Add missing iptable rule in snat ns for centralized fips.

The following iptable rule should be added to snat ns: "-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat", or the snat rule will take effect instead of centralized fips when accessing to the outside for vms. Closes-Bug: #1735866 Change-Id: I286283bfb4dbf935a34c5919ee0af5225e75fac9
2017-12-11 14:17:33 +08:00 · 2017-12-11 14:17:33 +08:00 · 0f08b2c625
parent 259eedaaba
commit 0f08b2c625
2 changed files with 24 additions and 2 deletions
--- a/neutron/agent/l3/dvr_edge_router.py
+++ b/neutron/agent/l3/dvr_edge_router.py
@ -195,8 +195,11 @@ class DvrEdgeRouter(dvr_local_router.DvrLocalRouter):
        with self.snat_iptables_manager.defer_apply():
            self._empty_snat_chains(self.snat_iptables_manager)

-            # NOTE: DVR adds the jump to float snat via super class,
-            # but that is in the router namespace and not snat.
+            # NOTE: float-snat should be added for the
+            # centralized floating-ips supported by the
+            # snat namespace.
+            self.snat_iptables_manager.ipv4['nat'].add_rule(
+                'snat', '-j $float-snat')

            self._add_snat_rules(ex_gw_port, self.snat_iptables_manager,
                                 interface_name)
--- a/neutron/tests/unit/agent/l3/test_dvr_local_router.py
+++ b/neutron/tests/unit/agent/l3/test_dvr_local_router.py
@ -777,3 +777,22 @@ class TestDvrRouterOperations(base.BaseTestCase):
        device.exists = mock.Mock(return_value=False)
        with mock.patch.object(ip_lib, 'IPDevice', return_value=device):
            self.assertFalse(ri.get_router_cidrs(device))
+
+    @mock.patch.object(router_info.RouterInfo, '_add_snat_rules')
+    @mock.patch.object(dvr_router.DvrLocalRouter, '_handle_router_snat_rules')
+    def test_handle_snat_rule_for_centralized_fip(
+            self, _add_snat_rules, _handle_router_snat_rules):
+        agent = l3_agent.L3NATAgent(HOSTNAME, self.conf)
+        agent.conf.agent_mode = lib_constants.L3_AGENT_MODE_DVR_SNAT
+        self.mock_driver.unplug.reset_mock()
+
+        router = l3_test_common.prepare_router_data(enable_floating_ip=True)
+        router['gw_port_host'] = HOSTNAME
+        self._set_ri_kwargs(agent, router['id'], router)
+        ri = dvr_edge_rtr.DvrEdgeRouter(HOSTNAME, **self.ri_kwargs)
+        ri.snat_iptables_manager = mock.MagicMock()
+        ipv4_nat = ri.snat_iptables_manager.ipv4['nat']
+        interface_name, ex_gw_port = l3_test_common.prepare_ext_gw_test(self,
+                                                                        ri)
+        ri._handle_router_snat_rules(ex_gw_port, interface_name)
+        ipv4_nat.add_rule.assert_called_once_with('snat', '-j $float-snat')