The L3 neutron agent uses the -W flag when adding new iptable rules.
That flag verifies if the lock is free to avoid race conditions. The
lock is normally /run/xtables.lock.
In iptables <1.6.2, if the file does not exist, iptables ignores the
lock and silently continues. Starting with 1.6.2, that behaviour changed
and if the file does not exist, iptables fails:
https://git.netfilter.org/iptables/commit/?id=80d8bfaac9e2430d710084a10ec78e68bd61e6ec
Leap 15.0 is using iptables 1.6.2 whereas Ubuntu Bionic uses 1.6.1.
That is why Ubuntu compute-kit gates where working whereas openSUSE
compute-kit gate was not
This patch fixes the gate problem by mounting /run/xtables.lock
Change-Id: Ia9c648cdf95c9824b34f40a6d9ed538a2cad5154
Signed-off-by: Manuel Buil <mbuil@suse.com>
94cd5a9935