Kevin Benton [Tue, 17 Sep 2013 20:22:32 +0000 (13:22 -0700)]
BigSwitch plugin: passes context to all update_network calls
There were a few calls to update the network on the backend
that were not having the context passed to them so they were
incorrectly using the admin context. This patch corrects that
by passing the context to all network update calls. It also
disallows calls to _send_update_network that don't provide
the context because there is not a use case for that condition.
linb [Tue, 20 Aug 2013 05:35:10 +0000 (13:35 +0800)]
Support advanced NVP LBaaS Service
The patch adds NVP advanced LBaaS service support for NVP with
VCNS:
* NVP LBaaS is an advanced Service of NVP depending on NVP
advanced service router
- Once an advanced router id created, one corresponding
vshield edge will be deployed, and then we can configure
LB service On the vshield edge
* NVP LBaaS service plugin still uses LBaaS DB service logic,
while finally calling vShield Edge to support FWaaS service
- When creating VIP object, service attaches the object to
the advanced router with routedserviceinsertion service.
Then before pushing VIP VCNS call, the server would first
pushing associated POOL VCNS call and associated Monitor
VCNS call to vShield Edge. Deleting VIP is opposite
operation
- Refering to CUD operation of other objects, service would
first find the associated VIP object and then find the edge bound to
the router which vip inserted. Then service would push corresponding
VCNS call to Vshield Edge
* on driver part, the driver will first convert the object
to VSM known object input, and then send a synchronous JSON
calling to VSM, and receive the result
berlin [Thu, 22 Aug 2013 07:58:58 +0000 (15:58 +0800)]
Support for NVP advanced FwaaS service
The patch adds advanced FWaaS service support for NVP with
VCNS:
* NVP FWaaS is an advanced Service of NVP depending on NVP
advanced service router
- Once an advanced router id created, one corresponding
vshield edge will be deployed, and then we can configure
FW service on the vshield edge
* NVP FWaaS service plugin still uses FWaaS DB service logic,
while finally calling vShield Edge to support FWaaS service
- When firewall object is created, we will attach the
object to the advanced router with routedserviceinsertion_db
service
* on driver part, the driver will first convert the object
to VSM known object input, and then send a synchronous JSON
calling to VSM, and receive the result
Paul Michali [Mon, 16 Sep 2013 14:08:56 +0000 (10:08 -0400)]
Increase size of peer_address attribute in VPNaaS
Increased the size so that peer_address could be FQDN. API
document changed constraint from IPAddress to string, however
in the plugin/service code, it is already a string and there is
no specific restriction on the value. Database migration will
be performed, due to the size change.
Fix error raised when router-interface-delete on no-snat routers
Previously, a 500 error would be raised trying to remove a subnet
from a no-snat router because we were trying to remove the snat
rules that didn't exist in the router.
_validate_network_tenant_ownership must be less strict
Neutron, currently does a strict validation code
so that for non-shared network the subnets and
ports must belong to the same tenant as the network. In
the case of a "service VM" created by
admin user, this function should return thus allowing
admin users to create ports and networks in a tenant
network.
If an existing firewall rule already associated with a
firewall policy is associated with a different firewall
policy, the new association should fail. The check for
the existing association was not being made, hence the
firewall rule was being removed from the older policy
and being associated with the newer policy (incorrect
behavior). This is being fixed here.
If the association with the newer policy has to be made
the rule should first be removed from the existing policy
association.
Fix haproxy agent unit test to be runnable alone by tox
haproxy agent uses periodic_interval option that can interfere
with the same option declared in neutron/service.py when running
'tox services.loadbalancer'
Bob Kukura [Fri, 13 Sep 2013 20:12:30 +0000 (16:12 -0400)]
Use same hostname function as nova
Certain plugin implementations of port binding depend on the port's
binding:host_id set by nova matching the compute node's hostname
reported by neutron agents in agents_db. Nova uses
socket.gethostname() to obtain the hostname, so this changes neutron
to also use socket.gethostname(), instead of socket.getfqdn() to
obtain the default hostname. If deployments require a specific
hostname format or value, the hostname can be specified in nova and
neutron configuration files.
Prevent stale DHCP directories for dhcp agent nodes
This change fixes an issue that is most acute in test/dev
environments but that may affect production environments
as well: the presence of DHCP directories that no longer
represent networks that exist in the Neutron DB. This
issue can manifest itself over time if you delete networks
from the Server while the Agent node is down.
Without this fix, at the agent start-up the method
existing_dhcp_networks will return an empty list, and
as a consequence the directories that belong to networks
that have been removed from the server will stay because
the sync logic will not process them as it only looks at
the mismatch between active networks on the agent and
active networks on the server. With the fix instead, we
return *all* existing dhcp networks; if they are meant to
be active, the agent will bring them up, if they no longer
exist on the server, then the agent will dispose of the
resources. The dnsmasq driver will do the right thing when
enabling or disabling the process.
This patch ensures the 'result_count' attribute from NVP API responses
is properly handled, and adds support for '_page_cursor' request query
parameter in the fake nvp api client in order to ensure issues like this
are captured by unit tests.
pass default l3_gateway_service_uuid if not specified
Previously, if one created an external network of type l3_ext and did
not specify the default_gw_service_uuid via --provider:physical_network
an exception would be raised on the backend as we need to specify the
l3_gw_service_uuid we want nvp to use.
Luis A. Garcia [Fri, 16 Aug 2013 16:07:47 +0000 (16:07 +0000)]
Enhance exception translation to better handle NeutronExceptions
NeutronExceptions have a 'message' class attribute that holds the
generic error message template, e.g. "Network %(network)s not found",
unfortunately, because the names are the same, it was overshadowing the
actual exception instance 'message', e.g. "Network 1 not found", after
translation when the exception was serialized to JSON.
This patch puts the exception's actual message in a new field called
'msg' and overwrites NeutronException unicode() so that 'msg' is used
during serialization and we'll get the correct message on the REST API
response.
Add a relationship with eager loading in the Port and Network models,
thus preventing the 'extend' functions from performing extra queries.
This patch also slight alters the methods for processing qos_queue
bindings in order to allow them for populating the qos_queue id in
the response being created.
This patch introduces VXLAN support for Linuxbridge agent alongside
with ml2 plugin support in linubridge mechnism driver.
A new vxlan configuration section is added for vxlan related parameters.
The agent also implements l2population RPC callbacks which allows ml2
plugin using l2population mechnism driver to populate vxlan forwarding
and neighbor tables following portbinding events. It allows agent to
respond locally to ARP requests for remote VMs and avoid dataplane based
learning. This should help limiting the use of multicast or flooding
for broadcast emulation in vxlan networks.
These changes should anyway have a limited risk, as agent behaviour
shouldn't be affected, except when vxlan is enabled alongside ml2 plugin.
Francois Eleouet [Thu, 22 Aug 2013 14:51:01 +0000 (16:51 +0200)]
OVS agent implementation of l2-population
This patchset implements l2-population RPC callbacks in OVS agents,
it enables plugin to populate forwarding table following portbindings
events.
For now, it doesn't include ARP responder implementation which is
deferred to a future patchset (As this feature isn't yet supported by
OVS, it will require the use of an external responder such as ebtables)
It anyway brings some improvements in tunnelling management, as agent
will tear-down unecessary tunnels, and flood packets on a per-network
basis rather than to all other agents.
These changes should anyway have a limited risk, as tunnel management
won't be affected as long as l2_population option is not set. This
option must be used in conjonction with ml2 plugin using l2population
mechanism driver.
Kui Shi [Wed, 11 Sep 2013 17:04:09 +0000 (01:04 +0800)]
Don't need to init testr in run_tests.sh
In run_tests.sh, function init_testr will initialize testr if the
directory .testrepository is not existed. Actually, testr will do
the check before run the test:
In Python package testrepository, setuptools_command.py:Testr.run
68 def run(self):
69 """Set up testr repo, then run testr"""
70 if not os.path.isdir(".testrepository"):
71 self._run_testr("init")
Bob Melander [Wed, 3 Apr 2013 19:22:30 +0000 (21:22 +0200)]
Adds support for L3 routing/NAT as a service plugin
- Adds L3 routing/NAT service plugin
- Removes L3 routing/NAT from ML2 plugin
- Moves "router:external" attribute to new extension "External-net"
- Introduces separate RPC topic for L3 callbacks from L3 agent
Kaiwei Fan [Fri, 23 Aug 2013 06:25:52 +0000 (23:25 -0700)]
Support for NVP advanced service router
When creating an LR:
- deploy an Edge asynchronously
- create a L2 switch for connecting LR and Edge
- attach a router port to the L2 switch.
- assign ip address 169.254.2.1/28 and nexthop 169.254.2.3 to LR
When set external gateway:
- configure Edge interface and default gateway
- Add static routes to Edge for all logic networks attached to LR via nexthop 169.254.2.1
- configure SNAT rules for all logic networks attached to LR
When add router interface:
- Add static route/SNAT rule for the network attached to LR
When associate floating IP address:
- configure DNAT rule for the floating ip and the port
Tests being done:
- Verified Edge is deployed asynchronously and LR is attached to the internal created L2 switch
- Manually attach Edge's vNic to the L2 switch and Edge is able to ping 169.254.2.1
- Verified router-delete deletes Edge asynchronously and remove the internal L2 switch
- Verified SNAT/DNAT/static-routes rules are configured on Edge in correct order
- Verified external vnic ip address/netmask and default gateway is configured
Help text was added to the configuration options defined in the brocade neutron
plugin. This help text should assist users of the brocade plugin. The OSTYPE
configuration option was not used in the plugin and was labeled as such so a
user of the plugin would not worry about the meaning of it.
The example etc file /etc/neutron/plugins/brocade/brocade.ini has been updated
to share the same help values where applicable.
Ensure pid file is removed when metadata ns daemon receives SIGTERM
These files from the metadata namespace proxy are not being removed
because delete_pid() is registered with atexit. This means it only runs
when a process exits normally and won't run when a process receives a
signal.
This patch registers a signal handler for SIGTERM that calls exit()
to make the process exit normally so delete_pid() gets called.
Code Review / openstack-build / neutron-build.git / log