Bug 2008155 - "process_floating_ip_nat_rules_for_centralized_floatingip" should check if self.snat_iptables_manager was initialized
Summary: "process_floating_ip_nat_rules_for_centralized_floatingip" should check if se...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
: ---
Assignee: Rodolfo Alonso
QA Contact: Eran Kuris
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-09-27 12:52 UTC by Rodolfo Alonso
Modified: 2024-12-20 21:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-11 13:48:24 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1945215 0 None None None 2021-09-27 15:53:16 UTC
OpenStack gerrit 811318 0 None NEW [DVR] Check if SNAT iptables manager is initialized 2021-09-29 13:32:16 UTC

Description Rodolfo Alonso 2021-09-27 12:52:27 UTC 
Description of problem:
L3 agent configuration: agent_mode=dvr_snat.
The L3 agent is located in a controller node, acting as a DVR edge router.

When "process_floating_ip_nat_rules_for_centralized_floatingip" is called, this method should check first if "self.snat_iptables_manager" has been initialized. The method "process_floating_ip_nat_rules_for_centralized_floatingip" is called from:
  <-- DvrEdgeRouter.process_floating_ip_nat_rules
  <-- RouterInfo.process_snat_dnat_for_fip
  <-- RouterInfo.process_external
  
The method "RouterInfo.process_external" will first call "RouterInfo._process_external_gateway" --> "DvrEdgeRouter.external_gateway_added" --> "DvrEdgeRouter._create_dvr_gateway". This last method initializes the SNAT iptables manager [1] (this code has been around unchanged six years).

However "DvrEdgeRouter.external_gateway_added" is only called if "ex_gw_port" exists. That means if the GW port does not exist, the SNAT iptables manager is None. 


[1]https://github.com/openstack/neutron/blob/1d450dbddc8c3d34948ab3d9a8346dd491d9cc7c/neutron/agent/l3/dvr_edge_router.py#L196-L198

Version-Release number of selected component (if applicable):
OSP-13.



How reproducible:



Steps to Reproduce:
(I'm not 100% sure, I still need to check) Create a FIP in a SNAT DVR router without GW port.



Actual results:


Expected results:


Additional info:
Note You need to log in before you can comment on or make changes to this bug.