diff options
author | Alexander <shishebarov.a@selectel.ru> | 2023-05-15 19:16:20 +0300 |
---|---|---|
committer | Alexander <shishebarov.a@selectel.ru> | 2023-05-16 19:23:50 +0300 |
commit | a612346146db2f9e70a23af55eb7502655666940 (patch) | |
tree | c0fdde494a59ea933651209c39e53a4e24878089 | |
parent | 01af4b2cda928d76d64ff828f597f3a4dc988199 (diff) | |
download | neutron-a612346146db2f9e70a23af55eb7502655666940.tar.gz |
Fix not working use_random_fully config option
Fixed bug when config option use_random_fully is
set to False all routers accept one configured
by l3 agent with iptables "--random-fully" option.
Also added storing of use iptables --random-fully
config option to "_random_fully" class variable
of IptablesManager to reduce checks of iptables
version by instances of this class.
Closes-Bug: #2018599
Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
-rw-r--r-- | neutron/agent/linux/iptables_manager.py | 7 | ||||
-rw-r--r-- | neutron/tests/unit/agent/linux/test_iptables_manager.py | 34 |
2 files changed, 38 insertions, 3 deletions
diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py index 3df8e8cfc4..aab8d4364b 100644 --- a/neutron/agent/linux/iptables_manager.py +++ b/neutron/agent/linux/iptables_manager.py @@ -304,7 +304,7 @@ class IptablesManager(object): # run iptables-restore without it. use_table_lock = False - # Flag to denote iptables supports --random-fully argument + # Flag to denote iptables --random-fully option enabled _random_fully = None def __init__(self, state_less=False, use_ipv6=False, nat=True, @@ -495,10 +495,11 @@ class IptablesManager(object): return self._random_fully version = self._get_version() - self.__class__._random_fully = utils.is_version_greater_equal( + + random_fully_support = utils.is_version_greater_equal( version, n_const.IPTABLES_RANDOM_FULLY_VERSION) - self._random_fully = self._random_fully and \ + self.__class__._random_fully = random_fully_support and \ cfg.CONF.AGENT.use_random_fully return self._random_fully diff --git a/neutron/tests/unit/agent/linux/test_iptables_manager.py b/neutron/tests/unit/agent/linux/test_iptables_manager.py index f005bfde43..2d0743e2e1 100644 --- a/neutron/tests/unit/agent/linux/test_iptables_manager.py +++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py @@ -1395,3 +1395,37 @@ class IptablesManagerNoNatTestCase(base.BaseTestCase): iptables.initialize_nat_table() self.assertIn('nat', iptables.ipv4) self.assertIn('mangle', iptables.ipv4) + + +class IptablesRandomFullyFixture(fixtures.Fixture): + def _setUp(self): + # We MUST save and restore _random_fully because it is a class + # attribute and could change state in some tests, which can cause + # the other router test cases to randomly fail due to race conditions. + self._random_fully = iptables_manager.IptablesManager._random_fully + iptables_manager.IptablesManager._random_fully = None + self.addCleanup(self._reset) + + def _reset(self): + iptables_manager.IptablesManager._random_fully = self._random_fully + + +class IptablesManagerDisableRandomFullyTestCase(base.BaseTestCase): + + def setUp(self): + super(IptablesManagerDisableRandomFullyTestCase, self).setUp() + self.useFixture(IptablesRandomFullyFixture()) + self.execute = mock.patch.object(linux_utils, "execute").start() + cfg.CONF.set_override('use_random_fully', False, "AGENT") + + def test_verify_disable_random_fully(self): + expected_calls_and_values = [ + (mock.call(['iptables', '--version'], + run_as_root=True, privsep_exec=True), + "iptables v1.6.2")] + tools.setup_mock_calls(self.execute, expected_calls_and_values) + iptables_mgrs = [iptables_manager.IptablesManager() for _ in range(3)] + # The random_full properties of all + # IptablesManager instances must return False + for ipt_mgr in iptables_mgrs: + self.assertFalse(ipt_mgr.random_fully) |