← Back to branch summary

~ubuntu-branches/ubuntu/raring/nova/raring-proposed

« back to all changes in this revision

Viewing changes to debian/patches/ubuntu/fix-libvirt-firewall-slowdown.patch

  • Committer: Package Import Robot
  • Author(s): Chuck Short, Adam Gandelman, Chuck Short
  • Date: 2012-11-23 09:04:58 UTC
  • mfrom: (1.1.66)
  • Revision ID: package-import@ubuntu.com-20121123090458-91565o7aev1i1h71
Tags: 2013.1~g1-0ubuntu1
https://launchpad.net/bugs/1073289
https://launchpad.net/bugs/1076442
[ Adam Gandelman ]
* debian/control: Ensure novaclient is upgraded with nova,
  require python-keystoneclient >= 1:2.9.0. (LP: #1073289)
* debian/patches/{ubuntu/*, rbd-security.patch}: Dropped, applied
  upstream.
* debian/control: Add python-testtools to Build-Depends.

[ Chuck Short ]
* New upstream version.
* Refreshed debian/patches/avoid_setuptools_git_dependency.patch.
* debian/rules: FTBFS if missing binaries.
* debian/nova-scheudler.install: Add missing rabbit-queues and
  nova-rpc-zmq-receiver.
* Remove nova-volume since it doesnt exist anymore, transition to cinder-*.
* debian/rules: install apport hook in the right place.
* debian/patches/ubuntu-show-tests.patch: Display test failures.
* debian/control: Add depends on genisoimage
* debian/control: Suggest guestmount.
* debian/control: Suggest websockify. (LP: #1076442)
* debian/nova.conf: Disable nova-volume service.
* debian/control: Depend on xen-system-* rather than the hypervisor.
* debian/control, debian/mans/nova-conductor.8, debian/nova-conductor.init,
  debian/nova-conductor.install, debian/nova-conductor.logrotate
  debian/nova-conductor.manpages, debian/nova-conductor.postrm
  debian/nova-conductor.upstart.in: Add nova-conductor service.
* debian/control: Add python-fixtures as a build deps.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/ubuntu/fix-libvirt-firewall-slowdown.patch
1
 
commit ba585524e32965697c1a44c8fd743dea060bb1af
2
 
Author: Michael Still <mikal@stillhq.com>
3
 
Date:   Thu Oct 11 15:46:11 2012 +1100
4
 
 
5
 
    Avoid RPC calls while holding iptables lock.
6
 
    
7
 
    This exhibitied itself as very slow instance starts on a Canonical
8
 
    test cluster. This was because do_referesh_security_group_rules()
9
 
    was making rpc calls while holding the iptables lock. This refactor
10
 
    avoids that while making no functional changes (I hope).
11
 
    
12
 
    This should resolve bug 1062314.
13
 
    
14
 
    Change-Id: I36f805bd72f7bd06082cfe96c58d637203bcffb7
15
 
 
16
 
diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
17
 
index 8861eb8..7af877f 100644
18
 
--- a/nova/tests/test_libvirt.py
19
 
+++ b/nova/tests/test_libvirt.py
20
 
@@ -3142,11 +3142,23 @@ class IptablesFirewallTestCase(test.TestCase):
21
 
     def test_do_refresh_security_group_rules(self):
22
 
         instance_ref = self._create_instance_ref()
23
 
         self.mox.StubOutWithMock(self.fw,
24
 
+                                 'instance_rules')
25
 
+        self.mox.StubOutWithMock(self.fw,
26
 
                                  'add_filters_for_instance',
27
 
                                  use_mock_anything=True)
28
 
+
29
 
+        self.fw.instance_rules(instance_ref,
30
 
+                               mox.IgnoreArg()).AndReturn((None, None))
31
 
+        self.fw.add_filters_for_instance(instance_ref, mox.IgnoreArg(),
32
 
+                                         mox.IgnoreArg())
33
 
+        self.fw.instance_rules(instance_ref,
34
 
+                               mox.IgnoreArg()).AndReturn((None, None))
35
 
+        self.fw.add_filters_for_instance(instance_ref, mox.IgnoreArg(),
36
 
+                                         mox.IgnoreArg())
37
 
+        self.mox.ReplayAll()
38
 
+
39
 
         self.fw.prepare_instance_filter(instance_ref, mox.IgnoreArg())
40
 
         self.fw.instances[instance_ref['id']] = instance_ref
41
 
-        self.mox.ReplayAll()
42
 
         self.fw.do_refresh_security_group_rules("fake")
43
 
 
44
 
     def test_unfilter_instance_undefines_nwfilter(self):
45
 
diff --git a/nova/virt/firewall.py b/nova/virt/firewall.py
46
 
index eb14a92..3e2ba5d 100644
47
 
--- a/nova/virt/firewall.py
48
 
+++ b/nova/virt/firewall.py
49
 
@@ -182,7 +182,8 @@ class IptablesFirewallDriver(FirewallDriver):
50
 
 
51
 
         self.instances[instance['id']] = instance
52
 
         self.network_infos[instance['id']] = network_info
53
 
-        self.add_filters_for_instance(instance)
54
 
+        ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
55
 
+        self.add_filters_for_instance(instance, ipv4_rules, ipv6_rules)
56
 
         LOG.debug(_('Filters added to instance'), instance=instance)
57
 
         self.refresh_provider_fw_rules()
58
 
         LOG.debug(_('Provider Firewall Rules refreshed'), instance=instance)
59
 
@@ -218,7 +219,8 @@ class IptablesFirewallDriver(FirewallDriver):
60
 
             for rule in ipv6_rules:
61
 
                 self.iptables.ipv6['filter'].add_rule(chain_name, rule)
62
 
 
63
 
-    def add_filters_for_instance(self, instance):
64
 
+    def add_filters_for_instance(self, instance, inst_ipv4_rules,
65
 
+                                 inst_ipv6_rules):
66
 
         network_info = self.network_infos[instance['id']]
67
 
         chain_name = self._instance_chain_name(instance)
68
 
         if FLAGS.use_ipv6:
69
 
@@ -227,8 +229,7 @@ class IptablesFirewallDriver(FirewallDriver):
70
 
         ipv4_rules, ipv6_rules = self._filters_for_instance(chain_name,
71
 
                                                             network_info)
72
 
         self._add_filters('local', ipv4_rules, ipv6_rules)
73
 
-        ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
74
 
-        self._add_filters(chain_name, ipv4_rules, ipv6_rules)
75
 
+        self._add_filters(chain_name, inst_ipv4_rules, inst_ipv6_rules)
76
 
 
77
 
     def remove_filters_for_instance(self, instance):
78
 
         chain_name = self._instance_chain_name(instance)
79
 
@@ -430,15 +431,22 @@ class IptablesFirewallDriver(FirewallDriver):
80
 
         self.iptables.apply()
81
 
 
82
 
     @utils.synchronized('iptables', external=True)
83
 
+    def _inner_do_refresh_rules(self, instance, ipv4_rules,
84
 
+                                               ipv6_rules):
85
 
+        self.remove_filters_for_instance(instance)
86
 
+        self.add_filters_for_instance(instance, ipv4_rules, ipv6_rules)
87
 
+
88
 
     def do_refresh_security_group_rules(self, security_group):
89
 
         for instance in self.instances.values():
90
 
-            self.remove_filters_for_instance(instance)
91
 
-            self.add_filters_for_instance(instance)
92
 
+            network_info = self.network_infos[instance['id']]
93
 
+            ipv4_rules, ipv6_rules = self.instance_rules(instance,
94
 
+                                                         network_info)
95
 
+            self._inner_do_refresh_rules(instance, ipv4_rules, ipv6_rules)
96
 
 
97
 
-    @utils.synchronized('iptables', external=True)
98
 
     def do_refresh_instance_rules(self, instance):
99
 
-        self.remove_filters_for_instance(instance)
100
 
-        self.add_filters_for_instance(instance)
101
 
+        network_info = self.network_infos[instance['id']]
102
 
+        ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
103
 
+        self._inner_do_refresh_rules(instance, ipv4_rules, ipv6_rules)
104
 
 
105
 
     def refresh_provider_fw_rules(self):
106
 
         """See :class:`FirewallDriver` docs."""