summaryrefslogtreecommitdiffstats
path: root/nova/virt
diff options
context:
space:
mode:
authorSoren Hansen <soren.hansen@rackspace.com>2010-12-13 16:42:35 +0100
committerSoren Hansen <soren.hansen@rackspace.com>2010-12-13 16:42:35 +0100
commitbe9a3cd7e17edac4032c8ae554f75d725b0ad54a (patch)
tree37a9713ae32cf3cf78fa848d8c0ec4240efaea6c /nova/virt
parent65c0443c4a6c6ffa525d07e47275382c45bc8ffe (diff)
Move security group refresh logic into ComputeAPI.
Add a trigger_security_group_members_refresh to ComputeAPI which finds the hosts that have instances that have security groups that reference a security group in which a new instance has just been placed, and sends a refresh_security_group_members to each of them.
Diffstat (limited to 'nova/virt')
-rw-r--r--nova/virt/libvirt_conn.py32
1 files changed, 23 insertions, 9 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index a123f7671..da566c33b 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -656,8 +656,11 @@ class LibvirtConnection(object):
domain = self._conn.lookupByName(instance_name)
return domain.interfaceStats(interface)
- def refresh_security_group(self, security_group_id):
- self.firewall_driver.refresh_security_group(security_group_id)
+ def refresh_security_group_rules(self, security_group_id):
+ self.firewall_driver.refresh_security_group_rules(security_group_id)
+
+ def refresh_security_group_members(self, security_group_id):
+ self.firewall_driver.refresh_security_group_members(security_group_id)
class FirewallDriver(object):
@@ -677,11 +680,19 @@ class FirewallDriver(object):
"""
raise NotImplementedError()
- def refresh_security_group(self, security_group_id):
- """Refresh security group from data store
+ def refresh_security_group_rules(self, security_group_id):
+ """Refresh security group rules from data store
- Gets called when changes have been made to the security
- group."""
+ Gets called when a rule has been added to or removed from
+ the security group."""
+ raise NotImplementedError()
+
+
+ def refresh_security_group_members(self, security_group_id):
+ """Refresh security group members from data store
+
+ Gets called when an instance gets added to or removed from
+ the security group."""
raise NotImplementedError()
@@ -876,7 +887,7 @@ class NWFilterFirewall(FirewallDriver):
for security_group in db.security_group_get_by_instance(ctxt,
instance['id']):
- yield self.refresh_security_group(security_group['id'])
+ yield self.refresh_security_group_rules(security_group['id'])
instance_secgroup_filter_children += [('nova-secgroup-%s' %
security_group['id'])]
@@ -891,7 +902,7 @@ class NWFilterFirewall(FirewallDriver):
return
- def refresh_security_group(self, security_group_id):
+ def refresh_security_group_rules(self, security_group_id):
return self._define_filter(
self.security_group_to_nwfilter_xml(security_group_id))
@@ -1062,7 +1073,10 @@ class IptablesFirewallDriver(FirewallDriver):
logging.info('new_filter: %s', '\n'.join(new_filter))
return new_filter
- def refresh_security_group(self, security_group):
+ def refresh_security_group_members(self, security_group):
+ pass
+
+ def refresh_security_group_rules(self, security_group):
self.apply_ruleset()
def _security_group_chain_name(self, security_group):
generated by cgit (git 2.34.1) at 2026-04-24 17:28:10 +0000