Merge "Making the number of nested NSGroup configurable"

This commit is contained in:
Jenkins 2016-01-01 20:56:28 +00:00 committed by Gerrit Code Review
commit 9f366641be
3 changed files with 33 additions and 11 deletions

View File

@ -232,6 +232,9 @@ nsx_v3_opts = [
help=_('Number of times a HTTP redirect should be followed.')), help=_('Number of times a HTTP redirect should be followed.')),
cfg.StrOpt('default_tier0_router_uuid', cfg.StrOpt('default_tier0_router_uuid',
help=_("Default tier0 router identifier")), help=_("Default tier0 router identifier")),
cfg.IntOpt('number_of_nested_groups',
default=8,
help=_("The number of nested NSGroups to use.")),
] ]
DEFAULT_STATUS_CHECK_INTERVAL = 2000 DEFAULT_STATUS_CHECK_INTERVAL = 2000

View File

@ -21,6 +21,7 @@ NSX-V3 Plugin security integration module
import uuid import uuid
from neutron.db import securitygroups_db from neutron.db import securitygroups_db
from oslo_config import cfg
from oslo_log import log from oslo_log import log
from vmware_nsx._i18n import _, _LW from vmware_nsx._i18n import _, _LW
@ -32,9 +33,6 @@ from vmware_nsx.nsxlib.v3 import dfw_api as firewall
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
# TODO(roeyc): Make this number configurable
NUM_OF_NESTED_GROUPS = 8
DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups' DEFAULT_SECTION = 'OS Default Section for Neutron Security-Groups'
DEFAULT_SECTION_TAG_NAME = 'neutron_default_dfw_section' DEFAULT_SECTION_TAG_NAME = 'neutron_default_dfw_section'
@ -210,7 +208,7 @@ def init_nsgroup_manager_and_default_section_rules():
section_description = ("This section is handled by OpenStack to contain " section_description = ("This section is handled by OpenStack to contain "
"default rules on security-groups.") "default rules on security-groups.")
nsgroup_manager = NSGroupManager(NUM_OF_NESTED_GROUPS) nsgroup_manager = NSGroupManager(cfg.CONF.nsx_v3.number_of_nested_groups)
section_id = _init_default_section( section_id = _init_default_section(
DEFAULT_SECTION, section_description, nsgroup_manager.nested_groups) DEFAULT_SECTION, section_description, nsgroup_manager.nested_groups)
return nsgroup_manager, section_id return nsgroup_manager, section_id
@ -272,8 +270,8 @@ class NSGroupManager(object):
NESTED_GROUP_DESCRIPTION = ('OpenStack NSGroup. Do not delete.') NESTED_GROUP_DESCRIPTION = ('OpenStack NSGroup. Do not delete.')
def __init__(self, size): def __init__(self, size):
self._size = size self._nested_groups = self._init_nested_groups(size)
self._nested_groups = self._init_nested_groups() self._size = len(self._nested_groups)
@property @property
def size(self): def size(self):
@ -283,18 +281,27 @@ class NSGroupManager(object):
def nested_groups(self): def nested_groups(self):
return self._nested_groups return self._nested_groups
def _init_nested_groups(self): def _init_nested_groups(self, requested_size):
# Construct the groups dict - # Construct the groups dict -
# {0: <groups-1>,.., n-1: <groups-n>} # {0: <groups-1>,.., n-1: <groups-n>}
size = requested_size
nested_groups = { nested_groups = {
self._get_nested_group_index_from_name(nsgroup): nsgroup['id'] self._get_nested_group_index_from_name(nsgroup): nsgroup['id']
for nsgroup in firewall.list_nsgroups() for nsgroup in firewall.list_nsgroups()
if utils.is_internal_resource(nsgroup)} if utils.is_internal_resource(nsgroup)}
absent_groups = set(range(self.size)) - set(nested_groups.keys()) if nested_groups:
size = max(requested_size, max(nested_groups) + 1)
if size > requested_size:
LOG.warning(_LW("Lowering the value of "
"nsx_v3:number_of_nested_groups isn't "
"supported, '%s' nested-groups will be used."),
size)
absent_groups = set(range(size)) - set(nested_groups.keys())
if absent_groups: if absent_groups:
LOG.warning( LOG.warning(
_LW("Missing %(num_present)s Nested Groups, " _LW("Found %(num_present)s Nested Groups, "
"creating %(num_absent)s more."), "creating %(num_absent)s more."),
{'num_present': len(nested_groups), {'num_present': len(nested_groups),
'num_absent': len(absent_groups)}) 'num_absent': len(absent_groups)})
@ -305,7 +312,8 @@ class NSGroupManager(object):
return nested_groups return nested_groups
def _get_nested_group_index_from_name(self, nested_group): def _get_nested_group_index_from_name(self, nested_group):
return int(nested_group['display_name'][-1]) - 1 # The name format is "Nested Group <index+1>"
return int(nested_group['display_name'].split()[-1]) - 1
def _create_nested_group(self, index): def _create_nested_group(self, index):
name_prefix = NSGroupManager.NESTED_GROUP_NAME name_prefix = NSGroupManager.NESTED_GROUP_NAME
@ -325,7 +333,7 @@ class NSGroupManager(object):
yield self.nested_groups[index] yield self.nested_groups[index]
for i in range(1, self.size): for i in range(1, self.size):
index = (index + i) % self.size index = (index + 1) % self.size
yield self.nested_groups[index] yield self.nested_groups[index]
def add_nsgroup(self, nsgroup_id): def add_nsgroup(self, nsgroup_id):

View File

@ -214,3 +214,14 @@ class TestNSGroupManager(nsxlib_testcase.NsxLibTestCase):
2: NSG_IDS[3], 2: NSG_IDS[3],
3: NSG_IDS[2]}, 3: NSG_IDS[2]},
cont_manager.nested_groups) cont_manager.nested_groups)
@_mock_create_and_list_nsgroups
def test_suggest_nested_group(self):
size = 5
cont_manager = security.NSGroupManager(size)
# We expect that the first suggested index is 2
expected_suggested_groups = NSG_IDS[2:5] + NSG_IDS[:2]
suggest_group = lambda: cont_manager._suggest_nested_group('fake-id')
with mock.patch.object(cont_manager, '_hash_uuid', return_value=7):
for i, suggested in enumerate(suggest_group()):
self.assertEqual(expected_suggested_groups[i], suggested)