Merge "[ovn]disable security group notifier"
This commit is contained in:
Zuul
Gerrit Code Review
commit
6e30e3e59f
doc/source/admin/ovn
neutron
@ -19,3 +19,4 @@ OVN Driver Administration Guide
|
|||||||
smartnic_dpu
|
smartnic_dpu
|
||||||
baremetal
|
baremetal
|
||||||
external_ports
|
external_ports
|
||||||
|
rpc
|
||||||
|
|||||||
14
doc/source/admin/ovn/rpc.rst
Normal file
14
doc/source/admin/ovn/rpc.rst
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
.. _ovn_rpc:
|
||||||
|
|
||||||
|
===================
|
||||||
|
RPC messages in OVN
|
||||||
|
===================
|
||||||
|
|
||||||
|
ML2/OVN driver uses the OVN NB tables ``Port_Group`` and ``ACL`` to
|
||||||
|
implement security groups. Security groups and security group rules are
|
||||||
|
directly sent to OVN NB via the OVSDB protocol. Neutron doesn't send any
|
||||||
|
RPC messages related to these topics when using the ML2/OVN mechanism
|
||||||
|
driver.
|
||||||
|
|
||||||
|
However, other RPC topics are kept in case other drivers are being used,
|
||||||
|
for example ML2/SRIOV, DHCP agents (for baremetal ports), etc.
|
||||||
@ -37,13 +37,17 @@ DIRECTION_IP_PREFIX = {'ingress': 'source_ip_prefix',
|
|||||||
DHCP_RULE_PORT = {4: (67, 68, const.IPv4), 6: (547, 546, const.IPv6)}
|
DHCP_RULE_PORT = {4: (67, 68, const.IPv4), 6: (547, 546, const.IPv6)}
|
||||||
|
|
||||||
|
|
||||||
@registry.has_registry_receivers
|
|
||||||
class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
|
class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
|
||||||
"""Mixin class to add agent-based security group implementation."""
|
"""Mixin class to add agent-based security group implementation."""
|
||||||
|
|
||||||
@registry.receives(resources.PORT, [events.AFTER_CREATE,
|
def register_sg_notifier(self):
|
||||||
events.AFTER_UPDATE,
|
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
|
||||||
events.AFTER_DELETE])
|
events.AFTER_CREATE)
|
||||||
|
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
|
||||||
|
events.AFTER_UPDATE)
|
||||||
|
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
|
||||||
|
events.AFTER_DELETE)
|
||||||
|
|
||||||
def _notify_sg_on_port_change(self, resource, event, trigger, payload):
|
def _notify_sg_on_port_change(self, resource, event, trigger, payload):
|
||||||
"""Trigger notification to other SG members on port changes."""
|
"""Trigger notification to other SG members on port changes."""
|
||||||
|
|
||||||
|
|||||||
@ -410,6 +410,10 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
|||||||
self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
|
self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
|
||||||
dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
|
dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
|
||||||
)
|
)
|
||||||
|
# NOTE(zhouhenglc): SG notifier is not needed when using ML2/OVN, as
|
||||||
|
# there are no agents expecting these updates.
|
||||||
|
if 'ovn' not in self.mechanism_manager.mech_drivers:
|
||||||
|
self.register_sg_notifier()
|
||||||
|
|
||||||
@log_helpers.log_method_call
|
@log_helpers.log_method_call
|
||||||
def start_rpc_listeners(self):
|
def start_rpc_listeners(self):
|
||||||
|
|||||||
@ -1394,7 +1394,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
|||||||
'security_groups_member_updated') as sg_member_update:
|
'security_groups_member_updated') as sg_member_update:
|
||||||
port['port']['fixed_ips'][0]['ip_address'] = '10.0.0.3'
|
port['port']['fixed_ips'][0]['ip_address'] = '10.0.0.3'
|
||||||
plugin.update_port(ctx, port['port']['id'], port)
|
plugin.update_port(ctx, port['port']['id'], port)
|
||||||
self.assertTrue(sg_member_update.called)
|
if 'ovn' in self._mechanism_drivers:
|
||||||
|
sg_member_update.assert_not_called()
|
||||||
|
else:
|
||||||
|
self.assertTrue(sg_member_update.called)
|
||||||
|
|
||||||
def test_update_port_name_do_not_notify_sg(self):
|
def test_update_port_name_do_not_notify_sg(self):
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
@ -1507,9 +1510,12 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
|||||||
ports = self.deserialize(self.fmt, res)
|
ports = self.deserialize(self.fmt, res)
|
||||||
if 'ports' in ports:
|
if 'ports' in ports:
|
||||||
used_sg = ports['ports'][0]['security_groups']
|
used_sg = ports['ports'][0]['security_groups']
|
||||||
m_upd.assert_has_calls(
|
if 'ovn' in self._mechanism_drivers:
|
||||||
[mock.call(mock.ANY, [sg]) for sg in used_sg],
|
m_upd.assert_not_called()
|
||||||
any_order=True)
|
else:
|
||||||
|
m_upd.assert_has_calls(
|
||||||
|
[mock.call(mock.ANY, [sg]) for sg in used_sg],
|
||||||
|
any_order=True)
|
||||||
else:
|
else:
|
||||||
self.assertTrue('ports' in ports)
|
self.assertTrue('ports' in ports)
|
||||||
|
|
||||||
@ -1552,7 +1558,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
|||||||
as_admin=True)
|
as_admin=True)
|
||||||
ports = self.deserialize(self.fmt, res)
|
ports = self.deserialize(self.fmt, res)
|
||||||
used_sg = ports['ports'][0]['security_groups']
|
used_sg = ports['ports'][0]['security_groups']
|
||||||
m_upd.assert_called_with(mock.ANY, used_sg)
|
if 'ovn' in self._mechanism_drivers:
|
||||||
|
m_upd.assert_not_called()
|
||||||
|
else:
|
||||||
|
m_upd.assert_called_with(mock.ANY, used_sg)
|
||||||
m_upd.reset_mock()
|
m_upd.reset_mock()
|
||||||
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
|
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
|
||||||
self._create_bulk_from_list(self.fmt, 'port',
|
self._create_bulk_from_list(self.fmt, 'port',
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user