Terry Wilson [Thu, 17 Apr 2014 01:48:04 +0000 (21:48 -0400)]
Remove run-time version checking for openvswitch features
The current method of checking openvswitch and kernel versions for
specific feature support is brittle, distro-specific and unsupportable.
This patch removes the runtime version checks and implements a test
script which allows testing specific neutron features or can test
that all features required by a specific configuration are available.
For example, to test VXLAN support in openvswitch, either:
neutron-sanity-check --ovs_vxlan
or pass in the deployed configuration files with AGENT/tunnel_types
containing 'vxlan', like:
Deployment tools can then test that the required features exist without
relying on version numbers and without incurring a penalty every time
the agent is started.
Pass object to policy when finding fields to strip
During the evaluation of fields to strip in responses to list
operations, pass also the first object in the list to the
policy engine.
This will avoid errors in policy evaluation if during
an upgrade from icehouse policy.json was not updated to remove
attribute-level policies dependent on resource values.
Christoph Arnold [Thu, 29 May 2014 14:17:30 +0000 (16:17 +0200)]
Neutron does not follow the RFC 3442 spec for DHCP
When setting a gateway and additional host routes in neutron subnet, the
gateway is only sent to clients via the router dhcp option, dhcp clients
conforming to rfc3442 will ignore router option if
classless-static-routes are available. This patch ensures setting both
the router option and the classless-static-routes including the gateway
Aaron Rosen [Sun, 1 Jun 2014 18:37:05 +0000 (11:37 -0700)]
LBaaS add missing rootwrap filter for route
If one runs the lbaas agent from packages and does not have the l3-agent
installed on the same box as the lbaas agent it will fail to add the
default gw route. This is because it's missing the rootwrap filter for
route which is only present in l3.filters.
Aaron Rosen [Fri, 30 May 2014 22:11:27 +0000 (15:11 -0700)]
NSX: Fix request_id in api_client to increment
Previously, the NSX request_id in the api_client would always be
0 because the current request id was stored in the class which is
always initialized on each request. This patch fixes that by storing
the request_id as a class variable.
Kevin Benton [Fri, 30 May 2014 03:59:00 +0000 (20:59 -0700)]
Remove function replacement with mock patch
In the hyperv unit tests, an rpc method is
manually replaced with a MagicMock using setattr.
This prevents it from being cleaned up by mock.patch.stopall.
This patch replaces it with a short-lived patch call
in a with statement.
Kevin Benton [Fri, 30 May 2014 03:49:48 +0000 (20:49 -0700)]
Remove unnecessary MagicMocks in cisco unit tests
Two patches that just return static data never have
assertions made on the MagicMocks generated. This
replaces the magicmocks with lambdas to make the code
easier to read and to get a minor performance gain.
Kyle Mestery [Thu, 29 May 2014 13:07:55 +0000 (13:07 +0000)]
Handle errors from run_ofctl() when dumping flows
The function dump_flows_for_table() calls run_ofctl(). If this occurs during an OVS
restart, run_ofctl() will return None. dump_flows_for_table() needs to realize this
and not try to call splitlines() on a None object.
Matt Riedemann [Thu, 29 May 2014 14:33:16 +0000 (07:33 -0700)]
Sync periodic_task from oslo-incubator
This is more or less to get commit c63fd5a from oslo into the core
projects which have several periodic tasks. Neutron has periodic tasks
for L3, load balancing and metering agents to sync up state with the
server and most don't have specific spacing values set which can lead to
non-deterministic spacing of when the tasks run.
Note that this does not include the gettextutils and log dependencies
since there are not functional changes in those modules needed for the
periodic_task changes synced in *and* more importantly, the changes
to gettextutils and log require pervasive changes to neutron which
should happen when neutron integrates with the oslo-i18n library for
blueprint i18n--messages.
Further note that this does not include jsonutils due to some
issues introduced with a change for python 2.6 that impacts how strings
are encoded with simplejson. The details for that issue are in bug 1314129. The jsonutils changes are not related to the periodic_task
changes being synced in so the dependency is not functionally required.
The LbaasAgentManager extends PeriodicTasks but wasn't calling the
parent class init function, which was causing failures since commit 47c9d60 changed PeriodicTasks to init _periodic_last_run, so also
fixed that here.
Changes:
c63fd5a Make unspecified periodic spaced tasks run on default interval f0dd798 Remove rendundant parentheses of cfg help strings fcf517d Update oslo log messages with translation domains 051b9f3 Refactor unnecessary arithmetic ops in periodic_task 674cdaf Refactor if logic in periodic_task b6b82c5 Use timestamp in periodic tasks 47c9d60 Don't share periodic_task instance data in a class attr 8b2b0b7 Use hacking import_exceptions for gettextutils._
Aaron Rosen [Tue, 27 May 2014 20:39:39 +0000 (13:39 -0700)]
Make linux.utils.execute log error on return codes
Previously, the execute method in neutron logs everything as debug which hides
a lot of extremely fatal errors like unable to apply security group rules!
This patch changes this code so that we log all non 0 returns as error.
berlin [Thu, 22 May 2014 07:42:25 +0000 (15:42 +0800)]
FWaaS plugin doesn't need to handle firewall rule del ops
If firewall rule is attached to firewall policy, it would raise
FirewallRuleInUse excpetion in DB ops, else it is a pure DB delete ops.
So it is useless to handle delete_firewall_rule ops in fwaas plugin.
Closes-Bug: #1322076
Kyle Mestery [Fri, 16 May 2014 04:21:32 +0000 (04:21 +0000)]
Reprogram flows when ovs-vswitchd restarts
When OVS is restarted, by default it will not reprogram flows which were
programmed. For the case of the OVS agent, this means a restart will cause
all traffic to be switched using the NORMAL action. This is undesirable for
a number of reasons, including obvious security reasons.
This change provides a way for the agent to check if a restart of ovs-vswitchd
has happened in the main agent loop. If a restart of ovs-vswitchd is detected,
the agent will run through the setup of the bridges on the host and reprogram
flows for all the ports connected.
DocImpact
This changes adds a new table (table 23) to the integration bridge, with a
single 'drop' flow. This is used to monitor OVS restarts and to reprogram
flows from the agent.
This is caused by a missing network_id in the port body.
This patch adds it so that a warning message can be traced
correctly. Wording is slightly tweaked to ensure it applies
to the right context.
Gary Kotton [Wed, 28 May 2014 13:37:16 +0000 (06:37 -0700)]
NSX: fix bug for flat provider network
The flat provider network would cause an exception when writing to
database. This is due to the fact that the DB expected an integer
and received an object instead.
Eugene Nikanorov [Tue, 27 May 2014 22:08:17 +0000 (02:08 +0400)]
Disallow regular user to update firewall's shared attribute
Shared firewalls should only be operable by admins.
Currently only admin can provide shared attribute at firewall creation,
so update_firewall should be consistent with that as well.
Erik Colnick [Tue, 6 May 2014 13:56:31 +0000 (07:56 -0600)]
Support 'infinite' dhcp_lease_duration
Process a dhcp_lease_duration value of -1 as 'infinite'
when setting the dnsmasq dhcp-range values to support
cases where it is undesirable for instance dhcp leases
to expire.
Akihiro Motoki [Tue, 27 May 2014 17:48:30 +0000 (02:48 +0900)]
NEC plugin: Bump L3RPC callback version to 1.1
update_floatingip_statuses RPC call implemented in Icehouse expects
RPC version 1.1 and RPC version of L3RpcCallback of other plugins
was bumped to 1.1, but the version of L3RpcCallback in NEC plugin
was not bumped to 1.1 yet.
Benedikt Trefzer [Mon, 26 May 2014 20:45:25 +0000 (22:45 +0200)]
fix openvswitch requirement check
With VXLAN enabled on openvswitch, neutron checks
module version of the openvswitch kernel module.
If the pattern to extract the version matches twice
(eg. for path and version) the agent dies.
This patch ensures, that only the version is checked
against the pattern.
This patchset fixes a couple of bugs wrt processing requests
before sending them to the backend controller and adjusts the
requests based on the controller requirements. It also corrects
typos, add quotas and changes the default for a configuration
parameter.
Change-Id: I4b64c2b49ff4854949afc1e54cba1057f376b058
Closes-Bug: #1311260
DocImpact: The default tenant type is chganged from OF to OVERLAY
berlin [Fri, 21 Mar 2014 06:15:43 +0000 (14:15 +0800)]
Add NVP advanced service check before deleting a router
Since NVP advanced services(LB/FW/VPN) are all routed inserted,
it is necessary to check service in use before deleting a router.
*If there is one service inserted into the router, it would raise
RouterInUseByXXService error when deleting the router.
ronak [Thu, 15 May 2014 14:38:43 +0000 (07:38 -0700)]
Extraroute extension support for nuage plugin
Nuage's VSP supports adding static-route to L3 Domain
which fits nicely with extraroute extension supported
by openstack's neutron. This set of change enables that.
Carl Baldwin [Thu, 24 Apr 2014 23:06:10 +0000 (23:06 +0000)]
Set onlink routes for all subnets on an external network
The addition of the on-link routes gives us some freedom to allocate a
router's IP address from any one of multiple subnets on one external
network. Different routers can get their IPs from different subnets and
they still have direct on-link connectivity to each other. For example,
one router with its primary IP from 10.0.0.0/24 and another from
192.168.0.0/24 can communicate directly. It is important that each
router has on-link routes to *all* of the subnets.
Any router can host floating ips from any of the subnets regardless of
which subnet the primary IP address comes from.
This is an alternative to the "Multiple floating IP pools" section in
the administration guide. It is a simpler alternative that avoids
having to create multiple external networks. It is also more flexible
because routers will no longer be restricted to getting floating IPs
from the pool to which they happen to be connected.
DocImpact
Document the procedure for adding subnets to the external network.
Potentially remove the existing procedure for "Multiple floating IP
pools" from the docs.
Arvind Somya [Thu, 13 Feb 2014 17:57:50 +0000 (09:57 -0800)]
Cisco APIC ML2 mechanism driver, part 2
This set of changes introduces a mechanism driver for the
Cisco APIC. This is the second and final part of a 2 part commit.
Please see the blueprint for more information.
The review is submitted in two parts:
- Part 1 (Posted earlier, required for Part 2)
o APIC REST Client
o APIC data model and migration script
o APIC configurations
- Part 2 (this commit)
o APIC mechanism driver
o APIC manager
Andreas Jaeger [Thu, 22 May 2014 16:48:04 +0000 (18:48 +0200)]
Remove all mostly untranslated PO files
We now only import PO files that are at least 75 % translated,
so we can delete now all other PO files. The patch only
removes the mostly untranslated files. Once a file becomes mostly
translated, the bot will import it again.
Code Review / openstack-build / neutron-build.git / log