Non HA router - missing iptables rule for redirect metadata queries to haproxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Medium
|
Slawek Kaplonski |
Bug Description
In case of the non-HA routers (dvr and legacy) neutron-l3-agent sends notifications AFTER_CREATE and AFTER_UPDATE of the router. Metadata driver is subscribed to those notifications to prepare haproxy in the router's namespace: https:/
The difference between those 2 functions is that in after_router_added there is called apply_metadata_
In after_router_update function nat rules aren't created.
And that can cause issue when processing router in _process_
Router will be processed again in next iteration by L3 agent, but this time router_info is already in the agent's router_info cache so it will be treated as updated router. Because of that haproxy will be started but NAT rules will never be created and metadata for instances will not be available.
Fix proposed to branch: master /review. opendev. org/c/openstack /neutron/ +/814892
Review: https:/