x/ec2-driver
Code Issues Proposed changes

Cameron & Ed | Refactoring on updating security groups for instances. Wrapped lock around add/remove security group conditional block

Browse Source
This commit is contained in:
cameron-r
2014-10-14 12:48:03 -05:00
parent 2c1036d1b1
commit 9d742a038e
1 changed files with 33 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
ec2driver.py
View File

@@ -514,69 +514,57 @@ class EC2Driver(driver.ComputeDriver):
return [instance for instance in (self.nova.servers.list()) return [instance for instance in (self.nova.servers.list())
if openstack_security_group.name in [group['name'] for group in instance.security_groups]] if openstack_security_group.name in [group['name'] for group in instance.security_groups]]
def _get_id_of_ec2_instance_to_add_security_group(self, ec2_security_group, openstack_security_group): def _get_id_of_ec2_instance_to_update_security_group(self, ec2_instance_ids_for_security_group, ec2_ids_for_openstack_instances_for_security_group):
ec2_ids_of_instances_with_security_group_in_openstack_and_not_in_ec2 = [ return (set(ec2_ids_for_openstack_instances_for_security_group).symmetric_difference(set(ec2_instance_ids_for_security_group))).pop()
openstack_instance.metadata['ec2_id'] for openstack_instance
in self._get_openstack_instances_for_security_group(openstack_security_group)
if openstack_instance.metadata['ec2_id'] not in self._get_ec2_instance_ids_for_security_group(ec2_security_group)
]
if not ec2_ids_of_instances_with_security_group_in_openstack_and_not_in_ec2: def _should_add_security_group_to_instance(self, ec2_instance_ids_for_security_group, ec2_ids_for_openstack_instances_for_security_group):
return None return len(ec2_instance_ids_for_security_group) < len(ec2_ids_for_openstack_instances_for_security_group)
else:
return ec2_ids_of_instances_with_security_group_in_openstack_and_not_in_ec2[0]
def _get_id_of_ec2_instance_to_remove_security_group(self, ec2_security_group, openstack_security_group):
ec2_ids_of_instances_with_security_group_in_ec2_and_not_in_openstack = [
id for id in self._get_ec2_instance_ids_for_security_group(ec2_security_group)
if id not in self._get_openstack_instances_for_security_group(openstack_security_group)
]
if not ec2_ids_of_instances_with_security_group_in_ec2_and_not_in_openstack:
return None
else:
return ec2_ids_of_instances_with_security_group_in_ec2_and_not_in_openstack[0]
def _add_security_group_to_instance(self, ec2_instance_id, ec2_security_group): def _add_security_group_to_instance(self, ec2_instance_id, ec2_security_group):
security_groups_for_instance = self.ec2_conn.get_instance_attribute(ec2_instance_id, "groupSet")['groupSet'] security_group_ids_for_instance = self._get_ec2_security_group_ids_for_instance(ec2_instance_id)
security_group_ids_for_instance = [group.id for group in security_groups_for_instance]
security_group_ids_for_instance.append(ec2_security_group.id) security_group_ids_for_instance.append(ec2_security_group.id)
self.ec2_conn.modify_instance_attribute(ec2_instance_id, "groupSet", security_group_ids_for_instance) self.ec2_conn.modify_instance_attribute(ec2_instance_id, "groupSet", security_group_ids_for_instance)
def _remove_security_group_from_instance(self, ec2_instance_id, ec2_security_group): def _remove_security_group_from_instance(self, ec2_instance_id, ec2_security_group):
security_groups_for_instance = self.ec2_conn.get_instance_attribute(ec2_instance_id, "groupSet")['groupSet'] security_group_ids_for_instance = self._get_ec2_security_group_ids_for_instance(ec2_instance_id)
security_group_ids_for_instance = [group.id for group in security_groups_for_instance]
security_group_ids_for_instance.remove(ec2_security_group.id) security_group_ids_for_instance.remove(ec2_security_group.id)
self.ec2_conn.modify_instance_attribute(ec2_instance_id, "groupSet", security_group_ids_for_instance) self.ec2_conn.modify_instance_attribute(ec2_instance_id, "groupSet", security_group_ids_for_instance)
def _get_ec2_security_group_ids_for_instance(self, ec2_instance_id):
security_groups_for_instance = self.ec2_conn.get_instance_attribute(ec2_instance_id, "groupSet")['groupSet']
security_group_ids_for_instance = [group.id for group in security_groups_for_instance]
return security_group_ids_for_instance
def _get_or_create_ec2_security_group(self, openstack_security_group):
try:
return self.ec2_conn.get_all_security_groups(openstack_security_group.name)[0]
except EC2ResponseError as e:
LOG.warning(e.body)
return self.ec2_conn.create_security_group(openstack_security_group.name, openstack_security_group.description)
def refresh_security_group_rules(self, security_group_id): def refresh_security_group_rules(self, security_group_id):
LOG.info("************** REFRESH SECURITY GROUP RULES ******************") LOG.info("************** REFRESH SECURITY GROUP RULES ******************")
openstack_security_group = self.nova.security_groups.get(security_group_id) openstack_security_group = self.nova.security_groups.get(security_group_id)
ec2_security_group = self._get_or_create_ec2_security_group(openstack_security_group)
ec2_instance_ids_for_security_group = self._get_ec2_instance_ids_for_security_group(ec2_security_group)
ec2_ids_for_openstack_instances_for_security_group = [
instance.metadata['ec2_id'] for instance
in self._get_openstack_instances_for_security_group(openstack_security_group)
]
self.security_group_lock.acquire()
try: try:
ec2_security_group = self.ec2_conn.get_all_security_groups(openstack_security_group.name)[0] if self._should_add_security_group_to_instance(ec2_instance_ids_for_security_group, ec2_ids_for_openstack_instances_for_security_group):
except EC2ResponseError as e: ec2_instance_id_to_add_security_group = self._get_id_of_ec2_instance_to_update_security_group(ec2_instance_ids_for_security_group, ec2_ids_for_openstack_instances_for_security_group)
ec2_security_group = self.ec2_conn.create_security_group(openstack_security_group.name, openstack_security_group.description)
LOG.warning(e.body)
ec2_instance_id_to_add_security_group = self._get_id_of_ec2_instance_to_add_security_group(ec2_security_group, openstack_security_group)
if ec2_instance_id_to_add_security_group:
self.security_group_lock.acquire()
try:
self._add_security_group_to_instance(ec2_instance_id_to_add_security_group, ec2_security_group) self._add_security_group_to_instance(ec2_instance_id_to_add_security_group, ec2_security_group)
finally: else:
self.security_group_lock.release() ec2_instance_id_to_remove_security_group = self._get_id_of_ec2_instance_to_update_security_group(ec2_instance_ids_for_security_group, ec2_ids_for_openstack_instances_for_security_group)
else:
ec2_instance_id_to_remove_security_group = self._get_id_of_ec2_instance_to_remove_security_group(ec2_security_group, openstack_security_group)
self.security_group_lock.acquire()
try:
self._remove_security_group_from_instance(ec2_instance_id_to_remove_security_group, ec2_security_group) self._remove_security_group_from_instance(ec2_instance_id_to_remove_security_group, ec2_security_group)
finally: finally:
self.security_group_lock.release() self.security_group_lock.release()
return True return True