Browse Source

Merge "Filter security group list on the ID's we expect" into stable/queens

changes/60/677660/1
Zuul 1 month ago
parent
commit
62c24fce69

+ 12
- 9
ironic/common/neutron.py View File

@@ -205,21 +205,24 @@ def _verify_security_groups(security_groups, client):
205 205
         return
206 206
     try:
207 207
         neutron_sec_groups = (
208
-            client.list_security_groups().get('security_groups', []))
208
+            client.list_security_groups(id=security_groups, fields='id').get(
209
+                'security_groups', []))
209 210
     except neutron_exceptions.NeutronClientException as e:
210 211
         msg = (_("Could not retrieve security groups from neutron: %(exc)s") %
211 212
                {'exc': e})
212 213
         LOG.exception(msg)
213 214
         raise exception.NetworkError(msg)
214 215
 
215
-    existing_sec_groups = [sec_group['id'] for sec_group in neutron_sec_groups]
216
-    missing_sec_groups = set(security_groups) - set(existing_sec_groups)
217
-    if missing_sec_groups:
218
-        msg = (_('Could not find these security groups (specified via ironic '
219
-                 'config) in neutron: %(ir-sg)s')
220
-               % {'ir-sg': list(missing_sec_groups)})
221
-        LOG.error(msg)
222
-        raise exception.NetworkError(msg)
216
+    if set(security_groups).issubset(x['id'] for x in neutron_sec_groups):
217
+        return
218
+
219
+    missing_sec_groups = set(security_groups).difference(
220
+        x['id'] for x in neutron_sec_groups)
221
+    msg = (_('Could not find these security groups (specified via ironic '
222
+             'config) in neutron: %(ir-sg)s')
223
+           % {'ir-sg': list(missing_sec_groups)})
224
+    LOG.error(msg)
225
+    raise exception.NetworkError(msg)
223 226
 
224 227
 
225 228
 def add_ports_to_network(task, network_uuid, security_groups=None):

+ 11
- 8
ironic/tests/unit/common/test_neutron.py View File

@@ -272,23 +272,23 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
272 272
 
273 273
         self.assertIsNone(
274 274
             neutron._verify_security_groups(sg_ids, client))
275
-        client.list_security_groups.assert_called_once_with()
275
+        client.list_security_groups.assert_called_once_with(
276
+            fields='id', id=sg_ids)
276 277
 
277 278
     def test_verify_sec_groups_less_than_configured(self):
278 279
         sg_ids = []
279 280
         for i in range(2):
280 281
             sg_ids.append(uuidutils.generate_uuid())
281 282
 
282
-        expected_vals = {'security_groups': []}
283
-        for sg in sg_ids:
284
-            expected_vals['security_groups'].append({'id': sg})
283
+        expected_vals = {'security_groups': [{'id': sg_ids[0]}]}
285 284
 
286 285
         client = mock.MagicMock()
287 286
         client.list_security_groups.return_value = expected_vals
288 287
 
289 288
         self.assertIsNone(
290 289
             neutron._verify_security_groups(sg_ids[:1], client))
291
-        client.list_security_groups.assert_called_once_with()
290
+        client.list_security_groups.assert_called_once_with(
291
+            fields='id', id=sg_ids[:1])
292 292
 
293 293
     def test_verify_sec_groups_more_than_configured(self):
294 294
         sg_ids = []
@@ -302,7 +302,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
302 302
         self.assertRaises(
303 303
             exception.NetworkError,
304 304
             neutron._verify_security_groups, sg_ids, client)
305
-        client.list_security_groups.assert_called_once_with()
305
+        client.list_security_groups.assert_called_once_with(
306
+            fields='id', id=sg_ids)
306 307
 
307 308
     def test_verify_sec_groups_no_sg_from_neutron(self):
308 309
         sg_ids = []
@@ -315,7 +316,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
315 316
         self.assertRaises(
316 317
             exception.NetworkError,
317 318
             neutron._verify_security_groups, sg_ids, client)
318
-        client.list_security_groups.assert_called_once_with()
319
+        client.list_security_groups.assert_called_once_with(
320
+            fields='id', id=sg_ids)
319 321
 
320 322
     def test_verify_sec_groups_exception_by_neutronclient(self):
321 323
         sg_ids = []
@@ -330,7 +332,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
330 332
             exception.NetworkError,
331 333
             "Could not retrieve security groups",
332 334
             neutron._verify_security_groups, sg_ids, client)
333
-        client.list_security_groups.assert_called_once_with()
335
+        client.list_security_groups.assert_called_once_with(
336
+            fields='id', id=sg_ids)
334 337
 
335 338
     def test_add_ports_with_client_id_to_network(self):
336 339
         self._test_add_ports_to_network(is_client_id=True)

+ 9
- 0
releasenotes/notes/fix-security-group-list-add-query-filters-f72cfcefa1e093d2.yaml View File

@@ -0,0 +1,9 @@
1
+---
2
+fixes:
3
+  - |
4
+    Fixes an issue where baremetal node deployment would fail on clouds
5
+    with a high number of security groups. Listing the security groups
6
+    took too long. Instead of listing all security groups, a query filter
7
+    was added to list only the security groups to be used for the network.
8
+    (See bug `2006256 <https://storyboard.openstack.org/#!/story/2006256>`_.)
9
+

Loading…
Cancel
Save