make sure security groups come back on restart of nova-compute

5 files changed, 15 insertions, 16 deletions

diff --git a/nova/virt/driver.py b/nova/virt/driver.py
index df4a66ac2..20af2666d 100644
--- a/nova/virt/driver.py
+++ b/nova/virt/driver.py
@@ -252,7 +252,7 @@ class ComputeDriver(object):
         # TODO(Vek): Need to pass context in for access to auth_token
         pass
 
-    def ensure_filtering_rules_for_instance(self, instance_ref):
+    def ensure_filtering_rules_for_instance(self, instance_ref, network_info):
         """Setting up filtering rules and waiting for its completion.
 
         To migrate an instance, filtering rules to hypervisors
diff --git a/nova/virt/fake.py b/nova/virt/fake.py
index 880702af1..2ffa33d40 100644
--- a/nova/virt/fake.py
+++ b/nova/virt/fake.py
@@ -487,7 +487,7 @@ class FakeConnection(driver.ComputeDriver):
         """This method is supported only by libvirt."""
         raise NotImplementedError('This method is supported only by libvirt.')
 
-    def ensure_filtering_rules_for_instance(self, instance_ref):
+    def ensure_filtering_rules_for_instance(self, instance_ref, network_info):
         """This method is supported only by libvirt."""
         raise NotImplementedError('This method is supported only by libvirt.')
 
@@ -496,7 +496,7 @@ class FakeConnection(driver.ComputeDriver):
         """This method is supported only by libvirt."""
         return
 
-    def unfilter_instance(self, instance_ref, network_info=None):
+    def unfilter_instance(self, instance_ref, network_info):
         """This method is supported only by libvirt."""
         raise NotImplementedError('This method is supported only by libvirt.')
 
diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
index 5945a725d..71516011a 100644
--- a/nova/virt/libvirt/connection.py
+++ b/nova/virt/libvirt/connection.py
@@ -1502,7 +1502,7 @@ class LibvirtConnection(driver.ComputeDriver):
 
         return
 
-    def ensure_filtering_rules_for_instance(self, instance_ref,
+    def ensure_filtering_rules_for_instance(self, instance_ref, network_info,
                                             time=None):
         """Setting up filtering rules and waiting for its completion.
 
@@ -1532,14 +1532,15 @@ class LibvirtConnection(driver.ComputeDriver):
 
         # If any instances never launch at destination host,
         # basic-filtering must be set here.
-        self.firewall_driver.setup_basic_filtering(instance_ref)
+        self.firewall_driver.setup_basic_filtering(instance_ref, network_info)
         # setting up n)ova-instance-instance-xx mainly.
-        self.firewall_driver.prepare_instance_filter(instance_ref)
+        self.firewall_driver.prepare_instance_filter(instance_ref, network_info)
 
         # wait for completion
         timeout_count = range(FLAGS.live_migration_retry_count)
         while timeout_count:
-            if self.firewall_driver.instance_filter_exists(instance_ref):
+            if self.firewall_driver.instance_filter_exists(instance_ref,
+                                                           network_info):
                 break
             timeout_count.pop()
             if len(timeout_count) == 0:
diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
index 11e3906b8..55fc58458 100644
--- a/nova/virt/libvirt/firewall.py
+++ b/nova/virt/libvirt/firewall.py
@@ -92,7 +92,7 @@ class FirewallDriver(object):
         """
         raise NotImplementedError()
 
-    def instance_filter_exists(self, instance):
+    def instance_filter_exists(self, instance, network_info):
         """Check nova-instance-instance-xxx exists"""
         raise NotImplementedError()
 
@@ -391,9 +391,7 @@ class NWFilterFirewall(FirewallDriver):
         self._define_filter(self._filter_container(filter_name,
                                                    filter_children))
 
-    def refresh_security_group_rules(self,
-                                     security_group_id,
-                                     network_info=None):
+    def refresh_security_group_rules(self, security_group_id):
         return self._define_filter(
                    self.security_group_to_nwfilter_xml(security_group_id))
 
@@ -702,15 +700,15 @@ class IptablesFirewallDriver(FirewallDriver):
 
         return ipv4_rules, ipv6_rules
 
-    def instance_filter_exists(self, instance):
+    def instance_filter_exists(self, instance, network_info):
         """Check nova-instance-instance-xxx exists"""
-        return self.nwfilter.instance_filter_exists(instance)
+        return self.nwfilter.instance_filter_exists(instance, network_info)
 
     def refresh_security_group_members(self, security_group):
         pass
 
-    def refresh_security_group_rules(self, security_group, network_info=None):
-        self.do_refresh_security_group_rules(security_group, network_info)
+    def refresh_security_group_rules(self, security_group):
+        self.do_refresh_security_group_rules(security_group)
         self.iptables.apply()
 
     @utils.synchronized('iptables', external=True)
diff --git a/nova/virt/xenapi_conn.py b/nova/virt/xenapi_conn.py
index 76b6c57fc..0ec957cf3 100644
--- a/nova/virt/xenapi_conn.py
+++ b/nova/virt/xenapi_conn.py
@@ -309,7 +309,7 @@ class XenAPIConnection(driver.ComputeDriver):
         """This method is supported only by libvirt."""
         raise NotImplementedError('This method is supported only by libvirt.')
 
-    def ensure_filtering_rules_for_instance(self, instance_ref):
+    def ensure_filtering_rules_for_instance(self, instance_ref, network_info):
         """This method is supported only libvirt."""
         return