setup port filters when sg rules change

when security group rules change, the l2 agents which have the
ports in this security group should reload iptables, this bug
was introduced by patch#118274.

Closes-bug: #1452718
Change-Id: Idb1577128be5d8812024467f599166bc131d57ea

diff --git a/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py b/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
index 7e7d377562c8de242982a2afd8a5a32603693299..182a8fd8c59f262240dce80052a71e636d7900c5 100644 (file)
--- a/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
+++ b/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py
@@ -1403,6 +1403,7 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
         # list at the same time; avoid processing it twice.
         devices_added_updated = (port_info.get('added', set()) |
                                  port_info.get('updated', set()))
+        need_binding_devices = []
         if devices_added_updated:
             start = time.time()
             try:
@@ -1418,12 +1419,6 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
                            'num_skipped': len(skipped_devices),
                            'num_current': len(port_info['current']),
                            'elapsed': time.time() - start})
-                # TODO(salv-orlando): Optimize avoiding applying filters
-                # unnecessarily, (eg: when there are no IP address changes)
-                self.sg_agent.setup_port_filters(
-                    port_info.get('added', set()),
-                    port_info.get('updated', set()))
-                self._bind_devices(need_binding_devices)
                 # Update the list of current ports storing only those which
                 # have been actually processed.
                 port_info['current'] = (port_info['current'] -
@@ -1435,6 +1430,13 @@ class OVSNeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin,
                                   "failure while retrieving port details "
                                   "from server"), self.iter_num)
                 resync_a = True
+
+        # TODO(salv-orlando): Optimize avoiding applying filters
+        # unnecessarily, (eg: when there are no IP address changes)
+        self.sg_agent.setup_port_filters(port_info.get('added', set()),
+                                         port_info.get('updated', set()))
+        self._bind_devices(need_binding_devices)
+
         if 'removed' in port_info:
             start = time.time()
             resync_b = self.treat_devices_removed(port_info['removed'])

diff --git a/neutron/tests/unit/plugins/openvswitch/agent/test_ovs_neutron_agent.py b/neutron/tests/unit/plugins/openvswitch/agent/test_ovs_neutron_agent.py
index 0eeaaa11a870707633c063d6fd53946df0779deb..6e585c82c20442b6ca1237ee57949fac0ddac83d 100644 (file)
--- a/neutron/tests/unit/plugins/openvswitch/agent/test_ovs_neutron_agent.py
+++ b/neutron/tests/unit/plugins/openvswitch/agent/test_ovs_neutron_agent.py
@@ -445,10 +445,15 @@ class TestOvsNeutronAgent(base.BaseTestCase):
             self.assertFalse(self.agent.process_network_ports(port_info,
                                                               False))
             setup_port_filters.assert_called_once_with(
-                port_info['added'], port_info.get('updated', set()))
-            device_added_updated.assert_called_once_with(
-                port_info['added'] | port_info.get('updated', set()), False)
-            device_removed.assert_called_once_with(port_info['removed'])
+                port_info.get('added', set()),
+                port_info.get('updated', set()))
+            devices_added_updated = (port_info.get('added', set()) |
+                                     port_info.get('updated', set()))
+            if devices_added_updated:
+                device_added_updated.assert_called_once_with(
+                    devices_added_updated, False)
+            if port_info.get('removed', set()):
+                device_removed.assert_called_once_with(port_info['removed'])
 
     def test_process_network_ports(self):
         self._test_process_network_ports(
@@ -463,6 +468,9 @@ class TestOvsNeutronAgent(base.BaseTestCase):
              'removed': set(['eth0']),
              'added': set(['eth1'])})
 
+    def test_process_network_port_with_empty_port(self):
+        self._test_process_network_ports({})
+
     def test_report_state(self):
         with mock.patch.object(self.agent.state_rpc,
                                "report_state") as report_st: