OFAgent: Improve handling of security group updates

Port the following patch to OFAgent.
commit: 3046c4ae22b10f9e4fa83a47bfe089554d4a4681
https://review.openstack.org/#/c/63100/

Partial-Bug: 1293265

Change-Id: Iecdfee894ff2fd5f05f63f040dd70821af124737

diff --git a/neutron/plugins/ofagent/agent/ofa_neutron_agent.py b/neutron/plugins/ofagent/agent/ofa_neutron_agent.py
index 7e351272140c795ad392ddbb945d1b89132c5b82..a0f204fe6607fb0bcfc5d903b23df5acf59aa3c5 100644 (file)
--- a/neutron/plugins/ofagent/agent/ofa_neutron_agent.py
+++ b/neutron/plugins/ofagent/agent/ofa_neutron_agent.py
@@ -153,7 +153,7 @@ class OFASecurityGroupAgent(sg_rpc.SecurityGroupAgentRpcMixin):
         self.context = context
         self.plugin_rpc = plugin_rpc
         self.root_helper = root_helper
-        self.init_firewall()
+        self.init_firewall(defer_refresh_firewall=True)
 
 
 class OFANeutronAgentRyuApp(app_manager.RyuApp):
@@ -1162,9 +1162,8 @@ class OFANeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin):
         resync_removed = False
         # If there is an exception while processing security groups ports
         # will not be wired anyway, and a resync will be triggered
-        self.sg_agent.prepare_devices_filter(port_info.get('added', set()))
-        if port_info.get('updated'):
-            self.sg_agent.refresh_firewall()
+        self.sg_agent.setup_port_filters(port_info.get('added', set()),
+                                         port_info.get('updated', set()))
         # VIF wiring needs to be performed always for 'new' devices.
         # For updated ports, re-wiring is not needed in most cases, but needs
         # to be performed anyway when the admin state of a device is changed.
@@ -1240,7 +1239,8 @@ class OFANeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin):
 
     def _agent_has_updates(self, polling_manager):
         return (polling_manager.is_polling_required or
-                self.updated_ports)
+                self.updated_ports or
+                self.sg_agent.firewall_refresh_needed())
 
     def _port_info_has_changes(self, port_info):
         return (port_info.get('added') or
@@ -1298,8 +1298,10 @@ class OFANeutronAgent(sg_rpc.SecurityGroupAgentRpcCallbackMixin):
                                 "Elapsed:%(elapsed).3f"),
                               {'iter_num': self.iter_num,
                                'elapsed': time.time() - start})
-                    # notify plugin about port deltas
-                    if self._port_info_has_changes(port_info):
+                    # Secure and wire/unwire VIFs and update their status
+                    # on Neutron server
+                    if (self._port_info_has_changes(port_info) or
+                        self.sg_agent.firewall_refresh_needed()):
                         LOG.debug(_("Starting to process devices in:%s"),
                                   port_info)
                         # If treat devices fails - must resync with plugin

diff --git a/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py b/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py
index b95d15edc8678638a05139a86a41909a334de735..4b2f5556ac16231ceea380530c4f0a7e1a62d4b7 100644 (file)
--- a/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py
+++ b/neutron/tests/unit/ofagent/test_ofa_neutron_agent.py
@@ -451,18 +451,15 @@ class TestOFANeutronAgent(OFAAgentTestCase):
 
     def _test_process_network_ports(self, port_info):
         with contextlib.nested(
-            mock.patch.object(self.agent.sg_agent, "prepare_devices_filter"),
-            mock.patch.object(self.agent.sg_agent, "refresh_firewall"),
+            mock.patch.object(self.agent.sg_agent, "setup_port_filters"),
             mock.patch.object(self.agent, "treat_devices_added_or_updated",
                               return_value=False),
             mock.patch.object(self.agent, "treat_devices_removed",
                               return_value=False)
-        ) as (prep_dev_filter, refresh_fw,
-              device_added_updated, device_removed):
+        ) as (setup_port_filters, device_added_updated, device_removed):
             self.assertFalse(self.agent.process_network_ports(port_info))
-            prep_dev_filter.assert_called_once_with(port_info['added'])
-            if port_info.get('updated'):
-                self.assertEqual(1, refresh_fw.call_count)
+            setup_port_filters.assert_called_once_with(
+                port_info['added'], port_info.get('updated', set()))
             device_added_updated.assert_called_once_with(
                 port_info['added'] | port_info.get('updated', set()))
             device_removed.assert_called_once_with(port_info['removed'])