From 6765c2bfe7ef9d54a3653f492b33f94dbecc5aa9 Mon Sep 17 00:00:00 2001 From: David McNally Date: Wed, 8 Aug 2012 16:20:23 +0100 Subject: [PATCH] Compute restart causes period of network 'blackout' Fixes bug 1034401 When a compute service is restarted each instance running on the host has its iptables rules built and applied sequentially during the host init stage. The impact of this, especially on a host running many instances, can be observed as a period where some instances are not accessible as the existing iptables rules have been torn down and not yet re-applied. The presented work-around for this is a configurable/flagged deferred mode that prevents the application of the iptables rules until all instances on the host had been initialised then the rules for all instances are applied all at once preventing a 'blackout' period. Change-Id: I0da90d07e54225fb63f3884897fb00a6027cd537 --- nova/flags.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nova/flags.py b/nova/flags.py index 588ecfe5..89b741c0 100644 --- a/nova/flags.py +++ b/nova/flags.py @@ -428,6 +428,11 @@ global_opts = [ 'min_disk'], help='These are image properties which a snapshot should not' ' inherit from an instance'), + cfg.BoolOpt('defer_iptables_apply', + default=False, + help='Whether to batch up the application of IPTables rules' + ' during a host restart and apply all at the end of the' + ' init phase'), ] FLAGS.register_opts(global_opts)