From 01de658210fd65171bfbf5450c93673b5ce0bd9e Mon Sep 17 00:00:00 2001 From: John Garbutt Date: Mon, 21 Oct 2013 19:34:43 +0100 Subject: [PATCH] xenapi: apply firewall rules in finish_migrate When security groups were added, the rules were not re-applied to servers that have been migrated to a new hypervisor. This change ensures the firewall rules are applied as part of creating the new VM in finish_migrate. This code follows a very similar pattern to the code in spawn, and that is where the cut and paste code comes from. This code duplication was removed in Havana. Fixes bug 1073306 Change-Id: I6295a782df328a759e358fb82b76dd3f7bd4b39e --- nova/virt/xenapi/vmops.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py index eccf3e074b0..7a96ac2f47e 100644 --- a/nova/virt/xenapi/vmops.py +++ b/nova/virt/xenapi/vmops.py @@ -277,8 +277,23 @@ def finish_migration(self, context, migration, instance, disk_info, self._attach_mapped_block_devices(instance, block_device_info) + try: + self.firewall_driver.setup_basic_filtering( + instance, network_info) + except NotImplementedError: + # NOTE(salvatore-orlando): setup_basic_filtering might be + # empty or not implemented at all, as basic filter could + # be implemented with VIF rules created by xapi plugin + pass + + self.firewall_driver.prepare_instance_filter(instance, + network_info) + # 5. Start VM self._start(instance, vm_ref=vm_ref) + + self.firewall_driver.apply_instance_filter(instance, network_info) + self._update_instance_progress(context, instance, step=5, total_steps=RESIZE_TOTAL_STEPS)