Merge "Add locks for setting iptables rules in l3 and metadata agents" into stable/train
This commit is contained in:
commit
af0335f7fa
|
@ -30,6 +30,7 @@ from neutron.agent.l3 import ha_router
|
||||||
from neutron.agent.l3 import namespaces
|
from neutron.agent.l3 import namespaces
|
||||||
from neutron.agent.linux import external_process
|
from neutron.agent.linux import external_process
|
||||||
from neutron.agent.linux import utils as linux_utils
|
from neutron.agent.linux import utils as linux_utils
|
||||||
|
from neutron.common import coordination
|
||||||
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
@ -267,13 +268,7 @@ class MetadataDriver(object):
|
||||||
def after_router_added(resource, event, l3_agent, **kwargs):
|
def after_router_added(resource, event, l3_agent, **kwargs):
|
||||||
router = kwargs['router']
|
router = kwargs['router']
|
||||||
proxy = l3_agent.metadata_driver
|
proxy = l3_agent.metadata_driver
|
||||||
for c, r in proxy.metadata_filter_rules(proxy.metadata_port,
|
apply_metadata_nat_rules(router, proxy)
|
||||||
proxy.metadata_access_mark):
|
|
||||||
router.iptables_manager.ipv4['filter'].add_rule(c, r)
|
|
||||||
for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
|
|
||||||
router.iptables_manager.ipv4['nat'].add_rule(c, r)
|
|
||||||
router.iptables_manager.apply()
|
|
||||||
|
|
||||||
if not isinstance(router, ha_router.HaRouter):
|
if not isinstance(router, ha_router.HaRouter):
|
||||||
proxy.spawn_monitored_metadata_proxy(
|
proxy.spawn_monitored_metadata_proxy(
|
||||||
l3_agent.process_monitor,
|
l3_agent.process_monitor,
|
||||||
|
@ -304,3 +299,13 @@ def before_router_removed(resource, event, l3_agent, payload=None):
|
||||||
router.router['id'],
|
router.router['id'],
|
||||||
l3_agent.conf,
|
l3_agent.conf,
|
||||||
router.ns_name)
|
router.ns_name)
|
||||||
|
|
||||||
|
|
||||||
|
@coordination.synchronized('router-lock-ns-{router.ns_name}')
|
||||||
|
def apply_metadata_nat_rules(router, proxy):
|
||||||
|
for c, r in proxy.metadata_filter_rules(proxy.metadata_port,
|
||||||
|
proxy.metadata_access_mark):
|
||||||
|
router.iptables_manager.ipv4['filter'].add_rule(c, r)
|
||||||
|
for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
|
||||||
|
router.iptables_manager.ipv4['nat'].add_rule(c, r)
|
||||||
|
router.iptables_manager.apply()
|
||||||
|
|
Loading…
Reference in New Issue