make nwfilter mock more 'realistic' by having it remember which

filters have been defined
author: Anthony Young <sleepsonthefloor@gmail.com> 2011-05-20 08:59:07 -0700
committer: Anthony Young <sleepsonthefloor@gmail.com> 2011-05-20 08:59:07 -0700
commit: 0bb2d0085e1fb3ba22a408f405f4539aa07b226c (patch)
tree: 0ba6cf60b9fb38930a56cccd78711b7b9baf380b /nova/virt
parent: adf2ea5f1c76cc8bdbfbc11442512406cf6d9243 (diff)
download: nova-0bb2d0085e1fb3ba22a408f405f4539aa07b226c.tar.gz
nova-0bb2d0085e1fb3ba22a408f405f4539aa07b226c.tar.xz
nova-0bb2d0085e1fb3ba22a408f405f4539aa07b226c.zip
1 files changed, 8 insertions, 9 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 9241c1d9e..f27398aa3 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1838,7 +1838,7 @@ class NWFilterFirewall(FirewallDriver):
         # execute in a native thread and block current greenthread until done
         tpool.execute(self._conn.nwfilterDefineXML, xml)
 
-    def unfilter_instance(self, instance, remove_secgroup=True):
+    def unfilter_instance(self, instance):
         """Clear out the nwfilter rules."""
         network_info = _get_network_info(instance)
         instance_name = instance.name
@@ -1856,13 +1856,12 @@ class NWFilterFirewall(FirewallDriver):
         instance_secgroup_filter_name =\
             '%s-secgroup' % (self._instance_filter_name(instance))
 
-        if remove_secgroup:
-            try:
-                self._conn.nwfilterLookupByName(instance_secgroup_filter_name)\
-                                                .undefine()
-            except libvirt.libvirtError:
-                LOG.debug(_('The nwfilter(%(instance_secgroup_filter_name)s) '
-                            'for %(instance_name)s is not found.') % locals())
+        try:
+            self._conn.nwfilterLookupByName(instance_secgroup_filter_name)\
+                                            .undefine()
+        except libvirt.libvirtError:
+            LOG.debug(_('The nwfilter(%(instance_secgroup_filter_name)s) '
+                        'for %(instance_name)s is not found.') % locals())
 
     def prepare_instance_filter(self, instance, network_info=None):
         """
@@ -2028,7 +2027,7 @@ class IptablesFirewallDriver(FirewallDriver):
         if self.instances.pop(instance['id'], None):
             self.remove_filters_for_instance(instance)
             self.iptables.apply()
-            self.nwfilter.unfilter_instance(instance, False)
+            self.nwfilter.unfilter_instance(instance)
         else:
             LOG.info(_('Attempted to unfilter instance %s which is not '
                      'filtered'), instance['id'])
author	Anthony Young <sleepsonthefloor@gmail.com>	2011-05-20 08:59:07 -0700
committer	Anthony Young <sleepsonthefloor@gmail.com>	2011-05-20 08:59:07 -0700
commit	0bb2d0085e1fb3ba22a408f405f4539aa07b226c (patch)
tree	0ba6cf60b9fb38930a56cccd78711b7b9baf380b /nova/virt
parent	adf2ea5f1c76cc8bdbfbc11442512406cf6d9243 (diff)
download	nova-0bb2d0085e1fb3ba22a408f405f4539aa07b226c.tar.gz nova-0bb2d0085e1fb3ba22a408f405f4539aa07b226c.tar.xz nova-0bb2d0085e1fb3ba22a408f405f4539aa07b226c.zip