John Davidge [Tue, 11 Aug 2015 12:55:51 +0000 (13:55 +0100)]
Fix _update_subnet_allocation_pools returning empty list
_update_subnet_allocation_pools was returning an empty list in all
cases due to trying to iterate over the same generator twice.
Generators cannot be iterated over multiple times.
This patch changes the generator into a list to fix this problem,
and alters the unit test so that this issue is exposed.
This patch is in preparation for the integration
of Ironic and Neutron. A new vnic_type is being
added so that ML2 drivers can filter for all
Ironic ports based upon match for 'baremetal'.
Nova/Ironic will set this vnic_type when issuing
port-create request to neutron.
(e.g. binding:vnic_type = 'baremetal' )
Fix scheduling of DVR routers to not stop scheduling once
csnat portion was scheduled. See bug report for failing
scenario.
This partially reverts
commit 3794b4a83e68041e24b715135f0ccf09a5631178
and fixes bug 1374473 by moving csnat scheduling
after general dvr router scheduling, so double binding does
not happen.
sridhargaddam [Wed, 5 Aug 2015 10:49:33 +0000 (10:49 +0000)]
Avoid dhcp_release for ipv6 addresses
dhcp_release is only supported for IPv4 addresses [1] and not for
IPv6 addresses [2]. There will be no effect when it is called with
IPv6 address. This patch adds a corresponding note and avoids calling
dhcp_release for IPv6 addresses.
Henry Gessau [Tue, 4 Aug 2015 03:30:34 +0000 (23:30 -0400)]
Consistent layout and headings for devref
The lack of convention for heading levels among the independently
written devref documents was starting to make the Table of Contents
look rather messy when rendered in HTML.
This patch does not cover the "Neutron Internals" section since its
layout is reasonably OK for now.
Oleg Bondarev [Fri, 7 Aug 2015 16:56:13 +0000 (19:56 +0300)]
Do not delete fip namespace during l3 dvr agent resync
This was introduced by commit 46608806aa7a9c60214e28429ca5a8b87b2a15de
which didn't take into account that fip namespace name is composed
from external network id rather than router id.
The fix is to ensure fip namespaces for the known routers are kept
by namespace manager on agent resync.
John Kasperski [Fri, 7 Aug 2015 14:15:33 +0000 (09:15 -0500)]
Validate updated allocation pool before using it
The allocation pool specified during subnet-update is being
used in gateway validation checks before the allocation pool
is ever validated. Errors indicating that the gateway IP is
invalid are returned when it is the allocation pool that is
actually in error.
Additional testing of the allocation pool is also being added
to the subnet-update unit tests.
Yalei Wang [Wed, 5 Aug 2015 17:03:20 +0000 (01:03 +0800)]
Pass the extension driver exception to plugin
The extension driver is intercepted by driver manager currently. It will
cover the errors/exceptions happened in extension drivers. The extension
process will continue even if preceding extension driver get a wrong/useless
extended result, or even no result.
This patch make process_[create|update]_<resource>() and
extend_<resource>_dict() methods return the exception, and log it with proper
level respectively, and also include a minor optimization for the
extend_<resource>_dict() methods.
leejian0612 [Wed, 5 Aug 2015 08:00:35 +0000 (16:00 +0800)]
Broadcast service port's arp in DVR
When creating VMs, DVR router will broadcast VM's arp details to all the
l3 agents hosting it. that enable dvr can forwarding networking traffic
in link layer, but when the port is attached to the service liking
lbaas, their arp will not be broadcast, so the dvr do not know its mac,
and will cause that vms in other subnet can not reach the service port
through the dvr router.
Kevin Benton [Thu, 30 Jul 2015 00:28:50 +0000 (17:28 -0700)]
Validate interface_mappings on Linux bridge init
Verify that the interfaces actually exist that are defined in
interface_mappings on Linux bridge startup. If they do not, exit
immediately similar to how OVS handles incorrect bridge_mappings.
This prevents an unfriendly exception in the rpc setup routine.
Initialize ancillary_port_info dict as blank in OVS agent
The first assignment of ancillary_port_info was from the scan_ancillary_ports
function which could result in an exception and result in ancillary_port_info
being unbound for the port stats scan below.
This patch just initializes ancillary_port_info as an empty dict so the port
stats will always have an input.
Assaf Muller [Thu, 7 May 2015 06:02:59 +0000 (09:02 +0300)]
Enable fullstack multinode tests, add L3 HA test exemplar
* Created a 'resources' subdir and moved all fixture files
to it.
* Split ML2ConfigFixture to the server-side ml2 configuration
fixture, and the OVS agent configuration fixture.
* Neutron process logs were using H:M:S format as their file name,
but when starting multiple agents of the same type my machine
was fast enough to do that in the same second so that different
processes were outputting to the same log file. No good!
Added ms to the log name format. I also changed the log time
from UTC to local timezone.
* Renamed and moved 'FullstackFixture' to neutron/tests/fullstack/
resources/environment.Environment
* Added a 'Host' abstraction that groups agents that report with
the same 'host' value. Hosts may be interconnected by the
environment via shared bridges.
* The 'Environment' class will accept global
attributes (This will be later filled with stuff like tunneling,
l2pop or other environment-level flags), and in this patch accepts
a list of host attributes (Configuration that may differ between
hosts like the l3 agent mode [legacy, dvr, dvr_snat]).
* Made OVS agent and L3 agent fixtures expose their bridges
so that I could interconnect them.
* Added a super simple L3 HA test to show that this entire thing
works.
John Davidge [Thu, 16 Jul 2015 17:26:24 +0000 (18:26 +0100)]
DB, IPAM & RPC changes for IPv6 Prefix Delegation
This patch includes the DB, IPAM & RPC changes needed for the IPv6 Prefix
Delegation feature.
To enable this feature, the subnetpool_id attribute of subnets has been
modified to allow for a special subnetpool identifier - "prefix_delegation".
WORKFLOW:
1. Admin sets default_ipv6_subnet_pool in neutron.conf to "prefix_delegation"
2. User creates a new IPv6 subnet without a CIDR or subnetpool ID
3. User creates an interface between this subnet and a router with an existing
external interface
The agent-side changes will follow in separate patches.
A documentation patch is up for review here:
https://review.openstack.org/#/c/178739
Video guides for configuring and using this feature are available on
YouTube:
Cyril Roelandt [Wed, 5 Aug 2015 09:39:50 +0000 (11:39 +0200)]
Python 3: convert dict_keys object to list
This makes sure we use the same types in Python 2 and 3, prevents TypeErrors
from happening, and should have no performance impact since the the lists are
quite small anyway.
Henry Gessau [Wed, 5 Aug 2015 01:29:46 +0000 (21:29 -0400)]
Remove VPN from API tests
Change Idd5524ed0b602408be5a53830981a8ab974b390c removed the
VPN service from devstack installations in the gate, so now we
can no longer test VPN APIs from neutron. The tests will be
added to the vpnaas repo's API test suite.
Cyril Roelandt [Tue, 4 Aug 2015 12:27:48 +0000 (14:27 +0200)]
Python 3: fix test_ovs_tunnel
In Python 3, this happens:
>>> d = {}
>>> a = d.values()
>>> b = d.values()
>>> a == b
False
And anyway we're not really willing to pass dict_values objects around; we are
expecting lists, just like in Python 2, so let's just do the conversion.
Support subnetpool association to an address scope
This patch supports the following
- create a subnetpool with address scope
- update a subnetpool
- to associate with an address scope
- to change the association to another address scope
- to remove the association with the address scope
Also remove db retry from ml2 plugin delete_port()
as it's not needed once we retry at the API and RPC layers.
(there is already a unit test on this)
The patch also adds a unit test for checking deadlock
handling during port creation at API layer.
Though it's not directly related to the current fix,
I decided to leave it for regression preventing purposes.
Enable set DNS and DHCP log of dnsmasq for dhcp agent
Add a new configuration named 'dnsmasq_base_log_dir'
in dhcp_agent.ini.
This entry should be a path of log file. It should
like this:
dnsmasq_base_log_dir=/tmp
And the DNS and DHCP log will be written into the file
"/tmp/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/dhcp_dns_log".
The dir path will be created if the given path doesn't exists.
Install arp spoofing protection flow after setting port tag
when ovs-agent set a tag for a port, it will first remove all
flows on this port, because it should guarantee that no drop_port
flow installed by port_dead remains, so arp spoofing protection
flow must be installed after it.
Move 1c844d1677f7 expand migration to appropriate branch
Commit cb60d0bb4e0cc0cba68f59fdf5f4e89d6ec52950 added an expand
migration. Howewer it indicated a contract migration as its
ancestor (2a16083502f3). As a result the migration was treated
by alembic as a contract one, even if it was defined in the
'expand' directory.
This patch 'rebases' this migration on top of the expand branch
HEAD. This might impact trunk chasers which have already executed
migration 1c844d1677f7 as a part of the contract branch.
shihanzhang [Mon, 1 Jun 2015 08:17:37 +0000 (16:17 +0800)]
Fix ipset can't be destroyed when last rule is deleted
when it deletes a security group all rules, it should
include this sg information in RPC method
'security_group_info_for_devices', otherwise the ports
in this sg can't corrcectly update their iptables and
ipset sets.
Move away nested transaction from _ensure_default_security_group
This patch remove the nested transaction started in
_ensure_default_security_group, before calling create_security_group.
Instead, a nested transaction will be started inside
create_security_group.
The purpose of this change is to reduce the time period in which the db
transaction is open (to avoid races, db lock timeouts, etc), when creating
the default security-group.
OVSBridge was inheriting db_list from BaseOVS, which was
returning the information of all the ports on the machine,
not only the ones belonging to the bridge.
The OVSNeutronAgent was using that method with the assumption
that ports were filtered by bridge.
To avoid confusion, this patch add a new method to OVSBridge
get_ports_attributes to query the info for all the ports
belonging to the bridge.
db_list is removed from BaseOVS since that method is already
available in ovsdb/api.py
ovs_lib methods that use db_list are refactored accordingly.
Since this option is configured in the DEFAULT section of nsx.ini,
the name of the option clashes with that in the networking_l2gw repo.
Proposal is to prefix our option with "nsx_" to avoid such interference.
Unfortunately this module was not moved to openstack/vmware-nsx
during decomposition and therefore this patch is being proposed on
the neutron repository.
Code Review / openstack-build / neutron-build.git / log