OpenStack Networking (Neutron)

Go to file

Ihar Hrachyshka a521bf0393 Make use of -w argument for iptables calls Upstream iptables added support for -w ('wait') argument to iptables-restore. It makes the command grab a 'xlock' that guarantees that no two iptables calls will mess a table if called in parallel. [This somewhat resembles what we try to achieve with a file lock we grab in iptables manager's _apply_synchronized.] If two processes call to iptables-restore or iptables in parallel, the second call risks failing, returning error code = 4, and also printing the following error: Another app is currently holding the xtables lock. Perhaps you want to use the -w option? If we call to iptables / iptables-restore with -w though, it will wait for the xlock release before proceeding, and won't fail. Though the feature was added in iptables/master only and is not part of an official iptables release, it was already backported to RHEL 7.x iptables package, and so we need to adopt to it. At the same time, we can't expect any underlying platform to support the argument. A solution here is to call iptables-restore with -w when a regular call failed. Also, the patch adds -w to all iptables calls, in the iptables manager as well as in ipset-cleanup. Since we don't want to lock agent in case current xlock owner doesn't release it in reasonable time, we limit the time we wait to ~1/3 of report_interval, to give the agent some time to recover without triggering expensive fullsync. In the future, we may be able to get rid of our custom synchronization lock that we use in iptables manager. But this will require all supported platforms to get the feature in and will take some time. Closes-Bug: #1712185 Change-Id: I94e54935df7c6caa2480eca19e851cb4882c0f8b		2017-08-31 20:28:53 +00:00
api-ref	Fix some typos	2016-06-28 22:46:19 +02:00
bin	Use os-xenapi for neutron when XenServer as hypervisor	2017-03-30 18:33:37 +00:00
devstack	Add API test for port dns_domain	2017-08-09 16:20:48 -05:00
doc	add doc section for ml2 extension drivers	2017-08-21 11:57:43 -06:00
etc	Merge "Remove neutron-fwaas specific policies"	2017-07-26 08:49:43 +00:00
neutron	Make use of -w argument for iptables calls	2017-08-31 20:28:53 +00:00
rally-jobs	Reduce rally sub-port count	2017-08-10 11:21:03 -07:00
releasenotes	Merge "releasenotes: Move Pike ignore-notes to a proper file"	2017-08-16 19:20:04 +00:00
tools	Use rootwrap for fullstack test runner	2017-06-08 18:42:47 +00:00
.coveragerc	Cleanup coverage configuration	2016-10-17 17:06:19 +05:30
.gitignore	Add auto-generated config reference	2017-07-30 21:14:40 +00:00
.gitreview
.mailmap
.pylintrc	Update pylint disable list to pass pylint 1.7.1 checks	2017-06-08 09:49:46 +00:00
.testr.conf	Allow more time for DB migration tests	2016-09-21 20:54:41 -04:00
babel.cfg	Use babel to generate translation file	2013-01-24 00:20:32 +08:00
bindep.txt	Add libffi-dev to bindep.txt	2017-06-13 19:26:49 +00:00
CONTRIBUTING.rst	Update the documentation link for doc migration	2017-07-22 18:46:13 +09:00
HACKING.rst	Update the documentation link for doc migration	2017-07-22 18:46:13 +09:00
LICENSE
README.rst	Optimize the link address	2017-04-07 09:55:12 +08:00
requirements.txt	Updated from global requirements	2017-08-23 23:28:50 +00:00
run_tests.sh	Add bashate support	2017-02-25 06:29:55 +00:00
setup.cfg	Update the documentation link for doc migration	2017-07-22 18:46:13 +09:00
setup.py	Updated from global requirements	2017-03-04 11:19:58 +00:00
test-requirements.txt	Updated from global requirements	2017-08-23 23:28:50 +00:00
TESTING.rst	docs: clarify wording about how to use advanced glance image	2017-08-01 08:56:45 -07:00
tox.ini	Merge "Hook bandit security linter to pep8 target"	2017-08-24 06:10:40 +00:00

README.rst

Team and repository tags

Welcome!

To learn more about neutron:

Documentation: https://docs.openstack.org

Features: https://specs.openstack.org/openstack/neutron-specs

Defects: https://launchpad.net/neutron

Get in touch via email. Use [Neutron] in your subject.

To learn how to contribute:

CONTRIBUTING.rst