neutron

  1. Bug #1920778
  2. Comment #9

Comment 9 for bug 1920778

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/785600
Committed: https://opendev.org/openstack/neutron/commit/c028839647d6900997cf38b5eec63b7698515dec
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit c028839647d6900997cf38b5eec63b7698515dec
Author: Slawek Kaplonski <email address hidden>
Date: Wed Mar 24 12:02:14 2021 +0100

    Add locks for setting iptables rules in l3 and metadata agents

    Router_info class and metadata agent's driver are using same
    instance of the iptables manager class and it could happend that
    sometimes e.g. nat rule which packets send to 169.254.169.254:80
    redirects to the port 9697 so haproxy can process them, can be missed as
    they will be overwritten by the Router_info class manipulating other
    rules in the same 'nat' rules list.

    This patch fixed that by adding lock for methods which are changing
    rules in iptables_manager's nat table in both router_info and
    the metadata agent's driver.

    Closes-Bug: #1920778
    Change-Id: Ic3a324c0e608c7afc4b15dbc8becd33b75ee78f6
    (cherry picked from commit af3c1b84427cbe4c9d3dce8fc901ad0b099c5917)