openstack
/
neutron
Code Issues Proposed changes

Merge "Setup br-tun in secure fail mode to avoid broadcast storms" into stable/juno

This commit is contained in:
Jenkins 2015-02-25 00:28:57 +00:00 committed by Gerrit Code Review
parent 792aa823a4 a52f19f9bd
commit dc2ee2ae05
3 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
neutron/agent/linux/ovs_lib.py
View File

@ -32,6 +32,9 @@ DEFAULT_OVS_VSCTL_TIMEOUT = 10
# Special return value for an invalid OVS ofport # Special return value for an invalid OVS ofport
INVALID_OFPORT = '-1' INVALID_OFPORT = '-1'
# OVS bridge fail modes
FAILMODE_SECURE = 'secure'
OPTS = [ OPTS = [
cfg.IntOpt('ovs_vsctl_timeout', cfg.IntOpt('ovs_vsctl_timeout',
default=DEFAULT_OVS_VSCTL_TIMEOUT, default=DEFAULT_OVS_VSCTL_TIMEOUT,
@ -75,8 +78,11 @@ class BaseOVS(object):
if not check_error: if not check_error:
ctxt.reraise = False ctxt.reraise = False
def add_bridge(self, bridge_name): def add_bridge(self, bridge_name, secure_mode=False):
self.run_vsctl(["--", "--may-exist", "add-br", bridge_name]) cmd = ["--", "--may-exist", "add-br", bridge_name]
if secure_mode:
cmd += ["--", "set-fail-mode", bridge_name, FAILMODE_SECURE]
self.run_vsctl(cmd)
return OVSBridge(bridge_name, self.root_helper) return OVSBridge(bridge_name, self.root_helper)
def delete_bridge(self, bridge_name): def delete_bridge(self, bridge_name):
@ -126,7 +132,7 @@ class OVSBridge(BaseOVS):
return res return res
def set_secure_mode(self): def set_secure_mode(self):
self.run_vsctl(['--', 'set-fail-mode', self.br_name, 'secure'], self.run_vsctl(['--', 'set-fail-mode', self.br_name, FAILMODE_SECURE],
check_error=True) check_error=True)
def set_protocols(self, protocols): def set_protocols(self, protocols):
@ -134,15 +140,15 @@ class OVSBridge(BaseOVS):
"protocols=%s" % protocols], "protocols=%s" % protocols],
check_error=True) check_error=True)
def create(self): def create(self, secure_mode=False):
self.add_bridge(self.br_name) self.add_bridge(self.br_name, secure_mode)
def destroy(self): def destroy(self):
self.delete_bridge(self.br_name) self.delete_bridge(self.br_name)
def reset_bridge(self): def reset_bridge(self, secure_mode=False):
self.destroy() self.destroy()
self.create() self.create(secure_mode)
def add_port(self, port_name): def add_port(self, port_name):
self.run_vsctl(["--", "--may-exist", "add-port", self.br_name, self.run_vsctl(["--", "--may-exist", "add-port", self.br_name,

2
neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
View File

@ -752,7 +752,7 @@ class OVSNeutronAgent(n_rpc.RpcCallback,
if not self.tun_br: if not self.tun_br:
self.tun_br = ovs_lib.OVSBridge(tun_br_name, self.root_helper) self.tun_br = ovs_lib.OVSBridge(tun_br_name, self.root_helper)
self.tun_br.reset_bridge() self.tun_br.reset_bridge(secure_mode=True)
self.patch_tun_ofport = self.int_br.add_patch_port( self.patch_tun_ofport = self.int_br.add_patch_port(
cfg.CONF.OVS.int_peer_patch_port, cfg.CONF.OVS.tun_peer_patch_port) cfg.CONF.OVS.int_peer_patch_port, cfg.CONF.OVS.tun_peer_patch_port)
self.patch_int_ofport = self.tun_br.add_patch_port( self.patch_int_ofport = self.tun_br.add_patch_port(

4
neutron/tests/unit/openvswitch/test_ovs_tunnel.py
View File

@ -184,7 +184,7 @@ class TunnelTest(base.BaseTestCase):
] ]
self.mock_tun_bridge_expected = [ self.mock_tun_bridge_expected = [
mock.call.reset_bridge(), mock.call.reset_bridge(secure_mode=True),
mock.call.add_patch_port('patch-int', 'patch-tun'), mock.call.add_patch_port('patch-int', 'patch-tun'),
] ]
self.mock_int_bridge_expected += [ self.mock_int_bridge_expected += [
@ -598,7 +598,7 @@ class TunnelTestUseVethInterco(TunnelTest):
] ]
self.mock_tun_bridge_expected = [ self.mock_tun_bridge_expected = [
mock.call.reset_bridge(), mock.call.reset_bridge(secure_mode=True),
mock.call.add_patch_port('patch-int', 'patch-tun'), mock.call.add_patch_port('patch-int', 'patch-tun'),
] ]
self.mock_int_bridge_expected += [ self.mock_int_bridge_expected += [