Set secure fail mode for physical bridges

Physical bridges can cause network disruption when ofctl controller becomes inaccessible due to heavy load or when the traffic to controller is blocked. By setting secure fail mode, the openflow rules remain untouched on such an event, while with the default setting, the flows are cleared. Co-Authored-By: Jakub Libosvar <libosvar@redhat.com> Closes-Bug: 1607787 Change-Id: I1dffe0a248664d2a675fd1ca58530c233e335d2d UpgradeImpact
2016-08-10 10:05:57 +02:00 · 2016-08-10 10:05:57 +02:00 · 9429c2da01
parent 87517709f2
commit 9429c2da01
3 changed files with 5 additions and 0 deletions
--- a/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
+++ b/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py
@ -1106,6 +1106,7 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
            # The bridge already exists, so create won't recreate it, but will
            # handle things like changing the datapath_type
            br.create()
+            br.set_secure_mode()
            br.setup_controllers(self.conf)
            if cfg.CONF.AGENT.drop_flows_on_start:
                br.delete_flows()
--- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_neutron_agent.py
@ -1190,6 +1190,7 @@ class TestOvsNeutronAgent(object):
            expected_calls = [
                mock.call.phys_br_cls('br-eth'),
                mock.call.phys_br.create(),
+                mock.call.phys_br.set_secure_mode(),
                mock.call.phys_br.setup_controllers(mock.ANY),
                mock.call.phys_br.setup_default_table(),
                mock.call.int_br.db_get_val('Interface', 'int-br-eth',
@ -1304,6 +1305,7 @@ class TestOvsNeutronAgent(object):
            expected_calls = [
                mock.call.phys_br_cls('br-eth'),
                mock.call.phys_br.create(),
+                mock.call.phys_br.set_secure_mode(),
                mock.call.phys_br.setup_controllers(mock.ANY),
                mock.call.phys_br.setup_default_table(),
                mock.call.int_br.delete_port('int-br-eth'),
--- a/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_tunnel.py
+++ b/neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/test_ovs_tunnel.py
@ -206,6 +206,7 @@ class TunnelTest(object):

        self.mock_map_tun_bridge_expected = [
            mock.call.create(),
+            mock.call.set_secure_mode(),
            mock.call.setup_controllers(mock.ANY),
            mock.call.setup_default_table(),
            mock.call.port_exists('phy-%s' % self.MAP_TUN_BRIDGE),
@ -664,6 +665,7 @@ class TunnelTestUseVethInterco(TunnelTest):

        self.mock_map_tun_bridge_expected = [
            mock.call.create(),
+            mock.call.set_secure_mode(),
            mock.call.setup_controllers(mock.ANY),
            mock.call.setup_default_table(),
            mock.call.add_port(self.intb),