Fix not working use_random_fully config option
Fixed bug when config option use_random_fully is
set to False all routers accept one configured
by l3 agent with iptables "--random-fully" option.
Also added storing of use iptables --random-fully
config option to "_random_fully" class variable
of IptablesManager to reduce checks of iptables
version by instances of this class.
Closes-Bug: #2018599
Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
(cherry picked from commit a612346146)
This commit is contained in:
Alexander
Rodolfo Alonso Hernandez
parent
c3c7146aa4
commit
6bf03c73dd
@ -304,7 +304,7 @@ class IptablesManager(object):
|
|||||||
# run iptables-restore without it.
|
# run iptables-restore without it.
|
||||||
use_table_lock = False
|
use_table_lock = False
|
||||||
|
|
||||||
# Flag to denote iptables supports --random-fully argument
|
# Flag to denote iptables --random-fully option enabled
|
||||||
_random_fully = None
|
_random_fully = None
|
||||||
|
|
||||||
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
def __init__(self, _execute=None, state_less=False, use_ipv6=False,
|
||||||
@ -492,10 +492,11 @@ class IptablesManager(object):
|
|||||||
return self._random_fully
|
return self._random_fully
|
||||||
|
|
||||||
version = self._get_version()
|
version = self._get_version()
|
||||||
self.__class__._random_fully = utils.is_version_greater_equal(
|
|
||||||
|
random_fully_support = utils.is_version_greater_equal(
|
||||||
version, n_const.IPTABLES_RANDOM_FULLY_VERSION)
|
version, n_const.IPTABLES_RANDOM_FULLY_VERSION)
|
||||||
|
|
||||||
self._random_fully = self._random_fully and \
|
self.__class__._random_fully = random_fully_support and \
|
||||||
cfg.CONF.AGENT.use_random_fully
|
cfg.CONF.AGENT.use_random_fully
|
||||||
|
|
||||||
return self._random_fully
|
return self._random_fully
|
||||||
|
|||||||
@ -1360,3 +1360,37 @@ class IptablesManagerNoNatTestCase(base.BaseTestCase):
|
|||||||
iptables.initialize_nat_table()
|
iptables.initialize_nat_table()
|
||||||
self.assertIn('nat', iptables.ipv4)
|
self.assertIn('nat', iptables.ipv4)
|
||||||
self.assertIn('mangle', iptables.ipv4)
|
self.assertIn('mangle', iptables.ipv4)
|
||||||
|
|
||||||
|
|
||||||
|
class IptablesRandomFullyFixture(fixtures.Fixture):
|
||||||
|
def _setUp(self):
|
||||||
|
# We MUST save and restore _random_fully because it is a class
|
||||||
|
# attribute and could change state in some tests, which can cause
|
||||||
|
# the other router test cases to randomly fail due to race conditions.
|
||||||
|
self._random_fully = iptables_manager.IptablesManager._random_fully
|
||||||
|
iptables_manager.IptablesManager._random_fully = None
|
||||||
|
self.addCleanup(self._reset)
|
||||||
|
|
||||||
|
def _reset(self):
|
||||||
|
iptables_manager.IptablesManager._random_fully = self._random_fully
|
||||||
|
|
||||||
|
|
||||||
|
class IptablesManagerDisableRandomFullyTestCase(base.BaseTestCase):
|
||||||
|
|
||||||
|
def setUp(self):
|
||||||
|
super(IptablesManagerDisableRandomFullyTestCase, self).setUp()
|
||||||
|
self.useFixture(IptablesRandomFullyFixture())
|
||||||
|
self.execute = mock.patch.object(linux_utils, "execute").start()
|
||||||
|
cfg.CONF.set_override('use_random_fully', False, "AGENT")
|
||||||
|
|
||||||
|
def test_verify_disable_random_fully(self):
|
||||||
|
expected_calls_and_values = [
|
||||||
|
(mock.call(['iptables', '--version'],
|
||||||
|
run_as_root=True, privsep_exec=True),
|
||||||
|
"iptables v1.6.2")]
|
||||||
|
tools.setup_mock_calls(self.execute, expected_calls_and_values)
|
||||||
|
iptables_mgrs = [iptables_manager.IptablesManager() for _ in range(3)]
|
||||||
|
# The random_full properties of all
|
||||||
|
# IptablesManager instances must return False
|
||||||
|
for ipt_mgr in iptables_mgrs:
|
||||||
|
self.assertFalse(ipt_mgr.random_fully)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user