yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1945215] Re: "process_floating_ip_nat_rules_for_centralized_floatingip" should check if self.snat_iptables_manager was initialized

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1945215@xxxxxxxxxxxxxxxxxx>
Date: Fri, 01 Oct 2021 08:56:42 -0000
Reply-to: Bug 1945215 <1945215@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/c/openstack/neutron/+/811318
Committed: https://opendev.org/openstack/neutron/commit/f18edfdf450179f6bc8a47f3b143f2701bd93e0e
Submitter: "Zuul (22348)"
Branch:    master

commit f18edfdf450179f6bc8a47f3b143f2701bd93e0e
Author: Rodolfo Alonso Hernandez <ralonsoh@xxxxxxxxxx>
Date:   Mon Sep 27 16:22:45 2021 +0000

    [DVR] Check if SNAT iptables manager is initialized
    
    Check if SNAT iptables manager is initialized before processing the
    IP NAT rules. If the router never had an external GW port, the DVR
    GW in the SNAT namespace has not been created and the SNAT iptables
    manager has not been initialized.
    
    In this case, the IP NAT rules for centralized FIPs (to be applied
    on the SNAT namespace) cannot be set.
    
    Closes-Bug: #1945215
    Change-Id: I426602514805d728f8cd78e42f2b0979b2101089


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1945215

Title:
  "process_floating_ip_nat_rules_for_centralized_floatingip" should
  check if self.snat_iptables_manager was initialized

Status in neutron:
  Fix Released

Bug description:
  Environment:
  L3 agent configuration: agent_mode=dvr_snat.
  The L3 agent is located in a controller node, acting as a DVR edge router (no HA).

  Description:
  When "process_floating_ip_nat_rules_for_centralized_floatingip" is called, this method should check first if "self.snat_iptables_manager" has been initialized. The method "process_floating_ip_nat_rules_for_centralized_floatingip" is called from:
    <-- DvrEdgeRouter.process_floating_ip_nat_rules
    <-- RouterInfo.process_snat_dnat_for_fip
    <-- RouterInfo.process_external

  The method "RouterInfo.process_external" will first call
  "RouterInfo._process_external_gateway" -->
  "DvrEdgeRouter.external_gateway_added" -->
  "DvrEdgeRouter._create_dvr_gateway". This last method initializes the
  SNAT iptables manager [1] (this code has been around unchanged six
  years).

  However "DvrEdgeRouter.external_gateway_added" is only called if
  "ex_gw_port" exists. That means if the GW port does not exist, the
  SNAT iptables manager is None.

  Error example (snippet): https://paste.opendev.org/show/809621/

  This bug is similar to https://bugs.launchpad.net/neutron/+bug/1560945
  (related patch:
  https://review.opendev.org/c/openstack/neutron/+/296394).

  Steps to Reproduce:
  (I'm not 100% sure, I still need to check) Create a FIP in a SNAT DVR router without GW port.

  Bugzilla reference:
  https://bugzilla.redhat.com/show_bug.cgi?id=2008155

  [1]https://github.com/openstack/neutron/blob/1d450dbddc8c3d34948ab3d9a8346dd491d9cc7c/neutron/agent/l3/dvr_edge_router.py#L196-L198

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1945215/+subscriptions

References

[Bug 1945215] [NEW] "process_floating_ip_nat_rules_for_centralized_floatingip" should check if self.snat_iptables_manager was initialized
From: Rodolfo Alonso, 2021-09-27