Disable security group rule when create port
Use "driver_handles_share_servers=True" backend driver.
When create service neutron port to connect with service instances,
we should set the port security group is disable, to prevent be added
the default security group in neutron. Because some cases the default
security group would lead to the port can not connect with the service
instances.
Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
Closes-Bug:#1720283
(cherry picked from commit 3c3d899837
)
This commit is contained in:
parent
57ae362bcd
commit
7609c2eca9
|
@ -173,14 +173,17 @@ class API(object):
|
|||
|
||||
def create_port(self, tenant_id, network_id, host_id=None, subnet_id=None,
|
||||
fixed_ip=None, device_owner=None, device_id=None,
|
||||
mac_address=None, security_group_ids=None, dhcp_opts=None,
|
||||
**kwargs):
|
||||
mac_address=None, port_security_enabled=True,
|
||||
security_group_ids=None, dhcp_opts=None, **kwargs):
|
||||
try:
|
||||
port_req_body = {'port': {}}
|
||||
port_req_body['port']['network_id'] = network_id
|
||||
port_req_body['port']['admin_state_up'] = True
|
||||
port_req_body['port']['tenant_id'] = tenant_id
|
||||
if security_group_ids:
|
||||
if not port_security_enabled:
|
||||
port_req_body['port']['port_security_enabled'] = (
|
||||
port_security_enabled)
|
||||
elif security_group_ids:
|
||||
port_req_body['port']['security_groups'] = security_group_ids
|
||||
if mac_address:
|
||||
port_req_body['port']['mac_address'] = mac_address
|
||||
|
|
|
@ -992,7 +992,8 @@ class NeutronNetworkHelper(BaseNetworkhelper):
|
|||
elif not ports:
|
||||
port = self.neutron_api.create_port(
|
||||
self.admin_project_id, network_id, subnet_id=subnet_id,
|
||||
device_id=device_id, device_owner='manila:share', host_id=host)
|
||||
device_id=device_id, device_owner='manila:share', host_id=host,
|
||||
port_security_enabled=False)
|
||||
else:
|
||||
port = ports[0]
|
||||
return port
|
||||
|
|
|
@ -2030,7 +2030,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
|
|||
instance.neutron_api.create_port.assert_called_once_with(
|
||||
instance.admin_project_id, instance.service_network_id,
|
||||
device_id='manila-share', device_owner='manila:share',
|
||||
host_id='fake_host', subnet_id=None)
|
||||
host_id='fake_host', subnet_id=None, port_security_enabled=False)
|
||||
service_instance.socket.gethostname.assert_called_once_with()
|
||||
self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
|
||||
self.assertEqual(fake_service_port, result)
|
||||
|
@ -2084,7 +2084,7 @@ class NeutronNetworkHelperTestCase(test.TestCase):
|
|||
instance.neutron_api.create_port.assert_called_once_with(
|
||||
instance.admin_project_id, instance.service_network_id,
|
||||
device_id='manila-share', device_owner='manila:share',
|
||||
host_id='fake_host', subnet_id=None)
|
||||
host_id='fake_host', subnet_id=None, port_security_enabled=False)
|
||||
service_instance.socket.gethostname.assert_called_once_with()
|
||||
self.assertFalse(instance.neutron_api.update_port_fixed_ips.called)
|
||||
self.assertEqual(fake_service_port, result)
|
||||
|
|
Loading…
Reference in New Issue