Now tempest-lib provides token_client modules as library and the
interface is stable. So neutron repogitory doesn't need to contain
these modules.
This patch makes neutron use tempest-lib's token_client and removes
the own modules for the maintenance.
Kevin Benton [Wed, 16 Sep 2015 10:02:49 +0000 (03:02 -0700)]
Revert "Pecan WSGI: prevent plugins from opening AMQP connections"
This reverts commit 2ba2456f9dae2a4cf30804a562c08832c24b6231
because it has a conflict with upstream commit 9f6bd17703b7286be9e7d439d15f4dec2774e13a. We need to merge
master into pecan with this reverted and then revert the revert
and resolve the conflict there so we don't have any conflict
resolutions in merge commits.
Sachi King [Tue, 1 Sep 2015 05:10:54 +0000 (15:10 +1000)]
Add constraint target to tox.ini
This adds a pip install command to tox.ini that is only used when the
tox env is passed with the 'constraints' factor appended onto it.
As such this will not effect developer workflows or current unit tests.
The initial use of this will be in a non-voting job, to verify that the
constrained checks with tox are stable. DevStack is already running
constrained jobs, as such problems are no expected.
To run a tox with pip using constraints on a developer system a
developer should run the desired tox environment with -constraints.
For example: $(tox -epy27-constraints)
Pip will pull the current version of the upper-constraints.txt file down
from the git.openstack.org, however this method can be overriden to use
a local file setting the environment variable "UPPER_CONSTRAINTS_FILE"
to the local path or a different URL, it is passed directly to pip.
This is currently not enabled in the default tox run, however it is
possible to enable it as a default by adding it to 'envlist' in tox.ini
Jakub Libosvar [Thu, 13 Aug 2015 09:08:20 +0000 (09:08 +0000)]
Fix establishing UDP connection
Previously, in establish_connection() for UDP protocol data were sent
but never read on peer socket. That lead to successful read on peer side
if this connection was filtered. Having constant testing string masked
this issue as we can't distinguish to which test of connectivity data
belong.
This patch makes unique data string per test_connectivity() and
also makes establish_connection() to create an ASSURED entry in
conntrack table. Finally, in last test after firewall filter was
removed, connection is re-established in order to avoid troubles with
terminated processes or TCP continuing sending packets which weren't
successfully delivered.
Just like the global root controller "/" returns info for
all versions, with this change the version root controller
"/<version>" will return info about the selected version.
The patch also ensures the root version controller only
accepts GET requests.
Kevin Benton [Tue, 15 Sep 2015 17:22:35 +0000 (10:22 -0700)]
Log exception.msg before exception.message
The exception translation hook was logging the exception messages
before variables were interpolated, making it really unhelpful.
This patch corrects that and falls back to e.message if e.msg isn't
available.
Kevin Benton [Tue, 15 Sep 2015 17:13:38 +0000 (10:13 -0700)]
Add missing resource discriminator in update resp
The update method of the pecan itemcontroller was not returning
the response encapsulated correctly in a dictionary with the resource
type identifier. This was discovered via the standard API tests.
Kevin Benton [Tue, 15 Sep 2015 17:07:51 +0000 (10:07 -0700)]
Add basic bulk support to collection controller
This patch adds very basic bulk support to the
collection controller for bulk operations. TODOs
are inline for the things that still need to be
done. Functionality was verified with api tests.
Kevin Benton [Tue, 15 Sep 2015 16:46:05 +0000 (09:46 -0700)]
Remove duplicated API server
The server in neutron.cmd.eventlet.api was almost exactly the same
as neutron.cmd.eventlet.server.main_wsgi_pecan(). This patch just
gets rid of the former and updates a bash script to reference the
latter.
Moshe Levi [Mon, 10 Aug 2015 09:25:59 +0000 (12:25 +0300)]
QoS agent extension and driver refactoring
Moved some code common to all drivers into base
qos driver abstract class, so related bugfixes go all in one
place and we simplify the logic for every qos drivers.
Port/Policy mapping moved out to a separate class.
Similar to IPv4 arp protection support, this patch adds the necessary OVS
rules to prevent ports attached to agent from sending any icmpv6 neighbor
advertisement messages that contain an IPv6 address not belonging to the port.
For details please refer to "Figure 3. Attack against IPv6 Address Resolution"
http://www.cisco.com/web/about/security/intelligence/ipv6_first_hop.html
Cedric Brandily [Mon, 24 Aug 2015 20:24:10 +0000 (22:24 +0200)]
Remove out-of-tree vendor AGENT_TYPE_* constant
AGENT_TYPE_* constants[1] defines all agent types BUT the only vendor
one(AGENT_TYPE_NEC) is only used in out-of-tree networking-nec repo.
This changes removes out-of-tree AGENT_TYPE_NEC constant (dependant
change defines it in networking-nec repo).
Jakub Libosvar [Mon, 14 Sep 2015 14:54:34 +0000 (14:54 +0000)]
func: Don't use private method of AsyncProcess
In functional test we simulate crash of AsyncProcess by calling
_kill_process(). This method is a private method and such usage
introduced a race where process was respawned prior to calling wait() of
killed process, leading to infinite wait on newly spawned process.
This patch adds manual send of kill and then active waiting for process
to be respawned, similarly like done with recent keepalived patch [1].
Per [1] we are using a better way to keep tunnel connectivity,
so reset_bridge isn't used anymore. Bug in [2] was caused by
using method reset_bridge which will delete and recreate bridge.
For [1] makes method reset_bridge deprecated, it makes sense to
remove this method, and make [2] no longer produce.
Kevin Benton [Thu, 3 Sep 2015 17:01:40 +0000 (10:01 -0700)]
Add utility function for checking trusted port
Ports that have a device_owner that starts with 'network:'
are trusted in several places throughout the codebase. Each
of these did a startswith check on each field and it's not
immediately obvious why it's done.
This patch adds a utility function called 'is_port_trusted'
that performs the same check and makes it obvious what is
being done.
Currently, the vip of lbaasV2 will not have l3 network with DVR.
This prevent the usercase of lbaasV2 + DVR. This patch aims to
enable servicing lbaasv2 vip by DVR.
Cloud deployed at scale most likely will use these scheduler
drivers because they allow a fairer resource allocation compared
to chance schedulers (which randomly place resources on the hosts).
Because of their importance, it's only wise to test them in
the gate on a continuous basis, so that we do not get surprised
by accidental regressions.
Rather than pushing this down through devstack-gate/project-config
patches, this chance alters the default of the scheduler
drivers, so that users can also pick these up out of the box.
This means that after an upgrade they would observe a change in
the scheduling behavior, if they relied on the default config.
Fix BadRequest error on add_router_interface for DVR
This operation for DVR is made of multiple steps, some of
which are not within the same DB transaction. For this
reason, if a failure occurs, the rollback will be partial.
This inconsistent state leads the retry logic to fail with
BadRequest, because the router is believed to be already
connected to the subnet.
To fix this condition, it is necessary to delete the port
should the DB deadlock occur.
This test initial design is problematic: it spawns keepalived,
it asserts the process is up, then it attempts to kill it.
However, this is when problems may arise:
a) it does so by using the disable method on the process - we
should be more rude than that if we want to simulate a crash!
b) keepalived may be forking while it is starting and it is
possible that for a moment the ppid changes and the process
owner invoking the kill has no rights to kill the spawned
process. This is the most plausible explaination I could find
as to why kill returns 1 with no standard error
c) it does not verify that the process has indeed disappeared
(what if the pm.disable didn't work?) - this means that the
test can pass, and yet the monitor may not work.
Bottom line: this test relied on the correctness of the very code
that was meant to validate...and that's not cool. To this aim, we
wait for the process to be active, kill the process with a kill -9
and verify that the process after the kill is indeed different.
Code Review / openstack-build / neutron-build.git / log