merged ntt branch

author: Vishvananda Ishaya <vishvananda@gmail.com> 2011-01-25 00:14:07 -0800
committer: Vishvananda Ishaya <vishvananda@gmail.com> 2011-01-25 00:14:07 -0800
commit: 7bcb77277973dd80691f1c07aa66d89b7c2be150 (patch)
tree: 7996c47972d4ccc6ea63265e23570328e24f6c3a /nova/virt
parent: 521d872d332486e2d30a7b4cec06a3b4f3ffbe87 (diff)
parent: a9bf56c7e4613c83646c109ce9e6452e0cd25d2d (diff)
download: nova-7bcb77277973dd80691f1c07aa66d89b7c2be150.tar.gz
nova-7bcb77277973dd80691f1c07aa66d89b7c2be150.tar.xz
nova-7bcb77277973dd80691f1c07aa66d89b7c2be150.zip
2 files changed, 23 insertions, 17 deletions
diff --git a/nova/virt/libvirt.xml.template b/nova/virt/libvirt.xml.template
index 8139c3620..88bfbc668 100644
--- a/nova/virt/libvirt.xml.template
+++ b/nova/virt/libvirt.xml.template
@@ -75,11 +75,13 @@
             <!--   <model type='virtio'/>  CANT RUN virtio network right now -->
             <filterref filter="nova-instance-${name}">
                 <parameter name="IP" value="${ip_address}" />
-                <parameter name="DHCPSERVER" value="${dhcp_server}" />
-                <parameter name="RASERVER" value="${ra_server}" />
+                <parameter name="DHCPSERVER" value="${dhcp_server}" />           
 #if $getVar('extra_params', False)
                 ${extra_params}
 #end if
+#if $getVar('ra_server', False)
+                <parameter name="RASERVER" value="${ra_server}" />
+#end if
             </filterref>
         </interface>
 
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 19a8bb6f3..36733764a 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -653,8 +653,7 @@ class LibvirtConnection(object):
         # Assume that the gateway also acts as the dhcp server.
         dhcp_server = network['gateway']
         ra_server = network['ra_server']
-        if not ra_server:
-            ra_server = 'fd00::'
+
         if FLAGS.allow_project_net_traffic:
             if FLAGS.use_ipv6:
                 net, mask = _get_net_and_mask(network['cidr'])
@@ -693,11 +692,13 @@ class LibvirtConnection(object):
                     'mac_address': instance['mac_address'],
                     'ip_address': ip_address,
                     'dhcp_server': dhcp_server,
-                    'ra_server': ra_server,
                     'extra_params': extra_params,
                     'rescue': rescue,
                     'local': instance_type['local_gb'],
                     'driver_type': driver_type}
+
+        if ra_server:
+            xml_info['ra_server'] = ra_server + "/128"
         if not rescue:
             if instance['kernel_id']:
                 xml_info['kernel'] = xml_info['basepath'] + "/kernel"
@@ -880,6 +881,11 @@ class FirewallDriver(object):
         the security group."""
         raise NotImplementedError()
 
+    def _ra_server_for_instance(self, instance):
+        network = db.network_get_by_instance(context.get_admin_context(),
+                                             instance['id'])
+        return network['ra_server']
+
 
 class NWFilterFirewall(FirewallDriver):
     """
@@ -932,6 +938,10 @@ class NWFilterFirewall(FirewallDriver):
         self.static_filters_configured = False
         self.handle_security_groups = False
 
+    def apply_instance_filter(self, instance):
+        """No-op. Everything is done in prepare_instance_filter"""
+        pass
+
     def _get_connection(self):
         return self._libvirt_get_connection()
     _conn = property(_get_connection)
@@ -1090,7 +1100,9 @@ class NWFilterFirewall(FirewallDriver):
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
         if FLAGS.use_ipv6:
-            instance_secgroup_filter_children += ['nova-allow-ra-server']
+            ra_server = self._ra_server_for_instance(instance)
+            if ra_server:
+                instance_secgroup_filter_children += ['nova-allow-ra-server']
 
         ctxt = context.get_admin_context()
 
@@ -1117,10 +1129,6 @@ class NWFilterFirewall(FirewallDriver):
 
         return
 
-    def apply_instance_filter(self, instance):
-        """No-op. Everything is done in prepare_instance_filter"""
-        pass
-
     def refresh_security_group_rules(self, security_group_id):
         return self._define_filter(
                    self.security_group_to_nwfilter_xml(security_group_id))
@@ -1271,8 +1279,9 @@ class IptablesFirewallDriver(FirewallDriver):
             elif(ip_version == 6):
                 # Allow RA responses
                 ra_server = self._ra_server_for_instance(instance)
-                our_rules += ['-A %s -s %s -p icmpv6' %
-                                                 (chain_name, ra_server)]
+                if ra_server:
+                    our_rules += ['-A %s -s %s -p icmpv6' %
+                                        (chain_name, ra_server + "/128")]
 
             # If nothing matches, jump to the fallback chain
             our_rules += ['-A %s -j nova-fallback' % (chain_name,)]
@@ -1362,8 +1371,3 @@ class IptablesFirewallDriver(FirewallDriver):
         network = db.network_get_by_instance(context.get_admin_context(),
                                              instance['id'])
         return network['gateway']
-
-    def _ra_server_for_instance(self, instance):
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        return network['ra_server']
author	Vishvananda Ishaya <vishvananda@gmail.com>	2011-01-25 00:14:07 -0800
committer	Vishvananda Ishaya <vishvananda@gmail.com>	2011-01-25 00:14:07 -0800
commit	7bcb77277973dd80691f1c07aa66d89b7c2be150 (patch)
tree	7996c47972d4ccc6ea63265e23570328e24f6c3a /nova/virt
parent	521d872d332486e2d30a7b4cec06a3b4f3ffbe87 (diff)
parent	a9bf56c7e4613c83646c109ce9e6452e0cd25d2d (diff)
download	nova-7bcb77277973dd80691f1c07aa66d89b7c2be150.tar.gz nova-7bcb77277973dd80691f1c07aa66d89b7c2be150.tar.xz nova-7bcb77277973dd80691f1c07aa66d89b7c2be150.zip