Kyle Mestery [Mon, 26 Jan 2015 15:12:31 +0000 (15:12 +0000)]
Add abandon script from nova
This adds the abandon_old_reviews.sh from the nova repository into
Neutron. This is handy for cleaning up the neutron review queues
by abandoning stale reviews stuck in the queue with a helpful
message.
Terry Wilson [Tue, 23 Dec 2014 20:49:15 +0000 (13:49 -0700)]
Add OVSDB abstract API
Abstract all existing run_vsctl calls to an abstract OVSDB API.
This will allow the future addition of a native OVSDB protocol
implementation of the API without breaking backward compatibility.
Jakub Libosvar [Fri, 3 Oct 2014 16:31:10 +0000 (18:31 +0200)]
Add functional tests for IptablesManager using tcp/udp
This commit adds tests for filter table using tcp and udp protocols.
Part of it is a NetcatTester class providing ability to test connection
between two veth pairs in namespaces.
Ihar Hrachyshka [Tue, 20 Jan 2015 14:18:36 +0000 (15:18 +0100)]
dhcp: move dnsmasq version check to sanity_check
We should avoid checking version numbers in runtime. In that way, we may
break some existing setups by minimal version bumps that are often not
critical for operation. One example is a recent version bump to support
IPv6 DHCP stateful address assignment mode. Even though old dnsmasq
version made this particular mode to fail to assign addresses to
instances, other IPv6 modes, and, even more importantly, all IPv4
networks continued to operate with no issues.
So let's move the fatal check from DHCP agent into sanity_check tool to
avoid potential breakages on neutron update.
In ideal world, we would make the check smarter. Since current version
cap is due to missing hwaddr matching for IPv6 clients for old dnsmasq
versions, we could preconfigure and start up dnsmasq server in a
namespace, and request a IPv6 lease from it. That would require a DHCP
IPv6 client installed though, and I'm not sure we can always expect it
to be present, so leaving it as-is for now.
Since DHCP drivers are pluggable, we cannot drop check_version method
from DhcpBase to support other drivers that may live in the wild.
Note: we could mark the method as deprecated if we really want to get
rid of it.
Russell Bryant [Fri, 23 Jan 2015 18:52:10 +0000 (13:52 -0500)]
Use DVRServerRpcApi instead of a mixin
Replace DVRServerRpcApiMixin with a standalone rpc client class,
DVRServerRpcApi. Also convert the one user of this code (the ovs
agent) to use it. This is a prerequisite to being able to put this
rpc interface into a messaging namespace.
Russell Bryant [Thu, 22 Jan 2015 20:03:19 +0000 (15:03 -0500)]
Scope secgroup rpc api using a messaging namespace
This patch scopes the agent to plugin security group rpc interface
using a messaging namespace. Right now some plugins expose several
interfaces via the default namespace. This effectively means they are
a single API and should be managed with a single version stream. It's
much more managable to just treat these as separate interfaces and
this change makes that explicit and functionally true. Now when a
method is invoked, the only classes considered for handling that
request will be ones marked with the right namespace.
Russell Bryant [Thu, 22 Jan 2015 15:18:17 +0000 (10:18 -0500)]
Add and use SecurityGroupAgentRpc
Add a new class, SecurityGroupAgentRpc, which is based on
SecurityGroupAgentRpcMixin. Most uses of SecurityGroupAgentRpcMixin
follow the same pattern, so this class makes it possible to cut
down on some duplicated code.
Make use of SecurityGroupAgentRpc in: linuxbridge, openvswitch, mlnx,
nec, ofagent, oneconvergence, sriovnicagent, bigswitch, and hyperv.
Mike Kolesnik [Mon, 8 Dec 2014 08:03:05 +0000 (10:03 +0200)]
Extract l2pop/DVR controller logic to common method
Regular ports and DVR ports are treated almost the same, extract the
l2pop logic to treat them to a unified method that gets an argument if
the FDB entries are needed or not, in order to reduce code duplication.
YAMAMOTO Takashi [Fri, 21 Nov 2014 05:16:03 +0000 (14:16 +0900)]
attributes: Additional IP address validation
Introduce an additional IP address validation instead of assuming
that netaddr provides it. Namely, it ensures that an address
either has ':' (IPv6) or 3 periods like 'xx.xx.xx.xx'. (IPv4)
The "'1' * 59" test case recently introduced by
commit 1681f62ec91b6c3705a14393815542dc1746de71 fails on
some platforms because it's considered a valid address by
their inet_aton. Examples of such platforms: NetBSD, OS X
While one might argue it's a fault of the platforms, this is
a historical behavior which is probably too late to change there.
(The breakage has been hidden by later UT changes in
commit 35662d07628452d14306f5197871ad64f6396ff3 .
This commit includes a UT change to uncover the problem again.)
Assaf Muller [Thu, 18 Dec 2014 14:25:54 +0000 (16:25 +0200)]
Configure IPv6 LLADDR only on master L3 HA instance
HA standby routers must never transmit traffic from
any of their ports. This is because we allocate the same
port on all agents. For example, for a given external interface,
we place the same port with the same IP/MAC on every agent
the HA router is scheduled on. Thus, if a standby router
transmits data out of that interface, the physical switches
in the datacenter will re-learn the MAC address of the external
port, and place it on a port that's looking at a standby and
not at the master. This causes 100% packet loss for any incoming
traffic that should be going through the master instance of the
router.
Keepalived manages addresses on the router interfaces, and makes
sure that these addresses only live on the master. However, we
forgot about IPv6 link local addresses. They are generated
from the MAC address of the interface, and thus are identical on
all agents.
This patch tries to treat IPv6 link local addresses the same
as IPv4 addresses - define them as VIPs and let keepalived
move them around.
Elena Ezhova [Tue, 20 Jan 2015 16:19:43 +0000 (19:19 +0300)]
Add index on db "allocated" columns
ml2_vxlan_allocations, ml2_gre_allocations, ml2_vlan_allocations tables
have the 'allocated' field.
There are a lot of similar queries to these tables which look
like the following:
SELECT ml2_vxlan_allocations.vxlan_vni
AS ml2_vxlan_allocations_vxlan_vni,
ml2_vxlan_allocations.allocated
AS ml2_vxlan_allocations_allocated
FROM ml2_vxlan_allocations
WHERE ml2_vxlan_allocations.allocated = 0 LIMIT 1;
Performing such selects can take quite a lot of time and if a transaction
which performs allocation is executed in parallel, it can lead to
allocation failure and retry.
Adding an index on "allocated" column significantly improves
the performance. For ml2_vlan_allocations table created
an index on (physical_network, allocation) together.
Example for MySQL for execution of query
select * from ml2_vxlan_allocations where allocated = 0;
when on the table with ~3 mln entries, ~500K of which
have allocated = 0:
+-----------------------+---------------------+
|No index on "allocated"| Index on "allocated"|
+---------------------------------------------+
| 2.02 sec | 0.43 sec |
+-----------------------+---------------------+
Ihar Hrachyshka [Wed, 21 Jan 2015 15:44:06 +0000 (16:44 +0100)]
pep8: cleaned up excludes
Don't over-exclude files from pep8 automation. Specifically, tools/*
should maintain common Python style as any other Neutron code.
Don't exclude every single dot-file/dot-dir separately but instead
apply .* wildcard.
Drop rally-scenarios exclusion. First, the directory is now rally-jobs,
so exclusion didn't work. Second, it's better to also apply pep8 checks
for those files (there are some Python files inside the directory).
Miguel Angel Ajo [Thu, 21 Aug 2014 10:53:05 +0000 (12:53 +0200)]
Implements ProcessMonitor in the dhcp_agent
The ProcessMonitor class will watch over spawned external processes,
taking the administrator configured action in the case of any
of the external processes die unexpectedly.
It covers both the neutron-ns-metadata-proxy for isolated metadata
and dnsmasq in the dnsmasq driver.
ProcessMonitor has been extended to allow specific pid files
for backwards-compatible dnsmasq pid file location.
Sachi King [Mon, 8 Dec 2014 06:42:48 +0000 (17:42 +1100)]
If router is HA, get current_cidrs from keepalived object
When using L3 HA and keepalived neutron is no longer directly managing
the floating IP addresses itself. Neutron should not check against
which addresses are currently configured on the system, but the
addresses the keepalived object has configured.
Miguel Angel Ajo [Thu, 22 Jan 2015 14:17:30 +0000 (14:17 +0000)]
Move process monitor settings to neutron.conf AGENT section
Instead of defining specific settings on each agent configuration
file for later patches in the series, we provide a single
point of configuration in the AGENT section of the neutron.conf
file, which could yet be overriden per agent config file if needed.
Russell Bryant [Wed, 21 Jan 2015 21:39:37 +0000 (16:39 -0500)]
Drop SecurityGroupServerRpcApiMixin
The code base has now been migrated away from using this class, so it
can be removed. This was a prerequisite to being able to put this rpc
api into a messaging namespace.
Russell Bryant [Wed, 21 Jan 2015 20:57:31 +0000 (15:57 -0500)]
sriovnicagent: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in sriovnicagent.
This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as
a mixin.
This patch separates the use of SecurityGroupAgentRpcMixin out to its
own class. This matches most of the rest of the code base. This
separation is needed to be able to eventually move this rpc API into
its own messaging namespace. Now that it's separate, a future change
can pass the new class an instance of SecurityGroupServerRpcApi
instead of assuming that the PluginApi instance includes
SecurityGroupServerRpcApiMixin.
Russell Bryant [Wed, 21 Jan 2015 19:52:53 +0000 (14:52 -0500)]
mlnx: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the mlnx agent.
This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as
a mixin.
Russell Bryant [Wed, 21 Jan 2015 19:44:23 +0000 (14:44 -0500)]
mlnx: untangle SecurityGroupAgentRpcMixin
This patch separates the use of SecurityGroupAgentRpcMixin out to its
own class. This matches most of the rest of the code base. This
separation is needed to be able to eventually move this rpc API into
its own messaging namespace. Now that it's separate, a future change
can pass the new class an instance of SecurityGroupServerRpcApi
instead of assuming that the PluginApi instance includes
SecurityGroupServerRpcApiMixin.
Russell Bryant [Wed, 21 Jan 2015 18:40:18 +0000 (13:40 -0500)]
linuxbridge: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the linuxbridge agent.
This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as
a mixin.
Russell Bryant [Wed, 21 Jan 2015 19:34:12 +0000 (14:34 -0500)]
linuxbridge: untangle SecurityGroupAgentRpcMixin
This patch separates the use of SecurityGroupAgentRpcMixin out to its
own class. This matches most of the rest of the code base. This
separation is needed to be able to eventually move this rpc API into
its own messaging namespace. Now that it's separate, a future change
can pass the new class an instance of SecurityGroupServerRpcApi
instead of assuming that the LinuxBridgePluginApi includes
SecurityGroupServerRpcApiMixin.
Cedric Brandily [Sat, 10 Jan 2015 14:25:04 +0000 (14:25 +0000)]
Use db constraint to ensure mac address uniqueness
Currently port mac address uniqueness per network is checked before Port
db object create but without locking. It implies 2 port create requests
can allocate the same mac address on a network if each request performs
mac address uniqueness check before the other creates the Port db object.
This change replaces the check by a db unique constraint on Port
(network_id, mac_address).
Cedric Brandily [Wed, 7 Jan 2015 22:21:10 +0000 (22:21 +0000)]
Move shared metadata driver related config options
This change moves metadata driver related config options to metadata
driver module to prepare the use of metadata driver method in the dhcp
agent (daughter change). The metadata_port option is not moved as the
dhcp agent uses a non-configurable port (80).
adolfo duarte [Wed, 3 Dec 2014 05:48:50 +0000 (21:48 -0800)]
Added test_dvr_router_lifecycle to cover dvr
Several additions were necessary to support testing the lifecycle of a
dvr router. Added new function _dvr_router_lifecycle and necessary
supporting functions to avoid impacting any other section of the code
or tests.
Tests Added:
test_dvr_router_lifecycle_without_ha_without_snat_with_fips
test_dvr_router_lifecycle_without_ha_with_snat_with_fips
Michael Smith [Wed, 10 Sep 2014 23:59:14 +0000 (16:59 -0700)]
Initialize dist_fip_count after agent restart
Runtime router variable dist_fip_count has been
used to keep track of FIPs for DVR routers.
This variable is not re-initialized correctly on
agent restart and can get stale from other errors
which cause problems with namespace and port cleanup.
This patch will initialize the ri.dist_fip_count
once in process_router for dvr routers only. This
method was selected instead of the _router_added or
_router_removed path because it is the one central
entry point for rotuer add, delete, and update.
The object self.agent_gateway_port also needs to be
properly handled after an agent restart and this
patch will handle that as well.
When needed, the system will be read via system
calls to determine the state of namespaces and ports
since the variables cannot be relied on.
System calls will be kept to a minimum to reduce
and possible performance hits.
Carl Baldwin [Fri, 16 Jan 2015 19:39:46 +0000 (19:39 +0000)]
Replace FLOATING_IP_CIDR_SUFFIX constant with utils
FLOATING_IP_CIDR_SUFFIX is a global constant used in manipulating ip
addresses and cidrs as string. This patch replaces that with
well-tested utilities for doing the conversions more safely and
readably.
Russell Bryant [Fri, 16 Jan 2015 15:29:04 +0000 (10:29 -0500)]
tests: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the unit tests.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 15:15:17 +0000 (10:15 -0500)]
ovs: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the ovs plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 15:06:00 +0000 (10:06 -0500)]
oneconvergence: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the oneconvergence
plugin. This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 14:54:53 +0000 (09:54 -0500)]
ofagent: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the ofagent plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 14:37:52 +0000 (09:37 -0500)]
nec: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the nec plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Code Review / openstack-build / neutron-build.git / log