[Bug 1898547] Autopkgtest regression report (iptables/1.8.5-3ubuntu2.20.10.1)

Ubuntu SRU Bot 1898547 at bugs.launchpad.net
Thu Nov 5 21:08:45 UTC 2020


All autopkgtests for the newly accepted iptables (1.8.5-3ubuntu2.20.10.1) for groovy have finished running.
The following regressions have been reported in tests triggered by the package:

sshuttle/1.0.4-1ubuntu4 (arm64)
firewalld/0.9.1-1ubuntu1 (arm64)


Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-
migration/groovy/update_excuses.html#iptables

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1898547

Title:
  neutron-linuxbridge-agent fails to start with iptables 1.8.5

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in iptables package in Ubuntu:
  Fix Committed
Status in neutron package in Ubuntu:
  Invalid
Status in iptables source package in Groovy:
  Fix Committed
Status in neutron source package in Groovy:
  Invalid
Status in iptables source package in Hirsute:
  Fix Committed
Status in neutron source package in Hirsute:
  Invalid

Bug description:
  [Impact]

  With iptables 1.8.5 neutron-linuxbridge-agent fails to properly start.

  The log file shows many errors like:

  2020-10-05 10:20:37.998 551 ERROR
  neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr:
  iptables-restore: line 29 failed

  This can be demonstrated with a simple test case:

  iptables-restore <<EOF
  *filter
  :INPUT - [0:0]
  COMMIT
  EOF

  This fails with iptables 1.8.5 and is a known upstream bug that was
  subsequently fixed in upstream commit
  https://git.netfilter.org/iptables/commit/?id=0bd7a8eaf3582159490ab355b1217a4e42ed021f

  As such, neutron-linuxbridge-agent is not able to be used successfully
  on groovy. This fix to iptables is required to allow neutron-
  linuxbridge-agent to successfully run.

  In hirsute, iptables 1.8.5-3ubuntu3 has been uploaded which fixes this
  bug by backporting the upstream fix from commit
  0bd7a8eaf3582159490ab355b1217a4e42ed021f above. This is currently
  sitting in hirsute-proposed waiting for autopkgtests to complete to
  finish migration.

  For groovy, iptables 1.8.5-3ubuntu2.20.10.1 is sitting in Unapproved
  and is the subject of this SRU (this is simply 1.8.5-3ubuntu3 packaged
  for groovy)

  [Test Case]

  This can be reproduced by the test case.

  
  [Regression Potential] 

   * This is a low risk update since it only affects the behaviour when
  a policy of '-' is specified and so does not affect any users of
  iptables that specify an explicit policy (like ACCEPT, REJECT etc).
  Since this '-' behaviour is currently broken it has a very low chance
  of causing a regression as it does not affect any code paths the use
  an explicit policy.

   * In the event of a regression, iptables can be reverted back to a
  rebuild of 1.8.5-3ubuntu1 by simply backing out this patch.

  [Other Info]
   
   * Details regarding an explicit test verification of neutron-linuxbridge-agent will be added soon.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1898547/+subscriptions



More information about the Ubuntu-openstack-bugs mailing list