bug 924266: connection_type and firewall_driver flags mismatch

If connection_type is None, the default firewall driver should not be nova.virt.libvirt.firewall.IptablesFirewallDriver; it should either be None or the base one. If this fix gets through, devstack needs to be fixed accordingly. See review below for details. https://review.openstack.org/#change,3576 Change-Id: I58dabc50be2d5cdcd509b2ac89a5bd0f78251bd0
openstack · Feb 6, 2012 · 659342f · 659342f
1 parent 24b934f
commit 659342f
Show file tree

Hide file tree

Showing 7 changed files with 19 additions and 5 deletions.
diff --git a/nova/flags.py b/nova/flags.py
@@ -442,7 +442,7 @@ def _get_my_ip():
                default=100,
                help='default partition size for shared capacity'),
     cfg.StrOpt('firewall_driver',
-               default='nova.virt.libvirt.firewall.IptablesFirewallDriver',
+               default='nova.virt.firewall.IptablesFirewallDriver',
                help='Firewall driver (defaults to iptables)'),
     cfg.StrOpt('image_service',
                default='nova.image.glance.GlanceImageService',

diff --git a/nova/tests/test_virt_drivers.py b/nova/tests/test_virt_drivers.py
@@ -444,13 +444,14 @@ def setUp(self):
 
         # Point _VirtDriverTestCase at the right module
         self.driver_module = nova.virt.libvirt.connection
+        FLAGS.firewall_driver = nova.virt.libvirt.firewall.drivers[0]
         super(LibvirtConnTestCase, self).setUp()
         FLAGS.rescue_image_id = "2"
         FLAGS.rescue_kernel_id = "3"
         FLAGS.rescue_ramdisk_id = None
 
     def tearDown(self):
-        super(LibvirtConnTestCase, self).setUp()
+        super(LibvirtConnTestCase, self).tearDown()
 
         # Restore libvirt
         import nova.virt.libvirt.connection

diff --git a/nova/virt/connection.py b/nova/virt/connection.py
@@ -56,6 +56,7 @@ def get_connection(read_only=False):
                             * fake
                             * libvirt
                             * xenapi
+                            * vmwareapi
     """
     # TODO(termie): maybe lazy load after initial check for permissions
     # TODO(termie): check whether we can be disconnected

diff --git a/nova/virt/libvirt/connection.py b/nova/virt/libvirt/connection.py
@@ -64,9 +64,10 @@
 from nova import log as logging
 from nova.openstack.common import cfg
 from nova import utils
-from nova.virt.disk import api as disk
 from nova.virt import driver
 from nova.virt import images
+from nova.virt.disk import api as disk
+from nova.virt.libvirt import firewall
 from nova.virt.libvirt import imagecache
 from nova.virt.libvirt import utils as libvirt_utils
 
@@ -190,7 +191,8 @@ def __init__(self, read_only):
         self._wrapped_conn = None
         self.container = None
         self.read_only = read_only
-
+        if FLAGS.firewall_driver not in firewall.drivers:
+            FLAGS['firewall_driver'].SetDefault(firewall.drivers[0])
         fw_class = utils.import_class(FLAGS.firewall_driver)
         self.firewall_driver = fw_class(get_connection=self._get_connection)
         self.vif_driver = utils.import_object(FLAGS.libvirt_vif_driver)

diff --git a/nova/virt/libvirt/firewall.py b/nova/virt/libvirt/firewall.py
@@ -33,6 +33,8 @@
 LOG = logging.getLogger("nova.virt.libvirt.firewall")
 FLAGS = flags.FLAGS
 
+# The default Firewall driver must be listed at position 0
+drivers = ['nova.virt.libvirt.firewall.IptablesFirewallDriver', ]
 
 try:
     import libvirt

diff --git a/nova/virt/xenapi/firewall.py b/nova/virt/xenapi/firewall.py
@@ -31,6 +31,10 @@
 LOG = logging.getLogger("nova.virt.xenapi.firewall")
 FLAGS = flags.FLAGS
 
+# The default Firewall driver must be listed at position 0
+drivers = ['nova.virt.firewall.IptablesFirewallDriver',
+           'nova.virt.xenapi.firewall.Dom0IptablesFirewallDriver', ]
+
 
 class Dom0IptablesFirewallDriver(IptablesFirewallDriver):
     """ Dom0IptablesFirewallDriver class

diff --git a/nova/virt/xenapi/vmops.py b/nova/virt/xenapi/vmops.py
@@ -41,9 +41,11 @@
 from nova.openstack.common import cfg
 from nova import utils
 from nova.virt import driver
-from nova.virt.xenapi import volume_utils
+from nova.virt.xenapi import firewall
 from nova.virt.xenapi import network_utils
 from nova.virt.xenapi import vm_utils
+from nova.virt.xenapi import volume_utils
+
 
 VolumeHelper = volume_utils.VolumeHelper
 NetworkHelper = network_utils.NetworkHelper
@@ -104,6 +106,8 @@ def __init__(self, session, product_version):
         self._session = session
         self.poll_rescue_last_ran = None
         VMHelper.XenAPI = self.XenAPI
+        if FLAGS.firewall_driver not in firewall.drivers:
+            FLAGS['firewall_driver'].SetDefault(firewall.drivers[0])
         fw_class = utils.import_class(FLAGS.firewall_driver)
         self.firewall_driver = fw_class(xenapi_session=self._session)
         vif_impl = utils.import_class(FLAGS.xenapi_vif_driver)