Comment 2 for bug 1029495

Reviewed: https://review.openstack.org/10658
Committed: http://github.com/openstack/nova/commit/2afbbab23a9d845cde511baa1e574fdcf5ab5171
Submitter: Jenkins
Branch: master

commit 2afbbab23a9d845cde511baa1e574fdcf5ab5171
Author: David McNally <email address hidden>
Date: Wed Aug 1 15:51:29 2012 +0100

    Making security group refresh more specific

    Fixes bug 1029495

    The trigger_members_refresh method in compute.api.py specifies
    a group id in the call to refresh_security_group_members. This
    is just the last group id seen and ignores the fact that a
    refresh may impact members of multiple groups.

    This is masked by the fact that on the host the group id is
    ignored and all instances have their security rules refreshed
    regardless of if they are part of the changed group or not.

    This change modifies the logic surrounding refreshes so we send
    a refresh request for each instance which is affected by a
    security group change, this ensures we aren't spending time
    refreshing unaffected instances and also removes the possibility
    of refreshing an instance multiple times if it is a member of
    more than one group.

    Also changed to be instance-centric is the refresh carried out
    when a rule is added/removed to a security group.

    Change-Id: Iec98e9aed818fdc4ecc88c8dcdd4ee5fa9386e00