iproute-5.12, iptables-1.8.4, and libnftnl-1.1.5
This commit updates iproute from 5.9 to 5.12, iptables from 1.4.21 to
1.8.4, and libnftnl from 1.0.8 to 1.1.5:
- iproute 5.9 does not make use of libbpf, which causes the 'tc' utility
(provided by iproute-tc) to report BTF debugging symbol-related
warnings when eBPF programs are used with tc by the kernel's eBPF
sample test programs, even though the programs appear to work: "BTF
debug data section '.BTF' rejected: Invalid argument (22)!".
- iptables 1.4.21 does not support the --object-pinned option, which is
required to be able to use eBPF programs to match packets.
- libnftnl >= 1.1.5 is a dependency for recent versions of iptables, and
the version of libnftnl in StarlingX's CentOS 7 is 1.0.8.
The versions which are used by this commit are the latest versions in
CentOS 8-Stream as of this writing.
Notes:
- iptables software package bundles a version of ebtables different than
the legacy version already included in StarlingX. The legacy version
supports the broute table and the BROUTING chain and string matching,
whereas the iptables version does not. The legacy version is
deprecated by this commit based on feedback received from colleagues,
mainly to avoid unexpected incompatibilities between ebtables-legacy
and iptables' netfilter/nft-based versions.
Verification:
- All-in-One simplex installation and bootstrap was carried out
successfully.
- Installation and bootstrap was successful on two separate systems: One
system consisting of 2 controller hosts, 4 compute hosts and 2 storage
hosts, and another system consisting of 2 controller hosts and 2
compute hosts.
- Configuration of aggregated links (after using ifenslave manually) and
configuration of virtual function (VF) interfaces (also manually set
up) were carried out with the iproute tools successfully as basic
sanity tests.
- The results of basic ebtables commands (insertion and removal of DROP
rules) were observed in "ebtables -L" output and confirmed to take
effect in a test bed consisting of two network namespaces connected by
bridged interfaces, as a basic sanity test.
- Sample eBPF test programs and scripts shipped with the v5.10 kernel
were executed successfully, with the caveat that there is a need to
install a recent version of LLVM to compile the eBPF test programs.
(I built LLVM-13.0 from scratch.)
Partial-Bug: #1949217
Depends-On: I24bb7c60e353643add5e63ae7ea7c6516d07c7bf
Depends-On: I12d20797db91fecdac409b0535632ac97bd6ad47
Depends-On: If95c2d24c98cb2add5e24548bc45f505c94b4b79
Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I63d557112c653d59b88ac3a4798dee0e89246612
2021-10-27 11:11:07 -04:00
|
|
|
iproute-5.12.0-4.el8.src.rpm#https://vault.centos.org/8-stream/BaseOS/Source/SPackages/iproute-5.12.0-4.el8.src.rpm
|
|
|
|
iptables-1.8.4-21.el8.src.rpm#https://vault.centos.org/8-stream/BaseOS/Source/SPackages/iptables-1.8.4-21.el8.src.rpm
|
networking: Update keepalived from 1.3.5 to 2.1.5
This commit updates keepalived from v1.3.5 to v2.1.5 to avoid failures
encountered when building StarlingX flock container images, which
started to fail with the following errors after the recent iptables
update introduced by commit 36673774ee3c ("iproute-5.12, iptables-1.8.4,
and libnftnl-1.1.5", 2021-10-27):
=== 8< ===
Error: Package: keepalived-1.3.5-19.el7.x86_64 (base)
Requires: libxtables.so.10()(64bit)
Available: iptables-1.4.21-35.el7.x86_64 (base)
libxtables.so.10()(64bit)
Installing: iptables-1.8.4-21.tis.5.x86_64 (stx-mirror-distro)
Not found
=== >8 ===
keepalived-2.1.5 was imported from CentOS 8-Stream where it is the
latest version as of this writing. It should be noted that rebuilding
keepalived-1.3.5 (i.e., CentOS 7's version) was not suitable as
keepalived-1.3.5 does not support iptables-nftables, and the CentOS
8-Stream keepalived RPM cannot be used as is due to the specific
versions of some of its dependencies.
During the preparation of this patch, an unexpected build failure had to
be worked around by disabling SNMP support in keepalived, which is
assumed to not have a negative impact on StarlingX according to a
software architect colleague at Wind River. Please see the description
of the patch named "keepalived.spec-Disable-dependency-on-snmp.patch"
for further details regarding the build failure.
Verification:
- Layered and monolithic StarlingX master branch builds succeed.
- StarlingX container builds, which used to fail without this commit,
succeed as well.
Closes-Bug: #1950513
Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I59bd7d4f8ed89c73248ecd97e6985f91b88c4623
2021-11-10 18:43:13 -05:00
|
|
|
keepalived-2.1.5-6.el8.src.rpm#http://vault.centos.org/8-stream/AppStream/Source/SPackages/keepalived-2.1.5-6.el8.src.rpm
|
iproute-5.12, iptables-1.8.4, and libnftnl-1.1.5
This commit updates iproute from 5.9 to 5.12, iptables from 1.4.21 to
1.8.4, and libnftnl from 1.0.8 to 1.1.5:
- iproute 5.9 does not make use of libbpf, which causes the 'tc' utility
(provided by iproute-tc) to report BTF debugging symbol-related
warnings when eBPF programs are used with tc by the kernel's eBPF
sample test programs, even though the programs appear to work: "BTF
debug data section '.BTF' rejected: Invalid argument (22)!".
- iptables 1.4.21 does not support the --object-pinned option, which is
required to be able to use eBPF programs to match packets.
- libnftnl >= 1.1.5 is a dependency for recent versions of iptables, and
the version of libnftnl in StarlingX's CentOS 7 is 1.0.8.
The versions which are used by this commit are the latest versions in
CentOS 8-Stream as of this writing.
Notes:
- iptables software package bundles a version of ebtables different than
the legacy version already included in StarlingX. The legacy version
supports the broute table and the BROUTING chain and string matching,
whereas the iptables version does not. The legacy version is
deprecated by this commit based on feedback received from colleagues,
mainly to avoid unexpected incompatibilities between ebtables-legacy
and iptables' netfilter/nft-based versions.
Verification:
- All-in-One simplex installation and bootstrap was carried out
successfully.
- Installation and bootstrap was successful on two separate systems: One
system consisting of 2 controller hosts, 4 compute hosts and 2 storage
hosts, and another system consisting of 2 controller hosts and 2
compute hosts.
- Configuration of aggregated links (after using ifenslave manually) and
configuration of virtual function (VF) interfaces (also manually set
up) were carried out with the iproute tools successfully as basic
sanity tests.
- The results of basic ebtables commands (insertion and removal of DROP
rules) were observed in "ebtables -L" output and confirmed to take
effect in a test bed consisting of two network namespaces connected by
bridged interfaces, as a basic sanity test.
- Sample eBPF test programs and scripts shipped with the v5.10 kernel
were executed successfully, with the caveat that there is a need to
install a recent version of LLVM to compile the eBPF test programs.
(I built LLVM-13.0 from scratch.)
Partial-Bug: #1949217
Depends-On: I24bb7c60e353643add5e63ae7ea7c6516d07c7bf
Depends-On: I12d20797db91fecdac409b0535632ac97bd6ad47
Depends-On: If95c2d24c98cb2add5e24548bc45f505c94b4b79
Signed-off-by: M. Vefa Bicakci <vefa.bicakci@windriver.com>
Change-Id: I63d557112c653d59b88ac3a4798dee0e89246612
2021-10-27 11:11:07 -04:00
|
|
|
libnftnl-1.1.5-4.el8.src.rpm#https://vault.centos.org/8-stream/BaseOS/Source/SPackages/libnftnl-1.1.5-4.el8.src.rpm
|
2019-09-12 13:11:10 -04:00
|
|
|
libvirt-python-4.7.0-1.fc28.src.rpm#https://libvirt.org/sources/python/libvirt-python-4.7.0-1.fc28.src.rpm
|
2021-09-02 13:56:33 -04:00
|
|
|
linuxptp-3.1.1-1.el8.src.rpm#http://vault.centos.org/8-stream/AppStream/Source/SPackages/linuxptp-3.1.1-1.el8.src.rpm
|
2020-05-20 23:22:06 +08:00
|
|
|
python-daemon-2.2.3-7.el8.src.rpm#http://vault.centos.org/8.0.1905/virt/Source/ovirt-44/python-daemon-2.2.3-7.el8.src.rpm
|