diff options
| author | Rick Harris <rick.harris@rackspace.com> | 2011-01-13 13:48:36 -0600 |
|---|---|---|
| committer | Rick Harris <rick.harris@rackspace.com> | 2011-01-13 13:48:36 -0600 |
| commit | e10c6b9046b04af3201d2993f16e50556b052d79 (patch) | |
| tree | 941bf47092dd74fd8143e53d5d50324ac3e42950 /nova/virt | |
| parent | 2c7ffd2dab260c2bfc308ccd0c8d52e57a015413 (diff) | |
| parent | 24e6372891be1b6dd81de0af89ece88f256a32e9 (diff) | |
| download | nova-e10c6b9046b04af3201d2993f16e50556b052d79.tar.gz nova-e10c6b9046b04af3201d2993f16e50556b052d79.tar.xz nova-e10c6b9046b04af3201d2993f16e50556b052d79.zip | |
Merging Trunk
Diffstat (limited to 'nova/virt')
| -rw-r--r-- | nova/virt/libvirt_conn.py | 67 |
1 files changed, 37 insertions, 30 deletions
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index e1b0211f9..765b42846 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -197,40 +197,29 @@ class LibvirtConnection(object): pass # If the instance is already terminated, we're still happy - done = event.Event() - # We'll save this for when we do shutdown, # instead of destroy - but destroy returns immediately timer = utils.LoopingCall(f=None) - def _wait_for_shutdown(): + while True: try: state = self.get_info(instance['name'])['state'] db.instance_set_state(context.get_admin_context(), instance['id'], state) if state == power_state.SHUTDOWN: - timer.stop() + break except Exception: db.instance_set_state(context.get_admin_context(), instance['id'], power_state.SHUTDOWN) - timer.stop() + break - timer.f = _wait_for_shutdown - timer_done = timer.start(interval=0.5, now=True) + self.firewall_driver.unfilter_instance(instance) - # NOTE(termie): this is strictly superfluous (we could put the - # cleanup code in the timer), but this emulates the - # previous model so I am keeping it around until - # everything has been vetted a bit - def _wait_for_timer(): - timer_done.wait() - if cleanup: - self._cleanup(instance) - done.send() + if cleanup: + self._cleanup(instance) - greenthread.spawn(_wait_for_timer) - return done + return True def _cleanup(self, instance): target = os.path.join(FLAGS.instances_path, instance['name']) @@ -787,6 +776,10 @@ class FirewallDriver(object): At this point, the instance isn't running yet.""" raise NotImplementedError() + def unfilter_instance(self, instance): + """Stop filtering instance""" + raise NotImplementedError() + def apply_instance_filter(self, instance): """Apply instance filter. @@ -977,6 +970,10 @@ class NWFilterFirewall(FirewallDriver): # execute in a native thread and block current greenthread until done tpool.execute(self._conn.nwfilterDefineXML, xml) + def unfilter_instance(self, instance): + # Nothing to do + pass + def prepare_instance_filter(self, instance): """ Creates an NWFilter for the given instance. In the process, @@ -1058,17 +1055,25 @@ class NWFilterFirewall(FirewallDriver): class IptablesFirewallDriver(FirewallDriver): def __init__(self, execute=None): self.execute = execute or utils.execute - self.instances = set() + self.instances = {} def apply_instance_filter(self, instance): """No-op. Everything is done in prepare_instance_filter""" pass def remove_instance(self, instance): - self.instances.remove(instance) + if instance['id'] in self.instances: + del self.instances[instance['id']] + else: + LOG.info(_('Attempted to unfilter instance %s which is not ' + 'filtered'), instance['id']) def add_instance(self, instance): - self.instances.add(instance) + self.instances[instance['id']] = instance + + def unfilter_instance(self, instance): + self.remove_instance(instance) + self.apply_ruleset() def prepare_instance_filter(self, instance): self.add_instance(instance) @@ -1101,10 +1106,11 @@ class IptablesFirewallDriver(FirewallDriver): our_chains += [':nova-local - [0:0]'] our_rules += ['-A FORWARD -j nova-local'] - security_groups = set() + security_groups = {} # Add our chains # First, we add instance chains and rules - for instance in self.instances: + for instance_id in self.instances: + instance = self.instances[instance_id] chain_name = self._instance_chain_name(instance) ip_address = self._ip_for_instance(instance) @@ -1126,9 +1132,10 @@ class IptablesFirewallDriver(FirewallDriver): for security_group in \ db.security_group_get_by_instance(ctxt, instance['id']): - security_groups.add(security_group) + security_groups[security_group['id']] = security_group - sg_chain_name = self._security_group_chain_name(security_group) + sg_chain_name = self._security_group_chain_name( + security_group['id']) our_rules += ['-A %s -j %s' % (chain_name, sg_chain_name)] @@ -1141,13 +1148,13 @@ class IptablesFirewallDriver(FirewallDriver): our_rules += ['-A %s -j nova-ipv4-fallback' % (chain_name,)] # then, security group chains and rules - for security_group in security_groups: - chain_name = self._security_group_chain_name(security_group) + for security_group_id in security_groups: + chain_name = self._security_group_chain_name(security_group_id) our_chains += [':%s - [0:0]' % chain_name] rules = \ db.security_group_rule_get_by_security_group(ctxt, - security_group['id']) + security_group_id) for rule in rules: logging.info('%r', rule) @@ -1195,8 +1202,8 @@ class IptablesFirewallDriver(FirewallDriver): def refresh_security_group_rules(self, security_group): self.apply_ruleset() - def _security_group_chain_name(self, security_group): - return 'nova-sg-%s' % (security_group['id'],) + def _security_group_chain_name(self, security_group_id): + return 'nova-sg-%s' % (security_group_id,) def _instance_chain_name(self, instance): return 'nova-inst-%s' % (instance['id'],) |