In network/manager/deallocate_fixed_ip the call
to mark the IP as no longer allocated occurs before
the call to update security group rules. This means
that if an error occurs in the security group
processing, or if for some reason it is very slow
there is a risk that that the address is reused by
another tenant before the rules relating to this address
have been fully revoked.
Moving the db call to after the call to trigger the
security group refresh would avoid the issue when an
error occurs (the fixed_ip should not be released in
this case).
Change-Id: Iaba1af5c9a17fbbb82e42522b1060773de61550a
(cherry picked from commit 44132acbe91092de1188a3015a2c7155b5ec774c)
Reviewed: https:/ /review. openstack. org/10499 github. com/openstack/ nova/commit/ 413c6413df10b85 4f8adfd2cbfcfe8 9fd12288ac
Committed: http://
Submitter: Jenkins
Branch: stable/essex
commit 413c6413df10b85 4f8adfd2cbfcfe8 9fd12288ac
Author: David McNally <email address hidden>
Date: Fri Jul 27 13:32:14 2012 +0100
Moving where the fixed ip deallocation happens.
Fixes bug 1021352.
In network/ manager/ deallocate_ fixed_ip the call
to mark the IP as no longer allocated occurs before
the call to update security group rules. This means
that if an error occurs in the security group
processing, or if for some reason it is very slow
there is a risk that that the address is reused by
another tenant before the rules relating to this address
have been fully revoked.
Moving the db call to after the call to trigger the
security group refresh would avoid the issue when an
error occurs (the fixed_ip should not be released in
this case).
Change-Id: Iaba1af5c9a17fb bb82e42522b1060 773de61550a e1188a3015a2c71 55b5ec774c)
(cherry picked from commit 44132acbe91092d