This patch adds a semaphore for serializing the delete port API
calls and update_port_status calls to avoid simultaneous
attempts to acquire SQL update locks on the port table from
the same thread pool.
This semaphore has been introduced to avoid undesired eventlet
yields which trigger 'lock wait timeout' errors in the DB backend;
it should have a negligible impact on the overall performance.
Akihiro Motoki [Wed, 19 Mar 2014 08:08:37 +0000 (17:08 +0900)]
NEC plugin: Honor Retry-After response from OFC
A backend OpenFlow controller nec plugin talks to can return
503 response with retry-after header when it is busy.
It is better to honor retry-after header to avoid unnecessary
user-visible errors due to temporary busy condition.
Kevin Benton [Tue, 4 Mar 2014 11:27:11 +0000 (03:27 -0800)]
Mock agent RPC for FWaaS tests to delete DB objs
This changes the firewall service unit tests to
mock the RPC calls from the firewall service to
the agent. This allows the tests to fake the
agent response RPC that removes the firewall
from the DB so the all of the other objects that
the firewall depends on can be deleted.
Kevin Benton [Tue, 18 Mar 2014 00:06:46 +0000 (17:06 -0700)]
Allow CIDRs with non-zero masked portions
Allow users to specify CIDRs with bits other
than zeros in the masked portion of the subnet.
e.g. 192.168.1.5/24 is accepted and converted
to 192.168.1.0/24.
Dane LeBlanc [Tue, 18 Mar 2014 16:37:33 +0000 (12:37 -0400)]
Cisco plugin fails with ParseError no elem found
When the Cisco nexus plugin is configured on DevStack, the tempest
Neutron API test test_port_list_filter_by_router_id fails with the
following error:
ParseError: no element found: line 1, column 0
The root cause is that the Cisco Nexus plugin model layer
is encapsulating each dictionary response from the OVS subplugin
into a list, whereas the WSGI layer is expecting a dictionary
response. The fix is not to encapsulate these responses into a list.
Kevin Benton [Tue, 18 Mar 2014 19:11:53 +0000 (12:11 -0700)]
ML2 BigSwitch: Don't modify parent context
Makes a copy of the port context before changing
it in preparation for the backend controller so
other drivers are not affected. Also removes a
UT that was exercising direct modification of VIF
details in the port context, which is not allowed
by the ML2 plugin.
Assaf Muller [Sun, 16 Mar 2014 11:01:18 +0000 (13:01 +0200)]
Change report_interval from 4 to 30, agent_down_time from 9 to 75
report_interval is how often an agent sends out a heartbeat to the
service. The Neutron service responds to these 'report_state' RPC
messages by updating the agent's heartbeat DB record.
The last heartbeat is then compared to the configured
agent_down_time to determine if the agent is up or down.
The agent's status is used when scheduling networks on DHCP
and L3 agents.
In the spirit of sane defaults suited for production, these values
should be bumped to reduce the load on the Neutron service
dramatically, freeing up CPU time to perform intensive operations.
Maru Newby [Fri, 14 Mar 2014 22:14:09 +0000 (22:14 +0000)]
Stop removing ip allocations on port delete
The _delete_port() method was manually removing related
IPAllocation instances despite the existence of a perfectly
good cascade deletion relationship in the model. This patch
puts an end to that nonsense and the potential for deadlock that
it represented.
Aaron Rosen [Thu, 13 Mar 2014 05:22:53 +0000 (22:22 -0700)]
NSX: Fix router-interface-delete returns 404 when router not in nsx
Previously, if one would run router-interface-delete and the router
was not found in NSX. Neutron would raise a 404 error and remove the interface
from the database. In this case it would be better if we did not raise
a 404 error as the caller shouldn't be aware that the backend is out of sync.
Dazhao [Wed, 13 Nov 2013 10:24:32 +0000 (18:24 +0800)]
Calculate stateless IPv6 address
In order to support stateless IPv6, neutron should calculate IPv6 address base
on IPv6 prefix and MAC address via EUI-64 specification. This change adds
common library to calculate IPv6 address.
Partially-implements bp ipv6-two-attributes Co-Authored-By: Xu Han Peng <xuhanp@cn.ibm.com>
Change-Id: I68ccbc42388ec760d6fead242e080822ca753913
Sean M. Collins [Thu, 30 Jan 2014 19:12:17 +0000 (14:12 -0500)]
Create new IPv6 attributes for Subnets
* Introduces two new optional attributes for Subnets:
* ipv6_ra_mode
* ipv6_address_mode
Both attributes accept the following values:
* dhcpv6-stateful
* dhcpv6-stateless
* slaac
In addition to these values, additional behaviors are specified for
when only one of the attributes is set. For example, a Neutron network
that uses a physical router as a gateway, that transmits ICMPv6 Router
Advertisement packets to configure hosts on the network will create
Neutron Subnets that have ipv6_ra_mode *not* set, and ipv6_address_mode
set to 'slaac' so that Neutron will calculate EUI64 addresses for
each port assigned to the subnet, and not spawn a Dnsmasq process.
These attributes maintain backwards compatability with the enable_dhcp
Subnet attribute, by requiring a subnet with these attributes to also
have enable_dhcp set to True.
DocImpact
Implements bp ipv6-two-attributes
Change-Id: I5b2313fff5dca1c16ff939fdc4397d7f95ba3ba5
Kevin Benton [Fri, 14 Mar 2014 19:15:18 +0000 (12:15 -0700)]
BigSwitch: Sync workaround for port del deadlock
Adds a synchronization barrier to the methods
that lock the port table to avoid the mysql
update-lock/eventlet-yield deadlock that occurs
with simultaneous port deletions.
NSX: Ensure gateway devices are usable after upgrade
The gateway device database migration upon an upgrade creates
gateway devices objects from references in network gateway
objects.
While these gateway devices are perfectly usable
in network gateways, they are not directly visible to tenants
and also cannot be updated to change details such as name,
connector type or ip as well as the client certificate.
This patch fixes the DB migration in order to ensure tenant
have access to gateway devices created after an upgrade.
This patch also modifies the l2 gateway nsxlib module to
ensure request bodies are correctly created even when not all
the attributes of a gateway device are specified.
Xuhan Peng [Fri, 7 Mar 2014 01:55:28 +0000 (20:55 -0500)]
Process ICMP type for iptables firewall
In current security group code, source_port_range_min
and source_port_range_max are used to specify icmp type
and code when security group rule protocol is icmp.
However, the code _port_arg in iptables_firewall called
by _convert_sgr_to_iptables_rules skips protocol icmp
when processing the arg. This happens to both ipv4 and
ipv6 icmp firewall rules.
This fix adds --icmp-type to iptables firewall rule when
icmp type is specified.
Li Ma [Sun, 16 Mar 2014 11:32:22 +0000 (04:32 -0700)]
ML2 plugin involves in agent_scheduler migration
In agent_scheduler migration script which creates
network-dhcp-binding table and router-l3-binding table,
ML2 plugin should be included in the plugin list.
Akihiro Motoki [Fri, 7 Mar 2014 06:58:46 +0000 (15:58 +0900)]
Avoid long transaction in plugin.delete_ports()
db_plugin.delete_ports() called plugin.delete_port() under
a transaction. It leads to long transaction if plugin.delete_port
talks with external systems. This commit changes each delete_port
outside of a transaction to avoid longer transaction.
plugin.delete_ports is now called by release_dhcp_ports and
dhcp-agent ports can be deleted separately, so this changes
does not break the existing behavior.
delete_ports is renamed to delete_ports_by_device_id
to clarify the usage of this method.
NEC plugin already has this change and it is no longer needed.
_do_side_effect helper method in test_db_plugin is renamed
to more self-descriptive name.
The workflow of creating a firewall when a router without any i/f is present in that tenant
causes a KeyError on the FWAgent. The issue occurs as such routers are present in the list of
routers returned by get_routers() but are not populated in the router_info dict. Adding a check
before accessing the dict to prevent the exception. When an i/f is added to such routers -
_router_added processing in the l3agent will populate the router_info dict and the FWAgent
also picks this up in that context.
NSX: fix intermetting UT failure on vshield test_router_create
Logstash shows this happened twice during the past 24 hours.
Let's be proactive and see if we can mitigate the random failure
by raising the poll time.
mathieu-rohon [Fri, 14 Mar 2014 09:17:55 +0000 (10:17 +0100)]
Send fdb remove message when a port is migrated
the fdb_remove rpc message is sent when the status
of the port goes to BUILD, that is when the new host
send a get_device_details which means that it owns
the migrated port. The fdb_add message will be sent
as soon as the new host send update_device_up
Aaron Rosen [Fri, 21 Feb 2014 00:18:11 +0000 (16:18 -0800)]
Notify nova when ports are ready
The following patch adds a callback from neutron to nova that notifies nova
when a port for an instance is *ready to be used*. After nova receives this
event it will then start the instance in a hope that when it comes up
its networking should be in working order.
NOTE: *ready to be used* currently means that a plugin changes the status
in the db associated with a port from:
NO_VALUE/PORT_STATUS_DOWN/PORT_STATUS_ACTIVE to ACTIVE/ERROR.
Neutron will then signal nova: network_vif_plugged:<status> where status
will either be 'completed' or 'failed' given the neutron port status.
Neutron also notifies nova when a port goes from status:
PORT_STATUS_ACTIVE to PORT_STATUS_DOWN and sends nova a network_vif_unplugged
event.
Currently this patch breaks multiregion support (i.e previously you could
back multiple nova regions by one neutron server) though now since neutron
needs to notify nova we'll need to add a way to determine which region a
given port is in.
For now the work around for this would be to set: notify_nova_port_active=False
in neutron to prevent neutron from sending the notification and setting:
vif_plugging_is_fatal=False in nova.conf. Doing this will keep the current
interaction where an instance will be booted without waiting for the network
to be ready.
Kill 'Skipping unknown group key: firewall_driver' log trace
This is done by trying to import the option first. If this
does not work, emit a warning instead as in most cases this is
harmless for a number of reasons: a) the service might not
even need the opt; b) if things do break down the line, we'll
see bigger traces; c) it's not gonna be long for this legacy
quantum/neutron stuff to be removed altogether.
Sean M. Collins [Sun, 9 Mar 2014 02:11:23 +0000 (21:11 -0500)]
API layer documentation
* Discuss the WSGI layer of Neutron
* Describe the startup code that creates the WSGI application
* Briefly discuss the URL routing and resource creation
Kevin Benton [Thu, 13 Mar 2014 00:47:28 +0000 (17:47 -0700)]
BigSwitch: Use eventlet.sleep in watchdog
Changes the consistency watchdog that runs
in the background to use eventlet.sleep instead
of time.sleep to avoid blocking other members of
the same pool.
Kevin Benton [Fri, 7 Mar 2014 19:30:45 +0000 (11:30 -0800)]
BigSwitch: Widen range of HTTPExceptions caught
In order to trigger a reconnect, the Big Switch
plugin was only checking for httplib.ImproperConnectionState
which doesn't include relevant exceptions that
indicate a reconnect is necessary. This patch
adjusts it to reconnect on any HTTPException.
Code Review / openstack-build / neutron-build.git / log