Browse Source

Allow skip processing exposed ports

The endpoints 'network_driver_program_external_connectivity'
and 'network_driver_revoke_external_connectivity' will dynamically
create security group and security group rules to open the ports
exposed by the docker container. However, such processing invokes
too much neutron API calls thus significantly slowing down the
container start/stop. However, such processing is not mandatory
because users can manually configure the SGs to achieve the
equivalent.

This patch make the processing of exposed ports configurable.
As a result, it can be disabled if users want a better performance.

Change-Id: I6d6d176512e6b30bb7372408aec1a7bac12335ab
Hongbin Lu 1 year ago
parent
commit
17db307e27

+ 1
- 0
devstack/plugin.sh View File

@@ -59,6 +59,7 @@ function configure_kuryr {
59 59
         configure_auth_token_middleware "$KURYR_CONFIG" kuryr \
60 60
         "$KURYR_AUTH_CACHE_DIR" neutron
61 61
         iniset $KURYR_CONFIG DEFAULT capability_scope $KURYR_CAPABILITY_SCOPE
62
+        iniset $KURYR_CONFIG DEFAULT process_external_connectivity $KURYR_PROCESS_EXTERNAL_CONNECTIVITY
62 63
     fi
63 64
 
64 65
     if [[ "$ENABLE_PLUGINV2" == "True" ]]; then

+ 1
- 0
devstack/settings View File

@@ -20,6 +20,7 @@ KURYR_POOL_PREFIX=${KURYR_POOL_PREFIX:-10.10.0.0/16}
20 20
 KURYR_POOL_PREFIX_LEN=${KURYR_POOL_PREFIX_LEN:-24}
21 21
 
22 22
 KURYR_CAPABILITY_SCOPE=${KURYR_CAPABILITY_SCOPE:-local}
23
+KURYR_PROCESS_EXTERNAL_CONNECTIVITY=${KURYR_PROCESS_EXTERNAL_CONNECTIVITY:-True}
23 24
 
24 25
 KURYR_DOCKER_ENGINE_PORT=${KURYR_DOCKER_ENGINE_PORT:-2375}
25 26
 DOCKER_CLUSTER_STORE=${DOCKER_CLUSTER_STORE:-etcd://$SERVICE_HOST:$ETCD_PORT}

+ 3
- 0
kuryr_libnetwork/config.py View File

@@ -52,6 +52,9 @@ core_opts = [
52 52
     cfg.ListOpt('enabled_port_drivers',
53 53
                 default=['kuryr_libnetwork.port_driver.drivers.veth'],
54 54
                 help=_('Available port drivers')),
55
+    cfg.BoolOpt('process_external_connectivity',
56
+                default=True,
57
+                help=_('Do processing external connectivity')),
55 58
     cfg.StrOpt('ssl_cert_file',
56 59
                default='/var/lib/kuryr/certs/cert.pem',
57 60
                help=_('This option allows setting absolute path'

+ 6
- 0
kuryr_libnetwork/controllers.py View File

@@ -1437,6 +1437,9 @@ def network_driver_program_external_connectivity():
1437 1437
     json_data = flask.request.get_json(force=True)
1438 1438
     LOG.debug("Received JSON data %s for"
1439 1439
               " /NetworkDriver.ProgramExternalConnectivity", json_data)
1440
+    if not cfg.CONF.process_external_connectivity:
1441
+        return flask.jsonify(const.SCHEMA['SUCCESS'])
1442
+
1440 1443
     # TODO(banix): Add support for exposed ports
1441 1444
     port = _get_neutron_port_from_docker_endpoint(json_data['EndpointID'])
1442 1445
     if port:
@@ -1459,6 +1462,9 @@ def network_driver_revoke_external_connectivity():
1459 1462
     json_data = flask.request.get_json(force=True)
1460 1463
     LOG.debug("Received JSON data %s for"
1461 1464
               " /NetworkDriver.RevokeExternalConnectivity", json_data)
1465
+    if not cfg.CONF.process_external_connectivity:
1466
+        return flask.jsonify(const.SCHEMA['SUCCESS'])
1467
+
1462 1468
     # TODO(banix): Add support for removal of exposed ports
1463 1469
     port = _get_neutron_port_from_docker_endpoint(json_data['EndpointID'])
1464 1470
     if port:

+ 83
- 0
kuryr_libnetwork/tests/unit/test_external_connectivity.py View File

@@ -21,6 +21,7 @@ from oslo_utils import uuidutils
21 21
 
22 22
 from kuryr.lib import constants as lib_const
23 23
 from kuryr.lib import utils as lib_utils
24
+from kuryr_libnetwork import config
24 25
 from kuryr_libnetwork import constants
25 26
 from kuryr_libnetwork.tests.unit import base
26 27
 from kuryr_libnetwork import utils
@@ -55,6 +56,7 @@ class TestExternalConnectivityKuryr(base.TestKuryrBase):
55 56
             num_ports, mock_list_ports, mock_create_security_group,
56 57
             mock_create_security_group_rule, mock_show_port,
57 58
             mock_update_port):
59
+        config.CONF.set_override('process_external_connectivity', True)
58 60
         fake_docker_net_id = lib_utils.get_hash()
59 61
         fake_docker_endpoint_id = lib_utils.get_hash()
60 62
 
@@ -142,6 +144,51 @@ class TestExternalConnectivityKuryr(base.TestKuryrBase):
142 144
         decoded_json = jsonutils.loads(response.data)
143 145
         self.assertEqual(constants.SCHEMA['SUCCESS'], decoded_json)
144 146
 
147
+    @mock.patch('kuryr_libnetwork.controllers.app.neutron.update_port')
148
+    @mock.patch('kuryr_libnetwork.controllers.app.neutron.show_port')
149
+    @mock.patch(
150
+        'kuryr_libnetwork.controllers.app.neutron.create_security_group_rule')
151
+    @mock.patch(
152
+        'kuryr_libnetwork.controllers.app.neutron.create_security_group')
153
+    @mock.patch('kuryr_libnetwork.controllers.app.neutron.list_ports')
154
+    @ddt.data((False, 1), (True, 1), (False, 2), (True, 2))
155
+    @ddt.unpack
156
+    def test_network_driver_program_external_connectivity_disabled(
157
+            self, existing_sg,
158
+            num_ports, mock_list_ports, mock_create_security_group,
159
+            mock_create_security_group_rule, mock_show_port,
160
+            mock_update_port):
161
+        config.CONF.set_override('process_external_connectivity', False)
162
+        fake_docker_net_id = lib_utils.get_hash()
163
+        fake_docker_endpoint_id = lib_utils.get_hash()
164
+
165
+        port_opt = []
166
+        for i in range(num_ports):
167
+            port_opt.append({u'Port': PORT + i, u'Proto': PROTOCOL_TCP})
168
+            port_opt.append({u'Port': PORT + i, u'Proto': PROTOCOL_UDP})
169
+        port_opt.append({u'Port': SINGLE_PORT, u'Proto': PROTOCOL_UDP})
170
+        options = {'com.docker.network.endpoint.exposedports':
171
+                   port_opt,
172
+                   'com.docker.network.portmap':
173
+                   []}
174
+        data = {
175
+            'NetworkID': fake_docker_net_id,
176
+            'EndpointID': fake_docker_endpoint_id,
177
+            'Options': options,
178
+        }
179
+        response = self.app.post('/NetworkDriver.ProgramExternalConnectivity',
180
+                                 content_type='application/json',
181
+                                 data=jsonutils.dumps(data))
182
+
183
+        self.assertEqual(200, response.status_code)
184
+        mock_update_port.assert_not_called()
185
+        mock_show_port.assert_not_called()
186
+        mock_create_security_group_rule.assert_not_called()
187
+        mock_create_security_group.assert_not_called()
188
+        mock_list_ports.assert_not_called()
189
+        decoded_json = jsonutils.loads(response.data)
190
+        self.assertEqual(constants.SCHEMA['SUCCESS'], decoded_json)
191
+
145 192
     @mock.patch('kuryr_libnetwork.controllers.app.neutron.update_port')
146 193
     @mock.patch('kuryr_libnetwork.controllers.app.neutron.show_port')
147 194
     @mock.patch(
@@ -155,6 +202,7 @@ class TestExternalConnectivityKuryr(base.TestKuryrBase):
155 202
             removing_sg, mock_list_ports, mock_list_security_groups,
156 203
             mock_delete_security_groups, mock_show_port,
157 204
             mock_update_port):
205
+        config.CONF.set_override('process_external_connectivity', True)
158 206
         fake_docker_net_id = lib_utils.get_hash()
159 207
         fake_docker_endpoint_id = lib_utils.get_hash()
160 208
 
@@ -219,3 +267,38 @@ class TestExternalConnectivityKuryr(base.TestKuryrBase):
219 267
             mock_update_port.assert_not_called()
220 268
         decoded_json = jsonutils.loads(response.data)
221 269
         self.assertEqual(constants.SCHEMA['SUCCESS'], decoded_json)
270
+
271
+    @mock.patch('kuryr_libnetwork.controllers.app.neutron.update_port')
272
+    @mock.patch('kuryr_libnetwork.controllers.app.neutron.show_port')
273
+    @mock.patch(
274
+        'kuryr_libnetwork.controllers.app.neutron.delete_security_group')
275
+    @mock.patch(
276
+        'kuryr_libnetwork.controllers.app.neutron.list_security_groups')
277
+    @mock.patch('kuryr_libnetwork.controllers.app.neutron.list_ports')
278
+    @ddt.data((False, False), (False, True), (True, False), (True, True))
279
+    @ddt.unpack
280
+    def test_network_driver_revoke_external_connectivity_disabled(
281
+            self, existing_sg,
282
+            removing_sg, mock_list_ports, mock_list_security_groups,
283
+            mock_delete_security_groups, mock_show_port,
284
+            mock_update_port):
285
+        config.CONF.set_override('process_external_connectivity', False)
286
+        fake_docker_net_id = lib_utils.get_hash()
287
+        fake_docker_endpoint_id = lib_utils.get_hash()
288
+
289
+        data = {
290
+            'NetworkID': fake_docker_net_id,
291
+            'EndpointID': fake_docker_endpoint_id,
292
+        }
293
+        response = self.app.post('/NetworkDriver.RevokeExternalConnectivity',
294
+                                 content_type='application/json',
295
+                                 data=jsonutils.dumps(data))
296
+
297
+        self.assertEqual(200, response.status_code)
298
+        mock_list_ports.assert_not_called()
299
+        mock_list_security_groups.assert_not_called()
300
+        mock_delete_security_groups.assert_not_called()
301
+        mock_show_port.assert_not_called()
302
+        mock_update_port.assert_not_called()
303
+        decoded_json = jsonutils.loads(response.data)
304
+        self.assertEqual(constants.SCHEMA['SUCCESS'], decoded_json)

Loading…
Cancel
Save