Added Keystone and RequestID headers to CORS middleware
CORS middleware's latent configuration feature, new in 3.0.0,
allows adding headers that apply to all valid origins.
This patch adds headers commonly used in openstack to neutron's paste
pipeline, so that operators do not have to be aware of additional
configuration magic to ensure that browsers can talk to the API.
For more information:
http://docs.openstack.org/developer/oslo.middleware/cors.html#configuration-for-pastedeploy
Carl Baldwin [Tue, 22 Dec 2015 18:19:15 +0000 (11:19 -0700)]
Create a routing table manager
The routing table manager maps address scope ids to routing tables.
It uses the rt_tables file specific to each namespace to maintain the
mapping so that id can simply be used as the table name when running
iproute2 commands. This will be useful when debugging.
Moshe Levi [Tue, 8 Dec 2015 11:11:33 +0000 (13:11 +0200)]
SR-IOV: Fix macvtap assigned vf check when kernel < 3.13
when creating macvtap passthrough to SR-IOV VF in Kernel >= 3.13 an
upper_macvtap symbolic link is created. For Kernel < 3.13 the only
way to know it is by parsing the ip link show output and look for
macvtap[0-9]+@<vf ifname>.
This patch used the ip link show command to detects
macvtap assigned vf so that detection of macvtap assigned vf
will work on all kernels
Yu Fukuyama [Tue, 22 Dec 2015 05:17:30 +0000 (05:17 +0000)]
Fix meter label rule creation
In the case of outbound traffic, set remote_ip to dst.
In the case of inbound traffic, set remote_ip to src.
Change-Id: I7f27b93efa67baf3efccaa94f6a1337d6886e230
Closes-Bug: #1528137
DocImpact: Clarify remote_ip_prefix description of metering label rule in API site
Assaf Muller [Mon, 4 Jan 2016 22:49:09 +0000 (17:49 -0500)]
Remove l2pop _get_port_infos method
It's a method called 'get_port_infos' that returned
4 values, most of which were not a function of the port.
What the method did or its naming was very unclear to me
so I broke it up according to its usage.
Martin Hickey [Tue, 15 Dec 2015 17:42:39 +0000 (17:42 +0000)]
Add test for Neutron object versions
Adds a test to Neutron to check object versions for any changes
to objects. It prompts the developer to update the version of the
changed object. It uses oslo.versionedobjects.
Change-Id: I99454b28ae0b5fa663354eeccdf709d4030a280b Co-Authored-By: Ryan Rossiter <rlrossit@us.ibm.com>
Mathieu Rohon [Wed, 4 Nov 2015 17:49:40 +0000 (17:49 +0000)]
Avoid duplicating tenant check when creating resources
The check of the tenant done in the method _get_tenant_id_for_create()
is already did by the Neutron Controller in prepare_request_body(),
with a call to attributes.populate_tenant_id().
Moreover, when the Controller processes a "create" requests, it
will add the 'tenant_id' to the resource dict.
Thus, _get_tenant_id_for_create() can be deleted.
Calls to this method are replaced by the res['tenant_id'].
Changes have to be done in UT to explicitly add the tenant_id while
creating resources, since the UT framework is bypassing the controller code
that automatically adds the tenant_id to the resource.
Sławek Kapłoński [Thu, 26 Nov 2015 22:31:11 +0000 (23:31 +0100)]
Add extension_manager and support for extensions in linuxbridge agent
There is extensions mechanism for l2 agents already but it was
implemented only for openvswitch l2 agent. This patch adds support for
such extensions also for linuxbridge agent.
This patch also adds support for network_update events received by the
agent via RPC. It is required because sometimes when a network is
updated (for example with a QoS policy is attached to it) all ports that
belong to the network should also be updated.
Assaf Muller [Tue, 5 Jan 2016 01:30:43 +0000 (20:30 -0500)]
Fix API tests
Patch https://review.openstack.org/#/c/256164/
broke the Neutron API job by unsetting Tempest configuration
values that were unused by Tempest, but used by Neutron's fork
of Tempest. This patch copies credentials from the 'auth' section
to the 'identity' section.
The longer term plan is detailed here:
https://etherpad.openstack.org/p/neutron-tempest-defork
TL;DR: Removed overlap of tests between the Tempest and Neutron
repos, then use Tempest's plugin architecture for the tests that
will remain in the Neutron repo.
rossella [Tue, 22 Dec 2015 19:14:15 +0000 (19:14 +0000)]
Support rootwrap sysctl and conntrack commands for non-l3 nodes
Iptables-firewall use commands sysctl and conntrack.
These are missed out in the plugins resulting in (No filter matched) errors in
non-l3 nodes. L3 nodes do not have this problem as l3.filters rootwraps these
commands.
houming-wang [Thu, 24 Dec 2015 15:22:12 +0000 (10:22 -0500)]
Remove openstack.common._i18n from Neutron
Since oslo-incubator is no longer maintained[1] after 90ae25e38915cc502d9e9c52d59e8fb668a72ae1. And
openstack/common/_i18n.py is not referenced by Neutron. Let's remove it.
Dongcan Ye [Wed, 30 Dec 2015 11:16:22 +0000 (19:16 +0800)]
Check missed ip6tables utility
In some scenario, like in OpenStack Kolla, system may lack
iptables-ipv6 package. This may cause command ip6tables-save
or ip6tables-restore invalid and ovs-agent error.
This patch allows checking ip6tables support from CLI:
neutron-sanity-check --ip6tables_installed
Or using configuration options, for example:
neutron-sanity-check --config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
Herman Ge [Mon, 28 Dec 2015 11:31:42 +0000 (06:31 -0500)]
Misspelling in message
Misspelling in following message:
"# interconnect physical and integration bridges using veth/patchs".
Should be:
"# interconnect physical and integration bridges using veth/patches".
Totally 1 occurrence in Neutron base code.
watanabe isao [Tue, 30 Jun 2015 05:36:40 +0000 (14:36 +0900)]
Mitigate restriction for fixed ips per dhcp port
When number of fixed ips per dhcp port exceeds max_fixed_ips_per_port,
a dhcp resync will be triggered.
The bug report stated how simply this issue can be triggered.
Moreover, "max_fixed_ips_per_port" value should be used for non-DHCP
port only and DHCP port is not affected by this parameter.
Kyle Mestery [Wed, 17 Jun 2015 14:46:47 +0000 (14:46 +0000)]
dhcp: Default to using local DNS resolution
It's pointless to not include default DNS resolution for Neutron.
This adds a new config option (dnsmasq_local_resolv) which defaults
to 'True' and will allow for DNS name resolution to work out of
the box. The caveat is that if the 'dnsmasq_dns_servers' is set it
will override the 'dnsmasq_local_resolv' setting, thus allowing
operators to explicitly set their own DNS servers.
DocImpact: Default to using local DNS resolution with the DHCP agent.
shihanzhang [Wed, 30 Dec 2015 07:55:35 +0000 (15:55 +0800)]
Remove unused variable use_call in ovs-agent
The patch Id28248f4f75821fbacf46e2c44e40f27f59172a9 makes agent
always reporting its state with RPC call() method, so the variable
self.use_call was unused, this patch removes it.
hgangwx [Sat, 26 Dec 2015 13:16:23 +0000 (21:16 +0800)]
Wrong usage of "a"
Wrong usage of "a" in the messages:
"'%s' is not a integer"
"Create a address scope"
"Return True if port has as a allowed address pair"
"But if a agent does not report its status"
"a ipv4 link-local address"
"Retrieve and return a extended information about a network"
"It could be a eui-64 address, a random IPv6 address"
"push a elastic-recheck query for it (see below)"
"is not a enforced requirement"
"a ovs_lib.VifPort object"
Should be:
"'%s' is not an integer"
"Create an address scope"
"Return True if port has as an allowed address pair"
"But if an agent does not report its status"
"an ipv4 link-local address"
"Retrieve and return extended information about a network"
"It could be an eui-64 address, a random IPv6 address"
"push an elastic-recheck query for it (see below)"
"is not an enforced requirement"
"an ovs_lib.VifPort object"
Akihiro Motoki [Fri, 25 Dec 2015 14:27:03 +0000 (23:27 +0900)]
Allow to control to use constraint env for functional jobs
VPNaaS functional tests now use dsvm-functional instead of
*-constraints. Always assuming *-constraints breaks the functional
jobs which is not run in a constrainted environment yet.
Carl Baldwin [Wed, 23 Dec 2015 17:16:15 +0000 (10:16 -0700)]
Add address scope to floating IPs in RPC response to L3 agent
The L3 agent needs to know the address scope of the fixed ip of each
floating ip because floating ips are a way to cross scope boundaries.
Without the scope information, there could be ambiguity and no way to
know which scope to send it to.
Jakub Libosvar [Tue, 30 Jun 2015 12:46:30 +0000 (12:46 +0000)]
Add firewall blink + remote SG functional tests
This tests that firewall still does its purpose even when rules are
being updated. That means there is no short period of time where
security groups are inactive during update.
Part of this patch introduces Pinger class. This object provides
capability of sending ICMP packets asynchronously and after
it's stopped it provides statistics like how many packets were
sent and how many were received. Note the difference between
assert_ping() functions, which are synchronous.
Another testing of remote security groups is also added.
Jakub Libosvar [Fri, 12 Jun 2015 15:40:21 +0000 (15:40 +0000)]
Add test cases to testing firewall drivers
Part of this patch is also preparation for having common test plan for
firewall driver testing.
Following test cases were implemented:
- dhcp works by default
- dhcp server is prevented on vm by default
- ip spoofing from vm
- allowed address pairs allows traffic to given ip
- arp can go through
- ingress/egress traffic with src/dest port ranges
QoSAgentExtension should invoke QoSAgentDriver
to reflush qos policy rules only if there is any rules related change.
QoS policy changes, such as description change, should not cause
reconfiguration of the qos policy rules.
lzklibj [Thu, 17 Dec 2015 04:07:32 +0000 (12:07 +0800)]
update docstring for get_ports_on_host_by_subnet
This patch updates docstring for get_ports_on_host_by_subnet, to
tell that the method will only get dvr serviced ports, not all ports
for given subnet and host.
Akihiro Motoki [Tue, 22 Dec 2015 10:14:37 +0000 (19:14 +0900)]
Restore _validate_subnet/uuid_list not to break subproject gates
https://review.openstack.org/#/c/258867/ removed
_validate_subnet_list and _validate_uuid_list.
_validate_subnet_list is being used in VPNaaS and VPNaaS gate
is now broken. We need to remove validators more carefully
because subprojects may use them.
This commit restores them once.
Assaf Muller [Mon, 21 Dec 2015 22:50:36 +0000 (17:50 -0500)]
Delete test_restart_l3_agent_on_sighup
After looking at the test and its scope, it seems like 100% of the
code it tests is owned by oslo.service. That library has its own tests,
is there value in keeping the test in Neutron?
DVR:Fix _notify_l3_agent_new_port for proper arp update
Now with notifications coming from ml2 plugin on port create
and port update, it is worth fixing the existing _notify_
l3_agent_new_port for proper arp update and router scheduling.
Previously we have been sending arp update and calling router
scheduling for every update notification for service ports,
but now we can take necessary action only when required, since
the fix to update the arp and router scheduling was recently
done by sending the port info for every new port created.
When _notify_l3_agent_port_update is triggered, we check if the
original port host binding exists and if there is a change in
host binding with respect to the new port, then we go ahead and
reschedule the router on the new host and flush the arp entry.
Code Review / openstack-build / neutron-build.git / log