David Edery [Mon, 12 Oct 2015 08:11:50 +0000 (11:11 +0300)]
Enable specific extra_dhcp_opt to be left blank
In some cases there is a need for a blank value of the "router" extra
dhcp option. This fix addresses this issue by introducing a simple
mechanism in the code that allows specific extra dhcp options to be left
blank by applying a different opt_value validation of the data received
from the REST call and different validation on the value that will be
written to the DB.
This fix also takes into consideration bug #1257467 which claims that
in case of a blank "server-ip-address" option a segmentation fault
occurs in dnsmasq. I did not check this claim with a newer dnsmasq
version since it seemed logical that the list of potentially blank
options should be limited to options that are known to work well when
blank and have functional justification for being blank (e.g. "router")
APIImpact
"router" and "classless-static-route" extra dhcp options can be blank
(e.g. opt-name="router", opt-value="")
DocImpact
During port creation/update, Specific extra-dhcp-options can be left
blank ("router" and/or "classless-static-route"). This causes dnsmasq
to have an empty option in the "opts" file related to the network to
which the port is related.
For example:
tag:tag0,option:classless-static-route,
tag:tag0,option:router,
Kevin Benton [Mon, 5 Oct 2015 14:57:54 +0000 (07:57 -0700)]
Only lock in set_members on mutating operations
ipset was locking on every set_members call with an external
filesystem lock. This was expensive when lots of ports that
were a part of the same security group were on the same agent.
This patch adjusts it to check if it needs to make a change before
acquiring the semaphore.
Kevin Benton [Mon, 5 Oct 2015 14:06:54 +0000 (07:06 -0700)]
Remove excessive fallback iptables ACCEPT rules
The previous code was generating a fallback ACCEPT rule for every
port when there should only be one at the very end. The reason that
this wasn't causing a bug is because we have a duplicate rule remover
that was silently throwing away the extras and it happened to get them
in the right order.
This will remove the need of import random in unit/objects/test_base.py
as its already done in tests/tools.py and some of the functions are
called from there.
Ihar Hrachyshka [Thu, 8 Oct 2015 12:56:30 +0000 (14:56 +0200)]
Cleaned up remaining incorrect usage for LOG.exception
- callers should not explicitly pass exceptions into LOG.exception
because it's already implicitly included in the message by stdlib
logging module.
- callers should not call to LOG.exception when there is no exception to
log about (known to fail in Python 3.x < 3.5).
Kevin Benton [Wed, 7 Oct 2015 03:16:15 +0000 (20:16 -0700)]
Fixed multiple py34 gate issues
1. Scope mock of 'open' to module
By mocking 'open' at the module level, we can avoid affecting
'open' calls from other modules.
2. Stop using LOG.exception in contexts with no sys.exc_info set
Python 3.4 logger fills in record.exc_info with sys.exc_info() result
[1], and then it uses it to determine the current exception [2] to
append to the log message. Since there is no exception, exc_info[1] is
None, and we get AttributeError inside traceback module.
It's actually a bug in Python interpreter that it attempt to access the
attribute when there is no exception. It turns out that it's fixed in
latest master of cPython [3] (the intent of the patch does not seem
relevant, but it removes the offending code while reshuffling the code).
Note that now cPython correctly checks the exception value before
accessing its attributes [4].
The patch in cPython that resulted in the failure is [5] and is present
since initial Python 3k releases.
Ihar Hrachyshka [Mon, 5 Oct 2015 15:46:33 +0000 (17:46 +0200)]
Removed neutronclient option from metadata agent
The new RPC interface has proved itself for two cycles, I don't
recollect any serious issues with it, so let's just clean up the
obsolete neutronclient based fallback mechanism.
The metadata agent configuration documentation should be updated
to not require API configuration values for the agent to talk to
neutron-server.
The Drivers team realized that with the current model, RFE
bugs were never off their radar even though RFE proposals were
approved and ready to be worked on. As a result it was becoming
tricky to handle the RFE backlog during the drivers meeting.
These changes are aimed at keeping the list of RFE bugs to a
manageable size, irrespective of how fast code gets submitted
and merged: the responsibilities of vetting feature proposals
and reviewing code are very much different, and this policy
changes try to reflect that.
Michael Smith [Fri, 5 Dec 2014 00:15:43 +0000 (16:15 -0800)]
L3 Agent support for routers with HA and DVR
The main difference for DVR HA routers is where
the VRRP/keepalived logic is run and which ports
fall in the HA domain for DVR. Instead of running
in the qrouter namespace, keepalived will run inside
the snat-namespace. Therefore only snat ports will
fall under the control of the HA domain.
Change-Id: If2962580397d39f72fd1fbbc1188a6958f00ff0c Co-Authored-By: Michael Smith <michael.smith6@hp.com> Co-Authored-By: Hardik Italia <hardik.italia@hp.com> Co-Authored-By: Adolfo Duarte <adolfo.duarte@hp.com> Co-Authored-By: John Schwarz <jschwarz@redhat.com>
Kevin Benton [Mon, 5 Oct 2015 13:37:40 +0000 (06:37 -0700)]
Correct MAC representation to match iptables output
We were previously using the netaddr's mac_unix format
(which leaves off leading 0's) to generate iptables rules
based on MAC addresses. While iptables accepts this format,
it's not returned this way in the output so the iptables
rule matching code would never find the match for these
rules, causing the loss of counters on these rules on every
reload.
This patch corrects this with a custom dialect that matches
the iptables format.
This plugin didn't decompose in the last two cycles, I failed
to spot a functional CI, and there hasn't been any meaningful
activity done in the subtree for the past couple of cycles
Code Review / openstack-build / neutron-build.git / log