Reviewed: https://review.opendev.org/c/openstack/neutron-fwaas/+/929658 Committed: https://opendev.org/openstack/neutron-fwaas/commit/caca5ae4a0adbf5a2f2eeabbd746dac9d3ac37e6 Submitter: "Zuul (22348)" Branch: master
commit caca5ae4a0adbf5a2f2eeabbd746dac9d3ac37e6 Author: Brian Haley <[email protected]> Date: Tue Sep 17 10:58:57 2024 -0400 Account for iptables-save output spacing differences There are places where the iptables-save output is not exactly as the input, for example: 1) extra space after '-j NFLOG --nflog-prefix' 2) '#/sec' instead of '#/s' for limit-burst 3) '-j REJECT --reject-with icmp-port-unreachable' instead of '-REJECT' Account for that in the code so when iptables debug is enabled the functional tests pass. Related-bug: #2079048 Closes-bug: #2080933 Change-Id: I98fe93019b7d1b84d0622b4430e56b37b7cc0250 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2080933 Title: neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase is broken Status in neutron: Fix Released Bug description: The test cases in neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase are consistently failing now, which blocks the neutron-fwaas- functional job. Example build: https://zuul.opendev.org/t/openstack/build/05d7f31ef63c449d9de275e9a121704b Example failure: ``` neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase.test_start_logging_when_create_log ------------------------------------------------------------------------------------------------------------------------------------ Captured traceback: ~~~~~~~~~~~~~~~~~~~ Traceback (most recent call last): File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/.tox/dsvm-functional-gate/lib/python3.10/site-packages/neutron/tests/base.py", line 178, in func return f(self, *args, **kwargs) File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py", line 301, in test_start_logging_when_create_log self.run_start_logging(ipt_mgr, File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py", line 250, in run_start_logging self.log_driver.start_logging(self.context, File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py", line 241, in start_logging self._create_firewall_group_log(context, resource_type, File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py", line 309, in _create_firewall_group_log ipt_mgr.defer_apply_off() File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/.tox/dsvm-functional-gate/lib/python3.10/site-packages/neutron/agent/linux/iptables_manager.py", line 451, in defer_apply_off self._apply() File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/.tox/dsvm-functional-gate/lib/python3.10/site-packages/neutron/agent/linux/iptables_manager.py", line 478, in _apply raise l3_exc.IpTablesApplyException(msg) neutron_lib.exceptions.l3.IpTablesApplyException: IPTables Rules did not converge. Diff: # Generated by iptables_manager *filter -D run.py-accepted 1 -I run.py-accepted 1 -i qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671 -D run.py-accepted 2 -I run.py-accepted 2 -o qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671 -D run.py-accepted 3 -I run.py-accepted 3 -i qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474 -D run.py-accepted 4 -I run.py-accepted 4 -o qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474 -D run.py-rejected 1 -I run.py-rejected 1 -j REJECT COMMIT # Completed by iptables_manager # Generated by iptables_manager *filter -D run.py-accepted 1 -I run.py-accepted 1 -i qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671 -D run.py-accepted 2 -I run.py-accepted 2 -o qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671 -D run.py-accepted 3 -I run.py-accepted 3 -i qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474 -D run.py-accepted 4 -I run.py-accepted 4 -o qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474 -D run.py-rejected 1 -I run.py-rejected 1 -j REJECT COMMIT # Completed by iptables_manager ``` This might be potentially caused by https://review.opendev.org/c/openstack/neutron/+/928136 . To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2080933/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
