Browse Source

Disable security group rule when create port

Use "driver_handles_share_servers=True" backend driver.
When create service neutron port to connect with service instances,
we should set the port security group is disable, to prevent be added
the default security group in neutron. Because some cases the default
security group would lead to the port can not connect with the service
instances.

Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
Closes-Bug:#1720283
(cherry picked from commit 3c3d899837)
haobing1 1 year ago
parent
commit
7609c2eca9

+ 6
- 3
manila/network/neutron/api.py View File

@@ -173,14 +173,17 @@ class API(object):
173 173
 
174 174
     def create_port(self, tenant_id, network_id, host_id=None, subnet_id=None,
175 175
                     fixed_ip=None, device_owner=None, device_id=None,
176
-                    mac_address=None, security_group_ids=None, dhcp_opts=None,
177
-                    **kwargs):
176
+                    mac_address=None, port_security_enabled=True,
177
+                    security_group_ids=None, dhcp_opts=None, **kwargs):
178 178
         try:
179 179
             port_req_body = {'port': {}}
180 180
             port_req_body['port']['network_id'] = network_id
181 181
             port_req_body['port']['admin_state_up'] = True
182 182
             port_req_body['port']['tenant_id'] = tenant_id
183
-            if security_group_ids:
183
+            if not port_security_enabled:
184
+                port_req_body['port']['port_security_enabled'] = (
185
+                    port_security_enabled)
186
+            elif security_group_ids:
184 187
                 port_req_body['port']['security_groups'] = security_group_ids
185 188
             if mac_address:
186 189
                 port_req_body['port']['mac_address'] = mac_address

+ 2
- 1
manila/share/drivers/service_instance.py View File

@@ -992,7 +992,8 @@ class NeutronNetworkHelper(BaseNetworkhelper):
992 992
         elif not ports:
993 993
             port = self.neutron_api.create_port(
994 994
                 self.admin_project_id, network_id, subnet_id=subnet_id,
995
-                device_id=device_id, device_owner='manila:share', host_id=host)
995
+                device_id=device_id, device_owner='manila:share', host_id=host,
996
+                port_security_enabled=False)
996 997
         else:
997 998
             port = ports[0]
998 999
         return port

+ 2
- 2
manila/tests/share/drivers/test_service_instance.py View File

@@ -2030,7 +2030,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
2030 2030
         instance.neutron_api.create_port.assert_called_once_with(
2031 2031
             instance.admin_project_id, instance.service_network_id,
2032 2032
             device_id='manila-share', device_owner='manila:share',
2033
-            host_id='fake_host', subnet_id=None)
2033
+            host_id='fake_host', subnet_id=None, port_security_enabled=False)
2034 2034
         service_instance.socket.gethostname.assert_called_once_with()
2035 2035
         self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
2036 2036
         self.assertEqual(fake_service_port, result)
@@ -2084,7 +2084,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
2084 2084
         instance.neutron_api.create_port.assert_called_once_with(
2085 2085
             instance.admin_project_id, instance.service_network_id,
2086 2086
             device_id='manila-share', device_owner='manila:share',
2087
-            host_id='fake_host', subnet_id=None)
2087
+            host_id='fake_host', subnet_id=None, port_security_enabled=False)
2088 2088
         service_instance.socket.gethostname.assert_called_once_with()
2089 2089
         self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
2090 2090
         self.assertEqual(fake_service_port, result)

Loading…
Cancel
Save