there is a sysconf entry which controls how deletion of the primary ip
is performed (/proc/sys/net/ipv4/conf/all/promote_secondaries). when set
instead of deleting the secondary addresses, one of them will be
promoted to primary ip.
Without it, when init_l3 called on a port, it may unexpectedly delete
some useful ips.
Make test_l3_agent._prepare_router_data a module function
Remove an unneeded class variable, allowing _prepare_router_data
to be changed to a module level function. This allows the function
to be reused by other tests cases.
Clark Boylan [Fri, 25 Jul 2014 20:30:00 +0000 (13:30 -0700)]
Set python hash seed to 0 in tox.ini
New tox (>=1.7.0) sets a random python hash seed by default. This is
generally good for testing because it will help keep projects working
regardless of the hash seed, but neutron unittests don't currently pass
with a random hash seed so set it to the python default seed.
This change will allow us to use new tox again and remove the
restriction on tox<=1.6.1 to run unittests.
Note this change will need to be backported to the stable branches to
keep unittests there working with new tox as well.
Handle bool correctly during _extend_extra_router_dict
Ensure that extension attributes are always used to
override the chosen defaults. This was not working
in the case of default boolean True, as the testing
condition was wrong.
Encapsulate some port properties in the PortContext
Bindings to host or status may need further encapsulation
to avoid exposing mechanism drivers to underlying DB model
details. This was particularly true in the case of the
l2pop mech driver.
As a result, some docstrings were reworded, and the newly
introduced properties used directly in the mech drivers.
Changes to remove the use of mapping tables from Nuage plugin
Nuage plugin maintains a mapping of Openstack and Nuage resources.
With this change Nuage VSD can itself maintain this mapping, so the
plugin doesn't have to store the information in the neutron DB.
This eliminates potential out of sync and upgrade issues.
Avoid RequestURITooLong exception in metadata agent
Length of API port query is proportional to number of networks
and may exceed URI limit. The solution is to query ports by
given ip address only and then filter them by network_id.
Move loadbalancer vip port creation outside of transaction
Currently _create_port_for_vip calls ml2 create_port() method
which includes rpc notification.
That leads to lock wait timeouts in certain cases.
The patch fixes that while making VIP creation process non-atomic.
But that is fine as long until create_vip() returns vip id, it's
not usable from API.
Irena Berezovsky [Wed, 16 Jul 2014 11:33:42 +0000 (14:33 +0300)]
ML2 mechanism driver for SR-IOV capable NIC based switching, Part 2
This set of changes introduces SRIOV NIC Agent to run with
ML2 mechanism driver for SR-IOV capable NIC based switching.
This is the second part of a 2 part commit.
The review is submitted in two parts:
- Part 1
The Mechanism Driver to support port binding for SR-IOV virtual
functions of SRIOV capable switching NICs.
- Part2 (this part)
The SRIOV NIC Based L2 Agent.
Use configurable list of mappings physical_networks to PF
interfaces and configurable list of mappings PF interfaces
to list of excluded VFs to get list of Virtual Functions that agent should manage.
Current implementation supports admin state updates.
Michael Smith [Tue, 22 Jul 2014 23:58:26 +0000 (16:58 -0700)]
Modify L3 Agent for Distributed Routers
This patch is an enhancement to the existing L3 Agent.
This allows the L3 Agent to support distributed routers
by enhancing the router object to function across
multiple nodes.
Utilized two new types of namespaces:
- FIP to handle multiple VM fips and routers per node
- SNAT to handle centralized SNAT per router
Rules and tables are enhanced and added to support routing
across distributed routers without going to a centralized
router.
Finally, a new configuration param 'agent_mode' is introduced
and it controls what the L3 agent can do: the available values
are: 'legacy', 'dvr', 'dvr_snat' (more details inline).
The l3-scheduler uses the newly introduced agent_mode to
determine what L3 agent to select during the scheduling
process.
OFAgent: Share codes of l2-population in OVS agent
This is step 1 implementation of OFAgent l2-population.
OFAgent partially uses codes in OVS agent on implementation of l2-population.
We share these codes adding mixin class for OVS to l2-population rpc.
We use a ryu library instead of executing a ovs-vsctl command
and on OFAgent l2-population is no longer optional.
Also a function of local arp responder will be implemented on step 2.
This patch changes the name of directory from mech_arista to arista
This name change of directroy is needed so that additional drivers
can be moved into this directory and share the code among drivers.
In order to accomodate this name change, setup.cfg is modified to
point to the Arista ML2 driver at the new location. Additionally,
a similar new directroy is created for test files as well.
Irena Berezovsky [Tue, 18 Feb 2014 13:13:58 +0000 (15:13 +0200)]
ML2 mechanism driver for SR-IOV capable NIC based switching, Part 1
This set of changes introduces the ML2 mechanism driver for SR-IOV capable NIC based switching.
Please see the blueprint for more information.
The review is submitted in two parts:
- Part 1 (this part)
The Mechanism Driver to support port binding for SR-IOV virtual functions of
SRIOV capable switching NICs, such as Mellanox ConnectX Family.
Use configurable list of supported NIC vendor and product PCI ids to filter
devices to bind the SR-IOV port.
Use configurable agent_required option to require SRIOV L2 Agent
for bort binding.
Elena Ezhova [Wed, 9 Jul 2014 16:10:17 +0000 (20:10 +0400)]
Add rule for updating network's router:external attribute
Set admin_only rule for update_network:router:external in policy.json
Also, change the default value of router:external from attr.ATTR_NOT_SPECIFIED
to False, because each time we try to get or update a network the dict with
its attributes is extended by _extend_network_dict_l3 function which adds
router:external=False to the dict if this attribute is not specified.
Thus, if the default value is not specified, router:external is considered
to be updated in any case and the policy rule is applied.
This patch introduces changes to the L2 agent, whereby the L2 agent
relies on a DVR component that takes care of the port wiring and the
management of tunnels in face of topology changes due to the life
cycles or VM's as well as the life cycles of distributed virtual
routers.
Support for DVR needs to be explicitly enabled. Default behavior
remains unchanged.
Previously there was a bug that resulted in a security group being
added to router ports which was not supported in NSX. Removing the
security group didn't actually completely solve the problem as we
never cleared the allowed_address_pairs on the router port. This
patch fixes this issue by disabling port_security_enabled on the
router port.
Cedric Brandily [Fri, 20 Jun 2014 09:31:01 +0000 (11:31 +0200)]
Add partial specs support in ML2 for multiprovider extension
ML2 provider network partial specs let admins choose some
multiprovider network attributes and let neutron choose remaining
attributes. This change provides the implementation for
multiprovider networks.
In practice, for VLAN/GRE/VXLAN segments provider:segmentation_id
choice can be delegated to neutron, in such case neutron try to find
a segment in tenant network pools which respects provided segment
attributes. For VLAN segments provider:physical_network choice can
also be delegated.
Cedric Brandily [Mon, 16 Jun 2014 20:03:14 +0000 (22:03 +0200)]
Add partial specs support in ML2 for gre/vxlan provider networks
ML2 provider networks partial specs let admins choose some provider
network attributes and let neutron choose remaining attributes. This
change provides the implementation for GRE/VXLAN provider networks.
In practice, for GRE/VXLAN provider networks provider:segmentation_id
choice can be delegated to neutron, in such case neutron will try to
find a network in tenant network pools which respects provided
provider attributes.
DocImpact
Related to blueprint provider-network-partial-specs
Partial-Bug: #1330562
Xu Chen [Thu, 19 Jun 2014 19:01:33 +0000 (15:01 -0400)]
call security_groups_member_updated in port_update
When a running VM is added to a security group, all existing VMs (ports)
in the security group should be notified/updated - otherwise they would
have incorrect rules, not knowing the new VM/port added.
The current behavior would only update the port of the added VM. This
patch forces an security_groups_member_updated() call for all the
security groups that have ports removed or added.
Ann Kamyshnikova [Mon, 21 Jul 2014 12:13:14 +0000 (16:13 +0400)]
Fix incorrect downgrade
In downgrade of migration b7a8863760e_rm_cisco_vlan_bindin is used
Integer type with parameter display_width. Integer should be used
without any parameters.
Robert Li [Fri, 11 Jul 2014 15:02:19 +0000 (11:02 -0400)]
Support Router Advertisement Daemon (radvd) for IPv6
Launch radvd from inside l3 agent when any router port has an IPv6 address. If
slaac is used for IPv6 addresses, advertise the prefix associated with the port;
otherwise, advertise default route only.
Change-Id: Ib8b0b3e71f7af9afa769c41357c66f88f4326807
Implements: blueprint neutron-ipv6-radvd-ra Co-Authored-By: Henry Gessau <gessau@cisco.com>
Cedric Brandily [Mon, 16 Jun 2014 20:43:13 +0000 (22:43 +0200)]
Add partial specs support in ML2 for vlan provider networks
ML2 provider networks partial specs let admins choose some provider
network attributes and let neutron choose remaining attributes. This
change provides the implementation for VLAN provider networks.
In practice, for VLAN provider networks provider:physical_network
and provider:segmentation_id choices can be delegated to neutron,
in such case neutron will try to find a network in tenant network
pools which respects provided provider attributes.
DocImpact
Related to blueprint provider-network-partial-specs
Partial-Bug: #1330562
NSX: fix validation logic on network gateway connect
This patch adds validation for the segmentation ID when the
network type for the gateway connection is vlan.
This will avoid requests with invalid vlan IDs are sent to
the backend resulting in 500 error responses being
returned to API users.
To this aim this patch slightly alters the current validation
logic due to the fact that some checks are unnecessary since
the same routine sets default values which avoid the
conditions being checked.
RpcProxy class is used as base in classes with multiple inheritance
(ex. MeteringAgent). To initialize objects of such classes correctly
every constructor should call its base constructor via super().__init__()
Background:
ML2 plugin sometimes uses truncated port uuids.
For example, in the case of ofagent and linuxbridge,
if port id is 804ceaa1-0e3e-11e4-b537-08606e7f74e7,
an agent would send "tap804ceaa1-0e" to the plugin.
ML2 plugin's _device_to_port_id() would restore it to
"804ceaa1-0e". While it's still truncated, ML2 plugin's
get_port() handles that by using "startswith".
The recently merged DVR change (https://review.openstack.org/#/c/102332/)
assumes that port_id is always a complete uuid (it's the case
for openvswitch) and fails to handle the above mentioned case.
This commit fixes the regression.
This patch introduces the RPC contract changes
required for both the server (plugin) and agent
to propagate and retrieve additional information
about Distributed Routers, like MAC addresses
and Port Bindings.
Code Review / openstack-build / neutron-build.git / log