From af754e3bba9b2ee93147a3533319ac5a5e199f45 Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Wed, 16 Mar 2011 21:51:32 +0300
Subject: libvirt template and libvirt_conn.spawn modified in way that was
 proposed for xenapi multinic support

---
 nova/virt/libvirt.xml.template                     |  21 ++--
 nova/virt/libvirt_conn.py                          | 121 +++++++++++++++------
 plugins/xenserver/xenapi/etc/xapi.d/plugins/glance |   3 +-
 3 files changed, 101 insertions(+), 44 deletions(-)

diff --git a/nova/virt/libvirt.xml.template b/nova/virt/libvirt.xml.template
index 88bfbc668..43324c34b 100644
--- a/nova/virt/libvirt.xml.template
+++ b/nova/virt/libvirt.xml.template
@@ -69,21 +69,24 @@
         </disk>
     #end if
 #end if
+
+#for $nic in $nics
         <interface type='bridge'>
-            <source bridge='${bridge_name}'/>
-            <mac address='${mac_address}'/>
+            <source bridge='${nic.bridge_name}'/>
+            <mac address='${nic.mac_address}'/>
             <!--   <model type='virtio'/>  CANT RUN virtio network right now -->
-            <filterref filter="nova-instance-${name}">
-                <parameter name="IP" value="${ip_address}" />
-                <parameter name="DHCPSERVER" value="${dhcp_server}" />           
-#if $getVar('extra_params', False)
-                ${extra_params}
+            <filterref filter="nova-instance-${name}-${nic.id}">
+                <parameter name="IP" value="${nic.ip_address}" />
+                <parameter name="DHCPSERVER" value="${nic.dhcp_server}" />
+#if $getVar('nic.extra_params', False)
+                ${nic.extra_params}
 #end if
-#if $getVar('ra_server', False)
-                <parameter name="RASERVER" value="${ra_server}" />
+#if $getVar('nic.ra_server', False)
+                <parameter name="RASERVER" value="${nic.ra_server}" />
 #end if
             </filterref>
         </interface>
+#end for
 
         <!-- The order is significant here.  File must be defined first -->
         <serial type="file">
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 7994e9547..c122ac8d4 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -412,16 +412,18 @@ class LibvirtConnection(object):
         #             the normal xml file, we can just call reboot here
         self.reboot(instance)
 
+    # NOTE(ilyaalekseyev): Implementation like in multinics
+    # for xenapi(tr3buchet)
     @exception.wrap_exception
-    def spawn(self, instance):
-        xml = self.to_xml(instance)
+    def spawn(self, instance, network_info=None):
+        xml = self.to_xml(instance, network_info)
         db.instance_set_state(context.get_admin_context(),
                               instance['id'],
                               power_state.NOSTATE,
                               'launching')
-        self.firewall_driver.setup_basic_filtering(instance)
-        self.firewall_driver.prepare_instance_filter(instance)
-        self._create_image(instance, xml)
+        self.firewall_driver.setup_basic_filtering(instance, network_info)
+        self.firewall_driver.prepare_instance_filter(instance, network_info)
+        self._create_image(instance, xml, network_info)
         self._conn.createXML(xml, 0)
         LOG.debug(_("instance %s: is running"), instance['name'])
         self.firewall_driver.apply_instance_filter(instance)
@@ -578,7 +580,8 @@ class LibvirtConnection(object):
         utils.execute('truncate', target, '-s', "%dG" % local_gb)
         # TODO(vish): should we format disk by default?
 
-    def _create_image(self, inst, libvirt_xml, suffix='', disk_images=None):
+    def _create_image(self, inst, libvirt_xml, suffix='', disk_images=None,
+                        network_info=None):
         # syntactic nicety
         def basepath(fname='', suffix=suffix):
             return os.path.join(FLAGS.instances_path,
@@ -690,17 +693,7 @@ class LibvirtConnection(object):
         if FLAGS.libvirt_type == 'uml':
             utils.execute('sudo', 'chown', 'root', basepath('disk'))
 
-    def to_xml(self, instance, rescue=False):
-        # TODO(termie): cache?
-        LOG.debug(_('instance %s: starting toXML method'), instance['name'])
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        # FIXME(vish): stick this in db
-        instance_type = instance['instance_type']
-        # instance_type = test.INSTANCE_TYPES[instance_type]
-        instance_type = instance_types.get_instance_type(instance_type)
-        ip_address = db.instance_get_fixed_address(context.get_admin_context(),
-                                                   instance['id'])
+    def _get_nic_for_xml(self, instance_id, network, mapping):
         # Assume that the gateway also acts as the dhcp server.
         dhcp_server = network['gateway']
         ra_server = network['ra_server']
@@ -728,6 +721,75 @@ class LibvirtConnection(object):
                               (net, mask)
         else:
             extra_params = "\n"
+
+        result = {
+            'id': mapping['mac'].replace(':', ''),
+            'bridge_name': network['bridge'],
+            'mac_address': mapping['mac'],
+            'ip_address': mapping['ips'][0]['ip'],
+            'dhcp_server': dhcp_server,
+            'extra_params': extra_params,
+        }
+
+        if ra_server:
+            result['ra_server'] = ra_server + "/128"
+
+        return result
+
+    def to_xml(self, instance, rescue=False, network_info=None):
+        admin_context = context.get_admin_context()
+
+        # TODO(termie): cache?
+        LOG.debug(_('instance %s: starting toXML method'), instance['name'])
+
+        ip_addresses = db.fixed_ip_get_all_by_instance(admin_context,
+                                                       instance['id'])
+
+        networks = db.network_get_all_by_instance(admin_context,
+                                                  instance['id'])
+
+        #TODO(ilyaalekseyev) remove network_info creation code
+        # when multinics will be completed
+        if network_info is None:
+            network_info = []
+
+            def ip_dict(ip):
+                return {
+                    "ip": ip.address,
+                    "netmask": network["netmask"],
+                    "enabled": "1"}
+
+            def ip6_dict(ip6):
+                return  {
+                    "ip": ip6.addressV6,
+                    "netmask": ip6.netmaskV6,
+                    "gateway": ip6.gatewayV6,
+                    "enabled": "1"}
+
+            for network in networks:
+                network_ips = [ip for ip in ip_addresses
+                               if ip.network_id == network.id]
+
+                mapping = {
+                    'label': network['label'],
+                    'gateway': network['gateway'],
+                    'mac': instance.mac_address,
+                    'dns': [network['dns']],
+                    'ips': [ip_dict(ip) for ip in network_ips],
+                    'ip6s': [ip6_dict(ip) for ip in network_ips]}
+
+                network_info.append((network, mapping))
+
+        nics = []
+        for (network, mapping) in network_info:
+            nics.append(self._get_nic_for_xml(instance['id'],
+                                              network,
+                                              mapping))
+        # FIXME(vish): stick this in db
+        instance_type = instance['instance_type']
+        # instance_type = test.INSTANCE_TYPES[instance_type]
+        instance_type = instance_types.get_instance_type(instance_type)
+
         if FLAGS.use_cow_images:
             driver_type = 'qcow2'
         else:
@@ -739,17 +801,11 @@ class LibvirtConnection(object):
                                              instance['name']),
                     'memory_kb': instance_type['memory_mb'] * 1024,
                     'vcpus': instance_type['vcpus'],
-                    'bridge_name': network['bridge'],
-                    'mac_address': instance['mac_address'],
-                    'ip_address': ip_address,
-                    'dhcp_server': dhcp_server,
-                    'extra_params': extra_params,
                     'rescue': rescue,
                     'local': instance_type['local_gb'],
-                    'driver_type': driver_type}
+                    'driver_type': driver_type,
+                    'nics': nics}
 
-        if ra_server:
-            xml_info['ra_server'] = ra_server + "/128"
         if not rescue:
             if instance['kernel_id']:
                 xml_info['kernel'] = xml_info['basepath'] + "/kernel"
@@ -762,7 +818,6 @@ class LibvirtConnection(object):
         xml = str(Template(self.libvirt_xml, searchList=[xml_info]))
         LOG.debug(_('instance %s: finished toXML method'),
                         instance['name'])
-
         return xml
 
     def get_info(self, instance_name):
@@ -1251,7 +1306,7 @@ class LibvirtConnection(object):
 
 
 class FirewallDriver(object):
-    def prepare_instance_filter(self, instance):
+    def prepare_instance_filter(self, instance, network_info=None):
         """Prepare filters for the instance.
 
         At this point, the instance isn't running yet."""
@@ -1285,7 +1340,7 @@ class FirewallDriver(object):
         the security group."""
         raise NotImplementedError()
 
-    def setup_basic_filtering(self, instance):
+    def setup_basic_filtering(self, instance, network_info=None):
         """Create rules to block spoofing and allow dhcp.
 
         This gets called when spawning an instance, before
@@ -1390,7 +1445,7 @@ class NWFilterFirewall(FirewallDriver):
                               </rule>
                             </filter>'''
 
-    def setup_basic_filtering(self, instance):
+    def setup_basic_filtering(self, instance, network_info=None):
         """Set up basic filtering (MAC, IP, and ARP spoofing protection)"""
         logging.info('called setup_basic_filtering in nwfilter')
 
@@ -1495,7 +1550,7 @@ class NWFilterFirewall(FirewallDriver):
         # Nothing to do
         pass
 
-    def prepare_instance_filter(self, instance):
+    def prepare_instance_filter(self, instance, network_info=None):
         """
         Creates an NWFilter for the given instance. In the process,
         it makes sure the filters for the security groups as well as
@@ -1598,9 +1653,9 @@ class IptablesFirewallDriver(FirewallDriver):
         self.iptables.ipv4['filter'].add_chain('sg-fallback')
         self.iptables.ipv4['filter'].add_rule('sg-fallback', '-j DROP')
 
-    def setup_basic_filtering(self, instance):
+    def setup_basic_filtering(self, instance, network_info=None):
         """Use NWFilter from libvirt for this."""
-        return self.nwfilter.setup_basic_filtering(instance)
+        return self.nwfilter.setup_basic_filtering(instance, network_info)
 
     def apply_instance_filter(self, instance):
         """No-op. Everything is done in prepare_instance_filter"""
@@ -1614,7 +1669,7 @@ class IptablesFirewallDriver(FirewallDriver):
             LOG.info(_('Attempted to unfilter instance %s which is not '
                      'filtered'), instance['id'])
 
-    def prepare_instance_filter(self, instance):
+    def prepare_instance_filter(self, instance, network_info=None):
         self.instances[instance['id']] = instance
         self.add_filters_for_instance(instance)
         self.iptables.apply()
diff --git a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance
index c996f6ef4..0a45f3873 100644
--- a/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance
+++ b/plugins/xenserver/xenapi/etc/xapi.d/plugins/glance
@@ -216,8 +216,7 @@ def _upload_tarball(staging_path, image_id, glance_host, glance_port, os_type):
         'x-image-meta-status': 'queued',
         'x-image-meta-disk-format': 'vhd',
         'x-image-meta-container-format': 'ovf',
-        'x-image-meta-property-os-type': os_type
-    }
+        'x-image-meta-property-os-type': os_type}
 
     for header, value in headers.iteritems():
         conn.putheader(header, value)
-- 
cgit 


From ba0160cacac1c7db71eadd6624ee75a014c18378 Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Thu, 17 Mar 2011 18:06:05 +0300
Subject: refactored: network_info creation extracted to method

---
 nova/virt/libvirt_conn.py | 74 +++++++++++++++++++++++++----------------------
 1 file changed, 40 insertions(+), 34 deletions(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index c122ac8d4..90bd5421c 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -154,6 +154,45 @@ def _get_ip_version(cidr):
         return int(net.version())
 
 
+def _get_network_info(instance):
+    admin_context = context.get_admin_context()
+
+    ip_addresses = db.fixed_ip_get_all_by_instance(admin_context,
+                                                   instance['id'])
+
+    networks = db.network_get_all_by_instance(admin_context,
+                                              instance['id'])
+    network_info = []
+
+    def ip_dict(ip):
+        return {
+            "ip": ip.address,
+            "netmask": network["netmask"],
+            "enabled": "1"}
+
+    def ip6_dict(ip6):
+        return  {
+            "ip": ip6.addressV6,
+            "netmask": ip6.netmaskV6,
+            "gateway": ip6.gatewayV6,
+            "enabled": "1"}
+
+    for network in networks:
+        network_ips = [ip for ip in ip_addresses
+                       if ip.network_id == network.id]
+
+        mapping = {
+            'label': network['label'],
+            'gateway': network['gateway'],
+            'mac': instance.mac_address,
+            'dns': [network['dns']],
+            'ips': [ip_dict(ip) for ip in network_ips],
+            'ip6s': [ip6_dict(ip) for ip in network_ips]}
+
+    network_info.append((network, mapping))
+    return network_info
+
+
 class LibvirtConnection(object):
 
     def __init__(self, read_only):
@@ -742,43 +781,10 @@ class LibvirtConnection(object):
         # TODO(termie): cache?
         LOG.debug(_('instance %s: starting toXML method'), instance['name'])
 
-        ip_addresses = db.fixed_ip_get_all_by_instance(admin_context,
-                                                       instance['id'])
-
-        networks = db.network_get_all_by_instance(admin_context,
-                                                  instance['id'])
-
         #TODO(ilyaalekseyev) remove network_info creation code
         # when multinics will be completed
         if network_info is None:
-            network_info = []
-
-            def ip_dict(ip):
-                return {
-                    "ip": ip.address,
-                    "netmask": network["netmask"],
-                    "enabled": "1"}
-
-            def ip6_dict(ip6):
-                return  {
-                    "ip": ip6.addressV6,
-                    "netmask": ip6.netmaskV6,
-                    "gateway": ip6.gatewayV6,
-                    "enabled": "1"}
-
-            for network in networks:
-                network_ips = [ip for ip in ip_addresses
-                               if ip.network_id == network.id]
-
-                mapping = {
-                    'label': network['label'],
-                    'gateway': network['gateway'],
-                    'mac': instance.mac_address,
-                    'dns': [network['dns']],
-                    'ips': [ip_dict(ip) for ip in network_ips],
-                    'ip6s': [ip6_dict(ip) for ip in network_ips]}
-
-                network_info.append((network, mapping))
+            network_info = _get_network_info(instance)
 
         nics = []
         for (network, mapping) in network_info:
-- 
cgit 


From 720ba5d5c9ad2c24d9f0275fb783f191836a75f3 Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Thu, 17 Mar 2011 18:22:48 +0300
Subject: bugfix

---
 nova/virt/libvirt_conn.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 90bd5421c..b26955d42 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -155,6 +155,8 @@ def _get_ip_version(cidr):
 
 
 def _get_network_info(instance):
+    #TODO(ilyaalekseyev) If we will keep this function
+    # we should cache network_info
     admin_context = context.get_admin_context()
 
     ip_addresses = db.fixed_ip_get_all_by_instance(admin_context,
@@ -189,7 +191,7 @@ def _get_network_info(instance):
             'ips': [ip_dict(ip) for ip in network_ips],
             'ip6s': [ip6_dict(ip) for ip in network_ips]}
 
-    network_info.append((network, mapping))
+        network_info.append((network, mapping))
     return network_info
 
 
-- 
cgit 


From 1f99a95b8615e55c9828eb36e12b9aaa762470bb Mon Sep 17 00:00:00 2001
From: Eldar Nugaev <enugaev@griddynamics.com>
Date: Thu, 17 Mar 2011 20:48:22 +0300
Subject: fixed IpTablesFirewal

---
 nova/virt/libvirt_conn.py | 88 +++++++++++++++++++++++++++++++++++------------
 1 file changed, 66 insertions(+), 22 deletions(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index b26955d42..fcaf8d879 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1663,6 +1663,8 @@ class IptablesFirewallDriver(FirewallDriver):
 
     def setup_basic_filtering(self, instance, network_info=None):
         """Use NWFilter from libvirt for this."""
+        if not network_info:
+            network_info = _get_network_info(instance)
         return self.nwfilter.setup_basic_filtering(instance, network_info)
 
     def apply_instance_filter(self, instance):
@@ -1678,28 +1680,47 @@ class IptablesFirewallDriver(FirewallDriver):
                      'filtered'), instance['id'])
 
     def prepare_instance_filter(self, instance, network_info=None):
+        if not network_info:
+            network_info = _get_network_info(instance)
         self.instances[instance['id']] = instance
-        self.add_filters_for_instance(instance)
+        self.add_filters_for_instance(instance, network_info)
         self.iptables.apply()
 
-    def add_filters_for_instance(self, instance):
+    def add_filters_for_instance(self, instance, network_info=None):
+        if not network_info:
+            network_info = _get_network_info(instance)
         chain_name = self._instance_chain_name(instance)
 
         self.iptables.ipv4['filter'].add_chain(chain_name)
-        ipv4_address = self._ip_for_instance(instance)
-        self.iptables.ipv4['filter'].add_rule('local',
-                                              '-d %s -j $%s' %
-                                              (ipv4_address, chain_name))
+
+        if network_info:
+            ips_v4 = []
+            for (_n, mapping) in network_info:
+                for ip in mapping['ips']:
+                    ips_v4.append(ip['ip'])
+        else:
+            ips_v4 = [self._ip_for_instance(instance)]
+
+        for ipv4_address in ips_v4:
+            self.iptables.ipv4['filter'].add_rule('local',
+                                                  '-d %s -j $%s' %
+                                                  (ipv4_address, chain_name))
 
         if FLAGS.use_ipv6:
             self.iptables.ipv6['filter'].add_chain(chain_name)
-            ipv6_address = self._ip_for_instance_v6(instance)
-            self.iptables.ipv6['filter'].add_rule('local',
-                                                  '-d %s -j $%s' %
-                                                  (ipv6_address,
-                                                   chain_name))
+            if network_info:
+                ips_v6 = [ip['ip'] for ip in mapping['ip6s'] for (_n, mapping)
+                        in network_info]
+            else:
+                ips_v6 = [self._ip_for_instance_v6(instance)]
+
+            for ipv6_address in ips_v6:
+                self.iptables.ipv6['filter'].add_rule('local',
+                                                      '-d %s -j $%s' %
+                                                      (ipv6_address,
+                                                       chain_name))
 
-        ipv4_rules, ipv6_rules = self.instance_rules(instance)
+        ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
 
         for rule in ipv4_rules:
             self.iptables.ipv4['filter'].add_rule(chain_name, rule)
@@ -1715,7 +1736,9 @@ class IptablesFirewallDriver(FirewallDriver):
         if FLAGS.use_ipv6:
             self.iptables.ipv6['filter'].remove_chain(chain_name)
 
-    def instance_rules(self, instance):
+    def instance_rules(self, instance, network_info=None):
+        if not network_info:
+            network_info = _get_network_info(instance)
         ctxt = context.get_admin_context()
 
         ipv4_rules = []
@@ -1729,28 +1752,49 @@ class IptablesFirewallDriver(FirewallDriver):
         ipv4_rules += ['-m state --state ESTABLISHED,RELATED -j ACCEPT']
         ipv6_rules += ['-m state --state ESTABLISHED,RELATED -j ACCEPT']
 
-        dhcp_server = self._dhcp_server_for_instance(instance)
-        ipv4_rules += ['-s %s -p udp --sport 67 --dport 68 '
-                       '-j ACCEPT' % (dhcp_server,)]
+        if network_info:
+            dhcp_servers = [network['gateway'] for (network, _m)
+                            in network_info]
+        else:
+            dhcp_servers = [self._dhcp_server_for_instance(instance)]
+
+        for dhcp_server in dhcp_servers:
+            ipv4_rules += ['-s %s -p udp --sport 67 --dport 68 '
+                           '-j ACCEPT' % (dhcp_server,)]
 
         #Allow project network traffic
         if FLAGS.allow_project_net_traffic:
-            cidr = self._project_cidr_for_instance(instance)
-            ipv4_rules += ['-s %s -j ACCEPT' % (cidr,)]
+            if network_info:
+                cidrs = [network['cidr'] for (network, _m) in network_info]
+            else:
+                cidrs = [self._project_cidr_for_instance(instance)]
+            for cidr in cidrs:
+                ipv4_rules += ['-s %s -j ACCEPT' % (cidr,)]
 
         # We wrap these in FLAGS.use_ipv6 because they might cause
         # a DB lookup. The other ones are just list operations, so
         # they're not worth the clutter.
         if FLAGS.use_ipv6:
             # Allow RA responses
-            ra_server = self._ra_server_for_instance(instance)
-            if ra_server:
+            if network_info:
+                ra_servers = [network['ra_server'] for (network, _m)
+                             in network_info]
+            else:
+                ra_servers = [self._ra_server_for_instance(instance)]
+
+            for ra_server in ra_servers:
                 ipv6_rules += ['-s %s/128 -p icmpv6 -j ACCEPT' % (ra_server,)]
 
             #Allow project network traffic
             if FLAGS.allow_project_net_traffic:
-                cidrv6 = self._project_cidrv6_for_instance(instance)
-                ipv6_rules += ['-s %s -j ACCEPT' % (cidrv6,)]
+                if network_info:
+                    cidrv6s = [network['cidr_v6'] for (network, _m)
+                              in network_info]
+                else:
+                    cidrv6s = [self._project_cidrv6_for_instance(instance)]
+
+                for cidrv6 in cidrv6s:
+                    ipv6_rules += ['-s %s -j ACCEPT' % (cidrv6,)]
 
         security_groups = db.security_group_get_by_instance(ctxt,
                                                             instance['id'])
-- 
cgit 


From 31388f18f8c0ebe3cae58ebd2a46e2bedb376fd4 Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Thu, 17 Mar 2011 20:56:25 +0300
Subject: fixes for NWFilterFirewall and net injection

---
 nova/virt/interfaces.template | 18 +++++++-------
 nova/virt/libvirt_conn.py     | 58 +++++++++++++++++++++++++++++--------------
 2 files changed, 49 insertions(+), 27 deletions(-)

diff --git a/nova/virt/interfaces.template b/nova/virt/interfaces.template
index 87b92b84a..7d40a0f69 100644
--- a/nova/virt/interfaces.template
+++ b/nova/virt/interfaces.template
@@ -5,13 +5,13 @@
 auto lo
 iface lo inet loopback
 
-# The primary network interface
-auto eth0
-iface eth0 inet static
-        address %(address)s
-        netmask %(netmask)s
-        broadcast %(broadcast)s
-        gateway %(gateway)s
-        dns-nameservers %(dns)s
-
+#for $ifc in $interfaces
+auto ${ifc.name}
+iface ${ifc.name} inet static
+        address ${ifc.address}
+        netmask ${ifc.netmask}
+        broadcast ${ifc.broadcast}
+        gateway ${ifc.gateway}
+        dns-nameservers ${ifc.dns}
 
+#end for
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index b26955d42..bc6c9f37d 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -623,6 +623,9 @@ class LibvirtConnection(object):
 
     def _create_image(self, inst, libvirt_xml, suffix='', disk_images=None,
                         network_info=None):
+        if network_info is None:
+            network_info = _get_network_info(inst)
+
         # syntactic nicety
         def basepath(fname='', suffix=suffix):
             return os.path.join(FLAGS.instances_path,
@@ -698,21 +701,32 @@ class LibvirtConnection(object):
 
         key = str(inst['key_data'])
         net = None
-        network_ref = db.network_get_by_instance(context.get_admin_context(),
-                                                 inst['id'])
-        if network_ref['injected']:
-            admin_context = context.get_admin_context()
-            address = db.instance_get_fixed_address(admin_context, inst['id'])
-            ra_server = network_ref['ra_server']
-            if not ra_server:
-                ra_server = "fd00::"
-            with open(FLAGS.injected_network_template) as f:
-                net = f.read() % {'address': address,
-                                  'netmask': network_ref['netmask'],
-                                  'gateway': network_ref['gateway'],
-                                  'broadcast': network_ref['broadcast'],
-                                  'dns': network_ref['dns'],
-                                  'ra_server': ra_server}
+        #network_ref = db.network_get_by_instance(context.get_admin_context(),
+        #                                         inst['id'])
+
+        nets = []
+        ifc_template = open(FLAGS.injected_network_template).read()
+        ifc_num = -1
+        for (network_ref, _m) in network_info:
+            ifc_num += 1
+            if network_ref['injected']:
+                admin_context = context.get_admin_context()
+                address = db.instance_get_fixed_address(
+                                admin_context, inst['id'])
+                ra_server = network_ref['ra_server']
+                if not ra_server:
+                    ra_server = "fd00::"
+                net_info = {'name': 'eth%d' % ifc_num,
+                       'address': address,
+                       'netmask': network_ref['netmask'],
+                       'gateway': network_ref['gateway'],
+                       'broadcast': network_ref['broadcast'],
+                       'dns': network_ref['dns'],
+                       'ra_server': ra_server}
+                nets.append(net_info)
+
+        net = str(Template(ifc_template, searchList=[{'interfaces': nets}]))
+
         if key or net:
             inst_name = inst['name']
             img_id = inst.image_id
@@ -738,6 +752,7 @@ class LibvirtConnection(object):
         # Assume that the gateway also acts as the dhcp server.
         dhcp_server = network['gateway']
         ra_server = network['ra_server']
+        mac_id = mapping['mac'].replace(':', '')
 
         if FLAGS.allow_project_net_traffic:
             if FLAGS.use_ipv6:
@@ -764,7 +779,7 @@ class LibvirtConnection(object):
             extra_params = "\n"
 
         result = {
-            'id': mapping['mac'].replace(':', ''),
+            'id': mac_id,
             'bridge_name': network['bridge'],
             'mac_address': mapping['mac'],
             'ip_address': mapping['ips'][0]['ip'],
@@ -1362,6 +1377,11 @@ class FirewallDriver(object):
                                              instance['id'])
         return network['ra_server']
 
+    def _all_ra_servers_for_instance(selfself, instance):
+        networks = db.network_get_all_by_instance(context.get_admin_context(),
+                                                  instance['id'])
+        return [network['ra_server'] for network in networks]
+
 
 class NWFilterFirewall(FirewallDriver):
     """
@@ -1576,8 +1596,10 @@ class NWFilterFirewall(FirewallDriver):
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
         if FLAGS.use_ipv6:
-            ra_server = self._ra_server_for_instance(instance)
-            if ra_server:
+            #ra_server = self._ra_server_for_instance(instance)
+            ra_servers = self._all_ra_servers_for_instance(instance)
+            #if ra_server:
+            if len(ra_servers) != 0:
                 instance_secgroup_filter_children += ['nova-allow-ra-server']
 
         ctxt = context.get_admin_context()
-- 
cgit 


From f5dada1e0193f9fff89735f169aafffbac1cbd4a Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Wed, 23 Mar 2011 19:22:51 +0300
Subject: review comments fixed

---
 nova/virt/interfaces.template |  4 ++++
 nova/virt/libvirt_conn.py     | 45 ++++++++++++++++++++-----------------------
 2 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/nova/virt/interfaces.template b/nova/virt/interfaces.template
index 7d40a0f69..a946a1000 100644
--- a/nova/virt/interfaces.template
+++ b/nova/virt/interfaces.template
@@ -7,11 +7,15 @@ iface lo inet loopback
 
 #for $ifc in $interfaces
 auto ${ifc.name}
+#if $getVar('ifc.address', None)
 iface ${ifc.name} inet static
         address ${ifc.address}
         netmask ${ifc.netmask}
         broadcast ${ifc.broadcast}
         gateway ${ifc.gateway}
         dns-nameservers ${ifc.dns}
+#else
+iface ${ifc.name} inet dhcp
+#end if
 
 #end for
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 579e2960a..7353d1909 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -623,7 +623,7 @@ class LibvirtConnection(object):
 
     def _create_image(self, inst, libvirt_xml, suffix='', disk_images=None,
                         network_info=None):
-        if network_info is None:
+        if not network_info:
             network_info = _get_network_info(inst)
 
         # syntactic nicety
@@ -707,15 +707,16 @@ class LibvirtConnection(object):
         nets = []
         ifc_template = open(FLAGS.injected_network_template).read()
         ifc_num = -1
-        for (network_ref, _m) in network_info:
+        admin_context = context.get_admin_context()
+        for (network_ref, _) in network_info:
             ifc_num += 1
-            if network_ref['injected']:
-                admin_context = context.get_admin_context()
+
+            if not 'injected' in network_ref:
+                net_info = {'name': 'eth%d' % ifc_num}
+            else:
                 address = db.instance_get_fixed_address(
                                 admin_context, inst['id'])
-                ra_server = network_ref['ra_server']
-                if not ra_server:
-                    ra_server = "fd00::"
+                ra_server = network_ref.get('ra_server', "fd00::")
                 net_info = {'name': 'eth%d' % ifc_num,
                        'address': address,
                        'netmask': network_ref['netmask'],
@@ -800,7 +801,7 @@ class LibvirtConnection(object):
 
         #TODO(ilyaalekseyev) remove network_info creation code
         # when multinics will be completed
-        if network_info is None:
+        if not network_info:
             network_info = _get_network_info(instance)
 
         nics = []
@@ -809,9 +810,8 @@ class LibvirtConnection(object):
                                               network,
                                               mapping))
         # FIXME(vish): stick this in db
-        instance_type = instance['instance_type']
-        # instance_type = test.INSTANCE_TYPES[instance_type]
-        instance_type = instance_types.get_instance_type(instance_type)
+        instance_type_name = instance['instance_type']
+        instance_type = instance_types.get_instance_type(instance_type_name)
 
         if FLAGS.use_cow_images:
             driver_type = 'qcow2'
@@ -1608,10 +1608,8 @@ class NWFilterFirewall(FirewallDriver):
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
         if FLAGS.use_ipv6:
-            #ra_server = self._ra_server_for_instance(instance)
             ra_servers = self._all_ra_servers_for_instance(instance)
-            #if ra_server:
-            if len(ra_servers) != 0:
+            if ra_servers:
                 instance_secgroup_filter_children += ['nova-allow-ra-server']
 
         ctxt = context.get_admin_context()
@@ -1729,10 +1727,8 @@ class IptablesFirewallDriver(FirewallDriver):
 
         self.iptables.ipv4['filter'].add_chain(chain_name)
 
-        ips_v4 = []
-        for (_n, mapping) in network_info:
-            for ip in mapping['ips']:
-                ips_v4.append(ip['ip'])
+        ips_v4 = [ip['ip'] for (_, mapping) in network_info
+                            for ip in mapping['ips']]
 
         for ipv4_address in ips_v4:
             self.iptables.ipv4['filter'].add_rule('local',
@@ -1741,8 +1737,8 @@ class IptablesFirewallDriver(FirewallDriver):
 
         if FLAGS.use_ipv6:
             self.iptables.ipv6['filter'].add_chain(chain_name)
-            ips_v6 = [ip['ip'] for ip in mapping['ip6s'] for (_n, mapping)
-                        in network_info]
+            ips_v6 = [ip['ip'] for (_, mapping) in network_info
+                                 for ip in mapping['ip6s']]
 
             for ipv6_address in ips_v6:
                 self.iptables.ipv6['filter'].add_rule('local',
@@ -1785,14 +1781,14 @@ class IptablesFirewallDriver(FirewallDriver):
         dhcp_servers = [network['gateway'] for (network, _m) in network_info]
 
         for dhcp_server in dhcp_servers:
-            ipv4_rules += ['-s %s -p udp --sport 67 --dport 68 '
-                           '-j ACCEPT' % (dhcp_server,)]
+            ipv4_rules.append('-s %s -p udp --sport 67 --dport 68 '
+                              '-j ACCEPT' % (dhcp_server,))
 
         #Allow project network traffic
         if FLAGS.allow_project_net_traffic:
             cidrs = [network['cidr'] for (network, _m) in network_info]
             for cidr in cidrs:
-                ipv4_rules += ['-s %s -j ACCEPT' % (cidr,)]
+                ipv4_rules.append('-s %s -j ACCEPT' % (cidr,))
 
         # We wrap these in FLAGS.use_ipv6 because they might cause
         # a DB lookup. The other ones are just list operations, so
@@ -1803,7 +1799,8 @@ class IptablesFirewallDriver(FirewallDriver):
                           in network_info]
 
             for ra_server in ra_servers:
-                ipv6_rules += ['-s %s/128 -p icmpv6 -j ACCEPT' % (ra_server,)]
+                ipv6_rules.append('-s %s/128 -p icmpv6 -j ACCEPT'
+                                    % (ra_server,))
 
             #Allow project network traffic
             if FLAGS.allow_project_net_traffic:
-- 
cgit 


From a8a345630bd90a74bae00e11dbaf013c60dc7d84 Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Wed, 23 Mar 2011 21:44:58 +0300
Subject: pep8 fixed

---
 nova/virt/libvirt_conn.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 5a5f2b14b..5c9e48864 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -717,7 +717,7 @@ class LibvirtConnection(object):
 
             if not 'injected' in network_ref:
                 continue
-            
+
             address = mapping['ips'][0]['ip']
             address_v6 = None
             if FLAGS.use_ipv6:
@@ -1924,4 +1924,3 @@ class IptablesFirewallDriver(FirewallDriver):
         network = db.network_get_by_instance(context.get_admin_context(),
                                              instance['id'])
         return network['cidr_v6']
-
-- 
cgit 


From 683fcb5da6e742e2b9f1750939dc6a17776d59de Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Wed, 23 Mar 2011 21:56:24 +0300
Subject: xml template fixed

---
 nova/virt/libvirt.xml.template | 2 +-
 nova/virt/libvirt_conn.py      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/nova/virt/libvirt.xml.template b/nova/virt/libvirt.xml.template
index ca03900a8..d74a9e85b 100644
--- a/nova/virt/libvirt.xml.template
+++ b/nova/virt/libvirt.xml.template
@@ -82,7 +82,7 @@
                 ${nic.extra_params}
 #end if
 #if $getVar('nic.gateway_v6', False)
-                <parameter name="RASERVER" value="${gateway_v6}" />
+                <parameter name="RASERVER" value="${nic.gateway_v6}" />
 #end if
             </filterref>
         </interface>
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 5c9e48864..bed348332 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -797,7 +797,7 @@ class LibvirtConnection(object):
         }
 
         if gateway_v6:
-            xml_info['gateway_v6'] = gateway_v6 + "/128"
+            result['gateway_v6'] = gateway_v6 + "/128"
 
         return result
 
-- 
cgit 


From 514e748e3000f97a9d1c03ba3b5ab6faff79abfd Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Wed, 23 Mar 2011 22:08:22 +0300
Subject: one more minor fix

---
 nova/virt/libvirt_conn.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index bed348332..6fb7c06bd 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -1814,7 +1814,7 @@ class IptablesFirewallDriver(FirewallDriver):
                           in network_info]
 
                 for cidrv6 in cidrv6s:
-                    ipv6_rules += ['-s %s -j ACCEPT' % (cidrv6,)]
+                    ipv6_rules.append('-s %s -j ACCEPT' % (cidrv6,))
 
         security_groups = db.security_group_get_by_instance(ctxt,
                                                             instance['id'])
-- 
cgit 


From 95fa499f1a7718694e37a747a6a5a0e309ce877d Mon Sep 17 00:00:00 2001
From: Eldar Nugaev <enugaev@griddynamics.com>
Date: Thu, 24 Mar 2011 00:36:07 +0300
Subject: migration gateway_v6 to network_info

---
 nova/tests/test_virt.py   |  3 ++-
 nova/utils.py             | 14 ++++++++-----
 nova/virt/libvirt_conn.py | 53 +++++++----------------------------------------
 3 files changed, 19 insertions(+), 51 deletions(-)

diff --git a/nova/tests/test_virt.py b/nova/tests/test_virt.py
index b214f5ce7..98bb11526 100644
--- a/nova/tests/test_virt.py
+++ b/nova/tests/test_virt.py
@@ -785,7 +785,8 @@ class NWFilterTestCase(test.TestCase):
 
         instance_ref = db.instance_create(self.context,
                                           {'user_id': 'fake',
-                                          'project_id': 'fake'})
+                                          'project_id': 'fake',
+                                          'mac_address': '00:A0:C9:14:C8:29'})
         inst_id = instance_ref['id']
 
         ip = '10.11.12.13'
diff --git a/nova/utils.py b/nova/utils.py
index 499af2039..44234813f 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -309,11 +309,15 @@ def  get_my_linklocal(interface):
 
 
 def to_global_ipv6(prefix, mac):
-    mac64 = netaddr.EUI(mac).eui64().words
-    int_addr = int(''.join(['%02x' % i for i in mac64]), 16)
-    mac64_addr = netaddr.IPAddress(int_addr)
-    maskIP = netaddr.IPNetwork(prefix).ip
-    return (mac64_addr ^ netaddr.IPAddress('::0200:0:0:0') | maskIP).format()
+    try:
+        mac64 = netaddr.EUI(mac).eui64().words
+        int_addr = int(''.join(['%02x' % i for i in mac64]), 16)
+        mac64_addr = netaddr.IPAddress(int_addr)
+        maskIP = netaddr.IPNetwork(prefix).ip
+        return (mac64_addr ^ netaddr.IPAddress('::0200:0:0:0') | maskIP).\
+        format()
+    except TypeError:
+        raise TypeError(_("Bad mac for to_global_ipv6: %s" % mac))
 
 
 def to_mac(ipv6_address):
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 6fb7c06bd..dd2439e42 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -757,7 +757,7 @@ class LibvirtConnection(object):
         if FLAGS.libvirt_type == 'uml':
             utils.execute('sudo', 'chown', 'root', basepath('disk'))
 
-    def _get_nic_for_xml(self, instance_id, network, mapping):
+    def _get_nic_for_xml(self, network, mapping):
         # Assume that the gateway also acts as the dhcp server.
         dhcp_server = network['gateway']
         gateway_v6 = network['gateway_v6']
@@ -802,8 +802,6 @@ class LibvirtConnection(object):
         return result
 
     def to_xml(self, instance, rescue=False, network_info=None):
-        admin_context = context.get_admin_context()
-
         # TODO(termie): cache?
         LOG.debug(_('instance %s: starting toXML method'), instance['name'])
 
@@ -814,8 +812,7 @@ class LibvirtConnection(object):
 
         nics = []
         for (network, mapping) in network_info:
-            nics.append(self._get_nic_for_xml(instance['id'],
-                                              network,
+            nics.append(self._get_nic_for_xml(network,
                                               mapping))
         # FIXME(vish): stick this in db
         instance_type_name = instance['instance_type']
@@ -1392,16 +1389,6 @@ class FirewallDriver(object):
         """
         raise NotImplementedError()
 
-    def _gateway_v6_for_instance(self, instance):
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        return network['gateway_v6']
-
-    def _all_gateway_v6_for_instance(self, instance):
-        networks = db.network_get_all_by_instance(context.get_admin_context(),
-                                                  instance['id'])
-        return [network['gateway_v6'] for network in networks]
-
 
 class NWFilterFirewall(FirewallDriver):
     """
@@ -1604,6 +1591,8 @@ class NWFilterFirewall(FirewallDriver):
         it makes sure the filters for the security groups as well as
         the base filter are all in place.
         """
+        if not network_info:
+            network_info = _get_network_info(instance)
         if instance['image_id'] == FLAGS.vpn_image_id:
             base_filter = 'nova-vpn'
         else:
@@ -1616,7 +1605,8 @@ class NWFilterFirewall(FirewallDriver):
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
         if FLAGS.use_ipv6:
-            gateways_v6 = self._all_gateway_v6_for_instance(instance)
+            gateways_v6 = [network['gateway_v6'] for (network, _) in
+                           network_info]
             if gateways_v6:
                 instance_secgroup_filter_children += ['nova-allow-ra-server']
 
@@ -1803,7 +1793,8 @@ class IptablesFirewallDriver(FirewallDriver):
         # they're not worth the clutter.
         if FLAGS.use_ipv6:
             # Allow RA responses
-            gateways_v6 = self._all_gateway_v6_for_instance(instance)
+            gateways_v6 = [network['gateway_v6'] for (network, _) in
+                           network_info]
             for gateway_v6 in gateways_v6:
                 ipv6_rules.append(
                         '-s %s/128 -p icmpv6 -j ACCEPT' % (gateway_v6,))
@@ -1896,31 +1887,3 @@ class IptablesFirewallDriver(FirewallDriver):
 
     def _instance_chain_name(self, instance):
         return 'inst-%s' % (instance['id'],)
-
-    def _ip_for_instance(self, instance):
-        return db.instance_get_fixed_address(context.get_admin_context(),
-                                             instance['id'])
-
-    def _ip_for_instance_v6(self, instance):
-        return db.instance_get_fixed_address_v6(context.get_admin_context(),
-                                             instance['id'])
-
-    def _dhcp_server_for_instance(self, instance):
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        return network['gateway']
-
-    def _gateway_v6_for_instance(self, instance):
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        return network['gateway_v6']
-
-    def _project_cidr_for_instance(self, instance):
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        return network['cidr']
-
-    def _project_cidrv6_for_instance(self, instance):
-        network = db.network_get_by_instance(context.get_admin_context(),
-                                             instance['id'])
-        return network['cidr_v6']
-- 
cgit 


From 5170e8b5dd96cf8c7bb91e84203cfaebb099af46 Mon Sep 17 00:00:00 2001
From: Eldar Nugaev <enugaev@griddynamics.com>
Date: Thu, 24 Mar 2011 00:56:56 +0300
Subject: small fix

---
 nova/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nova/utils.py b/nova/utils.py
index 44234813f..fabc01532 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -317,7 +317,7 @@ def to_global_ipv6(prefix, mac):
         return (mac64_addr ^ netaddr.IPAddress('::0200:0:0:0') | maskIP).\
         format()
     except TypeError:
-        raise TypeError(_("Bad mac for to_global_ipv6: %s" % mac))
+        raise TypeError(_("Bad mac for to_global_ipv6: %s") % mac)
 
 
 def to_mac(ipv6_address):
-- 
cgit 


From 4e5b511b422501167161c3bbe4dd755c0370c93f Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Thu, 24 Mar 2011 16:53:32 +0300
Subject: couple of bugs fixed

---
 nova/tests/test_virt.py   |  3 +-
 nova/virt/libvirt_conn.py | 75 ++++++++++++++++++++++++++++++-----------------
 2 files changed, 50 insertions(+), 28 deletions(-)

diff --git a/nova/tests/test_virt.py b/nova/tests/test_virt.py
index 98bb11526..12f97383e 100644
--- a/nova/tests/test_virt.py
+++ b/nova/tests/test_virt.py
@@ -803,7 +803,8 @@ class NWFilterTestCase(test.TestCase):
                                             'instance_id': instance_ref['id']})
 
         def _ensure_all_called():
-            instance_filter = 'nova-instance-%s' % instance_ref['name']
+            instance_filter = 'nova-instance-%s-%s' % (instance_ref['name'],
+                                                       '00A0C914C829')
             secgroup_filter = 'nova-secgroup-%s' % self.security_group['id']
             for required in [secgroup_filter, 'allow-dhcp-server',
                              'no-arp-spoofing', 'no-ip-spoofing',
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index dd2439e42..bbb5699e9 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -189,8 +189,10 @@ def _get_network_info(instance):
             'gateway': network['gateway'],
             'mac': instance.mac_address,
             'dns': [network['dns']],
-            'ips': [ip_dict(ip) for ip in network_ips],
-            'ip6s': [ip6_dict(ip) for ip in network_ips]}
+            'ips': [ip_dict(ip) for ip in network_ips]}
+
+        if FLAGS.use_ipv6:
+            mapping['ip6s'] = [ip6_dict(ip) for ip in network_ips]
 
         network_info.append((network, mapping))
     return network_info
@@ -632,6 +634,8 @@ class LibvirtConnection(object):
         if not network_info:
             network_info = _get_network_info(inst)
 
+        if not suffix:
+            suffix = ''
         # syntactic nicety
         def basepath(fname='', suffix=suffix):
             return os.path.join(FLAGS.instances_path,
@@ -1484,6 +1488,9 @@ class NWFilterFirewall(FirewallDriver):
         """Set up basic filtering (MAC, IP, and ARP spoofing protection)"""
         logging.info('called setup_basic_filtering in nwfilter')
 
+        if not network_info:
+            network_info = _get_network_info(instance)
+
         if self.handle_security_groups:
             # No point in setting up a filter set that we'll be overriding
             # anyway.
@@ -1492,9 +1499,11 @@ class NWFilterFirewall(FirewallDriver):
         logging.info('ensuring static filters')
         self._ensure_static_filters()
 
-        instance_filter_name = self._instance_filter_name(instance)
-        self._define_filter(self._filter_container(instance_filter_name,
-                                                   ['nova-base']))
+        for (network, mapping) in network_info:
+            nic_id = mapping['mac'].replace(':', '')
+            instance_filter_name = self._instance_filter_name(instance, nic_id)
+            self._define_filter(self._filter_container(instance_filter_name,
+                                                       ['nova-base']))
 
     def _ensure_static_filters(self):
         if self.static_filters_configured:
@@ -1598,38 +1607,47 @@ class NWFilterFirewall(FirewallDriver):
         else:
             base_filter = 'nova-base'
 
-        instance_filter_name = self._instance_filter_name(instance)
-        instance_secgroup_filter_name = '%s-secgroup' % (instance_filter_name,)
-        instance_filter_children = [base_filter, instance_secgroup_filter_name]
+        ctxt = context.get_admin_context()
+
+        instance_secgroup_filter_name = \
+            '%s-secgroup' % (self._instance_filter_name(instance))
+            #% (instance_filter_name,)
+
         instance_secgroup_filter_children = ['nova-base-ipv4',
                                              'nova-base-ipv6',
                                              'nova-allow-dhcp-server']
-        if FLAGS.use_ipv6:
-            gateways_v6 = [network['gateway_v6'] for (network, _) in
-                           network_info]
-            if gateways_v6:
-                instance_secgroup_filter_children += ['nova-allow-ra-server']
 
-        ctxt = context.get_admin_context()
-
-        if FLAGS.allow_project_net_traffic:
-            instance_filter_children += ['nova-project']
-            if FLAGS.use_ipv6:
-                instance_filter_children += ['nova-project-v6']
-
-        for security_group in db.security_group_get_by_instance(ctxt,
-                                                               instance['id']):
+        for security_group in \
+                db.security_group_get_by_instance(ctxt, instance['id']):
 
             self.refresh_security_group_rules(security_group['id'])
 
             instance_secgroup_filter_children += [('nova-secgroup-%s' %
-                                                         security_group['id'])]
+                                                    security_group['id'])]
 
-        self._define_filter(
+            self._define_filter(
                     self._filter_container(instance_secgroup_filter_name,
                                            instance_secgroup_filter_children))
 
-        self._define_filter(
+        for (network, mapping) in network_info:
+            nic_id = mapping['mac'].replace(':', '')
+            instance_filter_name = self._instance_filter_name(instance, nic_id)
+            instance_filter_children = \
+                [base_filter, instance_secgroup_filter_name]
+
+            if FLAGS.use_ipv6:
+                gateway_v6 = network['gateway_v6']
+
+                if gateway_v6:
+                    instance_secgroup_filter_children += \
+                        ['nova-allow-ra-server']
+
+            if FLAGS.allow_project_net_traffic:
+                instance_filter_children += ['nova-project']
+                if FLAGS.use_ipv6:
+                    instance_filter_children += ['nova-project-v6']
+
+            self._define_filter(
                     self._filter_container(instance_filter_name,
                                            instance_filter_children))
 
@@ -1677,8 +1695,11 @@ class NWFilterFirewall(FirewallDriver):
             xml += "chain='ipv4'>%s</filter>" % rule_xml
         return xml
 
-    def _instance_filter_name(self, instance):
-        return 'nova-instance-%s' % instance['name']
+    def _instance_filter_name(self, instance, nic_id=None):
+        if not nic_id:
+            return 'nova-instance-%s' % (instance['name'])
+        
+        return 'nova-instance-%s-%s' % (instance['name'], nic_id)
 
 
 class IptablesFirewallDriver(FirewallDriver):
-- 
cgit 


From fa582b2e10e43bbb81e0e5c3baf4560300711271 Mon Sep 17 00:00:00 2001
From: Eldar Nugaev <enugaev@griddynamics.com>
Date: Thu, 24 Mar 2011 17:24:44 +0300
Subject: pep8 clearing

---
 nova/virt/libvirt_conn.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index bbb5699e9..181de4540 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -636,6 +636,7 @@ class LibvirtConnection(object):
 
         if not suffix:
             suffix = ''
+
         # syntactic nicety
         def basepath(fname='', suffix=suffix):
             return os.path.join(FLAGS.instances_path,
@@ -1698,7 +1699,6 @@ class NWFilterFirewall(FirewallDriver):
     def _instance_filter_name(self, instance, nic_id=None):
         if not nic_id:
             return 'nova-instance-%s' % (instance['name'])
-        
         return 'nova-instance-%s-%s' % (instance['name'], nic_id)
 
 
-- 
cgit 


From c3b98443263de944aa54ae4948330b6cfb9a02a6 Mon Sep 17 00:00:00 2001
From: Ilya Alekseyev <ialekseev@griddynamics.com>
Date: Thu, 24 Mar 2011 23:00:16 +0300
Subject: style and spacing  fixed

---
 nova/utils.py             | 2 +-
 nova/virt/libvirt_conn.py | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/nova/utils.py b/nova/utils.py
index d3375abc3..29e33ad9e 100644
--- a/nova/utils.py
+++ b/nova/utils.py
@@ -316,7 +316,7 @@ def to_global_ipv6(prefix, mac):
         mac64_addr = netaddr.IPAddress(int_addr)
         maskIP = netaddr.IPNetwork(prefix).ip
         return (mac64_addr ^ netaddr.IPAddress('::0200:0:0:0') | maskIP).\
-        format()
+                                                                    format()
     except TypeError:
         raise TypeError(_("Bad mac for to_global_ipv6: %s") % mac)
 
diff --git a/nova/virt/libvirt_conn.py b/nova/virt/libvirt_conn.py
index 0211cb4d8..f41f4df5e 100644
--- a/nova/virt/libvirt_conn.py
+++ b/nova/virt/libvirt_conn.py
@@ -154,7 +154,7 @@ def _get_ip_version(cidr):
 
 
 def _get_network_info(instance):
-    #TODO(ilyaalekseyev) If we will keep this function
+    # TODO(adiantum) If we will keep this function
     # we should cache network_info
     admin_context = context.get_admin_context()
 
@@ -837,7 +837,7 @@ class LibvirtConnection(driver.ComputeDriver):
         # TODO(termie): cache?
         LOG.debug(_('instance %s: starting toXML method'), instance['name'])
 
-        #TODO(ilyaalekseyev) remove network_info creation code
+        # TODO(adiantum) remove network_info creation code
         # when multinics will be completed
         if not network_info:
             network_info = _get_network_info(instance)
-- 
cgit