Disable security group rule when create port
Use "driver_handles_share_servers=True" backend driver. When create service neutron port to connect with service instances, we should set the port security group is disable, to prevent be added the default security group in neutron. Because some cases the default security group would lead to the port can not connect with the service instances. Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639 Closes-Bug:#1720283
This commit is contained in:
parent
f72d8f8351
commit
3c3d899837
|
@ -172,14 +172,17 @@ class API(object):
|
|||
|
||||
def create_port(self, tenant_id, network_id, host_id=None, subnet_id=None,
|
||||
fixed_ip=None, device_owner=None, device_id=None,
|
||||
mac_address=None, security_group_ids=None, dhcp_opts=None,
|
||||
**kwargs):
|
||||
mac_address=None, port_security_enabled=True,
|
||||
security_group_ids=None, dhcp_opts=None, **kwargs):
|
||||
try:
|
||||
port_req_body = {'port': {}}
|
||||
port_req_body['port']['network_id'] = network_id
|
||||
port_req_body['port']['admin_state_up'] = True
|
||||
port_req_body['port']['tenant_id'] = tenant_id
|
||||
if security_group_ids:
|
||||
if not port_security_enabled:
|
||||
port_req_body['port']['port_security_enabled'] = (
|
||||
port_security_enabled)
|
||||
elif security_group_ids:
|
||||
port_req_body['port']['security_groups'] = security_group_ids
|
||||
if mac_address:
|
||||
port_req_body['port']['mac_address'] = mac_address
|
||||
|
|
|
@ -986,7 +986,8 @@ class NeutronNetworkHelper(BaseNetworkhelper):
|
|||
elif not ports:
|
||||
port = self.neutron_api.create_port(
|
||||
self.admin_project_id, network_id, subnet_id=subnet_id,
|
||||
device_id=device_id, device_owner='manila:share', host_id=host)
|
||||
device_id=device_id, device_owner='manila:share', host_id=host,
|
||||
port_security_enabled=False)
|
||||
else:
|
||||
port = ports[0]
|
||||
return port
|
||||
|
|
|
@ -2079,7 +2079,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
|
|||
instance.neutron_api.create_port.assert_called_once_with(
|
||||
instance.admin_project_id, instance.service_network_id,
|
||||
device_id='manila-share', device_owner='manila:share',
|
||||
host_id='fake_host', subnet_id=None)
|
||||
host_id='fake_host', subnet_id=None, port_security_enabled=False)
|
||||
service_instance.socket.gethostname.assert_called_once_with()
|
||||
self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
|
||||
self.assertEqual(fake_service_port, result)
|
||||
|
@ -2133,7 +2133,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
|
|||
instance.neutron_api.create_port.assert_called_once_with(
|
||||
instance.admin_project_id, instance.service_network_id,
|
||||
device_id='manila-share', device_owner='manila:share',
|
||||
host_id='fake_host', subnet_id=None)
|
||||
host_id='fake_host', subnet_id=None, port_security_enabled=False)
|
||||
service_instance.socket.gethostname.assert_called_once_with()
|
||||
self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
|
||||
self.assertEqual(fake_service_port, result)
|
||||
|
|
Loading…
Reference in New Issue