Browse Source

Restore br-sec when its patch port in br-int absent

Rebuild the security bridge when the patch ports between
br-int and br-sec are missing.

Closes-Bug: #1785904
Change-Id: I487f437401a5a420d7f2c33f0c4e1fe79e5228c9
stephen-ma 8 months ago
parent
commit
ea8355284e

+ 3
- 1
networking_vsphere/agent/ovsvapp_agent.py View File

@@ -395,7 +395,9 @@ class OVSvAppAgent(agent.Agent, ovs_agent.OVSNeutronAgent):
395 395
         # br-int patch port to br-sec.
396 396
         self.patch_sec_ofport = self.int_br.get_port_ofport(
397 397
             ovsvapp_const.INT_TO_SEC_PATCH)
398
-        if int(patch_sec_int_ofport) < 0 or int(self.patch_sec_ofport) < 0:
398
+        if patch_sec_int_ofport is None or self.patch_sec_ofport is None:
399
+            self.setup_security_br()
400
+        elif int(patch_sec_int_ofport) < 0 or int(self.patch_sec_ofport) < 0:
399 401
             LOG.error(_LE("Failed to find OVS patch port. Cannot have "
400 402
                           "Security enabled on this agent. "
401 403
                           "Terminating the agent!"))

+ 51
- 16
networking_vsphere/tests/unit/agent/test_ovsvapp_agent.py View File

@@ -461,34 +461,69 @@ class TestOVSvAppAgent(base.TestCase):
461 461
             self.assertTrue(mock_logger_warn.called)
462 462
             self.assertFalse(mock_ovs_bridge.called)
463 463
 
464
-    @mock.patch('neutron.agent.common.ovs_lib.OVSBridge')
465
-    def test_recover_security_br(self, mock_ovs_bridge):
466
-        cfg.CONF.set_override('security_bridge_mapping',
467
-                              "br-sec:physnet1", 'SECURITYGROUP')
464
+    def _test_recover_security_br(self, mock_ovs_bridge, param):
468 465
         self.agent.int_br = mock.Mock()
469 466
         self.agent.sec_br = mock.Mock()
470 467
         mock_br = mock_ovs_bridge.return_value
471 468
         with mock.patch.object(self.LOG, 'info') as mock_logger_info, \
472 469
                 mock.patch.object(mock_br, 'bridge_exists'), \
473
-                mock.patch.object(mock_br, 'add_patch_port') as mock_add_patch_port, \
470
+                mock.patch.object(mock_br,
471
+                                  'add_patch_port') as mock_add_patch_port, \
474 472
                 mock.patch.object(self.agent.int_br,
475 473
                                   "get_port_ofport",
476
-                                  return_value=6), \
477
-                mock.patch.object(mock_br,
474
+                                  return_value=param['int_br_port']), \
475
+                mock.patch.object(self.agent.sec_br,
478 476
                                   "get_port_ofport",
479
-                                  return_value=6), \
477
+                                  return_value=param['sec_br_port']), \
478
+                mock.patch.object(self.agent.int_br,
479
+                                  "add_patch_port",
480
+                                  return_value=16), \
481
+                mock.patch.object(self.agent.sec_br,
482
+                                  "add_patch_port",
483
+                                  return_value=26), \
484
+                mock.patch.object(mock_br,
485
+                                  "get_bridge_for_iface",
486
+                                  return_value=param['get_bridge_for_iface']),\
480 487
                 mock.patch.object(mock_br,
481 488
                                   "delete_port") as mock_delete_port:
482
-            mock_br.get_bridge_for_iface.return_value = 'br-sec'
483
-            self.agent.recover_security_br()
484
-            self.assertTrue(mock_logger_info.called)
485
-            self.assertFalse(mock_delete_port.called)
486
-            self.assertFalse(mock_add_patch_port.called)
487
-            mock_br.get_bridge_for_iface.return_value = 'br-fake'
488 489
             self.agent.recover_security_br()
489 490
             self.assertTrue(mock_logger_info.called)
490
-            self.assertTrue(mock_delete_port.called)
491
-            self.assertTrue(mock_add_patch_port.called)
491
+            self.assertEqual(mock_delete_port.called,
492
+                             param['expect_add_patch_port_called'])
493
+            self.assertEqual(mock_add_patch_port.called,
494
+                             param['expect_add_patch_port_called'])
495
+
496
+    @mock.patch('neutron.agent.common.ovs_lib.OVSBridge')
497
+    def test_recover_security_br(self, mock_ovs_bridge):
498
+        test_parms = {'get_bridge_for_iface': 'br-sec',
499
+                      'sec_br_port': 6,
500
+                      'int_br_port': 6,
501
+                      'expect_add_patch_port_called': False}
502
+        cfg.CONF.set_override('security_bridge_mapping',
503
+                              "br-sec:physnet1", 'SECURITYGROUP')
504
+        self._test_recover_security_br(mock_ovs_bridge, test_parms)
505
+
506
+    @mock.patch('neutron.agent.common.ovs_lib.OVSBridge')
507
+    def test_recover_security_br_iface_not_in_br_sec(self, mock_ovs_bridge):
508
+        test_parms = {'get_bridge_for_iface': 'br-fake',
509
+                      'sec_br_port': 6,
510
+                      'int_br_port': 6,
511
+                      'expect_add_patch_port_called': True}
512
+
513
+        cfg.CONF.set_override('security_bridge_mapping',
514
+                              "br-sec:physnet1", 'SECURITYGROUP')
515
+        self._test_recover_security_br(mock_ovs_bridge, test_parms)
516
+
517
+    @mock.patch('neutron.agent.common.ovs_lib.OVSBridge')
518
+    def test_recover_security_br_missing_patch_port(self, mock_ovs_bridge):
519
+        test_parms = {'get_bridge_for_iface': 'br-eth3',
520
+                      'sec_br_port': 6,
521
+                      'int_br_port': None,
522
+                      'expect_add_patch_port_called': True}
523
+
524
+        cfg.CONF.set_override('security_bridge_mapping',
525
+                              "br-eth3:physnet1", 'SECURITYGROUP')
526
+        self._test_recover_security_br(mock_ovs_bridge, test_parms)
492 527
 
493 528
     @mock.patch('neutron.agent.ovsdb.api.from_config')
494 529
     def test_recover_physical_bridges(self, mock_ovsdb_api):

Loading…
Cancel
Save