]> review.fuel-infra Code Review - openstack-build/neutron-build.git/commitdiff
Code Review / openstack-build / neutron-build.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 68a9191)
Default to setting secure mode on the integration bridge
authorKyle Mestery <kmestery@cisco.com>
Fri, 30 May 2014 08:48:37 +0000 (08:48 +0000)
committerKyle Mestery <kmestery@cisco.com>
Thu, 5 Jun 2014 07:01:42 +0000 (07:01 +0000)
Set the fail-mode on the integration bridge to be secure. This means if the agent
is stopped or crashes, and OVS is also restarted, OVS will not program a default
NORMAL action. As soon as the agent is restarted, it will correctly program the
integration bridge.

Change-Id: Icf7e3e14ee747c8ce92c14c95a0a1bbf35986252
Closes-Bug: #1324703

neutron/agent/linux/ovs_lib.py patch | blob | history
neutron/plugins/openvswitch/agent/ovs_neutron_agent.py patch | blob | history
neutron/tests/unit/agent/linux/test_ovs_lib.py patch | blob | history
neutron/tests/unit/openvswitch/test_ovs_neutron_agent.py patch | blob | history
neutron/tests/unit/openvswitch/test_ovs_tunnel.py patch | blob | history

diff --git a/neutron/agent/linux/ovs_lib.py b/neutron/agent/linux/ovs_lib.py
index 9c80d7c8530438b0effff9411565193cf902634d..947026058cf4da1f503e02f6fbcc60f1a008086c 100644 (file)
--- a/neutron/agent/linux/ovs_lib.py
+++ b/neutron/agent/linux/ovs_lib.py
@@ -127,6 +127,10 @@ class OVSBridge(BaseOVS):
             return res.strip().split('\n')
         return res
 
+    def set_secure_mode(self):
+        self.run_vsctl(['--', 'set-fail-mode', self.br_name, 'secure'],
+                       check_error=True)
+
     def set_protocols(self, protocols):
         self.run_vsctl(['--', 'set', 'bridge', self.br_name,
                         "protocols=%s" % protocols],
diff --git a/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py b/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
index c93e872c3e56a2cecf3ec8b65e252b66c2609eb3..048f3666b44286a048e73ecdad2a445331910b78 100644 (file)
--- a/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
+++ b/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
@@ -202,6 +202,7 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
         self.int_br_device_count = 0
 
         self.int_br = ovs_lib.OVSBridge(integ_br, self.root_helper)
+        self.int_br.set_secure_mode()
         # Stores port update notifications for processing in main rpc loop
         self.updated_ports = set()
         self.setup_rpc()
diff --git a/neutron/tests/unit/agent/linux/test_ovs_lib.py b/neutron/tests/unit/agent/linux/test_ovs_lib.py
index a11cd02556a0c608d5b108145e658787efac5f31..7bac4780f94bf8bfe20de3a958ba087db449f6b1 100644 (file)
--- a/neutron/tests/unit/agent/linux/test_ovs_lib.py
+++ b/neutron/tests/unit/agent/linux/test_ovs_lib.py
@@ -167,6 +167,12 @@ class OVS_Lib_Test(base.BaseTestCase):
             ['ovs-vsctl', self.TO, '--', 'get-controller', self.BR_NAME],
             root_helper=self.root_helper)
 
+    def test_set_secure_mode(self):
+        self.br.set_secure_mode()
+        self.execute.assert_called_once_with(
+            ['ovs-vsctl', self.TO, '--', 'set-fail-mode', self.BR_NAME,
+             'secure'], root_helper=self.root_helper)
+
     def test_set_protocols(self):
         protocols = 'OpenFlow13'
         self.br.set_protocols(protocols)
diff --git a/neutron/tests/unit/openvswitch/test_ovs_neutron_agent.py b/neutron/tests/unit/openvswitch/test_ovs_neutron_agent.py
index eb2b536be83e1b38831d434392ba8b046d475caa..e6f2b84780b1471f107b70b54bfa316627e5d809 100644 (file)
--- a/neutron/tests/unit/openvswitch/test_ovs_neutron_agent.py
+++ b/neutron/tests/unit/openvswitch/test_ovs_neutron_agent.py
@@ -118,6 +118,8 @@ class TestOvsNeutronAgent(base.BaseTestCase):
             mock.patch('neutron.plugins.openvswitch.agent.ovs_neutron_agent.'
                        'OVSNeutronAgent.setup_ancillary_bridges',
                        return_value=[]),
+            mock.patch('neutron.agent.linux.ovs_lib.OVSBridge.'
+                       'set_secure_mode'),
             mock.patch('neutron.agent.linux.ovs_lib.OVSBridge.'
                        'get_local_port_mac',
                        return_value='00:00:00:00:00:01'),
@@ -895,6 +897,8 @@ class AncillaryBridgesTest(base.BaseTestCase):
             mock.patch('neutron.agent.linux.ovs_lib.OVSBridge.'
                        'get_local_port_mac',
                        return_value='00:00:00:00:00:01'),
+            mock.patch('neutron.agent.linux.ovs_lib.OVSBridge.'
+                       'set_secure_mode'),
             mock.patch('neutron.agent.linux.ovs_lib.get_bridges',
                        return_value=bridges),
             mock.patch(
diff --git a/neutron/tests/unit/openvswitch/test_ovs_tunnel.py b/neutron/tests/unit/openvswitch/test_ovs_tunnel.py
index 81757837efa52ecebd1588eb49163da1d3f74cb0..19f121bc536781d92d36ceec9900169d8240a581 100644 (file)
--- a/neutron/tests/unit/openvswitch/test_ovs_tunnel.py
+++ b/neutron/tests/unit/openvswitch/test_ovs_tunnel.py
@@ -107,6 +107,7 @@ class TunnelTest(base.BaseTestCase):
         self.mock_int_bridge = self.ovs_bridges[self.INT_BRIDGE]
         self.mock_int_bridge.get_local_port_mac.return_value = '000000000001'
         self.mock_int_bridge_expected = [
+            mock.call.set_secure_mode(),
             mock.call.get_local_port_mac(),
             mock.call.delete_port('patch-tun'),
             mock.call.remove_all_flows(),