From 35cb164ea557ca4f26b7c7ef21d1db13cdda0d71 Mon Sep 17 00:00:00 2001
From: zhouhenglc <zhouhenglc@inspur.com>
Date: Wed, 15 Feb 2023 10:54:56 +0800
Subject: [PATCH] [ovn]disable security group notifier

When we use the ovn driver, the security group is implemented
by the ACL of ovn. There is no need to send rpc messages.

Closes-Bug: #2007327

Change-Id: I4b486c910ed298633ac6f60fd93f695c6c3bfef2
---
 doc/source/admin/ovn/index.rst                |  1 +
 doc/source/admin/ovn/rpc.rst                  | 14 ++++++++++++++
 neutron/db/securitygroups_rpc_base.py         | 12 ++++++++----
 neutron/plugins/ml2/plugin.py                 |  4 ++++
 neutron/tests/unit/plugins/ml2/test_plugin.py | 19 ++++++++++++++-----
 5 files changed, 41 insertions(+), 9 deletions(-)
 create mode 100644 doc/source/admin/ovn/rpc.rst

diff --git a/doc/source/admin/ovn/index.rst b/doc/source/admin/ovn/index.rst
index 65cfdd16a24..7d151b944cd 100644
--- a/doc/source/admin/ovn/index.rst
+++ b/doc/source/admin/ovn/index.rst
@@ -19,3 +19,4 @@ OVN Driver Administration Guide
    smartnic_dpu
    baremetal
    external_ports
+   rpc
diff --git a/doc/source/admin/ovn/rpc.rst b/doc/source/admin/ovn/rpc.rst
new file mode 100644
index 00000000000..06eb3e67ed8
--- /dev/null
+++ b/doc/source/admin/ovn/rpc.rst
@@ -0,0 +1,14 @@
+.. _ovn_rpc:
+
+===================
+RPC messages in OVN
+===================
+
+ML2/OVN driver uses the OVN NB tables ``Port_Group`` and ``ACL`` to
+implement security groups. Security groups and security group rules are
+directly sent to OVN NB via the OVSDB protocol. Neutron doesn't send any
+RPC messages related to these topics when using the ML2/OVN mechanism
+driver.
+
+However, other RPC topics are kept in case other drivers are being used,
+for example ML2/SRIOV, DHCP agents (for baremetal ports), etc.
diff --git a/neutron/db/securitygroups_rpc_base.py b/neutron/db/securitygroups_rpc_base.py
index 737850cfb54..3f32e913c24 100644
--- a/neutron/db/securitygroups_rpc_base.py
+++ b/neutron/db/securitygroups_rpc_base.py
@@ -37,13 +37,17 @@ DIRECTION_IP_PREFIX = {'ingress': 'source_ip_prefix',
 DHCP_RULE_PORT = {4: (67, 68, const.IPv4), 6: (547, 546, const.IPv6)}
 
 
-@registry.has_registry_receivers
 class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
     """Mixin class to add agent-based security group implementation."""
 
-    @registry.receives(resources.PORT, [events.AFTER_CREATE,
-                                        events.AFTER_UPDATE,
-                                        events.AFTER_DELETE])
+    def register_sg_notifier(self):
+        registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
+                           events.AFTER_CREATE)
+        registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
+                           events.AFTER_UPDATE)
+        registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
+                           events.AFTER_DELETE)
+
     def _notify_sg_on_port_change(self, resource, event, trigger, payload):
         """Trigger notification to other SG members on port changes."""
 
diff --git a/neutron/plugins/ml2/plugin.py b/neutron/plugins/ml2/plugin.py
index 2fa769b34db..accf4136412 100644
--- a/neutron/plugins/ml2/plugin.py
+++ b/neutron/plugins/ml2/plugin.py
@@ -410,6 +410,10 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
             self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
                 dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
             )
+        # NOTE(zhouhenglc): SG notifier is not needed when using ML2/OVN, as
+        # there are no agents expecting these updates.
+        if 'ovn' not in self.mechanism_manager.mech_drivers:
+            self.register_sg_notifier()
 
     @log_helpers.log_method_call
     def start_rpc_listeners(self):
diff --git a/neutron/tests/unit/plugins/ml2/test_plugin.py b/neutron/tests/unit/plugins/ml2/test_plugin.py
index cd72574f0d4..163c61bddae 100644
--- a/neutron/tests/unit/plugins/ml2/test_plugin.py
+++ b/neutron/tests/unit/plugins/ml2/test_plugin.py
@@ -1394,7 +1394,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
                 'security_groups_member_updated') as sg_member_update:
             port['port']['fixed_ips'][0]['ip_address'] = '10.0.0.3'
             plugin.update_port(ctx, port['port']['id'], port)
-            self.assertTrue(sg_member_update.called)
+            if 'ovn' in self._mechanism_drivers:
+                sg_member_update.assert_not_called()
+            else:
+                self.assertTrue(sg_member_update.called)
 
     def test_update_port_name_do_not_notify_sg(self):
         ctx = context.get_admin_context()
@@ -1507,9 +1510,12 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
             ports = self.deserialize(self.fmt, res)
             if 'ports' in ports:
                 used_sg = ports['ports'][0]['security_groups']
-                m_upd.assert_has_calls(
-                    [mock.call(mock.ANY, [sg]) for sg in used_sg],
-                    any_order=True)
+                if 'ovn' in self._mechanism_drivers:
+                    m_upd.assert_not_called()
+                else:
+                    m_upd.assert_has_calls(
+                        [mock.call(mock.ANY, [sg]) for sg in used_sg],
+                        any_order=True)
             else:
                 self.assertTrue('ports' in ports)
 
@@ -1552,7 +1558,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
                                               as_admin=True)
             ports = self.deserialize(self.fmt, res)
             used_sg = ports['ports'][0]['security_groups']
-            m_upd.assert_called_with(mock.ANY, used_sg)
+            if 'ovn' in self._mechanism_drivers:
+                m_upd.assert_not_called()
+            else:
+                m_upd.assert_called_with(mock.ANY, used_sg)
             m_upd.reset_mock()
             data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
             self._create_bulk_from_list(self.fmt, 'port',