Allowed Addresspairs: Removing check for overlap with fixed ips
Current code does not allow assigning a fixed ip to a port when that ip
overlaps with one of the addresses in the allowed-addresspairs list.
This is an unnecessary check as the overlap does not have any negative
effect. Further, such a check actually makes it hard to use this
API. For example, if a fixed IP 10.10.1.1 exists on a port and we
want to allow addresses in 10.10.1.0/24 cidr on that port, then one
has to configure a list of 8 cidrs ([10.10.1.0/32, 10.10.1.2/31,
10.10.1.4/30, ..., 10.10.1.128/25]) on the allowed-addresspairs.
In addition to the above reasons, the current code also does not
check for the overlaps in all cases.
Ed Bak [Fri, 7 Mar 2014 17:16:15 +0000 (17:16 +0000)]
Provide way to reserve dhcp port during failovers
This change provides a way to save the dhcp port when failing
over a network from one dhcp agent to another. When a
dhcp-agent-network-remove is issued, the dhcp port device_id is
marked as reserved which causes it to not be deleted. When a
subsequent dhcp-agent-network-add is issued, the reserved port
is used and the device_id is corrected. This is desirable
in order to maintain the dhcp port ip address so that dns doesn't
get impacted. Unit test added.
Édouard Thuleau [Mon, 6 Jan 2014 12:58:39 +0000 (13:58 +0100)]
Implement local ARP responder onto OVS agent
With ML2 plugin and l2-pop mechanism driver, it's possible to locally
answer to the ARP request of the VM and avoid ARP broadcasting emulation
on overlay which is costly.
When this functionality is enabled, the OVS flows logic evolves to [1].
This functionality was introduce in 2.1 OVS branch [2].
A README is added to describe l2-pop mechanism driver and the agents
particularities.
Sam Hague [Fri, 2 May 2014 18:08:09 +0000 (14:08 -0400)]
Allow vlan type usage for OpenDaylight ml2
The initial OpenDaylight integration with Openstack did not support
vlan isolation so it was not included as a valid type. This change
adds the vlan type as allowed.
Also modified tests to include vlan as supported in the
check_segment().
DocImpact:
Use of VLANs with ML2 and the OpenDaylight mechanism driver
requires OpenDaylight Helium or newer to be installed.
NSX: fix error when creating VM ports on subnets without dhcp
The error was caused by a missing LSN port (which is created when
the subnet is setup with dhcp enabled). Therefore, check the port
is in place before proceeding with the setup.
Roman Podoliaka [Wed, 16 Apr 2014 10:59:33 +0000 (13:59 +0300)]
Fix issubclass() hook behavior in PluginInterface
Currently, PluginInterface provides an issubclass() hook that returns
True for issubclass(A, B) call, if all abstract methods of B (stored
in B.__abstractmethods__) can be found in the A.__mro__ tuple of
classes. But there is an edge case, when B doesn't have any abstract
methods, which leads to issubclass(A, B) call returning True even if
A and B are not related all.
E.g. issubclass(NeutronPluginPLUMgridV2, NsxPlugin) returns True,
while these two are different core plugins. And it gets even more
trickier when superclasses are involved: e.g. SecurityGroupDbMixin is
a superclass of NsxPlugin, so depending on the fact whether the
python module with NsxPlugin class is imported or not,
issubclass(NeutronPluginPLUMgridV2, SecurityGroupDbMixin) will return
either False or True accordingly.
Édouard Thuleau [Mon, 3 Mar 2014 17:08:33 +0000 (18:08 +0100)]
OVS lib defer apply doesn't handle concurrency
The OVS lib deferred apply methods use a dict to save flows to add,
modify or delete when deffered apply is switched off.
If another thread adds, modifies or deletes flows on that dict during
another process called deffered_apply_off, its flows could be ignored.
This fix stash reference flows list and point the flows list to a new
cleared flows list. Then, it applies flows from the stashed flows list.
Maru Newby [Fri, 9 May 2014 22:24:45 +0000 (22:24 +0000)]
Make plugin deallocation check optional
The fix for memory leakage in the related bug added a check for plugin
deallocation that performed a call to gc.collect() after every test.
This had the side-effect of increasing test execution time by ~50%, so
this patch makes the check optional via an environment variable
(OS_CHECK_PLUGIN_DEALLOCATION).
It may make sense to create a periodic job that runs with the check
enabled, but otherwise the check can be used by developers for
debugging purposes.
Maru Newby [Wed, 7 May 2014 22:41:40 +0000 (22:41 +0000)]
Ensure core plugin deallocation after every test
The unit tests were previously consuming an excessive amount of memory
(4GB+) due to plugin instances persisting in memory. Deallocation was
not possible where a combination of circular references and mocking
was involved. This patch ensures that only NeutronManager holds a
plugin reference and that all other references are instances of
weakref.proxy. Residual memory footprint for tox executed on a
12-core machine has been reduced to ~1.3GB. Plugin deallocation is
validated at the end of each test to prevent regressions.
This change also includes fixes to unit tests that depended on plugin
instances persisting across tests.
Kevin Benton [Thu, 8 May 2014 23:33:06 +0000 (16:33 -0700)]
Big Switch: Check source_address attribute exists
Check that the source_address attribute exists on
HTTPSConnection objects before referencing it since
it's not present on python 2.6 deployments. If it
does not exist, create a socket connection without
specifying the source.
ML2 VxlanTypeDriver: Synchronize of VxlanAllocation table
At neutron startup VxlanTypeDriver syncs tunnel range from conf
to DB. In case multiple servers deployment restarting several
servers at the same time could lead to DB exceptions being thrown.
Need to synchronize between neutron servers by locking VxlanAllocation
table.
NSX: ensure that no LSN is created on external networks
Logical Service Nodes (LSN) are those that provide dhcp
and metadata services to networks when the NSX plugin is
used without the openstack dhcp and metadata proxy
agents. External networks do not work with Neutron's
dhcp and metadata services, therefore there is no need
to provision a LSN in this case.
In case IpSecPolicy or IKEPolicy is updated while VPN connection that uses it
is already established, IPsecPolicyInUse or IKEPolicuInUse is raised.
Need to clarify their messages to emphasize that policies can't be updated
because they are used by established connection.
Another patch (commit-id: df96a03e6c74f1fceb4525900bca885307907b79) to
fix the same issue with less intrusive consequences was already merged
into master. There's still benefit to have debug logs if this does not
make gate jobs fail, so revert to previous setting value.
Ihar Hrachyshka [Tue, 6 May 2014 13:52:35 +0000 (15:52 +0200)]
Disable debug messages when running unit tests
Some runs started to fail due to large sub_unit.log files. We should
reduce their size. The easy way to achieve this is to disable INFO
messages that are filling our logs.
The policy engine is currently being called for every attribute
of every resource to be returned by a list response. This is
harming the API performance; moreover such a high number of checks
is also unnecessary.
This patch therefore slightly changes the API logic so that list
response first determine the list of attributes which should be
returned querying the policy engine and then use this list for
all resource items to be returned.
To this aim a few methods in base.py needed to be refactored.
This patch also removes the routine check_if_exists from policy.py
and the related PolicyNotFound exception.
Finally, this patch also removes unnecessary admin_or_owner rules
when applied to attributes. This kind of rule indeed has no effect
anyway because of Neutron's ownership checks. The rules were removed
because this change won't allow anymore for having attribute-level
policies whose evaluation result depends on the resource value.
Jakub Libosvar [Tue, 6 May 2014 08:56:31 +0000 (10:56 +0200)]
Fix importing module in test_netscaler_driver
During H302 was introduced new bug importing package instead of module.
This patch is reverting back change on this file from
https://review.openstack.org/#/c/89628/5
Attila Fazekas [Sun, 4 May 2014 17:54:37 +0000 (19:54 +0200)]
L3 RPC loop could delete a router on concurrent update
routers_updated does not acquire any lock just updates
a set for future rpc loop processing.
The self.updated_routers can be changed by concurrent update
notification. If this change happens at the time around the
self.plugin_rpc.get_routers call, the additional routers
- by mistake - is considered as admin_state_up=false routers, which
are safe to delete.
Creating a local copy of the updated_routers and preserve
the fresh updated_routers entries for the next _rpc_loop
operations.
Jakub Libosvar [Fri, 18 Apr 2014 13:32:40 +0000 (15:32 +0200)]
Fix H302 violations
H302 violation is reported by flake8 when importing separated objects from
modules instead of importing the whole module.
e.g. from package.module import function
function()
is changed to
from package import module
module.function()
Jakub Libosvar [Fri, 18 Apr 2014 13:29:49 +0000 (15:29 +0200)]
Fix H302 violations in plugins package
H302 violation is reported by flake8 when importing separated objects from
modules instead of importing the whole module.
e.g. from package.module import function
function()
is changed to
from package import module
module.function()
Jakub Libosvar [Fri, 18 Apr 2014 13:30:32 +0000 (15:30 +0200)]
Fix H302 violations in unit tests
H302 violation is reported by flake8 when importing separated objects from
modules instead of importing the whole module.
e.g. from package.module import function
function()
is changed to
from package import module
module.function()
LipingMao [Mon, 31 Mar 2014 05:49:18 +0000 (05:49 +0000)]
lbaas on a network without gateway
Not only check the gateway_ip in subnet, but also
check the host_routes. If there is a default route in host_routes
then the next hop of the default route is also a gateway_ip.
In the check for all security groups on port belong to tenant,
add a filter to get security groups for the tenant which are in
common with the security groups of the port.
Abhishek Raut [Fri, 2 May 2014 01:16:33 +0000 (18:16 -0700)]
Fix network profile subtype validation in N1kv plugin
Network profile of type Trunk expects a subtype field for
creation. If a subtype is missing in the request body, plugin
should raise an exception. This patch fixes the validation logic
to detect missing subtype field.
Itsuro Oda [Mon, 21 Apr 2014 06:02:52 +0000 (15:02 +0900)]
Performance improvement of router routes operations
This patch fixes inefficiency of updating extra routes.
* remove the code repeated by every routes in validation check.
* remove searching a record to delete per record.
Note: Unit tests are covered by existing ones. So no unit test added.
Edgar Magana [Thu, 1 May 2014 20:25:45 +0000 (13:25 -0700)]
Add support to dynamically upload drivers in PLUMgrid plugin
PLUMgrid plugin will be able to dynamycally upload any of its available drivers.
It will simplify any CI testing by changing the configuration file for the plugin
instead of changing the code directly.
Code Review / openstack-build / neutron-build.git / log