Kyle Mestery [Thu, 13 Aug 2015 16:33:18 +0000 (16:33 +0000)]
lieutenants: Add Neutron infra lieutenants
It's become clear we need to have a centralized contact point
(or points) for Neutron interactions with infra. Lets start out
by making that Doug and Armando for now. Note this list is
alphabetized by last name for those curious on the ordering.
This patch is clean up to prevent future breakage by eliminating
potentially dangerous code.
l3_db and related code use L2 plugin _get_subnet and related method
unnecessarily instead of get_subnet.
It's dangerous because _get_subnet returns ORM db object which allows
the caller to update db rows directly. So the caller of _get_subnet
may update subnet db without notifying L2 plugin unintentionally.
In that case, L2 plugin or ML2 mechanism driver will be confused.
This patch replaces _get_subnet and _get_subnets_by_network with
get_subnet, get_subnets_by_network where possible.
This patch is clean up to prevent future breakage by eliminating
potentially dangerous code.
l3_db uses L2 plugin _get_port method unnecessarily instead of get_port.
It's dangerous because _get_port returns ORM db object which allows
the caller to update db rows directly. So the caller of _get_port may
update port db without notifying L2 plugin unintentionally.
In that case, L2 plugin or ML2 mechanism driver will be confused.
This patch replace _get_port with get_port method where possible.
Brian Haley [Thu, 13 Aug 2015 20:57:59 +0000 (16:57 -0400)]
Remove 'action' argument from _handle_fip_nat_rules()
There's only one caller of _handle_fip_nat_rules(), and they
always specify 'add_rules' as the argument, so it's not
necessary any more. Also, the interface passed must be valid
since the caller has already used it, and would have thrown
an exception before this call was made. Found during another
code review.
Guard against potential down_revision interleave by checking that each
revision has the only revision that corresponds to its location in the
migration tree, and that its parent also has that same single label.
John Schwarz [Wed, 12 Aug 2015 10:39:28 +0000 (13:39 +0300)]
Add configurable options for HA networks
The L3 HA mechanism creates a project network for HA (VRRP) traffic
among routers. The HA project network uses the first (default) network
type in 'tenant_network_types'. Depending on the environment, this
combination may not provide a desirable path for HA traffic. For
example, some operators may prefer to use a specific network for HA
traffic to prevent split-brain issues.
This patch adds configurable options that target the network_type and
the physical_network of the created HA network.
Henry Gessau [Sun, 5 Jul 2015 07:29:38 +0000 (03:29 -0400)]
Support for independent alembic branches in sub-projects
Sub-projects shall now register their independent alembic migrations
via entrypoints in setup.cfg, and neutron-db-manage will discover them
and run them automatically.
If a service or sub-project is specified explicitly, then
neutron-db-manage will run on only that service or sub-project.
The advanced services project are just special cases of sub-projects.
For example, specifying the CLI option '--service lbaas' is the same
as specifying '--subproject neutron-lbaas'.
Specifying no service or sub-project will cause neutron-db-manage to
run the command on neutron and all installed sub-projects.
Added and consolidated documentation into devref for alembic migrations.
Kanzhe Jiang [Thu, 13 Aug 2015 03:36:54 +0000 (20:36 -0700)]
Remove bigswitch mech_driver entry point definition
After vendor driver split, the entry point for bigswitch ml2
mechanism_driver is no longer valid. The new entry point is defined in
the networking-bigswitch stackforge repo.
Improve callback registry devref documentation and usability
Latest developments have revealed that the registry can be misused
under certain circumstances, and that it can be harder to use by
projects that extend Neutron.
This patch improves the devref documentation so that developers know
what to expect.
John Davidge [Fri, 7 Aug 2015 15:27:47 +0000 (16:27 +0100)]
Fix update_subnet for prefix delegation
A misnamed function call and execution order issue was causing
update_subnet to fail when a PD enabled subnet received a new CIDR.
This patch fixes the issues, and introduces an rpc api test to
ensure the function works. This includes altering the process_prefix_update
RPC handler to expose the issue to the test.
Fix DVR interface delete by port when gateway is set
When removing a DVR interface by port, the subnet_id
passed to delete_csnat_router_interface_ports is None,
and so it deletes all the DVR SNAT ports for the
router.
This patch fixes this issue by passing in the right
subnet_id to the delete_csnat_router_interface_ports.
shihanzhang [Tue, 9 Jun 2015 09:47:39 +0000 (17:47 +0800)]
Destroy ipset when the corresponding rule is removed
if a security group has a rule which allow a remote group access,
but this remote group has no IPv4 and IPv6 members, L2 agent
should not clear the remote group in internal cache of sg_members,
because when above rule is deleted, L2 agent can get the remote group
id from the diff of pre_sg_members-sg_members, then destroy the ipset
set for remote group.
Assaf Muller [Tue, 11 Aug 2015 18:20:07 +0000 (14:20 -0400)]
Clean up test_dvr_router_rem_fips_on_restarted_agent
* self._add_fip wasn't actually doing anything useful, it just
throws off the reader by making him/her think that line is
important when it isn't.
* Added an assertion that checks that the FIP namespace exists
before the reconfiguration of the router.
John Davidge [Tue, 11 Aug 2015 12:55:51 +0000 (13:55 +0100)]
Fix _update_subnet_allocation_pools returning empty list
_update_subnet_allocation_pools was returning an empty list in all
cases due to trying to iterate over the same generator twice.
Generators cannot be iterated over multiple times.
This patch changes the generator into a list to fix this problem,
and alters the unit test so that this issue is exposed.
Kevin Benton [Tue, 11 Aug 2015 13:01:25 +0000 (06:01 -0700)]
Replace 'import json' with oslo_serialization
Replace remaining occurences of 'import json' with
'from oslo_serialization import jsonutils as json'
so pylint doesn't complain every time someone happens
to make a change to one of the modules that still
uses it.
This patch is in preparation for the integration
of Ironic and Neutron. A new vnic_type is being
added so that ML2 drivers can filter for all
Ironic ports based upon match for 'baremetal'.
Nova/Ironic will set this vnic_type when issuing
port-create request to neutron.
(e.g. binding:vnic_type = 'baremetal' )
Fix scheduling of DVR routers to not stop scheduling once
csnat portion was scheduled. See bug report for failing
scenario.
This partially reverts
commit 3794b4a83e68041e24b715135f0ccf09a5631178
and fixes bug 1374473 by moving csnat scheduling
after general dvr router scheduling, so double binding does
not happen.
Sergey Vilgelm [Mon, 10 Aug 2015 12:46:27 +0000 (15:46 +0300)]
Use oslo.log library instead of system logging module
The constants of log levels were added in the 1.8 version of
the oslo.log library. So we can replace all usage of system
logging module with log module from oslo.log.
sridhargaddam [Wed, 5 Aug 2015 10:49:33 +0000 (10:49 +0000)]
Avoid dhcp_release for ipv6 addresses
dhcp_release is only supported for IPv4 addresses [1] and not for
IPv6 addresses [2]. There will be no effect when it is called with
IPv6 address. This patch adds a corresponding note and avoids calling
dhcp_release for IPv6 addresses.
Instead of get_admin_context(), use context.elevated() to avoid
creating another DB session.
get_admin_context().session creates an independent DB session,
while ctx.elevated().session shares the original context's session.
Generally it's better to avoid using multiple DB sessions in
a single thread as it's a bad idea for various reasons:
- They can yield inconsistent views
- They can ends up with a deadlock
Henry Gessau [Tue, 4 Aug 2015 03:30:34 +0000 (23:30 -0400)]
Consistent layout and headings for devref
The lack of convention for heading levels among the independently
written devref documents was starting to make the Table of Contents
look rather messy when rendered in HTML.
This patch does not cover the "Neutron Internals" section since its
layout is reasonably OK for now.
Oleg Bondarev [Fri, 7 Aug 2015 16:56:13 +0000 (19:56 +0300)]
Do not delete fip namespace during l3 dvr agent resync
This was introduced by commit 46608806aa7a9c60214e28429ca5a8b87b2a15de
which didn't take into account that fip namespace name is composed
from external network id rather than router id.
The fix is to ensure fip namespaces for the known routers are kept
by namespace manager on agent resync.
John Kasperski [Fri, 7 Aug 2015 14:15:33 +0000 (09:15 -0500)]
Validate updated allocation pool before using it
The allocation pool specified during subnet-update is being
used in gateway validation checks before the allocation pool
is ever validated. Errors indicating that the gateway IP is
invalid are returned when it is the allocation pool that is
actually in error.
Additional testing of the allocation pool is also being added
to the subnet-update unit tests.
Code Review / openstack-build / neutron-build.git / log