Add property "noopfirewall_or_firewall_disabled"
Added new property to "SecurityGroupAgentRpc" class, "noopfirewall_or_firewall_disabled". If the security group API is not enabled or the firewall configured is "NoopFirewallDriver", the property will return "True". Related-Bug: #1732067 Change-Id: I64db2f259462570e4c1d8df7396d188519071431
This commit is contained in:
parent
e789b18e72
commit
7842344a77
|
@ -63,6 +63,11 @@ class SecurityGroupAgentRpc(object):
|
|||
self.plugin_rpc = plugin_rpc
|
||||
self.init_firewall(defer_refresh_firewall, integration_bridge)
|
||||
|
||||
@property
|
||||
def noopfirewall_or_firewall_disabled(self):
|
||||
return (isinstance(self.firewall, firewall.NoopFirewallDriver) or
|
||||
not is_firewall_enabled())
|
||||
|
||||
def _get_trusted_devices(self, device_ids, devices):
|
||||
trusted_devices = []
|
||||
# Devices which are already added in firewall ports should
|
||||
|
@ -117,8 +122,7 @@ class SecurityGroupAgentRpc(object):
|
|||
def skip_if_noopfirewall_or_firewall_disabled(func):
|
||||
@functools.wraps(func)
|
||||
def decorated_function(self, *args, **kwargs):
|
||||
if (isinstance(self.firewall, firewall.NoopFirewallDriver) or
|
||||
not is_firewall_enabled()):
|
||||
if self.noopfirewall_or_firewall_disabled:
|
||||
LOG.info("Skipping method %s as firewall is disabled "
|
||||
"or configured as NoopFirewallDriver.",
|
||||
func.__name__)
|
||||
|
|
|
@ -53,7 +53,6 @@ from neutron.agent.common import ip_lib
|
|||
from neutron.agent.common import ovs_lib
|
||||
from neutron.agent.common import polling
|
||||
from neutron.agent.common import utils
|
||||
from neutron.agent import firewall as agent_firewall
|
||||
from neutron.agent.l2 import l2_agent_extensions_manager as ext_manager
|
||||
from neutron.agent.linux import xenapi_root_helper
|
||||
from neutron.agent import rpc as agent_rpc
|
||||
|
@ -2134,11 +2133,9 @@ class OVSNeutronAgent(l2population_rpc.L2populationRpcCallBackTunnelMixin,
|
|||
|
||||
@property
|
||||
def direct_for_non_openflow_firewall(self):
|
||||
return ((isinstance(self.sg_agent.firewall,
|
||||
agent_firewall.NoopFirewallDriver) or
|
||||
return ((self.sg_agent.noopfirewall_or_firewall_disabled or
|
||||
getattr(self.sg_agent.firewall,
|
||||
'OVS_HYBRID_PLUG_REQUIRED', False) or
|
||||
not agent_sg_rpc.is_firewall_enabled()) and
|
||||
'OVS_HYBRID_PLUG_REQUIRED', False)) and
|
||||
self.conf.AGENT.explicitly_egress_direct)
|
||||
|
||||
def install_ingress_direct_goto_flows(self):
|
||||
|
|
Loading…
Reference in New Issue