Allows user to invoke L3-agent in a way that limits the agent to
implementing only routers associated with a particular external network.
Thus, it is possible to have a deployment with multiple external networks,
since you can run one agent per external network.
Also makes l3-agent pay attention to router admin_state_up field.
Old behavior meant that any port with device owner starting with
"network:" would be auto-deleted when a network was deleted. We don't
want that behavior for floating IPs or external network gateways.
This provides a model where we explicitly list the set of owners that
should be auto-deleted.
- Also clean up NetworkInUse message to no longer mention 'attachment',
since that is API v1 terminology.
There was a KeyError in the case where we tried to throw an exception
to inform the user that a newly created floating ip could not be
associated with the requested port because they belonged to different
tenants.
In create/update_subnet(), IP address fields (cidr, gateway_ip, host_routes,
dns_nameserver) should be checked whether they are consistent with IP version
specified. IP version check for allocation_pools is already implemented,
so this commit adds IP version checks for other IP fields.
This patch adds 'local' as a new value for provider:network_type,
supported by the openvswitch and linuxbridge plugins. Networks of this
type provide connectivity through a bridge for VMs and agents local to
the host, but no external connectivity. They do not require
provider:physical_network or provider:segmentation_id values. These
local networks are intended mainly to support single-box
zero-configuration testing (including quantum gating), but may have
other uses as well.
For openvswitch, the new OVS.tenant_network_type configuration
variable selects what type of networks are allocated as tenant
(i.e. non-provider) networks. It defaults to 'local', but must be
changed to 'vlan' or 'gre' for openvswitch tenant networks to have
external connectivity. The default value is intended to support
single-box zero-configuration testing without any need to allocate
physical network resources or configure bridges, and without requiring
the operating system to support OVS GRE tunneling. It can also be set
to 'none' to completely disable creation of tenant networks.
For linuxbridge, the new VLANS.tenant_network_type configuration
variable works similarly, with a value of 'vlan' supporting tenant
networks with external connectivity.
With either plugin, administrators can create provider local networks
by specifying "--provider:network_type local". Additionally, with
openvswitch, provider GRE networks can now be created by specifying
"--provider:network_type gre --provider:segmentation_id <tunnel-id>".
A corresponding devstack patch is available at
https://review.openstack.org/#/c/12456/. With this patch, the
openvswitch and linuxbridge plugins are by default configured to
support only local networks. A set of shell variables, documented in
stack.sh, can be set in localrc to configure remote connectivity,
including bridges/interfaces available for provider networks.
The unit tests were calling a nonexistent assert_called() on the
mocks. This patch fixes the problem by using the correct assert for
checking that the mocked method was invoked.
Note: This patch does not fix the error in test_call_driver() because a
separate bug fix revises the test.
When attempting to create a flat network on a physical_network on
which a flat network is already allocated, the openvswitch and
linuxbridge plugins return a FlatNetworkInUse exception rather than a
VlanIdInUse exception referencing VLAN -1.
Brian Waldon [Thu, 6 Sep 2012 17:43:05 +0000 (10:43 -0700)]
Lower webob dep from v1.2.0 to v1.0.8
All other OpenStack projects expect webob v1.0.8 yet Quantum expects
v1.2.0. This discrepancy causes problems for certain projects that
can't actually support v1.2.0 yet. This patch aligns the required
version with that which the other OpenStack projects expect.
- adds admin-writable, world-readable router:external attribute to
the network object if L3 extension is loaded.
- prevents floating ips from being created unless network is external
- shortens L3 extensions alias from 'os-quantum-router' to 'router' to
make attribute extensions more readable.
WIP:
- Need to add policy logic so non-admin users can always see external
networks without requiring that these networks are shared (since VMs can
always create ports on shared networks, but provider may want to have
externals networks that VMs cannot directly plug into.
Random clean-up:
- prevent delete_network in plugins from implying it returns something
- modify extensions.py so that exceptions during calls to
get_extended_resources() will actually be logged if unexpected.
- unset executable bit on test_iptables_manager.py to make sure tox
actually runs it.
The original bug occurred because the set of subnet cidrs changed
without a restart of dnsmasq. As a result, dnsmasq would not respond
with offers for fixed_ips assigned in the unknown cidr ranges even when
the underlying host file had properly updated.
This patch addresses the bug by restarting dnsmasq when the set of
subnet cidrs changes. When the set does not change, it will reload the
options and allocations.
This patch adds specific filters for the ip command. The first filter
matches ip with any subcomand except netns exec. The second filter
matches "ip netns exec" and then relies on the caller (match_filter) to
verify the sub-command against the other filters. Matching the
subcommand separately allows for a single set of filter definitions that
work with and without namespaces.
Adds namespace clean up utility called quantum-netns-cleanup which can be used
to remove old namespaces.
The --force option can be used to remove all Quantum namespaces and any
remaining devices. The force option is should not be run on a live Quantum
systems. It is intended for cleaning up devstack a after running
unstack.sh (ideally this will be added to unstack.sh in the future).
Example cmd line when cleaning up a devstack install:
quantum-netns-cleanup --config-file /etc/quantum/quantum.conf \
--config-file /etc/quantum/dhcp_agent.ini --force
This patch also ensures that the local vlan mapping is updated correctly.
This was problematic in the event that the OVS agent would start and a port
was in administrative state down.
The fix follows the patch that was done on the DHCP agent to enable
the user to configure the usage of namespaces. In the event that
namspaces are disabled the agent is limited to running only one
router. The agent needs to define the router_id that is supported.
The process in this case is:
1. create router
2. start agent with router id
Previously, some netns commands were executed in the context of the
namespace defined in the wrapper. These commands should be be executed in
the root namespace for the most reliable results.
This is the 3rd and final patch for this bug. This patch alters ip allocation
recycling to honor lease expiration. Allocations that are in the
expiration wait state have null port_ids.
Bob Kukura [Fri, 31 Aug 2012 04:12:41 +0000 (00:12 -0400)]
expose openvswitch GRE tunnel_id via provider API
The provider:vlan_id extended attribute is renamed to
provider:segmentation_id, and the openvswitch plugin returns the
tunnel_id of GRE networks as this attribute.
- Rename provider:vlan_id to provider:segmentation_id.
- Use consts for providernet extension's attribute names
- Remove validation clause from provider:segmentation_id resource attribute map data.
- Validate provider:segmentation_id in linuxbridge and openvswitch plugins.
- Rename physical_id to segmentation_id in the openvswitch schema, plugin, and agent.
The bug noticed that an admin user could delete a port that stored
the underlying IP allocation for a floating IP. This patch prevents
the direction deletion of ports via the API for ports that are used as
router interfaces, router gateways, of for floating IPs.
Add a unit test to check such an invalid delete, and also updates
unit tests to avoid them tripping over the new checks.
siyingchun [Wed, 29 Aug 2012 01:22:26 +0000 (09:22 +0800)]
Modified code PEP8 warning.
*Find more than one space after keywords, then eat one.
*Make sure every continuation line is aligned with the first character after
the top parenthesis in the top line.
Bob Kukura [Wed, 15 Aug 2012 06:43:17 +0000 (02:43 -0400)]
Implementation of 2nd phase of provider extension for openswitch
Enhances openvswitch plugin to support flat networks and VLANs on
multiple physical networks via the provider extension. Implements
blueprint provider-networks.
See http://wiki.openstack.org/ConfigureOpenvswitch for
configuration and usage details.
A devstack patch to support the updated openvswitch configuration
variables is at https://review.openstack.org/#/c/11418/.
Summary: Copy/paste the essential parts of the rootwrap
mechanism from nova/cinder into quantum. This includes
the core changes to filter.py and wrapper.py which deal
with loading filters from files pointed to by
rootwrap.conf
Detailed changes:
Transliterate the old rootwrap/*-agent.py files to
new format, and put the results in etc/quantum/rootwrap.d
Delete the *-agent.py files.
Add conf to point to etc/quantum/rootwrap.d
Add a unit test cribbed from nova to exercise the filter
mechanism
Add a unit test to exercise the actual filtered execution
Note that as written, this patch does not set the default
execute mechanism (in the agent .ini files) to rootwrap,
leaves it as sudo. That can be done in a followon
change, or in distro specific packaging.
Note also that there is still work to do around finishing
and testing the filter specs themselves. We've decided
that that is out of scope for this patch.
Code Review / openstack-build / neutron-build.git / log