Merge "Reinitialize ovs firewall after ovs-vswitchd restart"

2018-12-04 12:48:30 +00:00 · 2018-12-04 12:48:30 +00:00 · a55a2a9280
parent 36b27b16f2 2ba9e95156
commit a55a2a9280
2 changed files with 30 additions and 5 deletions
--- a/neutron/agent/linux/openvswitch_firewall/firewall.py
+++ b/neutron/agent/linux/openvswitch_firewall/firewall.py
@ -18,6 +18,9 @@ import contextlib
 import copy

 import netaddr
+from neutron_lib.callbacks import events as callbacks_events
+from neutron_lib.callbacks import registry as callbacks_registry
+from neutron_lib.callbacks import resources as callbacks_resources
 from neutron_lib import constants as lib_const
 from oslo_log import log as logging
 from oslo_utils import netutils
@ -393,17 +396,28 @@ class OVSFirewallDriver(firewall.FirewallDriver):

        """
        self.int_br = self.initialize_bridge(integration_bridge)
-        self._update_cookie = None
        self.sg_port_map = SGPortMap()
+        self.conj_ip_manager = ConjIPFlowManager(self)
        self.sg_to_delete = set()
+        self._update_cookie = None
        self._deferred = False
+        self.iptables_helper = iptables.Helper(self.int_br.br)
+        self.iptables_helper.load_driver_if_needed()
+        self._initialize_firewall()
+
+        callbacks_registry.subscribe(
+            self._init_firewall_callback,
+            callbacks_resources.AGENT,
+            callbacks_events.OVS_RESTARTED)
+
+    def _init_firewall_callback(self, resource, event, trigger, **kwargs):
+        LOG.info("Reinitialize Openvswitch firewall after OVS restart.")
+        self._initialize_firewall()
+
+    def _initialize_firewall(self):
        self._drop_all_unmatched_flows()
        self._initialize_common_flows()
        self._initialize_third_party_tables()
-        self.conj_ip_manager = ConjIPFlowManager(self)
-
-        self.iptables_helper = iptables.Helper(self.int_br.br)
-        self.iptables_helper.load_driver_if_needed()

    @contextlib.contextmanager
    def update_cookie_context(self):
--- a/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
+++ b/neutron/tests/unit/agent/linux/openvswitch_firewall/test_firewall.py
@ -13,6 +13,9 @@
 #    under the License.

 import mock
+from neutron_lib.callbacks import events as callbacks_events
+from neutron_lib.callbacks import registry as callbacks_registry
+from neutron_lib.callbacks import resources as callbacks_resources
 from neutron_lib import constants
 import testtools

@ -390,6 +393,14 @@ class TestOVSFirewallDriver(base.BaseTestCase):
    def port_mac(self):
        return self.mock_bridge.br.get_vif_port_by_id.return_value.vif_mac

+    def test_callbacks_registered(self):
+        with mock.patch.object(callbacks_registry, "subscribe") as subscribe:
+            firewall = ovsfw.OVSFirewallDriver(mock.MagicMock())
+            subscribe.assert_called_once_with(
+                firewall._init_firewall_callback,
+                callbacks_resources.AGENT,
+                callbacks_events.OVS_RESTARTED)
+
    def test_initialize_bridge(self):
        br = self.firewall.initialize_bridge(self.mock_bridge)
        self.assertEqual(br, self.mock_bridge.deferred.return_value)