Fix not working use_random_fully config option
Fixed bug when config option use_random_fully is
set to False all routers accept one configured
by l3 agent with iptables "--random-fully" option.
Also added storing of use iptables --random-fully
config option to "_random_fully" class variable
of IptablesManager to reduce checks of iptables
version by instances of this class.
Closes-Bug: #2018599
Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
(cherry picked from commit a612346146
)
This commit is contained in:
parent
c3c7146aa4
commit
6bf03c73dd
@ -304,7 +304,7 @@ class IptablesManager(object):
|
||||
# run iptables-restore without it.
|
||||
use_table_lock = False
|
||||
|
||||
# Flag to denote iptables supports --random-fully argument
|
||||
# Flag to denote iptables --random-fully option enabled
|
||||
_random_fully = None
|
||||
|
||||
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
||||
@ -492,10 +492,11 @@ class IptablesManager(object):
|
||||
return self._random_fully
|
||||
|
||||
version = self._get_version()
|
||||
self.__class__._random_fully = utils.is_version_greater_equal(
|
||||
|
||||
random_fully_support = utils.is_version_greater_equal(
|
||||
version, n_const.IPTABLES_RANDOM_FULLY_VERSION)
|
||||
|
||||
self._random_fully = self._random_fully and \
|
||||
self.__class__._random_fully = random_fully_support and \
|
||||
cfg.CONF.AGENT.use_random_fully
|
||||
|
||||
return self._random_fully
|
||||
|
@ -1360,3 +1360,37 @@ class IptablesManagerNoNatTestCase(base.BaseTestCase):
|
||||
iptables.initialize_nat_table()
|
||||
self.assertIn('nat', iptables.ipv4)
|
||||
self.assertIn('mangle', iptables.ipv4)
|
||||
|
||||
|
||||
class IptablesRandomFullyFixture(fixtures.Fixture):
|
||||
def _setUp(self):
|
||||
# We MUST save and restore _random_fully because it is a class
|
||||
# attribute and could change state in some tests, which can cause
|
||||
# the other router test cases to randomly fail due to race conditions.
|
||||
self._random_fully = iptables_manager.IptablesManager._random_fully
|
||||
iptables_manager.IptablesManager._random_fully = None
|
||||
self.addCleanup(self._reset)
|
||||
|
||||
def _reset(self):
|
||||
iptables_manager.IptablesManager._random_fully = self._random_fully
|
||||
|
||||
|
||||
class IptablesManagerDisableRandomFullyTestCase(base.BaseTestCase):
|
||||
|
||||
def setUp(self):
|
||||
super(IptablesManagerDisableRandomFullyTestCase, self).setUp()
|
||||
self.useFixture(IptablesRandomFullyFixture())
|
||||
self.execute = mock.patch.object(linux_utils, "execute").start()
|
||||
cfg.CONF.set_override('use_random_fully', False, "AGENT")
|
||||
|
||||
def test_verify_disable_random_fully(self):
|
||||
expected_calls_and_values = [
|
||||
(mock.call(['iptables', '--version'],
|
||||
run_as_root=True, privsep_exec=True),
|
||||
"iptables v1.6.2")]
|
||||
tools.setup_mock_calls(self.execute, expected_calls_and_values)
|
||||
iptables_mgrs = [iptables_manager.IptablesManager() for _ in range(3)]
|
||||
# The random_full properties of all
|
||||
# IptablesManager instances must return False
|
||||
for ipt_mgr in iptables_mgrs:
|
||||
self.assertFalse(ipt_mgr.random_fully)
|
||||
|
Loading…
Reference in New Issue
Block a user