failed deleting ingress connection state of floatingip 172.22.201.29 TRACE neutron.agent.linux.interface Traceback (most recent call last): TRACE neutron.agent.linux.interface File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/interface.py", line 129, in delete_conntrack_state TRACE neutron.agent.linux.interface extra_ok_codes=[1]) TRACE neutron.agent.linux.interface File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 468, in execute TRACE neutron.agent.linux.interface check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes) TRACE neutron.agent.linux.interface File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 82, in execute TRACE neutron.agent.linux.interface raise RuntimeError(m) TRACE neutron.agent.linux.interface RuntimeError: TRACE neutron.agent.linux.interface Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-d7b30831-18ca-420b-ace0-8575fb5af5f0', 'conntrack', '-D', '-d', '172.22.201.29'] TRACE neutron.agent.linux.interface Exit code: 96 TRACE neutron.agent.linux.interface Stdout: '' TRACE neutron.agent.linux.interface Stderr: '/usr/bin/neutron-rootwrap: Executable not found: conntrack (filter match = conntrack)\n' TRACE neutron.agent.linux.interface ERROR neutron.agent.linux.interface [-] Failed deleting egress connection state of floatingip 172.22.201.29 TRACE neutron.agent.linux.interface Traceback (most recent call last): TRACE neutron.agent.linux.interface File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/interface.py", line 139, in delete_conntrack_state TRACE neutron.agent.linux.interface extra_ok_codes=[1]) TRACE neutron.agent.linux.interface File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 468, in execute TRACE neutron.agent.linux.interface check_exit_code=check_exit_code, extra_ok_codes=extra_ok_codes) TRACE neutron.agent.linux.interface File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 82, in execute TRACE neutron.agent.linux.interface raise RuntimeError(m) TRACE neutron.agent.linux.interface RuntimeError: TRACE neutron.agent.linux.interface Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-d7b30831-18ca-420b-ace0-8575fb5af5f0', 'conntrack', '-D', '-q', '172.22.201.29'] TRACE neutron.agent.linux.interface Exit code: 96 TRACE neutron.agent.linux.interface Stdout: '' TRACE neutron.agent.linux.interface Stderr: '/usr/bin/neutron-rootwrap: Executable not found: conntrack (filter match = conntrack)\n' The bug seems to be related to this commit [1]. If conntrack package is installed error messages no longer appear and floating IPs can be disassociated properly. Please, consider to add a dependency on conntrack to neutron-l3-agent. Thanks Alberto [1] https://review.openstack.org/#/c/132052/ -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/6 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages neutron-l3-agent depends on: ii adduser 3.113+nmu3 ii debconf 1.5.55 ii dpkg 1.17.23 ii init-system-helpers 1.22 ii iputils-arping 3:20121221-5+b2 ii neutron-common 2014.1.3-8 ii sudo 1.8.10p3-1 Versions of packages neutron-l3-agent recommends: ii openvswitch-switch 2.3.0+git20140819-3 neutron-l3-agent suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#774816: nova-common: inappropriate rabbit_password modification during upgrade
Package: nova-common Version: 2014.1.3-7.1 Severity: important Dear Maintainer, After a non-interactive upgrade with the commands: export DEBIAN_FRONTEND=noninteractive yes '' | apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade rabbitmq server becomes unreachable. During upgrade /etc/nova/nova.conf has been altered, specifically the line rabbit_password Initially this line was: rabbit_password = "&" After upgrade, the line changes to: rabbit_password = "rabbit_password = "&"" Note: The password has an ampersand, and maybe this is the reason of this strange behaviour. rabbit_password can be defined with or without quotation marks, in both cases the same change occurs. The same alteration has been observed at least in neutron, cinder and glance packages Thanks Alberto -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/24 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages nova-common depends on: ii adduser3.113+nmu3 ii dbconfig-common1.8.47+nmu3 ii debconf [debconf-2.0] 1.5.55 ii dpkg 1.17.22 ii iproute2 3.16.0-2 ii python-amqplib 1.0.2-1 ii python-configobj 5.0.6-1 ii python-iso8601 0.1.10-1 ii python-nova2014.1.3-7.1 pn python:any ii sqlite33.8.7.1-1 nova-common recommends no packages. Versions of packages nova-common suggests: ii python-mysqldb 1.2.3-2.1 -- Configuration Files: /etc/nova/policy.json [Errno 13] Permiso denegado: u'/etc/nova/policy.json' /etc/nova/rootwrap.conf [Errno 13] Permiso denegado: u'/etc/nova/rootwrap.conf' /etc/sudoers.d/nova-common [Errno 13] Permiso denegado: u'/etc/sudoers.d/nova-common' -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#769223: python-cinder: delete volume failed due to unicode problems
Package: python-cinder Version: 2014.1.3-5 Severity: normal Dear Maintainer, An issue was found trying to delete a volume and it remains in "Error Deleting" state. The relevant part of cinder-volume log file is: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 133, in _dispatch_and_reply incoming.message)) File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 176, in _dispatch return self._do_dispatch(endpoint, method, ctxt, args) File "/usr/lib/python2.7/dist-packages/oslo/messaging/rpc/dispatcher.py", line 122, in _do_dispatch result = getattr(endpoint, method)(ctxt, **new_args) File "/usr/lib/python2.7/dist-packages/cinder/volume/manager.py", line 144, in lvo_inner1 return lvo_inner2(inst, context, volume_id, **kwargs) File "/usr/lib/python2.7/dist-packages/cinder/openstack/common/lockutils.py", line 233, in inner retval = f(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/cinder/volume/manager.py", line 143, in lvo_inner2 return f(*_args, **_kwargs) File "/usr/lib/python2.7/dist-packages/cinder/volume/manager.py", line 416, in delete_volume {'status': 'error_deleting'}) File "/usr/lib/python2.7/dist-packages/cinder/openstack/common/excutils.py", line 68, in __exit__ six.reraise(self.type_, self.value, self.tb) File "/usr/lib/python2.7/dist-packages/cinder/volume/manager.py", line 405, in delete_volume self.driver.delete_volume(volume_ref) File "/usr/lib/python2.7/dist-packages/cinder/volume/drivers/lvm.py", line 233, in delete_volume self._delete_volume(volume) File "/usr/lib/python2.7/dist-packages/cinder/volume/drivers/lvm.py", line 128, in _delete_volume self._clear_volume(volume, is_snapshot) File "/usr/lib/python2.7/dist-packages/cinder/volume/drivers/lvm.py", line 171, in _clear_volume volume_clear_size=self.configuration.volume_clear_size) File "/usr/lib/python2.7/dist-packages/cinder/volume/utils.py", line 182, in clear_volume ionice=volume_clear_ionice) File "/usr/lib/python2.7/dist-packages/cinder/volume/utils.py", line 138, in copy_volume *extra_flags, run_as_root=True) File "/usr/lib/python2.7/dist-packages/cinder/utils.py", line 136, in execute return processutils.execute(*cmd, **kwargs) File "/usr/lib/python2.7/dist-packages/cinder/openstack/common/processutils.py", line 175, in execute sanitized_stderr = strutils.mask_password(stderr) File "/usr/lib/python2.7/dist-packages/cinder/openstack/common/strutils.py", line 300, in mask_password message = six.text_type(message) UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 27: ordinal not in range(128) Same bug was reported to upstream and a patch proposed: https://bugs.launchpad.net/cinder/+bug/1368527 After apply this patch volumes can be correctly deleted and error message no longer appears. Please consider apply this patch. Regards Alberto -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-cinder depends on: ii dpkg 1.17.21 ii python 2.7.8-2 ii python-amqplib 1.0.2-1 ii python-anyjson 0.3.3-1 ii python-babel 1.3+dfsg.1-4 ii python-daemon 1.5.5-1 ii python-eventlet0.13.0-1 ii python-glanceclient1:0.12.0-1 ii python-greenlet0.4.2-1+b2 ii python-iso8601 0.1.10-1 ii python-keystoneclient 1:0.10.1-2 ii python-kombu 3.0.21-2 ii python-lockfile1:0.8-2 ii python-lxml3.4.0-1 ii python-migrate 0.9.1-1 ii python-mysqldb 1.2.3-2.1 ii python-netaddr 0.7.12-2 ii python-novaclient 2:2.18.1-1 ii python-oslo.config 1:1.3.0-2 ii python-oslo.messaging 1.4.0.0+really+1.3.1-1 ii python-oslo.rootwrap 1.2.0-3 ii python-paramiko1.15.1-1 ii python-passlib 1.6.1-1 ii python-paste 1.7.5.1-6 ii python-pastedeploy 1.5.2-1 ii python-pbr 0.8.2-1 ii python-requests2.4.3-2 ii python-routes 2.0-1 ii python-rtslib-fb 2.1.45-4 ii python-six 1.8.0-1 ii python-sqlalchemy 0.9.8-1 ii python-stevedore 0.14.1-1 ii python-suds0.4.1-15 ii python-swiftclient 1:2.3.1-1 ii python-taskflow0.3.21-1 ii python-webob 1.4-2 python-cinder recommends no packages. python-cinder suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#751714: neutron-plugin-openvswitch-agent: neutron openvswitch agent fails to start (it fails to create OVS patch port)
Package: neutron-plugin-openvswitch-agent Version: 2014.1.1-1 Severity: important Dear Maintainer, After installing OpenStack Icehouse on a fresh and updated jessie box, OVS agent fails to start with the log message (/var/log/neutron/ovs-agent.log): 2014-06-15 19:10:16.742 27348 ERROR neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-6e17ad07-05ee-4d4a-bb41-27ad5aafdbdd None] Failed to create OVS patch port. Cannot have tunneling enabled on this agent, since this version of OVS does not support tunnels or patch ports. Agent terminated! All the configuration was done following the step by step procedure of OpenStack Official Documentation (using gre tunnels) openvswitch and gre modules are properly loaded: lsmod |grep openvswitch openvswitch63887 0 gre12777 1 openvswitch vxlan 35023 1 openvswitch libcrc32c 12426 2 xfs,openvswitch AFAIK either openvswith-dapatath-source or openvswith-datapath-dkms aren't needed with kernels >= 3.11, so in-tree version of kernel openvswitch module can be used. Thanks and regards Alberto -- System Information: Debian Release: jessie/sid APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages neutron-plugin-openvswitch-agent depends on: ii dpkg1.17.10 ii neutron-common 2014.1.1-1 ii openvswitch-switch 1.9.3+git20131029-1.1 ii sudo1.8.9p5-1 Versions of packages neutron-plugin-openvswitch-agent recommends: ii openvswitch-datapath-dkms 1.9.3+git20131029-1.1 neutron-plugin-openvswitch-agent suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#703242: Same issue found in 2012.1.1-14 on wheezy
Hi, We are facing the same issue since upgrade to 2012.1.1-14 on wheezy: root@jupiter:/var/log/nova# apt-cache policy nova-console nova-console: Instalados: 2012.1.1-14 Candidato: 2012.1.1-14 Tabla de versión: *** 2012.1.1-14 0 500 http://papion/debian/ wheezy/main amd64 Packages 100 /var/lib/dpkg/status nova-consoleauth.log extract: 2013-03-21 16:59:49 ERROR nova.rpc.amqp [req-bc6ec779-4c8d-43cc-a320-d7798eb380b3 None None] Exception during message handling 2013-03-21 16:59:49 TRACE nova.rpc.amqp Traceback (most recent call last): 2013-03-21 16:59:49 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py", line 253, in _process_data 2013-03-21 16:59:49 TRACE nova.rpc.amqp rval = node_func(context=ctxt, **node_args) 2013-03-21 16:59:49 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/consoleauth/manager.py", line 102, in check_token 2013-03-21 16:59:49 TRACE nova.rpc.amqp if token_valid and self._validate_console(token): 2013-03-21 16:59:49 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/consoleauth/manager.py", line 91, in _validate_console 2013-03-21 16:59:49 TRACE nova.rpc.amqp console_valid = self.compute_api.validate_vnc_console(context, 2013-03-21 16:59:49 TRACE nova.rpc.amqp NameError: global name 'context' is not defined 2013-03-21 16:59:49 TRACE nova.rpc.amqp 2013-03-21 16:59:49 ERROR nova.rpc.amqp [req-bc6ec779-4c8d-43cc-a320-d7798eb380b3 None None] Returning exception global name 'context' is not defined to caller 2013-03-21 16:59:49 ERROR nova.rpc.amqp [req-bc6ec779-4c8d-43cc-a320-d7798eb380b3 None None] ['Traceback (most recent call last):\n', ' File "/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py", line 253, in _process_data\nrval = node_func(context=ctxt, **node_args)\n', ' File "/usr/lib/python2.7/dist-packages/nova/consoleauth/manager.py", line 102, in check_token\nif token_valid and self._validate_console(token):\n', ' File "/usr/lib/python2.7/dist-packages/nova/consoleauth/manager.py", line 91, in _validate_console\nconsole_valid = self.compute_api.validate_vnc_console(context,\n', "NameError: global name 'context' is not defined\n"] Sorry not have written before but we use vnc console from time to time, we usually use ssh Regards Alberto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#695791: Patch
Please apply this patch: --- compute.py.orig 2012-12-13 11:04:31.399052893 +0100 +++ compute.py 2012-12-13 11:04:23.627269612 +0100 @@ -113,7 +113,7 @@ filters.CommandFilter("/bin/dd", "root"), # nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ... -filters.CommandFilter("/sbin/iscsiadm", "root"), +filters.CommandFilter("/usr/bin/iscsiadm", "root"), # nova/virt/xenapi/vm_utils.py: "parted", "--script", ... # nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#695791: nova-compute: wrong path to iscsiadm in a rootwrap filter
Package: nova-compute Version: 2012.1.1-10 Severity: important Dear Maintainer, Current path to iscsiadm in /usr/share/pyshared/nova/rootwrap/compute.py is wrong at line 116: filters.CommandFilter("/sbin/iscsiadm", "root"), While correct path must be filters.CommandFilter("/usr/bin/iscsiadm", "root"), This error causes a compute node is not able to attach a volume, because nova-rootwrap don't find iscsiadm as you can see at /var/log/nova/nova-compute.log: 2012-12-10 12:12:15 TRACE nova.compute.manager [instance: 1e725bbc-ed94-45a0-a275-0817f4af8ab2] Command: sudo nova-rootwrap iscsiadm -m node -T iqn.2010-10.org.openstack:volume-0022 -p 192.168.222.1:3260 2012-12-10 12:12:15 TRACE nova.compute.manager [instance: 1e725bbc-ed94-45a0-a275-0817f4af8ab2] Exit code: 1 2012-12-10 12:12:15 TRACE nova.compute.manager [instance: 1e725bbc-ed94-45a0-a275-0817f4af8ab2] Stdout: '' 2012-12-10 12:12:15 TRACE nova.compute.manager [instance: 1e725bbc-ed94-45a0-a275-0817f4af8ab2] Stderr: 'Traceback (most recent call last):\n File "/usr/bin/nova-rootwrap", line 69, in \n env=filtermatch.get_environment(userargs))\n File "/usr/lib/python2.7/subprocess.py", line 679, in __init__\nerrread, errwrite)\n File "/usr/lib/python2.7/subprocess.py", line 1249, in _execute_child\nraise child_exception\nOSError: [Errno 2] No such file or directory\n' -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/24 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nova-compute depends on: ii adduser 3.113+nmu3 ii curl7.26.0-1 ii ebtables2.0.10.4-1 ii gawk1:4.0.1+dfsg-2 ii iptables1.4.14-3 ii kpartx 0.4.9+git0.4dfdaf2b-6 ii lsb-base4.1+Debian8 ii nova-common 2012.1.1-10 ii nova-compute-kvm [nova-compute-hypervisor] 2012.1.1-10 ii open-iscsi 2.0.873-3 ii parted 2.3-11 ii python 2.7.3~rc2-1 ii qemu-utils 1.1.2+dfsg-2 ii vlan1.9-3 nova-compute recommends no packages. nova-compute suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#689181: Related to https://bugs.launchpad.net/keystone/+bug/997700
Related to https://bugs.launchpad.net/keystone/+bug/997700 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#689181: python-keystone: LDAP attributes modifications ignored
Package: python-keystone Version: 2012.1.1-6 Severity: normal Dear Maintainer, In a keystone configuration with a LDAP backend, it is possible to change default attributes types for users, tenants or roles at /etc/keystone/keystone.conf, but at this moment it doesn't have any effect because default are used, e.g. changing user_name and user_id to uid at /etc/keystone/keystone.conf: user_name_attribute = uid user_id_attribute = uid With debug mode enabled, it is possible to see at keystone logs that sn attribute (default one) is still used: DEBUG [keystone.common.ldap.core] LDAP search: dn=ou=People,dc=\ example,com, scope=1, query=(&(sn=username)(objectClass=inetOrgPerson)) -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/6 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages python-keystone depends on: ii python 2.7.3~rc2-1 ii python-dateutil 1.5+dfsg-0.1 ii python-eventlet 0.9.16-2 ii python-greenlet 0.3.1-2 ii python-httplib2 0.7.4-2 ii python-lxml 2.3.2-1 ii python-migrate 0.7.2-3 ii python-nova 2012.1.1-10 ii python-pam 0.4.2-13 ii python-passlib 1.5.3-2 ii python-paste1.7.5.1-4.1 ii python-pastedeploy 1.5.0-3 ii python-pastescript 1.7.5-2 ii python-routes 1.13-2 ii python-sqlalchemy 0.7.8-1 ii python-sqlite 1.0.1-9 ii python-webob1.1.1-1 Versions of packages python-keystone recommends: ii python-ldap 2.4.10-1 ii python-memcache 1.48-1 python-keystone suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org