Robert Kukura [Thu, 3 Apr 2014 21:01:00 +0000 (17:01 -0400)]
ML2: ODL driver sets port status
The OpenDaylight mechanism driver does not depend on an L2 agent to
plug the port. Now that nova waits for notification that the port
status is ACTIVE, the ML2 driver API is extended so that the mechanism
driver that binds a port can optionally set the port status, and the
OpenDaylight mechanism driver uses this to set the port status to
ACTIVE.
Kevin Benton [Thu, 20 Mar 2014 14:24:33 +0000 (07:24 -0700)]
De-duplicate unit tests for ports in Big Switch
This eliminates the separate classes that existed
for the VIF type testing. Each class was going
through all of the port tests when none of the
logic those tests were exercising was affected by
the VIF types.
This cut the number of tests run in test_restproxy_plugin
by close to 44% without a reduction in code coverage.
Miguel Angel Ajo [Mon, 31 Mar 2014 13:50:55 +0000 (15:50 +0200)]
fixes tests using called_once_ without assert
A few tests were using mock's called_once, or called_once_with_args
instead of assert_called_once or assert_called_once_with_args. Those
methods return a bool that needs to be actively checked.
The tests are fixed to avoid them from passing if the call condition
is not met.
Kevin Benton [Tue, 1 Apr 2014 08:05:29 +0000 (01:05 -0700)]
Stop using portbindings_db in BSN ML2 driver
Avoids using the portbindings_db in the Big Switch
ML2 driver since ML2 has deprecated that database for
its own version that tracks the same information.
Also eliminates unnecessary 'binding_host' field since
it is now always the same as as the 'portbinding:host_id'
field.
A minor change is made to the Arista API between ML2 Driver and the
back-end. This fix addresses this change to align Icehouse release with
Arista EOS releases.
Second firewall creation returns 500, but it is an expected behavior
of firewall reference implementation and an internal server error
should not be returned.
Gateway certificates are validated by the NSX backend.
The code currently treats a failure in certification
validation as a backend failure and therefore returns
a 500 status code.
This patch changes this behaviour by returning a 400
status code and an appropriate error description.
To this aim a handler for 400 errors has been added to
the NSX API client.
Miguel Angel Ajo [Tue, 18 Mar 2014 12:33:19 +0000 (13:33 +0100)]
fixes broken neutron-netns-cleanup
Some configuration parameters used in neutron.agent.linux.utils
were missing. The namespace attribute in the FakeNetwork object
was missing, and used in neutron.agent.linux.dhcp. Also, the
plugin object was missing for release_dhcp_port operation.
We provide a fake plugin object to accept current and any future
plugin calls as this is meant to be an standalone tool that
should work without any RPC connectivity.
FakeNetwork was switched for neutron.agent.linux.dhcp.NetModel
to follow any future changes in NetModel.
Two wrong called_once_with_args calls without assert were fixed.
Paul Michali [Fri, 21 Mar 2014 13:14:07 +0000 (13:14 +0000)]
Cisco VPN driver correct reporting for admin state chg
Depends on reference implementation change (81124 review) that will pass VPN
service admin up/down changes to the service driver (for subsequent passing
to the device driver).
This change will save the runtime state of the IPSec connections that have
been removed due to a VPN service down change, so that this can be reported
to the plugin properly. Otherwise, without the change, there is no info
on the downed connection and no change report so the plugin thinks the
connection is still active.
In addition, the status for the VPN service will reflect whether there are
any IPSec connections ACTIVE. If one or more are acive, the service will
be active, otherwise it will be DOWN.
Updated UT to add tests for admin state and status reporting. Also changed
some IPSec create UTs because they were not cleaning up correctly upon test
failures (only seen with a live CSR).
In the future, when the Cisco CSR REST API supports admin up/down support,
the IPSec connections will not be deleted, but instead will be shut down, in
response to an admin down event (and then brought up, for admin up). During
the down time, the state will be reported correctly and no run-time state
recording needed.
Aaron Rosen [Mon, 31 Mar 2014 18:03:48 +0000 (11:03 -0700)]
Only send notifications on uuid device_id's
Neutron assumes that all ports with the device_owner that start with
'compute:' are ports created by nova compute. Thus, when the debug agent
creates a port with device_owner = compute:probe the nova notifier
feature tells nova when this port is wired even though nova does not know
about it (doesn't really matter we just log an error). This patch adds a check
to make sure the device_id is a uuid as nova only uses uuids and the debug
agent uses the hostname for device_id.
Joe Gordon [Tue, 1 Apr 2014 22:06:36 +0000 (15:06 -0700)]
Use a temp dir for CONF.state_path
external_pids will defaults to $state_path(/var/lib/neutron)/external/pids
which isn't accessible when running unit tests so use a tempdir for
CONF.state_path. This bug arose when oslo.config 1.3.0 came out which
fixed bug #1282250 (I4324bda6f3de3cdf05f8eb3cf16052c04018dec8) and
caused this issue.
Kevin Benton [Tue, 1 Apr 2014 06:32:41 +0000 (23:32 -0700)]
BigSwitch: Semaphore on port status update
Adds a semaphore to the _set_port_status
function used by the Big Switch ML2 driver and
plugin. Without it, the async threads are
susceptible to deadlocking and causing the
known eventlet/mysql timeout exception.
Hemanth Ravi [Mon, 31 Mar 2014 00:48:21 +0000 (17:48 -0700)]
Invoke _process_l3_create within plugin session
_process_l3_create should be invoked with a plugin session, else
externalnetworks table is not populated for networks with
router:external=True. Added the missing plugin session.
Recent API changes in N1KV controller require parameters such as
subnet id and IP address to handle port creation successfully.
Without these mandatory paramters, the REST call fails.
This patch addresses that by passing in the missing parameters
in the REST body.
Evgeny Fedoruk [Tue, 18 Mar 2014 17:55:11 +0000 (10:55 -0700)]
Cancelling thread start while unit tests running
This change modifies the Radware driver and its unit testing code
to not start operations completion thread while unit tests are running.
The driver initialization changed not to start the operations completion thread,
the thread is started only when operation completion item is inserted into the queue
for the first time.
The operation completion functionality was moved to a new function which
is called by the operations completion thread run() function.
The run() function still have the functionality of popping operation completion
items out of the queue and push failed items back.
Unit testing code mocks the operation completion items queue
by calling the operations completion hanler new function when item
is added.
Start() and join() functions of the thread were mocked to do nothing.
All sleep() entrances were removed from the unit testing code.
All unnecessary mock_reset() calls were removed.
Carl Baldwin [Thu, 27 Mar 2014 22:21:53 +0000 (22:21 +0000)]
Delete duplicate external devices in router namespace
When a router's gateway is removed during L3-agent restart, the agent
will fail to delete the old external device. This device should be
identified and removed as soon as possible.
Akihiro Motoki [Fri, 21 Mar 2014 23:17:20 +0000 (08:17 +0900)]
UT: do not hide an original error in test resource ctxtmgr
In unit tests, resource contextmanagers such as network(), subnet()
try to delete themselves after returning from yield even if an
exception occurs. However when an exception occurs, there is a case
where deletion fails. In this case original exception will be hidden
and it makes difficult to debug test failures.
Before each test starts, resources like database entries will be
recreated, so there is no need to try to delete resources even
when an exception occurs. This commit removes try-finally clause
from resource contextmanagers to make original errors visible.
Eugene Nikanorov [Wed, 19 Mar 2014 14:00:35 +0000 (18:00 +0400)]
Fix namespace exist() method
Fix namespace exist() method for it shall not be called with a root.
Also, don't run it under the namespace so garbage_collect_namespace
method can run without rootwrap and not withi a ns.
As a result of fixing namespace listing the patch also fixes the
regression introduced (bug/1294603) to loadbalancer agent respawning
haproxy due to inability to list namespaces properly.
Each dnsmasq instance on a network is not aware of other dnsmasq's leases.
When dnsmasq is launched with --no-hosts and is not provided an --addn-hosts
file, it can resolve only the hosts to which it gives a dhcp lease and no more.
i.e.:
If dnsmasq service n°1 gives a lease to instance n°1, and dnsmasq service n°2
gives a lease to instance n°2, both VM instances and dnsmasq services being on
the same network: instance n°1 can not resolve instance n°2, because instance
n°1 queries dnsmasq n°1, and since it did not give the lease to instance n°2,
it can not resolve it (it is not aware of its existence). Same issue if
instance n°2 tries to resolve instance n°1.
The solution is to provide dnsmasq with an --addn-hosts file of all hosts on
the network. With an --addn-hosts file, each dnsmasq instance is aware of all
the hosts on the network even if they do not give the lease for a host,
therefore each dnsmasq instance can resolve any host on their network even if
they did not provide the lease for it themselves.
Aaron Rosen [Wed, 26 Mar 2014 23:40:09 +0000 (16:40 -0700)]
Prevent cross plugging router ports from other tenants
Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.
NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already
attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Mark McClain [Thu, 20 Mar 2014 17:49:13 +0000 (13:49 -0400)]
Disable XML tests on Py26
Unit testing on Py26 takes too long to run. The code paths are the
same, so we'll temporarily skip tests is the class contains XML
formating since duplicate full stack JSON tests are run.
Aaron Rosen [Wed, 26 Mar 2014 20:52:05 +0000 (13:52 -0700)]
Subnets should be set as lazy='join'
Currently if one does a net-list tons of queries are issued against the
database as the default query mode is 'select' which performs a query when
the field is actually accessed. In this patch I change the the mode to
'joined' so subnets are loaded as the networks are loaded. Usually, there
are only 1 or 2 subnets on a network so loading this data shouldn't hurt.
This patch in my setup with 5000 networks reduces the net-list call from 27
seconds to 7! Woot Woot :)
Akihiro Motoki [Sat, 15 Mar 2014 15:16:23 +0000 (00:16 +0900)]
nec plugin: allow to delete resource with ERROR status
Previously if a resource is in ERROR status and there is no
corresponding resource on OpenFlow controller, the resource
cannot be deleted through an API request.
This commit rearrange ERROR status check to allow resource
with ERROR status to be deleted.
Ihar Hrachyshka [Mon, 17 Mar 2014 13:18:28 +0000 (14:18 +0100)]
Synced rpc and gettextutils modules from oslo-incubator
The main reason for sync is to get the following oslo-rpc fixes in Neutron:
* I537015f452eb770acba41fdedfe221628f52a920 (reduces delays when reconnecting
to Qpid in HA deployments)
* Ia148baa6e1ec632789ac3621c85173c2c16f3918 (fixed HA failover, Qpid part)
* I67923cb024bbd143edc8edccf35b9b400df31eb3 (fixed HA failover, RabbitMQ part)
Akihiro Motoki [Wed, 26 Mar 2014 14:28:49 +0000 (23:28 +0900)]
Import request_id middleware bug fix from oslo
There is a bug in request-id middleware that a subsequent API request will
overwrite a request-id of a previous request when multiple API calls are
processed in parallel in request_id middleware.
This commit imports the fix in oslo.
The original version of the request_id middleware generates a request ID during
process_request() and stores the value in a variable, so it can be attached as
header in process_request(). This is pretty dangerous, since subsequent
requests will overwrite this value, and the wrong request ID may be attached to
some responses. This is particularly apparent when requests arrive in parallel.
This change replaces process_request() and process_response() with an override
of __call__(). This allows the generated req_id to be used in the response
header without needing to save it as a class-level variable.
----
Jakub Libosvar [Wed, 26 Mar 2014 08:42:21 +0000 (09:42 +0100)]
Migrate data from cap_port_filter to vif_details
There was introduced a new column vif_details for ml2_port_binding table
and dropped cap_port_filter column. Data was lost during the migration
causing no data in vif_details.
This patch transforms data from cap_port_filter to vif_details column as
a part of db migration. MigrationContext.execute() calls underlaying
methods depending whether migration is online or offline therefore data
are migrated in offline migration too.
Include cisco plugin in migration plugins with ovs
Currently we have many migration files with missing cisco
plugin in migrate_plugin when ovs is included.This
causes missing tables when cisco plugin is enabled
and migration is run. This fix should automatically
include the cisco plugin if ovs is detected in the
migrate_plugins.
Rich Curran [Tue, 25 Mar 2014 14:56:46 +0000 (10:56 -0400)]
ML2 Cisco Nexus MD: Remove workaround for bug 1276395
Before bug 1276395 was merged the delete_port_postcommit() mechanism
drivers did not have access to the bound_segment information that was
in the process of being deleted.
Code was added to the cisco_nexus md to workaround this issue.
This code can now be removed.
Maru Newby [Wed, 26 Feb 2014 13:09:42 +0000 (13:09 +0000)]
Add script to migrate ovs or lb db to ml2 db
This script migrates an ovs or lb database to work with ml2.
The script's docstring provides details as to how it is intended to
work.
I've tested this manually on a trivial deployment, and would like
to add support for testing the migration with grenade. However,
that will have to wait until grenade support for neutron has
merged.
Kyle Mestery [Mon, 24 Mar 2014 03:31:30 +0000 (03:31 +0000)]
Correct OVS VXLAN version check
Update the version checking logic used to determine if the combination of
Linux kernel, OVS userspace, and OVS kernel module can properly support
VXLAN.
Tested on Ubuntu 14.04 without the OVS DKMS module.