[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Changed in: ubuntu-z-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
This bug was fixed in the package iptables - 1.8.5-3ubuntu2.20.10.1 --- iptables (1.8.5-3ubuntu2.20.10.1) groovy; urgency=medium * Fix regression when configuring basechain policy (LP: #1898547) - d/p/9003-iptables_nft_fix_basechain_policy_configuration.patch: Backport patch from upstream to fix basechain policy configuration when it wasn't explicitly set. -- Alex Murray Tue, 03 Nov 2020 11:57:59 +1030 ** Changed in: iptables (Ubuntu Groovy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
jdstrand sponsored this to groovy-proposed and autopkgtests have all passed - ~ubuntu-sru - could you please review? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Tags removed: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
This bug was fixed in the package iptables - 1.8.5-3ubuntu3 --- iptables (1.8.5-3ubuntu3) hirsute; urgency=medium * Fix regression when configuring basechain policy (LP: #1898547) - d/p/9003-iptables_nft_fix_basechain_policy_configuration.patch: Backport patch from upstream to fix basechain policy configuration when it wasn't explicitly set. -- Alex Murray Tue, 03 Nov 2020 11:57:59 +1030 ** Changed in: iptables (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
I've tested this (s390x, groovy) and im able to launch an instance with the specific version of iptables mentioned above -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
I have verified the fixed package, see attached terminal output. Steps taken: - check package version - verify nf_tables is used - check default chains have not been created yet - run test case - check if default chain has been created After that I upgraded the iptables packages on my neutron and compute hosts and rebooted them. Without any manual intervention the linuxbridge-agent was started and I could start a new instance which entered the "Running" state and had network connectivity. The linuxbridge-agent logs did not contain errors regarding iptables after the reboot. ** Attachment added: "bug1898547_verification" https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1898547/+attachment/5431817/+files/bug1898547_verification ** Tags removed: verification-needed-groovy ** Tags added: verification-done-groovy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
FYI the two autopkgtest failures for arm64 (sshuttle & firewalld) both appear to be transient failures so these are currently being retried... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Description changed: [Impact] With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start. The log file shows many errors like: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr: iptables-restore: line 29 failed This can be demonstrated with a simple test case: iptables-restore
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Also affects: ubuntu-z-systems Importance: Undecided Status: New ** Changed in: ubuntu-z-systems Status: New => Fix Committed ** Changed in: ubuntu-z-systems Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
Hello Albert, or anyone else affected, Accepted iptables into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/iptables/1.8.5-3ubuntu2.20.10.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-groovy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: iptables (Ubuntu Groovy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-groovy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Description changed: - Ubuntu Groovy (20.10) - kernel 5.8.0-20-generic - neutron-linuxbridge-agent: 2:17.0.0~git2020091014.215a541bd4-0ubuntu1 - iptables: 1.8.5-3ubuntu1 (nf_tables) - iptables-restore points to xtables-nft-multi + [Impact] - After upgrading iptables from 1.8.4 to 1.8.5 and rebooting the neutron network node, neutron-linuxbridge-agent didn't properly start anymore. + With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start. + The log file shows many errors like: 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr: iptables-restore: line 29 failed - Downgrading iptables to 1.8.4 solves the problem. - - Trying to do what the linuxbridge agent does: - 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent *filter - 2020-10-05 10:20:37.998 551 ERROR neutron.plugins.ml2.drivers.agent._common_agent :FORWARD - [0:0] - - shows that + This can be demonstrated with a simple test case: iptables-restore
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Changed in: iptables (Ubuntu Groovy) Status: Triaged => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
FYI, 1.8.5-3ubuntu3 was uploaded to hirsute-proposed yesterday. 1.8.5-3ubuntu2.20.10.1 is in the unapproved queue for groovy-proposed. Alex said he'd do the SRU paperwork. ** Changed in: iptables (Ubuntu Hirsute) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Changed in: iptables (Ubuntu Groovy) Assignee: (unassigned) => Alex Murray (alexmurray) ** Changed in: iptables (Ubuntu Hirsute) Assignee: (unassigned) => Alex Murray (alexmurray) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Changed in: iptables (Ubuntu Hirsute) Importance: Undecided => High ** Changed in: iptables (Ubuntu Groovy) Importance: Undecided => High ** Changed in: iptables (Ubuntu Groovy) Status: New => Triaged ** Changed in: iptables (Ubuntu Hirsute) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
Link to upstream commit - https://git.netfilter.org/iptables/commit/?id=0bd7a8eaf3582159490ab355b1217a4e42ed021f ** Also affects: iptables (Ubuntu Hirsute) Importance: Undecided Status: Confirmed ** Also affects: neutron (Ubuntu Hirsute) Importance: Undecided Status: Invalid ** Also affects: iptables (Ubuntu Groovy) Importance: Undecided Status: New ** Also affects: neutron (Ubuntu Groovy) Importance: Undecided Status: New ** Changed in: neutron (Ubuntu Groovy) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: iptables (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
I could reproduce the issue by building git v1.8.5 and the issue was fixed after cherry-picking "iptables-nft: fix basechain policy configuration" $ git log commit 8d985eb4eb7a23fd98b75d71179af40169144cc5 (HEAD -> bug1898547) Author: Pablo Neira Ayuso Date: Fri Oct 2 13:44:36 2020 +0200 iptables-nft: fix basechain policy configuration Previous to this patch, the basechain policy could not be properly configured if it wasn't explictly set when loading the ruleset, leading to iptables-nft-restore (and ip6tables-nft-restore) trying to send an invalid ruleset to the kernel. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso commit 14ac250946289e280fb09ef978a45042871275b0 (tag: v1.8.5) Author: Pablo Neira Ayuso Date: Wed Jun 3 11:37:52 2020 +0200 configure: bump version for 1.8.5 release Signed-off-by: Pablo Neira Ayuso ** Also affects: iptables (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iptables/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
This issue was fixed in iptables git master commit dac904bdcd9a18aabafee7275ccf0c2bd53800f3 I guess the actual fix may have been "iptables-nft: fix basechain policy configuration", commit 0bd7a8eaf3582159490ab355b1217a4e42ed021f -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1898547] Re: neutron-linuxbridge-agent fails to start with iptables 1.8.5
** Changed in: neutron (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1898547 Title: neutron-linuxbridge-agent fails to start with iptables 1.8.5 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1898547/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
