diff options
author | Zuul <zuul@review.opendev.org> | 2023-05-17 17:09:17 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2023-05-17 17:09:17 +0000 |
commit | 99e309797bca3cea7053055ad63bfc3cce0fef35 (patch) | |
tree | 08bc97b6368b16834147ebc777672f55ad77bd44 | |
parent | 7b9e4a9659b930354577145e1d70782711a58ca0 (diff) | |
parent | a612346146db2f9e70a23af55eb7502655666940 (diff) | |
download | neutron-99e309797bca3cea7053055ad63bfc3cce0fef35.tar.gz |
Merge "Fix not working use_random_fully config option"
-rw-r--r-- | neutron/agent/linux/iptables_manager.py | 7 | ||||
-rw-r--r-- | neutron/tests/unit/agent/linux/test_iptables_manager.py | 34 |
2 files changed, 38 insertions, 3 deletions
diff --git a/neutron/agent/linux/iptables_manager.py b/neutron/agent/linux/iptables_manager.py index 3df8e8cfc4..aab8d4364b 100644 --- a/neutron/agent/linux/iptables_manager.py +++ b/neutron/agent/linux/iptables_manager.py @@ -304,7 +304,7 @@ class IptablesManager(object): # run iptables-restore without it. use_table_lock = False - # Flag to denote iptables supports --random-fully argument + # Flag to denote iptables --random-fully option enabled _random_fully = None def __init__(self, state_less=False, use_ipv6=False, nat=True, @@ -495,10 +495,11 @@ class IptablesManager(object): return self._random_fully version = self._get_version() - self.__class__._random_fully = utils.is_version_greater_equal( + + random_fully_support = utils.is_version_greater_equal( version, n_const.IPTABLES_RANDOM_FULLY_VERSION) - self._random_fully = self._random_fully and \ + self.__class__._random_fully = random_fully_support and \ cfg.CONF.AGENT.use_random_fully return self._random_fully diff --git a/neutron/tests/unit/agent/linux/test_iptables_manager.py b/neutron/tests/unit/agent/linux/test_iptables_manager.py index f005bfde43..2d0743e2e1 100644 --- a/neutron/tests/unit/agent/linux/test_iptables_manager.py +++ b/neutron/tests/unit/agent/linux/test_iptables_manager.py @@ -1395,3 +1395,37 @@ class IptablesManagerNoNatTestCase(base.BaseTestCase): iptables.initialize_nat_table() self.assertIn('nat', iptables.ipv4) self.assertIn('mangle', iptables.ipv4) + + +class IptablesRandomFullyFixture(fixtures.Fixture): + def _setUp(self): + # We MUST save and restore _random_fully because it is a class + # attribute and could change state in some tests, which can cause + # the other router test cases to randomly fail due to race conditions. + self._random_fully = iptables_manager.IptablesManager._random_fully + iptables_manager.IptablesManager._random_fully = None + self.addCleanup(self._reset) + + def _reset(self): + iptables_manager.IptablesManager._random_fully = self._random_fully + + +class IptablesManagerDisableRandomFullyTestCase(base.BaseTestCase): + + def setUp(self): + super(IptablesManagerDisableRandomFullyTestCase, self).setUp() + self.useFixture(IptablesRandomFullyFixture()) + self.execute = mock.patch.object(linux_utils, "execute").start() + cfg.CONF.set_override('use_random_fully', False, "AGENT") + + def test_verify_disable_random_fully(self): + expected_calls_and_values = [ + (mock.call(['iptables', '--version'], + run_as_root=True, privsep_exec=True), + "iptables v1.6.2")] + tools.setup_mock_calls(self.execute, expected_calls_and_values) + iptables_mgrs = [iptables_manager.IptablesManager() for _ in range(3)] + # The random_full properties of all + # IptablesManager instances must return False + for ipt_mgr in iptables_mgrs: + self.assertFalse(ipt_mgr.random_fully) |