Add locks for setting iptables rules in l3 and metadata agents
Router_info class and metadata agent's driver are using same
instance of the iptables manager class and it could happend that
sometimes e.g. nat rule which packets send to 169.254.169.254:80
redirects to the port 9697 so haproxy can process them, can be missed as
they will be overwritten by the Router_info class manipulating other
rules in the same 'nat' rules list.
This patch fixed that by adding lock for methods which are changing
rules in iptables_manager's nat table in both router_info and
the metadata agent's driver.
Conflicts: neutron/agent/metadata/driver.py
Closes-Bug: #1920778
Change-Id: Ic3a324c0e608c7afc4b15dbc8becd33b75ee78f6
(cherry picked from commit af3c1b84427cbe4c9d3dce8fc901ad0b099c5917)
(cherry picked from commit c028839647d6900997cf38b5eec63b7698515dec)
(cherry picked from commit 7af0b713ff21e27889f7b322b736cab4b0dadaf9)
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/785652 /opendev. org/openstack/ neutron/ commit/ 657dccc566bc569 9c2eea5b7ae6c10 c24329b8b2
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/train
commit 657dccc566bc569 9c2eea5b7ae6c10 c24329b8b2
Author: Slawek Kaplonski <email address hidden>
Date: Wed Mar 24 12:02:14 2021 +0100
Add locks for setting iptables rules in l3 and metadata agents
Router_info class and metadata agent's driver are using same
instance of the iptables manager class and it could happend that
sometimes e.g. nat rule which packets send to 169.254.169.254:80
redirects to the port 9697 so haproxy can process them, can be missed as
they will be overwritten by the Router_info class manipulating other
rules in the same 'nat' rules list.
This patch fixed that by adding lock for methods which are changing
rules in iptables_manager's nat table in both router_info and
the metadata agent's driver.
Conflicts:
neutron/ agent/metadata/ driver. py
Closes-Bug: #1920778 afc4b15dbc8becd 33b75ee78f6 c9d3dce8fc901ad 0b099c5917) 997cf38b5eec63b 7698515dec) 889f7b322b736ca b4b0dadaf9)
Change-Id: Ic3a324c0e608c7
(cherry picked from commit af3c1b84427cbe4
(cherry picked from commit c028839647d6900
(cherry picked from commit 7af0b713ff21e27