ML2 plugin changes the port status to "build" when get_device_details
is called. For this reason, the port status must be updated once the
port details are processed.
Properly synchronize status for ports deleted from backend
Ensure that the status for a port is properly synchronized even
when the port itself does not exist anymore in the backend, avoiding
raising exceptions due to missing results in the NVP query.
This patch also adjusts a comment and improves exception handling
in _nvp_get_port_id
This fix ports the Cisco Nexus sub-plugin unit tests
(neutron/tests/unit/cisco/test_nexus_plugin.py) to the Cisco ML2 mechanism
driver. The new test script will be
neutron/tests/unit/ml2/drivers/test_cisco_nexus.py.
Test cases which will be excluded from this port:
- Test cases involving provider networks.
- Test cases involving add/remove router networks
since these features are not currently supported in the Cisco ML2
mechanism driver.
The reference implementation of the FWaaS iptables
agent/driver supports only one firewall per tenant
in Havana release. However, the FWaaS plugin will
let you create more than one firewall. This is
being fixed in this patch to not allow creating
the second firewall if a firewall already exists
for the tenant.
Matt Riedemann [Fri, 20 Sep 2013 15:47:25 +0000 (08:47 -0700)]
Handle long integer conversion in NEC portinfo validation tests
There are a couple of tests for NEC portinfo validation that pass an id
which gets converted to a base-16 integer and then that gets converted
to a hex string. The problem is the integer conversion can make it a
long integer and then the hex built-in appends 'L' to the string, and
the tests do not account for that. This patch handles that case.
This fix ports the Cisco Nexus database and network database
unit tests to the Cisco ML2 mechanism driver UT.
The existing test scripts which are ported:
neutron/tests/unit/cisco/test_nexus_db.py
neutron/tests/unit/cisco/test_network_db.py
The new test scripts are:
neutron/tests/unit/ml2/drivers/test_cisco_nexus_db.py
neutron/tests/unit/ml2/drivers/test_cisco_network_db.py
Note that the QoS database related tests in
test_network_db.py are not ported because QoS is
not currently supported in the Cisco ML2
mechanism driver.
Ensure names are truncated to accommodate NVP limit
Switches created through Advanced Plugin should have
their name truncated as well. To this aim, move things
around to avoid awkward imports or code duplications
Kaiwei Fan [Mon, 16 Sep 2013 22:02:34 +0000 (15:02 -0700)]
Fix for status always in PENDING_CREATE for Edge service router
The root cause is when deployment finished, we only update router status to
active if the status is in pending create. The problem happens when the
background sync thread update router status to active, so the status update
for vcns_router_binding table is skipped. We fixed this by seperating
checking and updating status for router and binding table.
Also fixed an issue where Edge is not deleted if neutron service is
restarted. The root cause is when neutron service restarts, the cache for
router type is empty. And because we delete the router from db before
we delete Edge, we're not able to locate the router from db to determine
the router type. The fix is to use binding table to determine the router
type.
Also piggyback a missing attribute for updating Edge interface. It must have
been removed by accident when resolving conflict during service plugin merge.
Luis A. Garcia [Wed, 18 Sep 2013 23:11:06 +0000 (23:11 +0000)]
Sync gettextutils from oslo
Some Messages, such as those created from Invalid exceptions, use a
Message within a Message, and we were only translating the base Message
but not the Message substitution within.
Due to a recent change, reodering of rules within the
same policy was failing. This is fixed by checking if
the rules belong to the same policy we allow reordering.
There was also a missing call to reorder due to which
the position number on the rules was not reflected correctly
after the reordering. This is also fixed.
port binding feature of ML2 plugin registers a callback function with
db_base_plugin_v2.NeutronDbPluginV2, which is invoked during a query of
port DB. This function is registered by name instead by refefence. This
causes wrong context to be passed to the function upon invocation, which
causes the exception. If this query is made during neutron
initilization, Neutron service will fail to start.
This fix changes the registration from function name to function
pointer
Fixes two comment lines regarding when bind_port
is called. The correct comment should indicate that
bind_port is called prior to "create_port_precommit or
update_port_precommit" rather than
"create_network_precommit or update_network_precommit".
Kevin Benton [Tue, 17 Sep 2013 20:22:32 +0000 (13:22 -0700)]
BigSwitch plugin: passes context to all update_network calls
There were a few calls to update the network on the backend
that were not having the context passed to them so they were
incorrectly using the admin context. This patch corrects that
by passing the context to all network update calls. It also
disallows calls to _send_update_network that don't provide
the context because there is not a use case for that condition.
Mark McClain [Fri, 13 Sep 2013 21:48:20 +0000 (17:48 -0400)]
Dynamically adjust max number of leases
This change dynamically adjusts the maximum number of leases based on
the size of the subnets associated with a network. The upper bound is
limited by a configurable option to keep the max reasonable and prevent
denial of service.
linb [Tue, 20 Aug 2013 05:35:10 +0000 (13:35 +0800)]
Support advanced NVP LBaaS Service
The patch adds NVP advanced LBaaS service support for NVP with
VCNS:
* NVP LBaaS is an advanced Service of NVP depending on NVP
advanced service router
- Once an advanced router id created, one corresponding
vshield edge will be deployed, and then we can configure
LB service On the vshield edge
* NVP LBaaS service plugin still uses LBaaS DB service logic,
while finally calling vShield Edge to support FWaaS service
- When creating VIP object, service attaches the object to
the advanced router with routedserviceinsertion service.
Then before pushing VIP VCNS call, the server would first
pushing associated POOL VCNS call and associated Monitor
VCNS call to vShield Edge. Deleting VIP is opposite
operation
- Refering to CUD operation of other objects, service would
first find the associated VIP object and then find the edge bound to
the router which vip inserted. Then service would push corresponding
VCNS call to Vshield Edge
* on driver part, the driver will first convert the object
to VSM known object input, and then send a synchronous JSON
calling to VSM, and receive the result
berlin [Thu, 22 Aug 2013 07:58:58 +0000 (15:58 +0800)]
Support for NVP advanced FwaaS service
The patch adds advanced FWaaS service support for NVP with
VCNS:
* NVP FWaaS is an advanced Service of NVP depending on NVP
advanced service router
- Once an advanced router id created, one corresponding
vshield edge will be deployed, and then we can configure
FW service on the vshield edge
* NVP FWaaS service plugin still uses FWaaS DB service logic,
while finally calling vShield Edge to support FWaaS service
- When firewall object is created, we will attach the
object to the advanced router with routedserviceinsertion_db
service
* on driver part, the driver will first convert the object
to VSM known object input, and then send a synchronous JSON
calling to VSM, and receive the result
Paul Michali [Mon, 16 Sep 2013 14:08:56 +0000 (10:08 -0400)]
Increase size of peer_address attribute in VPNaaS
Increased the size so that peer_address could be FQDN. API
document changed constraint from IPAddress to string, however
in the plugin/service code, it is already a string and there is
no specific restriction on the value. Database migration will
be performed, due to the size change.
Fix error raised when router-interface-delete on no-snat routers
Previously, a 500 error would be raised trying to remove a subnet
from a no-snat router because we were trying to remove the snat
rules that didn't exist in the router.
_validate_network_tenant_ownership must be less strict
Neutron, currently does a strict validation code
so that for non-shared network the subnets and
ports must belong to the same tenant as the network. In
the case of a "service VM" created by
admin user, this function should return thus allowing
admin users to create ports and networks in a tenant
network.
Code Review / openstack-build / neutron-build.git / log