fixes for NWFilterFirewall and net injection

2 files changed, 49 insertions, 27 deletions

diff --git a/nova/virt/interfaces.template b/nova/virt/interfaces.template
index 87b92b84a..7d40a0f69 100644
--- a/nova/virt/interfaces.template
+++ b/nova/virt/interfaces.template
@@ -5,13 +5,13 @@
 auto lo
 iface lo inet loopback
 
-# The primary network interface
-auto eth0
-iface eth0 inet static
-        address %(address)s
-        netmask %(netmask)s
-        broadcast %(broadcast)s
-        gateway %(gateway)s
-        dns-nameservers %(dns)s
-
+#for $ifc in $interfaces
+auto ${ifc.name}
+iface ${ifc.name} inet static
+        address ${ifc.address}
+        netmask ${ifc.netmask}
+        broadcast ${ifc.broadcast}
+        gateway ${ifc.gateway}
+        dns-nameservers ${ifc.dns}
 
+#end for
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index b26955d42..bc6c9f37d 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -623,6 +623,9 @@ class LibvirtConnection(object):
 
     def _create_image(self, inst, libvirt_xml, suffix='', disk_images=None,
                         network_info=None):
+        if network_info is None:
+            network_info = _get_network_info(inst)
+
         # syntactic nicety
         def basepath(fname='', suffix=suffix):
             return os.path.join(FLAGS.instances_path,
@@ -698,21 +701,32 @@ class LibvirtConnection(object):
 
         key = str(inst['key_data'])
         net = None
-        network_ref = db.network_get_by_instance(context.get_admin_context(),
-                                                 inst['id'])
-        if network_ref['injected']:
-            admin_context = context.get_admin_context()
-            address = db.instance_get_fixed_address(admin_context, inst['id'])
-            ra_server = network_ref['ra_server']
-            if not ra_server:
-                ra_server = "fd00::"
-            with open(FLAGS.injected_network_template) as f:
-                net = f.read() % {'address': address,
-                                  'netmask': network_ref['netmask'],
-                                  'gateway': network_ref['gateway'],
-                                  'broadcast': network_ref['broadcast'],
-                                  'dns': network_ref['dns'],
-                                  'ra_server': ra_server}
+        #network_ref = db.network_get_by_instance(context.get_admin_context(),
+        #                                         inst['id'])
+
+        nets = []
+        ifc_template = open(FLAGS.injected_network_template).read()
+        ifc_num = -1
+        for (network_ref, _m) in network_info:
+            ifc_num += 1
+            if network_ref['injected']:
+                admin_context = context.get_admin_context()
+                address = db.instance_get_fixed_address(
+                                admin_context, inst['id'])
+                ra_server = network_ref['ra_server']
+                if not ra_server:
+                    ra_server = "fd00::"
+                net_info = {'name': 'eth%d' % ifc_num,
+                       'address': address,
+                       'netmask': network_ref['netmask'],
+                       'gateway': network_ref['gateway'],
+                       'broadcast': network_ref['broadcast'],
+                       'dns': network_ref['dns'],
+                       'ra_server': ra_server}
+                nets.append(net_info)
+
+        net = str(Template(ifc_template, searchList=[{'interfaces': nets}]))
+
         if key or net:
             inst_name = inst['name']
             img_id = inst.image_id
@@ -738,6 +752,7 @@ class LibvirtConnection(object):
         # Assume that the gateway also acts as the dhcp server.
         dhcp_server = network['gateway']
         ra_server = network['ra_server']
+        mac_id = mapping['mac'].replace(':', '')
 
         if FLAGS.allow_project_net_traffic:
             if FLAGS.use_ipv6:
@@ -764,7 +779,7 @@ class LibvirtConnection(object):
             extra_params = "\n"
 
         result = {
-            'id': mapping['mac'].replace(':', ''),
+            'id': mac_id,
             'bridge_name': network['bridge'],
             'mac_address': mapping['mac'],
             'ip_address': mapping['ips'][0]['ip'],
@@ -1362,6 +1377,11 @@ class FirewallDriver(object):
                                              instance['id'])
         return network['ra_server']
 
+    def _all_ra_servers_for_instance(selfself, instance):
+        networks = db.network_get_all_by_instance(context.get_admin_context(),
+                                                  instance['id'])
+        return [network['ra_server'] for network in networks]
+
 
 class NWFilterFirewall(FirewallDriver):
     """
@@ -1576,8 +1596,10 @@ class NWFilterFirewall(FirewallDriver):
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
         if FLAGS.use_ipv6:
-            ra_server = self._ra_server_for_instance(instance)
-            if ra_server:
+            #ra_server = self._ra_server_for_instance(instance)
+            ra_servers = self._all_ra_servers_for_instance(instance)
+            #if ra_server:
+            if len(ra_servers) != 0:
                 instance_secgroup_filter_children += ['nova-allow-ra-server']
 
         ctxt = context.get_admin_context()