Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and add warning if driver combination is not valid. Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None). Change-Id: I841f9cf96ac6ee2ad17a4e8908d6c8a96f368cca Closes-Bug: #1296957
This commit is contained in:
parent
884478eebc
commit
5c6ff449bb
|
@ -44,12 +44,13 @@ cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP')
|
||||||
#This is backward compatibility check for Havana
|
#This is backward compatibility check for Havana
|
||||||
def _is_valid_driver_combination():
|
def _is_valid_driver_combination():
|
||||||
return ((cfg.CONF.SECURITYGROUP.enable_security_group and
|
return ((cfg.CONF.SECURITYGROUP.enable_security_group and
|
||||||
cfg.CONF.SECURITYGROUP.firewall_driver !=
|
(cfg.CONF.SECURITYGROUP.firewall_driver and
|
||||||
'neutron.agent.firewall.NoopFirewallDriver') or
|
cfg.CONF.SECURITYGROUP.firewall_driver !=
|
||||||
|
'neutron.agent.firewall.NoopFirewallDriver')) or
|
||||||
(not cfg.CONF.SECURITYGROUP.enable_security_group and
|
(not cfg.CONF.SECURITYGROUP.enable_security_group and
|
||||||
(cfg.CONF.SECURITYGROUP.firewall_driver ==
|
(cfg.CONF.SECURITYGROUP.firewall_driver ==
|
||||||
'neutron.agent.firewall.NoopFirewallDriver' or
|
'neutron.agent.firewall.NoopFirewallDriver' or
|
||||||
cfg.CONF.SECURITYGROUP.firewall_driver == None)
|
cfg.CONF.SECURITYGROUP.firewall_driver is None)
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
||||||
|
@ -137,6 +138,11 @@ class SecurityGroupAgentRpcMixin(object):
|
||||||
def init_firewall(self, defer_refresh_firewall=False):
|
def init_firewall(self, defer_refresh_firewall=False):
|
||||||
firewall_driver = cfg.CONF.SECURITYGROUP.firewall_driver
|
firewall_driver = cfg.CONF.SECURITYGROUP.firewall_driver
|
||||||
LOG.debug(_("Init firewall settings (driver=%s)"), firewall_driver)
|
LOG.debug(_("Init firewall settings (driver=%s)"), firewall_driver)
|
||||||
|
if not _is_valid_driver_combination():
|
||||||
|
LOG.warn("Driver configuration doesn't match "
|
||||||
|
"with enable_security_group")
|
||||||
|
if not firewall_driver:
|
||||||
|
firewall_driver = 'neutron.agent.firewall.NoopFirewallDriver'
|
||||||
self.firewall = importutils.import_object(firewall_driver)
|
self.firewall = importutils.import_object(firewall_driver)
|
||||||
# The following flag will be set to true if port filter must not be
|
# The following flag will be set to true if port filter must not be
|
||||||
# applied as soon as a rule or membership notification is received
|
# applied as soon as a rule or membership notification is received
|
||||||
|
|
|
@ -773,6 +773,17 @@ class SGAgentRpcCallBackMixinTestCase(base.BaseTestCase):
|
||||||
[call.security_groups_provider_updated()])
|
[call.security_groups_provider_updated()])
|
||||||
|
|
||||||
|
|
||||||
|
class SecurityGroupAgentRpcTestCaseForNoneDriver(base.BaseTestCase):
|
||||||
|
def test_init_firewall_with_none_driver(self):
|
||||||
|
cfg.CONF.set_override(
|
||||||
|
'enable_security_group', False,
|
||||||
|
group='SECURITYGROUP')
|
||||||
|
agent = sg_rpc.SecurityGroupAgentRpcMixin()
|
||||||
|
agent.init_firewall()
|
||||||
|
self.assertEqual(agent.firewall.__class__.__name__,
|
||||||
|
'NoopFirewallDriver')
|
||||||
|
|
||||||
|
|
||||||
class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
|
class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
|
||||||
def setUp(self, defer_refresh_firewall=False):
|
def setUp(self, defer_refresh_firewall=False):
|
||||||
super(SecurityGroupAgentRpcTestCase, self).setUp()
|
super(SecurityGroupAgentRpcTestCase, self).setUp()
|
||||||
|
@ -1986,6 +1997,15 @@ class TestSecurityGroupExtensionControl(base.BaseTestCase):
|
||||||
group='SECURITYGROUP')
|
group='SECURITYGROUP')
|
||||||
self.assertFalse(sg_rpc._is_valid_driver_combination())
|
self.assertFalse(sg_rpc._is_valid_driver_combination())
|
||||||
|
|
||||||
|
def test_is_invalid_drvier_combination_sg_enabled_with_none(self):
|
||||||
|
cfg.CONF.set_override(
|
||||||
|
'enable_security_group', True,
|
||||||
|
group='SECURITYGROUP')
|
||||||
|
cfg.CONF.set_override(
|
||||||
|
'firewall_driver', None,
|
||||||
|
group='SECURITYGROUP')
|
||||||
|
self.assertFalse(sg_rpc._is_valid_driver_combination())
|
||||||
|
|
||||||
def test_is_invalid_drvier_combination_sg_disabled(self):
|
def test_is_invalid_drvier_combination_sg_disabled(self):
|
||||||
cfg.CONF.set_override(
|
cfg.CONF.set_override(
|
||||||
'enable_security_group', False,
|
'enable_security_group', False,
|
||||||
|
|
Loading…
Reference in New Issue