From 3c0d57c884d574485ac6fb4cad52caec5f220df4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Weing=C3=A4rtner?= Date: Mon, 14 Sep 2020 08:16:04 -0300 Subject: [PATCH] Set metering iptables chain not found LOG level to WARNING When routers are migrated from one Neutron agent to the other, the metering IPtables rules are removed, which can cause some exceptions that can be ignored. The metering agent already handled this situation. However, it logs the message as an ERROR, which can triggers alarms. Therefore, we propose here to change the LOG message from error to warning. Closes-Bug: #1904874 Change-Id: I1805a07cef7fc7d7b041e582a4d79fb1a805df71 --- neutron/agent/linux/iptables_manager.py | 10 ++++++- .../drivers/iptables/iptables_driver.py | 9 ++++-- .../unit/agent/linux/test_iptables_manager.py | 30 ++++++++++--------- 3 files changed, 31 insertions(+), 18 deletions(-) diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py index cfe80805261..9bd5d6e0aff 100644 --- a/neutron/agent/linux/iptables_manager.py +++ b/neutron/agent/linux/iptables_manager.py @@ -775,7 +775,15 @@ class IptablesManager(object): args.append('-Z') if self.namespace: args = ['ip', 'netns', 'exec', self.namespace] + args - current_table = self.execute(args, run_as_root=True) + + # Execute iptables command in the linux host. + # When routers migrate from a host,an exception might happen here, + # and we do not care about it. Therefore, we do not need to log + # this error in production environments. Only when debug mode is + # enabled is that we need to log the error. This is used to avoid + # generating alarms that will be ignored by operators. + current_table = self.execute( + args, run_as_root=True, log_fail_as_error=cfg.CONF.debug) current_lines = current_table.split('\n') for line in current_lines[2:]: diff --git a/neutron/services/metering/drivers/iptables/iptables_driver.py b/neutron/services/metering/drivers/iptables/iptables_driver.py index 96e93f97f7d..fdc20244985 100644 --- a/neutron/services/metering/drivers/iptables/iptables_driver.py +++ b/neutron/services/metering/drivers/iptables/iptables_driver.py @@ -470,9 +470,12 @@ class IptablesMeteringDriver(abstract_driver.MeteringAbstractDriver): chain_acc = rm.iptables_manager.get_traffic_counters( chain, wrap=False, zero=True) - except RuntimeError: - LOG.exception('Failed to get traffic counters, ' - 'router: %s', router) + except RuntimeError as e: + LOG.warning('Failed to get traffic counters for router [%s] due ' + 'to [%s]. This error message can happen when routers ' + 'are migrated; therefore, most of the times they can ' + 'be ignored.', router, e) + routers_to_reconfigure.add(router['id']) return {} return chain_acc diff --git a/neutron/tests/unit/agent/linux/test_iptables_manager.py b/neutron/tests/unit/agent/linux/test_iptables_manager.py index 0dfd964b32a..9479ca241b5 100644 --- a/neutron/tests/unit/agent/linux/test_iptables_manager.py +++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py @@ -1020,34 +1020,36 @@ class IptablesManagerStateFulTestCase(IptablesManagerBaseTestCase): expected_calls_and_values = [ (mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), TRAFFIC_COUNTERS_DUMP), (mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), ''), (mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), ''), (mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), ''), ] if self.use_ipv6: expected_calls_and_values.append( (mock.call(['ip6tables', '-t', 'raw', '-L', 'OUTPUT', - '-n', '-v', '-x', '-w', '10'], run_as_root=True), + '-n', '-v', '-x', '-w', '10'], run_as_root=True, + log_fail_as_error=False), '')) expected_calls_and_values.append( (mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), TRAFFIC_COUNTERS_DUMP)) expected_calls_and_values.append( (mock.call(['ip6tables', '-t', 'mangle', '-L', 'OUTPUT', - '-n', '-v', '-x', '-w', '10'], run_as_root=True), + '-n', '-v', '-x', '-w', '10'], run_as_root=True, + log_fail_as_error=False), '')) exp_packets *= 2 exp_bytes *= 2 @@ -1068,36 +1070,36 @@ class IptablesManagerStateFulTestCase(IptablesManagerBaseTestCase): expected_calls_and_values = [ (mock.call(['iptables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), TRAFFIC_COUNTERS_DUMP), (mock.call(['iptables', '-t', 'raw', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), ''), (mock.call(['iptables', '-t', 'mangle', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), ''), (mock.call(['iptables', '-t', 'nat', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), '') ] if self.use_ipv6: expected_calls_and_values.append( (mock.call(['ip6tables', '-t', 'raw', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), '')) expected_calls_and_values.append( (mock.call(['ip6tables', '-t', 'filter', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), TRAFFIC_COUNTERS_DUMP)) expected_calls_and_values.append( (mock.call(['ip6tables', '-t', 'mangle', '-L', 'OUTPUT', '-n', '-v', '-x', '-w', '10', '-Z'], - run_as_root=True), + run_as_root=True, log_fail_as_error=False), '')) exp_packets *= 2 exp_bytes *= 2