Second firewall creation returns 500, but it is an expected behavior
of firewall reference implementation and an internal server error
should not be returned.
Joe Gordon [Tue, 1 Apr 2014 22:06:36 +0000 (15:06 -0700)]
Use a temp dir for CONF.state_path
external_pids will defaults to $state_path(/var/lib/neutron)/external/pids
which isn't accessible when running unit tests so use a tempdir for
CONF.state_path. This bug arose when oslo.config 1.3.0 came out which
fixed bug #1282250 (I4324bda6f3de3cdf05f8eb3cf16052c04018dec8) and
caused this issue.
Kevin Benton [Tue, 1 Apr 2014 06:32:41 +0000 (23:32 -0700)]
BigSwitch: Semaphore on port status update
Adds a semaphore to the _set_port_status
function used by the Big Switch ML2 driver and
plugin. Without it, the async threads are
susceptible to deadlocking and causing the
known eventlet/mysql timeout exception.
Hemanth Ravi [Mon, 31 Mar 2014 00:48:21 +0000 (17:48 -0700)]
Invoke _process_l3_create within plugin session
_process_l3_create should be invoked with a plugin session, else
externalnetworks table is not populated for networks with
router:external=True. Added the missing plugin session.
Recent API changes in N1KV controller require parameters such as
subnet id and IP address to handle port creation successfully.
Without these mandatory paramters, the REST call fails.
This patch addresses that by passing in the missing parameters
in the REST body.
Evgeny Fedoruk [Tue, 18 Mar 2014 17:55:11 +0000 (10:55 -0700)]
Cancelling thread start while unit tests running
This change modifies the Radware driver and its unit testing code
to not start operations completion thread while unit tests are running.
The driver initialization changed not to start the operations completion thread,
the thread is started only when operation completion item is inserted into the queue
for the first time.
The operation completion functionality was moved to a new function which
is called by the operations completion thread run() function.
The run() function still have the functionality of popping operation completion
items out of the queue and push failed items back.
Unit testing code mocks the operation completion items queue
by calling the operations completion hanler new function when item
is added.
Start() and join() functions of the thread were mocked to do nothing.
All sleep() entrances were removed from the unit testing code.
All unnecessary mock_reset() calls were removed.
Carl Baldwin [Thu, 27 Mar 2014 22:21:53 +0000 (22:21 +0000)]
Delete duplicate external devices in router namespace
When a router's gateway is removed during L3-agent restart, the agent
will fail to delete the old external device. This device should be
identified and removed as soon as possible.
Akihiro Motoki [Fri, 21 Mar 2014 23:17:20 +0000 (08:17 +0900)]
UT: do not hide an original error in test resource ctxtmgr
In unit tests, resource contextmanagers such as network(), subnet()
try to delete themselves after returning from yield even if an
exception occurs. However when an exception occurs, there is a case
where deletion fails. In this case original exception will be hidden
and it makes difficult to debug test failures.
Before each test starts, resources like database entries will be
recreated, so there is no need to try to delete resources even
when an exception occurs. This commit removes try-finally clause
from resource contextmanagers to make original errors visible.
Eugene Nikanorov [Wed, 19 Mar 2014 14:00:35 +0000 (18:00 +0400)]
Fix namespace exist() method
Fix namespace exist() method for it shall not be called with a root.
Also, don't run it under the namespace so garbage_collect_namespace
method can run without rootwrap and not withi a ns.
As a result of fixing namespace listing the patch also fixes the
regression introduced (bug/1294603) to loadbalancer agent respawning
haproxy due to inability to list namespaces properly.
Each dnsmasq instance on a network is not aware of other dnsmasq's leases.
When dnsmasq is launched with --no-hosts and is not provided an --addn-hosts
file, it can resolve only the hosts to which it gives a dhcp lease and no more.
i.e.:
If dnsmasq service n°1 gives a lease to instance n°1, and dnsmasq service n°2
gives a lease to instance n°2, both VM instances and dnsmasq services being on
the same network: instance n°1 can not resolve instance n°2, because instance
n°1 queries dnsmasq n°1, and since it did not give the lease to instance n°2,
it can not resolve it (it is not aware of its existence). Same issue if
instance n°2 tries to resolve instance n°1.
The solution is to provide dnsmasq with an --addn-hosts file of all hosts on
the network. With an --addn-hosts file, each dnsmasq instance is aware of all
the hosts on the network even if they do not give the lease for a host,
therefore each dnsmasq instance can resolve any host on their network even if
they did not provide the lease for it themselves.
Aaron Rosen [Wed, 26 Mar 2014 23:40:09 +0000 (16:40 -0700)]
Prevent cross plugging router ports from other tenants
Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.
NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already
attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Mark McClain [Thu, 20 Mar 2014 17:49:13 +0000 (13:49 -0400)]
Disable XML tests on Py26
Unit testing on Py26 takes too long to run. The code paths are the
same, so we'll temporarily skip tests is the class contains XML
formating since duplicate full stack JSON tests are run.
Aaron Rosen [Wed, 26 Mar 2014 20:52:05 +0000 (13:52 -0700)]
Subnets should be set as lazy='join'
Currently if one does a net-list tons of queries are issued against the
database as the default query mode is 'select' which performs a query when
the field is actually accessed. In this patch I change the the mode to
'joined' so subnets are loaded as the networks are loaded. Usually, there
are only 1 or 2 subnets on a network so loading this data shouldn't hurt.
This patch in my setup with 5000 networks reduces the net-list call from 27
seconds to 7! Woot Woot :)
Akihiro Motoki [Sat, 15 Mar 2014 15:16:23 +0000 (00:16 +0900)]
nec plugin: allow to delete resource with ERROR status
Previously if a resource is in ERROR status and there is no
corresponding resource on OpenFlow controller, the resource
cannot be deleted through an API request.
This commit rearrange ERROR status check to allow resource
with ERROR status to be deleted.
Ihar Hrachyshka [Mon, 17 Mar 2014 13:18:28 +0000 (14:18 +0100)]
Synced rpc and gettextutils modules from oslo-incubator
The main reason for sync is to get the following oslo-rpc fixes in Neutron:
* I537015f452eb770acba41fdedfe221628f52a920 (reduces delays when reconnecting
to Qpid in HA deployments)
* Ia148baa6e1ec632789ac3621c85173c2c16f3918 (fixed HA failover, Qpid part)
* I67923cb024bbd143edc8edccf35b9b400df31eb3 (fixed HA failover, RabbitMQ part)
Akihiro Motoki [Wed, 26 Mar 2014 14:28:49 +0000 (23:28 +0900)]
Import request_id middleware bug fix from oslo
There is a bug in request-id middleware that a subsequent API request will
overwrite a request-id of a previous request when multiple API calls are
processed in parallel in request_id middleware.
This commit imports the fix in oslo.
The original version of the request_id middleware generates a request ID during
process_request() and stores the value in a variable, so it can be attached as
header in process_request(). This is pretty dangerous, since subsequent
requests will overwrite this value, and the wrong request ID may be attached to
some responses. This is particularly apparent when requests arrive in parallel.
This change replaces process_request() and process_response() with an override
of __call__(). This allows the generated req_id to be used in the response
header without needing to save it as a class-level variable.
----
Jakub Libosvar [Wed, 26 Mar 2014 08:42:21 +0000 (09:42 +0100)]
Migrate data from cap_port_filter to vif_details
There was introduced a new column vif_details for ml2_port_binding table
and dropped cap_port_filter column. Data was lost during the migration
causing no data in vif_details.
This patch transforms data from cap_port_filter to vif_details column as
a part of db migration. MigrationContext.execute() calls underlaying
methods depending whether migration is online or offline therefore data
are migrated in offline migration too.
Include cisco plugin in migration plugins with ovs
Currently we have many migration files with missing cisco
plugin in migrate_plugin when ovs is included.This
causes missing tables when cisco plugin is enabled
and migration is run. This fix should automatically
include the cisco plugin if ovs is detected in the
migrate_plugins.
Rich Curran [Tue, 25 Mar 2014 14:56:46 +0000 (10:56 -0400)]
ML2 Cisco Nexus MD: Remove workaround for bug 1276395
Before bug 1276395 was merged the delete_port_postcommit() mechanism
drivers did not have access to the bound_segment information that was
in the process of being deleted.
Code was added to the cisco_nexus md to workaround this issue.
This code can now be removed.
Maru Newby [Wed, 26 Feb 2014 13:09:42 +0000 (13:09 +0000)]
Add script to migrate ovs or lb db to ml2 db
This script migrates an ovs or lb database to work with ml2.
The script's docstring provides details as to how it is intended to
work.
I've tested this manually on a trivial deployment, and would like
to add support for testing the migration with grenade. However,
that will have to wait until grenade support for neutron has
merged.
Kyle Mestery [Mon, 24 Mar 2014 03:31:30 +0000 (03:31 +0000)]
Correct OVS VXLAN version check
Update the version checking logic used to determine if the combination of
Linux kernel, OVS userspace, and OVS kernel module can properly support
VXLAN.
Tested on Ubuntu 14.04 without the OVS DKMS module.
Oleg Bondarev [Mon, 24 Mar 2014 12:58:55 +0000 (16:58 +0400)]
LBaaS: make device driver decide whether to deploy instance
Currently server throws an error in case agent (device driver)
requests logical config for non-active pool, which is a bug
as it's ok if pool is in pending create/update states.
Also the pool may be already scheduled for delete (pending_delete)
while agent requests it to perform some previous update, which
as also ok and agent just doesn't deploy such config.
This patch moves active pool check from server side to agent side
Abhishek Raut [Thu, 6 Mar 2014 03:02:40 +0000 (19:02 -0800)]
Fix segment allocation tables in Cisco N1kv plugin
The segment allocation table is emptied on deleting any network profile.
This change allows the use of segment range from the network profile table.
By using the network profile UUID as a foreign key in the segment allocations table,
tables are cleaned up only for the segments associated with
the deleted network profile via CASCADE, leaving no inconsistencies.
Akihiro Motoki [Fri, 21 Mar 2014 19:17:14 +0000 (04:17 +0900)]
NEC plugin: Remove a colon from binding:profile key due to XML problem
In XML specification, if a tag name contains a colon, a part before
a colon is interpreted as namespace. If key names in binding:profile
dict contains a colon, Neutron XML serializer sends them as-is.
A colon in key names should be used only if XML namespace are used.
NEC plugin uses a colon in key names and it leads to failures to XML
deserialization. To avoid this problem, this commit removes a colon
and prefix n key names in port binding:profile so that client XML
deserializer decodes XML response successfully.
Aaron Rosen [Fri, 21 Mar 2014 18:23:05 +0000 (11:23 -0700)]
rename ACTIVE_PENDING to ACTIVE_PENDING_STATUSES
Looking at the lbaas code it's not very obvious that constants.ACTIVE_PENDING
is a list of statuses that contain statuses that are ACTIVE or
PENDING. This patch renames ACTIVE_PENDING to ACTIVE_PENDING_STATUSES so
it's obvious that this is a list and not just a string called ACTIVE_PENDING.
Paul Michali [Fri, 14 Mar 2014 15:21:03 +0000 (15:21 +0000)]
VPNaaS support for VPN service admin state change and reporting
For VPN service admin state changes, hook up the API call to the service
driver so that the configuration changes can be applied.
Modify the status reporting, so that the VPN service and IPSec
connection status' match the actual status when admin state down
actions are performed (on both the service and connection).
Eugene Nikanorov [Thu, 20 Mar 2014 14:43:18 +0000 (18:43 +0400)]
Return meaningful error message on pool creation error
Instead of returning exception specific to haproxy (agent-based),
return more generic BackendNotFound exception.
It also could be used later when binding to devices will be
introduced. That exception will indicate scheduling failure, e.g.
inability to find appropriate backend for the resource.
Resource (pool) is then marked with ERROR state with corresponding
error description.
Kyle Mestery [Fri, 21 Mar 2014 09:41:31 +0000 (09:41 +0000)]
Don't set priority when calling mod_flow
This commit [1] changed the behavior of modifying flows to not allow priority
to be set on flow modification. The agent code which was calling mod_flow was
not updated to respect this behavior. The unit tests were also not updated in
this regard. I've corrected this behavior now, and added a negative UT case to
catch this in the future.