fix issues with Nova security groups and Quantum

bug #1039400

- make quantumv2/api.py fetch actual DHCP server address, which
is needed by firewall layer (otherwise, the gateway IP is
incorrectly used and all DHCP traffic is dropped).
- add missing call from quantumv2/api.py to the security
groups API when a VM is allocated/deallocated.

- Add a vif-driver that is a hybrid of the existing Open vswitch +
linux bridge drivers, which allows OVS quantum plugins to
be compatible with iptables based filtering, in particular, nova
security groups.

- Also clean-up some docstrings in virt/libvirt/vif.py

Change-Id: I7cf5cf09583202a12785b616d18db3ee4bbffee0

nova/tests/test_libvirt_vif.py

@@ -154,3 +154,19 @@ class LibvirtVifTestCase(test.TestCase):
         self.assertEquals(script, "")
 
         d.unplug(None, (self.net, self.mapping))
+
+    def test_quantum_hybrid_driver(self):
+        d = vif.LibvirtHybridOVSBridgeDriver()
+        xml = self._get_instance_xml(d)
+
+        doc = etree.fromstring(xml)
+        ret = doc.findall('./devices/interface')
+        self.assertEqual(len(ret), 1)
+        node = ret[0]
+        self.assertEqual(node.get("type"), "bridge")
+        br_name = node.find("source").get("bridge")
+        self.assertEqual(br_name, self.net['bridge'])
+        mac = node.find("mac").get("address")
+        self.assertEqual(mac, self.mapping['mac'])
+
+        d.unplug(None, (self.net, self.mapping))