Reviewed: https://review.opendev.org/c/openstack/neutron/+/883239 Committed: https://opendev.org/openstack/neutron/commit/a612346146db2f9e70a23af55eb7502655666940 Submitter: "Zuul (22348)" Branch: master
commit a612346146db2f9e70a23af55eb7502655666940 Author: Alexander <[email protected]> Date: Mon May 15 19:16:20 2023 +0300 Fix not working use_random_fully config option Fixed bug when config option use_random_fully is set to False all routers accept one configured by l3 agent with iptables "--random-fully" option. Also added storing of use iptables --random-fully config option to "_random_fully" class variable of IptablesManager to reduce checks of iptables version by instances of this class. Closes-Bug: #2018599 Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2018599 Title: Disable config option use_random_fully does not work Status in neutron: Fix Released Bug description: Summary. We use neutron ml2/ovs plugin. Version of neutron is Ussuri. We set config option use_random_fully=false. After reboot neutron-l3-agent only one router configured without iptables option "--random-fully" in SNAT configuration, all other routers, including newly created ones, continue to be configured with option "--random-fully" How to reproduce. 1) Create 2 routers in different projectes. 2) Create 2 floating ip and allocate them to this routers. 3) Set use_random_fully=false in section [agent] of neutron l3-agent config. 4) Reboot l3-agent As result one router will be configured without --random-fully option, another one with it. And newly created routers with floating ip also will be configured with --random-fully Reason of this behavior. For configuration routers(linux namespaces) l3 agent creats separate instance of IptablesManager class witch have property for check of usage random-fully option https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L494 Step 1. When neutron l3 agent call this property first time on first instance of IptablesManager, this property sets to class variable _random_fully value True, https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L499 then check configuration and set instance variable _random_fully value False and return False. https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L502-L505 Step 2. After neutron l3 agent calls on second instance of IptablesManager property random_fully. And on line https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L495 according to MRO algorithm founded variable _random_fully in class not in instance. On previous step that variable was set to True. So property returns True. As result we have one router configured correctly, and all the others not(according to config). We need to disable the use of "--random-full" option, as this is critical for some applications. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2018599/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
