From c3cdcc1eb0c9fd37f49701d976c7ceae8df44caf Mon Sep 17 00:00:00 2001
From: Soren Hansen <soren@linux2go.dk>
Date: Fri, 22 Jul 2011 22:41:29 +0200
Subject: This is me being all cocky, thinking I'll make it use ipsets...

---
 nova/compute/api.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'nova/compute')

diff --git a/nova/compute/api.py b/nova/compute/api.py
index 432658bbb..65a594d2c 100644
--- a/nova/compute/api.py
+++ b/nova/compute/api.py
@@ -305,10 +305,6 @@ class API(base.Base):
         updates['hostname'] = self.hostname_factory(instance)
 
         instance = self.update(context, instance_id, **updates)
-
-        for group_id in security_groups:
-            self.trigger_security_group_members_refresh(elevated, group_id)
-
         return instance
 
     def _ask_scheduler_to_create_instance(self, context, base_options,
@@ -464,19 +460,22 @@ class API(base.Base):
                      {"method": "refresh_security_group_rules",
                       "args": {"security_group_id": security_group.id}})
 
-    def trigger_security_group_members_refresh(self, context, group_id):
+    def trigger_security_group_members_refresh(self, context, group_ids):
         """Called when a security group gains a new or loses a member.
 
         Sends an update request to each compute node for whom this is
         relevant.
         """
-        # First, we get the security group rules that reference this group as
+        # First, we get the security group rules that reference these groups as
         # the grantee..
-        security_group_rules = \
+        security_group_rules = set()
+        for group_id in group_ids:
+            security_group_rules.update(
                 self.db.security_group_rule_get_by_security_group_grantee(
                                                                      context,
-                                                                     group_id)
+                                                                     group_id))
 
+        LOG.info('rules: %r', security_group_rules)
         # ..then we distill the security groups to which they belong..
         security_groups = set()
         for rule in security_group_rules:
@@ -485,12 +484,14 @@ class API(base.Base):
                                                     rule['parent_group_id'])
             security_groups.add(security_group)
 
+        LOG.info('security_groups: %r', security_groups)
         # ..then we find the instances that are members of these groups..
         instances = set()
         for security_group in security_groups:
             for instance in security_group['instances']:
                 instances.add(instance)
 
+        LOG.info('instances: %r', instances)
         # ...then we find the hosts where they live...
         hosts = set()
         for instance in instances:
@@ -500,6 +501,7 @@ class API(base.Base):
         # ...and finally we tell these nodes to refresh their view of this
         # particular security group.
         for host in hosts:
+            LOG.info('host: %r', host)
             rpc.cast(context,
                      self.db.queue_get_for(context, FLAGS.compute_topic, host),
                      {"method": "refresh_security_group_members",
-- 
cgit