diff options
| author | Soren Hansen <soren.hansen@rackspace.com> | 2010-10-12 20:28:43 +0000 |
|---|---|---|
| committer | Tarmac <> | 2010-10-12 20:28:43 +0000 |
| commit | 8896e712e90330ae42c13367fd79b1a18b56c0a0 (patch) | |
| tree | 42cdf8d374ca917854fd279c3f74ab55a91c6e08 /nova/test.py | |
| parent | 4f529fe118283164ccb2756f2001805c69c1cc4a (diff) | |
| parent | 84ec303828095fc105b287b2858021604cfcea32 (diff) | |
| download | nova-8896e712e90330ae42c13367fd79b1a18b56c0a0.tar.gz nova-8896e712e90330ae42c13367fd79b1a18b56c0a0.tar.xz nova-8896e712e90330ae42c13367fd79b1a18b56c0a0.zip | |
This patch adds support for EC2 security groups using libvirt's nwfilter mechanism, which in turn uses iptables and ebtables on the individual compute nodes.
This has a number of benefits:
* Inter-VM network traffic can take the fastest route through the network without our having to worry about getting it through a central firewall.
* Not relying on a central firewall also removes a potential SPOF.
* The filtering load is distributed, offering great scalability.
Caveats:
* It only works with libvirt and only with libvirt drivers that support nwfilter (qemu (and thus kvm) and uml, at the moment)
Diffstat (limited to 'nova/test.py')
| -rw-r--r-- | nova/test.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nova/test.py b/nova/test.py index 1f4b33272..08e1dea2d 100644 --- a/nova/test.py +++ b/nova/test.py @@ -31,6 +31,7 @@ from tornado import ioloop from twisted.internet import defer from twisted.trial import unittest +from nova import db from nova import fakerabbit from nova import flags from nova import rpc @@ -83,6 +84,7 @@ class TrialTestCase(unittest.TestCase): if FLAGS.fake_rabbit: fakerabbit.reset_all() + db.security_group_destroy_all(None) super(TrialTestCase, self).tearDown() |