[ovn]disable security group notifier

When we use the ovn driver, the security group is implemented by the ACL of ovn. There is no need to send rpc messages. Closes-Bug: #2007327 Change-Id: I4b486c910ed298633ac6f60fd93f695c6c3bfef2
2023-02-15 10:54:56 +08:00 · 2023-02-15 10:54:56 +08:00 · 35cb164ea5
parent 0360eb8e12
commit 35cb164ea5
5 changed files with 41 additions and 9 deletions
--- a/doc/source/admin/ovn/index.rst
+++ b/doc/source/admin/ovn/index.rst
@ -19,3 +19,4 @@ OVN Driver Administration Guide
   smartnic_dpu
   baremetal
   external_ports
+   rpc
--- a/doc/source/admin/ovn/rpc.rst
+++ b/doc/source/admin/ovn/rpc.rst
@ -0,0 +1,14 @@
+.. _ovn_rpc:
+
+===================
+RPC messages in OVN
+===================
+
+ML2/OVN driver uses the OVN NB tables ``Port_Group`` and ``ACL`` to
+implement security groups. Security groups and security group rules are
+directly sent to OVN NB via the OVSDB protocol. Neutron doesn't send any
+RPC messages related to these topics when using the ML2/OVN mechanism
+driver.
+
+However, other RPC topics are kept in case other drivers are being used,
+for example ML2/SRIOV, DHCP agents (for baremetal ports), etc.
--- a/neutron/db/securitygroups_rpc_base.py
+++ b/neutron/db/securitygroups_rpc_base.py
@ -37,13 +37,17 @@ DIRECTION_IP_PREFIX = {'ingress': 'source_ip_prefix',
 DHCP_RULE_PORT = {4: (67, 68, const.IPv4), 6: (547, 546, const.IPv6)}


-@registry.has_registry_receivers
 class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
    """Mixin class to add agent-based security group implementation."""

-    @registry.receives(resources.PORT, [events.AFTER_CREATE,
-                                        events.AFTER_UPDATE,
-                                        events.AFTER_DELETE])
+    def register_sg_notifier(self):
+        registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
+                           events.AFTER_CREATE)
+        registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
+                           events.AFTER_UPDATE)
+        registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
+                           events.AFTER_DELETE)
+
    def _notify_sg_on_port_change(self, resource, event, trigger, payload):
        """Trigger notification to other SG members on port changes."""

--- a/neutron/plugins/ml2/plugin.py
+++ b/neutron/plugins/ml2/plugin.py
@ -410,6 +410,10 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
            self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
                dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
            )
+        # NOTE(zhouhenglc): SG notifier is not needed when using ML2/OVN, as
+        # there are no agents expecting these updates.
+        if 'ovn' not in self.mechanism_manager.mech_drivers:
+            self.register_sg_notifier()

    @log_helpers.log_method_call
    def start_rpc_listeners(self):
--- a/neutron/tests/unit/plugins/ml2/test_plugin.py
+++ b/neutron/tests/unit/plugins/ml2/test_plugin.py
@ -1394,7 +1394,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
                'security_groups_member_updated') as sg_member_update:
            port['port']['fixed_ips'][0]['ip_address'] = '10.0.0.3'
            plugin.update_port(ctx, port['port']['id'], port)
-            self.assertTrue(sg_member_update.called)
+            if 'ovn' in self._mechanism_drivers:
+                sg_member_update.assert_not_called()
+            else:
+                self.assertTrue(sg_member_update.called)

    def test_update_port_name_do_not_notify_sg(self):
        ctx = context.get_admin_context()
@ -1507,9 +1510,12 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
            ports = self.deserialize(self.fmt, res)
            if 'ports' in ports:
                used_sg = ports['ports'][0]['security_groups']
-                m_upd.assert_has_calls(
-                    [mock.call(mock.ANY, [sg]) for sg in used_sg],
-                    any_order=True)
+                if 'ovn' in self._mechanism_drivers:
+                    m_upd.assert_not_called()
+                else:
+                    m_upd.assert_has_calls(
+                        [mock.call(mock.ANY, [sg]) for sg in used_sg],
+                        any_order=True)
            else:
                self.assertTrue('ports' in ports)

@ -1552,7 +1558,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
                                              as_admin=True)
            ports = self.deserialize(self.fmt, res)
            used_sg = ports['ports'][0]['security_groups']
-            m_upd.assert_called_with(mock.ANY, used_sg)
+            if 'ovn' in self._mechanism_drivers:
+                m_upd.assert_not_called()
+            else:
+                m_upd.assert_called_with(mock.ANY, used_sg)
            m_upd.reset_mock()
            data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
            self._create_bulk_from_list(self.fmt, 'port',