From 660342ab7b4accbd1847a9016402744afe71acc1 Mon Sep 17 00:00:00 2001 From: Chet Burgess Date: Tue, 19 Feb 2013 07:20:24 +0000 Subject: Refactor nwfilter parameters * libvirt < 1.0.1 does not allow dynamically updating filter parameters inside an interface block of theinstance XML. To address this we move the nwfilter paramters from the instance XML to the per-instance base nwfilter. Relates to bug #1124722 Change-Id: I50ec5dcffa8ff0232ae0aba0a08fce5151962238 --- nova/virt/libvirt/designer.py | 33 ------------------------------ nova/virt/libvirt/firewall.py | 47 +++++++++++++++++++++++++++++++++++++++---- nova/virt/libvirt/vif.py | 17 +--------------- 3 files changed, 44 insertions(+), 53 deletions(-) (limited to 'nova/virt') diff --git a/nova/virt/libvirt/designer.py b/nova/virt/libvirt/designer.py index 3ccf1b8c6..0625d407b 100644 --- a/nova/virt/libvirt/designer.py +++ b/nova/virt/libvirt/designer.py @@ -21,8 +21,6 @@ This module provides helper APIs for populating the config.py classes based on common operational needs / policies """ -from nova.virt import netutils - def set_vif_guest_frontend_config(conf, mac, model, driver): """Populate a LibvirtConfigGuestInterface instance @@ -102,37 +100,6 @@ def set_vif_host_backend_802qbh_config(conf, devname, profileid, conf.target_dev = tapname -def set_vif_host_backend_filter_config(conf, name, - primary_addr, - dhcp_server=None, - ra_server=None, - allow_same_net=False, - ipv4_cidr=None, - ipv6_cidr=None): - """Populate a LibvirtConfigGuestInterface instance - with host backend details for traffic filtering""" - - conf.filtername = name - conf.add_filter_param("IP", primary_addr) - - if dhcp_server: - conf.add_filter_param("DHCPSERVER", dhcp_server) - - if ra_server: - conf.add_filter_param("RASERVER", ra_server) - - if allow_same_net: - if ipv4_cidr: - net, mask = netutils.get_net_and_mask(ipv4_cidr) - conf.add_filter_param("PROJNET", net) - conf.add_filter_param("PROJMASK", mask) - - if ipv6_cidr: - net, prefix = netutils.get_net_and_prefixlen(ipv6_cidr) - conf.add_filter_param("PROJNET6", net) - conf.add_filter_param("PROJMASK6", prefix) - - def set_vif_bandwidth_config(conf, extra_specs): """Config vif inbound/outbound bandwidth limit.""" diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py index 054ec4c75..90155baf3 100644 --- a/nova/virt/libvirt/firewall.py +++ b/nova/virt/libvirt/firewall.py @@ -23,6 +23,7 @@ from oslo.config import cfg from nova.cloudpipe import pipelib from nova.openstack.common import log as logging import nova.virt.firewall as base_firewall +from nova.virt import netutils LOG = logging.getLogger(__name__) CONF = cfg.CONF @@ -123,10 +124,48 @@ class NWFilterFirewall(base_firewall.FirewallDriver): base_filter = self.get_base_filter_list(instance, allow_dhcp) for (network, mapping) in network_info: - nic_id = mapping['mac'].replace(':', '') - instance_filter_name = self._instance_filter_name(instance, nic_id) - self._define_filter(self._filter_container(instance_filter_name, - base_filter)) + self._define_filter(self._get_instance_filter_xml(instance, + base_filter, + network, + mapping)) + + def _get_instance_filter_parameters(self, network, mapping): + parameters = [] + + def format_parameter(parameter, value): + return ("" % (parameter, value)) + + for address in mapping['ips']: + parameters.append(format_parameter('IP', address['ip'])) + if mapping['dhcp_server']: + parameters.append(format_parameter('DHCPSERVER', + mapping['dhcp_server'])) + if CONF.use_ipv6: + ra_server = mapping.get('gateway_v6') + "/128" + parameters.append(format_parameter('RASERVER', ra_server)) + if CONF.allow_same_net_traffic: + ipv4_cidr = network['cidr'] + net, mask = netutils.get_net_and_mask(ipv4_cidr) + parameters.append(format_parameter('PROJNET', net)) + parameters.append(format_parameter('PROJMASK', mask)) + if CONF.use_ipv6: + ipv6_cidr = network['cidr_v6'] + net, prefix = netutils.get_net_and_prefixlen(ipv6_cidr) + parameters.append(format_parameter('PROJNET6', net)) + parameters.append(format_parameter('PROJMASK6', prefix)) + return parameters + + def _get_instance_filter_xml(self, instance, filters, network, mapping): + nic_id = mapping['mac'].replace(':', '') + instance_filter_name = self._instance_filter_name(instance, nic_id) + parameters = self._get_instance_filter_parameters(network, mapping) + xml = '''''' % instance_filter_name + for f in filters: + xml += '''''' % f + xml += ''.join(parameters) + xml += '' + xml += '' + return xml def get_base_filter_list(self, instance, allow_dhcp): """ diff --git a/nova/virt/libvirt/vif.py b/nova/virt/libvirt/vif.py index 4be8be33f..523857e42 100644 --- a/nova/virt/libvirt/vif.py +++ b/nova/virt/libvirt/vif.py @@ -172,22 +172,7 @@ class LibvirtGenericVIFDriver(LibvirtBaseVIFDriver): mac_id = mapping['mac'].replace(':', '') name = "nova-instance-" + instance['name'] + "-" + mac_id - primary_addr = mapping['ips'][0]['ip'] - dhcp_server = ra_server = ipv4_cidr = ipv6_cidr = None - - if mapping['dhcp_server']: - dhcp_server = mapping['dhcp_server'] - if CONF.use_ipv6: - ra_server = mapping.get('gateway_v6') + "/128" - if CONF.allow_same_net_traffic: - ipv4_cidr = network['cidr'] - if CONF.use_ipv6: - ipv6_cidr = network['cidr_v6'] - - if self.get_firewall_required(): - designer.set_vif_host_backend_filter_config( - conf, name, primary_addr, dhcp_server, - ra_server, ipv4_cidr, ipv6_cidr) + conf.filtername = name designer.set_vif_bandwidth_config(conf, instance) return conf -- cgit