From 685bea1846032057cf5407e791a266c435dca15a Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Tue, 18 Jan 2011 11:41:05 +0900 Subject: Fixed error message in get_my_linklocal --- nova/utils.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/nova/utils.py b/nova/utils.py index 6d3ddd092..5ceb0ec44 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -212,13 +212,11 @@ def get_my_linklocal(interface): if address[0] is not None: return address[0] else: + LOG.warn(_("Link Local address is not found.:%s") % if_str) return 'fe00::' - except IndexError as ex: + except Exception as ex: LOG.warn(_("Couldn't get Link Local IP of %s :%s"), interface, ex) - except ProcessExecutionError as ex: - LOG.warn(_("Couldn't get Link Local IP of %s :%s"), interface, ex) - except: - return 'fe00::' + return 'fe00::' def to_global_ipv6(prefix, mac): -- cgit From ba73128770b49998a26652ff9446e927a8e8e13d Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Tue, 18 Jan 2011 20:04:16 +0900 Subject: Fixed apply_instance_filter is not implemented in NWFilterFirewall --- nova/virt/libvirt_conn.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index f38af5ed8..afe2284e7 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -98,7 +98,7 @@ flags.DEFINE_string('ajaxterm_portrange', '10000-12000', 'Range of ports that ajaxterm should randomly try to bind') flags.DEFINE_string('firewall_driver', - 'nova.virt.libvirt_conn.IptablesFirewallDriver', + None, 'Firewall driver (defaults to iptables)') @@ -936,6 +936,10 @@ class NWFilterFirewall(FirewallDriver): self.static_filters_configured = False self.handle_security_groups = False + def apply_instance_filter(self, instance): + """No-op. Everything is done in prepare_instance_filter""" + pass + def _get_connection(self): return self._libvirt_get_connection() _conn = property(_get_connection) -- cgit From 4190d539315c50c50edcb8f7866274fe3d95d9a1 Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Wed, 19 Jan 2011 11:13:33 +0900 Subject: get_my_linklocal raises exception --- nova/utils.py | 10 +++++----- nova/virt/libvirt.xml.template | 6 ++++-- nova/virt/libvirt_conn.py | 26 ++++++++++++++++---------- 3 files changed, 25 insertions(+), 17 deletions(-) diff --git a/nova/utils.py b/nova/utils.py index 5ceb0ec44..108824143 100644 --- a/nova/utils.py +++ b/nova/utils.py @@ -206,17 +206,17 @@ def last_octet(address): def get_my_linklocal(interface): try: if_str = execute("ip -f inet6 -o addr show %s" % interface) - condition = "\s+inet6\s+([0-9a-f:]+/\d+)\s+scope\s+link" + condition = "\s+inet6\s+([0-9a-f:]+)/\d+\s+scope\s+link" links = [re.search(condition, x) for x in if_str[0].split('\n')] address = [w.group(1) for w in links if w is not None] if address[0] is not None: return address[0] else: - LOG.warn(_("Link Local address is not found.:%s") % if_str) - return 'fe00::' + raise exception.Error(_("Link Local address is not found.:%s") + % if_str) except Exception as ex: - LOG.warn(_("Couldn't get Link Local IP of %s :%s"), interface, ex) - return 'fe00::' + raise exception.Error(_("Couldn't get Link Local IP of %s :%s") + % (interface, ex)) def to_global_ipv6(prefix, mac): diff --git a/nova/virt/libvirt.xml.template b/nova/virt/libvirt.xml.template index de06a1eb0..3ec82e403 100644 --- a/nova/virt/libvirt.xml.template +++ b/nova/virt/libvirt.xml.template @@ -75,10 +75,12 @@ - - + #if $getVar('extra_params', False) ${extra_params} +#end if +#if $getVar('ra_server', False) + #end if diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index afe2284e7..4036d4f07 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -658,8 +658,7 @@ class LibvirtConnection(object): # Assume that the gateway also acts as the dhcp server. dhcp_server = network['gateway'] ra_server = network['ra_server'] - if not ra_server: - ra_server = 'fd00::' + if FLAGS.allow_project_net_traffic: if FLAGS.use_ipv6: net, mask = _get_net_and_mask(network['cidr']) @@ -698,11 +697,13 @@ class LibvirtConnection(object): 'mac_address': instance['mac_address'], 'ip_address': ip_address, 'dhcp_server': dhcp_server, - 'ra_server': ra_server, 'extra_params': extra_params, 'rescue': rescue, 'local': instance_type['local_gb'], 'driver_type': driver_type} + + if ra_server: + xml_info['ra_server'] = ra_server + "/128" if not rescue: if instance['kernel_id']: xml_info['kernel'] = xml_info['basepath'] + "/kernel" @@ -884,6 +885,11 @@ class FirewallDriver(object): the security group.""" raise NotImplementedError() + def _ra_server_for_instance(self, instance): + network = db.project_get_network(context.get_admin_context(), + instance['project_id']) + return network['ra_server'] + class NWFilterFirewall(FirewallDriver): """ @@ -1098,7 +1104,9 @@ class NWFilterFirewall(FirewallDriver): 'nova-base-ipv6', 'nova-allow-dhcp-server'] if FLAGS.use_ipv6: - instance_secgroup_filter_children += ['nova-allow-ra-server'] + ra_server = self._ra_server_for_instance(instance) + if ra_server: + instance_secgroup_filter_children += ['nova-allow-ra-server'] ctxt = context.get_admin_context() @@ -1275,8 +1283,9 @@ class IptablesFirewallDriver(FirewallDriver): elif(ip_version == 6): # Allow RA responses ra_server = self._ra_server_for_instance(instance) - our_rules += ['-A %s -s %s -p icmpv6' % - (chain_name, ra_server)] + if ra_server: + our_rules += ['-A %s -s %s -p icmpv6' % + (chain_name, ra_server + "/128")] # If nothing matches, jump to the fallback chain our_rules += ['-A %s -j nova-fallback' % (chain_name,)] @@ -1367,7 +1376,4 @@ class IptablesFirewallDriver(FirewallDriver): instance['project_id']) return network['gateway'] - def _ra_server_for_instance(self, instance): - network = db.project_get_network(context.get_admin_context(), - instance['project_id']) - return network['ra_server'] + -- cgit From 30ec3b18dbb24fe1a1cfa0e733c373edee49ca84 Mon Sep 17 00:00:00 2001 From: Nachi Ueno Date: Wed, 19 Jan 2011 12:45:07 +0900 Subject: Revert Firewalldriver --- nova/virt/libvirt_conn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index 4036d4f07..55c193e20 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -98,7 +98,7 @@ flags.DEFINE_string('ajaxterm_portrange', '10000-12000', 'Range of ports that ajaxterm should randomly try to bind') flags.DEFINE_string('firewall_driver', - None, + 'nova.virt.libvirt_conn.IptablesFirewallDriver', 'Firewall driver (defaults to iptables)') -- cgit From 3294d3f98cb78b169656711c73547e1cf0527432 Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Thu, 20 Jan 2011 19:54:05 +0900 Subject: When radvd is already running, not to hup, but to restart --- nova/network/linux_net.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nova/network/linux_net.py b/nova/network/linux_net.py index d29e17603..c55fb66f4 100644 --- a/nova/network/linux_net.py +++ b/nova/network/linux_net.py @@ -298,10 +298,9 @@ interface %s % pid, check_exit_code=False) if conffile in out: try: - _execute('sudo kill -HUP %d' % pid) - return + _execute('sudo kill %d' % pid) except Exception as exc: # pylint: disable-msg=W0703 - LOG.debug(_("Hupping radvd threw %s"), exc) + LOG.debug(_("killing radvd threw %s"), exc) else: LOG.debug(_("Pid %d is stale, relaunching radvd"), pid) command = _ra_cmd(network_ref) -- cgit From a9bf56c7e4613c83646c109ce9e6452e0cd25d2d Mon Sep 17 00:00:00 2001 From: Hisaharu Ishii Date: Fri, 21 Jan 2011 20:30:29 +0900 Subject: Fixed for pep8 --- nova/virt/libvirt_conn.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py index 8ad83731f..73291f7f5 100644 --- a/nova/virt/libvirt_conn.py +++ b/nova/virt/libvirt_conn.py @@ -1380,5 +1380,3 @@ class IptablesFirewallDriver(FirewallDriver): network = db.project_get_network(context.get_admin_context(), instance['project_id']) return network['gateway'] - - -- cgit