openstack
/
neutron
Code Issues Proposed changes

Merge "[ovn]disable security group notifier"

This commit is contained in:
Zuul 2023-06-09 05:19:14 +00:00 committed by Gerrit Code Review
parent a2268d153a 35cb164ea5
commit 6e30e3e59f
5 changed files with 41 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
doc/source/admin/ovn/index.rst
View File

@ -19,3 +19,4 @@ OVN Driver Administration Guide
smartnic_dpu
baremetal
external_ports
rpc

14
doc/source/admin/ovn/rpc.rst Normal file
View File

@ -0,0 +1,14 @@
.. _ovn_rpc:
===================
RPC messages in OVN
===================
ML2/OVN driver uses the OVN NB tables ``Port_Group`` and ``ACL`` to
implement security groups. Security groups and security group rules are
directly sent to OVN NB via the OVSDB protocol. Neutron doesn't send any
RPC messages related to these topics when using the ML2/OVN mechanism
driver.
However, other RPC topics are kept in case other drivers are being used,
for example ML2/SRIOV, DHCP agents (for baremetal ports), etc.

12
neutron/db/securitygroups_rpc_base.py
View File

@ -37,13 +37,17 @@ DIRECTION_IP_PREFIX = {'ingress': 'source_ip_prefix',
DHCP_RULE_PORT = {4: (67, 68, const.IPv4), 6: (547, 546, const.IPv6)}
@registry.has_registry_receivers
class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
"""Mixin class to add agent-based security group implementation."""
@registry.receives(resources.PORT, [events.AFTER_CREATE,
events.AFTER_UPDATE,
events.AFTER_DELETE])
def register_sg_notifier(self):
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
events.AFTER_CREATE)
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
events.AFTER_UPDATE)
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
events.AFTER_DELETE)
def _notify_sg_on_port_change(self, resource, event, trigger, payload):
"""Trigger notification to other SG members on port changes."""

4
neutron/plugins/ml2/plugin.py
View File

@ -410,6 +410,10 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
)
# NOTE(zhouhenglc): SG notifier is not needed when using ML2/OVN, as
# there are no agents expecting these updates.
if 'ovn' not in self.mechanism_manager.mech_drivers:
self.register_sg_notifier()
@log_helpers.log_method_call
def start_rpc_listeners(self):

19
neutron/tests/unit/plugins/ml2/test_plugin.py
View File

@ -1394,7 +1394,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
'security_groups_member_updated') as sg_member_update:
port['port']['fixed_ips'][0]['ip_address'] = '10.0.0.3'
plugin.update_port(ctx, port['port']['id'], port)
self.assertTrue(sg_member_update.called)
if 'ovn' in self._mechanism_drivers:
sg_member_update.assert_not_called()
else:
self.assertTrue(sg_member_update.called)
def test_update_port_name_do_not_notify_sg(self):
ctx = context.get_admin_context()
@ -1507,9 +1510,12 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
ports = self.deserialize(self.fmt, res)
if 'ports' in ports:
used_sg = ports['ports'][0]['security_groups']
m_upd.assert_has_calls(
[mock.call(mock.ANY, [sg]) for sg in used_sg],
any_order=True)
if 'ovn' in self._mechanism_drivers:
m_upd.assert_not_called()
else:
m_upd.assert_has_calls(
[mock.call(mock.ANY, [sg]) for sg in used_sg],
any_order=True)
else:
self.assertTrue('ports' in ports)
@ -1552,7 +1558,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
as_admin=True)
ports = self.deserialize(self.fmt, res)
used_sg = ports['ports'][0]['security_groups']
m_upd.assert_called_with(mock.ANY, used_sg)
if 'ovn' in self._mechanism_drivers:
m_upd.assert_not_called()
else:
m_upd.assert_called_with(mock.ANY, used_sg)
m_upd.reset_mock()
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
self._create_bulk_from_list(self.fmt, 'port',