Merge "nova-net: Remove firewall support (pt. 2)"
This commit is contained in:
commit
d4a0f69e61
|
@ -133,9 +133,6 @@ For example:
|
|||
RABBIT_PASSWORD=123456
|
||||
|
||||
[[post-config|$NOVA_CONF]]
|
||||
[DEFAULT]
|
||||
firewall_driver=nova.virt.firewall.NoopFirewallDriver
|
||||
|
||||
[filter_scheduler]
|
||||
enabled_filters=ComputeFilter,AvailabilityZoneFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,PciPassthroughFilter,NUMATopologyFilter
|
||||
EOF
|
||||
|
|
|
@ -68,21 +68,6 @@ def _get_hybrid_bridge_name(vif):
|
|||
return ('qbr' + vif['id'])[:model.NIC_NAME_LEN]
|
||||
|
||||
|
||||
def _is_firewall_required(vif):
|
||||
"""Check if local firewall is required
|
||||
|
||||
:param vif: the nova.network.model.VIF instance
|
||||
|
||||
:returns: True if local firewall is required
|
||||
"""
|
||||
|
||||
if vif.is_neutron_filtering_enabled():
|
||||
return False
|
||||
if CONF.firewall_driver != "nova.virt.firewall.NoopFirewallDriver":
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def _set_vhostuser_settings(vif, obj):
|
||||
"""Set vhostuser socket mode and path
|
||||
|
||||
|
@ -353,7 +338,7 @@ def _nova_to_osvif_vif_ovs(vif):
|
|||
port_profile=_get_ovs_representor_port_profile(vif),
|
||||
plugin="ovs")
|
||||
_set_representor_datapath_offload_settings(vif, obj)
|
||||
elif _is_firewall_required(vif) or vif.is_hybrid_plug_enabled():
|
||||
elif vif.is_hybrid_plug_enabled():
|
||||
obj = _get_vif_instance(
|
||||
vif,
|
||||
objects.vif.VIFBridge,
|
||||
|
@ -407,7 +392,7 @@ def _nova_to_osvif_vif_vhostuser(vif):
|
|||
interface_id=vif.get('ovs_interfaceid') or vif['id'],
|
||||
datapath_type=vif['details'].get(
|
||||
model.VIF_DETAILS_OVS_DATAPATH_TYPE))
|
||||
if _is_firewall_required(vif) or vif.is_hybrid_plug_enabled():
|
||||
if vif.is_hybrid_plug_enabled():
|
||||
profile.bridge_name = _get_hybrid_bridge_name(vif)
|
||||
profile.hybrid_plug = True
|
||||
else:
|
||||
|
@ -453,7 +438,7 @@ def _nova_to_osvif_vif_vhostuser(vif):
|
|||
|
||||
# VIF_TYPE_IVS = 'ivs'
|
||||
def _nova_to_osvif_vif_ivs(vif):
|
||||
if _is_firewall_required(vif) or vif.is_hybrid_plug_enabled():
|
||||
if vif.is_hybrid_plug_enabled():
|
||||
obj = _get_vif_instance(
|
||||
vif,
|
||||
objects.vif.VIFBridge,
|
||||
|
|
|
@ -38,35 +38,6 @@ class OSVIFUtilTestCase(test.NoDBTestCase):
|
|||
self.assertEqual(expect.obj_to_primitive(),
|
||||
actual.obj_to_primitive())
|
||||
|
||||
def _test_is_firewall_required(self, port_filter, driver, expect):
|
||||
vif = model.VIF(
|
||||
id="dc065497-3c8d-4f44-8fb4-e1d33c16a536",
|
||||
type=model.VIF_TYPE_BRIDGE,
|
||||
address="22:52:25:62:e2:aa",
|
||||
network=model.Network(
|
||||
id="b82c1929-051e-481d-8110-4669916c7915",
|
||||
label="Demo Net",
|
||||
subnets=[]),
|
||||
details={
|
||||
model.VIF_DETAILS_PORT_FILTER: port_filter,
|
||||
}
|
||||
)
|
||||
self.flags(firewall_driver=driver)
|
||||
|
||||
self.assertEqual(expect, os_vif_util._is_firewall_required(vif))
|
||||
|
||||
def test_is_firewall_required_via_vif(self):
|
||||
self._test_is_firewall_required(
|
||||
True, "nova.virt.libvirt.firewall.IptablesFirewallDriver", False)
|
||||
|
||||
def test_is_firewall_required_via_driver(self):
|
||||
self._test_is_firewall_required(
|
||||
False, "nova.virt.libvirt.firewall.IptablesFirewallDriver", True)
|
||||
|
||||
def test_is_firewall_required_not(self):
|
||||
self._test_is_firewall_required(
|
||||
False, "nova.virt.firewall.NoopFirewallDriver", False)
|
||||
|
||||
def test_nova_to_osvif_instance(self):
|
||||
inst = objects.Instance(
|
||||
id="1242",
|
||||
|
@ -643,7 +614,6 @@ class OSVIFUtilTestCase(test.NoDBTestCase):
|
|||
self.assertObjEqual(expect, actual)
|
||||
|
||||
def test_nova_to_osvif_vif_ovs_hybrid(self):
|
||||
self.flags(firewall_driver=None)
|
||||
vif = model.VIF(
|
||||
id="dc065497-3c8d-4f44-8fb4-e1d33c16a536",
|
||||
type=model.VIF_TYPE_OVS,
|
||||
|
@ -654,6 +624,7 @@ class OSVIFUtilTestCase(test.NoDBTestCase):
|
|||
subnets=[]),
|
||||
details={
|
||||
model.VIF_DETAILS_PORT_FILTER: False,
|
||||
model.VIF_DETAILS_OVS_HYBRID_PLUG: True,
|
||||
model.VIF_DETAILS_OVS_DATAPATH_TYPE:
|
||||
model.VIF_DETAILS_OVS_DATAPATH_SYSTEM
|
||||
},
|
||||
|
|
|
@ -386,11 +386,6 @@ class HyperVDriverTestCase(test_base.HyperVBaseTestCase):
|
|||
self.driver._vmops.unplug_vifs.assert_called_once_with(
|
||||
mock.sentinel.instance, mock.sentinel.network_info)
|
||||
|
||||
def test_refresh_instance_security_rules(self):
|
||||
self.assertRaises(NotImplementedError,
|
||||
self.driver.refresh_instance_security_rules,
|
||||
instance=mock.sentinel.instance)
|
||||
|
||||
def test_migrate_disk_and_power_off(self):
|
||||
self.driver.migrate_disk_and_power_off(
|
||||
mock.sentinel.context, mock.sentinel.instance, mock.sentinel.dest,
|
||||
|
|
|
@ -52,7 +52,6 @@ from nova.virt import block_device as driver_block_device
|
|||
from nova.virt import configdrive
|
||||
from nova.virt import driver
|
||||
from nova.virt import fake
|
||||
from nova.virt import firewall
|
||||
from nova.virt import hardware
|
||||
from nova.virt.ironic import client_wrapper as cw
|
||||
from nova.virt.ironic import driver as ironic_driver
|
||||
|
@ -522,29 +521,6 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
# correct
|
||||
self.assertFalse(mock_warning.called)
|
||||
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'prepare_instance_filter',
|
||||
create=True)
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'setup_basic_filtering',
|
||||
create=True)
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'apply_instance_filter',
|
||||
create=True)
|
||||
def test__start_firewall(self, mock_aif, mock_sbf, mock_pif):
|
||||
fake_inst = 'fake-inst'
|
||||
fake_net_info = utils.get_test_network_info()
|
||||
self.driver._start_firewall(fake_inst, fake_net_info)
|
||||
|
||||
mock_aif.assert_called_once_with(fake_inst, fake_net_info)
|
||||
mock_sbf.assert_called_once_with(fake_inst, fake_net_info)
|
||||
mock_pif.assert_called_once_with(fake_inst, fake_net_info)
|
||||
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'unfilter_instance',
|
||||
create=True)
|
||||
def test__stop_firewall(self, mock_ui):
|
||||
fake_inst = 'fake-inst'
|
||||
fake_net_info = utils.get_test_network_info()
|
||||
self.driver._stop_firewall(fake_inst, fake_net_info)
|
||||
mock_ui.assert_called_once_with(fake_inst, fake_net_info)
|
||||
|
||||
def test_instance_exists(self):
|
||||
instance = fake_instance.fake_instance_obj(self.ctx,
|
||||
uuid=self.instance_id)
|
||||
|
@ -1261,8 +1237,7 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
@mock.patch.object(ironic_driver.IronicDriver, '_wait_for_active')
|
||||
@mock.patch.object(ironic_driver.IronicDriver,
|
||||
'_add_instance_info_to_node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
def _test_spawn(self, mock_sf, mock_aiitn, mock_wait_active,
|
||||
def _test_spawn(self, mock_aiitn, mock_wait_active,
|
||||
mock_avti, mock_node, mock_looping, mock_save):
|
||||
node_id = 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee'
|
||||
node = _get_cached_node(driver='fake', id=node_id)
|
||||
|
@ -1289,7 +1264,6 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
test.MatchType(objects.ImageMeta),
|
||||
fake_flavor, block_device_info=None)
|
||||
mock_avti.assert_called_once_with(self.ctx, instance, None)
|
||||
mock_sf.assert_called_once_with(instance, None)
|
||||
mock_node.set_provision_state.assert_called_once_with(
|
||||
node_id, 'active', configdrive=mock.ANY)
|
||||
|
||||
|
@ -1328,8 +1302,7 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
@mock.patch.object(ironic_driver.IronicDriver, '_wait_for_active')
|
||||
@mock.patch.object(ironic_driver.IronicDriver,
|
||||
'_add_instance_info_to_node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
def test_spawn_destroyed_after_failure(self, mock_sf, mock_aiitn,
|
||||
def test_spawn_destroyed_after_failure(self, mock_aiitn,
|
||||
mock_wait_active, mock_avti,
|
||||
mock_destroy, mock_node,
|
||||
mock_looping, mock_required_by):
|
||||
|
@ -1578,41 +1551,13 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
mock_avti.assert_called_once_with(self.ctx, instance, None)
|
||||
mock_node.validate.assert_called_once_with(node_id)
|
||||
|
||||
@mock.patch.object(configdrive, 'required_by')
|
||||
@mock.patch.object(FAKE_CLIENT, 'node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_add_volume_target_info')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_cleanup_deploy')
|
||||
def test_spawn_node_prepare_for_deploy_fail(self, mock_cleanup_deploy,
|
||||
mock_sf, mock_avti,
|
||||
mock_node, mock_required_by):
|
||||
mock_required_by.return_value = False
|
||||
node_id = 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee'
|
||||
node = _get_cached_node(driver='fake', id=node_id)
|
||||
flavor = ironic_utils.get_test_flavor()
|
||||
instance = fake_instance.fake_instance_obj(self.ctx, node=node_id)
|
||||
instance.flavor = flavor
|
||||
self.mock_conn.get_node.return_value = node
|
||||
mock_node.validate.return_value = ironic_utils.get_test_validation()
|
||||
image_meta = ironic_utils.get_test_image_meta()
|
||||
|
||||
mock_sf.side_effect = test.TestingException()
|
||||
self.assertRaises(test.TestingException, self.driver.spawn,
|
||||
self.ctx, instance, image_meta, [], None, {})
|
||||
|
||||
self.mock_conn.get_node.assert_called_once_with(
|
||||
node_id, fields=ironic_driver._NODE_FIELDS)
|
||||
mock_node.validate.assert_called_once_with(node_id)
|
||||
mock_cleanup_deploy.assert_called_with(node, instance, None)
|
||||
|
||||
@mock.patch.object(configdrive, 'required_by')
|
||||
@mock.patch.object(objects.Instance, 'save')
|
||||
@mock.patch.object(FAKE_CLIENT, 'node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_add_volume_target_info')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_generate_configdrive')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
def test_spawn_node_configdrive_fail(self,
|
||||
mock_sf, mock_configdrive,
|
||||
mock_configdrive,
|
||||
mock_avti, mock_node, mock_save,
|
||||
mock_required_by):
|
||||
mock_required_by.return_value = True
|
||||
|
@ -1639,10 +1584,9 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
@mock.patch.object(configdrive, 'required_by')
|
||||
@mock.patch.object(FAKE_CLIENT, 'node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_add_volume_target_info')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_cleanup_deploy')
|
||||
def test_spawn_node_trigger_deploy_fail(self, mock_cleanup_deploy,
|
||||
mock_sf, mock_avti,
|
||||
mock_avti,
|
||||
mock_node, mock_required_by):
|
||||
mock_required_by.return_value = False
|
||||
node_id = 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee'
|
||||
|
@ -1667,10 +1611,9 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
@mock.patch.object(configdrive, 'required_by')
|
||||
@mock.patch.object(FAKE_CLIENT, 'node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_add_volume_target_info')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_cleanup_deploy')
|
||||
def test_spawn_node_trigger_deploy_fail2(self, mock_cleanup_deploy,
|
||||
mock_sf, mock_avti,
|
||||
mock_avti,
|
||||
mock_node, mock_required_by):
|
||||
mock_required_by.return_value = False
|
||||
node_id = 'aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee'
|
||||
|
@ -1696,10 +1639,9 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
@mock.patch.object(loopingcall, 'FixedIntervalLoopingCall')
|
||||
@mock.patch.object(FAKE_CLIENT, 'node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_add_volume_target_info')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, 'destroy')
|
||||
def test_spawn_node_trigger_deploy_fail3(self, mock_destroy,
|
||||
mock_sf, mock_avti,
|
||||
mock_avti,
|
||||
mock_node, mock_looping,
|
||||
mock_required_by):
|
||||
mock_required_by.return_value = False
|
||||
|
@ -1729,8 +1671,7 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
@mock.patch.object(FAKE_CLIENT, 'node')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_add_volume_target_info')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_wait_for_active')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_start_firewall')
|
||||
def test_spawn_sets_default_ephemeral_device(self, mock_sf,
|
||||
def test_spawn_sets_default_ephemeral_device(self,
|
||||
mock_wait, mock_avti,
|
||||
mock_node, mock_save,
|
||||
mock_looping,
|
||||
|
@ -2233,40 +2174,6 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
'fake_vif')
|
||||
mock_uv.assert_called_once_with('fake_instance', ['fake_vif'])
|
||||
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'unfilter_instance',
|
||||
create=True)
|
||||
def test_unfilter_instance(self, mock_ui):
|
||||
instance = fake_instance.fake_instance_obj(self.ctx)
|
||||
network_info = utils.get_test_network_info()
|
||||
self.driver.unfilter_instance(instance, network_info)
|
||||
mock_ui.assert_called_once_with(instance, network_info)
|
||||
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'setup_basic_filtering',
|
||||
create=True)
|
||||
@mock.patch.object(firewall.NoopFirewallDriver, 'prepare_instance_filter',
|
||||
create=True)
|
||||
def test_ensure_filtering_rules_for_instance(self, mock_pif, mock_sbf):
|
||||
instance = fake_instance.fake_instance_obj(self.ctx)
|
||||
network_info = utils.get_test_network_info()
|
||||
self.driver.ensure_filtering_rules_for_instance(instance,
|
||||
network_info)
|
||||
mock_sbf.assert_called_once_with(instance, network_info)
|
||||
mock_pif.assert_called_once_with(instance, network_info)
|
||||
|
||||
@mock.patch.object(firewall.NoopFirewallDriver,
|
||||
'refresh_instance_security_rules', create=True)
|
||||
def test_refresh_instance_security_rules(self, mock_risr):
|
||||
instance = fake_instance.fake_instance_obj(self.ctx)
|
||||
self.driver.refresh_instance_security_rules(instance)
|
||||
mock_risr.assert_called_once_with(instance)
|
||||
|
||||
@mock.patch.object(firewall.NoopFirewallDriver,
|
||||
'refresh_instance_security_rules', create=True)
|
||||
def test_refresh_security_group_rules(self, mock_risr):
|
||||
fake_group = 'fake-security-group-members'
|
||||
self.driver.refresh_instance_security_rules(fake_group)
|
||||
mock_risr.assert_called_once_with(fake_group)
|
||||
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_wait_for_active')
|
||||
@mock.patch.object(loopingcall, 'FixedIntervalLoopingCall')
|
||||
@mock.patch.object(FAKE_CLIENT.node, 'set_provision_state')
|
||||
|
@ -2658,13 +2565,11 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
fields=ironic_driver._NODE_FIELDS)
|
||||
self.assertEqual(1, mock_cleanup.call_count)
|
||||
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_stop_firewall')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_unplug_vifs')
|
||||
@mock.patch.object(ironic_driver.IronicDriver,
|
||||
'_cleanup_volume_target_info')
|
||||
@mock.patch.object(cw.IronicClientWrapper, 'call')
|
||||
def test__cleanup_deploy(self, mock_call, mock_vol, mock_unvif,
|
||||
mock_stop_fw):
|
||||
def test__cleanup_deploy(self, mock_call, mock_vol, mock_unvif):
|
||||
# TODO(TheJulia): This REALLY should be updated to cover all of the
|
||||
# calls that take place.
|
||||
node = ironic_utils.get_test_node(driver='fake')
|
||||
|
@ -2673,19 +2578,17 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
self.driver._cleanup_deploy(node, instance)
|
||||
mock_vol.assert_called_once_with(instance)
|
||||
mock_unvif.assert_called_once_with(node, instance, None)
|
||||
mock_stop_fw.assert_called_once_with(instance, None)
|
||||
expected_patch = [{'path': '/instance_info', 'op': 'remove'},
|
||||
{'path': '/instance_uuid', 'op': 'remove'}]
|
||||
mock_call.assert_called_once_with('node.update', node.uuid,
|
||||
expected_patch)
|
||||
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_stop_firewall')
|
||||
@mock.patch.object(ironic_driver.IronicDriver, '_unplug_vifs')
|
||||
@mock.patch.object(ironic_driver.IronicDriver,
|
||||
'_cleanup_volume_target_info')
|
||||
@mock.patch.object(cw.IronicClientWrapper, 'call')
|
||||
def test__cleanup_deploy_no_remove_ii(self, mock_call, mock_vol,
|
||||
mock_unvif, mock_stop_fw):
|
||||
mock_unvif):
|
||||
# TODO(TheJulia): This REALLY should be updated to cover all of the
|
||||
# calls that take place.
|
||||
node = ironic_utils.get_test_node(driver='fake')
|
||||
|
@ -2694,7 +2597,6 @@ class IronicDriverTestCase(test.NoDBTestCase):
|
|||
self.driver._cleanup_deploy(node, instance, remove_instance_info=False)
|
||||
mock_vol.assert_called_once_with(instance)
|
||||
mock_unvif.assert_called_once_with(node, instance, None)
|
||||
mock_stop_fw.assert_called_once_with(instance, None)
|
||||
self.assertFalse(mock_call.called)
|
||||
|
||||
|
||||
|
|
|
@ -1670,7 +1670,7 @@ class FakeLibvirtFixture(fixtures.Fixture):
|
|||
super(FakeLibvirtFixture, self).setUp()
|
||||
|
||||
# Some modules load the libvirt library in a strange way
|
||||
for module in ('driver', 'host', 'guest', 'firewall', 'migration'):
|
||||
for module in ('driver', 'host', 'guest', 'migration'):
|
||||
i = 'nova.virt.libvirt.{module}.libvirt'.format(module=module)
|
||||
# NOTE(mdbooth): The strange incantation below means 'this module'
|
||||
self.useFixture(fixtures.MonkeyPatch(i, sys.modules[__name__]))
|
||||
|
|
|
@ -103,7 +103,6 @@ from nova import version
|
|||
from nova.virt import block_device as driver_block_device
|
||||
from nova.virt import driver
|
||||
from nova.virt import fake
|
||||
from nova.virt import firewall as base_firewall
|
||||
from nova.virt import hardware
|
||||
from nova.virt.image import model as imgmodel
|
||||
from nova.virt import images
|
||||
|
@ -111,7 +110,6 @@ from nova.virt.libvirt import blockinfo
|
|||
from nova.virt.libvirt import config as vconfig
|
||||
from nova.virt.libvirt import designer
|
||||
from nova.virt.libvirt import driver as libvirt_driver
|
||||
from nova.virt.libvirt import firewall
|
||||
from nova.virt.libvirt import guest as libvirt_guest
|
||||
from nova.virt.libvirt import host
|
||||
from nova.virt.libvirt.host import SEV_KERNEL_PARAM_FILE
|
||||
|
@ -937,8 +935,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
self.project_id = 'fake'
|
||||
self.context = context.get_admin_context()
|
||||
temp_dir = self.useFixture(fixtures.TempDir()).path
|
||||
self.flags(instances_path=temp_dir,
|
||||
firewall_driver=None)
|
||||
self.flags(instances_path=temp_dir)
|
||||
self.flags(snapshots_directory=temp_dir, group='libvirt')
|
||||
|
||||
self.flags(sysinfo_serial="hardware", group="libvirt")
|
||||
|
@ -6163,7 +6160,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
mock.patch.object(drvr, '_is_booted_from_volume',
|
||||
return_value=False),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr, 'firewall_driver'),
|
||||
mock.patch.object(drvr, 'cleanup')):
|
||||
self.assertRaises(ValueError,
|
||||
drvr._create_domain_and_network,
|
||||
|
@ -9863,15 +9859,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
'%s != %s failed common check %d' %
|
||||
(check(tree), expected_result, i))
|
||||
|
||||
filterref = './devices/interface/filterref'
|
||||
vif = network_info[0]
|
||||
nic_id = vif['address'].lower().replace(':', '')
|
||||
fw = firewall.NWFilterFirewall(drvr)
|
||||
instance_filter_name = fw._instance_filter_name(instance_ref,
|
||||
nic_id)
|
||||
self.assertEqual(tree.find(filterref).get('filter'),
|
||||
instance_filter_name)
|
||||
|
||||
# This test is supposed to make sure we don't
|
||||
# override a specifically set uri
|
||||
#
|
||||
|
@ -9885,47 +9872,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), True)
|
||||
self.assertEqual(drvr._uri(), testuri)
|
||||
|
||||
def test_ensure_filtering_rules_for_instance_timeout(self):
|
||||
# ensure_filtering_fules_for_instance() finishes with timeout.
|
||||
# Preparing mocks
|
||||
class FakeTime(object):
|
||||
def __init__(self):
|
||||
self.counter = 0
|
||||
|
||||
def sleep(self, t):
|
||||
self.counter += t
|
||||
|
||||
fake_timer = FakeTime()
|
||||
|
||||
# _fake_network_info must be called before create_fake_libvirt_mock(),
|
||||
# as _fake_network_info calls importutils.import_class() and
|
||||
# create_fake_libvirt_mock() mocks importutils.import_class().
|
||||
network_info = _fake_network_info(self, 1)
|
||||
self.create_fake_libvirt_mock()
|
||||
instance_ref = objects.Instance(**self.test_instance)
|
||||
|
||||
# Start test
|
||||
try:
|
||||
drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
|
||||
self.stub_out('nova.virt.libvirt.firewall.IptablesFirewallDriver.'
|
||||
'setup_basic_filtering', lambda *a: None)
|
||||
self.stub_out('nova.virt.libvirt.firewall.IptablesFirewallDriver.'
|
||||
'prepare_instance_filter', lambda *a: None)
|
||||
self.stub_out('nova.virt.libvirt.firewall.IptablesFirewallDriver.'
|
||||
'instance_filter_exists', lambda *a: None)
|
||||
self.stub_out('eventlet.greenthread.sleep',
|
||||
lambda t: fake_timer.sleep(t))
|
||||
drvr.ensure_filtering_rules_for_instance(instance_ref,
|
||||
network_info)
|
||||
except exception.NovaException as e:
|
||||
msg = ('The firewall filter for %s does not exist' %
|
||||
instance_ref['name'])
|
||||
c1 = (0 <= six.text_type(e).find(msg))
|
||||
self.assertTrue(c1)
|
||||
|
||||
self.assertEqual(29, fake_timer.counter, "Didn't wait the expected "
|
||||
"amount of time")
|
||||
|
||||
@mock.patch.object(libvirt_driver.LibvirtDriver,
|
||||
'_create_shared_storage_test_file')
|
||||
@mock.patch.object(fakelibvirt.Connection, 'compareCPU')
|
||||
|
@ -13461,12 +13407,9 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
with test.nested(
|
||||
mock.patch.object(drvr,
|
||||
'_create_images_and_backing'),
|
||||
mock.patch.object(drvr,
|
||||
'ensure_filtering_rules_for_instance'),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
) as (
|
||||
create_image_mock,
|
||||
rules_mock,
|
||||
plug_mock,
|
||||
):
|
||||
disk_info_json = jsonutils.dumps({})
|
||||
|
@ -13503,12 +13446,9 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
mock.patch.object(drvr,
|
||||
'_create_images_and_backing',
|
||||
side_effect=check_instance_dir),
|
||||
mock.patch.object(drvr,
|
||||
'ensure_filtering_rules_for_instance'),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
) as (
|
||||
create_image_mock,
|
||||
rules_mock,
|
||||
plug_mock,
|
||||
):
|
||||
disk_info_json = jsonutils.dumps({})
|
||||
|
@ -13919,14 +13859,11 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
mock.patch('nova.virt.libvirt.driver.libvirt'),
|
||||
mock.patch.object(drvr, '_build_device_metadata'),
|
||||
mock.patch.object(drvr, 'get_info'),
|
||||
mock.patch.object(drvr.firewall_driver, 'setup_basic_filtering'),
|
||||
mock.patch.object(drvr.firewall_driver, 'prepare_instance_filter')
|
||||
) as (
|
||||
tmpdir,
|
||||
mock_orig_libvirt,
|
||||
mock_build_device_metadata,
|
||||
mock_get_info,
|
||||
mock_ignored, mock_ignored
|
||||
):
|
||||
self.flags(instances_path=tmpdir)
|
||||
|
||||
|
@ -14153,9 +14090,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
|
||||
with test.nested(
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr.firewall_driver, 'setup_basic_filtering'),
|
||||
mock.patch.object(drvr.firewall_driver, 'prepare_instance_filter'),
|
||||
mock.patch.object(drvr.firewall_driver, 'apply_instance_filter'),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, '_connect_volume',
|
||||
side_effect=_connect_volume_side_effect),
|
||||
|
@ -17733,13 +17667,10 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
state=power_state.RUNNING)
|
||||
|
||||
with test.nested(
|
||||
mock.patch.object(drvr, '_is_booted_from_volume',
|
||||
return_value=False),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr.firewall_driver, 'setup_basic_filtering'),
|
||||
mock.patch.object(drvr.firewall_driver, 'prepare_instance_filter'),
|
||||
mock.patch.object(drvr.firewall_driver, 'apply_instance_filter')):
|
||||
mock.patch.object(drvr, '_is_booted_from_volume',
|
||||
return_value=False),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, 'plug_vifs')):
|
||||
drvr._create_domain_and_network(self.context, 'xml',
|
||||
mock_instance, [])
|
||||
|
||||
|
@ -17800,13 +17731,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
return_value=False),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr.firewall_driver, 'setup_basic_filtering'),
|
||||
mock.patch.object(drvr.firewall_driver, 'prepare_instance_filter'),
|
||||
mock.patch.object(drvr.firewall_driver, 'apply_instance_filter')
|
||||
) as (
|
||||
mock_is_booted_from_volume, mock_create_domain, mock_plug_vifs,
|
||||
mock_setup_basic_filtering, mock_prepare_instance_filter,
|
||||
mock_apply_instance_filter
|
||||
):
|
||||
drvr._create_domain_and_network(self.context, 'xml',
|
||||
mock_instance, [])
|
||||
|
@ -17850,13 +17776,10 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
state=power_state.SHUTDOWN)
|
||||
|
||||
with test.nested(
|
||||
mock.patch.object(drvr, '_is_booted_from_volume',
|
||||
return_value=False),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr.firewall_driver, 'setup_basic_filtering'),
|
||||
mock.patch.object(drvr.firewall_driver, 'prepare_instance_filter'),
|
||||
mock.patch.object(drvr.firewall_driver, 'apply_instance_filter')):
|
||||
mock.patch.object(drvr, '_is_booted_from_volume',
|
||||
return_value=False),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, 'plug_vifs')):
|
||||
drvr._create_domain_and_network(self.context, 'xml',
|
||||
mock_instance, [])
|
||||
|
||||
|
@ -18049,8 +17972,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
{'id': instance['image_ref']})
|
||||
|
||||
if method_name == "attach_interface":
|
||||
mock_setup = self.useFixture(fixtures.MockPatchObject(
|
||||
drvr.firewall_driver, 'setup_basic_filtering')).mock
|
||||
mock_build = self.useFixture(fixtures.MockPatchObject(
|
||||
drvr, '_build_device_metadata')).mock
|
||||
mock_build.return_value = objects.InstanceDeviceMetadata()
|
||||
|
@ -18069,7 +17990,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
if method_name == "attach_interface":
|
||||
drvr.attach_interface(self.context, instance, fake_image_meta,
|
||||
network_info[0])
|
||||
mock_setup.assert_called_once_with(instance, network_info)
|
||||
mock_build.assert_called_once_with(self.context, instance)
|
||||
mock_save.assert_called_once_with()
|
||||
elif method_name == "detach_interface":
|
||||
|
@ -18270,7 +18190,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
mock.patch.object(drvr, '_is_booted_from_volume',
|
||||
return_value=False),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr, 'firewall_driver'),
|
||||
mock.patch.object(drvr, '_create_domain',
|
||||
side_effect=exception.NovaException),
|
||||
mock.patch.object(drvr, 'cleanup')):
|
||||
|
@ -18294,10 +18213,9 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
mock.patch.object(drvr, '_lxc_disk_handler',
|
||||
side_effect=fake_lxc_disk_handler),
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr, 'firewall_driver'),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr, 'cleanup')) as (
|
||||
_handler, cleanup, firewall_driver, create, plug_vifs):
|
||||
_handler, cleanup, create, plug_vifs):
|
||||
domain = drvr._create_domain_and_network(self.context, 'xml',
|
||||
instance, None)
|
||||
self.assertEqual(0, create.call_args_list[0][1]['pause'])
|
||||
|
@ -18338,10 +18256,9 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
{'id': uuids.vif_2, 'active': False}]
|
||||
|
||||
@mock.patch.object(drvr, 'plug_vifs')
|
||||
@mock.patch.object(drvr, 'firewall_driver')
|
||||
@mock.patch.object(drvr, '_create_domain')
|
||||
@mock.patch.object(drvr, 'cleanup')
|
||||
def test_create(cleanup, create, fw_driver, plug_vifs):
|
||||
def test_create(cleanup, create, plug_vifs):
|
||||
domain = drvr._create_domain_and_network(self.context, 'xml',
|
||||
instance, vifs,
|
||||
power_on=power_on,
|
||||
|
@ -18417,10 +18334,9 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
drvr = libvirt_driver.LibvirtDriver(mock.MagicMock(), False)
|
||||
|
||||
@mock.patch.object(drvr, 'plug_vifs')
|
||||
@mock.patch.object(drvr, 'firewall_driver')
|
||||
@mock.patch.object(drvr, '_create_domain')
|
||||
@mock.patch.object(drvr, '_cleanup_failed_start')
|
||||
def the_test(mock_cleanup, mock_create, mock_fw, mock_plug):
|
||||
def the_test(mock_cleanup, mock_create, mock_plug):
|
||||
instance = objects.Instance(**self.test_instance)
|
||||
mock_create.side_effect = test.TestingException
|
||||
self.assertRaises(test.TestingException,
|
||||
|
@ -18529,13 +18445,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
|
||||
with test.nested(
|
||||
mock.patch.object(drvr, 'plug_vifs'),
|
||||
mock.patch.object(drvr.firewall_driver, 'setup_basic_filtering'),
|
||||
mock.patch.object(drvr.firewall_driver,
|
||||
'prepare_instance_filter'),
|
||||
mock.patch.object(drvr, '_create_domain'),
|
||||
mock.patch.object(drvr.firewall_driver, 'apply_instance_filter'),
|
||||
) as (plug_vifs, setup_basic_filtering, prepare_instance_filter,
|
||||
create_domain, apply_instance_filter):
|
||||
) as (plug_vifs, create_domain):
|
||||
create_domain.return_value = libvirt_guest.Guest(mock_dom)
|
||||
|
||||
guest = drvr._create_domain_and_network(
|
||||
|
@ -18543,10 +18454,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
block_device_info=block_device_info)
|
||||
|
||||
plug_vifs.assert_called_once_with(instance, network_info)
|
||||
setup_basic_filtering.assert_called_once_with(instance,
|
||||
network_info)
|
||||
prepare_instance_filter.assert_called_once_with(instance,
|
||||
network_info)
|
||||
pause = self._get_pause_flag(drvr, network_info)
|
||||
create_domain.assert_called_once_with(
|
||||
fake_xml, pause=pause, power_on=True, post_xml_callback=None)
|
||||
|
@ -18625,7 +18532,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
@mock.patch('nova.virt.libvirt.driver.LibvirtDriver._undefine_domain')
|
||||
def test_cleanup_pass_with_no_mount_device(self, undefine, unplug):
|
||||
drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI())
|
||||
drvr.firewall_driver = mock.Mock()
|
||||
drvr._disconnect_volume = mock.Mock()
|
||||
fake_inst = objects.Instance(**self.test_instance)
|
||||
fake_bdms = [{'connection_info': 'foo',
|
||||
|
@ -18650,7 +18556,6 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
drvr.cleanup, 'ctxt', fake_inst, 'netinfo')
|
||||
unplug.assert_called_once_with(fake_inst, 'netinfo', True)
|
||||
|
||||
@mock.patch.object(libvirt_driver.LibvirtDriver, 'unfilter_instance')
|
||||
@mock.patch.object(libvirt_driver.LibvirtDriver, 'delete_instance_files',
|
||||
return_value=True)
|
||||
@mock.patch.object(objects.Instance, 'save')
|
||||
|
@ -18658,8 +18563,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
def test_cleanup_migrate_data_shared_block_storage(self,
|
||||
_undefine_domain,
|
||||
save,
|
||||
delete_instance_files,
|
||||
unfilter_instance):
|
||||
delete_instance_files):
|
||||
# Tests the cleanup method when migrate_data has
|
||||
# is_shared_block_storage=True and destroy_disks=False.
|
||||
instance = objects.Instance(self.context, **self.test_instance)
|
||||
|
@ -18674,13 +18578,12 @@ class LibvirtConnTestCase(test.NoDBTestCase,
|
|||
self.assertTrue(instance.cleaned)
|
||||
save.assert_called_once_with()
|
||||
|
||||
@mock.patch.object(libvirt_driver.LibvirtDriver, 'unfilter_instance')
|
||||
@mock.patch.object(libvirt_driver.LibvirtDriver, 'delete_instance_files',
|
||||
return_value=True)
|
||||
@mock.patch.object(objects.Instance, 'save')
|
||||
@mock.patch.object(libvirt_driver.LibvirtDriver, '_undefine_domain')
|
||||
def test_cleanup_instance_dir_with_rbd_workaround(self,
|
||||
_undefine_domain, save, delete_instance_files, unfilter_instance):
|
||||
_undefine_domain, save, delete_instance_files):
|
||||
self.flags(images_type='rbd', group='libvirt')
|
||||
self.flags(ensure_libvirt_rbd_instance_dir_cleanup=True,
|
||||
group='workarounds')
|
||||
|
@ -21032,9 +20935,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
self.stub_out('nova.virt.libvirt.driver.LibvirtDriver.plug_vifs',
|
||||
fake_plug_vifs)
|
||||
self.stub_out('oslo_concurrency.processutils.execute', fake_execute)
|
||||
fw = base_firewall.NoopFirewallDriver()
|
||||
self.stub_out('nova.virt.libvirt.driver.LibvirtDriver.firewall_driver',
|
||||
fw)
|
||||
self.stub_out('nova.virt.libvirt.driver.LibvirtDriver.'
|
||||
'_create_domain_and_network', fake_create_domain)
|
||||
self.stub_out('nova.virt.libvirt.driver.LibvirtDriver.get_info',
|
||||
|
@ -21287,10 +21187,8 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
new_callable=mock.NonCallableMock),
|
||||
mock.patch.object(drvr, '_undefine_domain'),
|
||||
mock.patch.object(drvr, 'unplug_vifs'),
|
||||
mock.patch.object(drvr, 'unfilter_instance')
|
||||
) as (mock_volume_backed, mock_exists, mock_get_path,
|
||||
mock_rmtree, mock_image_by_name, mock_undef, mock_unplug,
|
||||
mock_unfilter):
|
||||
mock_rmtree, mock_image_by_name, mock_undef, mock_unplug):
|
||||
mock_exists.return_value = True
|
||||
mock_get_path.return_value = '/fake/inst'
|
||||
|
||||
|
@ -21299,7 +21197,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
self.assertEqual(5, mock_rmtree.call_count)
|
||||
mock_undef.assert_called_once_with(ins_ref)
|
||||
mock_unplug.assert_called_once_with(ins_ref, fake_net)
|
||||
mock_unfilter.assert_called_once_with(ins_ref, fake_net)
|
||||
|
||||
@mock.patch('time.sleep', new=mock.Mock())
|
||||
def test_cleanup_resize_not_same_host_volume_backed(self):
|
||||
|
@ -21325,9 +21222,8 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
mock.patch.object(shutil, 'rmtree'),
|
||||
mock.patch.object(drvr, '_undefine_domain'),
|
||||
mock.patch.object(drvr, 'unplug_vifs'),
|
||||
mock.patch.object(drvr, 'unfilter_instance')
|
||||
) as (mock_volume_backed, mock_exists, mock_get_path,
|
||||
mock_rmtree, mock_undef, mock_unplug, mock_unfilter):
|
||||
mock_rmtree, mock_undef, mock_unplug):
|
||||
mock_exists.return_value = True
|
||||
mock_get_path.return_value = '/fake/inst'
|
||||
|
||||
|
@ -21336,7 +21232,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
self.assertEqual(5, mock_rmtree.call_count)
|
||||
mock_undef.assert_called_once_with(ins_ref)
|
||||
mock_unplug.assert_called_once_with(ins_ref, fake_net)
|
||||
mock_unfilter.assert_called_once_with(ins_ref, fake_net)
|
||||
|
||||
@mock.patch('time.sleep', new=mock.Mock())
|
||||
def test_cleanup_resize_snap_backend(self):
|
||||
|
@ -21683,8 +21578,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
CONF.libvirt.virt_type, self.drvr._host)
|
||||
with test.nested(
|
||||
mock.patch.object(host.Host, '_get_domain', return_value=domain),
|
||||
mock.patch.object(self.drvr.firewall_driver,
|
||||
'setup_basic_filtering'),
|
||||
mock.patch.object(domain, 'attachDeviceFlags'),
|
||||
mock.patch.object(domain, 'info',
|
||||
return_value=[power_state.RUNNING, 1, 2, 3, 4]),
|
||||
|
@ -21694,7 +21587,7 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
side_effect=exception.NovaException),
|
||||
mock.patch.object(self.drvr, 'detach_interface'),
|
||||
) as (
|
||||
mock_get_domain, mock_setup_basic_filtering,
|
||||
mock_get_domain,
|
||||
mock_attach_device_flags, mock_info, mock_get_config,
|
||||
mock_build_device_metadata, mock_detach_interface
|
||||
):
|
||||
|
@ -21703,8 +21596,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
instance, fake_image_meta, network_info[0])
|
||||
mock_get_domain.assert_called_with(instance)
|
||||
mock_info.assert_called_with()
|
||||
mock_setup_basic_filtering.assert_called_with(
|
||||
instance, [network_info[0]])
|
||||
mock_get_config.assert_called_with(
|
||||
instance, network_info[0], fake_image_meta, instance.flavor,
|
||||
CONF.libvirt.virt_type, self.drvr._host)
|
||||
|
@ -21753,9 +21644,7 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
with test.nested(
|
||||
mock.patch.object(self.drvr.vif_driver, 'get_config',
|
||||
return_value=expected),
|
||||
mock.patch.object(self.drvr.firewall_driver,
|
||||
'setup_basic_filtering')
|
||||
) as (mock_get_config, mock_setup):
|
||||
) as (mock_get_config,):
|
||||
self.drvr.attach_interface(
|
||||
self.context, instance, fake_image_meta, network_info[0])
|
||||
|
||||
|
@ -21765,7 +21654,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
self.drvr._host)
|
||||
mock_get_domain.assert_called_once_with(instance)
|
||||
mock_info.assert_called_once_with()
|
||||
mock_setup.assert_called_once_with(instance, [network_info[0]])
|
||||
mock_build.assert_called_once_with(self.context, instance)
|
||||
mock_save.assert_called_once_with()
|
||||
mock_attach.assert_called_once_with(expected.to_xml(),
|
||||
|
@ -21952,9 +21840,7 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
side_effect=[expected, expected, None, None]),
|
||||
mock.patch.object(self.drvr.vif_driver, 'get_config',
|
||||
return_value=expected),
|
||||
mock.patch.object(self.drvr.firewall_driver,
|
||||
'setup_basic_filtering')
|
||||
) as (mock_get_interface, mock_get_config, mock_setup):
|
||||
) as (mock_get_interface, mock_get_config):
|
||||
self.drvr.detach_interface(self.context, instance, network_info[0])
|
||||
|
||||
mock_get_interface.assert_has_calls([mock.call(expected)] * 3)
|
||||
|
@ -21963,7 +21849,6 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
instance, network_info[0], test.MatchType(objects.ImageMeta),
|
||||
test.MatchType(objects.Flavor), CONF.libvirt.virt_type,
|
||||
self.drvr._host)
|
||||
mock_setup.assert_not_called()
|
||||
mock_get_domain.assert_called_once_with(instance)
|
||||
mock_info.assert_called_once_with()
|
||||
mock_detach.assert_called_once_with(expected.to_xml(),
|
||||
|
@ -22525,11 +22410,10 @@ class LibvirtDriverTestCase(test.NoDBTestCase, TraitsComparisonMixin):
|
|||
@mock.patch.object(lvm, 'get_volume_size', return_value=10)
|
||||
@mock.patch.object(host.Host, "get_guest")
|
||||
@mock.patch.object(dmcrypt, 'delete_volume')
|
||||
@mock.patch('nova.virt.libvirt.driver.LibvirtDriver.unfilter_instance')
|
||||
@mock.patch('nova.virt.libvirt.driver.LibvirtDriver._undefine_domain')
|
||||
@mock.patch.object(objects.Instance, 'save')
|
||||
def test_cleanup_lvm_encrypted(self, mock_save, mock_undefine_domain,
|
||||
mock_unfilter, mock_delete_volume,
|
||||
mock_delete_volume,
|
||||
mock_get_guest, mock_get_lvm_size,
|
||||
mock_get_size):
|
||||
drv = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), True)
|
||||
|
|
|
@ -515,21 +515,14 @@ class LibvirtVifTestCase(test.NoDBTestCase):
|
|||
mac = node.find("mac").get("address")
|
||||
self.assertEqual(mac, vif['address'])
|
||||
|
||||
def _assertTypeEquals(self, node, type, attr, source, br_want,
|
||||
prefix=None):
|
||||
def _assertTypeEquals(self, node, type, attr, source, br_want):
|
||||
self.assertEqual(node.get("type"), type)
|
||||
br_name = node.find(attr).get(source)
|
||||
if prefix is None:
|
||||
self.assertEqual(br_name, br_want)
|
||||
else:
|
||||
self.assertTrue(br_name.startswith(prefix))
|
||||
self.assertEqual(br_name, br_want)
|
||||
|
||||
def _assertTypeAndMacEquals(self, node, type, attr, source, vif,
|
||||
br_want=None, size=0, prefix=None):
|
||||
ret = node.findall("filterref")
|
||||
self.assertEqual(len(ret), size)
|
||||
self._assertTypeEquals(node, type, attr, source, br_want,
|
||||
prefix)
|
||||
br_want=None):
|
||||
self._assertTypeEquals(node, type, attr, source, br_want)
|
||||
self._assertMacEquals(node, vif)
|
||||
|
||||
def _assertModel(self, xml, model_want=None, driver_want=None):
|
||||
|
@ -901,16 +894,20 @@ class LibvirtVifTestCase(test.NoDBTestCase):
|
|||
self.assertIsNone(conf.driver_name)
|
||||
self.assertIsNone(conf.model)
|
||||
|
||||
def _test_model_qemu(self, *vif_objs, **kw):
|
||||
libvirt_version = kw.get('libvirt_version')
|
||||
def test_model_qemu(self):
|
||||
vif_objs = [
|
||||
self.vif_bridge,
|
||||
self.vif_8021qbg,
|
||||
self.vif_iovisor,
|
||||
self.vif_ovs,
|
||||
]
|
||||
|
||||
self.flags(use_virtio_for_bridges=True,
|
||||
virt_type='qemu',
|
||||
group='libvirt')
|
||||
|
||||
for vif_obj in vif_objs:
|
||||
d = vif.LibvirtGenericVIFDriver()
|
||||
if libvirt_version is not None:
|
||||
d.libvirt_version = libvirt_version
|
||||
|
||||
xml = self._get_instance_xml(d, vif_obj)
|
||||
|
||||
|
@ -937,23 +934,6 @@ class LibvirtVifTestCase(test.NoDBTestCase):
|
|||
|
||||
self._assertModel(xml, network_model.VIF_MODEL_VIRTIO, "qemu")
|
||||
|
||||
def test_model_qemu_no_firewall(self):
|
||||
self._test_model_qemu(
|
||||
self.vif_bridge,
|
||||
self.vif_8021qbg,
|
||||
self.vif_iovisor,
|
||||
self.vif_ovs,
|
||||
)
|
||||
|
||||
def test_model_qemu_iptables(self):
|
||||
self.flags(firewall_driver="nova.virt.firewall.IptablesFirewallDriver")
|
||||
self._test_model_qemu(
|
||||
self.vif_bridge,
|
||||
self.vif_ovs,
|
||||
self.vif_8021qbg,
|
||||
self.vif_iovisor
|
||||
)
|
||||
|
||||
def test_model_xen(self):
|
||||
self.flags(use_virtio_for_bridges=True,
|
||||
virt_type='xen',
|
||||
|
@ -1083,29 +1063,6 @@ class LibvirtVifTestCase(test.NoDBTestCase):
|
|||
self._assertTypeAndMacEquals(node, "bridge", "target", "dev",
|
||||
self.vif_ovs_filter_cap, br_want)
|
||||
|
||||
def _check_neutron_hybrid_driver(self, d, vif, br_want):
|
||||
self.flags(firewall_driver="nova.virt.firewall.IptablesFirewallDriver")
|
||||
xml = self._get_instance_xml(d, vif)
|
||||
node = self._get_node(xml)
|
||||
self._assertTypeAndMacEquals(node, "bridge", "source", "bridge",
|
||||
vif, br_want, 1)
|
||||
|
||||
def test_ivs_hybrid_driver(self):
|
||||
d = vif.LibvirtGenericVIFDriver()
|
||||
br_want = "qbr" + self.vif_ivs['id']
|
||||
br_want = br_want[:network_model.NIC_NAME_LEN]
|
||||
self._check_neutron_hybrid_driver(d,
|
||||
self.vif_ivs,
|
||||
br_want)
|
||||
|
||||
def test_generic_hybrid_driver(self):
|
||||
d = vif.LibvirtGenericVIFDriver()
|
||||
br_want = "qbr" + self.vif_ovs['id']
|
||||
br_want = br_want[:network_model.NIC_NAME_LEN]
|
||||
self._check_neutron_hybrid_driver(d,
|
||||
self.vif_ovs,
|
||||
br_want)
|
||||
|
||||
def test_ib_hostdev_driver(self):
|
||||
d = vif.LibvirtGenericVIFDriver()
|
||||
xml = self._get_instance_xml(d, self.vif_ib_hostdev)
|
||||
|
|
|
@ -592,31 +592,6 @@ class _VirtDriverTestCase(_FakeDriverBackendTestCase):
|
|||
self.assertIn('username', console_pool)
|
||||
self.assertIn('password', console_pool)
|
||||
|
||||
@catch_notimplementederror
|
||||
def test_refresh_security_group_rules(self):
|
||||
# FIXME: Create security group and add the instance to it
|
||||
instance_ref, network_info = self._get_running_instance()
|
||||
self.connection.refresh_security_group_rules(1)
|
||||
|
||||
@catch_notimplementederror
|
||||
def test_refresh_instance_security_rules(self):
|
||||
# FIXME: Create security group and add the instance to it
|
||||
instance_ref, network_info = self._get_running_instance()
|
||||
self.connection.refresh_instance_security_rules(instance_ref)
|
||||
|
||||
@catch_notimplementederror
|
||||
def test_ensure_filtering_for_instance(self):
|
||||
instance = test_utils.get_test_instance(obj=True)
|
||||
network_info = test_utils.get_test_network_info()
|
||||
self.connection.ensure_filtering_rules_for_instance(instance,
|
||||
network_info)
|
||||
|
||||
@catch_notimplementederror
|
||||
def test_unfilter_instance(self):
|
||||
instance_ref = test_utils.get_test_instance()
|
||||
network_info = test_utils.get_test_network_info()
|
||||
self.connection.unfilter_instance(instance_ref, network_info)
|
||||
|
||||
def test_live_migration(self):
|
||||
instance_ref, network_info = self._get_running_instance()
|
||||
fake_context = context.RequestContext('fake', 'fake')
|
||||
|
|
|
@ -1944,11 +1944,6 @@ class VMwareAPIVMTestCase(test.NoDBTestCase,
|
|||
self.assertEqual('iscsi-name', connector['initiator'])
|
||||
self.assertNotIn('instance', connector)
|
||||
|
||||
def test_refresh_instance_security_rules(self):
|
||||
self.assertRaises(NotImplementedError,
|
||||
self.conn.refresh_instance_security_rules,
|
||||
instance=None)
|
||||
|
||||
@mock.patch.object(objects.block_device.BlockDeviceMappingList,
|
||||
'get_by_instance_uuids')
|
||||
def test_image_aging_image_used(self, mock_get_by_inst):
|
||||
|
|
|
@ -21,7 +21,6 @@ import fixtures
|
|||
import mock
|
||||
from os_xenapi.client import session
|
||||
from os_xenapi.client import XenAPI
|
||||
from oslo_serialization import jsonutils
|
||||
|
||||
from nova import test
|
||||
from nova.virt.xenapi import fake
|
||||
|
@ -51,24 +50,12 @@ def _make_fake_vdi():
|
|||
class FakeSessionForVMTests(fake.SessionBase):
|
||||
"""Stubs out a XenAPISession for VM tests."""
|
||||
|
||||
_fake_iptables_save_output = ("# Generated by iptables-save v1.4.10 on "
|
||||
"Sun Nov 6 22:49:02 2011\n"
|
||||
"*filter\n"
|
||||
":INPUT ACCEPT [0:0]\n"
|
||||
":FORWARD ACCEPT [0:0]\n"
|
||||
":OUTPUT ACCEPT [0:0]\n"
|
||||
"COMMIT\n"
|
||||
"# Completed on Sun Nov 6 22:49:02 2011\n")
|
||||
|
||||
def host_call_plugin(self, _1, _2, plugin, method, _5):
|
||||
plugin = plugin.rstrip('.py')
|
||||
|
||||
if plugin == 'glance' and method == 'download_vhd2':
|
||||
root_uuid = _make_fake_vdi()
|
||||
return pickle.dumps(dict(root=dict(uuid=root_uuid)))
|
||||
elif (plugin, method) == ('xenhost', 'iptables_config'):
|
||||
return fake.as_json(out=self._fake_iptables_save_output,
|
||||
err='')
|
||||
else:
|
||||
return (super(FakeSessionForVMTests, self).
|
||||
host_call_plugin(_1, _2, plugin, method, _5))
|
||||
|
@ -96,54 +83,6 @@ class FakeSessionForVMTests(fake.SessionBase):
|
|||
pass
|
||||
|
||||
|
||||
class FakeSessionForFirewallTests(FakeSessionForVMTests):
|
||||
"""Stubs out a XenApi Session for doing IPTable Firewall tests."""
|
||||
|
||||
def __init__(self, uri, test_case=None):
|
||||
super(FakeSessionForFirewallTests, self).__init__(uri)
|
||||
if hasattr(test_case, '_in_rules'):
|
||||
self._in_rules = test_case._in_rules
|
||||
if hasattr(test_case, '_in6_filter_rules'):
|
||||
self._in6_filter_rules = test_case._in6_filter_rules
|
||||
self._test_case = test_case
|
||||
|
||||
def host_call_plugin(self, _1, _2, plugin, method, args):
|
||||
"""Mock method for host_call_plugin to be used in unit tests
|
||||
for the dom0 iptables Firewall drivers for XenAPI
|
||||
|
||||
"""
|
||||
plugin = plugin.rstrip('.py')
|
||||
|
||||
if plugin == 'xenhost' and method == 'iptables_config':
|
||||
# The command to execute is a json-encoded list
|
||||
cmd_args = args.get('cmd_args', None)
|
||||
cmd = jsonutils.loads(cmd_args)
|
||||
if not cmd:
|
||||
ret_str = ''
|
||||
else:
|
||||
output = ''
|
||||
process_input = args.get('process_input', None)
|
||||
if cmd == ['ip6tables-save', '-c']:
|
||||
output = '\n'.join(self._in6_filter_rules)
|
||||
if cmd == ['iptables-save', '-c']:
|
||||
output = '\n'.join(self._in_rules)
|
||||
if cmd == ['iptables-restore', '-c', ]:
|
||||
lines = process_input.split('\n')
|
||||
if '*filter' in lines:
|
||||
if self._test_case is not None:
|
||||
self._test_case._out_rules = lines
|
||||
output = '\n'.join(lines)
|
||||
if cmd == ['ip6tables-restore', '-c', ]:
|
||||
lines = process_input.split('\n')
|
||||
if '*filter' in lines:
|
||||
output = '\n'.join(lines)
|
||||
ret_str = fake.as_json(out=output, err='')
|
||||
return ret_str
|
||||
else:
|
||||
return (super(FakeSessionForVMTests, self).
|
||||
host_call_plugin(_1, _2, plugin, method, args))
|
||||
|
||||
|
||||
class ReplaceModule(fixtures.Fixture):
|
||||
"""Replace a module with a fake module."""
|
||||
|
||||
|
|
|
@ -472,9 +472,7 @@ class GetInstanceForVdisForSrTestCase(VMUtilsTestBase):
|
|||
self.fixture = self.useFixture(config_fixture.Config(lockutils.CONF))
|
||||
self.fixture.config(disable_process_locking=True,
|
||||
group='oslo_concurrency')
|
||||
self.flags(instance_name_template='%d',
|
||||
firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
self.flags(instance_name_template='%d')
|
||||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
|
@ -1239,9 +1237,7 @@ class VMUtilsSRPath(VMUtilsTestBase):
|
|||
self.fixture = self.useFixture(config_fixture.Config(lockutils.CONF))
|
||||
self.fixture.config(disable_process_locking=True,
|
||||
group='oslo_concurrency')
|
||||
self.flags(instance_name_template='%d',
|
||||
firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
self.flags(instance_name_template='%d')
|
||||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
|
@ -2171,9 +2167,7 @@ class CreateVmRecordTestCase(VMUtilsTestBase):
|
|||
self.fixture = self.useFixture(config_fixture.Config(lockutils.CONF))
|
||||
self.fixture.config(disable_process_locking=True,
|
||||
group='oslo_concurrency')
|
||||
self.flags(instance_name_template='%d',
|
||||
firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
self.flags(instance_name_template='%d')
|
||||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
|
|
|
@ -446,12 +446,6 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
self.vmops, '_file_inject_vm_settings')).mock
|
||||
self.mock_create_vifs = self.useFixture(
|
||||
fixtures.MockPatchObject(self.vmops, '_create_vifs')).mock
|
||||
self.mock_setup_basic_filtering = self.useFixture(
|
||||
fixtures.MockPatchObject(
|
||||
self.vmops.firewall_driver, 'setup_basic_filtering')).mock
|
||||
self.mock_prepare_instance_filter = self.useFixture(
|
||||
fixtures.MockPatchObject(
|
||||
self.vmops.firewall_driver, 'prepare_instance_filter')).mock
|
||||
self.mock_start = self.useFixture(
|
||||
fixtures.MockPatchObject(self.vmops, '_start')).mock
|
||||
self.mock_wait_for_instance_to_start = self.useFixture(
|
||||
|
@ -462,9 +456,6 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
self.vmops, '_configure_new_instance_with_agent')).mock
|
||||
self.mock_remove_hostname = self.useFixture(
|
||||
fixtures.MockPatchObject(self.vmops, '_remove_hostname')).mock
|
||||
self.mock_apply_instance_filter = self.useFixture(
|
||||
fixtures.MockPatchObject(
|
||||
self.vmops.firewall_driver, 'apply_instance_filter')).mock
|
||||
self.mock_update_last_dom_id = self.useFixture(
|
||||
fixtures.MockPatchObject(self.vmops, '_update_last_dom_id')).mock
|
||||
self.mock_call_xenapi = self.useFixture(
|
||||
|
@ -498,7 +489,7 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
admin_password = "password"
|
||||
if network_info is None:
|
||||
network_info = []
|
||||
steps = 10
|
||||
steps = 9
|
||||
if rescue:
|
||||
steps += 1
|
||||
|
||||
|
@ -564,10 +555,6 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
expected_update_instance_progress_calls.append(
|
||||
mock.call(context, instance, step, steps))
|
||||
|
||||
step += 1
|
||||
expected_update_instance_progress_calls.append(
|
||||
mock.call(context, instance, step, steps))
|
||||
|
||||
if neutron_exception:
|
||||
events = [('network-vif-plugged', 1)]
|
||||
self.stub_out('nova.virt.xenapi.vmops.VMOps.'
|
||||
|
@ -583,7 +570,6 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
side_effect=(
|
||||
exception.VirtualInterfaceCreateException))).mock
|
||||
else:
|
||||
self.mock_setup_basic_filtering.side_effect = NotImplementedError
|
||||
step += 1
|
||||
expected_update_instance_progress_calls.append(
|
||||
mock.call(context, instance, step, steps))
|
||||
|
@ -605,7 +591,7 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
|
||||
if throw_exception:
|
||||
self.mock_update_instance_progress.side_effect = [
|
||||
None, None, None, None, None, None, None, None, None,
|
||||
None, None, None, None, None, None, None, None,
|
||||
throw_exception]
|
||||
|
||||
self.vmops.spawn(context, instance, image_meta, injected_files,
|
||||
|
@ -669,18 +655,12 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
else:
|
||||
self.mock_create_vifs.assert_called_once_with(instance, vm_ref,
|
||||
network_info)
|
||||
self.mock_setup_basic_filtering.assert_called_once_with(
|
||||
instance, network_info)
|
||||
self.mock_prepare_instance_filter.assert_called_once_with(
|
||||
instance, network_info)
|
||||
self.mock_wait_for_instance_to_start.assert_called_once_with(
|
||||
instance, vm_ref)
|
||||
self.mock_configure_new_instance_w_agent.assert_called_once_with(
|
||||
instance, vm_ref, injected_files, admin_password)
|
||||
self.mock_remove_hostname.assert_called_once_with(
|
||||
instance, vm_ref)
|
||||
self.mock_apply_instance_filter.assert_called_once_with(
|
||||
instance, network_info)
|
||||
self.mock_update_last_dom_id.assert_called_once_with(vm_ref)
|
||||
self.mock_call_xenapi.assert_called_once_with('VM.unpause', vm_ref)
|
||||
|
||||
|
@ -898,7 +878,6 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
rescue = False
|
||||
self.mock_create_vm_record.return_value = vm_ref
|
||||
self.mock_get_instance_pci_devs.return_value = []
|
||||
self.mock_setup_basic_filtering.side_effect = NotImplementedError
|
||||
|
||||
if power_on:
|
||||
expected_call_xenapi.append(mock.call('VM.unpause', vm_ref))
|
||||
|
@ -937,12 +916,6 @@ class SpawnTestCase(VMOpsTestBase):
|
|||
instance, vm_ref, vdis, network_info)
|
||||
self.mock_create_vifs.assert_called_once_with(
|
||||
instance, vm_ref, network_info)
|
||||
self.mock_setup_basic_filtering.assert_called_once_with(instance,
|
||||
network_info)
|
||||
self.mock_prepare_instance_filter.assert_called_once_with(
|
||||
instance, network_info)
|
||||
self.mock_apply_instance_filter.assert_called_once_with(
|
||||
instance, network_info)
|
||||
self.mock_attach_vgpu.assert_called_once_with(vm_ref, vgpu_info,
|
||||
instance)
|
||||
mock_import_all_migrated_disks.assert_called_once_with(
|
||||
|
|
|
@ -232,8 +232,6 @@ class XenAPIVolumeTestCase(stubs.XenAPITestBaseNoDB):
|
|||
self.fixture = self.useFixture(config_fixture.Config(lockutils.CONF))
|
||||
self.fixture.config(disable_process_locking=True,
|
||||
group='oslo_concurrency')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
|
@ -289,9 +287,7 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
|
|||
self.fixture = self.useFixture(config_fixture.Config(lockutils.CONF))
|
||||
self.fixture.config(disable_process_locking=True,
|
||||
group='oslo_concurrency')
|
||||
self.flags(instance_name_template='%d',
|
||||
firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
self.flags(instance_name_template='%d')
|
||||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
|
@ -334,12 +330,6 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
|
|||
fake_image.FakeImageService_reset()
|
||||
super(XenAPIVMTestCase, self).tearDown()
|
||||
|
||||
def stubout_firewall_driver(self):
|
||||
self.stub_out('nova.virt.firewall.IptablesFirewallDriver.'
|
||||
'prepare_instance_filter', lambda *args: None)
|
||||
self.stub_out('nova.virt.firewall.IptablesFirewallDriver.'
|
||||
'instance_filter_exists', lambda *args: None)
|
||||
|
||||
def stubout_instance_snapshot(self):
|
||||
self.stub_out('nova.virt.xenapi.vm_utils._fetch_image',
|
||||
lambda context, session, instance, name_label,
|
||||
|
@ -610,9 +600,6 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
|
|||
|
||||
mock_create_vbd.side_effect = create_bad_vbd
|
||||
self.stubout_instance_snapshot()
|
||||
# Stubbing out firewall driver as previous stub sets alters
|
||||
# xml rpc result parsing
|
||||
self.stubout_firewall_driver()
|
||||
instance = self._create_instance()
|
||||
|
||||
image_id = "my_snapshot_id"
|
||||
|
@ -635,9 +622,6 @@ class XenAPIVMTestCase(stubs.XenAPITestBase,
|
|||
|
||||
self.stubout_instance_snapshot()
|
||||
self.stubout_is_snapshot()
|
||||
# Stubbing out firewall driver as previous stub sets alters
|
||||
# xml rpc result parsing
|
||||
self.stubout_firewall_driver()
|
||||
|
||||
instance = self._create_instance()
|
||||
|
||||
|
@ -1670,8 +1654,6 @@ class XenAPIMigrateInstance(stubs.XenAPITestBase):
|
|||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
stubs.stubout_session(self, stubs.FakeSessionForVMTests)
|
||||
db_fakes.stub_out_db_instance_api(self)
|
||||
xenapi_fake.create_network('fake', 'fake_br1')
|
||||
|
@ -2469,8 +2451,6 @@ class XenAPIAutoDiskConfigTestCase(stubs.XenAPITestBase):
|
|||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
stubs.stubout_session(self, stubs.FakeSessionForVMTests)
|
||||
self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
|
||||
|
||||
|
@ -2582,8 +2562,6 @@ class XenAPIGenerateLocal(stubs.XenAPITestBase):
|
|||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
stubs.stubout_session(self, stubs.FakeSessionForVMTests)
|
||||
db_fakes.stub_out_db_instance_api(self)
|
||||
self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
|
||||
|
@ -2693,8 +2671,6 @@ class XenAPIBWCountersTestCase(stubs.XenAPITestBaseNoDB):
|
|||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
stubs.stubout_session(self, stubs.FakeSessionForVMTests)
|
||||
self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
|
||||
|
||||
|
@ -2755,282 +2731,6 @@ class XenAPIBWCountersTestCase(stubs.XenAPITestBaseNoDB):
|
|||
self.assertEqual(result, [])
|
||||
|
||||
|
||||
# TODO(salvatore-orlando): this class and
|
||||
# nova.tests.unit.virt.test_libvirt.IPTablesFirewallDriverTestCase
|
||||
# share a lot of code. Consider abstracting common code in a base
|
||||
# class for firewall driver testing.
|
||||
#
|
||||
# FIXME(sirp): convert this to use XenAPITestBaseNoDB
|
||||
class XenAPIDom0IptablesFirewallTestCase(stubs.XenAPITestBase):
|
||||
|
||||
REQUIRES_LOCKING = True
|
||||
|
||||
_in_rules = [
|
||||
'# Generated by iptables-save v1.4.10 on Sat Feb 19 00:03:19 2011',
|
||||
'*nat',
|
||||
':PREROUTING ACCEPT [1170:189210]',
|
||||
':INPUT ACCEPT [844:71028]',
|
||||
':OUTPUT ACCEPT [5149:405186]',
|
||||
':POSTROUTING ACCEPT [5063:386098]',
|
||||
'# Completed on Mon Dec 6 11:54:13 2010',
|
||||
'# Generated by iptables-save v1.4.4 on Mon Dec 6 11:54:13 2010',
|
||||
'*mangle',
|
||||
':INPUT ACCEPT [969615:281627771]',
|
||||
':FORWARD ACCEPT [0:0]',
|
||||
':OUTPUT ACCEPT [915599:63811649]',
|
||||
':nova-block-ipv4 - [0:0]',
|
||||
'[0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED'
|
||||
',ESTABLISHED -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -i virbr0 -o virbr0 -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -o virbr0 -j REJECT '
|
||||
'--reject-with icmp-port-unreachable ',
|
||||
'[0:0] -A FORWARD -i virbr0 -j REJECT '
|
||||
'--reject-with icmp-port-unreachable ',
|
||||
'COMMIT',
|
||||
'# Completed on Mon Dec 6 11:54:13 2010',
|
||||
'# Generated by iptables-save v1.4.4 on Mon Dec 6 11:54:13 2010',
|
||||
'*filter',
|
||||
':INPUT ACCEPT [969615:281627771]',
|
||||
':FORWARD ACCEPT [0:0]',
|
||||
':OUTPUT ACCEPT [915599:63811649]',
|
||||
':nova-block-ipv4 - [0:0]',
|
||||
'[0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED'
|
||||
',ESTABLISHED -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -i virbr0 -o virbr0 -j ACCEPT ',
|
||||
'[0:0] -A FORWARD -o virbr0 -j REJECT '
|
||||
'--reject-with icmp-port-unreachable ',
|
||||
'[0:0] -A FORWARD -i virbr0 -j REJECT '
|
||||
'--reject-with icmp-port-unreachable ',
|
||||
'COMMIT',
|
||||
'# Completed on Mon Dec 6 11:54:13 2010',
|
||||
]
|
||||
|
||||
_in6_filter_rules = [
|
||||
'# Generated by ip6tables-save v1.4.4 on Tue Jan 18 23:47:56 2011',
|
||||
'*filter',
|
||||
':INPUT ACCEPT [349155:75810423]',
|
||||
':FORWARD ACCEPT [0:0]',
|
||||
':OUTPUT ACCEPT [349256:75777230]',
|
||||
'COMMIT',
|
||||
'# Completed on Tue Jan 18 23:47:56 2011',
|
||||
]
|
||||
|
||||
def setUp(self):
|
||||
super(XenAPIDom0IptablesFirewallTestCase, self).setUp()
|
||||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(instance_name_template='%d',
|
||||
firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
self.user_id = 'mappin'
|
||||
self.project_id = 'fake'
|
||||
stubs.stubout_session(self, stubs.FakeSessionForFirewallTests,
|
||||
test_case=self)
|
||||
self.context = context.RequestContext(self.user_id, self.project_id)
|
||||
self.network = importutils.import_object(CONF.network_manager)
|
||||
self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
|
||||
self.fw = self.conn._vmops.firewall_driver
|
||||
|
||||
def _create_instance_ref(self):
|
||||
return db.instance_create(self.context,
|
||||
{'user_id': self.user_id,
|
||||
'project_id': self.project_id,
|
||||
'instance_type_id': 1})
|
||||
|
||||
def _create_test_security_group(self):
|
||||
admin_ctxt = context.get_admin_context()
|
||||
secgroup = db.security_group_create(admin_ctxt,
|
||||
{'user_id': self.user_id,
|
||||
'project_id': self.project_id,
|
||||
'name': 'testgroup',
|
||||
'description': 'test group'})
|
||||
db.security_group_rule_create(admin_ctxt,
|
||||
{'parent_group_id': secgroup['id'],
|
||||
'protocol': 'icmp',
|
||||
'from_port': -1,
|
||||
'to_port': -1,
|
||||
'cidr': '192.168.11.0/24'})
|
||||
|
||||
db.security_group_rule_create(admin_ctxt,
|
||||
{'parent_group_id': secgroup['id'],
|
||||
'protocol': 'icmp',
|
||||
'from_port': 8,
|
||||
'to_port': -1,
|
||||
'cidr': '192.168.11.0/24'})
|
||||
|
||||
db.security_group_rule_create(admin_ctxt,
|
||||
{'parent_group_id': secgroup['id'],
|
||||
'protocol': 'tcp',
|
||||
'from_port': 80,
|
||||
'to_port': 81,
|
||||
'cidr': '192.168.10.0/24'})
|
||||
return secgroup
|
||||
|
||||
def _validate_security_group(self):
|
||||
in_rules = [l for l in self._in_rules if not l.startswith('#')]
|
||||
for rule in in_rules:
|
||||
if 'nova' not in rule:
|
||||
self.assertIn(rule, self._out_rules,
|
||||
'Rule went missing: %s' % rule)
|
||||
|
||||
instance_chain = None
|
||||
for rule in self._out_rules:
|
||||
# This is pretty crude, but it'll do for now
|
||||
# last two octets change
|
||||
if re.search('-d 192.168.[0-9]{1,3}.[0-9]{1,3} -j', rule):
|
||||
instance_chain = rule.split(' ')[-1]
|
||||
break
|
||||
self.assertTrue(instance_chain, "The instance chain wasn't added")
|
||||
security_group_chain = None
|
||||
for rule in self._out_rules:
|
||||
# This is pretty crude, but it'll do for now
|
||||
if '-A %s -j' % instance_chain in rule:
|
||||
security_group_chain = rule.split(' ')[-1]
|
||||
break
|
||||
self.assertTrue(security_group_chain,
|
||||
"The security group chain wasn't added")
|
||||
|
||||
regex = re.compile(r'\[0\:0\] -A .* -j ACCEPT -p icmp'
|
||||
' -s 192.168.11.0/24')
|
||||
match_rules = [rule for rule in self._out_rules if regex.match(rule)]
|
||||
self.assertGreater(len(match_rules), 0,
|
||||
"ICMP acceptance rule wasn't added")
|
||||
|
||||
regex = re.compile(r'\[0\:0\] -A .* -j ACCEPT -p icmp -m icmp'
|
||||
' --icmp-type 8 -s 192.168.11.0/24')
|
||||
match_rules = [rule for rule in self._out_rules if regex.match(rule)]
|
||||
self.assertGreater(len(match_rules), 0,
|
||||
"ICMP Echo Request acceptance rule wasn't added")
|
||||
|
||||
regex = re.compile(r'\[0\:0\] -A .* -j ACCEPT -p tcp --dport 80:81'
|
||||
' -s 192.168.10.0/24')
|
||||
match_rules = [rule for rule in self._out_rules if regex.match(rule)]
|
||||
self.assertGreater(len(match_rules), 0,
|
||||
"TCP port 80/81 acceptance rule wasn't added")
|
||||
|
||||
def test_static_filters(self):
|
||||
instance_ref = self._create_instance_ref()
|
||||
src_instance_ref = self._create_instance_ref()
|
||||
admin_ctxt = context.get_admin_context()
|
||||
secgroup = self._create_test_security_group()
|
||||
|
||||
src_secgroup = db.security_group_create(admin_ctxt,
|
||||
{'user_id': self.user_id,
|
||||
'project_id': self.project_id,
|
||||
'name': 'testsourcegroup',
|
||||
'description': 'src group'})
|
||||
db.security_group_rule_create(admin_ctxt,
|
||||
{'parent_group_id': secgroup['id'],
|
||||
'protocol': 'tcp',
|
||||
'from_port': 80,
|
||||
'to_port': 81,
|
||||
'group_id': src_secgroup['id']})
|
||||
|
||||
db.instance_add_security_group(admin_ctxt, instance_ref['uuid'],
|
||||
secgroup['id'])
|
||||
db.instance_add_security_group(admin_ctxt, src_instance_ref['uuid'],
|
||||
src_secgroup['id'])
|
||||
instance_ref = db.instance_get(admin_ctxt, instance_ref['id'])
|
||||
src_instance_ref = db.instance_get(admin_ctxt, src_instance_ref['id'])
|
||||
|
||||
network_model = fake_network.fake_get_instance_nw_info(self, 1)
|
||||
|
||||
self.stub_out('nova.objects.Instance.get_network_info',
|
||||
lambda instance: network_model)
|
||||
|
||||
self.fw.prepare_instance_filter(instance_ref, network_model)
|
||||
self.fw.apply_instance_filter(instance_ref, network_model)
|
||||
|
||||
self._validate_security_group()
|
||||
# Extra test for TCP acceptance rules
|
||||
for ip in network_model.fixed_ips():
|
||||
if ip['version'] != 4:
|
||||
continue
|
||||
regex = re.compile(r'\[0\:0\] -A .* -j ACCEPT -p tcp'
|
||||
' --dport 80:81 -s %s' % ip['address'])
|
||||
match_rules = [rule for rule in self._out_rules
|
||||
if regex.match(rule)]
|
||||
self.assertGreater(len(match_rules), 0,
|
||||
"TCP port 80/81 acceptance rule wasn't added")
|
||||
|
||||
db.instance_destroy(admin_ctxt, instance_ref['uuid'])
|
||||
|
||||
def test_filters_for_instance_with_ip_v6(self):
|
||||
self.flags(use_ipv6=True)
|
||||
network_info = fake_network.fake_get_instance_nw_info(self, 1)
|
||||
rulesv4, rulesv6 = self.fw._filters_for_instance("fake", network_info)
|
||||
self.assertEqual(len(rulesv4), 2)
|
||||
self.assertEqual(len(rulesv6), 1)
|
||||
|
||||
def test_filters_for_instance_without_ip_v6(self):
|
||||
self.flags(use_ipv6=False)
|
||||
network_info = fake_network.fake_get_instance_nw_info(self, 1)
|
||||
rulesv4, rulesv6 = self.fw._filters_for_instance("fake", network_info)
|
||||
self.assertEqual(len(rulesv4), 2)
|
||||
self.assertEqual(len(rulesv6), 0)
|
||||
|
||||
def test_multinic_iptables(self):
|
||||
ipv4_rules_per_addr = 1
|
||||
ipv4_addr_per_network = 2
|
||||
ipv6_rules_per_addr = 1
|
||||
ipv6_addr_per_network = 1
|
||||
networks_count = 5
|
||||
instance_ref = self._create_instance_ref()
|
||||
_get_instance_nw_info = fake_network.fake_get_instance_nw_info
|
||||
network_info = _get_instance_nw_info(self,
|
||||
networks_count,
|
||||
ipv4_addr_per_network)
|
||||
network_info[0]['network']['subnets'][0]['meta']['dhcp_server'] = \
|
||||
'1.1.1.1'
|
||||
ipv4_len = len(self.fw.iptables.ipv4['filter'].rules)
|
||||
ipv6_len = len(self.fw.iptables.ipv6['filter'].rules)
|
||||
inst_ipv4, inst_ipv6 = self.fw.instance_rules(instance_ref,
|
||||
network_info)
|
||||
self.fw.prepare_instance_filter(instance_ref, network_info)
|
||||
ipv4 = self.fw.iptables.ipv4['filter'].rules
|
||||
ipv6 = self.fw.iptables.ipv6['filter'].rules
|
||||
ipv4_network_rules = len(ipv4) - len(inst_ipv4) - ipv4_len
|
||||
ipv6_network_rules = len(ipv6) - len(inst_ipv6) - ipv6_len
|
||||
# Extra rules are for the DHCP request
|
||||
rules = (ipv4_rules_per_addr * ipv4_addr_per_network *
|
||||
networks_count) + 2
|
||||
self.assertEqual(ipv4_network_rules, rules)
|
||||
self.assertEqual(ipv6_network_rules,
|
||||
ipv6_rules_per_addr * ipv6_addr_per_network * networks_count)
|
||||
|
||||
def test_do_refresh_security_group_rules(self):
|
||||
admin_ctxt = context.get_admin_context()
|
||||
instance_ref = self._create_instance_ref()
|
||||
network_info = fake_network.fake_get_instance_nw_info(self, 1, 1)
|
||||
secgroup = self._create_test_security_group()
|
||||
db.instance_add_security_group(admin_ctxt, instance_ref['uuid'],
|
||||
secgroup['id'])
|
||||
self.fw.prepare_instance_filter(instance_ref, network_info)
|
||||
self.fw.instance_info[instance_ref['id']] = (instance_ref,
|
||||
network_info)
|
||||
self._validate_security_group()
|
||||
# add a rule to the security group
|
||||
db.security_group_rule_create(admin_ctxt,
|
||||
{'parent_group_id': secgroup['id'],
|
||||
'protocol': 'udp',
|
||||
'from_port': 200,
|
||||
'to_port': 299,
|
||||
'cidr': '192.168.99.0/24'})
|
||||
# validate the extra rule
|
||||
self.fw.refresh_security_group_rules(secgroup)
|
||||
regex = re.compile(r'\[0\:0\] -A .* -j ACCEPT -p udp --dport 200:299'
|
||||
' -s 192.168.99.0/24')
|
||||
match_rules = [rule for rule in self._out_rules if regex.match(rule)]
|
||||
self.assertGreater(len(match_rules), 0,
|
||||
"Rules were not updated properly. "
|
||||
"The rule for UDP acceptance is missing")
|
||||
|
||||
|
||||
class XenAPISRSelectionTestCase(stubs.XenAPITestBaseNoDB):
|
||||
"""Unit tests for testing we find the right SR."""
|
||||
def test_safe_find_sr_raise_exception(self):
|
||||
|
@ -3110,8 +2810,6 @@ class XenAPIAggregateTestCase(stubs.XenAPITestBase):
|
|||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(instance_name_template='%d',
|
||||
firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver',
|
||||
host='host',
|
||||
compute_driver='xenapi.XenAPIDriver',
|
||||
default_availability_zone='avail_zone1')
|
||||
|
@ -3466,9 +3164,7 @@ class XenAPILiveMigrateTestCase(stubs.XenAPITestBaseNoDB):
|
|||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver',
|
||||
host='host')
|
||||
self.flags(host='host')
|
||||
db_fakes.stub_out_db_instance_api(self)
|
||||
self.context = context.get_admin_context()
|
||||
|
||||
|
@ -3492,12 +3188,6 @@ class XenAPILiveMigrateTestCase(stubs.XenAPITestBaseNoDB):
|
|||
self.assertTrue(result)
|
||||
pre.assert_called_with("ctx", "inst", "bdi", "nw", "di", "data")
|
||||
|
||||
@mock.patch('nova.virt.firewall.IptablesFirewallDriver.'
|
||||
'apply_instance_filter')
|
||||
@mock.patch('nova.virt.firewall.IptablesFirewallDriver.'
|
||||
'prepare_instance_filter')
|
||||
@mock.patch('nova.virt.firewall.IptablesFirewallDriver.'
|
||||
'setup_basic_filtering')
|
||||
@mock.patch.object(vm_utils, 'create_kernel_and_ramdisk',
|
||||
return_value=('fake-kernel-file', 'fake-ramdisk-file'))
|
||||
@mock.patch.object(vm_utils, 'strip_base_mirror_from_vdis')
|
||||
|
@ -3505,9 +3195,7 @@ class XenAPILiveMigrateTestCase(stubs.XenAPITestBaseNoDB):
|
|||
@mock.patch.object(vmops.VMOps, '_post_start_actions')
|
||||
def test_post_live_migration_at_destination(
|
||||
self, mock_post_action, mock_get_vm_opaque_ref,
|
||||
mock_strip_base_mirror_from_vdis, mock_create_kernel_and_ramdisk,
|
||||
mock_setup_basic_filtering, mock_prepare_instance_filter,
|
||||
mock_apply_instance_filter):
|
||||
mock_strip_base_mirror_from_vdis, mock_create_kernel_and_ramdisk):
|
||||
# ensure method is present
|
||||
stubs.stubout_session(self, stubs.FakeSessionForVMTests)
|
||||
self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
|
||||
|
@ -3523,12 +3211,6 @@ class XenAPILiveMigrateTestCase(stubs.XenAPITestBaseNoDB):
|
|||
mock_create_kernel_and_ramdisk.assert_called_once_with(
|
||||
self.context, self.conn._session, fake_instance,
|
||||
fake_instance['name'])
|
||||
mock_setup_basic_filtering.assert_called_once_with(fake_instance,
|
||||
fake_network_info)
|
||||
mock_prepare_instance_filter.assert_called_once_with(fake_instance,
|
||||
fake_network_info)
|
||||
mock_apply_instance_filter.assert_called_once_with(fake_instance,
|
||||
fake_network_info)
|
||||
|
||||
@mock.patch.object(vm_utils, 'host_in_this_pool')
|
||||
def test_check_can_live_migrate_destination_with_block_migration(
|
||||
|
@ -3968,8 +3650,6 @@ class XenAPIInjectMetadataTestCase(stubs.XenAPITestBaseNoDB):
|
|||
self.flags(connection_url='http://localhost',
|
||||
connection_password='test_pass',
|
||||
group='xenserver')
|
||||
self.flags(firewall_driver='nova.virt.xenapi.firewall.'
|
||||
'Dom0IptablesFirewallDriver')
|
||||
stubs.stubout_session(self, stubs.FakeSessionForVMTests)
|
||||
self.conn = xenapi_conn.XenAPIDriver(fake.FakeVirtAPI(), False)
|
||||
|
||||
|
|
|
@ -1301,68 +1301,11 @@ class ComputeDriver(object):
|
|||
"""
|
||||
raise NotImplementedError()
|
||||
|
||||
def refresh_security_group_rules(self, security_group_id):
|
||||
"""This method is called after a change to security groups.
|
||||
|
||||
All security groups and their associated rules live in the datastore,
|
||||
and calling this method should apply the updated rules to instances
|
||||
running the specified security group.
|
||||
|
||||
An error should be raised if the operation cannot complete.
|
||||
|
||||
"""
|
||||
# TODO(Vek): Need to pass context in for access to auth_token
|
||||
raise NotImplementedError()
|
||||
|
||||
def refresh_instance_security_rules(self, instance):
|
||||
"""Refresh security group rules
|
||||
|
||||
Gets called when an instance gets added to or removed from
|
||||
the security group the instance is a member of or if the
|
||||
group gains or loses a rule.
|
||||
"""
|
||||
raise NotImplementedError()
|
||||
|
||||
def reset_network(self, instance):
|
||||
"""reset networking for specified instance."""
|
||||
# TODO(Vek): Need to pass context in for access to auth_token
|
||||
pass
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
"""Setting up filtering rules and waiting for its completion.
|
||||
|
||||
To migrate an instance, filtering rules to hypervisors
|
||||
and firewalls are inevitable on destination host.
|
||||
( Waiting only for filtering rules to hypervisor,
|
||||
since filtering rules to firewall rules can be set faster).
|
||||
|
||||
Concretely, the below method must be called.
|
||||
- setup_basic_filtering (for nova-basic, etc.)
|
||||
- prepare_instance_filter(for nova-instance-instance-xxx, etc.)
|
||||
|
||||
Don't use thread for this method since migration should
|
||||
not be started when setting-up filtering rules operations
|
||||
are not completed.
|
||||
|
||||
:param instance: nova.objects.instance.Instance object
|
||||
|
||||
"""
|
||||
# TODO(Vek): Need to pass context in for access to auth_token
|
||||
raise NotImplementedError()
|
||||
|
||||
def filter_defer_apply_on(self):
|
||||
"""Defer application of IPTables rules."""
|
||||
pass
|
||||
|
||||
def filter_defer_apply_off(self):
|
||||
"""Turn off deferral of IPTables rules and apply the rules now."""
|
||||
pass
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
"""Stop filtering instance."""
|
||||
# TODO(Vek): Need to pass context in for access to auth_token
|
||||
raise NotImplementedError()
|
||||
|
||||
def set_admin_password(self, instance, new_pass):
|
||||
"""Set the root password on the specified instance.
|
||||
|
||||
|
|
|
@ -487,12 +487,6 @@ class FakeDriver(driver.ComputeDriver):
|
|||
'username': 'fakeuser',
|
||||
'password': 'fakepassword'}
|
||||
|
||||
def refresh_security_group_rules(self, security_group_id):
|
||||
return True
|
||||
|
||||
def refresh_instance_security_rules(self, instance):
|
||||
return True
|
||||
|
||||
def get_available_resource(self, nodename):
|
||||
"""Updates compute manager resource info on ComputeNode table.
|
||||
|
||||
|
@ -556,9 +550,6 @@ class FakeDriver(driver.ComputeDriver):
|
|||
}
|
||||
provider_tree.update_inventory(nodename, inventory)
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
return
|
||||
|
||||
def get_instance_disk_info(self, instance, block_device_info=None):
|
||||
return
|
||||
|
||||
|
@ -634,9 +625,6 @@ class FakeDriver(driver.ComputeDriver):
|
|||
migrate_data=None):
|
||||
return
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
return
|
||||
|
||||
def _test_remove_vm(self, instance_uuid):
|
||||
"""Removes the named VM, as if it crashed. For testing."""
|
||||
self.instances.pop(instance_uuid)
|
||||
|
|
|
@ -299,13 +299,6 @@ class HyperVDriver(driver.ComputeDriver):
|
|||
"""Unplug VIFs from networks."""
|
||||
self._vmops.unplug_vifs(instance, network_info)
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
LOG.debug("ensure_filtering_rules_for_instance called",
|
||||
instance=instance)
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
LOG.debug("unfilter_instance called", instance=instance)
|
||||
|
||||
def migrate_disk_and_power_off(self, context, instance, dest,
|
||||
flavor, network_info,
|
||||
block_device_info=None,
|
||||
|
|
|
@ -52,7 +52,6 @@ from nova import servicegroup
|
|||
from nova import utils
|
||||
from nova.virt import configdrive
|
||||
from nova.virt import driver as virt_driver
|
||||
from nova.virt import firewall
|
||||
from nova.virt import hardware
|
||||
from nova.virt.ironic import client_wrapper
|
||||
from nova.virt.ironic import ironic_states
|
||||
|
@ -194,8 +193,6 @@ class IronicDriver(virt_driver.ComputeDriver):
|
|||
ironic.client = importutils.import_module(
|
||||
'ironicclient.client')
|
||||
|
||||
self.firewall_driver = firewall.load_driver(
|
||||
default='nova.virt.firewall.NoopFirewallDriver')
|
||||
self.node_cache = {}
|
||||
self.node_cache_time = 0
|
||||
self.servicegroup_api = servicegroup.API()
|
||||
|
@ -381,14 +378,6 @@ class IronicDriver(virt_driver.ComputeDriver):
|
|||
}
|
||||
return dic
|
||||
|
||||
def _start_firewall(self, instance, network_info):
|
||||
self.firewall_driver.setup_basic_filtering(instance, network_info)
|
||||
self.firewall_driver.prepare_instance_filter(instance, network_info)
|
||||
self.firewall_driver.apply_instance_filter(instance, network_info)
|
||||
|
||||
def _stop_firewall(self, instance, network_info):
|
||||
self.firewall_driver.unfilter_instance(instance, network_info)
|
||||
|
||||
def _set_instance_id(self, node, instance):
|
||||
try:
|
||||
# NOTE(TheJulia): Assert an instance ID to lock the node
|
||||
|
@ -521,7 +510,6 @@ class IronicDriver(virt_driver.ComputeDriver):
|
|||
remove_instance_info=True):
|
||||
self._cleanup_volume_target_info(instance)
|
||||
self._unplug_vifs(node, instance, network_info)
|
||||
self._stop_firewall(instance, network_info)
|
||||
if remove_instance_info:
|
||||
self._remove_instance_info_from_node(node, instance)
|
||||
|
||||
|
@ -1229,17 +1217,6 @@ class IronicDriver(virt_driver.ComputeDriver):
|
|||
'power': validate_chk.power,
|
||||
'storage': validate_chk.storage})
|
||||
|
||||
# prepare for the deploy
|
||||
try:
|
||||
self._start_firewall(instance, network_info)
|
||||
except Exception:
|
||||
with excutils.save_and_reraise_exception():
|
||||
LOG.error("Error preparing deploy for instance "
|
||||
"%(instance)s on baremetal node %(node)s.",
|
||||
{'instance': instance.uuid,
|
||||
'node': node_uuid})
|
||||
self._cleanup_deploy(node, instance, network_info)
|
||||
|
||||
# Config drive
|
||||
configdrive_value = None
|
||||
if configdrive.required_by(instance):
|
||||
|
@ -1563,47 +1540,6 @@ class IronicDriver(virt_driver.ComputeDriver):
|
|||
LOG.info('Successfully triggered crash dump into Ironic node %s',
|
||||
node.uuid, instance=instance)
|
||||
|
||||
def refresh_security_group_rules(self, security_group_id):
|
||||
"""Refresh security group rules from data store.
|
||||
|
||||
Invoked when security group rules are updated.
|
||||
|
||||
:param security_group_id: The security group id.
|
||||
|
||||
"""
|
||||
self.firewall_driver.refresh_security_group_rules(security_group_id)
|
||||
|
||||
def refresh_instance_security_rules(self, instance):
|
||||
"""Refresh security group rules from data store.
|
||||
|
||||
Gets called when an instance gets added to or removed from
|
||||
the security group the instance is a member of or if the
|
||||
group gains or loses a rule.
|
||||
|
||||
:param instance: The instance object.
|
||||
|
||||
"""
|
||||
self.firewall_driver.refresh_instance_security_rules(instance)
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
"""Set up filtering rules.
|
||||
|
||||
:param instance: The instance object.
|
||||
:param network_info: Instance network information.
|
||||
|
||||
"""
|
||||
self.firewall_driver.setup_basic_filtering(instance, network_info)
|
||||
self.firewall_driver.prepare_instance_filter(instance, network_info)
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
"""Stop filtering instance.
|
||||
|
||||
:param instance: The instance object.
|
||||
:param network_info: Instance network information.
|
||||
|
||||
"""
|
||||
self.firewall_driver.unfilter_instance(instance, network_info)
|
||||
|
||||
def _plug_vif(self, node, port_id):
|
||||
last_attempt = 5
|
||||
for attempt in range(0, last_attempt + 1):
|
||||
|
|
|
@ -104,14 +104,12 @@ from nova.virt import configdrive
|
|||
from nova.virt.disk import api as disk_api
|
||||
from nova.virt.disk.vfs import guestfs
|
||||
from nova.virt import driver
|
||||
from nova.virt import firewall
|
||||
from nova.virt import hardware
|
||||
from nova.virt.image import model as imgmodel
|
||||
from nova.virt import images
|
||||
from nova.virt.libvirt import blockinfo
|
||||
from nova.virt.libvirt import config as vconfig
|
||||
from nova.virt.libvirt import designer
|
||||
from nova.virt.libvirt import firewall as libvirt_firewall
|
||||
from nova.virt.libvirt import guest as libvirt_guest
|
||||
from nova.virt.libvirt import host
|
||||
from nova.virt.libvirt import imagebackend
|
||||
|
@ -136,10 +134,6 @@ LOG = logging.getLogger(__name__)
|
|||
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
DEFAULT_FIREWALL_DRIVER = "%s.%s" % (
|
||||
libvirt_firewall.__name__,
|
||||
libvirt_firewall.IptablesFirewallDriver.__name__)
|
||||
|
||||
DEFAULT_UEFI_LOADER_PATH = {
|
||||
"x86_64": ['/usr/share/OVMF/OVMF_CODE.fd',
|
||||
'/usr/share/OVMF/OVMF_CODE.secboot.fd',
|
||||
|
@ -358,9 +352,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
self._fc_wwpns = None
|
||||
self._supported_perf_events = []
|
||||
self.__has_hyperthreading = None
|
||||
self.firewall_driver = firewall.load_driver(
|
||||
DEFAULT_FIREWALL_DRIVER,
|
||||
host=self._host)
|
||||
|
||||
self.vif_driver = libvirt_vif.LibvirtGenericVIFDriver()
|
||||
|
||||
|
@ -1339,35 +1330,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
if destroy_vifs:
|
||||
self._unplug_vifs(instance, network_info, True)
|
||||
|
||||
# Continue attempting to remove firewall filters for the instance
|
||||
# until it's done or there is a failure to remove the filters. If
|
||||
# unfilter fails because the instance is not yet shutdown, try to
|
||||
# destroy the guest again and then retry the unfilter.
|
||||
while True:
|
||||
try:
|
||||
self.unfilter_instance(instance, network_info)
|
||||
break
|
||||
except libvirt.libvirtError as e:
|
||||
try:
|
||||
state = self.get_info(instance).state
|
||||
except exception.InstanceNotFound:
|
||||
state = power_state.SHUTDOWN
|
||||
|
||||
if state != power_state.SHUTDOWN:
|
||||
LOG.warning("Instance may be still running, destroy "
|
||||
"it again.", instance=instance)
|
||||
self._destroy(instance)
|
||||
else:
|
||||
errcode = e.get_error_code()
|
||||
LOG.exception(_('Error from libvirt during unfilter. '
|
||||
'Code=%(errcode)s Error=%(e)s'),
|
||||
{'errcode': errcode, 'e': e},
|
||||
instance=instance)
|
||||
reason = _("Error unfiltering instance.")
|
||||
raise exception.InstanceTerminationFailure(reason=reason)
|
||||
except Exception:
|
||||
raise
|
||||
|
||||
# FIXME(wangpan): if the instance is booted again here, such as the
|
||||
# soft reboot operation boot it here, it will become
|
||||
# "running deleted", should we check and destroy it
|
||||
|
@ -1561,7 +1523,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
if instance.host != CONF.host:
|
||||
self._undefine_domain(instance)
|
||||
self.unplug_vifs(instance, network_info)
|
||||
self.unfilter_instance(instance, network_info)
|
||||
|
||||
def _get_volume_driver(self, connection_info):
|
||||
driver_type = connection_info.get('driver_volume_type')
|
||||
|
@ -2048,7 +2009,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
guest = self._host.get_guest(instance)
|
||||
|
||||
self.vif_driver.plug(instance, vif)
|
||||
self.firewall_driver.setup_basic_filtering(instance, [vif])
|
||||
cfg = self.vif_driver.get_config(instance, vif, image_meta,
|
||||
instance.flavor,
|
||||
CONF.libvirt.virt_type,
|
||||
|
@ -6213,19 +6173,12 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
instance, events, deadline=timeout,
|
||||
error_callback=self._neutron_failed_callback):
|
||||
self.plug_vifs(instance, network_info)
|
||||
self.firewall_driver.setup_basic_filtering(instance,
|
||||
network_info)
|
||||
self.firewall_driver.prepare_instance_filter(instance,
|
||||
network_info)
|
||||
with self._lxc_disk_handler(context, instance,
|
||||
instance.image_meta,
|
||||
block_device_info):
|
||||
guest = self._create_domain(
|
||||
xml, pause=pause, power_on=power_on,
|
||||
post_xml_callback=post_xml_callback)
|
||||
|
||||
self.firewall_driver.apply_instance_filter(instance,
|
||||
network_info)
|
||||
except exception.VirtualInterfaceCreateException:
|
||||
# Neutron reported failure and we didn't swallow it, so
|
||||
# bail here
|
||||
|
@ -7169,12 +7122,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
'username': 'fakeuser',
|
||||
'password': 'fakepassword'}
|
||||
|
||||
def refresh_security_group_rules(self, security_group_id):
|
||||
self.firewall_driver.refresh_security_group_rules(security_group_id)
|
||||
|
||||
def refresh_instance_security_rules(self, instance):
|
||||
self.firewall_driver.refresh_instance_security_rules(instance)
|
||||
|
||||
def update_provider_tree(self, provider_tree, nodename, allocations=None):
|
||||
"""Update a ProviderTree object with current resource provider,
|
||||
inventory information and CPU traits.
|
||||
|
@ -8337,40 +8284,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
tmp_file = os.path.join(CONF.instances_path, filename)
|
||||
os.remove(tmp_file)
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
"""Ensure that an instance's filtering rules are enabled.
|
||||
|
||||
When migrating an instance, we need the filtering rules to
|
||||
be configured on the destination host before starting the
|
||||
migration.
|
||||
|
||||
Also, when restarting the compute service, we need to ensure
|
||||
that filtering rules exist for all running services.
|
||||
"""
|
||||
|
||||
self.firewall_driver.setup_basic_filtering(instance, network_info)
|
||||
self.firewall_driver.prepare_instance_filter(instance,
|
||||
network_info)
|
||||
|
||||
# nwfilters may be defined in a separate thread in the case
|
||||
# of libvirt non-blocking mode, so we wait for completion
|
||||
timeout_count = list(range(CONF.live_migration_retry_count))
|
||||
while timeout_count:
|
||||
if self.firewall_driver.instance_filter_exists(instance,
|
||||
network_info):
|
||||
break
|
||||
timeout_count.pop()
|
||||
if len(timeout_count) == 0:
|
||||
msg = _('The firewall filter for %s does not exist')
|
||||
raise exception.InternalError(msg % instance.name)
|
||||
greenthread.sleep(1)
|
||||
|
||||
def filter_defer_apply_on(self):
|
||||
self.firewall_driver.filter_defer_apply_on()
|
||||
|
||||
def filter_defer_apply_off(self):
|
||||
self.firewall_driver.filter_defer_apply_off()
|
||||
|
||||
def live_migration(self, context, instance, dest,
|
||||
post_method, recover_method, block_migration=False,
|
||||
migrate_data=None):
|
||||
|
@ -9621,11 +9534,6 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
greenthread.sleep(0)
|
||||
return disk_over_committed_size
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
"""See comments of same method in firewall_driver."""
|
||||
self.firewall_driver.unfilter_instance(instance,
|
||||
network_info=network_info)
|
||||
|
||||
def get_available_nodes(self, refresh=False):
|
||||
return [self._host.get_hostname()]
|
||||
|
||||
|
@ -10335,7 +10243,7 @@ class LibvirtDriver(driver.ComputeDriver):
|
|||
return shared_instance_path or shared_block_storage
|
||||
|
||||
def inject_network_info(self, instance, nw_info):
|
||||
self.firewall_driver.setup_basic_filtering(instance, nw_info)
|
||||
pass
|
||||
|
||||
def delete_instance_files(self, instance):
|
||||
target = libvirt_utils.get_instance_path(instance)
|
||||
|
|
|
@ -254,17 +254,6 @@ class LibvirtGenericVIFDriver(object):
|
|||
return (("qvb%s" % iface_id)[:network_model.NIC_NAME_LEN],
|
||||
("qvo%s" % iface_id)[:network_model.NIC_NAME_LEN])
|
||||
|
||||
@staticmethod
|
||||
def is_no_op_firewall():
|
||||
return CONF.firewall_driver == "nova.virt.firewall.NoopFirewallDriver"
|
||||
|
||||
def get_firewall_required_os_vif(self, vif):
|
||||
if vif.has_traffic_filtering:
|
||||
return False
|
||||
if self.is_no_op_firewall():
|
||||
return False
|
||||
return True
|
||||
|
||||
def get_config_bridge(self, instance, vif, image_meta,
|
||||
inst_type, virt_type, host):
|
||||
"""Get VIF configurations for bridge type."""
|
||||
|
@ -276,10 +265,6 @@ class LibvirtGenericVIFDriver(object):
|
|||
conf, self.get_bridge_name(vif),
|
||||
self.get_vif_devname(vif))
|
||||
|
||||
mac_id = vif['address'].replace(':', '')
|
||||
name = "nova-instance-" + instance.name + "-" + mac_id
|
||||
if self.get_firewall_required(vif):
|
||||
conf.filtername = name
|
||||
designer.set_vif_bandwidth_config(conf, inst_type)
|
||||
|
||||
self._set_mtu_config(vif, host, conf)
|
||||
|
@ -467,11 +452,6 @@ class LibvirtGenericVIFDriver(object):
|
|||
conf.source_dev = vif.bridge_name
|
||||
conf.target_dev = vif.vif_name
|
||||
|
||||
if self.get_firewall_required_os_vif(vif):
|
||||
mac_id = vif.address.replace(':', '')
|
||||
name = "nova-instance-" + instance.name + "-" + mac_id
|
||||
conf.filtername = name
|
||||
|
||||
def _set_config_VIFOpenVSwitch(self, instance, vif, conf, host=None):
|
||||
conf.net_type = "bridge"
|
||||
conf.source_dev = vif.bridge_name
|
||||
|
|
|
@ -285,9 +285,6 @@ class VMwareVCDriver(driver.ComputeDriver):
|
|||
network_info, image_meta, resize_instance,
|
||||
block_device_info, power_on)
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
pass
|
||||
|
||||
def pre_live_migration(self, context, instance, block_device_info,
|
||||
network_info, disk_info, migrate_data):
|
||||
return migrate_data
|
||||
|
@ -339,9 +336,6 @@ class VMwareVCDriver(driver.ComputeDriver):
|
|||
data.datastore_regex = CONF.vmware.datastore_regex
|
||||
return data
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
pass
|
||||
|
||||
def rollback_live_migration_at_destination(self, context, instance,
|
||||
network_info,
|
||||
block_device_info,
|
||||
|
|
|
@ -618,12 +618,6 @@ class XenAPIDriver(driver.ComputeDriver):
|
|||
|
||||
return dic
|
||||
|
||||
def ensure_filtering_rules_for_instance(self, instance, network_info):
|
||||
# NOTE(salvatore-orlando): it enforces security groups on
|
||||
# host initialization and live migration.
|
||||
# In XenAPI we do not assume instances running upon host initialization
|
||||
return
|
||||
|
||||
def check_can_live_migrate_destination(self, context, instance,
|
||||
src_compute_info, dst_compute_info,
|
||||
block_migration=False, disk_over_commit=False):
|
||||
|
@ -771,26 +765,6 @@ class XenAPIDriver(driver.ComputeDriver):
|
|||
self._vmops.post_live_migration_at_destination(context, instance,
|
||||
network_info, block_device_info, block_device_info)
|
||||
|
||||
def unfilter_instance(self, instance, network_info):
|
||||
"""Removes security groups configured for an instance."""
|
||||
return self._vmops.unfilter_instance(instance, network_info)
|
||||
|
||||
def refresh_security_group_rules(self, security_group_id):
|
||||
"""Updates security group rules for all instances associated with a
|
||||
given security group.
|
||||
|
||||
Invoked when security group rules are updated.
|
||||
"""
|
||||
return self._vmops.refresh_security_group_rules(security_group_id)
|
||||
|
||||
def refresh_instance_security_rules(self, instance):
|
||||
"""Updates security group rules for specified instance.
|
||||
|
||||
Invoked when instances are added/removed to a security group
|
||||
or when a rule is added/removed to a security group.
|
||||
"""
|
||||
return self._vmops.refresh_instance_security_rules(instance)
|
||||
|
||||
def get_available_nodes(self, refresh=False):
|
||||
stats = self.host_state.get_host_stats(refresh=refresh)
|
||||
return [stats["hypervisor_hostname"]]
|
||||
|
|
|
@ -55,7 +55,6 @@ from nova.pci import manager as pci_manager
|
|||
from nova import utils
|
||||
from nova.virt import configdrive
|
||||
from nova.virt import driver as virt_driver
|
||||
from nova.virt import firewall
|
||||
from nova.virt.xenapi import agent as xapi_agent
|
||||
from nova.virt.xenapi.image import utils as image_utils
|
||||
from nova.virt.xenapi import vif as xapi_vif
|
||||
|
@ -69,10 +68,6 @@ LOG = logging.getLogger(__name__)
|
|||
|
||||
CONF = nova.conf.CONF
|
||||
|
||||
DEFAULT_FIREWALL_DRIVER = "%s.%s" % (
|
||||
firewall.__name__,
|
||||
firewall.IptablesFirewallDriver.__name__)
|
||||
|
||||
RESIZE_TOTAL_STEPS = 5
|
||||
|
||||
DEVICE_ROOT = '0'
|
||||
|
@ -145,9 +140,6 @@ class VMOps(object):
|
|||
self._session = session
|
||||
self._virtapi = virtapi
|
||||
self._volumeops = volumeops.VolumeOps(self._session)
|
||||
self.firewall_driver = firewall.load_driver(
|
||||
DEFAULT_FIREWALL_DRIVER,
|
||||
xenapi_session=self._session)
|
||||
self.vif_driver = xapi_vif.XenAPIOpenVswitchDriver(
|
||||
xenapi_session=self._session)
|
||||
self.default_root_dev = '/dev/sda'
|
||||
|
@ -587,7 +579,6 @@ class VMOps(object):
|
|||
@step
|
||||
def setup_network_step(undo_mgr, vm_ref):
|
||||
self._create_vifs(instance, vm_ref, network_info)
|
||||
self._prepare_instance_filter(instance, network_info)
|
||||
|
||||
@step
|
||||
def start_paused_step(undo_mgr, vm_ref):
|
||||
|
@ -602,10 +593,6 @@ class VMOps(object):
|
|||
injected_files, admin_password)
|
||||
self._remove_hostname(instance, vm_ref)
|
||||
|
||||
@step
|
||||
def apply_security_group_filters_step(undo_mgr):
|
||||
self.firewall_driver.apply_instance_filter(instance, network_info)
|
||||
|
||||
undo_mgr = utils.UndoManager()
|
||||
try:
|
||||
# NOTE(sirp): The create_disks() step will potentially take a
|
||||
|
@ -651,7 +638,6 @@ class VMOps(object):
|
|||
except eventlet.timeout.Timeout:
|
||||
self._handle_neutron_event_timeout(instance, undo_mgr)
|
||||
|
||||
apply_security_group_filters_step(undo_mgr)
|
||||
boot_and_configure_instance_step(undo_mgr, vm_ref)
|
||||
if completed_callback:
|
||||
completed_callback()
|
||||
|
@ -974,19 +960,6 @@ class VMOps(object):
|
|||
agent.resetnetwork()
|
||||
agent.update_if_needed(version)
|
||||
|
||||
def _prepare_instance_filter(self, instance, network_info):
|
||||
try:
|
||||
self.firewall_driver.setup_basic_filtering(
|
||||
instance, network_info)
|
||||
except NotImplementedError:
|
||||
# NOTE(salvatore-orlando): setup_basic_filtering might be
|
||||
# empty or not implemented at all, as basic filter could
|
||||
# be implemented with VIF rules created by xapi plugin
|
||||
pass
|
||||
|
||||
self.firewall_driver.prepare_instance_filter(instance,
|
||||
network_info)
|
||||
|
||||
def _get_vm_opaque_ref(self, instance, check_rescue=False):
|
||||
"""Get xapi OpaqueRef from a db record.
|
||||
:param check_rescue: if True will return the 'name'-rescue vm if it
|
||||
|
@ -1766,8 +1739,6 @@ class VMOps(object):
|
|||
self._destroy_kernel_ramdisk(instance, vm_ref)
|
||||
|
||||
self.unplug_vifs(instance, network_info, vm_ref)
|
||||
self.firewall_driver.unfilter_instance(
|
||||
instance, network_info=network_info)
|
||||
vm_utils.destroy_vm(self._session, instance, vm_ref)
|
||||
|
||||
def pause(self, instance):
|
||||
|
@ -2227,19 +2198,6 @@ class VMOps(object):
|
|||
"""
|
||||
self._session.call_xenapi('VM.remove_from_xenstore_data', vm_ref, key)
|
||||
|
||||
def refresh_security_group_rules(self, security_group_id):
|
||||
"""recreates security group rules for every instance."""
|
||||
self.firewall_driver.refresh_security_group_rules(security_group_id)
|
||||
|
||||
def refresh_instance_security_rules(self, instance):
|
||||
"""recreates security group rules for specified instance."""
|
||||
self.firewall_driver.refresh_instance_security_rules(instance)
|
||||
|
||||
def unfilter_instance(self, instance_ref, network_info):
|
||||
"""Removes filters for each VIF of the specified instance."""
|
||||
self.firewall_driver.unfilter_instance(instance_ref,
|
||||
network_info=network_info)
|
||||
|
||||
def _get_host_opaque_ref(self, hostname):
|
||||
host_ref_set = self._session.host.get_by_name_label(hostname)
|
||||
# If xenapi can't get host ref by the name label, it means the
|
||||
|
@ -2645,11 +2603,6 @@ class VMOps(object):
|
|||
def post_live_migration_at_destination(self, context, instance,
|
||||
network_info, block_migration,
|
||||
block_device_info):
|
||||
# FIXME(johngarbutt): we should block all traffic until we have
|
||||
# applied security groups, however this requires changes to XenServer
|
||||
self._prepare_instance_filter(instance, network_info)
|
||||
self.firewall_driver.apply_instance_filter(instance, network_info)
|
||||
|
||||
# hook linux bridge and ovs bridge at destination
|
||||
self._post_start_actions(instance)
|
||||
vm_utils.create_kernel_and_ramdisk(context, self._session, instance,
|
||||
|
@ -2748,8 +2701,6 @@ class VMOps(object):
|
|||
# plug VIF
|
||||
self.vif_driver.plug(instance, vif, vm_ref=vm_ref,
|
||||
device=device)
|
||||
# set firewall filtering
|
||||
self.firewall_driver.setup_basic_filtering(instance, [vif])
|
||||
except exception.NovaException:
|
||||
with excutils.save_and_reraise_exception():
|
||||
LOG.exception(_('attach network interface %s failed.'),
|
||||
|
|
Loading…
Reference in New Issue