Merge "libvirt: Make nwfilter driver use right filterref" into stable/icehouse

2014-07-16 04:52:29 +00:00
parent f2a845f250 f59886479f
commit a4cf7c1142
2 changed files with 44 additions and 9 deletions
--- a/nova/tests/virt/libvirt/test_libvirt.py
+++ b/nova/tests/virt/libvirt/test_libvirt.py
@@ -7805,6 +7805,44 @@ class NWFilterTestCase(test.TestCase):

        db.instance_destroy(admin_ctxt, instance_ref['uuid'])

+    def test_multinic_base_filter_selection(self):
+        fakefilter = NWFilterFakes()
+        self.fw._conn.nwfilterDefineXML = fakefilter.filterDefineXMLMock
+        self.fw._conn.nwfilterLookupByName = fakefilter.nwfilterLookupByName
+
+        instance_ref = self._create_instance()
+        inst_id = instance_ref['id']
+        inst_uuid = instance_ref['uuid']
+
+        self.security_group = self.setup_and_return_security_group()
+
+        db.instance_add_security_group(self.context, inst_uuid,
+                                       self.security_group['id'])
+
+        instance = db.instance_get(self.context, inst_id)
+
+        network_info = _fake_network_info(self.stubs, 2)
+        network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = \
+            '1.1.1.1'
+
+        self.fw.setup_basic_filtering(instance, network_info)
+
+        def assert_filterref(instance, vif, expected=[]):
+            nic_id = vif['address'].replace(':', '')
+            filter_name = self.fw._instance_filter_name(instance, nic_id)
+            f = fakefilter.nwfilterLookupByName(filter_name)
+            tree = etree.fromstring(f.xml)
+            frefs = [fr.get('filter') for fr in tree.findall('filterref')]
+            self.assertTrue(set(expected) == set(frefs))
+
+        assert_filterref(instance, network_info[0], expected=['nova-base'])
+        assert_filterref(instance, network_info[1], expected=['nova-nodhcp'])
+
+        db.instance_remove_security_group(self.context, inst_uuid,
+                                          self.security_group['id'])
+        self.teardown_security_group()
+        db.instance_destroy(context.get_admin_context(), instance_ref['uuid'])
+

 class LibvirtUtilsTestCase(test.TestCase):
    def test_create_image(self):
--- a/nova/virt/libvirt/firewall.py
+++ b/nova/virt/libvirt/firewall.py
@@ -112,20 +112,17 @@ class NWFilterFirewall(base_firewall.FirewallDriver):
        LOG.info(_('Ensuring static filters'), instance=instance)
        self._ensure_static_filters()

-        allow_dhcp = False
+        nodhcp_base_filter = self.get_base_filter_list(instance, False)
+        dhcp_base_filter = self.get_base_filter_list(instance, True)
+
        for vif in network_info:
-            if not vif['network'] or not vif['network']['subnets']:
-                continue
+            _base_filter = nodhcp_base_filter
            for subnet in vif['network']['subnets']:
                if subnet.get_meta('dhcp_server'):
-                    allow_dhcp = True
+                    _base_filter = dhcp_base_filter
                    break
-
-        base_filter = self.get_base_filter_list(instance, allow_dhcp)
-
-        for vif in network_info:
            self._define_filter(self._get_instance_filter_xml(instance,
-                                                              base_filter,
+                                                              _base_filter,
                                                              vif))

    def _get_instance_filter_parameters(self, vif):