def send_sg_updates(self, context, sgids, deleted_rules=None):
"""Called when security group rules are updated
Arguments:
sgs - A list of one or more security group IDs
context - The plugin context i.e. neutron.context.Context object
deleted_rules - An optional list of deleted rules
1. Read security group rules from neutron DB
2. Build security group objects from their rules
3. Write secgroup to the secgroup_key_space in etcd
"""
if deleted_rules is None:
deleted_rules = []
plugin = directory.get_plugin()
with context.session.begin(subtransactions=True):
for sgid in sgids:
rules = plugin.get_security_group_rules(
context, filters={'security_group_id': [sgid]})
# If we're in the precommit part, we may have deleted
# rules in this list and we should exclude them
rules = (r for r in rules if r['id'] not in deleted_rules)
# Get the full details of the secgroup in exchange format
secgroup = self.get_secgroup_from_rules(sgid, rules)
# Write security group data to etcd
self.send_secgroup_to_agents(context.session, secgroup)
def send_sg_updates(self, context, sgids, deleted_rules=[]):
"""Called when security group rules are updated
Arguments:
sgs - A list of one or more security group IDs
context - The plugin context i.e. neutron.context.Context object
deleted-rules - An optional list of deleted rules
1. Read security group rules from neutron DB
2. Build security group objects from their rules
3. Write secgroup to the secgroup_key_space in etcd
"""
LOG.debug("ML2_VPP: etcd_communicator sending security group "
"updates for groups %s to etcd" % sgids)
plugin = directory.get_plugin()
with context.session.begin(subtransactions=True):
for sgid in sgids:
rules = plugin.get_security_group_rules(
context, filters={'security_group_id': [sgid]}
)
LOG.debug("ML2_VPP: SecGroup rules from neutron DB: %s", rules)
# Get the full details of the secgroup in exchange format
secgroup = self.get_secgroup_from_rules(sgid, rules,
deleted_rules)
# Write security group data to etcd
self.send_secgroup_to_agents(context.session, secgroup)
def _release_provisioning_block(self, host, port_id):
context = n_context.get_admin_context()
if provisioning_blocks is None:
# Without provisioning_blocks support, it's our job (not
# ML2's) to make the port active.
plugin = directory.get_plugin()
plugin.update_port_status(context, port_id,
n_const.PORT_STATUS_ACTIVE, host)
else:
provisioning_blocks.provisioning_complete(
context, port_id, resources.PORT,
provisioning_blocks.L2_AGENT_ENTITY)
def notify_bound(self, port_id, host):
"""Tell things that the port is truly bound.
You want to call this when you're certain that the VPP
on the far end has definitely bound the port, and has
dropped a vhost-user socket where it can be found.
You want to do this then specifically because libvirt
will hang, because qemu ignores its monitor port,
when qemu is waiting for a partner to connect with on
its vhost-user interfaces. It can't start the VM - that
requires information from its partner it can't guess at -
but it shouldn't hang the monitor - nevertheless...
In the case your comms protocol is sucky, call it at
the end of a bind() and everything will probably be
fine. Probably.
"""
context = n_context.get_admin_context()
plugin = directory.get_plugin()
# Bodge TODO(ijw)
if self.recursive:
# This happens right now because when we update the port
# status, we update the port and the update notification
# comes through to here.
# TODO(ijw) wants a more permanent fix, because this only
# happens due to the threading model. We should be
# spotting relevant changes in postcommit.
LOG.warning('ML2_VPP: recursion check hit on activating port')
else:
self.recursive = True
plugin.update_port_status(context, port_id,
n_const.PORT_STATUS_ACTIVE,
host=host)
self.recursive = False
def get_secgroup_rule(self, rule_id, context):
"""Fetch and return a security group rule from Neutron DB"""
plugin = directory.get_plugin()
with context.session.begin(subtransactions=True):
return plugin.get_security_group_rule(context, rule_id)