Merge "Destroy conntrack table on source host during migration"

2013-04-29 21:46:07 +00:00 · 2013-04-29 21:46:07 +00:00 · 06e0067534
parent 83f71e2181 5fb947208e
commit 06e0067534
5 changed files with 30 additions and 0 deletions
--- a/etc/nova/rootwrap.d/network.filters
+++ b/etc/nova/rootwrap.d/network.filters
@ -76,3 +76,6 @@ brctl: CommandFilter, brctl, root

 # nova/network/linux_net.py: 'sysctl', ....
 sysctl: CommandFilter, /sbin/sysctl, root
+
+# nova/network/linux_net.py: 'conntrack'
+conntrack: CommandFilter, conntrack, root
--- a/nova/network/floating_ips.py
+++ b/nova/network/floating_ips.py
@ -548,6 +548,10 @@ class FloatingIP(object):
                                             interface,
                                             fixed_ip['network'])

+            # NOTE(ivoks): Destroy conntrack entries on source compute
+            # host.
+            self.l3driver.clean_conntrack(fixed_ip['address'])
+
            # NOTE(wenjianhn): Make this address will not be bound to public
            # interface when restarts nova-network on dest compute node
            self.db.floating_ip_update(context,
--- a/nova/network/l3.py
+++ b/nova/network/l3.py
@ -66,6 +66,9 @@ class L3Driver(object):
    def remove_vpn(self, public_ip, port, private_ip):
        raise NotImplementedError()

+    def clean_conntrack(self, fixed_ip):
+        raise NotImplementedError()
+
    def teardown(self):
        raise NotImplementedError()

@ -125,6 +128,9 @@ class LinuxNetL3(L3Driver):
        # the VPN forwarding rules
        pass

+    def clean_conntrack(self, fixed_ip):
+        linux_net.clean_conntrack(fixed_ip)
+
    def teardown(self):
        pass

@ -165,5 +171,8 @@ class NullL3(L3Driver):
    def remove_vpn(self, public_ip, port, private_ip):
        pass

+    def clean_conntrack(self, fixed_ip):
+        pass
+
    def teardown(self):
        pass
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@ -767,6 +767,14 @@ def floating_forward_rules(floating_ip, fixed_ip, device):
    return rules


+def clean_conntrack(fixed_ip):
+    try:
+        _execute('conntrack', '-D', '-r', fixed_ip, run_as_root=True,
+                 check_exit_code=[0, 1])
+    except exception.ProcessExecutionError:
+        LOG.exception(_('Error deleting conntrack entries for %s'), fixed_ip)
+
+
 def initialize_gateway_device(dev, network_ref):
    if not network_ref:
        return
--- a/nova/tests/network/test_manager.py
+++ b/nova/tests/network/test_manager.py
@ -2148,6 +2148,10 @@ class FloatingIPTestCase(test.TestCase):
                                    network):
            called['count'] += 1

+        def fake_clean_conntrack(fixed_ip):
+            if not fixed_ip == "10.0.0.2":
+                raise exception.FixedIpInvalid(address=fixed_ip)
+
        def fake_floating_ip_update(context, address, args):
            pass

@ -2160,6 +2164,8 @@ class FloatingIPTestCase(test.TestCase):
                       fake_floating_ip_update)
        self.stubs.Set(self.network.l3driver, 'remove_floating_ip',
                       fake_remove_floating_ip)
+        self.stubs.Set(self.network.l3driver, 'clean_conntrack',
+                       fake_clean_conntrack)
        self.mox.ReplayAll()
        addresses = ['172.24.4.23', '172.24.4.24', '172.24.4.25']
        self.network.migrate_instance_start(self.context,