diff --git a/neutron/plugins/ofagent/agent/ofa_neutron_agent.py b/neutron/plugins/ofagent/agent/ofa_neutron_agent.py index f925e4891b4..3b57f58002d 100644 --- a/neutron/plugins/ofagent/agent/ofa_neutron_agent.py +++ b/neutron/plugins/ofagent/agent/ofa_neutron_agent.py @@ -153,7 +153,7 @@ class OFASecurityGroupAgent(sg_rpc.SecurityGroupAgentRpcMixin): self.context = context self.plugin_rpc = plugin_rpc self.root_helper = root_helper - self.init_firewall() + self.init_firewall(defer_refresh_firewall=True) class OFANeutronAgentRyuApp(app_manager.RyuApp): @@ -1162,9 +1162,8 @@ class OFANeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin): resync_removed = False # If there is an exception while processing security groups ports # will not be wired anyway, and a resync will be triggered - self.sg_agent.prepare_devices_filter(port_info.get('added', set())) - if port_info.get('updated'): - self.sg_agent.refresh_firewall() + self.sg_agent.setup_port_filters(port_info.get('added', set()), + port_info.get('updated', set())) # VIF wiring needs to be performed always for 'new' devices. # For updated ports, re-wiring is not needed in most cases, but needs # to be performed anyway when the admin state of a device is changed. @@ -1240,7 +1239,8 @@ class OFANeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin): def _agent_has_updates(self, polling_manager): return (polling_manager.is_polling_required or - self.updated_ports) + self.updated_ports or + self.sg_agent.firewall_refresh_needed()) def _port_info_has_changes(self, port_info): return (port_info.get('added') or @@ -1298,8 +1298,10 @@ class OFANeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin): "Elapsed:%(elapsed).3f"), {'iter_num': self.iter_num, 'elapsed': time.time() - start}) - # notify plugin about port deltas - if self._port_info_has_changes(port_info): + # Secure and wire/unwire VIFs and update their status + # on Neutron server + if (self._port_info_has_changes(port_info) or + self.sg_agent.firewall_refresh_needed()): LOG.debug(_("Starting to process devices in:%s"), port_info) # If treat devices fails - must resync with plugin diff --git a/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py b/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py index b95d15edc86..4b2f5556ac1 100644 --- a/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py +++ b/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py @@ -451,18 +451,15 @@ class TestOFANeutronAgent(OFAAgentTestCase): def _test_process_network_ports(self, port_info): with contextlib.nested( - mock.patch.object(self.agent.sg_agent, "prepare_devices_filter"), - mock.patch.object(self.agent.sg_agent, "refresh_firewall"), + mock.patch.object(self.agent.sg_agent, "setup_port_filters"), mock.patch.object(self.agent, "treat_devices_added_or_updated", return_value=False), mock.patch.object(self.agent, "treat_devices_removed", return_value=False) - ) as (prep_dev_filter, refresh_fw, - device_added_updated, device_removed): + ) as (setup_port_filters, device_added_updated, device_removed): self.assertFalse(self.agent.process_network_ports(port_info)) - prep_dev_filter.assert_called_once_with(port_info['added']) - if port_info.get('updated'): - self.assertEqual(1, refresh_fw.call_count) + setup_port_filters.assert_called_once_with( + port_info['added'], port_info.get('updated', set())) device_added_updated.assert_called_once_with( port_info['added'] | port_info.get('updated', set())) device_removed.assert_called_once_with(port_info['removed'])