diff options
Diffstat (limited to 'nova/virt')
| -rw-r--r-- | nova/virt/firewall.py | 20 | ||||
| -rw-r--r-- | nova/virt/libvirt/driver.py | 14 | ||||
| -rw-r--r-- | nova/virt/libvirt/firewall.py | 3 | ||||
| -rw-r--r-- | nova/virt/xenapi/firewall.py | 5 | ||||
| -rw-r--r-- | nova/virt/xenapi/vmops.py | 12 |
5 files changed, 32 insertions, 22 deletions
diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py index 762d1dc38..77f7b3054 100644 --- a/nova/virt/firewall.py +++ b/nova/virt/firewall.py @@ -21,6 +21,7 @@ from nova import context from nova import db from nova import flags from nova.openstack.common import cfg +from nova.openstack.common import importutils from nova.openstack.common import log as logging from nova import utils from nova.virt import netutils @@ -28,12 +29,23 @@ from nova.virt import netutils LOG = logging.getLogger(__name__) -allow_same_net_traffic_opt = cfg.BoolOpt('allow_same_net_traffic', - default=True, - help='Whether to allow network traffic from same network') +firewall_opts = [ + cfg.StrOpt('firewall_driver', + default=None, + help='Firewall driver ' + '(defaults to hypervisor specific iptables driver)'), + cfg.BoolOpt('allow_same_net_traffic', + default=True, + help='Whether to allow network traffic from same network'), +] FLAGS = flags.FLAGS -FLAGS.register_opt(allow_same_net_traffic_opt) +FLAGS.register_opts(firewall_opts) + + +def load_driver(default, *args, **kwargs): + fw_class = importutils.import_class(FLAGS.firewall_driver or default) + return fw_class(*args, **kwargs) class FirewallDriver(object): diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py index 8cd6cfe42..c4ebcf931 100644 --- a/nova/virt/libvirt/driver.py +++ b/nova/virt/libvirt/driver.py @@ -74,8 +74,9 @@ from nova import utils from nova.virt import configdrive from nova.virt.disk import api as disk from nova.virt import driver +from nova.virt import firewall from nova.virt.libvirt import config -from nova.virt.libvirt import firewall +from nova.virt.libvirt import firewall as libvirt_firewall from nova.virt.libvirt import imagebackend from nova.virt.libvirt import imagecache from nova.virt.libvirt import utils as libvirt_utils @@ -195,6 +196,10 @@ FLAGS.register_opts(libvirt_opts) flags.DECLARE('live_migration_retry_count', 'nova.compute.manager') flags.DECLARE('vncserver_proxyclient_address', 'nova.vnc') +DEFAULT_FIREWALL_DRIVER = "%s.%s" % ( + libvirt_firewall.__name__, + libvirt_firewall.IptablesFirewallDriver.__name__) + def patch_tpool_proxy(): """eventlet.tpool.Proxy doesn't work with old-style class in __str__() @@ -264,10 +269,9 @@ class LibvirtDriver(driver.ComputeDriver): self._initiator = None self._wrapped_conn = None self.read_only = read_only - if FLAGS.firewall_driver not in firewall.drivers: - FLAGS.set_default('firewall_driver', firewall.drivers[0]) - fw_class = importutils.import_class(FLAGS.firewall_driver) - self.firewall_driver = fw_class(get_connection=self._get_connection) + self.firewall_driver = firewall.load_driver( + default=DEFAULT_FIREWALL_DRIVER, + get_connection=self._get_connection) self.vif_driver = importutils.import_object(FLAGS.libvirt_vif_driver) self.volume_drivers = {} for driver_str in FLAGS.libvirt_volume_drivers: diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py index 4591bdd13..b3c6106ff 100644 --- a/nova/virt/libvirt/firewall.py +++ b/nova/virt/libvirt/firewall.py @@ -28,9 +28,6 @@ import nova.virt.firewall as base_firewall LOG = logging.getLogger(__name__) FLAGS = flags.FLAGS -# The default Firewall driver must be listed at position 0 -drivers = ['nova.virt.libvirt.firewall.IptablesFirewallDriver', ] - try: import libvirt except ImportError: diff --git a/nova/virt/xenapi/firewall.py b/nova/virt/xenapi/firewall.py index 3c974fc0f..f2b90c74b 100644 --- a/nova/virt/xenapi/firewall.py +++ b/nova/virt/xenapi/firewall.py @@ -29,11 +29,6 @@ from nova.virt import netutils LOG = logging.getLogger(__name__) FLAGS = flags.FLAGS -# The default Firewall driver must be listed at position 0 -drivers = ['nova.virt.firewall.IptablesFirewallDriver', - 'nova.virt.firewall.NoopFirewallDriver', - 'nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver', ] - class Dom0IptablesFirewallDriver(firewall.IptablesFirewallDriver): """ Dom0IptablesFirewallDriver class diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py index 0b49bff39..d233244b2 100644 --- a/nova/virt/xenapi/vmops.py +++ b/nova/virt/xenapi/vmops.py @@ -42,8 +42,8 @@ from nova.openstack.common import jsonutils from nova.openstack.common import log as logging from nova.openstack.common import timeutils from nova import utils +from nova.virt import firewall from nova.virt.xenapi import agent -from nova.virt.xenapi import firewall from nova.virt.xenapi import pool_states from nova.virt.xenapi import vm_utils from nova.virt.xenapi import volume_utils @@ -70,6 +70,9 @@ FLAGS.register_opts(xenapi_vmops_opts) flags.DECLARE('vncserver_proxyclient_address', 'nova.vnc') +DEFAULT_FIREWALL_DRIVER = "%s.%s" % ( + firewall.__name__, + firewall.IptablesFirewallDriver.__name__) RESIZE_TOTAL_STEPS = 5 @@ -151,10 +154,9 @@ class VMOps(object): self.compute_api = compute.API() self._session = session self.poll_rescue_last_ran = None - if FLAGS.firewall_driver not in firewall.drivers: - FLAGS.set_default('firewall_driver', firewall.drivers[0]) - fw_class = importutils.import_class(FLAGS.firewall_driver) - self.firewall_driver = fw_class(xenapi_session=self._session) + self.firewall_driver = firewall.load_driver( + default=DEFAULT_FIREWALL_DRIVER, + xenapi_session=self._session) vif_impl = importutils.import_class(FLAGS.xenapi_vif_driver) self.vif_driver = vif_impl(xenapi_session=self._session) self.default_root_dev = '/dev/sda' |