Carl Baldwin [Tue, 1 Apr 2014 22:02:17 +0000 (22:02 +0000)]
Delete routers that are requested but not reported as active
There are two cases that I can think of that result in a router being
requested but not reported as active. One is that admin_state_up has
been set to False. In this case, the router is never removed and
continues to be operational.
The other case is if a router is changed and then deleted before the
change is processed. In this case, it is prudent to be sure that the
router is queued for deletion.
Aaron Rosen [Sat, 15 Mar 2014 05:57:09 +0000 (22:57 -0700)]
Fix _validate_mac_address method
The method _validate_mac_address previously used: netaddr.EUI(data)
which would convert data passed in to the correct mac_address representation.
For example if data=123 it would return: EUI('00-00-00-00-00-7B'). To fix
this issue I used netaddr.valid_mac() instead which returns a bool if a mac is
valid or not and does not raise. Note this file needs some improvements to
improve how exception handling is done that will come later.
Irena Berezovsky [Tue, 25 Mar 2014 07:30:17 +0000 (09:30 +0200)]
Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and
add warning if driver combination is not valid.
Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None).
The -propose-translation-update and -upstream-translation-update
jobs do not update from transifex since our po files contain
duplicate entries where obsolete entries duplicate normal entries.
Robert Kukura [Thu, 3 Apr 2014 21:01:00 +0000 (17:01 -0400)]
ML2: ODL driver sets port status
The OpenDaylight mechanism driver does not depend on an L2 agent to
plug the port. Now that nova waits for notification that the port
status is ACTIVE, the ML2 driver API is extended so that the mechanism
driver that binds a port can optionally set the port status, and the
OpenDaylight mechanism driver uses this to set the port status to
ACTIVE.
Kevin Benton [Thu, 20 Mar 2014 14:24:33 +0000 (07:24 -0700)]
De-duplicate unit tests for ports in Big Switch
This eliminates the separate classes that existed
for the VIF type testing. Each class was going
through all of the port tests when none of the
logic those tests were exercising was affected by
the VIF types.
This cut the number of tests run in test_restproxy_plugin
by close to 44% without a reduction in code coverage.
Miguel Angel Ajo [Mon, 31 Mar 2014 13:50:55 +0000 (15:50 +0200)]
fixes tests using called_once_ without assert
A few tests were using mock's called_once, or called_once_with_args
instead of assert_called_once or assert_called_once_with_args. Those
methods return a bool that needs to be actively checked.
The tests are fixed to avoid them from passing if the call condition
is not met.
Kevin Benton [Tue, 1 Apr 2014 08:05:29 +0000 (01:05 -0700)]
Stop using portbindings_db in BSN ML2 driver
Avoids using the portbindings_db in the Big Switch
ML2 driver since ML2 has deprecated that database for
its own version that tracks the same information.
Also eliminates unnecessary 'binding_host' field since
it is now always the same as as the 'portbinding:host_id'
field.
A minor change is made to the Arista API between ML2 Driver and the
back-end. This fix addresses this change to align Icehouse release with
Arista EOS releases.
Second firewall creation returns 500, but it is an expected behavior
of firewall reference implementation and an internal server error
should not be returned.
Gateway certificates are validated by the NSX backend.
The code currently treats a failure in certification
validation as a backend failure and therefore returns
a 500 status code.
This patch changes this behaviour by returning a 400
status code and an appropriate error description.
To this aim a handler for 400 errors has been added to
the NSX API client.
Miguel Angel Ajo [Tue, 18 Mar 2014 12:33:19 +0000 (13:33 +0100)]
fixes broken neutron-netns-cleanup
Some configuration parameters used in neutron.agent.linux.utils
were missing. The namespace attribute in the FakeNetwork object
was missing, and used in neutron.agent.linux.dhcp. Also, the
plugin object was missing for release_dhcp_port operation.
We provide a fake plugin object to accept current and any future
plugin calls as this is meant to be an standalone tool that
should work without any RPC connectivity.
FakeNetwork was switched for neutron.agent.linux.dhcp.NetModel
to follow any future changes in NetModel.
Two wrong called_once_with_args calls without assert were fixed.
Paul Michali [Fri, 21 Mar 2014 13:14:07 +0000 (13:14 +0000)]
Cisco VPN driver correct reporting for admin state chg
Depends on reference implementation change (81124 review) that will pass VPN
service admin up/down changes to the service driver (for subsequent passing
to the device driver).
This change will save the runtime state of the IPSec connections that have
been removed due to a VPN service down change, so that this can be reported
to the plugin properly. Otherwise, without the change, there is no info
on the downed connection and no change report so the plugin thinks the
connection is still active.
In addition, the status for the VPN service will reflect whether there are
any IPSec connections ACTIVE. If one or more are acive, the service will
be active, otherwise it will be DOWN.
Updated UT to add tests for admin state and status reporting. Also changed
some IPSec create UTs because they were not cleaning up correctly upon test
failures (only seen with a live CSR).
In the future, when the Cisco CSR REST API supports admin up/down support,
the IPSec connections will not be deleted, but instead will be shut down, in
response to an admin down event (and then brought up, for admin up). During
the down time, the state will be reported correctly and no run-time state
recording needed.
Aaron Rosen [Mon, 31 Mar 2014 18:03:48 +0000 (11:03 -0700)]
Only send notifications on uuid device_id's
Neutron assumes that all ports with the device_owner that start with
'compute:' are ports created by nova compute. Thus, when the debug agent
creates a port with device_owner = compute:probe the nova notifier
feature tells nova when this port is wired even though nova does not know
about it (doesn't really matter we just log an error). This patch adds a check
to make sure the device_id is a uuid as nova only uses uuids and the debug
agent uses the hostname for device_id.
Joe Gordon [Tue, 1 Apr 2014 22:06:36 +0000 (15:06 -0700)]
Use a temp dir for CONF.state_path
external_pids will defaults to $state_path(/var/lib/neutron)/external/pids
which isn't accessible when running unit tests so use a tempdir for
CONF.state_path. This bug arose when oslo.config 1.3.0 came out which
fixed bug #1282250 (I4324bda6f3de3cdf05f8eb3cf16052c04018dec8) and
caused this issue.
Kevin Benton [Tue, 1 Apr 2014 06:32:41 +0000 (23:32 -0700)]
BigSwitch: Semaphore on port status update
Adds a semaphore to the _set_port_status
function used by the Big Switch ML2 driver and
plugin. Without it, the async threads are
susceptible to deadlocking and causing the
known eventlet/mysql timeout exception.
Hemanth Ravi [Mon, 31 Mar 2014 00:48:21 +0000 (17:48 -0700)]
Invoke _process_l3_create within plugin session
_process_l3_create should be invoked with a plugin session, else
externalnetworks table is not populated for networks with
router:external=True. Added the missing plugin session.
Recent API changes in N1KV controller require parameters such as
subnet id and IP address to handle port creation successfully.
Without these mandatory paramters, the REST call fails.
This patch addresses that by passing in the missing parameters
in the REST body.
Evgeny Fedoruk [Tue, 18 Mar 2014 17:55:11 +0000 (10:55 -0700)]
Cancelling thread start while unit tests running
This change modifies the Radware driver and its unit testing code
to not start operations completion thread while unit tests are running.
The driver initialization changed not to start the operations completion thread,
the thread is started only when operation completion item is inserted into the queue
for the first time.
The operation completion functionality was moved to a new function which
is called by the operations completion thread run() function.
The run() function still have the functionality of popping operation completion
items out of the queue and push failed items back.
Unit testing code mocks the operation completion items queue
by calling the operations completion hanler new function when item
is added.
Start() and join() functions of the thread were mocked to do nothing.
All sleep() entrances were removed from the unit testing code.
All unnecessary mock_reset() calls were removed.
Carl Baldwin [Thu, 27 Mar 2014 22:21:53 +0000 (22:21 +0000)]
Delete duplicate external devices in router namespace
When a router's gateway is removed during L3-agent restart, the agent
will fail to delete the old external device. This device should be
identified and removed as soon as possible.
Akihiro Motoki [Fri, 21 Mar 2014 23:17:20 +0000 (08:17 +0900)]
UT: do not hide an original error in test resource ctxtmgr
In unit tests, resource contextmanagers such as network(), subnet()
try to delete themselves after returning from yield even if an
exception occurs. However when an exception occurs, there is a case
where deletion fails. In this case original exception will be hidden
and it makes difficult to debug test failures.
Before each test starts, resources like database entries will be
recreated, so there is no need to try to delete resources even
when an exception occurs. This commit removes try-finally clause
from resource contextmanagers to make original errors visible.
Eugene Nikanorov [Wed, 19 Mar 2014 14:00:35 +0000 (18:00 +0400)]
Fix namespace exist() method
Fix namespace exist() method for it shall not be called with a root.
Also, don't run it under the namespace so garbage_collect_namespace
method can run without rootwrap and not withi a ns.
As a result of fixing namespace listing the patch also fixes the
regression introduced (bug/1294603) to loadbalancer agent respawning
haproxy due to inability to list namespaces properly.
Each dnsmasq instance on a network is not aware of other dnsmasq's leases.
When dnsmasq is launched with --no-hosts and is not provided an --addn-hosts
file, it can resolve only the hosts to which it gives a dhcp lease and no more.
i.e.:
If dnsmasq service n°1 gives a lease to instance n°1, and dnsmasq service n°2
gives a lease to instance n°2, both VM instances and dnsmasq services being on
the same network: instance n°1 can not resolve instance n°2, because instance
n°1 queries dnsmasq n°1, and since it did not give the lease to instance n°2,
it can not resolve it (it is not aware of its existence). Same issue if
instance n°2 tries to resolve instance n°1.
The solution is to provide dnsmasq with an --addn-hosts file of all hosts on
the network. With an --addn-hosts file, each dnsmasq instance is aware of all
the hosts on the network even if they do not give the lease for a host,
therefore each dnsmasq instance can resolve any host on their network even if
they did not provide the lease for it themselves.
Aaron Rosen [Wed, 26 Mar 2014 23:40:09 +0000 (16:40 -0700)]
Prevent cross plugging router ports from other tenants
Previously, a tenant could plug an interface into another tenant's
router if he knew their router_id by creating a port with the correct
device_id and device_owner. This patch prevents this from occuring
by preventing non-admin users from creating ports with device_owner
network:router_interface with a device_id that matches another tenants router.
In addition, it prevents one from updating a ports device_owner and device_id
so that the device_id won't match another tenants router with device_owner
being network:router_interface.
NOTE: with this change it does open up the possiblity for a tenant to discover
router_id's of another tenant's by guessing them and updating a port till
a conflict occurs. That said, randomly guessing the router id would be hard
and in theory should not matter if exposed. We also need to allow a tenant
to update the device_id on network:router_interface ports as this would be
used for by anyone using a vm as a service router. This issue will be fixed in
another patch upstream as a db migration is required but since this needs
to be backported to all stable branches this is not possible.
NOTE: The only plugins affect by this are the ones that use the l3-agent.
NOTE: **One should perform and audit of the ports that are already
attached to routers after applying this patch and remove ports
that a tenant may have cross plugged.**
Mark McClain [Thu, 20 Mar 2014 17:49:13 +0000 (13:49 -0400)]
Disable XML tests on Py26
Unit testing on Py26 takes too long to run. The code paths are the
same, so we'll temporarily skip tests is the class contains XML
formating since duplicate full stack JSON tests are run.
Aaron Rosen [Wed, 26 Mar 2014 20:52:05 +0000 (13:52 -0700)]
Subnets should be set as lazy='join'
Currently if one does a net-list tons of queries are issued against the
database as the default query mode is 'select' which performs a query when
the field is actually accessed. In this patch I change the the mode to
'joined' so subnets are loaded as the networks are loaded. Usually, there
are only 1 or 2 subnets on a network so loading this data shouldn't hurt.
This patch in my setup with 5000 networks reduces the net-list call from 27
seconds to 7! Woot Woot :)
Akihiro Motoki [Sat, 15 Mar 2014 15:16:23 +0000 (00:16 +0900)]
nec plugin: allow to delete resource with ERROR status
Previously if a resource is in ERROR status and there is no
corresponding resource on OpenFlow controller, the resource
cannot be deleted through an API request.
This commit rearrange ERROR status check to allow resource
with ERROR status to be deleted.
Ihar Hrachyshka [Mon, 17 Mar 2014 13:18:28 +0000 (14:18 +0100)]
Synced rpc and gettextutils modules from oslo-incubator
The main reason for sync is to get the following oslo-rpc fixes in Neutron:
* I537015f452eb770acba41fdedfe221628f52a920 (reduces delays when reconnecting
to Qpid in HA deployments)
* Ia148baa6e1ec632789ac3621c85173c2c16f3918 (fixed HA failover, Qpid part)
* I67923cb024bbd143edc8edccf35b9b400df31eb3 (fixed HA failover, RabbitMQ part)
Akihiro Motoki [Wed, 26 Mar 2014 14:28:49 +0000 (23:28 +0900)]
Import request_id middleware bug fix from oslo
There is a bug in request-id middleware that a subsequent API request will
overwrite a request-id of a previous request when multiple API calls are
processed in parallel in request_id middleware.
This commit imports the fix in oslo.
The original version of the request_id middleware generates a request ID during
process_request() and stores the value in a variable, so it can be attached as
header in process_request(). This is pretty dangerous, since subsequent
requests will overwrite this value, and the wrong request ID may be attached to
some responses. This is particularly apparent when requests arrive in parallel.
This change replaces process_request() and process_response() with an override
of __call__(). This allows the generated req_id to be used in the response
header without needing to save it as a class-level variable.
----
Code Review / openstack-build / neutron-build.git / log