Carl Baldwin [Thu, 19 Feb 2015 16:35:01 +0000 (16:35 +0000)]
Mock link local allocator write so UT doesn't write a file
The UTs recently started writing a fip-linklocal-networks file in
test_l3_agent. This is due to a recently added test. This patch adds
a mock to it so that the file is not written.
Miguel Angel Ajo [Tue, 17 Feb 2015 12:28:46 +0000 (12:28 +0000)]
Remove error logs for a common situation (non created ipsets)
The log message was initially added by me as part of a
iptables_firewall refactor.
Ipsets for empty IP address lists aren't currently created,
that means that we can't reference empty security groups
(as ipsets) via iptable rules, and that's a normal condition,
not an error.
Unify logic that determines liveliness of DHCP agent
For DHCP agents sometimes it's not enough to check agent's last heartbeat
time because in its starting period the agent may fail to send state reports
because it's busy processing networks.
In rescheduling logic such DHCP agent is given additional time after start.
Additional time is proportional to amount of networks the agent is hosting.
Need to apply the same logic to DHCP agent scheduler to avoid a case
when starting agent is considered dead and a network gets more hosting
agents than configured.
rajeev [Fri, 13 Feb 2015 21:58:53 +0000 (16:58 -0500)]
fix for _get_external_device_interface_name trace
On removal of external gateway from DVR the code path
external_gateway_removed(...) was trying to access the
agent gateway port interface even when no fip namespace exists.
This change checks for existence of namespace before
accessing the agent gateway port interface through
_get_external_device_interface_name(...) or looking for
floating ips that may have been configured on the
port.
This patch is dependent on the plugin side patch
Change-Id: Ieaa79c8bf2b1e03bc352f9252ce22286703e3715
for retrieving the fip agent port from the
router_update message.
Brian Haley [Fri, 30 Jan 2015 18:22:17 +0000 (13:22 -0500)]
Check if routing rule exists before adding
Since there is no equivalent to 'ip route replace...' with
'ip rule...', we need to check the existence first before
adding, as otherwise we'll end up with multiple identical
routing rules.
Ihar Hrachyshka [Wed, 18 Feb 2015 10:42:43 +0000 (11:42 +0100)]
Monkey patch all the code inside neutron/cmd/eventlet/...
The directory is initially empty.
We are going to maintain entry points for all services and agents that
run in eventlet mode in this directory, and monkey patch them from
there, instead of spreading monkey_patch() calls throughout the library.
This will guarantee us that all the services that are maintained in this
part of the tree monkey patch stdlib properly, before doing any other
imports.
This is also useful to track which parts of the project require
eventlet. This will later help to migrate services one by one out of
eventlet to real threads in case we decide to move this direction.
Ihar Hrachyshka [Thu, 5 Feb 2015 13:21:38 +0000 (14:21 +0100)]
tests: monkey patch stdlib before importing other modules
Some oslo libraries assume that stdlib is already patched when they are
imported (f.e. oslo.concurrency.processutils currently checks whether
time module is monkey patched on import to detect which subprocess
module should be used).
For services, we achieve this by moving monkey_patch() calls as high in
import list as possible. But for tests, we don't control the order in
which testr loads test cases. So to be on safe side, we should make sure
any attempt to load a test case from the tree results in eventlet patch.
We can't put the monkey_patch() call into e.g. neutron/__init__.py to
reuse it both for tests and for services, because in that case we may
break flake8 that loads hacking checks from neutron.* namespace and
relies on proper (unpatched) subprocess module.
Ihar Hrachyshka [Thu, 12 Feb 2015 12:51:21 +0000 (13:51 +0100)]
Don't monkey patch netns_cleanup
There is no reason to monkey patch the tool (it does not rely on any
special kind of model of concurrency). It's better to avoid eventlet
wherever possible, and there are discussions on whether we want to start
dropping eventlet usage agent by agent, so it's worth keeping as much of
code out of monkey business.
YAMAMOTO Takashi [Tue, 17 Feb 2015 05:11:11 +0000 (14:11 +0900)]
OVS UT: Fix some confusions between local vlan id and segmentation id
Also, use different values for them to expose mistakes.
Details:
There are two kinds of vlan ids involved here:
* local vlan id, which is managed by each agents in a node-local manner.
* segmentation id, which is managed by the corresponding ML2 type driver.
These tests use the distinct variables for them.
(LV_ID and LS_ID respectively)
However, these variables are misused in some places, relying on the fact
that their values are same. (42)
Brian Haley [Tue, 17 Feb 2015 20:57:10 +0000 (15:57 -0500)]
Un-break tox for unit tests
Running 'tox -e py27 $some_unit_test' is always failing now
with tox 1.6.0, with this being printed at the beginning:
ERROR: InvocationError: could not find executable 'dsvm-functional:'
Seems commit 540e4d791ff2573aae38810f4c39f2d6f46d8898
(Automate host configuration for functional testing)
added some code to tox.ini that requires version 1.8 or later,
so make that the minimum.
Fix FIP agent gw port delete based on external net
Today the FIP agent gateway port for DVR is deleted
based on the host. When there are multiple external
networks, then the port deletion for the second
external network may fail.
So the current fix checks for the valid host and
external network id and then deletes the FIP agent
gw port if it is the last one to be deleted.
Ann Kamyshnikova [Fri, 13 Feb 2015 15:41:21 +0000 (18:41 +0300)]
Skip DBDuplicateEntry exception in security group creation
An DBDuplicateEntry expection appeared if it is attempted to
create secutity groups in more then one thread. In this situation
at one moment it is trying to be created 2 default security groups
which is not allowed. In this case exception should skipped with
a message about failed attempt.
Lucian Petrut [Tue, 27 Jan 2015 13:23:27 +0000 (15:23 +0200)]
Hyper-V: Fixes security groups issue
After this patch If19be8579ca734a899cdd673c919eee8165aaa0e refactored
securitygroups_rpc, prepare_devices_filter attempts to use methods
unimplemented by the HyperV security groups driver.
For this reason, binding ports fails with NotImplementedError if
security groups are enabled.
Until the HyperV security groups driver reaches parity, the
use_enhanced_rpc property should be set to False on the
HyperVSecurityAgent, falling back to the old behaviour.
Miguel Angel Ajo [Thu, 12 Feb 2015 14:32:58 +0000 (14:32 +0000)]
Setup br-tun in secure fail mode to avoid broadcast storms
When not creating br-tun in secure fail mode, there are chances to
get a broadcast storm from br-tun.
For example, this occurs when at least three nodes have the br-tun
OpenFlow rules reset in and a broadcast/multicast packet enters br-tun.
This can happen if:
* openvswitch is restarted, until the agent reloads the Openflow rules.
* during neutron-openvswitch-agent restart, br-tun is reset, and there
is a few seconds timeframe where tunnel endpoints are plugged and OF
rules are reset.
Secure fail mode doesn't forward traffic by default if no rule is hit.
Assaf Muller [Fri, 13 Feb 2015 16:35:02 +0000 (11:35 -0500)]
Delete qg device during DVR-SNAT router deletion
In the DVR SNAT case, the 'qg' device was not deleted because
of patch:
https://review.openstack.org/#/c/151882/
During functional testing, the device is deleted
during the external bridge deletion. Because that happens after
the SNAT namespace is already deleted, it can cause a kernel
panic or ovs-vswitchd crash for certain OVS versions.
Also added assertions that all router interfaces were properly
cleaned up during functional testing, and enabled the unit tests
to catch this type of error.
Maru Newby [Fri, 9 Jan 2015 15:02:59 +0000 (15:02 +0000)]
Automate host configuration for functional testing
This change adds a new script, configure_for_func_testing.sh, that
automates configuration of a host to support functional testing. The
script's functionality is consumed by a refactored version of
gate_hook.sh, and both minimizes runtime and removes the previous
dependency on the devstack-gate repo.
Additionally, the dsvm-functional tox env is no longer dependent on
devstack to deploy neutron's rootwrap configuration system-wide.
Rootwrap configuration is now deployed to the target tox venv on each
tox invocation.
Robert Kukura [Fri, 22 Aug 2014 09:01:03 +0000 (05:01 -0400)]
ML2: Hierarchical port binding
The ML2 port binding logic is modified to support hierarchical
bindings. If a mechanism driver's bind_port() calls continue_binding()
rather than set_binding(), the supplied dynamic segments are used for
another level of binding.
Robert Kukura [Thu, 21 Aug 2014 19:46:11 +0000 (15:46 -0400)]
ML2: DB changes for hierarchical port binding
To support hierarchical port binding, the driver and segment columns
are moved from the ml2_port_bindings and ml2_dvr_port_bindings tables
to a new ml2_port_binding_levels table. This new table can store
multiple levels of binding information for each port. It has the host
as part of its primary key so that it can be used for both normal and
DVR port bindings.
The cap_port_filter column is also removed from the
ml2_dvr_port_bindings table, since the adjacent driver and segment
columns are being moved, and this can trivially be done via the same
DB migration. It was included in the table by mistake and was never
used.
The logic required for hierarchical port binding will be implemented
in a dependent patch.
Ann Kamyshnikova [Fri, 13 Feb 2015 12:52:49 +0000 (15:52 +0300)]
Fix usage drop_constraint in 2a1ee2fb59e0 migration
Downgrade for migration 2a1ee2fb59e0_add_mac_address_unique_constraint
fails as it gets wrong parameters name, source and local_cols,
although it expects name, source and type_.
Also as MySQL creates index for unique constraint it should be used
"with migration.remove_fks_from_table".
Code Review / openstack-build / neutron-build.git / log