Sam Betts [Fri, 5 Sep 2014 15:16:01 +0000 (16:16 +0100)]
Remove second call to get_subnets in delete_subnet
delete_subnet made calls to both get_subnet and _get_subnet,
get_subnet uses _get_subnet so multiple database requests were being
made, this patch removes the call to get_subnet and directly calls
_make_subnet_dict using the result of _get_subnet
Changes to support FWaaS in a DVR based environment
Implementation of Spec to address the changes required for FWaaS
to work with DVR to handle:
* Perimeter Firewall support on N - S traffic
* Ensure that E - W DVR traffic is not broken.
Michael Smith [Tue, 2 Sep 2014 17:07:04 +0000 (17:07 +0000)]
Call unbind_snat_servicenode from schedule router
Refactor to move the call to plugin.unbind_snat_servicenode from
schedule_snat_router to _schedule_router. This is a move to pave the
way for removing hints from schedule router.
Factory method provided by the library should be used to create a server
object. This allows to change servers internal implementation without
touching end users.
Also removed custom dispatcher. Its only purpose was to log messages.
If logging is configured accordingly all incoming messages will be
logged from oslo/messaging/_drivers/amqpdriver.py [1]
Michael Smith [Tue, 2 Sep 2014 17:05:12 +0000 (17:05 +0000)]
Remove subnet_id from check_ports_exist_on_l3agent
Refactor check_ports_exist_on_l3agent so that subnet_id no longer
needs to be passed. Instead it calls get_subnet_ids_on_router. This
helps to pave the way for removing hints from schedule router.
Fix AttributeError when setting external gateway on DVR router
DVR routers will have this manager initialized only after one
or more subnets have been attached to the router. To address
the issue, make sure the manager is defined and handle the snat
rules appropriately.
This patch also makes _update_arp_entry more defensive; this is
because the arp update process can be affected by the same issue:
the router may not have internal ports at the time the request
come in. This is likely when VM's port creation and router
configuration overlap slightly.
rajeev [Fri, 22 Aug 2014 22:54:46 +0000 (18:54 -0400)]
Stop tracking connections in DVR FIP Namespace
For DVR, connections to external network using floating IPs do not
need to be tracked in FIP namespace because they are being
already tracked in router namespace.
This fix adds iptable rules to not track connections.
Avoid testing code duplication which introduced testing bugs
SecurityGroupAgentEnhancedRpcTestCase duplicated code in
SecurityGroupAgentRpcTestCase setUp, also
TestSecurityGroupAgentEnhancedRpcWithIptables duplicated
code from TestSecurityGroupAgentWithIptables setUp()
introducing bugs by improper initialization, like a missing
self.iptables.use_ipv6 = True
which in combination with tests.unit.test_ipv6.TestIsEnabled
produced inconsistent testing results.
Kevin Benton [Fri, 5 Sep 2014 04:55:47 +0000 (21:55 -0700)]
Reset IPv6 detection flag after IPv6 tests
Resets a module level flag that was being left in the
state that the previous test set it to. This was causing
unrelated tests to fail if the last state was left disabled.
John Schwarz [Thu, 4 Sep 2014 11:11:26 +0000 (14:11 +0300)]
Revert "Skip functional l3 agent test"
This reverts commit 0918ce91e5af5100ee3a4fcd6861741c4f00ac41. The
specified commit skipped a test which caused non-deterministic gate
failures, but the actual reason for the failures was found and fixed
so the skip is no longer needed.
John Schwarz [Thu, 4 Sep 2014 08:34:29 +0000 (11:34 +0300)]
Fix leftover Timeout effecting most eventlet calls
When registering a new eventlet.timeout.Timeout object, eventlet
automatically starts a timer for most (if not all) future eventlet
calls. Normally, eventlet codes do not hold a timeout unless such a
timeout is used or a specific timeout length is specified through
the API, but once a Timeout object is initialized, it is left there
unless canceled.
This change fixes an un-canceled Timeout which causes some
functional tests to fail, reintroduces a fix for bug #1358206,
which was written prior to discovering the uncanceled timeout, and
increases the timeout of a test that depended on this timeout.
ofagent: Remove @author tags and update copyright notices
When writing these modules, ofagent team (kakuma, yamamoto) thought
that @author tag was OpenStack's style to represent authorships.
But it turned out to be wrong. Acutally there seems to be a consensus
not to use them. So, replace them back to the original Ryu-style
copyright notices.
Carl Baldwin [Tue, 2 Sep 2014 16:49:45 +0000 (16:49 +0000)]
Cleanup rename of get_compute_ports_on_host_by_subnet
A recent merge [1] renamed this method to remove "compute_" from the
name. Unfortunately, the rename was not done thoroughly. This patch
cleans that up. No bug is referenced since this is an obvious
ommission in a recent patch.
The reverted patch incorrectly ties with Keystone and should have never been
approved since the approved version only partially addressed review concerns.
This revert also ensure migration timeline integrity.
shihanzhang [Mon, 4 Aug 2014 08:44:31 +0000 (16:44 +0800)]
Refactor security group rpc call
Refactor rpc call of 'security_group_rules_for_devices' into
'security_group_info_for_devices' to reduce the response
message size and server side processing time. Includes
agent-side auto detection of rpc version, and fall back
to the old one.
Change-Id: If19be8579ca734a899cdd673c919eee8165aaa0e
Implements: blueprint security-group-rules-for-devices-rpc-call-refactor
DocImpact Co-Authored-By: Miguel Angel Ajo <mangelajo@redhat.com>
- It may relieve contention on DB access while
both servers and l3 agents are busy setting up
and syncing routers down respectively.
- It prevents accidental placement of namespaces
during the L3 sync_routers process, as auto
scheduling without taking into account the state
of the L3 agents, as well as the state of the
routers being processed, may overrule the placement
decision made during router operations.
when an interface is added to a router with gateway, the method
internal_network_added(..) incorrectly configures the IP address
of the new snat interface same as the IP address of the new
subnet interface.
Kevin Benton [Thu, 21 Aug 2014 16:12:15 +0000 (09:12 -0700)]
BSN: Bind external ports in ML2 driver
Add a binding capability to the Big Switch ML2 mechanism
driver to mark external ports as bound. Ports with the
owner type 'neutron:external_port' will be assigned to the first
VLAN segment available in the network. The port update operation
will then carry the HOST ID with the identifier to the backend
for the necessary fabric configuration.
Cedric Brandily [Tue, 26 Aug 2014 18:23:04 +0000 (20:23 +0200)]
Remove SELECT FOR UPDATE use in delete_firewall
SELECT FOR UPDATE expression, which is triggered with the use of the
SQLAlchemy Query object's with_lockmode('update') method, is
detrimental to performance and scalability of the database
performance code in Neutron due to the lock contention it produces.
SELECT FOR UPDATE can be entirely avoided in delete_firewall method
with the use of single-shot DELETE expressions.
Sayaji [Tue, 12 Aug 2014 01:16:12 +0000 (18:16 -0700)]
Implements sync mechanism between Neutron and Nuage VSD
This will sync resources between Neutron and VSD based on
the configuration parameters. "enable_sync" will enable/disable
the sync and "sync_interval" will control the time interval
between consecutive sync cycles.
YAMAMOTO Takashi [Thu, 14 Aug 2014 03:06:53 +0000 (12:06 +0900)]
ofagent: Enable local arp responder for TYPE_FLAT
handling TYPE_FLAT is particularly useful because,
as stated in README, a flat provider network is
the recommended way to provide public network connectivity
for ofagent.
Miguel Angel Ajo [Mon, 18 Aug 2014 10:59:32 +0000 (12:59 +0200)]
Implements ProcessMonitor to watch over external processes
This class takes care of all the spawned external processes,
taking the administrator configured action in the case of any
of the external processes die unexpectedly.
Kevin Benton [Mon, 1 Sep 2014 20:03:27 +0000 (13:03 -0700)]
Prevent SystemExits when running tests
Adds a check for SystemExit exceptions during tests
to convert them into a test failure rather than an exit.
Includes the traceback in the failure so the source of
the exit can be located.
Kevin Benton [Tue, 12 Aug 2014 21:04:24 +0000 (14:04 -0700)]
Big Switch: Separate L3 functions into L3 service
Separate the L3 functions from the core Big Switch
plugin into an L3 service plugin. This is will allow
the L3 functions to be used in ML2 deployments that
use the Big Switch ML2 driver.
Kevin Benton [Wed, 13 Aug 2014 02:02:51 +0000 (19:02 -0700)]
Big Switch: Bind IVS ports in ML2 driver
Add support to bind IVS ports in the Big Switch ML2
mechanism driver. The backend controller will be checked
to determine if a host is connected using the Indigo vswitch.
If so, the mechanism driver will mark it as bound since
it will be provisioned by the backend controller.
Code Review / openstack-build / neutron-build.git / log