Explicitly load nf_conntrack_ipv4 module
When neutron-openvswitch-agent is using the openvswitch firewall, it needs the nf_conntrack_ipv4 module to be loaded. Usually, this module gets loaded by some other external tool, but in case this does not happen, neither the charm nor neutron will load it, so all traffic to the instances in this host will fail. This patch fixes that by explicitly loading the module. Change-Id: Ia788e870c124de7da17961c02259cfe80938e5d2 Closes-bug: #1834213
This commit is contained in:
parent
41479c5732
commit
b76a592997
|
@ -70,6 +70,10 @@ from charmhelpers.core.host import (
|
|||
init_is_systemd,
|
||||
group_exists,
|
||||
user_exists,
|
||||
is_container,
|
||||
)
|
||||
from charmhelpers.core.kernel import (
|
||||
modprobe,
|
||||
)
|
||||
|
||||
from charmhelpers.fetch import (
|
||||
|
@ -257,6 +261,20 @@ def install_packages():
|
|||
if use_dpdk():
|
||||
enable_ovs_dpdk()
|
||||
|
||||
# NOTE(tpsilva): if we're using openvswitch driver, we need to explicitly
|
||||
# load the nf_conntrack_ipv4/6 module, since it won't be
|
||||
# loaded automatically in some cases. LP#1834213
|
||||
if not is_container() and config('firewall-driver') == 'openvswitch':
|
||||
try:
|
||||
modprobe('nf_conntrack_ipv4', True)
|
||||
modprobe('nf_conntrack_ipv6', True)
|
||||
except subprocess.CalledProcessError:
|
||||
# Newer kernel versions (4.19+) don't have two modules for that, so
|
||||
# only load nf_conntrack
|
||||
log("This kernel does not have nf_conntrack_ipv4/6. "
|
||||
"Loading nf_conntrack only.")
|
||||
modprobe('nf_conntrack', True)
|
||||
|
||||
|
||||
def install_l3ha_packages():
|
||||
apt_update()
|
||||
|
|
|
@ -13,6 +13,7 @@
|
|||
# limitations under the License.
|
||||
|
||||
import hashlib
|
||||
import subprocess
|
||||
|
||||
from mock import MagicMock, patch, call
|
||||
from collections import OrderedDict
|
||||
|
@ -68,6 +69,8 @@ TO_PATCH = [
|
|||
'user_exists',
|
||||
'group_exists',
|
||||
'init_is_systemd',
|
||||
'modprobe',
|
||||
'is_container',
|
||||
]
|
||||
|
||||
head_pkg = 'linux-headers-3.15.0-5-generic'
|
||||
|
@ -120,6 +123,46 @@ class TestNeutronOVSUtils(CharmTestCase):
|
|||
self.apt_update.assert_called_with()
|
||||
self.apt_install.assert_called_with(self.filter_installed_packages(),
|
||||
fatal=True)
|
||||
self.modprobe.assert_not_called()
|
||||
|
||||
@patch.object(nutils, 'determine_packages')
|
||||
def test_install_packages_container(self, _determine_packages):
|
||||
self.os_release.return_value = 'mitaka'
|
||||
self.is_container.return_value = True
|
||||
_determine_packages.return_value = 'randompkg'
|
||||
nutils.install_packages()
|
||||
self.apt_update.assert_called_with()
|
||||
self.apt_install.assert_called_with(self.filter_installed_packages(),
|
||||
fatal=True)
|
||||
self.modprobe.assert_not_called()
|
||||
|
||||
@patch.object(nutils, 'determine_packages')
|
||||
def test_install_packages_ovs_firewall(self, _determine_packages):
|
||||
self.os_release.return_value = 'mitaka'
|
||||
_determine_packages.return_value = 'randompkg'
|
||||
self.is_container.return_value = False
|
||||
self.test_config.set('firewall-driver', 'openvswitch')
|
||||
nutils.install_packages()
|
||||
self.apt_update.assert_called_with()
|
||||
self.apt_install.assert_called_with(self.filter_installed_packages(),
|
||||
fatal=True)
|
||||
self.modprobe.assert_has_calls([call('nf_conntrack_ipv4', True),
|
||||
call('nf_conntrack_ipv6', True)])
|
||||
|
||||
@patch.object(nutils, 'determine_packages')
|
||||
def test_install_packages_ovs_fw_newer_kernel(self, _determine_packages):
|
||||
self.os_release.return_value = 'mitaka'
|
||||
_determine_packages.return_value = 'randompkg'
|
||||
self.is_container.return_value = False
|
||||
self.test_config.set('firewall-driver', 'openvswitch')
|
||||
self.modprobe.side_effect = [subprocess.CalledProcessError(0, ""),
|
||||
None]
|
||||
nutils.install_packages()
|
||||
self.apt_update.assert_called_with()
|
||||
self.apt_install.assert_called_with(self.filter_installed_packages(),
|
||||
fatal=True)
|
||||
self.modprobe.assert_has_calls([call('nf_conntrack_ipv4', True),
|
||||
call('nf_conntrack', True)])
|
||||
|
||||
@patch.object(nutils, 'determine_packages')
|
||||
def test_install_packages_dkms_needed(self, _determine_packages):
|
||||
|
|
Loading…
Reference in New Issue