Tomoe Sugihara [Mon, 18 Feb 2013 06:24:55 +0000 (15:24 +0900)]
Fix SG interface to reflect the reality
The signitures of abstract methods in SecurityGroupPluginBase
has diverged from db mixin implementation.
This patch updates the methods to fix the divergence, mainly
by removing update method from the base. Note that there's an
issue for missing update(bug #1124865).
Aaron Rosen [Mon, 18 Feb 2013 02:49:40 +0000 (18:49 -0800)]
Need to pass port['port'] to _get_tenant_id_for_create()
This change set I9ac44a8e moved this logic out of the transaction
which caused this bug. Unit tests did not catch this because
this error is caused on NVP since the tenant_id is passed in as a tag
and this change resulted in the tenant_id becoming None which is not
an allowed tag value. Will improve error handling and edge cases like
this to fake_nvpapiclient in different commit.
Aaron Rosen [Sun, 17 Feb 2013 23:45:24 +0000 (15:45 -0800)]
Decouple helper functions from L3NatDBTestCase
In order to use the helper functions i.e _create_router in L3NatDBTestCase as
a mixin one needs to also run all the unit tests within L3NatDBTestCase.
These helper functions should be decoupled in the same way that
QuantumDbPluginV2TestCase() is done.
This patch also removes any unused variables within test_l3_plugin.py
Mark McLoughlin [Mon, 11 Feb 2013 00:00:19 +0000 (19:00 -0500)]
Use oslo-config-2013.1b3
The cfg API is now available via the oslo-config library, so switch to
it and remove the copied-and-pasted version.
Add the 2013.1b3 tarball to tools/pip-requires - this will be changed
to 'oslo-config>=2013.1' when oslo-config is published to pypi. This
will happen in time for grizzly final.
Remove the 'deps = pep8' from tox.ini as it means all the other deps
get installed with easy_install which can't install oslo-config from
the URL.
Retain dummy cfg.py file until keystoneclient middleware has been
updated (I18c450174277c8e2d15ed93879da6cd92074c27a).
Aaron Rosen [Sat, 16 Feb 2013 21:01:29 +0000 (13:01 -0800)]
Unable to update port as non-admin nvp plugin
The port security patch to the nvp plugin broken the ability to update a port
as a non admin user. This patch fixes that and adds a unit test for updating
a port as a non-admin user since there was not one before.
Aaron Rosen [Sat, 16 Feb 2013 06:08:10 +0000 (22:08 -0800)]
Rename admin_status_up to admin_state_up
This patch renames all instances of admin_status_up to admin_state_up since
that is the correct name. There was also one instances of this for NVP which
was renamed to admin_status_enabled since that is what the name is in NVP.
This patch introduces a simple framework for enabling
nvlib to call the appropriate routine according to the
current version. To this aim, we leverage the 'server' header
which is returned by every NVP API calls (except login/logout).
The patch also accounts for the changes introduced in NVP 3.0
Sumit Naiksatam [Wed, 6 Feb 2013 04:25:46 +0000 (20:25 -0800)]
L3 API support for BigSwitch-FloodLight Plugin
In keeping with the philosophy of the RESTProxy plugin, L3 extension calls
are processed (CRUD of logical resources) and the state changes are proxied
to a backend controller.
A configuration variable specific to the RESTProxy plugin is being added
to identify that particular Quantum server's ID.
Alessio Ababilov [Fri, 15 Feb 2013 07:52:24 +0000 (09:52 +0200)]
Allow tests from test_dhcp_agent run independently
Some tests from test_dhcp_agent depend on each other
and cannot be run in arbitrary order. TestDhcpAgent
and TestDhcpAgentEventHandler need config options that
are initialized in other tests. This patch eliminates
such dependencies.
Michael J Fork [Mon, 4 Feb 2013 15:27:37 +0000 (15:27 +0000)]
Mark password config options with secret
Config object supports masking values when writing out if the secret
flag is set on the option definition. This change flags all quantum
options containing a password.
Shiv Haris [Wed, 23 Jan 2013 03:33:55 +0000 (03:33 +0000)]
Adds Brocade Plugin implementation
blueprint brocade-quantum-plugin
This plugin is meant to orchestrate Brocade VCS switches
running NOS, examples of these are:
1. VDX 67xx series of switches
2. VDX 87xx series of switches
Stephen Gran [Wed, 6 Feb 2013 14:57:57 +0000 (14:57 +0000)]
Persist updated expiration time
Without creating a subtransaction, the database query wasn't actually
being run and the data was being lost. This resulted in the case that
on termination of long running VMs, the VM IP address was immediately
available for reuse instead of being held as it should have been.
Fixes: bug #1116500
Change-Id: I7774273b8e799d945c27329e9da2dba34e39fdb8 Signed-off-by: Stephen Gran <stephen.gran@guardian.co.uk>
mathieu-rohon [Thu, 7 Feb 2013 15:05:22 +0000 (16:05 +0100)]
Add check for subnet update with conflict gateway and allocation_pools
Fixes: bug 1062061
The patch will raise exception 'GatewayConflictWithAllocationPools' when
subnet update with conflict gateway and allocation_pools.
Because before validate gateway ip with conflict allocation pools, we need
validate allocation pools first. Move the validation of allocation pools
into _validate_subnet. Then_allocate_pools_for_subnet is only responsible
for pools allocation, and_validate_subnet is responsible for most validate
for subnet.
Aaron Rosen [Tue, 12 Feb 2013 00:17:22 +0000 (16:17 -0800)]
Fix NVP L3 gateway ports admin_state_down on creation
Some of the transaction code that was added was removed in the L3 patch
for nvp. This reintroduced the logic where ports would be created in the
quantum db with admin_state_up=False. This caused L3 gateway patch ports
to be created with admin_state_up=False.
Paul Michali [Mon, 11 Feb 2013 14:58:41 +0000 (09:58 -0500)]
Remove cfg option default value and check if missing
Currently, several plugins already check config options at __init__()
for validity and will exit, if the settings are incorrect. However,
most (all?) config option definitions have default values, so if the
option is missing, a valid, but maybe unexpected value will be used.
This is what occurred in the bug.
The proposed fix is to take a config option, sql_connection, which is
used by many plugins, and remove the default value. Then, at init
time, when the config option is used in configure_db(), a check is
made for the value. If the value is not set, a warning is logged and
the value is set to the default, for db/api.py. It is expected that
this will be the only module to consume this config option.
Added UT to check that log warning is issued. Also, changed the timing
so that the test takes 0.25 secs vs 12 secs. Removed UTs in two plugin
tests that checked the default value for sql_connection.
Other alternatives explored in previous patches, were to either
raise an exception, or mark this config option as "required". This
resulted in a large number of changes to tests, and required config
overrides in plugins that imported quantum.db.api, but did not use
sql_connection.
In order to keep this solution (of this log-hanging fruit) fix, the
proposed, simpler change is being made.
Some cleanup to the Cisco plugin test case was also made, so that
the mock was more in line with what production code does.
If multiple instances of l3_agent are running on the same host, all qrouter-
namespaces will be destroyed as new l3_agents are started. This fix allows
for multiple l3_agents to be running on the same host when router_id is set
for each agent.
Akihiro MOTOKI [Mon, 11 Feb 2013 13:31:19 +0000 (22:31 +0900)]
Move auth_token configurations to quantum.conf
keystone auth_token middleware now allows quantum to have auth_token
configuration in quantum.conf. This commit moves the example of
auth_token configuration from api-paste.ini to quantum.conf.
This simplifies user configuations and users is no longer required
to edit api-paste.ini.
This change does not break backward compatibility. auth_token first
tries the configurations in /etc/quantum/api-paste.ini and then the
above configurations. Thus a user who already use api-paste.ini
does not need to change it.
This patch adds supports the Quantum L3 API extension to the nicira NVP
Quantum Plugin.
The patch includes code for managing Quantum routers, router interfaces,
external gateways, and floating IPs, and for applying the relevant
configurations on the NVP controller using the NVP API.
The patch also includes NVP-specific support for access to the nova
metadata server via injection of a host route in VM instances.
firewall_driver configuration option has been introduced in the patch
of OVS security group support and it affects Linux Bridge plugin.
The default value of firewall_driver is NoopDriver.
Thus firewall_driver configuration is required in Linux Bridge plugin.
Edgar Magana [Fri, 8 Feb 2013 17:01:34 +0000 (09:01 -0800)]
PLUMgrid quantum plugin
PLUMgrid plugin supports Quantum Core V2 APIs over an infrastructure running
PLUMgrid Network Virtualization Platform.
The plugin will interact directly with the Hypervisor layer to provide all the
networking functionality requested by Quantum APIs.
It will be based on a controller-mode implementation were all resources state
will be controlled and handled by the plugin.
Nachi Ueno [Fri, 11 Jan 2013 00:24:54 +0000 (16:24 -0800)]
Implements quantum security groups support on OVS plugin
implements bp quantum-security-groups-iptables-ovs
- Adding [SECURITYGROUP] firewall_driver to the conf
- Adding NoopFirewallDriver
- Adding OVSHybridIptablesFirewallDriver
- Refactoring security group code to support OVS plugin
Henry Gessau [Thu, 7 Feb 2013 21:01:28 +0000 (16:01 -0500)]
Improvements to API validation logic.
Do not automatically map generic exceptions like AttributeError to
http errors (instead they should be handled closer to where they occur
so that they can be "intelligently" converted to the appropriate
error).
Fix up some expected error codes in the unit tests.
Improve some of the validation messages.
Remove all use of locals() in attributes.py
Mark McClain [Tue, 5 Feb 2013 04:59:59 +0000 (23:59 -0500)]
add non-routed subnet metadata support
implements blueprint metadata-non-routed
This patchset completes Quantum metadata support by adding metadata
proxy support for isolated network segments. The support requires that
the guest instance request host routes, so that the DHCP port can be
used to proxy metadata requests. NOTE: The cirros image does not support
host router, so the UEC or equivalent required for testing and usage.
'Flat' and 'Vlan' where not being converted into 'bridge'
This change cannot have unit tests because the fake nvp api
client does not validate such constraints at the moment