diff options
| author | Zuul <zuul@review.opendev.org> | 2019-07-30 15:20:25 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2019-07-30 15:20:25 +0000 |
| commit | 62c24fce69f8458f8a35bd226f105e3300830b7a (patch) | |
| tree | effb42b60342cfaa3860a71ce399580033821035 | |
| parent | 9bba2ca165fb75db1191eb0ba5e64d335b5725ff (diff) | |
| parent | 4f95c2fd0ef33f41e24866dbb54135d4a98c9938 (diff) | |
| download | ironic-62c24fce69f8458f8a35bd226f105e3300830b7a.tar.gz | |
Merge "Filter security group list on the ID's we expect" into stable/queens
| -rw-r--r-- | ironic/common/neutron.py | 21 | ||||
| -rw-r--r-- | ironic/tests/unit/common/test_neutron.py | 19 | ||||
| -rw-r--r-- | releasenotes/notes/fix-security-group-list-add-query-filters-f72cfcefa1e093d2.yaml | 9 |
3 files changed, 32 insertions, 17 deletions
diff --git a/ironic/common/neutron.py b/ironic/common/neutron.py index 15a3a9e63..d547e0bdf 100644 --- a/ironic/common/neutron.py +++ b/ironic/common/neutron.py @@ -205,21 +205,24 @@ def _verify_security_groups(security_groups, client): return try: neutron_sec_groups = ( - client.list_security_groups().get('security_groups', [])) + client.list_security_groups(id=security_groups, fields='id').get( + 'security_groups', [])) except neutron_exceptions.NeutronClientException as e: msg = (_("Could not retrieve security groups from neutron: %(exc)s") % {'exc': e}) LOG.exception(msg) raise exception.NetworkError(msg) - existing_sec_groups = [sec_group['id'] for sec_group in neutron_sec_groups] - missing_sec_groups = set(security_groups) - set(existing_sec_groups) - if missing_sec_groups: - msg = (_('Could not find these security groups (specified via ironic ' - 'config) in neutron: %(ir-sg)s') - % {'ir-sg': list(missing_sec_groups)}) - LOG.error(msg) - raise exception.NetworkError(msg) + if set(security_groups).issubset(x['id'] for x in neutron_sec_groups): + return + + missing_sec_groups = set(security_groups).difference( + x['id'] for x in neutron_sec_groups) + msg = (_('Could not find these security groups (specified via ironic ' + 'config) in neutron: %(ir-sg)s') + % {'ir-sg': list(missing_sec_groups)}) + LOG.error(msg) + raise exception.NetworkError(msg) def add_ports_to_network(task, network_uuid, security_groups=None): diff --git a/ironic/tests/unit/common/test_neutron.py b/ironic/tests/unit/common/test_neutron.py index c161860fa..a91093dc4 100644 --- a/ironic/tests/unit/common/test_neutron.py +++ b/ironic/tests/unit/common/test_neutron.py @@ -272,23 +272,23 @@ class TestNeutronNetworkActions(db_base.DbTestCase): self.assertIsNone( neutron._verify_security_groups(sg_ids, client)) - client.list_security_groups.assert_called_once_with() + client.list_security_groups.assert_called_once_with( + fields='id', id=sg_ids) def test_verify_sec_groups_less_than_configured(self): sg_ids = [] for i in range(2): sg_ids.append(uuidutils.generate_uuid()) - expected_vals = {'security_groups': []} - for sg in sg_ids: - expected_vals['security_groups'].append({'id': sg}) + expected_vals = {'security_groups': [{'id': sg_ids[0]}]} client = mock.MagicMock() client.list_security_groups.return_value = expected_vals self.assertIsNone( neutron._verify_security_groups(sg_ids[:1], client)) - client.list_security_groups.assert_called_once_with() + client.list_security_groups.assert_called_once_with( + fields='id', id=sg_ids[:1]) def test_verify_sec_groups_more_than_configured(self): sg_ids = [] @@ -302,7 +302,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase): self.assertRaises( exception.NetworkError, neutron._verify_security_groups, sg_ids, client) - client.list_security_groups.assert_called_once_with() + client.list_security_groups.assert_called_once_with( + fields='id', id=sg_ids) def test_verify_sec_groups_no_sg_from_neutron(self): sg_ids = [] @@ -315,7 +316,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase): self.assertRaises( exception.NetworkError, neutron._verify_security_groups, sg_ids, client) - client.list_security_groups.assert_called_once_with() + client.list_security_groups.assert_called_once_with( + fields='id', id=sg_ids) def test_verify_sec_groups_exception_by_neutronclient(self): sg_ids = [] @@ -330,7 +332,8 @@ class TestNeutronNetworkActions(db_base.DbTestCase): exception.NetworkError, "Could not retrieve security groups", neutron._verify_security_groups, sg_ids, client) - client.list_security_groups.assert_called_once_with() + client.list_security_groups.assert_called_once_with( + fields='id', id=sg_ids) def test_add_ports_with_client_id_to_network(self): self._test_add_ports_to_network(is_client_id=True) diff --git a/releasenotes/notes/fix-security-group-list-add-query-filters-f72cfcefa1e093d2.yaml b/releasenotes/notes/fix-security-group-list-add-query-filters-f72cfcefa1e093d2.yaml new file mode 100644 index 000000000..ae5a980fe --- /dev/null +++ b/releasenotes/notes/fix-security-group-list-add-query-filters-f72cfcefa1e093d2.yaml @@ -0,0 +1,9 @@ +--- +fixes: + - | + Fixes an issue where baremetal node deployment would fail on clouds + with a high number of security groups. Listing the security groups + took too long. Instead of listing all security groups, a query filter + was added to list only the security groups to be used for the network. + (See bug `2006256 <https://storyboard.openstack.org/#!/story/2006256>`_.) + |