[neutron] [dev] ml2plugin doesn't use new security group rpc api

Just FooBar just.foobar42 at gmail.com
Fri Mar 8 15:12:39 UTC 2019


Hello everyone,

I'm having problems with Security Group Rule updates not being applied to
vms on hypervisors and I think I know why this is happening.

I see that there's already a bug about that:
https://bugs.launchpad.net/neutron/+bug/1814209 but there isn't much action
going on there. In my case, neutron-server is also using the queue
q-agent-notifier-security_group-update (as seen from neutron-server logs in
debug mode). The neutron version is the same, 12.0.4.

I went to check the code for my version 12.0.4 and I've found some
suspicious part which might be the cause of this bug. Let me explain my
understanding of the situation.

I started with ovs agent code and found that it is using
SecurityGroupServerAPIShim (
https://github.com/openstack/neutron/blob/12.0.4/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L374)
class for, well, Security Group RPC.

Comments in this class definition (
https://github.com/openstack/neutron/blob/12.0.4/neutron/api/rpc/handlers/securitygroups_rpc.py#L204)
explain that it is a replacement for an older interface,
SecurityGroupServerRpcApi
(
https://github.com/openstack/neutron/blob/12.0.4/neutron/api/rpc/handlers/securitygroups_rpc.py#L33
).
SecurityGroupServerAPIShim inherits from SecurityGroupInfoAPIMixin (
https://github.com/openstack/neutron/blob/12.0.4/neutron/db/securitygroups_rpc_base.py#L126)
which is also a parent of the server side Ml2Plugin (
https://github.com/openstack/neutron/blob/12.0.4/neutron/plugins/ml2/plugin.py#L121).
>From this I make a conclusion that Ml2Plugin was also switched to the new
SG RPC interface.

Now, there are other details that suggest that Ml2Plugin wasn't switched to
the new interface entirely and continues to use the old-style SG RPC
classes.

There's a class AgentNotifierApi (
https://github.com/openstack/neutron/blob/12.0.4/neutron/plugins/ml2/rpc.py#L376)
used by neutron-server's Ml2Plugin (
https://github.com/openstack/neutron/blob/12.0.4/neutron/plugins/ml2/plugin.py#L269)
to send notifications (to agents, I suppose). It inherits from the class
SecurityGroupAgentRpcApiMixin (
https://github.com/openstack/neutron/blob/12.0.4/neutron/api/rpc/handlers/securitygroups_rpc.py#L122)
which has been marked for removal starting from Pike 3 years ago in this
commit:
https://github.com/openstack/neutron/commit/97338258967d3b95f382f188ab2ab573a3432c17#diff-e4d9694fe7cfd3a791360aa215c12db8R293.
This AgentNotifierApi class wasn't switched to a new Shim RPC interface for
SG (as it was done for the ovs agent and Ml2Plugin itself).

All previous links are for 12.0.4 version, the one used in my system
currently.
And here's the same class AgentNotifierApi from the Rocky release:
https://github.com/openstack/neutron/blob/stable/rocky/neutron/plugins/ml2/rpc.py#L387
. As you can see, it still inherits from the class marked for removal and
isn't using new style SG RPC API.

>From all this I conclude that until AgentNotifierApi is using new style API
or the way that Ml2Plugin is sending notifications isn't changed, the bug
will still be present.

Please let me know if I'm getting this wrong. If I'm right, I'm interested
in helping to fix the bug.

Thank you for your attention!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190308/e9352346/attachment-0001.html>


More information about the openstack-discuss mailing list