 7860f2ba31
			
		
	
	7860f2ba31
	
	
	
		
			
			ebtables is racing with itself when nova and libvirt attempt to create rules at the same time in the nat table. ebtables now has an explicit --concurrent flag, that all tools must opt into to prevent ebtables from inherently being unsafe to run. libvirt gained this support in 1.2.11, which is too new for our ubuntu primary testing environment. Nova still hasn't added this support, though even if it did, we'd run into the issue with libvirt. We can do the most ghetto thing possible and create a wrapper for ebtables that does explicit locking on it's own. It's pretty terrible, but it should work. And it is the kind of work around that people unable to upgrade libvirt will probably need to do. This is an opt in value which we should set in the gate to True. Related-Bug: #1501558 Change-Id: Ic6fa847eba34c21593b9df86a1c2c179534d0ba5
		
			
				
	
	
		
			24 lines
		
	
	
		
			950 B
		
	
	
	
		
			Bash
		
	
	
	
	
	
			
		
		
	
	
			24 lines
		
	
	
		
			950 B
		
	
	
	
		
			Bash
		
	
	
	
	
	
| #!/bin/bash
 | |
| #
 | |
| # Copyright 2015 Hewlett-Packard Development Company, L.P.
 | |
| #
 | |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may
 | |
| # not use this file except in compliance with the License. You may obtain
 | |
| # a copy of the License at
 | |
| #
 | |
| #    http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| # Unless required by applicable law or agreed to in writing, software
 | |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 | |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 | |
| # License for the specific language governing permissions and limitations
 | |
| # under the License.
 | |
| #
 | |
| #
 | |
| # This is a terrible, terrible, truly terrible work around for
 | |
| # environments that have libvirt < 1.2.11. ebtables requires that you
 | |
| # specifically tell it you would like to not race and get punched in
 | |
| # the face when 2 run at the same time with a --concurrent flag.
 | |
| 
 | |
| flock -w 300 /var/lock/ebtables.nova /sbin/ebtables.real $@
 |