Nachi Ueno [Fri, 11 Oct 2013 18:46:32 +0000 (11:46 -0700)]
Use L3 api from vpn ipsec driver via service plugin
VPNaaS and ML2 plugin won't work, because ML2 plugin
supports service version of L3.
In this commit, we modify ipsec driver to use L3 plugin.
This is also backward compatible change, because if L2 plugin
supports L3 get_service_plugin API returns L2 plugin.
Change-Id: I36e541bb2e3e1df2e01f73a74f3e9005af6c38b7
Note: Exsiting unit test covers this change
(cherry picked from commit 8eb573528551d4a74c146c9d171505f7d472bb6a)
Akihiro MOTOKI [Wed, 9 Oct 2013 10:50:35 +0000 (19:50 +0900)]
Fallback to Quota Conf Driver if Quotas table is not defined
commit de15e0b9c5 enabled Quota DB driver default considering
production environments, but it breaks plugins without per-tenant
quota extension. In these plugin quotas tables is not loaded.
This commit fallbacks to ConfDriver if Quota model is not loaded by
checking neutron.db.quota_db which defines Quota model is imported.
Bob Kukura [Thu, 3 Oct 2013 16:25:24 +0000 (12:25 -0400)]
Fix auto-deletion of ports when deleting subnets in ML2
When a subnet is deleted, certain ports referencing it are
auto-deleted. The implementation of NeutronDBPluginV2.delete_subnet()
does this at the DB level, so ML2's mechanism drivers were not being
called.
Ml2Plugin.delete_subnet() is changed to not use the base class's
method, and to auto-delete ports by calling its own delete_port()
method outside of the transaction. A loop avoids race conditions with
ports being asynchronously added to the subnet.
The logic in Ml2Plugin.delete_network() is also fixed to properly
handle auto-deleting ports and subnets, and debug logging is added to
the various delete methods.
ML2 plugin changes the port status to "build" when get_device_details
is called. For this reason, the port status must be updated once the
port details are processed.
Aaron Rosen [Tue, 8 Oct 2013 19:24:21 +0000 (12:24 -0700)]
Fix dhcp_release lease race condition
There is a possible race condition when delete or updating fixed_ips
on ports where an instance could renew its ip address again after
dhcp_release has already been executed. To fix this, the order of
reload_allocation and release_lease need to be switched. This way an
instance will not be able to renew it's ip address after it is
removed from the host file.
Bob Kukura [Fri, 4 Oct 2013 20:17:37 +0000 (16:17 -0400)]
Change rpc_support_old_agents default to False
Changes the rpc_support_old_agents config variable default value to
False, so that the vlan_id field (redundant with the segmentation_id
field) is no longer included in RPC messages from the linuxbridge and
mlnx plugins to their corresponding L2 agents. This can be set to True
if needed to support L2 agents older than midway through the havana
cycle.
Kevin Benton [Wed, 9 Oct 2013 06:02:20 +0000 (23:02 -0700)]
BigSwitch: correct net to backend on floating IP disassociation
The corrects the network that is updated on the backendw when a
floating IP is disassociated. It was incorrectly sending the
tenant's network when the update is to the external network the
floating address belongs to.
Dave Cahill [Fri, 27 Sep 2013 10:44:00 +0000 (10:44 +0000)]
Disassociate floating IPs from port on terminate
Bugfix - floating IPs were left associated after VM
was terminated. Now call disassociate_floatingips
within delete_port as in other networking plugins.
Add L3NatDBIntTestCase suite to cover the
floating IP disassociation case, and fix all failing
tests from that suite.
Add a route to reach the MD server when a subnet is created
When the first subnet is created, the dhcp port is created and
midonet plugin correctly adds the static route to reach the MD
server in create_port. When a second or following subnets are
created, a new ip is added to the dhcp port. This patch takes
care of adding the static route to correcly reach the MD server
in update_port. This fixes the problem of VMs not being able to
reach the MD if assigned to the second subnet
This patch adopts several measures to prevent _sync_routers_task
and _rpc_loop from hanging because of subprocess.Popen.communicate
not returning.
1) Perform a sleep everytime a command is completed, similarly to
what is done in openstack.common.processutils.execute
2) Disable by default GARP, as kernel crashes caused by arping
have been observed
3) Prevent a non-critical keyerror in _router_removed from triggering
again a full sync, which might put the system under significant load.
This patch also adds debug log statements aimed at improving the
ability of debugging similar failures.
Ralf Haferkamp [Thu, 29 Aug 2013 18:50:55 +0000 (20:50 +0200)]
Avoid race with udev during ovs agent startup
After taking down the veth link between the physical bridge and the integration
bridge call udevadm settle to wait for any udev events to be completely
processed by the operating system before recreating the veth pair.
Some distributions (e.g. openSUSE) have udev rules installed by default that
call e.g. ifdown <interface> during the remove event. If that is processed
after the ovs agent already brought up the veth pair again the veth pair's
link will be down after the agent completed startup and networking will be
broken for all VM instances.
Quota driver is now loaded in lazy mode, i.e. the driver is loaded
the first time the driver is accessed. This is to make unit tests
work. Some unit tests like extension test cases need to use Config
Quota driver (previous default) but QuotaEngine is initialized
when quota.py is imported. Thus the unit tests had no chance to
specify quota_driver.
Ben Nemec [Tue, 1 Oct 2013 23:15:23 +0000 (23:15 +0000)]
Disable lazy translation
Late in the Havana cycle bug 1225099 was found in the lazy
translation code, and to be safe it was decided to disable lazy
translation for Havana. This change does that.
Cisco plugin should check for switch - vlan bindings
This commit fixes the issue where the Cisco plugin tries to create a
vlan twice on a switch if the first create is not bound to a port.
Also fixes an issue where the plugin tried to untrunk vlans from
a port for SVI interfaces.
Should not add metadata filter rules if disable metadata proxy
The metadata filter rules should not be added into iptables if Neutron
metadata proxy is disabled.
This patchset fixes this issue by adding a condition when adding metadata
filter rules to iptables.
Bob Kukura [Fri, 27 Sep 2013 21:54:45 +0000 (17:54 -0400)]
Fix auto-deletion of ports and subnets in ML2
When a network is deleted, certain ports and any subnets referencing
it are auto-deleted. The implementation of
NeutronDBPluginV2.delete_network() does this at the DB level, so ML2's
mechanism drivers were not being called.
Ml2Plugin.delete_network() is changed to not use the base class's
method, and to auto-delete ports and subnets by calling its own
delete_port() and delete_subnet() methods outside of the
transaction. A loop avoids race conditions with ports or subnets being
asynchronously added to the network.
Fix to enable delete of firewall in PENDING_CREATE state
Firewall will in PENDING_CREATE state if there is no underlying router in the
tenant. When the router and an associated i/f is created then with a sequence
of msgs it is set to ACTIVE state by the plugin. If a delete is triggered when
in PENDING_CREATE state in such a situation, the msg was ignored - fixing this to
account for the fact that a delete makes sense in this situation so the agent
sends the appropriate msg back to the plugin so it can delete it.
Joe Mills [Tue, 24 Sep 2013 10:42:08 +0000 (10:42 +0000)]
Add host routes and dns nameservers to Midonet DHCP
In the Midonet plugin, the host routes and dns nameserver information
was not being passed down to the midonet client API. This fix addresses
this by passing down the correct information.
Kaiwei Fan [Fri, 27 Sep 2013 06:49:15 +0000 (23:49 -0700)]
Reverse the order of interface update and DNAT rule config
Configure DNAT rule first before adding floating ip address to interface
so advanced service router will not receive packets by accident before
DNAT rule configured.
Verified that traffic goes to the VM the created floating ip associated
with right after config.
IF both service neutron-l3-agent and neutron-server are up,
but no router id configured in /etc/neutron/l3_agent.ini, an
exception will be raised on DB as "DBError: IntegrityError",
because the variable router_ids has a default '' value that
doesn't match the DB grammar.
* Check router id is specified in _init_() of l3 when
not using namespace.
* Move part of checking config params actions to new function
_check_config_params()
* Add corresponding unit tests.
Redefine behavior for NvpAdvancedPlugin during network creation
When using the NvpAdvancedPlugin, *all* logical switches should
be created through VCNS. VCNS will then proxy the requests to
NVP. This patch implements such a behavior. This is achieved by
replacing the use of nvplib.create_lswitch with the one of the
vcns driver, as the remaining logic can be left as it is.
ZhiQiang Fan [Thu, 26 Sep 2013 16:10:50 +0000 (00:10 +0800)]
Pythonic method names for l3_agent unit tests
When review https://review.openstack.org/#/c/46863/, i find there
are some unconsistent method names in test_l3_agent.py, this patch
fixes this code style problem.
This patch adds an option for always synchronizing operational status
on a show operation; regardless of the synchronization thread, when
this option is enabled, the resource status is always fetched from
the backend.
The patch also fixes an issue observed when running test_nvp_sync
alone.
ZhiQiang Fan [Wed, 18 Sep 2013 17:53:44 +0000 (01:53 +0800)]
Ensure router exists when auto_schedule_routers
Currently, the auto_schedule_routers() accepts parameter router_ids,
which may contain invalid router ids, since we've already filtered
them via plugin.get_routers(), we can directly use that safe object.