In network/manager/deallocate_fixed_ip the call
to mark the IP as no longer allocated occurs before
the call to update security group rules. This means
that if an error occurs in the security group
processing, or if for some reason it is very slow
there is a risk that that the address is reused by
another tenant before the rules relating to this address
have been fully revoked.
Moving the db call to after the call to trigger the
security group refresh would avoid the issue when an
error occurs (the fixed_ip should not be released in
this case).
Reviewed: https:/ /review. openstack. org/10404 github. com/openstack/ nova/commit/ 44132acbe91092d e1188a3015a2c71 55b5ec774c
Committed: http://
Submitter: Jenkins
Branch: master
commit 44132acbe91092d e1188a3015a2c71 55b5ec774c
Author: David McNally <email address hidden>
Date: Fri Jul 27 13:32:14 2012 +0100
Moving where the fixed ip deallocation happens.
Fixes bug 1021352.
In network/ manager/ deallocate_ fixed_ip the call
to mark the IP as no longer allocated occurs before
the call to update security group rules. This means
that if an error occurs in the security group
processing, or if for some reason it is very slow
there is a risk that that the address is reused by
another tenant before the rules relating to this address
have been fully revoked.
Moving the db call to after the call to trigger the
security group refresh would avoid the issue when an
error occurs (the fixed_ip should not be released in
this case).
Change-Id: Iaba1af5c9a17fb bb82e42522b1060 773de61550a