Filter security group list on the ID's we expect
Filter the list of security groups based on the security group IDs we plan on using for the network. Also only get the id field as this is all we need to compare. Fixes an issue where deployment fail on systems with a high number of security groups. Story: 2006256 Task: 35871 Change-Id: I83bbd3c77f13aaab0912354c3ec9cdd5e1123d0f
This commit is contained in:
parent
0f3476a4be
commit
59787768cb
@ -184,16 +184,19 @@ def _verify_security_groups(security_groups, client):
|
||||
return
|
||||
try:
|
||||
neutron_sec_groups = (
|
||||
client.list_security_groups().get('security_groups', []))
|
||||
client.list_security_groups(id=security_groups, fields='id').get(
|
||||
'security_groups', []))
|
||||
except neutron_exceptions.NeutronClientException as e:
|
||||
msg = (_("Could not retrieve security groups from neutron: %(exc)s") %
|
||||
{'exc': e})
|
||||
LOG.exception(msg)
|
||||
raise exception.NetworkError(msg)
|
||||
|
||||
existing_sec_groups = [sec_group['id'] for sec_group in neutron_sec_groups]
|
||||
missing_sec_groups = set(security_groups) - set(existing_sec_groups)
|
||||
if missing_sec_groups:
|
||||
if set(security_groups).issubset(x['id'] for x in neutron_sec_groups):
|
||||
return
|
||||
|
||||
missing_sec_groups = set(security_groups).difference(
|
||||
x['id'] for x in neutron_sec_groups)
|
||||
msg = (_('Could not find these security groups (specified via ironic '
|
||||
'config) in neutron: %(ir-sg)s')
|
||||
% {'ir-sg': list(missing_sec_groups)})
|
||||
|
@ -270,23 +270,23 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
|
||||
|
||||
self.assertIsNone(
|
||||
neutron._verify_security_groups(sg_ids, client))
|
||||
client.list_security_groups.assert_called_once_with()
|
||||
client.list_security_groups.assert_called_once_with(
|
||||
fields='id', id=sg_ids)
|
||||
|
||||
def test_verify_sec_groups_less_than_configured(self):
|
||||
sg_ids = []
|
||||
for i in range(2):
|
||||
sg_ids.append(uuidutils.generate_uuid())
|
||||
|
||||
expected_vals = {'security_groups': []}
|
||||
for sg in sg_ids:
|
||||
expected_vals['security_groups'].append({'id': sg})
|
||||
expected_vals = {'security_groups': [{'id': sg_ids[0]}]}
|
||||
|
||||
client = mock.MagicMock()
|
||||
client.list_security_groups.return_value = expected_vals
|
||||
|
||||
self.assertIsNone(
|
||||
neutron._verify_security_groups(sg_ids[:1], client))
|
||||
client.list_security_groups.assert_called_once_with()
|
||||
client.list_security_groups.assert_called_once_with(
|
||||
fields='id', id=sg_ids[:1])
|
||||
|
||||
def test_verify_sec_groups_more_than_configured(self):
|
||||
sg_ids = []
|
||||
@ -300,7 +300,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
|
||||
self.assertRaises(
|
||||
exception.NetworkError,
|
||||
neutron._verify_security_groups, sg_ids, client)
|
||||
client.list_security_groups.assert_called_once_with()
|
||||
client.list_security_groups.assert_called_once_with(
|
||||
fields='id', id=sg_ids)
|
||||
|
||||
def test_verify_sec_groups_no_sg_from_neutron(self):
|
||||
sg_ids = []
|
||||
@ -313,7 +314,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
|
||||
self.assertRaises(
|
||||
exception.NetworkError,
|
||||
neutron._verify_security_groups, sg_ids, client)
|
||||
client.list_security_groups.assert_called_once_with()
|
||||
client.list_security_groups.assert_called_once_with(
|
||||
fields='id', id=sg_ids)
|
||||
|
||||
def test_verify_sec_groups_exception_by_neutronclient(self):
|
||||
sg_ids = []
|
||||
@ -328,7 +330,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
|
||||
exception.NetworkError,
|
||||
"Could not retrieve security groups",
|
||||
neutron._verify_security_groups, sg_ids, client)
|
||||
client.list_security_groups.assert_called_once_with()
|
||||
client.list_security_groups.assert_called_once_with(
|
||||
fields='id', id=sg_ids)
|
||||
|
||||
def test_add_ports_with_client_id_to_network(self):
|
||||
self._test_add_ports_to_network(is_client_id=True)
|
||||
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes an issue where baremetal node deployment would fail on clouds
|
||||
with a high number of security groups. Listing the security groups
|
||||
took too long. Instead of listing all security groups, a query filter
|
||||
was added to list only the security groups to be used for the network.
|
||||
(See bug `2006256 <https://storyboard.openstack.org/#!/story/2006256>`_.)
|
||||
|
Loading…
Reference in New Issue
Block a user