From 6bf03c73dddf304755a7342dc9699070bd742190 Mon Sep 17 00:00:00 2001 From: Alexander Date: Mon, 15 May 2023 19:16:20 +0300 Subject: [PATCH] Fix not working use_random_fully config option Fixed bug when config option use_random_fully is set to False all routers accept one configured by l3 agent with iptables "--random-fully" option. Also added storing of use iptables --random-fully config option to "_random_fully" class variable of IptablesManager to reduce checks of iptables version by instances of this class. Closes-Bug: #2018599 Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623 (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940) --- neutron/agent/linux/iptables_manager.py | 7 ++-- .../unit/agent/linux/test_iptables_manager.py | 34 +++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py index 614db26aebf..8b727632726 100644 --- a/neutron/agent/linux/iptables_manager.py +++ b/neutron/agent/linux/iptables_manager.py @@ -304,7 +304,7 @@ class IptablesManager(object): # run iptables-restore without it. use_table_lock = False - # Flag to denote iptables supports --random-fully argument + # Flag to denote iptables --random-fully option enabled _random_fully = None def __init__(self, _execute=None, state_less=False, use_ipv6=False, @@ -492,10 +492,11 @@ class IptablesManager(object): return self._random_fully version = self._get_version() - self.__class__._random_fully = utils.is_version_greater_equal( + + random_fully_support = utils.is_version_greater_equal( version, n_const.IPTABLES_RANDOM_FULLY_VERSION) - self._random_fully = self._random_fully and \ + self.__class__._random_fully = random_fully_support and \ cfg.CONF.AGENT.use_random_fully return self._random_fully diff --git a/neutron/tests/unit/agent/linux/test_iptables_manager.py b/neutron/tests/unit/agent/linux/test_iptables_manager.py index ec82b313b5e..53bca8edfcc 100644 --- a/neutron/tests/unit/agent/linux/test_iptables_manager.py +++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py @@ -1360,3 +1360,37 @@ class IptablesManagerNoNatTestCase(base.BaseTestCase): iptables.initialize_nat_table() self.assertIn('nat', iptables.ipv4) self.assertIn('mangle', iptables.ipv4) + + +class IptablesRandomFullyFixture(fixtures.Fixture): + def _setUp(self): + # We MUST save and restore _random_fully because it is a class + # attribute and could change state in some tests, which can cause + # the other router test cases to randomly fail due to race conditions. + self._random_fully = iptables_manager.IptablesManager._random_fully + iptables_manager.IptablesManager._random_fully = None + self.addCleanup(self._reset) + + def _reset(self): + iptables_manager.IptablesManager._random_fully = self._random_fully + + +class IptablesManagerDisableRandomFullyTestCase(base.BaseTestCase): + + def setUp(self): + super(IptablesManagerDisableRandomFullyTestCase, self).setUp() + self.useFixture(IptablesRandomFullyFixture()) + self.execute = mock.patch.object(linux_utils, "execute").start() + cfg.CONF.set_override('use_random_fully', False, "AGENT") + + def test_verify_disable_random_fully(self): + expected_calls_and_values = [ + (mock.call(['iptables', '--version'], + run_as_root=True, privsep_exec=True), + "iptables v1.6.2")] + tools.setup_mock_calls(self.execute, expected_calls_and_values) + iptables_mgrs = [iptables_manager.IptablesManager() for _ in range(3)] + # The random_full properties of all + # IptablesManager instances must return False + for ipt_mgr in iptables_mgrs: + self.assertFalse(ipt_mgr.random_fully)