Add locks for setting iptables rules in l3 and metadata agents
Router_info class and metadata agent's driver are using same
instance of the iptables manager class and it could happend that
sometimes e.g. nat rule which packets send to 169.254.169.254:80
redirects to the port 9697 so haproxy can process them, can be missed as
they will be overwritten by the Router_info class manipulating other
rules in the same 'nat' rules list.
This patch fixed that by adding lock for methods which are changing
rules in iptables_manager's nat table in both router_info and
the metadata agent's driver.
Closes-Bug: #1920778
Change-Id: Ic3a324c0e608c7afc4b15dbc8becd33b75ee78f6
(cherry picked from commit af3c1b84427cbe4c9d3dce8fc901ad0b099c5917)
Reviewed: https:/ /review. opendev. org/c/openstack /neutron/ +/785600 /opendev. org/openstack/ neutron/ commit/ c028839647d6900 997cf38b5eec63b 7698515dec
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/victoria
commit c028839647d6900 997cf38b5eec63b 7698515dec
Author: Slawek Kaplonski <email address hidden>
Date: Wed Mar 24 12:02:14 2021 +0100
Add locks for setting iptables rules in l3 and metadata agents
Router_info class and metadata agent's driver are using same
instance of the iptables manager class and it could happend that
sometimes e.g. nat rule which packets send to 169.254.169.254:80
redirects to the port 9697 so haproxy can process them, can be missed as
they will be overwritten by the Router_info class manipulating other
rules in the same 'nat' rules list.
This patch fixed that by adding lock for methods which are changing
rules in iptables_manager's nat table in both router_info and
the metadata agent's driver.
Closes-Bug: #1920778 afc4b15dbc8becd 33b75ee78f6 c9d3dce8fc901ad 0b099c5917)
Change-Id: Ic3a324c0e608c7
(cherry picked from commit af3c1b84427cbe4