Synchronize AclMaintainer converge

author: Valerij Fredriksen <valerijf@verizonmedia.com> 2019-02-13 10:10:37 +0100
committer: Valerij Fredriksen <valerijf@verizonmedia.com> 2019-02-13 10:10:37 +0100
commit: f2c57a5da8e4f58a66edd110e580ad1924d7d71e (patch)
tree: bc5c9f52ce34a4f5d1c0cad191acff118f8fab70 /node-admin
parent: 9b7af46ffcddc4ef24d0c7677ef45799e8ef9e8d (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
index a68eda7e39e..247cf8bffd6 100644
--- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
+++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/acl/AclMaintainer.java
@@ -51,7 +51,9 @@ public class AclMaintainer {
         this.ipAddresses = ipAddresses;
     }
 
-    public void converge(NodeAgentContext context) {
+    // ip(6)tables operate while having the xtables lock, run with synchronized to prevent multiple NodeAgents
+    // invoking ip(6)tables concurrently.
+    public synchronized void converge(NodeAgentContext context) {
         // Apply acl to the filter table
         editFlushOnError(context, IPVersion.IPv4, "filter", FilterTableLineEditor.from(context.acl(), IPVersion.IPv4));
         editFlushOnError(context, IPVersion.IPv6, "filter", FilterTableLineEditor.from(context.acl(), IPVersion.IPv6));
author	Valerij Fredriksen <valerijf@verizonmedia.com>	2019-02-13 10:10:37 +0100
committer	Valerij Fredriksen <valerijf@verizonmedia.com>	2019-02-13 10:10:37 +0100
commit	f2c57a5da8e4f58a66edd110e580ad1924d7d71e (patch)
tree	bc5c9f52ce34a4f5d1c0cad191acff118f8fab70 /node-admin
parent	9b7af46ffcddc4ef24d0c7677ef45799e8ef9e8d (diff)