Browse Source

Merge "Filter security group list on the ID's we expect" into stable/rocky

changes/17/676517/1
Zuul 1 month ago
parent
commit
d8f90356fb

+ 12
- 9
ironic/common/neutron.py View File

@@ -203,21 +203,24 @@ def _verify_security_groups(security_groups, client):
203 203
         return
204 204
     try:
205 205
         neutron_sec_groups = (
206
-            client.list_security_groups().get('security_groups', []))
206
+            client.list_security_groups(id=security_groups, fields='id').get(
207
+                'security_groups', []))
207 208
     except neutron_exceptions.NeutronClientException as e:
208 209
         msg = (_("Could not retrieve security groups from neutron: %(exc)s") %
209 210
                {'exc': e})
210 211
         LOG.exception(msg)
211 212
         raise exception.NetworkError(msg)
212 213
 
213
-    existing_sec_groups = [sec_group['id'] for sec_group in neutron_sec_groups]
214
-    missing_sec_groups = set(security_groups) - set(existing_sec_groups)
215
-    if missing_sec_groups:
216
-        msg = (_('Could not find these security groups (specified via ironic '
217
-                 'config) in neutron: %(ir-sg)s')
218
-               % {'ir-sg': list(missing_sec_groups)})
219
-        LOG.error(msg)
220
-        raise exception.NetworkError(msg)
214
+    if set(security_groups).issubset(x['id'] for x in neutron_sec_groups):
215
+        return
216
+
217
+    missing_sec_groups = set(security_groups).difference(
218
+        x['id'] for x in neutron_sec_groups)
219
+    msg = (_('Could not find these security groups (specified via ironic '
220
+             'config) in neutron: %(ir-sg)s')
221
+           % {'ir-sg': list(missing_sec_groups)})
222
+    LOG.error(msg)
223
+    raise exception.NetworkError(msg)
221 224
 
222 225
 
223 226
 def add_ports_to_network(task, network_uuid, security_groups=None):

+ 11
- 8
ironic/tests/unit/common/test_neutron.py View File

@@ -266,23 +266,23 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
266 266
 
267 267
         self.assertIsNone(
268 268
             neutron._verify_security_groups(sg_ids, client))
269
-        client.list_security_groups.assert_called_once_with()
269
+        client.list_security_groups.assert_called_once_with(
270
+            fields='id', id=sg_ids)
270 271
 
271 272
     def test_verify_sec_groups_less_than_configured(self):
272 273
         sg_ids = []
273 274
         for i in range(2):
274 275
             sg_ids.append(uuidutils.generate_uuid())
275 276
 
276
-        expected_vals = {'security_groups': []}
277
-        for sg in sg_ids:
278
-            expected_vals['security_groups'].append({'id': sg})
277
+        expected_vals = {'security_groups': [{'id': sg_ids[0]}]}
279 278
 
280 279
         client = mock.MagicMock()
281 280
         client.list_security_groups.return_value = expected_vals
282 281
 
283 282
         self.assertIsNone(
284 283
             neutron._verify_security_groups(sg_ids[:1], client))
285
-        client.list_security_groups.assert_called_once_with()
284
+        client.list_security_groups.assert_called_once_with(
285
+            fields='id', id=sg_ids[:1])
286 286
 
287 287
     def test_verify_sec_groups_more_than_configured(self):
288 288
         sg_ids = []
@@ -296,7 +296,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
296 296
         self.assertRaises(
297 297
             exception.NetworkError,
298 298
             neutron._verify_security_groups, sg_ids, client)
299
-        client.list_security_groups.assert_called_once_with()
299
+        client.list_security_groups.assert_called_once_with(
300
+            fields='id', id=sg_ids)
300 301
 
301 302
     def test_verify_sec_groups_no_sg_from_neutron(self):
302 303
         sg_ids = []
@@ -309,7 +310,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
309 310
         self.assertRaises(
310 311
             exception.NetworkError,
311 312
             neutron._verify_security_groups, sg_ids, client)
312
-        client.list_security_groups.assert_called_once_with()
313
+        client.list_security_groups.assert_called_once_with(
314
+            fields='id', id=sg_ids)
313 315
 
314 316
     def test_verify_sec_groups_exception_by_neutronclient(self):
315 317
         sg_ids = []
@@ -324,7 +326,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase):
324 326
             exception.NetworkError,
325 327
             "Could not retrieve security groups",
326 328
             neutron._verify_security_groups, sg_ids, client)
327
-        client.list_security_groups.assert_called_once_with()
329
+        client.list_security_groups.assert_called_once_with(
330
+            fields='id', id=sg_ids)
328 331
 
329 332
     def test_add_ports_with_client_id_to_network(self):
330 333
         self._test_add_ports_to_network(is_client_id=True)

+ 9
- 0
releasenotes/notes/fix-security-group-list-add-query-filters-f72cfcefa1e093d2.yaml View File

@@ -0,0 +1,9 @@
1
+---
2
+fixes:
3
+  - |
4
+    Fixes an issue where baremetal node deployment would fail on clouds
5
+    with a high number of security groups. Listing the security groups
6
+    took too long. Instead of listing all security groups, a query filter
7
+    was added to list only the security groups to be used for the network.
8
+    (See bug `2006256 <https://storyboard.openstack.org/#!/story/2006256>`_.)
9
+

Loading…
Cancel
Save