commit abeda5aecef31dfc190e97c770c3a3c8aa40a168
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Jun 2 17:09:07 2020 +0000
[OVS][FW] Remote SG IDs left behind when a SG is removed
When any port in the OVS agent is using a security groups (SG) and
this SG is removed, is marked to be deleted. This deletion process
is done in [1].
The SG deletion process consists on removing any reference of this SG
from the firewall and the SG port map. The firewall removes this SG in
[2].
The information of a SG is stored in:
* ConjIPFlowManager.conj_id_map = ConjIdMap(). This class stores the
conjunction IDS (conj_ids) in a dictionary using the following keys:
This patch stores all conjuntion IDs generated and assigned to the
tuple (sg_id, remote_sg_id, direction, ethertype). When a SG is
removed, the deletion method will look for this SG in the new storage
variable created, ConjIdMap.id_map_group, and will mark all the
conjuntion IDs related to be removed. That will cleanup those rules
left in the OVS matching:
action=conjunction(conj_id, 1/2)
Reviewed: https:/ /review. opendev. org/747379 /git.openstack. org/cgit/ openstack/ neutron/ commit/ ?id=abeda5aecef 31dfc190e97c770 c3a3c8aa40a168
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit abeda5aecef31df c190e97c770c3a3 c8aa40a168
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Tue Jun 2 17:09:07 2020 +0000
[OVS][FW] Remote SG IDs left behind when a SG is removed
When any port in the OVS agent is using a security groups (SG) and
this SG is removed, is marked to be deleted. This deletion process
is done in [1].
The SG deletion process consists on removing any reference of this SG
from the firewall and the SG port map. The firewall removes this SG in
[2].
The information of a SG is stored in: er.conj_ id_map = ConjIdMap(). This class stores the
* ConjIPFlowManag
conjunction IDS (conj_ids) in a dictionary using the following keys:
* ConjIPFlowManag er.conj_ ids is a nested dictionary, built in the
following way:
This patch stores all conjuntion IDs generated and assigned to the id_map_ group, and will mark all the conjunction( conj_id, 1/2)
tuple (sg_id, remote_sg_id, direction, ethertype). When a SG is
removed, the deletion method will look for this SG in the new storage
variable created, ConjIdMap.
conjuntion IDs related to be removed. That will cleanup those rules
left in the OVS matching:
action=
[1]https:/ /github. com/openstack/ neutron/ blob/118930f03d 31f157f8c7a9e6c 57122ecea8982b9 /neutron/ agent/linux/ openvswitch_ firewall/ firewall. py#L731 /github. com/openstack/ neutron/ blob/118930f03d 31f157f8c7a9e6c 57122ecea8982b9 /neutron/ agent/linux/ openvswitch_ firewall/ firewall. py#L399
[2]https:/
Conflicts:
neutron/ tests/unit/ agent/linux/ openvswitch_ firewall/ test_firewall. py
Change-Id: I63e446a30cf10e 7bcd34a6f0d6ba1 711301efcbe c6d9f9e5a254815 109225e299) 4bc8521f84cb4fd 1c7483a23f) d988db1795a3486 a58f4768cb)
Related-Bug: #1881157
(cherry picked from commit 0eebd002ccda66d
(cherry picked from commit ed22f7a2ff19a87
(cherry picked from commit 6615f248e25a361