merged changes from trunk

author: Ed Leafe <ed@leafe.com> 2011-01-10 09:09:59 -0600
committer: Ed Leafe <ed@leafe.com> 2011-01-10 09:09:59 -0600
commit: cb3667b95ceead8a677fdfa24abf2a56baf12992 (patch)
tree: 25422e200d7f01225455bb42fda418f945a56b98 /nova/compute
parent: a0ec77b597713fd9a4be5bb7b892eba4ac53e625 (diff)
parent: 4830cb5d8959c06fbe480481823bc922a2a59e3e (diff)
download: nova-cb3667b95ceead8a677fdfa24abf2a56baf12992.tar.gz
nova-cb3667b95ceead8a677fdfa24abf2a56baf12992.tar.xz
nova-cb3667b95ceead8a677fdfa24abf2a56baf12992.zip
2 files changed, 67 insertions, 3 deletions
diff --git a/nova/compute/api.py b/nova/compute/api.py
index 800bc6899..a20dc59cb 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -185,6 +185,9 @@ class API(base.Base):
                       "args": {"topic": FLAGS.compute_topic,
                                "instance_id": instance_id}})
 
+        for group_id in security_groups:
+            self.trigger_security_group_members_refresh(elevated, group_id)
+
         return instances
 
     def ensure_default_security_group(self, context):
@@ -204,6 +207,60 @@ class API(base.Base):
                       'project_id': context.project_id}
             db.security_group_create(context, values)
 
+    def trigger_security_group_rules_refresh(self, context, security_group_id):
+        """Called when a rule is added to or removed from a security_group"""
+
+        security_group = self.db.security_group_get(context, security_group_id)
+
+        hosts = set()
+        for instance in security_group['instances']:
+            if instance['host'] is not None:
+                hosts.add(instance['host'])
+
+        for host in hosts:
+            rpc.cast(context,
+                     self.db.queue_get_for(context, FLAGS.compute_topic, host),
+                     {"method": "refresh_security_group_rules",
+                      "args": {"security_group_id": security_group.id}})
+
+    def trigger_security_group_members_refresh(self, context, group_id):
+        """Called when a security group gains a new or loses a member
+
+        Sends an update request to each compute node for whom this is
+        relevant."""
+
+        # First, we get the security group rules that reference this group as
+        # the grantee..
+        security_group_rules = \
+                self.db.security_group_rule_get_by_security_group_grantee(
+                                                                     context,
+                                                                     group_id)
+
+        # ..then we distill the security groups to which they belong..
+        security_groups = set()
+        for rule in security_group_rules:
+            security_groups.add(rule['parent_group_id'])
+
+        # ..then we find the instances that are members of these groups..
+        instances = set()
+        for security_group in security_groups:
+            for instance in security_group['instances']:
+                instances.add(instance['id'])
+
+        # ...then we find the hosts where they live...
+        hosts = set()
+        for instance in instances:
+            if instance['host']:
+                hosts.add(instance['host'])
+
+        # ...and finally we tell these nodes to refresh their view of this
+        # particular security group.
+        for host in hosts:
+            rpc.cast(context,
+                     self.db.queue_get_for(context, FLAGS.compute_topic, host),
+                     {"method": "refresh_security_group_members",
+                      "args": {"security_group_id": group_id}})
+
     def update(self, context, instance_id, **kwargs):
         """Updates the instance in the datastore.
 
diff --git a/nova/compute/manager.py b/nova/compute/manager.py
index 21b09e443..3d22ee432 100644
--- a/nova/compute/manager.py
+++ b/nova/compute/manager.py
@@ -141,9 +141,16 @@ class ComputeManager(manager.Manager):
                                      host)
 
     @exception.wrap_exception
-    def refresh_security_group(self, context, security_group_id, **_kwargs):
-        """This call passes stright through to the virtualization driver."""
-        self.driver.refresh_security_group(security_group_id)
+    def refresh_security_group_rules(self, context,
+                                     security_group_id, **_kwargs):
+        """This call passes straight through to the virtualization driver."""
+        return self.driver.refresh_security_group_rules(security_group_id)
+
+    @exception.wrap_exception
+    def refresh_security_group_members(self, context,
+                                       security_group_id, **_kwargs):
+        """This call passes straight through to the virtualization driver."""
+        return self.driver.refresh_security_group_members(security_group_id)
 
     @exception.wrap_exception
     def run_instance(self, context, instance_id, **_kwargs):
author	Ed Leafe <ed@leafe.com>	2011-01-10 09:09:59 -0600
committer	Ed Leafe <ed@leafe.com>	2011-01-10 09:09:59 -0600
commit	cb3667b95ceead8a677fdfa24abf2a56baf12992 (patch)
tree	25422e200d7f01225455bb42fda418f945a56b98 /nova/compute
parent	a0ec77b597713fd9a4be5bb7b892eba4ac53e625 (diff)
parent	4830cb5d8959c06fbe480481823bc922a2a59e3e (diff)
download	nova-cb3667b95ceead8a677fdfa24abf2a56baf12992.tar.gz nova-cb3667b95ceead8a677fdfa24abf2a56baf12992.tar.xz nova-cb3667b95ceead8a677fdfa24abf2a56baf12992.zip