Bug 2052926

Summary: Deploy RHEL's init script into Rawhide
Product: [Fedora] Fedora Reporter: Phil Sutter <psutter>
Component: ipsetAssignee: Phil Sutter <psutter>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: egarver, qe-baseos-daemons, sbrivio, sobolev, ssahani, todoleza
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipset-7.15-3.fc37 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2038818 Environment:
Last Closed: 2022-03-16 11:43:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Phil Sutter 2022-02-10 09:57:51 UTC 
+++ This bug was initially created as a clone of Bug #2038818 +++

Description of problem:
I have large saved hash:ip set (>200000 entries).
systemctl restart ipset works more than 10 minutes and timed out.

Version-Release number of selected component (if applicable): ipset-service-7.1-1.el8.noarch


How reproducible:


Steps to Reproduce:
1. Create set with 200000+ entries
2. Save it - /usr/libexec/ipset/ipset.start-stop save
3. systemctl restart ipset

Actual results:
systemctl timed out on service start.


Expected results:
Set restored. Quickly.
Comment 1 Phil Sutter 2022-02-10 09:59:50 UTC 
This is the solution as agreed upon in the original ticket:

--- a/ipset.start-stop
+++ b/ipset.start-stop
@@ -257,7 +257,13 @@ load() {
        CLEAN_FILES="${CLEAN_FILES} ${mangled}"
        chmod 600 "${mangled}"
 
-       awk '/^(add|create) ('"${conflicts}"')/ { printf "%s ",$1; system("echo '${salt}'" $2 " | md5sum | head -c31"); $1=""; $2=""; print; next} {print}' "${merged}" > "${mangled}"
+       cat "${merged}" > "${mangled}"
+       IFS='|'
+       for set in ${conflicts}; do
+               new_name=$(echo "${salt}${set}" | md5sum | head -c31)
+               echo "s/^(add|create) $set /\1 $new_name /"
+       done | sed -i -r -f - "${mangled}"
+       unset IFS
        if ! ipset_restore "${mangled}"; then
                err "Failed to restore configured sets"
                exit 1
Comment 2 Nicolas Chauvet (kwizart) 2022-03-15 14:45:05 UTC 
@Phil,

Can you forward this change to rawhide so it can be propagated into fedora-next (and c9s eventually).

Thanks in advance.
Comment 3 Phil Sutter 2022-03-15 15:08:13 UTC 
Hi Nicolas,

(In reply to Nicolas Chauvet (kwizart) from comment #2)
> Can you forward this change to rawhide so it can be propagated into
> fedora-next (and c9s eventually).
> 
> Thanks in advance.

I don't own the package in Fedora, so it's up to Eric to push the change.
Regarding C9S/RHEL9, progress is tracked in Bug 2043008.
Comment 4 Eric Garver 2022-03-15 15:40:47 UTC 
(In reply to Phil Sutter from comment #3)
> Hi Nicolas,
> 
> (In reply to Nicolas Chauvet (kwizart) from comment #2)
> > Can you forward this change to rawhide so it can be propagated into
> > fedora-next (and c9s eventually).
> > 
> > Thanks in advance.
> 
> I don't own the package in Fedora, so it's up to Eric to push the change.
> Regarding C9S/RHEL9, progress is tracked in Bug 2043008.

If someone opens a PR at https://src.fedoraproject.org/rpms/ipset I can review/merge.
Comment 5 Phil Sutter 2022-03-15 16:25:37 UTC 
Turns out the reported issue is not present in Fedora as its init script is
much simpler.

I'll therefore repurpose this ticket to push RHEL's init script into Fedora -
this should help at least with the next sync.