From 5c051a6ab6604c0cc38d59e1fdc0e6b199ed9932 Mon Sep 17 00:00:00 2001 From: Gregory Thiemonge Date: Mon, 2 Oct 2023 03:11:29 -0400 Subject: [PATCH] Fix incorrect masquerade rules in multivip LBs The up scripts of the interface files were called only when the interface moved from down to up, it means that they were not called during the update of the configuration of an interface. So if during an update, if an ipv6 subnet was plugged while the ipv4 subnet was already there, the up script that sets the masquerade rules was not called. It broke connectivity for either ipv4 or ipv6 between the client and the members in UDP listeners in multivip load balancers. Closes-Bug: #2037943 Change-Id: Iad78de1764bc3a3f699b5feef9e58999d2efe613 --- octavia/amphorae/backends/utils/interface.py | 9 ++++----- .../tests/unit/amphorae/backends/utils/test_interface.py | 4 +++- ...squerade-rules-in-dualstack-lbs-94f97606c5804b36.yaml | 6 ++++++ 3 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 releasenotes/notes/fix-missing-masquerade-rules-in-dualstack-lbs-94f97606c5804b36.yaml diff --git a/octavia/amphorae/backends/utils/interface.py b/octavia/amphorae/backends/utils/interface.py index fa591256f7..9ae68e8f8c 100644 --- a/octavia/amphorae/backends/utils/interface.py +++ b/octavia/amphorae/backends/utils/interface.py @@ -356,11 +356,10 @@ class InterfaceController(object): **rule) def _scripts_up(self, interface, current_state): - if current_state == consts.IFACE_DOWN: - for script in interface.scripts[consts.IFACE_UP]: - LOG.debug("%s: Running command '%s'", - interface.name, script[consts.COMMAND]) - subprocess.check_output(script[consts.COMMAND].split()) + for script in interface.scripts[consts.IFACE_UP]: + LOG.debug("%s: Running command '%s'", + interface.name, script[consts.COMMAND]) + subprocess.check_output(script[consts.COMMAND].split()) def down(self, interface): LOG.info("Setting interface %s down", interface.name) diff --git a/octavia/tests/unit/amphorae/backends/utils/test_interface.py b/octavia/tests/unit/amphorae/backends/utils/test_interface.py index 5ac344284a..aed9aac894 100644 --- a/octavia/tests/unit/amphorae/backends/utils/test_interface.py +++ b/octavia/tests/unit/amphorae/backends/utils/test_interface.py @@ -714,7 +714,9 @@ class TestInterface(base.TestCase): table=254, family=socket.AF_INET)]) - mock_check_output.assert_not_called() + mock_check_output.assert_has_calls([ + mock.call(["post-up", "eth1"]) + ]) @mock.patch('pyroute2.IPRoute.rule') @mock.patch('pyroute2.IPRoute.route') diff --git a/releasenotes/notes/fix-missing-masquerade-rules-in-dualstack-lbs-94f97606c5804b36.yaml b/releasenotes/notes/fix-missing-masquerade-rules-in-dualstack-lbs-94f97606c5804b36.yaml new file mode 100644 index 0000000000..d80f076413 --- /dev/null +++ b/releasenotes/notes/fix-missing-masquerade-rules-in-dualstack-lbs-94f97606c5804b36.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Fixed an issue when using UDP listeners in dual-stack (IPv4 and IPv6) load + balancers, some masquerade rules needed by UDP were not correctly set on the + member interfaces.