52 lines
1.9 KiB
Diff
52 lines
1.9 KiB
Diff
From 01de658210fd65171bfbf5450c93673b5ce0bd9e Mon Sep 17 00:00:00 2001
|
|
From: John Garbutt <john.garbutt@rackspace.com>
|
|
Date: Mon, 21 Oct 2013 19:34:43 +0100
|
|
Subject: [PATCH] xenapi: apply firewall rules in finish_migrate
|
|
|
|
When security groups were added, the rules were not re-applied to
|
|
servers that have been migrated to a new hypervisor.
|
|
|
|
This change ensures the firewall rules are applied as part of creating
|
|
the new VM in finish_migrate. This code follows a very similar pattern
|
|
to the code in spawn, and that is where the cut and paste code comes
|
|
from. This code duplication was removed in Havana.
|
|
|
|
Fixes bug 1073306
|
|
|
|
Change-Id: I6295a782df328a759e358fb82b76dd3f7bd4b39e
|
|
---
|
|
nova/virt/xenapi/vmops.py | 15 +++++++++++++++
|
|
1 file changed, 15 insertions(+)
|
|
|
|
diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
|
|
index eccf3e0..7a96ac2 100644
|
|
--- a/nova/virt/xenapi/vmops.py
|
|
+++ b/nova/virt/xenapi/vmops.py
|
|
@@ -277,8 +277,23 @@ def finish_migration(self, context, migration, instance, disk_info,
|
|
|
|
self._attach_mapped_block_devices(instance, block_device_info)
|
|
|
|
+ try:
|
|
+ self.firewall_driver.setup_basic_filtering(
|
|
+ instance, network_info)
|
|
+ except NotImplementedError:
|
|
+ # NOTE(salvatore-orlando): setup_basic_filtering might be
|
|
+ # empty or not implemented at all, as basic filter could
|
|
+ # be implemented with VIF rules created by xapi plugin
|
|
+ pass
|
|
+
|
|
+ self.firewall_driver.prepare_instance_filter(instance,
|
|
+ network_info)
|
|
+
|
|
# 5. Start VM
|
|
self._start(instance, vm_ref=vm_ref)
|
|
+
|
|
+ self.firewall_driver.apply_instance_filter(instance, network_info)
|
|
+
|
|
self._update_instance_progress(context, instance,
|
|
step=5,
|
|
total_steps=RESIZE_TOTAL_STEPS)
|
|
--
|
|
1.8.4
|
|
|