Move loadbalancer vip port creation outside of transaction
Currently _create_port_for_vip calls ml2 create_port() method
which includes rpc notification.
That leads to lock wait timeouts in certain cases.
The patch fixes that while making VIP creation process non-atomic.
But that is fine as long until create_vip() returns vip id, it's
not usable from API.
Michael Smith [Tue, 22 Jul 2014 23:58:26 +0000 (16:58 -0700)]
Modify L3 Agent for Distributed Routers
This patch is an enhancement to the existing L3 Agent.
This allows the L3 Agent to support distributed routers
by enhancing the router object to function across
multiple nodes.
Utilized two new types of namespaces:
- FIP to handle multiple VM fips and routers per node
- SNAT to handle centralized SNAT per router
Rules and tables are enhanced and added to support routing
across distributed routers without going to a centralized
router.
Finally, a new configuration param 'agent_mode' is introduced
and it controls what the L3 agent can do: the available values
are: 'legacy', 'dvr', 'dvr_snat' (more details inline).
The l3-scheduler uses the newly introduced agent_mode to
determine what L3 agent to select during the scheduling
process.
OFAgent: Share codes of l2-population in OVS agent
This is step 1 implementation of OFAgent l2-population.
OFAgent partially uses codes in OVS agent on implementation of l2-population.
We share these codes adding mixin class for OVS to l2-population rpc.
We use a ryu library instead of executing a ovs-vsctl command
and on OFAgent l2-population is no longer optional.
Also a function of local arp responder will be implemented on step 2.
This patch changes the name of directory from mech_arista to arista
This name change of directroy is needed so that additional drivers
can be moved into this directory and share the code among drivers.
In order to accomodate this name change, setup.cfg is modified to
point to the Arista ML2 driver at the new location. Additionally,
a similar new directroy is created for test files as well.
Irena Berezovsky [Tue, 18 Feb 2014 13:13:58 +0000 (15:13 +0200)]
ML2 mechanism driver for SR-IOV capable NIC based switching, Part 1
This set of changes introduces the ML2 mechanism driver for SR-IOV capable NIC based switching.
Please see the blueprint for more information.
The review is submitted in two parts:
- Part 1 (this part)
The Mechanism Driver to support port binding for SR-IOV virtual functions of
SRIOV capable switching NICs, such as Mellanox ConnectX Family.
Use configurable list of supported NIC vendor and product PCI ids to filter
devices to bind the SR-IOV port.
Use configurable agent_required option to require SRIOV L2 Agent
for bort binding.
This patch introduces changes to the L2 agent, whereby the L2 agent
relies on a DVR component that takes care of the port wiring and the
management of tunnels in face of topology changes due to the life
cycles or VM's as well as the life cycles of distributed virtual
routers.
Support for DVR needs to be explicitly enabled. Default behavior
remains unchanged.
Previously there was a bug that resulted in a security group being
added to router ports which was not supported in NSX. Removing the
security group didn't actually completely solve the problem as we
never cleared the allowed_address_pairs on the router port. This
patch fixes this issue by disabling port_security_enabled on the
router port.
Cedric Brandily [Fri, 20 Jun 2014 09:31:01 +0000 (11:31 +0200)]
Add partial specs support in ML2 for multiprovider extension
ML2 provider network partial specs let admins choose some
multiprovider network attributes and let neutron choose remaining
attributes. This change provides the implementation for
multiprovider networks.
In practice, for VLAN/GRE/VXLAN segments provider:segmentation_id
choice can be delegated to neutron, in such case neutron try to find
a segment in tenant network pools which respects provided segment
attributes. For VLAN segments provider:physical_network choice can
also be delegated.
Cedric Brandily [Mon, 16 Jun 2014 20:03:14 +0000 (22:03 +0200)]
Add partial specs support in ML2 for gre/vxlan provider networks
ML2 provider networks partial specs let admins choose some provider
network attributes and let neutron choose remaining attributes. This
change provides the implementation for GRE/VXLAN provider networks.
In practice, for GRE/VXLAN provider networks provider:segmentation_id
choice can be delegated to neutron, in such case neutron will try to
find a network in tenant network pools which respects provided
provider attributes.
DocImpact
Related to blueprint provider-network-partial-specs
Partial-Bug: #1330562
Xu Chen [Thu, 19 Jun 2014 19:01:33 +0000 (15:01 -0400)]
call security_groups_member_updated in port_update
When a running VM is added to a security group, all existing VMs (ports)
in the security group should be notified/updated - otherwise they would
have incorrect rules, not knowing the new VM/port added.
The current behavior would only update the port of the added VM. This
patch forces an security_groups_member_updated() call for all the
security groups that have ports removed or added.
Ann Kamyshnikova [Mon, 21 Jul 2014 12:13:14 +0000 (16:13 +0400)]
Fix incorrect downgrade
In downgrade of migration b7a8863760e_rm_cisco_vlan_bindin is used
Integer type with parameter display_width. Integer should be used
without any parameters.
Robert Li [Fri, 11 Jul 2014 15:02:19 +0000 (11:02 -0400)]
Support Router Advertisement Daemon (radvd) for IPv6
Launch radvd from inside l3 agent when any router port has an IPv6 address. If
slaac is used for IPv6 addresses, advertise the prefix associated with the port;
otherwise, advertise default route only.
Change-Id: Ib8b0b3e71f7af9afa769c41357c66f88f4326807
Implements: blueprint neutron-ipv6-radvd-ra Co-Authored-By: Henry Gessau <gessau@cisco.com>
Cedric Brandily [Mon, 16 Jun 2014 20:43:13 +0000 (22:43 +0200)]
Add partial specs support in ML2 for vlan provider networks
ML2 provider networks partial specs let admins choose some provider
network attributes and let neutron choose remaining attributes. This
change provides the implementation for VLAN provider networks.
In practice, for VLAN provider networks provider:physical_network
and provider:segmentation_id choices can be delegated to neutron,
in such case neutron will try to find a network in tenant network
pools which respects provided provider attributes.
DocImpact
Related to blueprint provider-network-partial-specs
Partial-Bug: #1330562
NSX: fix validation logic on network gateway connect
This patch adds validation for the segmentation ID when the
network type for the gateway connection is vlan.
This will avoid requests with invalid vlan IDs are sent to
the backend resulting in 500 error responses being
returned to API users.
To this aim this patch slightly alters the current validation
logic due to the fact that some checks are unnecessary since
the same routine sets default values which avoid the
conditions being checked.
RpcProxy class is used as base in classes with multiple inheritance
(ex. MeteringAgent). To initialize objects of such classes correctly
every constructor should call its base constructor via super().__init__()
Background:
ML2 plugin sometimes uses truncated port uuids.
For example, in the case of ofagent and linuxbridge,
if port id is 804ceaa1-0e3e-11e4-b537-08606e7f74e7,
an agent would send "tap804ceaa1-0e" to the plugin.
ML2 plugin's _device_to_port_id() would restore it to
"804ceaa1-0e". While it's still truncated, ML2 plugin's
get_port() handles that by using "startswith".
The recently merged DVR change (https://review.openstack.org/#/c/102332/)
assumes that port_id is always a complete uuid (it's the case
for openvswitch) and fails to handle the above mentioned case.
This commit fixes the regression.
This patch introduces the RPC contract changes
required for both the server (plugin) and agent
to propagate and retrieve additional information
about Distributed Routers, like MAC addresses
and Port Bindings.
Allow to import _LC, _LE, _LI and _LW functions directly
_LC, _LE, _LI, _LW are translation helper functions. This change updates
hacking rules to allow importing them directly:
from neutron.openstack.common.gettextutils import _LC
from neutron.openstack.common.gettextutils import _LE
from neutron.openstack.common.gettextutils import _LI
from neutron.openstack.common.gettextutils import _LW
neutron.policy module has been updated as an example of _LE, _LI and
_LW uses.
This patch introduces the models, the DB migrations
and the config options required by the L2 layer to
support DVR east/west traffic.
These changes will be used by the control-plane made
of ML2, L2pop and L2 agent.
Two new configuration options have been introduced:
'dvr_base_mac' is used to set DVR MAC addresses apart
from tenant ones (every distributed router will have
ports being created on compute hosts) and
'enable_distributed_routing' is used to enable dvr
support in the L2 agent. This gives the capability of
rolling out the dvr functionality in stages.
Kevin Benton [Sun, 6 Jul 2014 07:00:23 +0000 (00:00 -0700)]
Return a tuple of None's instead of one None
The expected return value of _commit_port_binding is something that
can be unpacked into two values. This changes the condition where a
concurrent delete was detected to return a 2-tuple of None's
instead of a bare None to prevent an iterable error.
Kevin Benton [Mon, 9 Jun 2014 19:20:18 +0000 (12:20 -0700)]
Big Switch: Remove consistency hash on full sync
Clears the consistency hash before performing a full
backend synchronization. Since all of the data is being
replaced, there is no reason to include this and it
currently requires special-casing to handle.
Paul Michali [Mon, 23 Jun 2014 20:42:41 +0000 (16:42 -0400)]
VPNaaS: separate out validation logic for ref impl
Modify the persistence logic for VPNaaS to separate out the
validation for the reference implmentation. This allows
providers to override/extend the validation, as needed.
Additional commits will address the separation for other
providers and for other L3 services.
In addition, the logic that sets default values for optional
attributes is also moved into separate methods to allow
providers to override the defaults used.
Only attributes that have multiple validations are considered
at this time, but this can be extended, as needed.
Currently, one UT fails due to an oslo.messaging bug that
has been fixed, but not yet released for Neutron use.
As a workaround, the affected test case has been commented
out. This test verifies that the right (only, in this case)
device driver is used for validation. Once the issue with
releasing oslo.messaging 1.4.0.0a2 or newer is resolved,
this can be uncommented.
In the future, TaskFlow may be used for the L3 services workflow,
and these changes will provide validation modularization for that
effort.
This patch introduces the model and extension
framework for implementing distributed virtual
routing on top of Open vSwitch.
A new admin-only 'distributed' (as opposed to a
'centralized' or legacy-mode) attribute is added
to the API router resource. It is possible to convert
an existing (centralized) router to a distributed
one; the opposite conversion, even though allowed by
the API, may not be honored by the underlying
plugin implementation and an appropriate error will
be reported.
When creating a router (regardless of the user role),
Neutron will rely on a system wide configuration, whose
default currently allows to create 'centralized' routers.
Tests are added for basic unit coverage; when the first
building blocks for neutron-testing-refactor
are complete, functional testing will be added.
This is because we should be moving away from how
extension tests have been done up until now.
Paul Michali [Mon, 7 Jul 2014 22:57:43 +0000 (18:57 -0400)]
VPNaaS Cisco REST client enhance CSR create
For the create of the REST client object that represents a Cisco CSR,
all of the info needed were passed in as separate parameters. This
change just uses a dict instead, so that additional parameters can
be added w/o changing the API.
Updated the currently unused UT module, just so that it can be used
locally and stays up-to-date until it can be converted to use the
new requests-mock package.
Fixes port update failure when device ID is not updated
The updation was failing because the changed_device_id variable
was undeclared.This fix declares the variable with a default value
at the beginning of the method.
NSX: Remove unneed call to _ensure_default_security_group
This patch removes an unneeded call to _ensure_default_security_group
which does not need to be called in create_security_group_rule_bulk()
as one would need to call get_security_groups() to look up the uuid
of the default security group which be would created it for us, BOOM!
Code Review / openstack-build / neutron-build.git / log