Gary Kotton [Sat, 20 Apr 2013 12:18:02 +0000 (12:18 +0000)]
Update to use OSLO db
This code implements the blueprint oslo-db-support
NOTES:
1. The new section is database (this is backward compatible
with DATABASE)
2. The sql_* are deprecated. They are also backward compatible.
3. Eventlets DB pool is no longer supported
Sergey Vilgelm [Mon, 24 Jun 2013 11:26:50 +0000 (15:26 +0400)]
Do not raise NEW exceptions
Raising NEW exception is bad practice, because we lose TraceBack.
So all places like:
except SomeException as e:
raise e
should be replaced by
except SomeException:
raise
If we are doing some other actions before reraising we should
store information about exception then do all actions and then
reraise it. This is caused by eventlet bug. It lost information
about exception if it switch threads.
Kevin Benton [Thu, 6 Jun 2013 21:40:45 +0000 (14:40 -0700)]
Adds support for router rules to Big Switch plugin
Implements: blueprint bsn-router-rules
Adds bigswitch plugin extension which adds 'rules' dictionary to router objects.
Adds validation code and database components to store router rules
Adds configuration option to plugin to set default router rules and max router rules
Adds unit tests to test all router rule functionality
Adds database migration for router rules tables
The Big Switch controller's Virtual Router implementation supports "routing rules"
which are of the form:
<source, destination, next-hop, action>
This extension aims to expose this abstraction via the Big Switch Quantum plugin.
These rules are applied at the router level, allowing tenants to control
communication between networks at a high level without requiring security policies.
(e.g. prevent servers in a publicly accessible subnet from communicating with
database servers).
- add old_health_monitor parameter to the method
- the method signature in abstract lbaas driver was also changed
to accept pool_id rather than an assoc object as driver only needs pool_id
Darren Birkett [Wed, 19 Jun 2013 12:37:02 +0000 (12:37 +0000)]
replace use of dhcp_lease_time with dhcp_lease_duration
Having 2 separate dhcp lease period flags (dhcp_lease_duration
used by the quantum db plugin, and dhcp_lease_time used by the
dnsmasq dhcp agent) means that you could potentially have different
lease periods being set, and used by different parts of the codebase.
It seems to me there is no real need to have 2 separate flags, so this
commit basically replaces references to dhcp_lease_time (which is used
by the dnsmasq dhcpagent) with dhcp_lease_duration. This way, there
is only one flag to set, and both the quantum db plugin and dnsmasq
dhcp agent will use the same lease period.
Make sure exceptions during policy checks are logged.
If the invocation of f bombs out, the policy check fails (i.e. returns
False), however it does not log the root cause, which makes very
difficult to understand why this is happening.
Carl Baldwin [Fri, 31 May 2013 20:44:14 +0000 (20:44 +0000)]
Adds default route to DHCP namespace for upstream name resolution.
Any time the DHCP server is updated this code will maintain a default
route in the DHCP namespace using the gateway_ip attribute of the
first DHCP-enabled IPV4 subnet in the list of subnets where gateway_ip
is not None. This strategy uses the same gateway ip that the DHCP
server hands to the VMs on the network.
Kevin Benton [Tue, 18 Jun 2013 19:10:07 +0000 (12:10 -0700)]
Always include tenant_id in port delete request
Quantum does not include the tenant_id in port objects for floating IP addresses.
However, the Big Switch backend requires the tenant_id in the port removal requests.
This looks up the correct tenant_id whenever it is missing in the port removal.
Note however, users can still use the uppercase section name for
backwards compatibility.
When we last attempted to do this, oslo.config-1.2.0 wasn't actually
being installed correctly so add a unit test which verifies that both
uppercase and lowercase section names work.
oslo.config-1.2.0 normalizes section names in config files to lowercase.
This means that simply by upgrading to oslo.config-1.2.0, users will now
be able to do e.g.
Anton Frolov [Fri, 14 Jun 2013 17:01:50 +0000 (21:01 +0400)]
Fix IP spoofing filter blocking all packets.
Implement IP spoofing filter by adding yet another chain to iptables
with RETURN rule for each of IP addresses assigned to port and DROP
rule at the end of the chain.
This patch simply guarantees default segmentation type and
id in gateway connection info for the 'connect' and 'disconnect'
actions are correctly set respectively to 'flat' and 0.
HenryVIII [Fri, 14 Jun 2013 00:03:20 +0000 (20:03 -0400)]
Remove unit tests that are no longer run.
A long time ago, quantum/tests/unit became the home for all unit
tests, but these ones in the Cisco plugin directory got left
behind. They have suffered bit-rot and need to be removed.
Also:
- Move the fake Nexus driver to new home.
- Filed new bugs to track the task of improving unit test coverage of
Cisco plugin code.
This patch implements the following changes:
* merge lbaas_plugin.py and plugin.py into 'plugin.py'
After that the default 'reference' implementation is available again.
* move all code related to reference implementation from plugin.py to
drivers/haproxy/plugin_driver.py
* Inherit HaproxyOnHostPluginDriver from abstract driver and implement
its interface.
* modify tests accordingly
Akihiro MOTOKI [Wed, 12 Jun 2013 08:18:55 +0000 (17:18 +0900)]
Ensure to remove auto delete ports from OFC in NEC plugin
When deleting a network, dhcp ports are removed automatically
in db_plugin. This causes a failure network deletion since the
corresponding port exists on OFC and the network on OFC cannot
be deleted unless a subnet on the network is deleted explicitly.
This commit gets auto-delete ports and delete the corresponding
ports on the controller before deleting the network.
Kyle Mestery [Fri, 17 May 2013 20:04:19 +0000 (15:04 -0500)]
Add support for VXLAN to the Open vSwitch plugin.
This commit adds support for utilizing the VXLAN tunneling protocol in versions
of Open vSwitch >= 1.10. This is configurable and will default to GRE if not
configured. As part of this commit, it is possible to configure the UDP port
VXLAN will utilize as well. VXLAN and GRE cannot be configured at the same
time with this patch. 2 new configuration file options are added to the AGENT
section of the config to support this: 'tunnel_type' and 'vxlan_udp_port'.
In addition, the agent no longer makes use of enable_tunneling, as this can
be determined if tunnel_type is set.
Note: The VXLAN functionality utilized here is what is implemented in Open
vSwitch itself, and is different than the VXLAN functionality in the
upstream Linux kernel. The code validates both the userspace and kernel
pieces of OVS to verify if VXLAN functionality can be supported on the
running system
Zhongyue Luo [Tue, 14 May 2013 09:17:46 +0000 (17:17 +0800)]
Hide lock_prefix argument using synchronized_with_prefix()
The lockfile module has a new convenience API which sets the lockfile prefix.
Using this API, the prefix is not required everytime synchronized is used.
This enables for projects to have consistant prefixes on their lockfiles
Aaron Rosen [Wed, 5 Jun 2013 00:19:07 +0000 (17:19 -0700)]
Change lazy='dynamic' to 'joined' in models_v2
Previously several models were defined with lazy='dynamic'. This would
then cause Ports.fixed_ips (or w/e was specified as dynamic) to be defined
as a AppenderQuery object and when accessed would query for the result.
Therefore in get_ports() for example, when fixed_ips was accessed
in _make_port_dict() we would be issuing an addition query to the database
to lookup the fixed_ips information.
This patch changes update_port/subnet() so that it keeps track of what
changed so it does not have to query the db for values it should already
know about.
This patch also adds a unit test for update_subnet() adding host routes
where there was missing code coverage.
Code Review / openstack-build / neutron-build.git / log