[lxc-devel] [nova-lxd/master] Clean up nova-lxd firewall
zulcss on Github
lxc-bot at linuxcontainers.org
Mon May 16 14:38:09 UTC 2016
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 540 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160516/82d6c14b/attachment.bin>
-------------- next part --------------
From 1aaae2f2076a063159e463936ab4c35fd45397d1 Mon Sep 17 00:00:00 2001
From: Chuck Short <chuck.short at canonical.com>
Date: Mon, 16 May 2016 10:35:54 -0400
Subject: [PATCH] Clean up nova-lxd firewall
Clean up container firewall so that it is easier
to maintain and easily readable. Remove container_firewall
so that we are talking to the nova.virt.firewall objects
directly.
Signed-off-by: Chuck Short <chuck.short at canonical.com>
---
nova/virt/lxd/container_firewall.py | 68 -------------------------------------
nova/virt/lxd/driver.py | 30 ++++++----------
nova/virt/lxd/operations.py | 5 +--
3 files changed, 14 insertions(+), 89 deletions(-)
delete mode 100644 nova/virt/lxd/container_firewall.py
diff --git a/nova/virt/lxd/container_firewall.py b/nova/virt/lxd/container_firewall.py
deleted file mode 100644
index 9f3a11f..0000000
--- a/nova/virt/lxd/container_firewall.py
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 2015 Canonical Ltd
-# All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-from nova.virt import firewall
-
-from oslo_config import cfg
-from oslo_log import log as logging
-
-CONF = cfg.CONF
-LOG = logging.getLogger(__name__)
-
-
-class LXDContainerFirewall(object):
-
- def __init__(self):
- self.firewall_driver = firewall.load_driver(
- default='nova.virt.firewall.NoopFirewallDriver')
-
- def refresh_security_group_rules(self, security_group_id):
- return (self.firewall_driver
- .refresh_security_group_rules(security_group_id))
-
- def refresh_security_group_members(self, security_group_id):
- return (self.firewall_driver
- .refresh_security_group_members(security_group_id))
-
- def refresh_provider_fw_rules(self):
- return self.firewall_driver.refresh_provider_fw_rules()
-
- def refresh_instance_security_rules(self, instance):
- return self.firewall_driver.refresh_instance_security_rules(instance)
-
- def ensure_filtering_rules_for_instance(self, instance, network_info):
- return (self.firewall_driver
- .ensure_filtering_rules_for_instance(instance, network_info))
-
- def filter_defer_apply_on(self):
- return self.firewall_driver.filter_defer_apply_on()
-
- def filter_defer_apply_off(self):
- return self.firewall_driver.filter_defer_apply_off()
-
- def unfilter_instance(self, instance, network_info):
- return self.firewall_driver.unfilter_instance(instance, network_info)
-
- def setup_basic_filtering(self, instance, network_info):
- return self.firewall_driver.setup_basic_filtering(instance,
- network_info)
-
- def prepare_instance_filter(self, instance, network_info):
- return self.firewall_driver.prepare_instance_filter(instance,
- network_info)
-
- def apply_instance_filter(self, instance, network_info):
- return self.firewall_driver.apply_instance_filter(instance,
- network_info)
diff --git a/nova/virt/lxd/driver.py b/nova/virt/lxd/driver.py
index 5778f06..1471840 100644
--- a/nova/virt/lxd/driver.py
+++ b/nova/virt/lxd/driver.py
@@ -19,13 +19,13 @@
from nova import exception
from nova import i18n
from nova.virt import driver
+from nova.virt import firewall
import socket
from oslo_config import cfg
from oslo_log import log as logging
-from nova.virt.lxd import container_firewall
from nova.virt.lxd import container_snapshot
from nova.virt.lxd import host
from nova.virt.lxd import migrate
@@ -69,10 +69,12 @@ def __init__(self, virtapi):
self.container_ops = container_ops.LXDContainerOperations(virtapi)
self.container_snapshot = container_snapshot.LXDSnapshot()
- self.container_firewall = container_firewall.LXDContainerFirewall()
self.container_migrate = migrate.LXDContainerMigrate(virtapi)
self.host = host.LXDHost()
+ self.firewall_driver = firewall.load_driver(
+ default='nova.virt.firewall.NoopFirewallDriver')
+
def init_host(self, host):
return self.host.init_host(host)
@@ -283,33 +285,23 @@ def get_instance_disk_info(self, instance,
raise NotImplementedError()
def refresh_security_group_rules(self, security_group_id):
- return (self.container_firewall
- .refresh_security_group_rules(security_group_id))
+ self.firewall_driver.refresh_security_group_rules(security_group_id)
def refresh_security_group_members(self, security_group_id):
- return (self.container_firewall
- .refresh_security_group_members(security_group_id))
+ self.firewall_driver.refresh_security_group_members(security_group_id)
def refresh_provider_fw_rules(self):
- return self.container_firewall.refresh_provider_fw_rules()
+ self.firewall_driver.refresh_provider_fw_rules()
def refresh_instance_security_rules(self, instance):
- return (self.container_firewall
- .refresh_instance_security_rules(instance))
+ self.firewall_driver.refresh_instance_security_rules(instance)
def ensure_filtering_rules_for_instance(self, instance, network_info):
- return (self.container_firewall
- .ensure_filtering_rules_for_instance(instance, network_info))
-
- def filter_defer_apply_on(self):
- return self.container_firewall.filter_defer_apply_on()
-
- def filter_defer_apply_off(self):
- return self.container_firewall.filter_defer_apply_off()
+ self.firewall_driver.setup_basic_filtering(instance, network_info)
+ self.firewall_driver.prepare_instance_filter(instance, network_info)
def unfilter_instance(self, instance, network_info):
- return self.container_firewall.unfilter_instance(instance,
- network_info)
+ self.firewall_driver.unfilter_instance(instance, network_info)
def poll_rebooting_instances(self, timeout, instances):
raise NotImplementedError()
diff --git a/nova/virt/lxd/operations.py b/nova/virt/lxd/operations.py
index 84fb80c..3f52b40 100644
--- a/nova/virt/lxd/operations.py
+++ b/nova/virt/lxd/operations.py
@@ -32,9 +32,9 @@
from nova import i18n
from nova import utils
from nova.compute import power_state
+from nova.virt import firewall
from nova.virt.lxd import config as container_config
-from nova.virt.lxd import container_firewall
from nova.virt.lxd import image
from nova.virt.lxd import session
from nova.virt.lxd import utils as container_dir
@@ -62,10 +62,11 @@ def __init__(self, virtapi):
self.config = container_config.LXDContainerConfig()
self.container_dir = container_dir.LXDContainerDirectories()
self.image = image.LXDContainerImage()
- self.firewall_driver = container_firewall.LXDContainerFirewall()
self.session = session.LXDAPISession()
self.vif_driver = vif.LXDGenericDriver()
+ self.firewall_driver = firewall.load_driver(
+ default='nova.virt.firewall.NoopFirewallDriver')
self.instance_dir = None
def list_instances(self):
More information about the lxc-devel
mailing list