diff options
| author | Phil Day <philip.day@hp.com> | 2013-02-08 17:47:56 +0000 |
|---|---|---|
| committer | Phil Day <philip.day@hp.com> | 2013-02-08 19:29:00 +0000 |
| commit | 3cac4d8f7d4343516ec335017dd783a887b9c4d6 (patch) | |
| tree | 5bc86639886859a34327f9f826738a7715eadf18 /nova/utils.py | |
| parent | 36fffe9bde1d353a418274a79e6f7abd0177d065 (diff) | |
| download | nova-3cac4d8f7d4343516ec335017dd783a887b9c4d6.tar.gz nova-3cac4d8f7d4343516ec335017dd783a887b9c4d6.tar.xz nova-3cac4d8f7d4343516ec335017dd783a887b9c4d6.zip | |
Fixes a race condition on updating security group rules
During creating the instance, compute manager makes an rpc call
to "allocate_for_instance" from the network manager, which will
in turn end up making a rpc cast to each compute_manager with
an instance in the group(s) than need to be refreshed calling
refresh_instance_security_rules.
When an instance is being created is in a group that has a
rule referring to itself, that chain will end up trying to
refresh the rules for the instance which is still being created.
That call will find its way down to do_refresh_instance_rules()
in libvirt/firewall - which will in turn try to get network_info
from the global "network_infos" in firewall.
But the entry in network_infos for this instance might not of
been added yet, as that only happens when the create of the
instance calls "prepare_instance_filter which comes later in
the sequence as part of driver.spawn
The fix here adds a synchronisation lock to the incomming
refresh call so that it is blocked until any in-progress
thread on the instance is finished.
Change-Id: I550e286aa4777b011633550109e18e03d63a4bbb
Diffstat (limited to 'nova/utils.py')
0 files changed, 0 insertions, 0 deletions