def send_sg_updates(self, context, sgids, deleted_rules=None): """Called when security group rules are updated Arguments: sgs - A list of one or more security group IDs context - The plugin context i.e. neutron.context.Context object deleted_rules - An optional list of deleted rules 1. Read security group rules from neutron DB 2. Build security group objects from their rules 3. Write secgroup to the secgroup_key_space in etcd """ if deleted_rules is None: deleted_rules = [] plugin = directory.get_plugin() with context.session.begin(subtransactions=True): for sgid in sgids: rules = plugin.get_security_group_rules( context, filters={'security_group_id': [sgid]}) # If we're in the precommit part, we may have deleted # rules in this list and we should exclude them rules = (r for r in rules if r['id'] not in deleted_rules) # Get the full details of the secgroup in exchange format secgroup = self.get_secgroup_from_rules(sgid, rules) # Write security group data to etcd self.send_secgroup_to_agents(context.session, secgroup)
def send_sg_updates(self, context, sgids, deleted_rules=[]): """Called when security group rules are updated Arguments: sgs - A list of one or more security group IDs context - The plugin context i.e. neutron.context.Context object deleted-rules - An optional list of deleted rules 1. Read security group rules from neutron DB 2. Build security group objects from their rules 3. Write secgroup to the secgroup_key_space in etcd """ LOG.debug("ML2_VPP: etcd_communicator sending security group " "updates for groups %s to etcd" % sgids) plugin = directory.get_plugin() with context.session.begin(subtransactions=True): for sgid in sgids: rules = plugin.get_security_group_rules( context, filters={'security_group_id': [sgid]} ) LOG.debug("ML2_VPP: SecGroup rules from neutron DB: %s", rules) # Get the full details of the secgroup in exchange format secgroup = self.get_secgroup_from_rules(sgid, rules, deleted_rules) # Write security group data to etcd self.send_secgroup_to_agents(context.session, secgroup)
def _release_provisioning_block(self, host, port_id): context = n_context.get_admin_context() if provisioning_blocks is None: # Without provisioning_blocks support, it's our job (not # ML2's) to make the port active. plugin = directory.get_plugin() plugin.update_port_status(context, port_id, n_const.PORT_STATUS_ACTIVE, host) else: provisioning_blocks.provisioning_complete( context, port_id, resources.PORT, provisioning_blocks.L2_AGENT_ENTITY)
def notify_bound(self, port_id, host): """Tell things that the port is truly bound. You want to call this when you're certain that the VPP on the far end has definitely bound the port, and has dropped a vhost-user socket where it can be found. You want to do this then specifically because libvirt will hang, because qemu ignores its monitor port, when qemu is waiting for a partner to connect with on its vhost-user interfaces. It can't start the VM - that requires information from its partner it can't guess at - but it shouldn't hang the monitor - nevertheless... In the case your comms protocol is sucky, call it at the end of a bind() and everything will probably be fine. Probably. """ context = n_context.get_admin_context() plugin = directory.get_plugin() # Bodge TODO(ijw) if self.recursive: # This happens right now because when we update the port # status, we update the port and the update notification # comes through to here. # TODO(ijw) wants a more permanent fix, because this only # happens due to the threading model. We should be # spotting relevant changes in postcommit. LOG.warning('ML2_VPP: recursion check hit on activating port') else: self.recursive = True plugin.update_port_status(context, port_id, n_const.PORT_STATUS_ACTIVE, host=host) self.recursive = False
def get_secgroup_rule(self, rule_id, context): """Fetch and return a security group rule from Neutron DB""" plugin = directory.get_plugin() with context.session.begin(subtransactions=True): return plugin.get_security_group_rule(context, rule_id)