Set security group provider rule for icmpv6 RA in DVR
Security group provider rules for RA is set for the VM ports
when a router interface is added or updated after the VM
instance is created.
In the case of DVR Routers the security group provider rule
to allow the RA packets to flow through the VM port input
chain was missing and so the VM was not able to get a
SLAAC/DHCP address when associated with a DVR Router.
This fix will add the security group rule to the VM port input
chain to allow the RA packets to flow into the VM and hence
the VM will obtain an IP address assigned by the Router.
Closes-Bug: #1501969
Conflicts:
neutron/db/securitygroups_rpc_base.py
Change-Id: Ib0b3499d9c880fe1462734b2d4092debf4819509
(cherry picked from commit a7dc528c18
)
This commit is contained in:
parent
ca8d046adc
commit
1578dcbb8d
|
@ -153,7 +153,10 @@ class SecurityGroupServerRpcMixin(sg_db.SecurityGroupDbMixin):
|
|||
security_groups_provider_updated = True
|
||||
# For IPv6, provider rule need to be updated in case router
|
||||
# interface is created or updated after VM port is created.
|
||||
elif port['device_owner'] == q_const.DEVICE_OWNER_ROUTER_INTF:
|
||||
# NOTE (Swami): ROUTER_INTERFACE_OWNERS check is required
|
||||
# since it includes the legacy router interface device owners
|
||||
# and DVR router interface device owners.
|
||||
elif port['device_owner'] in q_const.ROUTER_INTERFACE_OWNERS:
|
||||
if any(netaddr.IPAddress(fixed_ip['ip_address']).version == 6
|
||||
for fixed_ip in port['fixed_ips']):
|
||||
security_groups_provider_updated = True
|
||||
|
|
|
@ -129,7 +129,7 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase):
|
|||
self.fmt, net['network']['id'], **kwargs)
|
||||
res = self.deserialize(self.fmt, res)
|
||||
port_id = res['port']['id']
|
||||
if device_owner == const.DEVICE_OWNER_ROUTER_INTF:
|
||||
if device_owner in const.ROUTER_INTERFACE_OWNERS:
|
||||
data = {'port': {'fixed_ips': []}}
|
||||
req = self.new_update_request('ports', data, port_id)
|
||||
res = self.deserialize(self.fmt,
|
||||
|
@ -145,6 +145,15 @@ class SGServerRpcCallBackTestCase(test_sg.SecurityGroupDBTestCase):
|
|||
'2001:0db8::1')
|
||||
self.assertTrue(self.notifier.security_groups_provider_updated.called)
|
||||
|
||||
def test_notify_security_group_dvr_ipv6_gateway_port_added(self):
|
||||
self._test_security_group_port(
|
||||
const.DEVICE_OWNER_DVR_INTERFACE,
|
||||
'2001:0db8::1',
|
||||
'2001:0db8::/64',
|
||||
6,
|
||||
'2001:0db8::2')
|
||||
self.assertTrue(self.notifier.security_groups_provider_updated.called)
|
||||
|
||||
def test_notify_security_group_ipv6_normal_port_added(self):
|
||||
self._test_security_group_port(
|
||||
None,
|
||||
|
|
Loading…
Reference in New Issue