Merge "change the firewall debugging for clarity"

2014-07-17 06:51:00 +00:00 · 2014-07-17 06:51:00 +00:00 · e84b8ef982
parent 1b1fc428c6 d7ce7cccbc
commit e84b8ef982
2 changed files with 9 additions and 10 deletions
--- a/nova/network/linux_net.py
+++ b/nova/network/linux_net.py
@ -272,7 +272,9 @@ class IptablesTable(object):

        rule_obj = IptablesRule(chain, rule, wrap, top)
        if rule_obj in self.rules:
-            LOG.debug("Skipping duplicate iptables rule addition")
+            LOG.debug("Skipping duplicate iptables rule addition. "
+                      "%(rule)r already in %(rules)r",
+                      {'rule': rule_obj, 'rules': self.rules})
        else:
            self.rules.append(IptablesRule(chain, rule, wrap, top))
            self.dirty = True
--- a/nova/virt/firewall.py
+++ b/nova/virt/firewall.py
@ -181,9 +181,11 @@ class IptablesFirewallDriver(FirewallDriver):
        ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
        self.add_filters_for_instance(instance, network_info, ipv4_rules,
                                      ipv6_rules)
-        LOG.debug('Filters added to instance', instance=instance)
+        LOG.debug('Filters added to instance: %s', instance['id'],
+                  instance=instance)
        self.refresh_provider_fw_rules()
-        LOG.debug('Provider Firewall Rules refreshed', instance=instance)
+        LOG.debug('Provider Firewall Rules refreshed: %s', instance['id'],
+                  instance=instance)
        # Ensure that DHCP request rule is updated if necessary
        if (self.dhcp_create and not self.dhcp_created):
            self.iptables.ipv4['filter'].add_rule(
@ -364,9 +366,6 @@ class IptablesFirewallDriver(FirewallDriver):
            rules = rules_cls.get_by_security_group(ctxt, security_group)

            for rule in rules:
-                LOG.debug('Adding security group rule: %r', rule,
-                          instance=instance)
-
                if not rule['cidr']:
                    version = 4
                else:
@ -394,7 +393,6 @@ class IptablesFirewallDriver(FirewallDriver):
                elif protocol == 'icmp':
                    args += self._build_icmp_rule(rule, version)
                if rule['cidr']:
-                    LOG.debug('Using cidr %r', rule['cidr'], instance=instance)
                    args += ['-s', str(rule['cidr'])]
                    fw_rules += [' '.join(args)]
                else:
@ -418,11 +416,10 @@ class IptablesFirewallDriver(FirewallDriver):
                                subrule = args + ['-s %s' % ip]
                                fw_rules += [' '.join(subrule)]

-                LOG.debug('Using fw_rules: %r', fw_rules, instance=instance)
-
        ipv4_rules += ['-j $sg-fallback']
        ipv6_rules += ['-j $sg-fallback']
-
+        LOG.debug('Security Groups %s translated to ipv4: %r, ipv6: %r',
+            security_groups, ipv4_rules, ipv6_rules, instance=instance)
        return ipv4_rules, ipv6_rules

    def instance_filter_exists(self, instance, network_info):