sridhargaddam [Wed, 5 Aug 2015 10:49:33 +0000 (10:49 +0000)]
Avoid dhcp_release for ipv6 addresses
dhcp_release is only supported for IPv4 addresses [1] and not for
IPv6 addresses [2]. There will be no effect when it is called with
IPv6 address. This patch adds a corresponding note and avoids calling
dhcp_release for IPv6 addresses.
Henry Gessau [Tue, 4 Aug 2015 03:30:34 +0000 (23:30 -0400)]
Consistent layout and headings for devref
The lack of convention for heading levels among the independently
written devref documents was starting to make the Table of Contents
look rather messy when rendered in HTML.
This patch does not cover the "Neutron Internals" section since its
layout is reasonably OK for now.
Oleg Bondarev [Fri, 7 Aug 2015 16:56:13 +0000 (19:56 +0300)]
Do not delete fip namespace during l3 dvr agent resync
This was introduced by commit 46608806aa7a9c60214e28429ca5a8b87b2a15de
which didn't take into account that fip namespace name is composed
from external network id rather than router id.
The fix is to ensure fip namespaces for the known routers are kept
by namespace manager on agent resync.
Kevin Benton [Thu, 30 Jul 2015 00:28:50 +0000 (17:28 -0700)]
Validate interface_mappings on Linux bridge init
Verify that the interfaces actually exist that are defined in
interface_mappings on Linux bridge startup. If they do not, exit
immediately similar to how OVS handles incorrect bridge_mappings.
This prevents an unfriendly exception in the rpc setup routine.
Initialize ancillary_port_info dict as blank in OVS agent
The first assignment of ancillary_port_info was from the scan_ancillary_ports
function which could result in an exception and result in ancillary_port_info
being unbound for the port stats scan below.
This patch just initializes ancillary_port_info as an empty dict so the port
stats will always have an input.
Assaf Muller [Thu, 7 May 2015 06:02:59 +0000 (09:02 +0300)]
Enable fullstack multinode tests, add L3 HA test exemplar
* Created a 'resources' subdir and moved all fixture files
to it.
* Split ML2ConfigFixture to the server-side ml2 configuration
fixture, and the OVS agent configuration fixture.
* Neutron process logs were using H:M:S format as their file name,
but when starting multiple agents of the same type my machine
was fast enough to do that in the same second so that different
processes were outputting to the same log file. No good!
Added ms to the log name format. I also changed the log time
from UTC to local timezone.
* Renamed and moved 'FullstackFixture' to neutron/tests/fullstack/
resources/environment.Environment
* Added a 'Host' abstraction that groups agents that report with
the same 'host' value. Hosts may be interconnected by the
environment via shared bridges.
* The 'Environment' class will accept global
attributes (This will be later filled with stuff like tunneling,
l2pop or other environment-level flags), and in this patch accepts
a list of host attributes (Configuration that may differ between
hosts like the l3 agent mode [legacy, dvr, dvr_snat]).
* Made OVS agent and L3 agent fixtures expose their bridges
so that I could interconnect them.
* Added a super simple L3 HA test to show that this entire thing
works.
John Davidge [Thu, 16 Jul 2015 17:26:24 +0000 (18:26 +0100)]
DB, IPAM & RPC changes for IPv6 Prefix Delegation
This patch includes the DB, IPAM & RPC changes needed for the IPv6 Prefix
Delegation feature.
To enable this feature, the subnetpool_id attribute of subnets has been
modified to allow for a special subnetpool identifier - "prefix_delegation".
WORKFLOW:
1. Admin sets default_ipv6_subnet_pool in neutron.conf to "prefix_delegation"
2. User creates a new IPv6 subnet without a CIDR or subnetpool ID
3. User creates an interface between this subnet and a router with an existing
external interface
The agent-side changes will follow in separate patches.
A documentation patch is up for review here:
https://review.openstack.org/#/c/178739
Video guides for configuring and using this feature are available on
YouTube:
Cyril Roelandt [Wed, 5 Aug 2015 09:39:50 +0000 (11:39 +0200)]
Python 3: convert dict_keys object to list
This makes sure we use the same types in Python 2 and 3, prevents TypeErrors
from happening, and should have no performance impact since the the lists are
quite small anyway.
Henry Gessau [Wed, 5 Aug 2015 01:29:46 +0000 (21:29 -0400)]
Remove VPN from API tests
Change Idd5524ed0b602408be5a53830981a8ab974b390c removed the
VPN service from devstack installations in the gate, so now we
can no longer test VPN APIs from neutron. The tests will be
added to the vpnaas repo's API test suite.
Cyril Roelandt [Tue, 4 Aug 2015 12:27:48 +0000 (14:27 +0200)]
Python 3: fix test_ovs_tunnel
In Python 3, this happens:
>>> d = {}
>>> a = d.values()
>>> b = d.values()
>>> a == b
False
And anyway we're not really willing to pass dict_values objects around; we are
expecting lists, just like in Python 2, so let's just do the conversion.
Support subnetpool association to an address scope
This patch supports the following
- create a subnetpool with address scope
- update a subnetpool
- to associate with an address scope
- to change the association to another address scope
- to remove the association with the address scope
Also remove db retry from ml2 plugin delete_port()
as it's not needed once we retry at the API and RPC layers.
(there is already a unit test on this)
The patch also adds a unit test for checking deadlock
handling during port creation at API layer.
Though it's not directly related to the current fix,
I decided to leave it for regression preventing purposes.
Enable set DNS and DHCP log of dnsmasq for dhcp agent
Add a new configuration named 'dnsmasq_base_log_dir'
in dhcp_agent.ini.
This entry should be a path of log file. It should
like this:
dnsmasq_base_log_dir=/tmp
And the DNS and DHCP log will be written into the file
"/tmp/aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa/dhcp_dns_log".
The dir path will be created if the given path doesn't exists.
Install arp spoofing protection flow after setting port tag
when ovs-agent set a tag for a port, it will first remove all
flows on this port, because it should guarantee that no drop_port
flow installed by port_dead remains, so arp spoofing protection
flow must be installed after it.
Move 1c844d1677f7 expand migration to appropriate branch
Commit cb60d0bb4e0cc0cba68f59fdf5f4e89d6ec52950 added an expand
migration. Howewer it indicated a contract migration as its
ancestor (2a16083502f3). As a result the migration was treated
by alembic as a contract one, even if it was defined in the
'expand' directory.
This patch 'rebases' this migration on top of the expand branch
HEAD. This might impact trunk chasers which have already executed
migration 1c844d1677f7 as a part of the contract branch.
shihanzhang [Mon, 1 Jun 2015 08:17:37 +0000 (16:17 +0800)]
Fix ipset can't be destroyed when last rule is deleted
when it deletes a security group all rules, it should
include this sg information in RPC method
'security_group_info_for_devices', otherwise the ports
in this sg can't corrcectly update their iptables and
ipset sets.
Move away nested transaction from _ensure_default_security_group
This patch remove the nested transaction started in
_ensure_default_security_group, before calling create_security_group.
Instead, a nested transaction will be started inside
create_security_group.
The purpose of this change is to reduce the time period in which the db
transaction is open (to avoid races, db lock timeouts, etc), when creating
the default security-group.
OVSBridge was inheriting db_list from BaseOVS, which was
returning the information of all the ports on the machine,
not only the ones belonging to the bridge.
The OVSNeutronAgent was using that method with the assumption
that ports were filtered by bridge.
To avoid confusion, this patch add a new method to OVSBridge
get_ports_attributes to query the info for all the ports
belonging to the bridge.
db_list is removed from BaseOVS since that method is already
available in ovsdb/api.py
ovs_lib methods that use db_list are refactored accordingly.
Since this option is configured in the DEFAULT section of nsx.ini,
the name of the option clashes with that in the networking_l2gw repo.
Proposal is to prefix our option with "nsx_" to avoid such interference.
Unfortunately this module was not moved to openstack/vmware-nsx
during decomposition and therefore this patch is being proposed on
the neutron repository.
Sam Betts [Thu, 16 Jul 2015 13:08:59 +0000 (14:08 +0100)]
Fix order of calls in update_port
https://review.openstack.org/#/c/196908 introduced some extra logic to
do with DVR to update_port, however it changed the ordering of some of
the calls, this patch ensures that the calls that need to happen before
precommit happen in the right place.
Kevin Benton [Wed, 29 Jul 2015 23:32:43 +0000 (16:32 -0700)]
Check that VXLAN is not in use in LB VXLAN check
The Linux bridge VXLAN supported check was only checking that the
test interface didn't exist instead of checking that both the interface
and the VXLAN didn't exist. This caused it to fail on startup if
a VXLAN interface existed under a different name using one of the
VXLANs that the agent tried to test support with.
This patch adds a check to ensure that the VXLAN ID isn't in use as well.
Kevin Benton [Tue, 28 Jul 2015 23:15:34 +0000 (16:15 -0700)]
Initialize port_info dict as blank in OVS agent
The first assignment of port_info was from the scan_ports function
which could result in an exception and result in port_info being
unbound for the port stats scan below.
This patch just initializes port_info as an empty dict so the port
stats will always have an input.
Cedric Brandily [Thu, 28 May 2015 16:35:17 +0000 (18:35 +0200)]
Ensure non-overlapping cidrs in subnetpools with galera
This change enables galera support in _lock_subnetpool[1]. It uses an
update to disallow 2 transactions performing concurrent subnet
allocation in the same subnetpool to succeed: the 2 transactions will
conflict because they update the same row so the db (including Galera
multi-writer cluster) will discard the last transaction and
Controller.create[2] will catch and retry the "discarded" allocation.
This change adds the "hash" attribute in "subnetpools" table to enable
previous update.
John Kasperski [Thu, 30 Jul 2015 04:52:01 +0000 (23:52 -0500)]
Prevent update alloc pool over existing gateway ip
The gateway IP for a subnet is not allowed to be listed in the
allocation pool for that subnet. This restriction is checked and
enforced at subnet-create time.
During subnet-update, it is only partially checked. An
exception is returned if the update request tries to place the gateway
IP in an existing allocation pool OR if both gateway and allocation
pool are being changed and the gateway is located in the new pool.
If only the allocation pool is being updated, no check is made to
verify that the new allocation pool does not contain the existing
gateway IP.
Code Review / openstack-build / neutron-build.git / log