Disable security group rule when create port

Use "driver_handles_share_servers=True" backend driver.
When create service neutron port to connect with service instances,
we should set the port security group is disable, to prevent be added
the default security group in neutron. Because some cases the default
security group would lead to the port can not connect with the service
instances.

Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
Closes-Bug:#1720283
(cherry picked from commit 3c3d899837)
This commit is contained in:
haobing1 2018-01-17 12:14:07 +08:00 committed by haobing
parent 57ae362bcd
commit 7609c2eca9
3 changed files with 10 additions and 6 deletions

View File

@ -173,14 +173,17 @@ class API(object):
def create_port(self, tenant_id, network_id, host_id=None, subnet_id=None,
fixed_ip=None, device_owner=None, device_id=None,
mac_address=None, security_group_ids=None, dhcp_opts=None,
**kwargs):
mac_address=None, port_security_enabled=True,
security_group_ids=None, dhcp_opts=None, **kwargs):
try:
port_req_body = {'port': {}}
port_req_body['port']['network_id'] = network_id
port_req_body['port']['admin_state_up'] = True
port_req_body['port']['tenant_id'] = tenant_id
if security_group_ids:
if not port_security_enabled:
port_req_body['port']['port_security_enabled'] = (
port_security_enabled)
elif security_group_ids:
port_req_body['port']['security_groups'] = security_group_ids
if mac_address:
port_req_body['port']['mac_address'] = mac_address

View File

@ -992,7 +992,8 @@ class NeutronNetworkHelper(BaseNetworkhelper):
elif not ports:
port = self.neutron_api.create_port(
self.admin_project_id, network_id, subnet_id=subnet_id,
device_id=device_id, device_owner='manila:share', host_id=host)
device_id=device_id, device_owner='manila:share', host_id=host,
port_security_enabled=False)
else:
port = ports[0]
return port

View File

@ -2030,7 +2030,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
instance.neutron_api.create_port.assert_called_once_with(
instance.admin_project_id, instance.service_network_id,
device_id='manila-share', device_owner='manila:share',
host_id='fake_host', subnet_id=None)
host_id='fake_host', subnet_id=None, port_security_enabled=False)
service_instance.socket.gethostname.assert_called_once_with()
self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
self.assertEqual(fake_service_port, result)
@ -2084,7 +2084,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
instance.neutron_api.create_port.assert_called_once_with(
instance.admin_project_id, instance.service_network_id,
device_id='manila-share', device_owner='manila:share',
host_id='fake_host', subnet_id=None)
host_id='fake_host', subnet_id=None, port_security_enabled=False)
service_instance.socket.gethostname.assert_called_once_with()
self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
self.assertEqual(fake_service_port, result)