Change iptables-restore lock interval to 5 per second

The default wait-interval for iptables-restore when using -w is 1 second between tries. On a busy system that could mean we timeout before we get the lock. Try 5 times per second instead by using -W 200000. Change-Id: I8307db20187516be781e37c191d8f09a9a8e3dc3 Related-bug: #1712185 (cherry picked from commit 46081445d6)
2017-10-19 15:54:45 -04:00 · 2017-10-19 15:54:45 -04:00 · c3896b6bda
parent 0c3d3c48a7
commit c3896b6bda
2 changed files with 12 additions and 5 deletions
--- a/neutron/agent/linux/iptables_manager.py
+++ b/neutron/agent/linux/iptables_manager.py
@ -65,6 +65,9 @@ IPTABLES_ERROR_LINES_OF_CONTEXT = 5
 # RESOURCE_PROBLEM in include/xtables.h
 XTABLES_RESOURCE_PROBLEM_CODE = 4

+# xlock wait interval, in microseconds
+XLOCK_WAIT_INTERVAL = 200000
+

 def comment_rule(rule, comment):
    if not cfg.CONF.AGENT.comment_iptables_rules or not comment:
@ -472,7 +475,7 @@ class IptablesManager(object):
    def _do_run_restore(self, args, commands, lock=False):
        args = args[:]
        if lock:
-            args += ['-w', self.xlock_wait_time]
+            args += ['-w', self.xlock_wait_time, '-W', XLOCK_WAIT_INTERVAL]
        try:
            kwargs = {} if lock else {'log_fail_as_error': False}
            self.execute(args, process_input='\n'.join(commands),
--- a/neutron/tests/unit/agent/linux/test_iptables_manager.py
+++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py
@ -1064,7 +1064,8 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
            [mock.call(['iptables-restore', '-n'],
                       process_input=mock.ANY, run_as_root=True,
                       log_fail_as_error=False),
-             mock.call(['iptables-restore', '-n', '-w', '10'],
+             mock.call(['iptables-restore', '-n', '-w', '10',
+                        '-W', iptables_manager.XLOCK_WAIT_INTERVAL],
                       process_input=mock.ANY, run_as_root=True)])

        # The RuntimeError should have triggered a log of the input to the
@ -1100,7 +1101,8 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
             mock.call(['iptables-restore', '-n'],
                       process_input=mock.ANY, run_as_root=True,
                       log_fail_as_error=False),
-             mock.call(['iptables-restore', '-n', '-w', '10'],
+             mock.call(['iptables-restore', '-n', '-w', '10',
+                        '-W', iptables_manager.XLOCK_WAIT_INTERVAL],
                       process_input=mock.ANY, run_as_root=True)])

        self.execute.reset_mock()
@ -1108,7 +1110,8 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
        self.assertEqual(2, self.execute.call_count)
        self.execute.assert_has_calls(
            [mock.call(['iptables-save'], run_as_root=True),
-             mock.call(['iptables-restore', '-n', '-w', '10'],
+             mock.call(['iptables-restore', '-n', '-w', '10',
+                        '-W', iptables_manager.XLOCK_WAIT_INTERVAL],
                       process_input=mock.ANY, run_as_root=True)])

        # Another instance of the class should behave similarly now
@ -1118,7 +1121,8 @@ class IptablesManagerStateFulTestCase(base.BaseTestCase):
        self.assertEqual(2, self.execute.call_count)
        self.execute.assert_has_calls(
            [mock.call(['iptables-save'], run_as_root=True),
-             mock.call(['iptables-restore', '-n', '-w', '10'],
+             mock.call(['iptables-restore', '-n', '-w', '10',
+                        '-W', iptables_manager.XLOCK_WAIT_INTERVAL],
                       process_input=mock.ANY, run_as_root=True)])

    def test_get_traffic_counters_chain_notexists(self):