ofagent has code for agent-on-DomU support inherited from OVS agent.
However, it's incomplete and broken. Because ofagent uses a direct
OpenFlow channel instead of ovs-ofctl command to program a switch,
the method to use the special rootwrap can not work.
The Arista ML2 plugin was not passing the admin tenant name to EOS without which
it is not possible to authenticate with keystone using just the admin name
and password. This patch passes the admin tenant name along with the admin
credentials.
Cedric Brandily [Wed, 27 Aug 2014 09:35:41 +0000 (11:35 +0200)]
Remove useless check in _rpc_update_firewall
Firewall_db_mixin.update_firewall returns an updated firewall or raises
an error (if the firewall is not found), that's why checking if its
result is evaluated to False is not required
Henry Gessau [Wed, 10 Sep 2014 03:50:09 +0000 (23:50 -0400)]
Use renamed _fail_second_call() in cisco nexus tests
In commit 5e4b0c6fc6670ea036d801ce53444272bc311929 NeutronDbPluginV2TestCase
_do_side_effect() was renamed to _fail_second_call(), but the nexus test cases
were not updated. The tests still worked because they check for
HTTPInternalServerError which is the end result of the server encountering
"AttributeError: object has no attribute '_do_side_effect'". So the fault
injection still worked, but not in the way intended.
Note: the monolithic nexus plugin is not updated here since it is being
removed from the tree.
Sylvain Afchain [Mon, 26 May 2014 12:28:06 +0000 (14:28 +0200)]
Add L3 VRRP HA base classes
Add L3 HA base classes on the plugin side. A new admin-only ha
attribute is added to the API router resource. Conversion from
or to HA router is possible. Each tenant gets a single network
used for HA traffic. The tenant_id for that network is set to
'' so that it isn't visible via the CLI or GUI. A new table
is added to map a tenant to its HA network. Specific HA
attributes are added to the extra router attributes table.
Finally, each HA router gets a port on the HA network, per
l3 agent it is scheduled on. A new table is added to track
these bindings. A new table is added in order to track
VRID allocations.
DVR integration is not expected to work. Any issues will
be reported as bugs and handled after the feature merges.
Migrating a router to HA or from HA works server side
but is not expected to work (Yet) agent side. This will be
dealt with as a bug in the future.
Kevin Benton [Wed, 25 Jun 2014 06:12:43 +0000 (06:12 +0000)]
UTs: Disable auto deletion of ports/subnets/nets
Change the behavior of the unit test context managers
for ports, networks, and subnets to skip the deletion
of the objects they create.
Adds explicit delete calls to the tests that require
deletion of the objects.
This is the first patch in a series to eliminate the
automatic deletion of objects created during tests to
improve test performance and make testing more explicit.
Sam Betts [Fri, 5 Sep 2014 15:16:01 +0000 (16:16 +0100)]
Remove second call to get_subnets in delete_subnet
delete_subnet made calls to both get_subnet and _get_subnet,
get_subnet uses _get_subnet so multiple database requests were being
made, this patch removes the call to get_subnet and directly calls
_make_subnet_dict using the result of _get_subnet
Changes to support FWaaS in a DVR based environment
Implementation of Spec to address the changes required for FWaaS
to work with DVR to handle:
* Perimeter Firewall support on N - S traffic
* Ensure that E - W DVR traffic is not broken.
Michael Smith [Tue, 2 Sep 2014 17:07:04 +0000 (17:07 +0000)]
Call unbind_snat_servicenode from schedule router
Refactor to move the call to plugin.unbind_snat_servicenode from
schedule_snat_router to _schedule_router. This is a move to pave the
way for removing hints from schedule router.
NSX: Correct allowed_address_pair return value on create_port
This patch fixes the NSX plugin to return [] rather than None for a
port does not have any allowed_address_pairs when a create_port api
call is made. Currently the NSX plugin is failing every patch because
now tempest is checking for this value to be [].
Factory method provided by the library should be used to create a server
object. This allows to change servers internal implementation without
touching end users.
Also removed custom dispatcher. Its only purpose was to log messages.
If logging is configured accordingly all incoming messages will be
logged from oslo/messaging/_drivers/amqpdriver.py [1]
Michael Smith [Tue, 2 Sep 2014 17:05:12 +0000 (17:05 +0000)]
Remove subnet_id from check_ports_exist_on_l3agent
Refactor check_ports_exist_on_l3agent so that subnet_id no longer
needs to be passed. Instead it calls get_subnet_ids_on_router. This
helps to pave the way for removing hints from schedule router.
Fix AttributeError when setting external gateway on DVR router
DVR routers will have this manager initialized only after one
or more subnets have been attached to the router. To address
the issue, make sure the manager is defined and handle the snat
rules appropriately.
This patch also makes _update_arp_entry more defensive; this is
because the arp update process can be affected by the same issue:
the router may not have internal ports at the time the request
come in. This is likely when VM's port creation and router
configuration overlap slightly.
rajeev [Fri, 22 Aug 2014 22:54:46 +0000 (18:54 -0400)]
Stop tracking connections in DVR FIP Namespace
For DVR, connections to external network using floating IPs do not
need to be tracked in FIP namespace because they are being
already tracked in router namespace.
This fix adds iptable rules to not track connections.
Avoid testing code duplication which introduced testing bugs
SecurityGroupAgentEnhancedRpcTestCase duplicated code in
SecurityGroupAgentRpcTestCase setUp, also
TestSecurityGroupAgentEnhancedRpcWithIptables duplicated
code from TestSecurityGroupAgentWithIptables setUp()
introducing bugs by improper initialization, like a missing
self.iptables.use_ipv6 = True
which in combination with tests.unit.test_ipv6.TestIsEnabled
produced inconsistent testing results.
Kevin Benton [Fri, 5 Sep 2014 04:55:47 +0000 (21:55 -0700)]
Reset IPv6 detection flag after IPv6 tests
Resets a module level flag that was being left in the
state that the previous test set it to. This was causing
unrelated tests to fail if the last state was left disabled.
John Schwarz [Thu, 4 Sep 2014 11:11:26 +0000 (14:11 +0300)]
Revert "Skip functional l3 agent test"
This reverts commit 0918ce91e5af5100ee3a4fcd6861741c4f00ac41. The
specified commit skipped a test which caused non-deterministic gate
failures, but the actual reason for the failures was found and fixed
so the skip is no longer needed.
John Schwarz [Thu, 4 Sep 2014 08:34:29 +0000 (11:34 +0300)]
Fix leftover Timeout effecting most eventlet calls
When registering a new eventlet.timeout.Timeout object, eventlet
automatically starts a timer for most (if not all) future eventlet
calls. Normally, eventlet codes do not hold a timeout unless such a
timeout is used or a specific timeout length is specified through
the API, but once a Timeout object is initialized, it is left there
unless canceled.
This change fixes an un-canceled Timeout which causes some
functional tests to fail, reintroduces a fix for bug #1358206,
which was written prior to discovering the uncanceled timeout, and
increases the timeout of a test that depended on this timeout.
ofagent: Remove @author tags and update copyright notices
When writing these modules, ofagent team (kakuma, yamamoto) thought
that @author tag was OpenStack's style to represent authorships.
But it turned out to be wrong. Acutally there seems to be a consensus
not to use them. So, replace them back to the original Ryu-style
copyright notices.
Carl Baldwin [Tue, 2 Sep 2014 16:49:45 +0000 (16:49 +0000)]
Cleanup rename of get_compute_ports_on_host_by_subnet
A recent merge [1] renamed this method to remove "compute_" from the
name. Unfortunately, the rename was not done thoroughly. This patch
cleans that up. No bug is referenced since this is an obvious
ommission in a recent patch.
The reverted patch incorrectly ties with Keystone and should have never been
approved since the approved version only partially addressed review concerns.
This revert also ensure migration timeline integrity.
shihanzhang [Mon, 4 Aug 2014 08:44:31 +0000 (16:44 +0800)]
Refactor security group rpc call
Refactor rpc call of 'security_group_rules_for_devices' into
'security_group_info_for_devices' to reduce the response
message size and server side processing time. Includes
agent-side auto detection of rpc version, and fall back
to the old one.
Change-Id: If19be8579ca734a899cdd673c919eee8165aaa0e
Implements: blueprint security-group-rules-for-devices-rpc-call-refactor
DocImpact Co-Authored-By: Miguel Angel Ajo <mangelajo@redhat.com>
- It may relieve contention on DB access while
both servers and l3 agents are busy setting up
and syncing routers down respectively.
- It prevents accidental placement of namespaces
during the L3 sync_routers process, as auto
scheduling without taking into account the state
of the L3 agents, as well as the state of the
routers being processed, may overrule the placement
decision made during router operations.
when an interface is added to a router with gateway, the method
internal_network_added(..) incorrectly configures the IP address
of the new snat interface same as the IP address of the new
subnet interface.
Kevin Benton [Thu, 21 Aug 2014 16:12:15 +0000 (09:12 -0700)]
BSN: Bind external ports in ML2 driver
Add a binding capability to the Big Switch ML2 mechanism
driver to mark external ports as bound. Ports with the
owner type 'neutron:external_port' will be assigned to the first
VLAN segment available in the network. The port update operation
will then carry the HOST ID with the identifier to the backend
for the necessary fabric configuration.
Cedric Brandily [Tue, 26 Aug 2014 18:23:04 +0000 (20:23 +0200)]
Remove SELECT FOR UPDATE use in delete_firewall
SELECT FOR UPDATE expression, which is triggered with the use of the
SQLAlchemy Query object's with_lockmode('update') method, is
detrimental to performance and scalability of the database
performance code in Neutron due to the lock contention it produces.
SELECT FOR UPDATE can be entirely avoided in delete_firewall method
with the use of single-shot DELETE expressions.
Sayaji [Tue, 12 Aug 2014 01:16:12 +0000 (18:16 -0700)]
Implements sync mechanism between Neutron and Nuage VSD
This will sync resources between Neutron and VSD based on
the configuration parameters. "enable_sync" will enable/disable
the sync and "sync_interval" will control the time interval
between consecutive sync cycles.
Code Review / openstack-build / neutron-build.git / log