[Bug 1290825] Re: Upgrade using do-release-upgrade takes a long time to start because 'iptables -L' runs with DNS lookups enabled

Launchpad Bug Tracker 1290825 at bugs.launchpad.net
Fri Mar 28 11:50:46 UTC 2014 

This bug was fixed in the package update-manager - 1:0.196.9

---------------
update-manager (1:0.196.9) trusty; urgency=medium

  [ Sebastien Bacher ]
  * UpdateManager/UpdatesAvailable.py:
    - use the correct icon theme (lp: #1283554)

  [ Marc Deslauriers ]
  * UpdateManager/Dialogs.py: close window after requesting reboot.
    (LP: #1297361)

  [ Michael Vogt ]
  * tests/aptroot-update-list-test:
    - fix test failure caused by not-installable depends (lp: #1295392)
 -- Michael Vogt <michael.vogt at ubuntu.com>   Wed, 26 Mar 2014 12:52:13 +0100

** Changed in: update-manager (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1290825

Title:
  Upgrade using do-release-upgrade takes a long time to start because
  'iptables -L' runs with DNS lookups enabled

Status in “ubuntu-release-upgrader” package in Ubuntu:
  Invalid
Status in “update-manager” package in Ubuntu:
  Fix Released

Bug description:
  An upgrade from Ubuntu 12.04 to 14.04 using 'sudo do-release-upgrade -d' takes a long time (over 3 minutes) to start after answering "yes" to the question:
  If you continue, an additional SSH daemon will be started at port '1022'.  Do you want to continue? 

  Running 'ps afx' at this time shows that 'iptables -L' is being run
  from '/usr/bin/python /tmp/update-manager-djUfxZ/trusty --mode=server
  --frontend=DistUpgradeViewText'

  I think this is because there is an iptables blacklist created by the
  shorewall package. So running 'iptables' without the '-n' option to
  disable DNS lookups means that a DNS query is launched for every IP
  address in the blacklist, some of which do not resolve and so the
  upgrade scripts has to wait for a timeout on each of them.

  Example of iptables being run with DNS lookups:
  $ sudo time -p iptables -L > /dev/null
  real 174.34
  user 0.08
  sys 0.09

  Example of iptables being run without DNS lookups:
  $ sudo time -p iptables -nL > /dev/null
  real 0.08
  user 0.00
  sys 0.00

  The code that runs the 'iptables -L' command seems to be in the
  utils.py in the update-manager temp directory in /tmp/ (/tmp/update-
  manager-djUfxZ/utils.py in this case) and as far as I can tell is only
  run to see if iptabes is active or not.

  So would it be possible to change the iptables command to be 'iptables
  -nL' so that DNS queries are disabled?

  I think this bug may also effect other upgrades, for example 10.04 to
  12.04.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1290825/+subscriptions

More information about the foundations-bugs mailing list