Ubuntu
openvswitch package

openvswitch-switch package postinst modifies existing configuration

  1. Xenial (16.04)
  2. Bug #1723480
Bug #1723480 reported by Drew Freiberger
26
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Neutron Open vSwitch Charm
Invalid
Undecided
Unassigned
Ubuntu Cloud Archive
Fix Released
High
Unassigned
Mitaka
Fix Released
High
Unassigned
Newton
Fix Released
High
Unassigned
Ocata
Fix Released
High
Unassigned
Pike
Fix Released
High
Unassigned
openvswitch
Invalid
Undecided
auto-dev-3
openvswitch (Ubuntu)
Fix Released
High
Frode Nordahl
Xenial
Fix Released
High
Frode Nordahl
Zesty
Fix Released
High
Frode Nordahl
Artful
Fix Released
High
Frode Nordahl

Bug Description

[Impact]
 * When using OpenvSwitch in a modeled or configuration managed environment unmotivated changes to configuration files like /etc/default/openvswitch-switch will lead unnecessary service restarts on future events in a deployment.

 * Restarting the openvswitch-switch service impacts datapath and should be avoided. Any future updates or security updates to this package will cause problems for existing users and I believe the package in the stable release should be updated because of this.

 * I also believe having a package change existing configuration files to be in conflict with best practices set out in the config files section of the Debian Policy.

 * The proposed fix addresses the issue by removing the processing of /etc/default/openvsiwtch-switch from the postinst script. The template for this processing is installed in /usr/share/openvswitch/switch/default.template should the user want to view comments added there in future updates.

[Test Case]

 * apt install openvswitch-switch
 * edit /etc/default/openvswitch-switch, removing one of the commented out sections
 * apt remove openvswitch-switch
 * stat /etc/default/openvswitch-switch
 * Observe that your modified configuration file remains
 * apt install openvswitch-switch
 * stat /etc/default/openvswitch-switch
 * Observe that the openvswitch-switch package has added comments to your modified configuration file

 * Repeat these steps with the proposed fix and observe that the configuration file is no longer modified by the package postinst script.

[Regression Potential]

 * The current postinst script aims at adding non-existing sections of the template to the default file in /etc. These sections are commented out and have no effect on the running service.

 * End users will find any new configuration options in the template

[Original Bug Description]
Similar to, but slightly different from bug 1712444, we have found the upgrade of the openvswitch-switch package by unattended-upgrade (or otherwise) will trigger the service restart of openvswitch-switch within the neutron-openvswitch charm if the config-changed hook is called.

While this is a reasonable behavior based on an assumption that if the /etc/default/openvswitch-switch file changes due to upgrade and the charm resets it to the charm-configured version of the file, we should want to restart the service to be on the latest code. However, the restart of the service causes between 6-12 seconds of network outage for the tenant VMs utilizing OVS.

Would it be possible to have a config-flag to disable the charm's ability to restart the openvswitch-switch service outside of the install hook to avoid automated network outages due to package upgrades?

Elsewise, is there a way to serialize the resulting restarts in such a way that only one member of the neutron-openvswitch application/service is restarting at a time along with a buffer to allow for high availability applications to failover and fail back and not be afflicted by multiple nodes' switches being restarted simultaneously.

See original description
Revision history for this message
Felipe Reyes (freyes) wrote : Re: [Bug 1723480] [NEW] openvswitch-switch package upgrade triggers openvswitch-switch service restart

On Fri, Oct 13, 2017 at 05:00:16PM -0000, Drew Freiberger wrote:
[...]
> Elsewise, is there a way to serialize the resulting restarts in such a
> way that only one member of the neutron-openvswitch application/service
> is restarting at a time along with a buffer to allow for high
> availability applications to failover and fail back and not be afflicted
> by multiple nodes' switches being restarted simultaneously.

This seems to be cover what you are asking here: https://review.openstack.org/#/c/504310/

Revision history for this message
Frode Nordahl (fnordahl) wrote : Re: openvswitch-switch package upgrade triggers openvswitch-switch service restart

1) A upgrade of the openvswitch-switch package will in itself trigger a restart of the openvswtich daemons.

The charm does not react to any change of /etc/default/openvswitch-switch independently.

2) In the event of the config-changed hook being fired at a later date after the /etc/default/openvswitch-switch file was changed, the /etc/default/openvswtich-switch file will be rewritten and subsequently the service will be restarted.

This is the bit we need to consider and address in this bug.

The solution might involve changing the deb package behavior and its handling of the /etc/default/openvswitch-switch file.

Revision history for this message
Frode Nordahl (fnordahl) wrote : Re: openvswitch-switch package upgrade overwrites /etc/default/openvswitch-switch

Marking invalid for charm as this should be fixed in the openvswitch package itself.

summary: - openvswitch-switch package upgrade triggers openvswitch-switch service
- restart
+ openvswitch-switch package upgrade overwrites /etc/default/openvswitch-
+ switch
Changed in charm-neutron-openvswitch:
status: New → Invalid
Changed in openvswitch (Ubuntu):
importance: Undecided → High
assignee: nobody → Frode Nordahl (fnordahl)
status: New → Triaged
Frode Nordahl (fnordahl)
Changed in openvswitch (Ubuntu):
status: Triaged → Confirmed
Frode Nordahl (fnordahl)
summary: - openvswitch-switch package upgrade overwrites /etc/default/openvswitch-
- switch
+ openvswitch-switch package postinst modifies existing configuration
Revision history for this message
Frode Nordahl (fnordahl) wrote :
Revision history for this message
Frode Nordahl (fnordahl) wrote :
Revision history for this message
Frode Nordahl (fnordahl) wrote :
Ryan Beisner (1chb1n)
tags: added: uosci
James Page (james-page)
Changed in openvswitch (Ubuntu Zesty):
status: New → Triaged
Changed in openvswitch (Ubuntu Xenial):
status: New → Triaged
Changed in openvswitch (Ubuntu Zesty):
importance: Undecided → High
Changed in openvswitch (Ubuntu Xenial):
importance: Undecided → High
Changed in openvswitch (Ubuntu Artful):
status: Confirmed → Triaged
Changed in openvswitch:
status: New → Invalid
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "openvswitch.patch" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
James Page (james-page) wrote :

I think the proposed patch is OK - the package actually directly installs a defaults file anyway so we can probably go further by removing the processing of the template in the postinst script.

Frode Nordahl (fnordahl)
description: updated
Frode Nordahl (fnordahl)
tags: added: sts-sru-needed
Revision history for this message
James Page (james-page) wrote :

Proposed fixed packages testing in:

  https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2998

Revision history for this message
Frode Nordahl (fnordahl) wrote :

xenial/amd64:
root@x:~# apt install openvswitch-switch
root@x:~# :> /etc/default/openvswitch-switch
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14968202 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 09:50:21.337020599 +0000
Modify: 2017-10-19 09:50:44.097232290 +0000
Change: 2017-10-19 09:50:44.097232290 +0000
 Birth: -
root@x:~# add-apt-repository ppa:ci-train-ppa-service/2998 && apt update && apt -y upgrade
root@x:~# stat /etc/default/openvswitch-switch
   File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14968202 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 09:53:45.194915064 +0000
Modify: 2017-10-19 09:50:44.097232290 +0000
Change: 2017-10-19 09:50:44.097232290 +0000
 Birth: -

zesty/amd64:
root@z:~# apt install openvswitch-switch
root@z:~# :> /etc/default/openvswitch-switch
root@z:~# add-apt-repository ppa:ci-train-ppa-service/2998 && apt update && apt -y upgrade
root@z:~# stat /etc/default/openvswitch-switch
  File: /etc/default/openvswitch-switch
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14968032 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 10:01:51.591425454 +0000
Modify: 2017-10-19 10:01:28.955215741 +0000
Change: 2017-10-19 10:01:28.955215741 +0000
 Birth: -

artful/amd64:
root@a:~# apt install openvswitch-switch
root@a:~# stat /etc/default/openvswitch-switch
  File: /etc/default/openvswitch-switch
  Size: 896 Blocks: 8 IO Block: 4096 regular file
Device: fd01h/64769d Inode: 14759132 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 10:05:09.497258445 +0000
Modify: 2017-08-08 10:06:03.000000000 +0000
Change: 2017-10-19 10:05:09.433257852 +0000
 Birth: -
root@a:~# :> /etc/default/openvswitch-switch
root@a:~# add-apt-repository ppa:ci-train-ppa-service/2998 && apt update && apt -y upgrade
root@a:~# stat /etc/default/openvswitch-switch
  File: /etc/default/openvswitch-switch
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14759132 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 10:05:54.489675055 +0000
Modify: 2017-10-19 10:05:19.757353452 +0000
Change: 2017-10-19 10:05:19.757353452 +0000
 Birth: -

Revision history for this message
Frode Nordahl (fnordahl) wrote :

Test packages LGTM on amd64

Revision history for this message
James Page (james-page) wrote :

Adding SRU team for review; packages uploaded for xenial, zesty and artful.

Artful package also includes the fix for the s390x test failure.

Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Drew, or anyone else affected,

Accepted openvswitch into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openvswitch/2.8.0-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openvswitch (Ubuntu Artful):
status: Triaged → Fix Committed
tags: added: verification-needed verification-needed-artful
Changed in openvswitch (Ubuntu Zesty):
status: Triaged → Fix Committed
tags: added: verification-needed-zesty
Revision history for this message
Adam Conrad (adconrad) wrote :

Hello Drew, or anyone else affected,

Accepted openvswitch into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openvswitch/2.6.1-0ubuntu5.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-zesty to verification-done-zesty. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-zesty. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in openvswitch (Ubuntu Xenial):
status: Triaged → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Adam Conrad (adconrad) wrote :

Hello Drew, or anyone else affected,

Accepted openvswitch into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openvswitch/2.5.2-0ubuntu0.16.04.3 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvswitch - 2.8.0-0ubuntu2

---------------
openvswitch (2.8.0-0ubuntu2) artful; urgency=medium

  [ James Page ]
  * d/p/s390x-stp-timeout.patch: Increase STP sync wait time for
    'STP - flush the fdb and mdb when topology changed' test as this
    reliable takes longer than 36 seconds on s390x (LP: #1722799).

  [ Frode Nordahl ]
  * d/openvswitch-switch.postinst: Do not modify
    /etc/default/openvswitch-switch as this file is now managed
    as a configuration file by dpkg (LP: #1723480).

 -- James Page <email address hidden> Thu, 19 Oct 2017 11:04:37 +0100

Changed in openvswitch (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Frode Nordahl (fnordahl) wrote :

$ lxc launch images:ubuntu/artful a
Creating a
Starting a
$ lxc exec a bash
root@a:~# apt update && apt -y upgrade && apt -y install openvswitch-switch
...
root@a:~# :> /etc/default/openvswitch-switch
root@a:~# stat /etc/default/openvswitch-switch
  File: /etc/default/openvswitch-switch
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14759150 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 12:28:08.390586355 +0000
Modify: 2017-10-19 12:28:59.531127160 +0000
Change: 2017-10-19 12:28:59.531127160 +0000
 Birth: -
root@a:~# echo "deb http://archive.ubuntu.com/ubuntu artful-proposed main restricted universe multiverse" >> /etc/apt/sources.list
root@a:~# apt update && apt -y upgrade
...
root@a:~# stat /etc/default/openvswitch-switch
  File: /etc/default/openvswitch-switch
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14759150 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-19 12:29:31.751451121 +0000
Modify: 2017-10-19 12:28:59.531127160 +0000
Change: 2017-10-19 12:28:59.531127160 +0000
 Birth: -
root@a:~#

tags: added: verification-done-artful
removed: verification-needed-artful
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Hello Drew, or anyone else affected,

Accepted openvswitch into pike-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:pike-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-pike-needed to verification-pike-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-pike-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-pike-needed
Revision history for this message
Frode Nordahl (fnordahl) wrote :

$ lxc launch ubuntu: x
Creating x
Starting x
$ lxc exec x bash
root@x:~# apt update && apt -y upgrade && apt install openvswitch-switch
root@x:~# :> /etc/default/openvswitch-switch
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14861040 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:04:18.041237973 +0000
Modify: 2017-10-20 08:04:29.773358746 +0000
Change: 2017-10-20 08:04:29.773358746 +0000
 Birth: -
root@x:~# echo "deb http://no.archive.ubuntu.com/ubuntu/ xenial-proposed main" >> /etc/apt/sources.list
root@x:~# apt update && apt -y upgrade
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14861040 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:06:02.434312621 +0000
Modify: 2017-10-20 08:04:29.773358746 +0000
Change: 2017-10-20 08:04:29.773358746 +0000
 Birth: -

tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
James Page (james-page) wrote :

Hello Drew, or anyone else affected,

Accepted openvswitch into mitaka-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:mitaka-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-mitaka-needed to verification-mitaka-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-mitaka-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-mitaka-needed
Revision history for this message
James Page (james-page) wrote :

Hello Drew, or anyone else affected,

Accepted openvswitch into ocata-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:ocata-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ocata-needed to verification-ocata-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ocata-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-ocata-needed
Revision history for this message
Frode Nordahl (fnordahl) wrote :

$ lxc launch ubuntu: x && lxc exec x bash
Creating x
Starting x
root@x:~# add-apt-repository cloud-archive:pike
root@x:~# apt update
root@x:~# apt install openvswitch-switch
root@x:~# :> /etc/default/openvswitch-switch
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14861244 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:27:39.768654714 +0000
Modify: 2017-10-20 08:27:52.420151020 +0000
Change: 2017-10-20 08:27:52.420151020 +0000
 Birth: -
root@x:~# add-apt-repository cloud-archive:pike-proposed
root@x:~# apt update
root@x:~# apt upgrade
...
Configuration file '/etc/default/openvswitch-switch'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ? Your options are:
    Y or I : install the package maintainer's version
    N or O : keep your currently-installed version
      D : show the differences between the versions
      Z : start a shell to examine the situation
 The default action is to keep your current version.
*** openvswitch-switch (Y/I/N/O/D/Z) [default=N] ?
...
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14861244 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:28:23.345205687 +0000
Modify: 2017-10-20 08:27:52.420151020 +0000
Change: 2017-10-20 08:27:52.420151020 +0000
 Birth: -

tags: added: done verification-pike-
removed: verification-pike-needed
Revision history for this message
Frode Nordahl (fnordahl) wrote :

frode@frode-Precision-5520:~$ lxc launch ubuntu:zesty z
Creating z
Starting z
frode@frode-Precision-5520:~$ lxc exec z bash
root@z:~# apt update && apt -y install openvswitch-switch
root@z:~# :> /etc/default/openvswitch-switch
root@z:~# echo "deb http://archive.ubuntu.com/ubuntu zesty-proposed main" >> /etc/apt/sources.list
root@z:~# apt update && apt -y upgrade
root@z:~# stat /etc/default/openvswitch-switch
  File: /etc/default/openvswitch-switch
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14861317 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:35:22.794511976 +0000
Modify: 2017-10-20 08:34:18.824843262 +0000
Change: 2017-10-20 08:34:18.824843262 +0000
 Birth: -
root@z:~#

tags: added: verification-done-zesty verification-pike-done
removed: done verification-needed-zesty verification-pike-
Revision history for this message
Frode Nordahl (fnordahl) wrote :

$ lxc launch ubuntu: x && lxc exec x bash
Creating x
Starting x
root@x:~# add-apt-repository cloud-archive:ocata
root@x:~# apt update
root@x:~# apt install openvswitch-switch
root@x:~# :> /etc/default/openvswitch-switch
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14861432 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:43:11.595289966 +0000
Modify: 2017-10-20 08:43:18.263835448 +0000
Change: 2017-10-20 08:43:18.263835448 +0000
 Birth: -
root@x:~# add-apt-repository cloud-archive:ocata-proposed
root@x:~# apt update
root@x:~# apt upgrade
...
Configuration file '/etc/default/openvswitch-switch'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ? Your options are:
    Y or I : install the package maintainer's version
    N or O : keep your currently-installed version
      D : show the differences between the versions
      Z : start a shell to examine the situation
 The default action is to keep your current version.
*** openvswitch-switch (Y/I/N/O/D/Z) [default=N] ?
...
root@x:~# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 237 Blocks: 8 IO Block: 4096 regular file
Device: fd01h/64769d Inode: 14861432 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 08:43:52.358653191 +0000
Modify: 2017-10-20 08:43:52.110632535 +0000
Change: 2017-10-20 08:43:52.110632535 +0000
 Birth: -
root@x:~#

tags: added: verification-ocata-done
removed: verification-ocata-needed
Revision history for this message
Frode Nordahl (fnordahl) wrote :

$ lxc launch ubuntu:trusty t && lxc exec t bash
Creating t
Starting t
root@t:~# add-apt-repository cloud-archive:mitaka
root@t:~# apt update && apt -y install openvswitch-switch
root@t:~# :> /etc/default/openvswitch-switch && stat /etc/default/openvswitch-switch
  File: ‘/etc/default/openvswitch-switch’
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14966380 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 09:53:44.036926299 +0000
Modify: 2017-10-20 09:54:02.340015828 +0000
Change: 2017-10-20 09:54:02.340015828 +0000
 Birth: -
root@t:~# add-apt-repository -y cloud-archive:mitaka-proposed && apt -y update && apt -y upgrade
root@t:~# stat /etc/default/openvswitch-switch
  File: ‘/etc/default/openvswitch-switch’
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14966380 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-10-20 09:54:57.401544663 +0000
Modify: 2017-10-20 09:54:02.340015828 +0000
Change: 2017-10-20 09:54:02.340015828 +0000
 Birth: -
root@t:~#

tags: added: verification-done verification-mitaka-done
removed: verification-mitaka-needed verification-needed
Eric Desrochers (slashd)
Changed in openvswitch (Ubuntu Zesty):
assignee: nobody → Frode Nordahl (fnordahl)
Changed in openvswitch (Ubuntu Xenial):
assignee: nobody → Frode Nordahl (fnordahl)
Revision history for this message
Corey Bryant (corey.bryant) wrote :

Regression testing with OpenStack tempest has completed successfully for ocata.

xenial-ocata proposed stable charms:

======
Totals
======
Ran: 102 tests in 1742.1837 sec.
 - Passed: 93
 - Skipped: 9
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 856.3288 sec.

xenial-ocata proposed dev charms:

======
Totals
======
Ran: 102 tests in 1987.3271 sec.
 - Passed: 93
 - Skipped: 9
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 1008.6304 sec.

zesty-ocata proposed stable charms:

======
Totals
======
Ran: 102 tests in 1604.2247 sec.
 - Passed: 93
 - Skipped: 9
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 843.3645 sec.

zesty-ocata proposed dev charms:

======
Totals
======
Ran: 102 tests in 1579.9423 sec.
 - Passed: 93
 - Skipped: 9
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 867.0801 sec.

Revision history for this message
Corey Bryant (corey.bryant) wrote :

Regression testing with OpenStack tempest has completed successfully for xenial-pike-proposed.

smoke tests with next charms:

======
Totals
======
Ran: 102 tests in 1361.9098 sec.
 - Passed: 93
 - Skipped: 9
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 616.0666 sec.

smoke tests with stable charms:

======
Totals
======
Ran: 102 tests in 1361.9098 sec.
 - Passed: 93
 - Skipped: 9
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 0
Sum of execute time for each test: 616.0666 sec.

tags: added: verification-pike-done
removed: verification-pike-needed

Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for openvswitch has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvswitch - 2.5.2-0ubuntu0.16.04.3

---------------
openvswitch (2.5.2-0ubuntu0.16.04.3) xenial; urgency=medium

  * d/openvswitch-switch.postinst: Do not modify
    /etc/default/openvswitch-switch as this file is now managed
    as a configuration file by dpkg (LP: #1723480).

 -- Frode Nordahl <email address hidden> Tue, 17 Oct 2017 16:38:57 +0000

Changed in openvswitch (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openvswitch - 2.6.1-0ubuntu5.2

---------------
openvswitch (2.6.1-0ubuntu5.2) zesty; urgency=medium

  * d/openvswitch-switch.postinst: Do not modify
    /etc/default/openvswitch-switch as this file is now managed
    as a configuration file by dpkg (LP: #1723480).

 -- Frode Nordahl <email address hidden> Tue, 17 Oct 2017 16:32:44 +0000

Changed in openvswitch (Ubuntu Zesty):
status: Fix Committed → Fix Released
Revision history for this message
James Page (james-page) wrote :

The verification of the Stable Release Update for openvswitch has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package openvswitch - 2.5.2-0ubuntu0.16.04.3~cloud0
---------------

 openvswitch (2.5.2-0ubuntu0.16.04.3~cloud0) trusty-mitaka; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 openvswitch (2.5.2-0ubuntu0.16.04.3) xenial; urgency=medium
 .
   * d/openvswitch-switch.postinst: Do not modify
     /etc/default/openvswitch-switch as this file is now managed
     as a configuration file by dpkg (LP: #1723480).

Revision history for this message
James Page (james-page) wrote :

The verification of the Stable Release Update for openvswitch has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package openvswitch - 2.6.1-0ubuntu5.2~cloud0
---------------

 openvswitch (2.6.1-0ubuntu5.2~cloud0) xenial-ocata; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 openvswitch (2.6.1-0ubuntu5.2) zesty; urgency=medium
 .
   * d/openvswitch-switch.postinst: Do not modify
     /etc/default/openvswitch-switch as this file is now managed
     as a configuration file by dpkg (LP: #1723480).

Revision history for this message
James Page (james-page) wrote :

The verification of the Stable Release Update for openvswitch has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package openvswitch - 2.8.0-0ubuntu2~cloud0
---------------

 openvswitch (2.8.0-0ubuntu2~cloud0) xenial-pike; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 openvswitch (2.8.0-0ubuntu2) artful; urgency=medium
 .
   [ James Page ]
   * d/p/s390x-stp-timeout.patch: Increase STP sync wait time for
     'STP - flush the fdb and mdb when topology changed' test as this
     reliable takes longer than 36 seconds on s390x (LP: #1722799).
 .
   [ Frode Nordahl ]
   * d/openvswitch-switch.postinst: Do not modify
     /etc/default/openvswitch-switch as this file is now managed
     as a configuration file by dpkg (LP: #1723480).

Changed in cloud-archive:
status: Fix Committed → Fix Released
Revision history for this message
James Page (james-page) wrote : Please test proposed package

Hello Drew, or anyone else affected,

Accepted openvswitch into newton-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

  sudo add-apt-repository cloud-archive:newton-proposed
  sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-newton-needed to verification-newton-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-newton-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-newton-needed
Revision history for this message
Frode Nordahl (fnordahl) wrote :

$ lxc launch ubuntu: x && lxc exec x bash
Creating x
Starting x
# add-apt-repository cloud-archive:newton
# apt update
# apt install openvswitch-switch
# :> /etc/default/openvswitch-switch
# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14858175 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-11-21 09:23:42.900017945 +0000
Modify: 2017-11-21 09:23:57.916081741 +0000
Change: 2017-11-21 09:23:57.916081741 +0000
 Birth: -
# add-apt-repository cloud-archive:newton-proposed
# apt update
# apt upgrade
# stat /etc/default/openvswitch-switch
  File: '/etc/default/openvswitch-switch'
  Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd01h/64769d Inode: 14858175 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2017-11-21 09:24:48.264310472 +0000
Modify: 2017-11-21 09:23:57.916081741 +0000
Change: 2017-11-21 09:23:57.916081741 +0000
 Birth: -
#

tags: added: verification-newton-done
removed: verification-newton-needed
Revision history for this message
James Page (james-page) wrote : Update Released

The verification of the Stable Release Update for openvswitch has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
James Page (james-page) wrote :

This bug was fixed in the package openvswitch - 2.6.1-0ubuntu0.16.10.2~cloud0
---------------

 openvswitch (2.6.1-0ubuntu0.16.10.2~cloud0) xenial; urgency=medium
 .
   * SECURITY UPDATE: DoS while parsing OFPT_QUEUE_GET_CONFIG_REPLY message
     - debian/patches/CVE-2017-9214.patch: properly check length in
       lib/ofp-util.c.
     - CVE-2017-9214
   * SECURITY UPDATE: DoS while parsing OpenFlow role status message
     - debian/patches/CVE-2017-9263.patch: don't abort on unknown reason in
       lib/ofp-print.c.
     - CVE-2017-9263
   * SECURITY UPDATE: DoS in firewall implementation
     - debian/patches/CVE-2017-9264.patch: fix checks for header sizes in
       lib/conntrack.c.
     - CVE-2017-9264
   * SECURITY UPDATE: DoS while parsing group mod OpenFlow message
     - debian/patches/CVE-2017-9265.patch: check length in lib/ofp-util.c.
     - CVE-2017-9265
   * d/openvswitch-switch.postinst: Do not modify
     /etc/default/openvswitch-switch as this file is now managed
     as a configuration file by dpkg (LP: #1723480).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.