openstack
/
neutron
Code Issues Proposed changes

Merge "Add locks for setting iptables rules in l3 and metadata agents" into stable/wallaby

This commit is contained in:
Zuul 2021-04-20 00:06:36 +00:00 committed by Gerrit Code Review
parent 02ce13761b 51163ffa46
commit e5de6863ab
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
neutron/agent/metadata/driver.py
View File

@ -33,6 +33,7 @@ from neutron.agent.l3 import namespaces
from neutron.agent.linux import external_process from neutron.agent.linux import external_process
from neutron.agent.linux import ip_lib from neutron.agent.linux import ip_lib
from neutron.agent.linux import utils as linux_utils from neutron.agent.linux import utils as linux_utils
from neutron.common import coordination
from neutron.common import utils as common_utils from neutron.common import utils as common_utils
@ -307,26 +308,10 @@ class MetadataDriver(object):
def after_router_added(resource, event, l3_agent, **kwargs): def after_router_added(resource, event, l3_agent, **kwargs):
router = kwargs['router'] router = kwargs['router']
proxy = l3_agent.metadata_driver proxy = l3_agent.metadata_driver
ipv6_enabled = netutils.is_ipv6_enabled() apply_metadata_nat_rules(router, proxy)
for c, r in proxy.metadata_filter_rules(proxy.metadata_port,
proxy.metadata_access_mark):
router.iptables_manager.ipv4['filter'].add_rule(c, r)
if ipv6_enabled:
for c, r in proxy.metadata_filter_rules(proxy.metadata_port,
proxy.metadata_access_mark):
router.iptables_manager.ipv6['filter'].add_rule(c, r)
for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
router.iptables_manager.ipv4['nat'].add_rule(c, r)
if ipv6_enabled:
for c, r in proxy.metadata_nat_rules(
proxy.metadata_port,
metadata_address=(constants.METADATA_V6_IP + '/128')):
router.iptables_manager.ipv6['nat'].add_rule(c, r)
router.iptables_manager.apply()
if not isinstance(router, ha_router.HaRouter): if not isinstance(router, ha_router.HaRouter):
spawn_kwargs = {} spawn_kwargs = {}
if ipv6_enabled: if netutils.is_ipv6_enabled():
spawn_kwargs['bind_address'] = '::' spawn_kwargs['bind_address'] = '::'
proxy.spawn_monitored_metadata_proxy( proxy.spawn_monitored_metadata_proxy(
l3_agent.process_monitor, l3_agent.process_monitor,
@ -362,3 +347,22 @@ def before_router_removed(resource, event, l3_agent, payload=None):
router.router['id'], router.router['id'],
l3_agent.conf, l3_agent.conf,
router.ns_name) router.ns_name)
@coordination.synchronized('router-lock-ns-{router.ns_name}')
def apply_metadata_nat_rules(router, proxy):
for c, r in proxy.metadata_filter_rules(proxy.metadata_port,
proxy.metadata_access_mark):
router.iptables_manager.ipv4['filter'].add_rule(c, r)
if netutils.is_ipv6_enabled():
for c, r in proxy.metadata_filter_rules(proxy.metadata_port,
proxy.metadata_access_mark):
router.iptables_manager.ipv6['filter'].add_rule(c, r)
for c, r in proxy.metadata_nat_rules(proxy.metadata_port):
router.iptables_manager.ipv4['nat'].add_rule(c, r)
if netutils.is_ipv6_enabled():
for c, r in proxy.metadata_nat_rules(
proxy.metadata_port,
metadata_address=(constants.METADATA_V6_IP + '/128')):
router.iptables_manager.ipv6['nat'].add_rule(c, r)
router.iptables_manager.apply()