[openstack-dev] [neutron] How to catch security group updates in ML2 mechanism driver?

Neil Jerram Neil.Jerram at metaswitch.com
Mon Jun 29 12:42:24 UTC 2015

Hi there,

For my team's networking backend, we want to catch security group 
updates in our ML2 mechanism driver code.

Currently we're doing this by monkey patching the AgentNotifierApi:

     # This section monkeypatches the 
     # method to ensure that the Calico driver gets told about security 
     # updates at all times. This is a deeply unpleasant hack. Please, 
do as I say,
     # not as I do.
     # For more info, please see issues #635 and #641.
     original_sgr_updated = 

     def security_groups_rule_updated(self, context, sgids):
         LOG.info("security_groups_rule_updated: %s %s" % (context, sgids))
         mech_driver.send_sg_updates(sgids, context)
         original_sgr_updated(self, context, sgids)

     rpc.AgentNotifierApi.security_groups_rule_updated = (

But, as the comment says, this is a hack.  Is there a better way?

Many thanks,

More information about the OpenStack-dev mailing list