Ann Kamyshnikova [Thu, 24 Apr 2014 11:34:45 +0000 (15:34 +0400)]
Fix incorrect usage of sa.String() type
In downgrade of 4eca4a84f08a_remove_ml2_cisco_cred_db migartion
there is a mistake in usage SQLAlchemy String type.
Used sa.string() instead of sa.String()
Jakub Libosvar [Fri, 18 Apr 2014 13:31:55 +0000 (15:31 +0200)]
Fix H302 violations in extensions package
H302 violation is reported by flake8 when importing separated objects from
modules instead of importing the whole module.
e.g. from package.module import function
function()
is changed to
from package import module
module.function()
If one quries NSX doing GET /ws.v1/lswitch/LS_UUID/lport and LS_UUID
is a UUID that does not exist in NSX. NSX raises a 404. If LS_UUID is *
NSX returns an empty result string. This patch fixes the fake_api_client
so that it's behavior is correct.
Carl Baldwin [Wed, 2 Apr 2014 16:53:33 +0000 (16:53 +0000)]
Replace loopingcall in notifier with a delayed send
The loopingcall thread here was started before processes fork and so
the thread stops working after the fork call. This is a problem that
will probably need to be worked out in the long run.
To ensure that this notifier works correctly in all processes, this
change replaces the persistent loopingcall thread with a thread
created on demand to delay and batch up notifications. The first
notification will trigger spawning the thread to wait to send it. Any
notifications that come in the meantime will notice that there is
already a thread waiting to send and will return without spawning.
jasonrad [Fri, 24 Jan 2014 20:43:24 +0000 (15:43 -0500)]
Add 2-leg configuration to Radware LBaaS Driver
Radware's load balancer currently supports three network interfaces.
Prior to this code addition, the configuration of those three
interfaces was: one interface for management, one for high
availability backup, and one for load balancing servers where the
IP that the outside world sees (VIP) and the IP that the servers
respond to (PIP) are identical.
This change adds a new "2-legged" configuration: one interface for
management, one interface for a VIP network, and one interface for the
PIP and the high availability backup network.
During VIP creation, the LBaaS driver detects if the incoming
configuration is "2-legged" by comparing VIP and PIP networks. If they
are different it allocates a new port on the PIP network in order to
obtain an IP address for the PIP and names that port after its
associated VIP ID. vDirect is then directed to create a load balancer
with the PIP network also used as the HA network instead of using the
vDirect container's default HA network configuration.
During VIP deletion, the LBaas driver detects if a port for the PIP
had been previously allocated by searching for and deleting port names
that map to the VIP ID.
allow delete_port to work when there are multiple floating ips
It is possible to associate multiple floating ip addresses with a single
port through the use of multiple *fixed* ip addresses, e.g.:
nova boot ... --nic net-id=my-net-id myserver
nova add-fixed-ip myserver my-net-id
nova add-floating-ip --fixed-address x.x.x.1 myserver y.y.y.y.1
nova add-floating-ip --fixed-address x.x.x.2 myserver y.y.y.y.2
In this situation, neutron.db.l3_db.disassociate_floatingips would throw
an exception:
Exception: Multiple floating IPs found for port <port-id>
This would prevent someone from deleting an instance that was associated
with multiple floating ips.
This patch corrects disassociate_floatingips so that it will
disassociate all floating ips associated with the port, allowing the
delete operation to proceed correctly.
Paul Ward [Fri, 18 Apr 2014 19:57:38 +0000 (14:57 -0500)]
Add nova_ca_certificates_file option to neutron
Previously, neutron had no way to pass a certificates file to the
novaclient. This change is to add that ability, similar to the way
you can pass a certificates file to neutronclient in nova.conf via
neturon_ca_certificates_file.
This forces the object to be ready ahead of accessing time.
The change in loading behavior is also beneficial while listing
routers, as reduces the amount of queries being issued. Tests
show a performance gain of 15-30% for router-list times.
netaddr<=0.7.10 raises ValueError instead of AddrFormatError
This patch is based on Aarons work for the Bug#1308675.
It ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
netaddr<=0.7.10 raises ValueError instead of AddrFormatError
This patch ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
Add a validation to ipv6_ra_mode and ipv6_address_mode with ip
version. An InvalidInput error is prompted when ipv6_ra_mode
or ipv6_address_mode is specified in subnet create and update
API and ip version is 4.
NSX: sync thread catches wrong exceptions on not found
Previously the sync code expected exc.NoResultFound to be raised if a
port/router/network was not found in the database. This is actually not the
correct exception raised. This error will only occur if an element is deleted
from the db right when the sync thead is run for a specific element.
If neutron sends a single event to nova and the server_uuid isn't found
in nova. The python-novaclient will raise a 404 error. This patch ensures
we explicitly catch that exception and use LOG.warning instead of LOG.exception
as this is not an error and can happen when deleting an instance if neutron
detects that the port_status goes down before the port is deleted because
nova first unplugs the vif and then deletes it from neutron.
marios [Fri, 29 Nov 2013 16:23:54 +0000 (18:23 +0200)]
Validate CIDR given as ip-prefix in security-group-rule-create
There was no validation for the provided ip prefix. This just adds
a simple parse using netaddr and explodes with appropriate message.
Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32).
Validation occurs at the attribute level (API model) as well as at
the db level, where the ethertype is validated against the ip_prefix
address type.
Unit test cases added - bad prefix, unmasked prefix and incorrect
ethertype. Also adds attribute test cases for the added
convert_ip_prefix_to_cidr method
Paul Michali [Fri, 4 Apr 2014 19:14:36 +0000 (19:14 +0000)]
Support enhancements to Cisco CSR VPN REST APIs
Incorporate latest enhancements and fixes in Cisco CSR router REST API
to the VPNaaS device driver and unit test cases. Primarily, is support in
the REST API for different IKE and IPSec encryption algorithms, name length
error handling, disable of anti replay window, and IKE keep alive.
Also includes minor typos and comment fixes mentioned in previous reviews.
Note: notest_cisco_csr_rest.py, which tests the CSR REST client, is not
part of the UT suite yet, pending resolution of httmock package inclusion
as test requirement.
There exist a case where deleting router from neutron without
deleting router-interface deletes router from VSD but not from neutron.
If router has an interface with subnet router deletion is not allowed.
Needs to precheck this condition before deleting router from
backend (VSD).
Shweta Patil [Thu, 13 Mar 2014 18:48:58 +0000 (11:48 -0700)]
Improved quota error message
Removed two negatives and showed a clear message when
tried to see quota of different tenants.
When a user who does not belong to a project tries to access the
quota of that project, the message that gets displayed is not clear.
In this change the user would understand the error more properly.
Itsuro Oda [Wed, 2 Apr 2014 04:24:42 +0000 (13:24 +0900)]
Add support for multiple RPC workers under Metaplugin
Metaplugin needs a fix to support multiple RPC workers properly
because a plugin which supports multiple RPC workers cannot
initialize RPC connections at plugin initialization.
Currently there is no validation in Security Group rules
when an ICMP rule is added with icmp code alone. A rule
is getting added but there is a mismatch between SG rules
and the corresponding iptables rule that is added.
This patch does the necessary validation on the input.
Sylvain Afchain [Tue, 7 Jan 2014 09:36:58 +0000 (10:36 +0100)]
Fix Metering doesn't respect the l3 agent binding
This patch fix the issue by changing the call to
find the plugin which handles the l3 which is now
the l3_router service plugin instead of the old mixin.
Also change the unit tests to use the l3 service plugin
instead of the l3 mixin and refactor the rpc callbacks
part.
Co-Authored-By: Ala Rezmerita <ala.rezmerita@cloudwatt.com>
Closes-bug: #1257354
Change-Id: Ide26f825005fa63cd3fcc75fa91fffb947e0be7a
DHCP agent should check interface is UP before adding route
The DHCP agent should check not only that an interface for
network's DHCP exists but also make sure that is UP before
adding a default route.
For this purpose a method "ensure_device_is_ready" was
added to ip_lib.
berlin [Fri, 11 Apr 2014 00:04:47 +0000 (08:04 +0800)]
Fix LBaaS Haproxy occurs error if no member is added
If no member is added and session_persistence.type=HTTP_COOKIE,
haproxy agent would not add cookie persistence option to the backend.
Closes-Bug: #1302283
Add functional tests to verify ovs_lib VXLAN detection
This commit adds a functional test to verify host VXLAN support. It compares
the results of this functional test with the logic in ovs_lib to ensure both
report the same values.
Paul Ward [Sat, 12 Apr 2014 15:18:18 +0000 (10:18 -0500)]
Add nova_api_insecure flag to neutron
Neutron did not have any way to allow SSL validation problems in the
novaclient similar to the way nova has the neutron_api_insecure flag.
This change adds the nova_api_insecure flag to the neutron config and
also passes it in the novaclient instantiation.
Code Review / openstack-build / neutron-build.git / log