NSX: Fix KeyError in sync if nsx_router_id not found
Previously, a KeyError would occur in the sync code which would
cause the sync thread to stop running. This would occur if there
was a router entry in the database but no nsx_router_mapping and
the router was not found in nsx. Note: this should never happen unless
one did not run the db migration which introduced and migrated the data
for the NeutronNsxRouterMapping table.
Darren Birkett [Thu, 6 Mar 2014 16:17:03 +0000 (16:17 +0000)]
Correctly inherit __table_args__ from parent class
Where unique constraints are added to certain tables by populating
__table_args__, we need to ensure we inherit the top level
__table_args__ that define the default storage engine to use when
creating tables.
Carl Baldwin [Tue, 1 Apr 2014 22:02:17 +0000 (22:02 +0000)]
Delete routers that are requested but not reported as active
There are two cases that I can think of that result in a router being
requested but not reported as active. One is that admin_state_up has
been set to False. In this case, the router is never removed and
continues to be operational.
The other case is if a router is changed and then deleted before the
change is processed. In this case, it is prudent to be sure that the
router is queued for deletion.
Aaron Rosen [Sat, 15 Mar 2014 05:57:09 +0000 (22:57 -0700)]
Fix _validate_mac_address method
The method _validate_mac_address previously used: netaddr.EUI(data)
which would convert data passed in to the correct mac_address representation.
For example if data=123 it would return: EUI('00-00-00-00-00-7B'). To fix
this issue I used netaddr.valid_mac() instead which returns a bool if a mac is
valid or not and does not raise. Note this file needs some improvements to
improve how exception handling is done that will come later.
Irena Berezovsky [Tue, 25 Mar 2014 07:30:17 +0000 (09:30 +0200)]
Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and
add warning if driver combination is not valid.
Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None).
The -propose-translation-update and -upstream-translation-update
jobs do not update from transifex since our po files contain
duplicate entries where obsolete entries duplicate normal entries.
Robert Kukura [Thu, 3 Apr 2014 21:01:00 +0000 (17:01 -0400)]
ML2: ODL driver sets port status
The OpenDaylight mechanism driver does not depend on an L2 agent to
plug the port. Now that nova waits for notification that the port
status is ACTIVE, the ML2 driver API is extended so that the mechanism
driver that binds a port can optionally set the port status, and the
OpenDaylight mechanism driver uses this to set the port status to
ACTIVE.
Kevin Benton [Thu, 20 Mar 2014 14:24:33 +0000 (07:24 -0700)]
De-duplicate unit tests for ports in Big Switch
This eliminates the separate classes that existed
for the VIF type testing. Each class was going
through all of the port tests when none of the
logic those tests were exercising was affected by
the VIF types.
This cut the number of tests run in test_restproxy_plugin
by close to 44% without a reduction in code coverage.
Miguel Angel Ajo [Mon, 31 Mar 2014 13:50:55 +0000 (15:50 +0200)]
fixes tests using called_once_ without assert
A few tests were using mock's called_once, or called_once_with_args
instead of assert_called_once or assert_called_once_with_args. Those
methods return a bool that needs to be actively checked.
The tests are fixed to avoid them from passing if the call condition
is not met.
Kevin Benton [Tue, 1 Apr 2014 08:05:29 +0000 (01:05 -0700)]
Stop using portbindings_db in BSN ML2 driver
Avoids using the portbindings_db in the Big Switch
ML2 driver since ML2 has deprecated that database for
its own version that tracks the same information.
Also eliminates unnecessary 'binding_host' field since
it is now always the same as as the 'portbinding:host_id'
field.
A minor change is made to the Arista API between ML2 Driver and the
back-end. This fix addresses this change to align Icehouse release with
Arista EOS releases.
Second firewall creation returns 500, but it is an expected behavior
of firewall reference implementation and an internal server error
should not be returned.
Gateway certificates are validated by the NSX backend.
The code currently treats a failure in certification
validation as a backend failure and therefore returns
a 500 status code.
This patch changes this behaviour by returning a 400
status code and an appropriate error description.
To this aim a handler for 400 errors has been added to
the NSX API client.
Miguel Angel Ajo [Tue, 18 Mar 2014 12:33:19 +0000 (13:33 +0100)]
fixes broken neutron-netns-cleanup
Some configuration parameters used in neutron.agent.linux.utils
were missing. The namespace attribute in the FakeNetwork object
was missing, and used in neutron.agent.linux.dhcp. Also, the
plugin object was missing for release_dhcp_port operation.
We provide a fake plugin object to accept current and any future
plugin calls as this is meant to be an standalone tool that
should work without any RPC connectivity.
FakeNetwork was switched for neutron.agent.linux.dhcp.NetModel
to follow any future changes in NetModel.
Two wrong called_once_with_args calls without assert were fixed.
Paul Michali [Fri, 21 Mar 2014 13:14:07 +0000 (13:14 +0000)]
Cisco VPN driver correct reporting for admin state chg
Depends on reference implementation change (81124 review) that will pass VPN
service admin up/down changes to the service driver (for subsequent passing
to the device driver).
This change will save the runtime state of the IPSec connections that have
been removed due to a VPN service down change, so that this can be reported
to the plugin properly. Otherwise, without the change, there is no info
on the downed connection and no change report so the plugin thinks the
connection is still active.
In addition, the status for the VPN service will reflect whether there are
any IPSec connections ACTIVE. If one or more are acive, the service will
be active, otherwise it will be DOWN.
Updated UT to add tests for admin state and status reporting. Also changed
some IPSec create UTs because they were not cleaning up correctly upon test
failures (only seen with a live CSR).
In the future, when the Cisco CSR REST API supports admin up/down support,
the IPSec connections will not be deleted, but instead will be shut down, in
response to an admin down event (and then brought up, for admin up). During
the down time, the state will be reported correctly and no run-time state
recording needed.
Aaron Rosen [Mon, 31 Mar 2014 18:03:48 +0000 (11:03 -0700)]
Only send notifications on uuid device_id's
Neutron assumes that all ports with the device_owner that start with
'compute:' are ports created by nova compute. Thus, when the debug agent
creates a port with device_owner = compute:probe the nova notifier
feature tells nova when this port is wired even though nova does not know
about it (doesn't really matter we just log an error). This patch adds a check
to make sure the device_id is a uuid as nova only uses uuids and the debug
agent uses the hostname for device_id.
Joe Gordon [Tue, 1 Apr 2014 22:06:36 +0000 (15:06 -0700)]
Use a temp dir for CONF.state_path
external_pids will defaults to $state_path(/var/lib/neutron)/external/pids
which isn't accessible when running unit tests so use a tempdir for
CONF.state_path. This bug arose when oslo.config 1.3.0 came out which
fixed bug #1282250 (I4324bda6f3de3cdf05f8eb3cf16052c04018dec8) and
caused this issue.