rossella [Thu, 11 Jun 2015 08:43:36 +0000 (10:43 +0200)]
OVSNeutronAgent pass the config as parameter
Instead of using the global cfg.CONF, pass the config as parameter.
This is very useful to test the agent without having to override
the global config.
Dane LeBlanc [Tue, 24 Feb 2015 20:47:01 +0000 (15:47 -0500)]
Stop sending gratuitous arp when ip version is 6
This fix prevents calls to the arping utility for IPv6
addresses, thereby eliminating errors reported by arping
for IPv6 addresses.
The assumption is that NDP, DAD, and RAs are sufficient
for address resolution and duplicate address detection
for IPv6, and that unsolicited Neighbor Advertisements (NAs)
are not required for OpenStack services. If this turns out
not to be the case for some service/feature, then a separate
bug should be filed to add support for unsolicited NAs for
that service.
Kevin Benton [Thu, 11 Jun 2015 04:45:41 +0000 (21:45 -0700)]
power grab
The current core reviewers hierarchy didn't have a place for the
parts of ML2 that weren't related to agent communication. For now
we can put all of ML2 under the built-in control-plane until we
decide it needs to be put somewhere else.
Cedric Brandily [Mon, 1 Jun 2015 20:29:39 +0000 (22:29 +0200)]
Ensure no "agent" functional tests are skipped in the gate
Some "agent" functional tests[1] can be skipped if some requirements are
not satisfied in order to allow developers to run functional tests on
various environments. These tests should not be skipped in the gate.
This change defines the decorator no_skip_on_missing_deps[2] to ensure
no "agent" functional tests are skipped in the gate. More precisely
no_skip_on_missing_deps transforms a skipTest into an error in:
* dsvm-functional and dsvm-fullstack jobs,
* functional and fullstack jobs when OS_FAIL_ON_MISSING_DEPS is
evaluated as True.
The change enlarges OS_FAIL_ON_MISSING_DEPS environment variable scope
(ie: missing dependencies + system requirements).
[1] in neutron.tests.functional
[2] in neutron.tests.common.base
Ihar Hrachyshka [Wed, 10 Jun 2015 11:10:54 +0000 (13:10 +0200)]
Actually allow to pass TRACE_FAILONLY to ostestr
The comment below suggests to use TRACE_FAILONLY to fail quickly when
running unit tests, while tox 2.0 does not allow to pass envvars from
the cli caller unless they are explicitly mentioned in passenv=
directive.
Jeremy Stanley [Wed, 20 May 2015 01:03:59 +0000 (01:03 +0000)]
Switch from MySQL-python to PyMySQL
As discussed in the Liberty Design Summit "Moving apps to Python 3"
cross-project workshop, the way forward in the near future is to
switch to the pure-python PyMySQL library as a default.
Jeremy Stanley [Tue, 9 Jun 2015 17:47:59 +0000 (17:47 +0000)]
Merge tag '2015.1.0'
This is a null-merge of the 2015.1.0 release tag back into the master
branch so that the 2015.1.0 tag will appear in the git commit history of
the master branch. It contains no actual changes to the master branch,
regardless of how our code review system's UI represents it. Please
ask in #openstack-infra if you have any questions, and otherwise try
to merge this as quickly as possible to avoid later conflicts on the
master branch.
Romil Gupta [Thu, 4 Jun 2015 11:21:14 +0000 (04:21 -0700)]
Fix a regression in "Separate ovs-ofctl using code as a driver" change
The tunnels are not getting established between Network Node and
Compute Nodes in non DVR mode with l2pop enabled and throws
the AttributeError: add_tunnel_port.
This fixes a regression in change Ie1224f8a1c17268cd7d1c474ed82fdfb8852eaa8.
Elena Ezhova [Tue, 7 Apr 2015 11:58:13 +0000 (14:58 +0300)]
Handle SIGHUP: neutron-server (multiprocess) and metadata agent
All launchers implemented in common.service require each service to
implement reset method because it is called in case a process
receives a SIGHUP.
This change adds the reset method to neutron.service.RpcWorker and
neutron.wsgi.WorkerService which are used to wrap rpc and api
workers correspondingly.
Now neutron-server running in multiprocess mode (api_workers > 0 and
rpc_workers > 0) and metadata agent don't die on receiving SIGHUP and support
reloading policy_path and logging options in config.
Note that reset is called only in case a service is running in daemon mode.
Other changes made in the scope of this patch that need to be mentioned:
* Don't empty self._servers list in RpcWorker's stop method
When a service is restarted all services are gracefully shutdowned,
resetted and started again (see openstack.common.service code).
As graceful shutdown implies calling service.stop() and then
service.wait() we don't want to clean self._servers list because
it would be impossible to wait for them to stop processing
requests and cleaning up their resources.
Otherwise, this would lead to problems with rpc after starting
the rpc server again.
* Create a duplicate socket each time WorkerService starts
When api worker is stopped it kills the eventlet wsgi server
which internally closes the wsgi server socket object. This server
socket object becomes not usable which leads to "Bad file
descriptor" errors on service restart.
Ihar Hrachyshka [Tue, 9 Jun 2015 10:46:54 +0000 (12:46 +0200)]
Make pep8 job succeed when /etc/neutron/neutron.conf is not installed
Currently, if /etc/neutron/neutron.conf is not installed in the system,
neutron-db-manage fails in oslo.config code when trying to determine the
default configuration file to use.
Test job should not rely on any contents inside /etc/.
Instead, pass --config-file with test-only configuration explicitly into
the utility.
neutron.conf.test was renamed into neutron.conf since for some reason
oslo.config does not support a name that does not have .conf at its
filename end.
Add a comment on _check_update_has_security_groups
Despite of its name, _check_update_has_security_groups can
handle create requests as well. There are plugins actually
using it for create. eg. ml2, vmware
Ihar Hrachyshka [Tue, 9 Jun 2015 08:57:29 +0000 (10:57 +0200)]
Enable all deprecation warnings for test runs
We would like to catch all deprecation warnings during test runs to be
notified in advance about potential problems with next library releases
we depend on.
get_admin_roles was introduced so that contextes generated from
within plugins could be used for policy checks. This was the case
up to the Havana release as several plugins invoked the policy
engine directly to authorize requests.
This was an incorrect behaviour and has now been fixed, meaning
that get_admin_roles is no longer need and can be safely removed.
This will result in a leaner and more reliable codebase. Indeed the
function being removed here was the cause of several bugs where the
policy engine was initialized too early in the server bootstrap
process.
While this patch removes the feature it does not remove the
load_admin_roles parameter from context.get_admin_context. Doing so
will break other projects such as neutron-lbaas. The parameter is
deprecated by this patch and an appropriate warning emitted.
As a consequence neutron's will now no longer perform policy checks
when context.is_admin=True. This flag is instead set either when
a context is explicitly created for granting admin privileges, or
when Neutron is operating in noauth mode. In the latter case every
request is treated by neutron as an admin request, and get_admin_roles
is simply ensuring the appropriate roles get pushed into the context
so that the policy engine will grant admin rights to the request.
This behaviour is probably just a waste of resource; also it is not
adding anything from a security perspective.
On the other hand not performing checks when context.is_admin is
True should not pose a security threat either in noauth mode or
with the keystone middleware. In the former case the software keeps
operating assuming admin rights for every requests, whereas in the
latter case the keystone middleware will always supply a context
with the appropriate roles, and there is no way for an attacker
to trick keystonemiddleware into generating a context for which
is_admin=True.
Finally, this patch also does some non-trivial changes in test_l3.py
as some tests were mocking context.to_dict ignoring the is_admin flag.
Kevin Benton [Thu, 4 Jun 2015 02:03:29 +0000 (19:03 -0700)]
Defer segment lookup in NetworkContext object
Avoid call to get network segments for network context objects until
a caller actually tries to lookup the segments. This optimizes cases
where the user of a port context never looks at the segments of the
associated network context (e.g. update_port_status).
shihanzhang [Tue, 26 May 2015 08:42:44 +0000 (16:42 +0800)]
Update ipset members when corresponding sg member is empty
if a security group has a rule with 'remote-group-id', the ports
in this security group should update its relevant ipset member
when the remote-group members is empty.
Send 'security_groups_member_updated' when port changes
With ml2 plugin, when a port's IP or security group changes, it
should send 'security_groups_member_updated' message to other l2
agents which have same security group with this changed port.
Assaf Muller [Sat, 6 Jun 2015 22:41:39 +0000 (18:41 -0400)]
Remove full stack log noise
"neutron-server isn't up yet" logs are useless because if
you time out when waiting for the server to start that information
will be in the trace. When you don't time out, the log is just spam.
Same reasoning for the "There are %d agents running!" log.
Also made the agents_count parameter mandatory for the
wait_until_env_is_up method because having a default of 0, or any
other default makes no sense. There's no reason to ever call that
method without specifying the agents_count. This method used
to be used with agents_count == 0 by the server to make sure
its up (And responding to REST calls), but the Neutron server
fixture now uses server_is_live method (Which calls list_networks)
instead.
Stephen Ma [Thu, 4 Jun 2015 20:09:23 +0000 (20:09 +0000)]
L3 agent should do report state before full sync at start
Sometimes the AgentNotFoundByTypeHost exception is reported during
L3-agent startup. The exception is generated when the first
get_routers RPC call is made. When the neutron server gets this
RPC call, it might not have handled the report state RPC call yet.
So the L3-agent hasn't been registered in the API server.
The result is a RPC Error exception. By the time the next
get_routers RPC call is made, the report state RPC call has already
been done and agent registered.
This patch modifies the L3 agent startup behavior to have the report
state done before the agent do the sync routers RPC call.
Cedric Brandily [Wed, 6 May 2015 20:40:39 +0000 (22:40 +0200)]
Clean only floating-ip related connection states
Currently init_l3 deletes connection states related to ALL ips deleted
in init_l3 but it's required only when floating-ips are deleted[1].
This change deletes only connection states related to floating-ips
deleted in init_l3 ... it avoids to delete connection states in dhcp
agents and on router internal ports!
[1] look at change Ia9bd7ae243a0859dcb97e2fa939f7d16f9c2456c
Carl Baldwin [Thu, 4 Jun 2015 22:25:44 +0000 (22:25 +0000)]
Refactor awkward logic in setup_dhcp_port
I noticed this logic as I was reviewing another patch set [1]. I
didn't like removing subnet ids from dhcp_enabled_subnet_ids and I
wasn't too keen on the ips_need_removal semantics that were kind of
forced by the existing structure of the code. I hope you find this
alternative much clearer. I like straight-forward code with less
indentation that doesn't use awkward booleans like ips_needs_removal.
Code Review / openstack-build / neutron-build.git / log