Reviewed: https://review.openstack.org/527965 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=cbee0f9f88ff34f70ff19590471b5405e06ff2a9 Submitter: Zuul Branch: master
commit cbee0f9f88ff34f70ff19590471b5405e06ff2a9 Author: Sławek Kapłoński <[email protected]> Date: Thu Dec 14 14:51:01 2017 +0100 Use same instance of iptables_manager in L2 agent and extensions This commit adds common_agent_extension class which is agent API for L2 extension drivers used e.g. by Linuxbridge agent. This is necessary to be able to use instance of iptables_manager used in firewall driver also in L2 extension drivers (like qos). This patch refactors little bit iptables_manager code to make possible to initialize e.g. mangle or nat table on demand, even if iptables is created as "state_less" Change-Id: I3b66e49b7f176124e8aea3eb96d0d465f1ab1ea0 Closes-Bug: #1736674 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1736674 Title: sg rules are sometimes not applied Status in neutron: Fix Released Status in OpenStack Security Advisory: New Bug description: Failure of negative test in gate: http://logs.openstack.org/19/523319/5/check/neutron-tempest-plugin- scenario-linuxbridge/47b85c6/job- output.txt.gz#_2017-12-01_23_09_02_843619 Reproducing locally with a debug patch, I see that iptables_manager first applies the correct rules and then removes them again immediately after that, see http://paste.openstack.org/show/628245/ Steps to reproduce (taken from neutron_tempest_plugin.scenario.test_security_groups.NetworkDefaultSecGroupTest.test_ip_prefix_negative, possibly not minimal): - create two security groups - add ssh access to first, icmp access to second one - create an instance with these two security groups applied - run iptables-save and discover no rules applied to the instance To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1736674/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
