diff options
| -rwxr-xr-x | bin/nova-dhcpbridge | 4 | ||||
| -rw-r--r-- | etc/nova/nova.conf.sample | 2 | ||||
| -rw-r--r-- | nova/network/linux_net.py | 9 | ||||
| -rw-r--r-- | nova/servicegroup/drivers/zk.py | 12 | ||||
| -rw-r--r-- | nova/tests/network/test_linux_net.py | 3 | ||||
| -rw-r--r-- | nova/tests/test_libvirt.py | 6 | ||||
| -rw-r--r-- | nova/tests/test_migrations.py | 3 | ||||
| -rw-r--r-- | nova/tests/test_xenapi.py | 6 | ||||
| -rw-r--r-- | nova/virt/firewall.py | 12 | ||||
| -rwxr-xr-x | tools/hacking.py | 3 |
10 files changed, 41 insertions, 19 deletions
diff --git a/bin/nova-dhcpbridge b/bin/nova-dhcpbridge index c00578821..1acaf4cd1 100755 --- a/bin/nova-dhcpbridge +++ b/bin/nova-dhcpbridge @@ -42,6 +42,7 @@ from nova import context from nova import db from nova.network import rpcapi as network_rpcapi from nova.openstack.common import importutils +from nova.openstack.common import jsonutils from nova.openstack.common import log as logging from nova.openstack.common import rpc @@ -121,7 +122,8 @@ def main(): except KeyError: config_file = os.environ['FLAGFILE'] - config.parse_args(sys.argv, default_config_files=[config_file]) + config.parse_args(sys.argv, + default_config_files=jsonutils.loads(config_file)) logging.setup("nova") diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample index 9cbb8c1a5..a094469f7 100644 --- a/etc/nova/nova.conf.sample +++ b/etc/nova/nova.conf.sample @@ -970,7 +970,7 @@ # Options defined in nova.network.linux_net # -# location of flagfile for dhcpbridge (string value) +# location of flagfile(s) for dhcpbridge (multi valued) #dhcpbridge_flagfile=/etc/nova/nova-dhcpbridge.conf # Location to keep network config files (string value) diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index 29b882a02..5c20f9ce8 100644 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -31,6 +31,7 @@ from nova import db from nova import exception from nova.openstack.common import fileutils from nova.openstack.common import importutils +from nova.openstack.common import jsonutils from nova.openstack.common import lockutils from nova.openstack.common import log as logging from nova.openstack.common import timeutils @@ -41,9 +42,9 @@ LOG = logging.getLogger(__name__) linux_net_opts = [ - cfg.StrOpt('dhcpbridge_flagfile', - default='/etc/nova/nova-dhcpbridge.conf', - help='location of flagfile for dhcpbridge'), + cfg.MultiStrOpt('dhcpbridge_flagfile', + default=['/etc/nova/nova-dhcpbridge.conf'], + help='location of flagfiles for dhcpbridge'), cfg.StrOpt('networks_path', default=paths.state_path_def('networks'), help='Location to keep network config files'), @@ -994,7 +995,7 @@ def restart_dhcp(context, dev, network_ref): LOG.debug(_('Pid %d is stale, relaunching dnsmasq'), pid) cmd = ['env', - 'CONFIG_FILE=%s' % CONF.dhcpbridge_flagfile, + 'CONFIG_FILE=%s' % jsonutils.dumps(CONF.dhcpbridge_flagfile), 'NETWORK_ID=%s' % str(network_ref['id']), 'dnsmasq', '--strict-order', diff --git a/nova/servicegroup/drivers/zk.py b/nova/servicegroup/drivers/zk.py index 92b49f274..b3c2ba965 100644 --- a/nova/servicegroup/drivers/zk.py +++ b/nova/servicegroup/drivers/zk.py @@ -59,15 +59,15 @@ class ZooKeeperDriver(api.ServiceGroupDriver): def __init__(self, *args, **kwargs): """Create the zk session object.""" null = open(os.devnull, "w") - self._session = evzookeeper.ZKSession(CONF.zk.address, + self._session = evzookeeper.ZKSession(CONF.zookeeper.address, recv_timeout= - CONF.zk.recv_timeout, + CONF.zookeeper.recv_timeout, zklog_fd=null) self._memberships = {} self._monitors = {} # Make sure the prefix exists try: - self._session.create(CONF.zk.sg_prefix, "", + self._session.create(CONF.zookeeper.sg_prefix, "", acl=[evzookeeper.ZOO_OPEN_ACL_UNSAFE]) except zookeeper.NodeExistsException: pass @@ -82,7 +82,7 @@ class ZooKeeperDriver(api.ServiceGroupDriver): member = self._memberships.get((group, member_id), None) if member is None: # the first time to join. Generate a new object - path = "%s/%s" % (CONF.zk.sg_prefix, group) + path = "%s/%s" % (CONF.zookeeper.sg_prefix, group) try: member = membership.Membership(self._session, path, member_id) except RuntimeError: @@ -90,7 +90,7 @@ class ZooKeeperDriver(api.ServiceGroupDriver): "another node exists with the same name, or " "this node just restarted. We will try " "again in a short while to make sure.")) - eventlet.sleep(CONF.zk.sg_retry_interval) + eventlet.sleep(CONF.zookeeper.sg_retry_interval) member = membership.Membership(self._session, path, member_id) self._memberships[(group, member_id)] = member return FakeLoopingCall(self, member_id, group) @@ -120,7 +120,7 @@ class ZooKeeperDriver(api.ServiceGroupDriver): """ monitor = self._monitors.get(group_id, None) if monitor is None: - path = "%s/%s" % (CONF.zk.sg_prefix, group_id) + path = "%s/%s" % (CONF.zookeeper.sg_prefix, group_id) monitor = membership.MembershipMonitor(self._session, path) self._monitors[group_id] = monitor # Note(maoy): When initialized for the first time, it takes a diff --git a/nova/tests/network/test_linux_net.py b/nova/tests/network/test_linux_net.py index cba08d9ce..4eac0c88c 100644 --- a/nova/tests/network/test_linux_net.py +++ b/nova/tests/network/test_linux_net.py @@ -26,6 +26,7 @@ from nova import db from nova.network import driver from nova.network import linux_net from nova.openstack.common import fileutils +from nova.openstack.common import jsonutils from nova.openstack.common import log as logging from nova.openstack.common import timeutils from nova import test @@ -496,7 +497,7 @@ class LinuxNetworkTestCase(test.TestCase): dev = 'br100' linux_net.restart_dhcp(self.context, dev, network_ref) expected = ['env', - 'CONFIG_FILE=%s' % CONF.dhcpbridge_flagfile, + 'CONFIG_FILE=%s' % jsonutils.dumps(CONF.dhcpbridge_flagfile), 'NETWORK_ID=fake', 'dnsmasq', '--strict-order', diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py index cad556851..fcd66dae8 100644 --- a/nova/tests/test_libvirt.py +++ b/nova/tests/test_libvirt.py @@ -3948,8 +3948,10 @@ class IptablesFirewallTestCase(test.TestCase): ipv6 = self.fw.iptables.ipv6['filter'].rules ipv4_network_rules = len(ipv4) - len(inst_ipv4) - ipv4_len ipv6_network_rules = len(ipv6) - len(inst_ipv6) - ipv6_len - self.assertEquals(ipv4_network_rules, - ipv4_rules_per_addr * ipv4_addr_per_network * networks_count) + # Extra rule is for the DHCP request + rules = (ipv4_rules_per_addr * ipv4_addr_per_network * + networks_count) + 1 + self.assertEquals(ipv4_network_rules, rules) self.assertEquals(ipv6_network_rules, ipv6_rules_per_addr * ipv6_addr_per_network * networks_count) diff --git a/nova/tests/test_migrations.py b/nova/tests/test_migrations.py index 55963a81b..ef25ca726 100644 --- a/nova/tests/test_migrations.py +++ b/nova/tests/test_migrations.py @@ -248,7 +248,8 @@ class BaseMigrationTestCase(test.TestCase): def execute_cmd(cmd=None): status, output = commands.getstatusoutput(cmd) LOG.debug(output) - self.assertEqual(0, status) + self.assertEqual(0, status, + "Failed to run: %s\n%s" % (cmd, output)) for key, engine in self.engines.items(): conn_string = self.test_databases[key] conn_pieces = urlparse.urlparse(conn_string) diff --git a/nova/tests/test_xenapi.py b/nova/tests/test_xenapi.py index 84c3caa63..10dc70741 100644 --- a/nova/tests/test_xenapi.py +++ b/nova/tests/test_xenapi.py @@ -2068,8 +2068,10 @@ class XenAPIDom0IptablesFirewallTestCase(stubs.XenAPITestBase): ipv6 = self.fw.iptables.ipv6['filter'].rules ipv4_network_rules = len(ipv4) - len(inst_ipv4) - ipv4_len ipv6_network_rules = len(ipv6) - len(inst_ipv6) - ipv6_len - self.assertEquals(ipv4_network_rules, - ipv4_rules_per_addr * ipv4_addr_per_network * networks_count) + # Extra rule is for the DHCP request + rules = (ipv4_rules_per_addr * ipv4_addr_per_network * + networks_count) + 1 + self.assertEquals(ipv4_network_rules, rules) self.assertEquals(ipv6_network_rules, ipv6_rules_per_addr * ipv6_addr_per_network * networks_count) diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py index a36beb7f0..d9502ec46 100644 --- a/nova/virt/firewall.py +++ b/nova/virt/firewall.py @@ -149,6 +149,10 @@ class IptablesFirewallDriver(FirewallDriver): self.network_infos = {} self.basically_filtered = False + # Flags for DHCP request rule + self.dhcp_create = False + self.dhcp_created = False + self.iptables.ipv4['filter'].add_chain('sg-fallback') self.iptables.ipv4['filter'].add_rule('sg-fallback', '-j DROP') self.iptables.ipv6['filter'].add_chain('sg-fallback') @@ -191,6 +195,13 @@ class IptablesFirewallDriver(FirewallDriver): LOG.debug(_('Filters added to instance'), instance=instance) self.refresh_provider_fw_rules() LOG.debug(_('Provider Firewall Rules refreshed'), instance=instance) + # Ensure that DHCP request rule is updated if necessary + if (self.dhcp_create and not self.dhcp_created): + self.iptables.ipv4['filter'].add_rule( + 'INPUT', + '-s 0.0.0.0/32 -d 255.255.255.255/32 ' + '-p udp -m udp --sport 68 --dport 67 -j ACCEPT') + self.dhcp_created = True self.iptables.apply() def _create_filter(self, ips, chain_name): @@ -272,6 +283,7 @@ class IptablesFirewallDriver(FirewallDriver): if dhcp_server: ipv4_rules.append('-s %s -p udp --sport 67 --dport 68 ' '-j ACCEPT' % (dhcp_server,)) + self.dhcp_create = True def _do_project_network_rules(self, ipv4_rules, ipv6_rules, network_info): # make sure this is legacy nw_info diff --git a/tools/hacking.py b/tools/hacking.py index 1279e87e9..5b301d540 100755 --- a/tools/hacking.py +++ b/tools/hacking.py @@ -201,7 +201,8 @@ def nova_import_rules(logical_line): # NOTE(vish): the import error might be due # to a missing dependency missing = str(exc).split()[-1] - if missing != mod.split('.')[-1]: + if (missing != mod.split('.')[-1] or + "cannot import" in str(exc)): _missingImport.add(missing) return True return False |