Reviewed: https://review.opendev.org/c/openstack/neutron/+/811318 Committed: https://opendev.org/openstack/neutron/commit/f18edfdf450179f6bc8a47f3b143f2701bd93e0e Submitter: "Zuul (22348)" Branch: master
commit f18edfdf450179f6bc8a47f3b143f2701bd93e0e Author: Rodolfo Alonso Hernandez <[email protected]> Date: Mon Sep 27 16:22:45 2021 +0000 [DVR] Check if SNAT iptables manager is initialized Check if SNAT iptables manager is initialized before processing the IP NAT rules. If the router never had an external GW port, the DVR GW in the SNAT namespace has not been created and the SNAT iptables manager has not been initialized. In this case, the IP NAT rules for centralized FIPs (to be applied on the SNAT namespace) cannot be set. Closes-Bug: #1945215 Change-Id: I426602514805d728f8cd78e42f2b0979b2101089 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1945215 Title: "process_floating_ip_nat_rules_for_centralized_floatingip" should check if self.snat_iptables_manager was initialized Status in neutron: Fix Released Bug description: Environment: L3 agent configuration: agent_mode=dvr_snat. The L3 agent is located in a controller node, acting as a DVR edge router (no HA). Description: When "process_floating_ip_nat_rules_for_centralized_floatingip" is called, this method should check first if "self.snat_iptables_manager" has been initialized. The method "process_floating_ip_nat_rules_for_centralized_floatingip" is called from: <-- DvrEdgeRouter.process_floating_ip_nat_rules <-- RouterInfo.process_snat_dnat_for_fip <-- RouterInfo.process_external The method "RouterInfo.process_external" will first call "RouterInfo._process_external_gateway" --> "DvrEdgeRouter.external_gateway_added" --> "DvrEdgeRouter._create_dvr_gateway". This last method initializes the SNAT iptables manager [1] (this code has been around unchanged six years). However "DvrEdgeRouter.external_gateway_added" is only called if "ex_gw_port" exists. That means if the GW port does not exist, the SNAT iptables manager is None. Error example (snippet): https://paste.opendev.org/show/809621/ This bug is similar to https://bugs.launchpad.net/neutron/+bug/1560945 (related patch: https://review.opendev.org/c/openstack/neutron/+/296394). Steps to Reproduce: (I'm not 100% sure, I still need to check) Create a FIP in a SNAT DVR router without GW port. Bugzilla reference: https://bugzilla.redhat.com/show_bug.cgi?id=2008155 [1]https://github.com/openstack/neutron/blob/1d450dbddc8c3d34948ab3d9a8346dd491d9cc7c/neutron/agent/l3/dvr_edge_router.py#L196-L198 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1945215/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
