Pritesh Kothari [Thu, 21 Aug 2014 06:51:16 +0000 (23:51 -0700)]
Remove the Cisco Nexus monolithic plugin
The Cisco Nexus monolithic plugin does not work without the Open
vSwitch plugin. The Open vSwitch plugin is scheduled to be removed
as per #1323729. This patch removes the Nexus Hardware switch
related plugin code. The N1KV virtual switch related code will
still remain in the tree as it doesn't depend on Open vSwitch
plugin.
Sylvain Afchain [Mon, 20 Jan 2014 22:38:29 +0000 (23:38 +0100)]
Add a new scheduler for the l3 HA
This patch updates all schedulers in order to support the
scheduling of HA routers. It also refactors and adds tests for
the auto scheduling part.
The schedulers aren't expected to work when creating a router
that's both distributed and highly available. Specific issues
will be reported as bugs and fixed in a future patch.
shihanzhang [Mon, 4 Aug 2014 09:31:01 +0000 (17:31 +0800)]
Adds ipset support for Security Groups
Iptables chain is linear storage and filtering, when iptables rules are
large, the load of l2 agent is heavy, this patch introduces ipset to
security group for improving the security group performance.
ofagent has code for agent-on-DomU support inherited from OVS agent.
However, it's incomplete and broken. Because ofagent uses a direct
OpenFlow channel instead of ovs-ofctl command to program a switch,
the method to use the special rootwrap can not work.
The Arista ML2 plugin was not passing the admin tenant name to EOS without which
it is not possible to authenticate with keystone using just the admin name
and password. This patch passes the admin tenant name along with the admin
credentials.
Cedric Brandily [Wed, 27 Aug 2014 09:35:41 +0000 (11:35 +0200)]
Remove useless check in _rpc_update_firewall
Firewall_db_mixin.update_firewall returns an updated firewall or raises
an error (if the firewall is not found), that's why checking if its
result is evaluated to False is not required
Henry Gessau [Wed, 10 Sep 2014 03:50:09 +0000 (23:50 -0400)]
Use renamed _fail_second_call() in cisco nexus tests
In commit 5e4b0c6fc6670ea036d801ce53444272bc311929 NeutronDbPluginV2TestCase
_do_side_effect() was renamed to _fail_second_call(), but the nexus test cases
were not updated. The tests still worked because they check for
HTTPInternalServerError which is the end result of the server encountering
"AttributeError: object has no attribute '_do_side_effect'". So the fault
injection still worked, but not in the way intended.
Note: the monolithic nexus plugin is not updated here since it is being
removed from the tree.
Sylvain Afchain [Mon, 26 May 2014 12:28:06 +0000 (14:28 +0200)]
Add L3 VRRP HA base classes
Add L3 HA base classes on the plugin side. A new admin-only ha
attribute is added to the API router resource. Conversion from
or to HA router is possible. Each tenant gets a single network
used for HA traffic. The tenant_id for that network is set to
'' so that it isn't visible via the CLI or GUI. A new table
is added to map a tenant to its HA network. Specific HA
attributes are added to the extra router attributes table.
Finally, each HA router gets a port on the HA network, per
l3 agent it is scheduled on. A new table is added to track
these bindings. A new table is added in order to track
VRID allocations.
DVR integration is not expected to work. Any issues will
be reported as bugs and handled after the feature merges.
Migrating a router to HA or from HA works server side
but is not expected to work (Yet) agent side. This will be
dealt with as a bug in the future.
Don't allow user to set firewall rule with port and no protocol
Creating firewall rules specifying a destination port and/or a source
port without a protocol, generates rules without src or dest port
restriction. This was a real security issue for cloud users.
This patch generates a 400 Bad request "Source/destination port
requires a protocol" in case of creation/update of firewall rules
specifying a destination port and/or a source port and without protocol.
Kevin Benton [Wed, 25 Jun 2014 06:12:43 +0000 (06:12 +0000)]
UTs: Disable auto deletion of ports/subnets/nets
Change the behavior of the unit test context managers
for ports, networks, and subnets to skip the deletion
of the objects they create.
Adds explicit delete calls to the tests that require
deletion of the objects.
This is the first patch in a series to eliminate the
automatic deletion of objects created during tests to
improve test performance and make testing more explicit.
Sam Betts [Fri, 5 Sep 2014 15:16:01 +0000 (16:16 +0100)]
Remove second call to get_subnets in delete_subnet
delete_subnet made calls to both get_subnet and _get_subnet,
get_subnet uses _get_subnet so multiple database requests were being
made, this patch removes the call to get_subnet and directly calls
_make_subnet_dict using the result of _get_subnet
Changes to support FWaaS in a DVR based environment
Implementation of Spec to address the changes required for FWaaS
to work with DVR to handle:
* Perimeter Firewall support on N - S traffic
* Ensure that E - W DVR traffic is not broken.
Michael Smith [Tue, 2 Sep 2014 17:07:04 +0000 (17:07 +0000)]
Call unbind_snat_servicenode from schedule router
Refactor to move the call to plugin.unbind_snat_servicenode from
schedule_snat_router to _schedule_router. This is a move to pave the
way for removing hints from schedule router.
NSX: Correct allowed_address_pair return value on create_port
This patch fixes the NSX plugin to return [] rather than None for a
port does not have any allowed_address_pairs when a create_port api
call is made. Currently the NSX plugin is failing every patch because
now tempest is checking for this value to be [].
Factory method provided by the library should be used to create a server
object. This allows to change servers internal implementation without
touching end users.
Also removed custom dispatcher. Its only purpose was to log messages.
If logging is configured accordingly all incoming messages will be
logged from oslo/messaging/_drivers/amqpdriver.py [1]
Michael Smith [Tue, 2 Sep 2014 17:05:12 +0000 (17:05 +0000)]
Remove subnet_id from check_ports_exist_on_l3agent
Refactor check_ports_exist_on_l3agent so that subnet_id no longer
needs to be passed. Instead it calls get_subnet_ids_on_router. This
helps to pave the way for removing hints from schedule router.
Fix AttributeError when setting external gateway on DVR router
DVR routers will have this manager initialized only after one
or more subnets have been attached to the router. To address
the issue, make sure the manager is defined and handle the snat
rules appropriately.
This patch also makes _update_arp_entry more defensive; this is
because the arp update process can be affected by the same issue:
the router may not have internal ports at the time the request
come in. This is likely when VM's port creation and router
configuration overlap slightly.
rajeev [Fri, 22 Aug 2014 22:54:46 +0000 (18:54 -0400)]
Stop tracking connections in DVR FIP Namespace
For DVR, connections to external network using floating IPs do not
need to be tracked in FIP namespace because they are being
already tracked in router namespace.
This fix adds iptable rules to not track connections.
Avoid testing code duplication which introduced testing bugs
SecurityGroupAgentEnhancedRpcTestCase duplicated code in
SecurityGroupAgentRpcTestCase setUp, also
TestSecurityGroupAgentEnhancedRpcWithIptables duplicated
code from TestSecurityGroupAgentWithIptables setUp()
introducing bugs by improper initialization, like a missing
self.iptables.use_ipv6 = True
which in combination with tests.unit.test_ipv6.TestIsEnabled
produced inconsistent testing results.
Kevin Benton [Fri, 5 Sep 2014 04:55:47 +0000 (21:55 -0700)]
Reset IPv6 detection flag after IPv6 tests
Resets a module level flag that was being left in the
state that the previous test set it to. This was causing
unrelated tests to fail if the last state was left disabled.
John Schwarz [Thu, 4 Sep 2014 11:11:26 +0000 (14:11 +0300)]
Revert "Skip functional l3 agent test"
This reverts commit 0918ce91e5af5100ee3a4fcd6861741c4f00ac41. The
specified commit skipped a test which caused non-deterministic gate
failures, but the actual reason for the failures was found and fixed
so the skip is no longer needed.
John Schwarz [Thu, 4 Sep 2014 08:34:29 +0000 (11:34 +0300)]
Fix leftover Timeout effecting most eventlet calls
When registering a new eventlet.timeout.Timeout object, eventlet
automatically starts a timer for most (if not all) future eventlet
calls. Normally, eventlet codes do not hold a timeout unless such a
timeout is used or a specific timeout length is specified through
the API, but once a Timeout object is initialized, it is left there
unless canceled.
This change fixes an un-canceled Timeout which causes some
functional tests to fail, reintroduces a fix for bug #1358206,
which was written prior to discovering the uncanceled timeout, and
increases the timeout of a test that depended on this timeout.
ofagent: Remove @author tags and update copyright notices
When writing these modules, ofagent team (kakuma, yamamoto) thought
that @author tag was OpenStack's style to represent authorships.
But it turned out to be wrong. Acutally there seems to be a consensus
not to use them. So, replace them back to the original Ryu-style
copyright notices.
Carl Baldwin [Tue, 2 Sep 2014 16:49:45 +0000 (16:49 +0000)]
Cleanup rename of get_compute_ports_on_host_by_subnet
A recent merge [1] renamed this method to remove "compute_" from the
name. Unfortunately, the rename was not done thoroughly. This patch
cleans that up. No bug is referenced since this is an obvious
ommission in a recent patch.
Code Review / openstack-build / neutron-build.git / log