Fix not working use_random_fully config option

Fixed bug when config option use_random_fully is set to False all routers accept one configured by l3 agent with iptables "--random-fully" option. Also added storing of use iptables --random-fully config option to "_random_fully" class variable of IptablesManager to reduce checks of iptables version by instances of this class. Closes-Bug: #2018599 Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
2023-05-15 19:16:20 +03:00 · 2023-05-15 19:16:20 +03:00 · a612346146
parent 01af4b2cda
commit a612346146
2 changed files with 38 additions and 3 deletions
--- a/neutron/agent/linux/iptables_manager.py
+++ b/neutron/agent/linux/iptables_manager.py
@ -304,7 +304,7 @@ class IptablesManager(object):
    # run iptables-restore without it.
    use_table_lock = False

-    # Flag to denote iptables supports --random-fully argument
+    # Flag to denote iptables --random-fully option enabled
    _random_fully = None

    def __init__(self, state_less=False, use_ipv6=False, nat=True,
@ -495,10 +495,11 @@ class IptablesManager(object):
            return self._random_fully

        version = self._get_version()
-        self.__class__._random_fully = utils.is_version_greater_equal(
+
+        random_fully_support = utils.is_version_greater_equal(
            version, n_const.IPTABLES_RANDOM_FULLY_VERSION)

-        self._random_fully = self._random_fully and \
+        self.__class__._random_fully = random_fully_support and \
            cfg.CONF.AGENT.use_random_fully

        return self._random_fully
--- a/neutron/tests/unit/agent/linux/test_iptables_manager.py
+++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py
@ -1395,3 +1395,37 @@ class IptablesManagerNoNatTestCase(base.BaseTestCase):
        iptables.initialize_nat_table()
        self.assertIn('nat', iptables.ipv4)
        self.assertIn('mangle', iptables.ipv4)
+
+
+class IptablesRandomFullyFixture(fixtures.Fixture):
+    def _setUp(self):
+        # We MUST save and restore _random_fully because it is a class
+        # attribute and could change state in some tests, which can cause
+        # the other router test cases to randomly fail due to race conditions.
+        self._random_fully = iptables_manager.IptablesManager._random_fully
+        iptables_manager.IptablesManager._random_fully = None
+        self.addCleanup(self._reset)
+
+    def _reset(self):
+        iptables_manager.IptablesManager._random_fully = self._random_fully
+
+
+class IptablesManagerDisableRandomFullyTestCase(base.BaseTestCase):
+
+    def setUp(self):
+        super(IptablesManagerDisableRandomFullyTestCase, self).setUp()
+        self.useFixture(IptablesRandomFullyFixture())
+        self.execute = mock.patch.object(linux_utils, "execute").start()
+        cfg.CONF.set_override('use_random_fully', False, "AGENT")
+
+    def test_verify_disable_random_fully(self):
+        expected_calls_and_values = [
+            (mock.call(['iptables', '--version'],
+                       run_as_root=True, privsep_exec=True),
+             "iptables v1.6.2")]
+        tools.setup_mock_calls(self.execute, expected_calls_and_values)
+        iptables_mgrs = [iptables_manager.IptablesManager() for _ in range(3)]
+        # The random_full properties of all
+        # IptablesManager instances must return False
+        for ipt_mgr in iptables_mgrs:
+            self.assertFalse(ipt_mgr.random_fully)