[ovn]disable security group notifier
When we use the ovn driver, the security group is implemented by the ACL of ovn. There is no need to send rpc messages. Closes-Bug: #2007327 Change-Id: I4b486c910ed298633ac6f60fd93f695c6c3bfef2
This commit is contained in:
parent
0360eb8e12
commit
35cb164ea5
@ -19,3 +19,4 @@ OVN Driver Administration Guide
|
||||
smartnic_dpu
|
||||
baremetal
|
||||
external_ports
|
||||
rpc
|
||||
|
14
doc/source/admin/ovn/rpc.rst
Normal file
14
doc/source/admin/ovn/rpc.rst
Normal file
@ -0,0 +1,14 @@
|
||||
.. _ovn_rpc:
|
||||
|
||||
===================
|
||||
RPC messages in OVN
|
||||
===================
|
||||
|
||||
ML2/OVN driver uses the OVN NB tables ``Port_Group`` and ``ACL`` to
|
||||
implement security groups. Security groups and security group rules are
|
||||
directly sent to OVN NB via the OVSDB protocol. Neutron doesn't send any
|
||||
RPC messages related to these topics when using the ML2/OVN mechanism
|
||||
driver.
|
||||
|
||||
However, other RPC topics are kept in case other drivers are being used,
|
||||
for example ML2/SRIOV, DHCP agents (for baremetal ports), etc.
|
@ -37,13 +37,17 @@ DIRECTION_IP_PREFIX = {'ingress': 'source_ip_prefix',
|
||||
DHCP_RULE_PORT = {4: (67, 68, const.IPv4), 6: (547, 546, const.IPv6)}
|
||||
|
||||
|
||||
@registry.has_registry_receivers
|
||||
class SecurityGroupServerNotifierRpcMixin(sg_db.SecurityGroupDbMixin):
|
||||
"""Mixin class to add agent-based security group implementation."""
|
||||
|
||||
@registry.receives(resources.PORT, [events.AFTER_CREATE,
|
||||
events.AFTER_UPDATE,
|
||||
events.AFTER_DELETE])
|
||||
def register_sg_notifier(self):
|
||||
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
|
||||
events.AFTER_CREATE)
|
||||
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
|
||||
events.AFTER_UPDATE)
|
||||
registry.subscribe(self._notify_sg_on_port_change, resources.PORT,
|
||||
events.AFTER_DELETE)
|
||||
|
||||
def _notify_sg_on_port_change(self, resource, event, trigger, payload):
|
||||
"""Trigger notification to other SG members on port changes."""
|
||||
|
||||
|
@ -410,6 +410,10 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
|
||||
self.agent_notifiers[const.AGENT_TYPE_DHCP] = (
|
||||
dhcp_rpc_agent_api.DhcpAgentNotifyAPI()
|
||||
)
|
||||
# NOTE(zhouhenglc): SG notifier is not needed when using ML2/OVN, as
|
||||
# there are no agents expecting these updates.
|
||||
if 'ovn' not in self.mechanism_manager.mech_drivers:
|
||||
self.register_sg_notifier()
|
||||
|
||||
@log_helpers.log_method_call
|
||||
def start_rpc_listeners(self):
|
||||
|
@ -1394,7 +1394,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||
'security_groups_member_updated') as sg_member_update:
|
||||
port['port']['fixed_ips'][0]['ip_address'] = '10.0.0.3'
|
||||
plugin.update_port(ctx, port['port']['id'], port)
|
||||
self.assertTrue(sg_member_update.called)
|
||||
if 'ovn' in self._mechanism_drivers:
|
||||
sg_member_update.assert_not_called()
|
||||
else:
|
||||
self.assertTrue(sg_member_update.called)
|
||||
|
||||
def test_update_port_name_do_not_notify_sg(self):
|
||||
ctx = context.get_admin_context()
|
||||
@ -1507,9 +1510,12 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||
ports = self.deserialize(self.fmt, res)
|
||||
if 'ports' in ports:
|
||||
used_sg = ports['ports'][0]['security_groups']
|
||||
m_upd.assert_has_calls(
|
||||
[mock.call(mock.ANY, [sg]) for sg in used_sg],
|
||||
any_order=True)
|
||||
if 'ovn' in self._mechanism_drivers:
|
||||
m_upd.assert_not_called()
|
||||
else:
|
||||
m_upd.assert_has_calls(
|
||||
[mock.call(mock.ANY, [sg]) for sg in used_sg],
|
||||
any_order=True)
|
||||
else:
|
||||
self.assertTrue('ports' in ports)
|
||||
|
||||
@ -1552,7 +1558,10 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
||||
as_admin=True)
|
||||
ports = self.deserialize(self.fmt, res)
|
||||
used_sg = ports['ports'][0]['security_groups']
|
||||
m_upd.assert_called_with(mock.ANY, used_sg)
|
||||
if 'ovn' in self._mechanism_drivers:
|
||||
m_upd.assert_not_called()
|
||||
else:
|
||||
m_upd.assert_called_with(mock.ANY, used_sg)
|
||||
m_upd.reset_mock()
|
||||
data[0]['device_owner'] = constants.DEVICE_OWNER_DHCP
|
||||
self._create_bulk_from_list(self.fmt, 'port',
|
||||
|
Loading…
x
Reference in New Issue
Block a user