diff options
| author | Soren Hansen <soren.hansen@rackspace.com> | 2010-09-13 12:04:06 +0200 |
|---|---|---|
| committer | Soren Hansen <soren.hansen@rackspace.com> | 2010-09-13 12:04:06 +0200 |
| commit | 077fc783c4f94de427da98818d262aeb09a31044 (patch) | |
| tree | 9242d13c80c17cd4ee8b5d6340e2897bec6d4c6d /nova/endpoint | |
| parent | 2a782110bc51f147bdb35264445badac3b3e8e65 (diff) | |
| download | nova-077fc783c4f94de427da98818d262aeb09a31044.tar.gz nova-077fc783c4f94de427da98818d262aeb09a31044.tar.xz nova-077fc783c4f94de427da98818d262aeb09a31044.zip | |
(Untested) Make changes to security group rules propagate to the relevant compute nodes.
Diffstat (limited to 'nova/endpoint')
| -rw-r--r-- | nova/endpoint/cloud.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/nova/endpoint/cloud.py b/nova/endpoint/cloud.py index 7408e02e9..1403a62f6 100644 --- a/nova/endpoint/cloud.py +++ b/nova/endpoint/cloud.py @@ -93,6 +93,14 @@ class CloudController(object): result[instance['key_name']] = [line] return result + def _refresh_security_group(self, security_group): + nodes = set([instance.host for instance in security_group.instances]) + for node in nodes: + rpc.call('%s.%s' % (FLAGS.compute_topic, node), + { "method": "refresh_security_group", + "args": { "context": None, + "security_group_id": security_group.id}}) + def get_metadata(self, address): instance_ref = db.fixed_ip_get_instance(None, address) if instance_ref is None: @@ -265,12 +273,12 @@ class CloudController(object): if source_security_group_name: source_project_id = self._get_source_project_id(context, source_security_group_owner_id) - + source_security_group = \ db.security_group_get_by_name(context, source_project_id, source_security_group_name) - + criteria['group_id'] = source_security_group.id elif cidr_ip: criteria['cidr'] = cidr_ip @@ -292,6 +300,9 @@ class CloudController(object): break # If we make it here, we have a match db.security_group_rule_destroy(context, rule.id) + + self._refresh_security_group(security_group) + return True @rbac.allow('netadmin') @@ -330,8 +341,11 @@ class CloudController(object): return None security_group_rule = db.security_group_rule_create(context, values) + + self._refresh_security_group(security_group) + return True - + def _get_source_project_id(self, context, source_security_group_owner_id): if source_security_group_owner_id: # Parse user:project for source group. |