The trigger_members_refresh method in compute.api.py specifies
a group id in the call to refresh_security_group_members. This
is just the last group id seen and ignores the fact that a
refresh may impact members of multiple groups.
This is masked by the fact that on the host the group id is
ignored and all instances have their security rules refreshed
regardless of if they are part of the changed group or not.
This change modifies the logic surrounding refreshes so we send
a refresh request for each instance which is affected by a
security group change, this ensures we aren't spending time
refreshing unaffected instances and also removes the possibility
of refreshing an instance multiple times if it is a member of
more than one group.
Also changed to be instance-centric is the refresh carried out
when a rule is added/removed to a security group.
Reviewed: https:/ /review. openstack. org/10658 github. com/openstack/ nova/commit/ 2afbbab23a9d845 cde511baa1e574f dcf5ab5171
Committed: http://
Submitter: Jenkins
Branch: master
commit 2afbbab23a9d845 cde511baa1e574f dcf5ab5171
Author: David McNally <email address hidden>
Date: Wed Aug 1 15:51:29 2012 +0100
Making security group refresh more specific
Fixes bug 1029495
The trigger_ members_ refresh method in compute.api.py specifies security_ group_members. This
a group id in the call to refresh_
is just the last group id seen and ignores the fact that a
refresh may impact members of multiple groups.
This is masked by the fact that on the host the group id is
ignored and all instances have their security rules refreshed
regardless of if they are part of the changed group or not.
This change modifies the logic surrounding refreshes so we send
a refresh request for each instance which is affected by a
security group change, this ensures we aren't spending time
refreshing unaffected instances and also removes the possibility
of refreshing an instance multiple times if it is a member of
more than one group.
Also changed to be instance-centric is the refresh carried out
when a rule is added/removed to a security group.
Change-Id: Iec98e9aed818fd c4ecc88c8dcdd4e e5fa9386e00