Clarify nwfilter not found error message

In bug #1039398 the user got an error message about an instance's nwfilter not being found, but it gave the impression that live migration was involved. The ensure_filtering_rules_for_instance() method was originally just used for live migration, but since: https://code.launchpad.net/~chemikadze/nova/driver-agnostic-restart-instances/+merge/69069 it has also been used when re-starting the compute service when there are running VMs. Clarify the error message and the comments in the code to reflect this. Waiting up to 30 seconds before reporting an error here seems pretty bad. It appears this is to handle the case where the nwfilters get defined in a separate thread. For reference, the code was added by this merge: https://code.launchpad.net/~nttdata/nova/live-migration/+merge/44940 For now, just add a comment explaining why we're polling for the existence of the nwfilter. Change-Id: Ieb085a6753ac72116d5f5a706fd1a908703286ad
openstack · Aug 22, 2012 · a29442d · a29442d
1 parent b090bdd
commit a29442d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 25 deletions.
diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
@@ -1591,7 +1591,9 @@ def sleep(self, t):
                                                      network_info,
                                                      time_module=fake_timer)
         except exception.NovaException, e:
-            c1 = (0 <= str(e).find('Timeout migrating for'))
+            msg = ('The firewall filter for %s does not exist' %
+                   instance_ref['name'])
+            c1 = (0 <= str(e).find(msg))
         self.assertTrue(c1)
 
         self.assertEqual(29, fake_timer.counter, "Didn't wait the expected "

diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
@@ -2370,48 +2370,33 @@ def _cleanup_shared_storage_test_file(self, filename):
 
     def ensure_filtering_rules_for_instance(self, instance_ref, network_info,
                                             time_module=None):
-        """Setting up filtering rules and waiting for its completion.
+        """Ensure that an instance's filtering rules are enabled.
 
-        To migrate an instance, filtering rules to hypervisors
-        and firewalls are inevitable on destination host.
-        ( Waiting only for filterling rules to hypervisor,
-        since filtering rules to firewall rules can be set faster).
-
-        Concretely, the below method must be called.
-        - setup_basic_filtering (for nova-basic, etc.)
-        - prepare_instance_filter(for nova-instance-instance-xxx, etc.)
-
-        to_xml may have to be called since it defines PROJNET, PROJMASK.
-        but libvirt migrates those value through migrateToURI(),
-        so , no need to be called.
-
-        Don't use thread for this method since migration should
-        not be started when setting-up filtering rules operations
-        are not completed.
-
-        :params instance_ref: nova.db.sqlalchemy.models.Instance object
+        When migrating an instance, we need the filtering rules to
+        be configured on the destination host before starting the
+        migration.
 
+        Also, when restarting the compute service, we need to ensure
+        that filtering rules exist for all running services.
         """
 
         if not time_module:
             time_module = greenthread
 
-        # If any instances never launch at destination host,
-        # basic-filtering must be set here.
         self.firewall_driver.setup_basic_filtering(instance_ref, network_info)
-        # setting up nova-instance-instance-xx mainly.
         self.firewall_driver.prepare_instance_filter(instance_ref,
                 network_info)
 
-        # wait for completion
+        # nwfilters may be defined in a separate thread in the case
+        # of libvirt non-blocking mode, so we wait for completion
         timeout_count = range(FLAGS.live_migration_retry_count)
         while timeout_count:
             if self.firewall_driver.instance_filter_exists(instance_ref,
                                                            network_info):
                 break
             timeout_count.pop()
             if len(timeout_count) == 0:
-                msg = _('Timeout migrating for %s. nwfilter not found.')
+                msg = _('The firewall filter for %s does not exist')
                 raise exception.NovaException(msg % instance_ref["name"])
             time_module.sleep(1)