From 59fe0711dfd551739d5f5f98d05ffaf329467c07 Mon Sep 17 00:00:00 2001 From: Carl Baldwin Date: Tue, 16 Jul 2013 18:10:37 +0000 Subject: [PATCH] Avoid refreshing firewall rules unnecessarily. Adds a parameter to refresh_firewall allowing an array of ports to be passed. If an array is passed then the firewall will be refreshed only for those ports. If not passed, it will still refresh all ports as it did before. Change-Id: I539a135dbc3861e31cbb5c69cef0ff8c0f834527 Fixes: Bug #1202328 --- neutron/agent/securitygroups_rpc.py | 22 ++++++++++++------- .../tests/unit/test_security_groups_rpc.py | 17 ++++++++++++-- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/neutron/agent/securitygroups_rpc.py b/neutron/agent/securitygroups_rpc.py index 9b0d5797f..ffdc21fd2 100644 --- a/neutron/agent/securitygroups_rpc.py +++ b/neutron/agent/securitygroups_rpc.py @@ -125,13 +125,14 @@ class SecurityGroupAgentRpcMixin(object): 'security_group_source_groups') def _security_group_updated(self, security_groups, attribute): - #check need update or not + devices = [] + sec_grp_set = set(security_groups) for device in self.firewall.ports.values(): - if set(device.get(attribute, - [])).intersection( - set(security_groups)): - self.refresh_firewall() - return + if sec_grp_set & set(device.get(attribute, [])): + devices.append(device) + + if devices: + self.refresh_firewall(devices) def security_groups_provider_updated(self): LOG.info(_("Provider rule updated")) @@ -148,10 +149,15 @@ class SecurityGroupAgentRpcMixin(object): continue self.firewall.remove_port_filter(device) - def refresh_firewall(self): + def refresh_firewall(self, devices=None): LOG.info(_("Refresh firewall rules")) - device_ids = self.firewall.ports.keys() + + if devices: + device_ids = [d['device'] for d in devices] + else: + device_ids = self.firewall.ports.keys() if not device_ids: + LOG.info(_("No ports here to refresh firewall")) return devices = self.plugin_rpc.security_group_rules_for_devices( self.context, device_ids) diff --git a/neutron/tests/unit/test_security_groups_rpc.py b/neutron/tests/unit/test_security_groups_rpc.py index 235100d25..280b269ef 100644 --- a/neutron/tests/unit/test_security_groups_rpc.py +++ b/neutron/tests/unit/test_security_groups_rpc.py @@ -465,7 +465,7 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase): self.agent.prepare_devices_filter(['fake_port_id']) self.agent.security_groups_rule_updated(['fake_sgid1', 'fake_sgid3']) self.agent.refresh_firewall.assert_has_calls( - [call.refresh_firewall()]) + [call.refresh_firewall([self.fake_device])]) def test_security_groups_rule_not_updated(self): self.agent.refresh_firewall = mock.Mock() @@ -478,7 +478,7 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase): self.agent.prepare_devices_filter(['fake_port_id']) self.agent.security_groups_member_updated(['fake_sgid2', 'fake_sgid3']) self.agent.refresh_firewall.assert_has_calls( - [call.refresh_firewall()]) + [call.refresh_firewall([self.fake_device])]) def test_security_groups_member_not_updated(self): self.agent.refresh_firewall = mock.Mock() @@ -501,6 +501,19 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase): call.update_port_filter(self.fake_device)] self.firewall.assert_has_calls(calls) + def test_refresh_firewall_devices(self): + self.agent.prepare_devices_filter(['fake_port_id']) + self.agent.refresh_firewall([self.fake_device]) + calls = [call.defer_apply(), + call.prepare_port_filter(self.fake_device), + call.defer_apply(), + call.update_port_filter(self.fake_device)] + self.firewall.assert_has_calls(calls) + + def test_refresh_firewall_none(self): + self.agent.refresh_firewall([]) + self.firewall.assert_has_calls([]) + class FakeSGRpcApi(agent_rpc.PluginApi, sg_rpc.SecurityGroupServerRpcApiMixin): -- 2.45.2