Compute restart causes period of network 'blackout'

Fixes bug 1034401 When a compute service is restarted each instance running on the host has its iptables rules built and applied sequentially during the host init stage. The impact of this, especially on a host running many instances, can be observed as a period where some instances are not accessible as the existing iptables rules have been torn down and not yet re-applied. The presented work-around for this is a configurable/flagged deferred mode that prevents the application of the iptables rules until all instances on the host had been initialised then the rules for all instances are applied all at once preventing a 'blackout' period. Change-Id: I0da90d07e54225fb63f3884897fb00a6027cd537
2012-08-08 16:20:23 +01:00
parent 043e3f5981
commit 8f1c54ce98
7 changed files with 117 additions and 32 deletions
--- a/nova/virt/driver.py
+++ b/nova/virt/driver.py
@@ -488,6 +488,14 @@ class ComputeDriver(object):
        # TODO(Vek): Need to pass context in for access to auth_token
        raise NotImplementedError()

+    def filter_defer_apply_on(self):
+        """Defer application of IPTables rules"""
+        pass
+
+    def filter_defer_apply_off(self):
+        """Turn off deferral of IPTables rules and apply the rules now"""
+        pass
+
    def unfilter_instance(self, instance, network_info):
        """Stop filtering instance"""
        # TODO(Vek): Need to pass context in for access to auth_token