diff options
author | Anton Kurbatov <Anton.Kurbatov@acronis.com> | 2023-02-23 15:07:11 +0000 |
---|---|---|
committer | Anton Kurbatov <Anton.Kurbatov@acronis.com> | 2023-02-28 14:36:05 +0000 |
commit | 7e7eff2d35b43e2a885dbf1eb18e8674945d8c96 (patch) | |
tree | d58afc494b7fe53a17f2f202c27a2ceb0c065dea | |
parent | de1a6db5c36b041c608a31bb2863714406772d4f (diff) | |
download | neutron-7e7eff2d35b43e2a885dbf1eb18e8674945d8c96.tar.gz |
Prevent router_ha_interface port from being removed via API
If someone removes the port with device owner router_ha_interface,
then we can get unexpected router behavior like doubling
arp response packets. This patch prohibits removing such a port.
Closes-Bug: #2008270
Change-Id: Ief031801c1a3e3dd64e6cbf65e27f04f2bef9cba
(cherry picked from commit e68e4162cebfa8e5d8f70d4220119d5ca54666bf)
-rw-r--r-- | neutron/db/l3_hamode_db.py | 4 | ||||
-rw-r--r-- | neutron/tests/unit/db/test_l3_hamode_db.py | 12 |
2 files changed, 16 insertions, 0 deletions
diff --git a/neutron/db/l3_hamode_db.py b/neutron/db/l3_hamode_db.py index 87c42aa6f8..6f9d03407e 100644 --- a/neutron/db/l3_hamode_db.py +++ b/neutron/db/l3_hamode_db.py @@ -68,6 +68,10 @@ class L3_HA_NAT_db_mixin(l3_dvr_db.L3_NAT_with_dvr_db_mixin, router_az_db.RouterAvailabilityZoneMixin): """Mixin class to add high availability capability to routers.""" + router_device_owners = ( + l3_dvr_db.L3_NAT_with_dvr_db_mixin.router_device_owners + + (constants.DEVICE_OWNER_ROUTER_HA_INTF, )) + def _verify_configuration(self): self.ha_cidr = cfg.CONF.l3_ha_net_cidr try: diff --git a/neutron/tests/unit/db/test_l3_hamode_db.py b/neutron/tests/unit/db/test_l3_hamode_db.py index 29e4a3a2be..ad6ccf692a 100644 --- a/neutron/tests/unit/db/test_l3_hamode_db.py +++ b/neutron/tests/unit/db/test_l3_hamode_db.py @@ -667,6 +667,18 @@ class L3HATestCase(L3HATestFramework): self.admin_ctx, ports[0]['id'], port) + def test_delete_router_ha_interface_port(self): + router = self._create_router() + network = self.plugin.get_ha_network(self.admin_ctx, + router['tenant_id']) + binding = self.plugin.add_ha_port( + self.admin_ctx, router['id'], network.network_id, + router['tenant_id']) + + self.assertRaises(n_exc.ServicePortInUse, + self.core_plugin.delete_port, + self.admin_ctx, binding.port_id) + def test_create_ha_network_tenant_binding_raises_duplicate(self): router = self._create_router() network = self.plugin.get_ha_network(self.admin_ctx, |