Avoid refreshing firewall rules unnecessarily.

Adds a parameter to refresh_firewall allowing an array of ports to
be passed.  If an array is passed then the firewall will be refreshed
only for those ports.  If not passed, it will still refresh all
ports as it did before.

Change-Id: I539a135dbc3861e31cbb5c69cef0ff8c0f834527
Fixes: Bug #1202328
This commit is contained in:
Carl Baldwin 2013-07-16 18:10:37 +00:00
parent d168530fd1
commit abdf01a5a0
2 changed files with 29 additions and 10 deletions

View File

@ -125,13 +125,14 @@ class SecurityGroupAgentRpcMixin(object):
'security_group_source_groups') 'security_group_source_groups')
def _security_group_updated(self, security_groups, attribute): def _security_group_updated(self, security_groups, attribute):
#check need update or not devices = []
sec_grp_set = set(security_groups)
for device in self.firewall.ports.values(): for device in self.firewall.ports.values():
if set(device.get(attribute, if sec_grp_set & set(device.get(attribute, [])):
[])).intersection( devices.append(device)
set(security_groups)):
self.refresh_firewall() if devices:
return self.refresh_firewall(devices)
def security_groups_provider_updated(self): def security_groups_provider_updated(self):
LOG.info(_("Provider rule updated")) LOG.info(_("Provider rule updated"))
@ -148,10 +149,15 @@ class SecurityGroupAgentRpcMixin(object):
continue continue
self.firewall.remove_port_filter(device) self.firewall.remove_port_filter(device)
def refresh_firewall(self): def refresh_firewall(self, devices=None):
LOG.info(_("Refresh firewall rules")) LOG.info(_("Refresh firewall rules"))
device_ids = self.firewall.ports.keys()
if devices:
device_ids = [d['device'] for d in devices]
else:
device_ids = self.firewall.ports.keys()
if not device_ids: if not device_ids:
LOG.info(_("No ports here to refresh firewall"))
return return
devices = self.plugin_rpc.security_group_rules_for_devices( devices = self.plugin_rpc.security_group_rules_for_devices(
self.context, device_ids) self.context, device_ids)

View File

@ -465,7 +465,7 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
self.agent.prepare_devices_filter(['fake_port_id']) self.agent.prepare_devices_filter(['fake_port_id'])
self.agent.security_groups_rule_updated(['fake_sgid1', 'fake_sgid3']) self.agent.security_groups_rule_updated(['fake_sgid1', 'fake_sgid3'])
self.agent.refresh_firewall.assert_has_calls( self.agent.refresh_firewall.assert_has_calls(
[call.refresh_firewall()]) [call.refresh_firewall([self.fake_device])])
def test_security_groups_rule_not_updated(self): def test_security_groups_rule_not_updated(self):
self.agent.refresh_firewall = mock.Mock() self.agent.refresh_firewall = mock.Mock()
@ -478,7 +478,7 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
self.agent.prepare_devices_filter(['fake_port_id']) self.agent.prepare_devices_filter(['fake_port_id'])
self.agent.security_groups_member_updated(['fake_sgid2', 'fake_sgid3']) self.agent.security_groups_member_updated(['fake_sgid2', 'fake_sgid3'])
self.agent.refresh_firewall.assert_has_calls( self.agent.refresh_firewall.assert_has_calls(
[call.refresh_firewall()]) [call.refresh_firewall([self.fake_device])])
def test_security_groups_member_not_updated(self): def test_security_groups_member_not_updated(self):
self.agent.refresh_firewall = mock.Mock() self.agent.refresh_firewall = mock.Mock()
@ -501,6 +501,19 @@ class SecurityGroupAgentRpcTestCase(base.BaseTestCase):
call.update_port_filter(self.fake_device)] call.update_port_filter(self.fake_device)]
self.firewall.assert_has_calls(calls) self.firewall.assert_has_calls(calls)
def test_refresh_firewall_devices(self):
self.agent.prepare_devices_filter(['fake_port_id'])
self.agent.refresh_firewall([self.fake_device])
calls = [call.defer_apply(),
call.prepare_port_filter(self.fake_device),
call.defer_apply(),
call.update_port_filter(self.fake_device)]
self.firewall.assert_has_calls(calls)
def test_refresh_firewall_none(self):
self.agent.refresh_firewall([])
self.firewall.assert_has_calls([])
class FakeSGRpcApi(agent_rpc.PluginApi, class FakeSGRpcApi(agent_rpc.PluginApi,
sg_rpc.SecurityGroupServerRpcApiMixin): sg_rpc.SecurityGroupServerRpcApiMixin):