Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a thread to recreate the IPv6 firewall rule every 30 seconds to counteract the enforcer deleting it. #120

Closed
wants to merge 3 commits into from
Closed

Add a thread to recreate the IPv6 firewall rule every 30 seconds to counteract the enforcer deleting it. #120

wants to merge 3 commits into from

Conversation

larry-safran
Copy link
Contributor

Short term fix to them not providing the exemption for the firewall rule.

@larry-safran larry-safran requested a review from a team as a code owner August 13, 2024 01:22
gnossen
gnossen reviewed Aug 13, 2024
View reviewed changes
tests/dualstack_test.py

def recreate_firewall_rule():
time.sleep(30)
while self.firewall_rule_creation_should_stop is False:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use threading.Event for inter-thread synchronization. The current approach may suffer from tearing.

tests/dualstack_test.py
source_range=self.firewall_source_range,
source_range_ipv6=self.firewall_source_range_ipv6,
)
time.sleep(30)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this could be done with a single call to time.sleep

tests/dualstack_test.py
source_range=self.firewall_source_range,
source_range_ipv6=self.firewall_source_range_ipv6,
)
time.sleep(30)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can the delay be pulled to a module-level constant? Also, 30 seems a bit slow to me. Maybe 10?

tests/dualstack_test.py
@@ -128,6 +134,22 @@ def test_dualstack(self) -> None:
self.server_xds_host, self.server_xds_port
)

with self.subTest("_start_firewall_rule_creation_thread"):

def recreate_firewall_rule():
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems like this functionality is generally useful. Can we just incorporate it into the --ensure_firewall flag?

@larry-safran
Copy link
Contributor Author

No longer needed since the exemption is in place

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gnossen gnossen gnossen left review comments

@sergiitk sergiitk Awaiting requested review from sergiitk sergiitk is a code owner automatically assigned from grpc/grpc-psm-interop

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@larry-safran @gnossen