Eugene Nikanorov [Tue, 10 Jun 2014 03:55:40 +0000 (07:55 +0400)]
Fix race condition with firewall deletion
In some cases when firewall is created and then deleted in short
period of time, there could be a race condition of firewall status
changes. Agent may change firewall status from PENDING_DELETE to ACTIVE
because the agent has just set it up on the backend.
Delete request then is not properly served and firewall remains in ERROR
state and can't be deleted at all.
To fix this changing status from PENDING_DELETE is not allowed.
Deleting firewall in ERROR state is allowed.
Russell Bryant [Mon, 9 Jun 2014 20:53:21 +0000 (16:53 -0400)]
Ensure routing key is specified in the address for a direct producer
This change is already merged in oslo-incubator. Original commit
message body includes:
Porting this fix from oslo.messaging. This fixes the impl_qpid.py
driver to allow it to work with the latest stable upstream QPID broker
(version 0.28). See the Apache Qpid Jira bug
https://issues.apache.org/jira/browse/QPID-5557
Sean M. Collins [Mon, 7 Apr 2014 18:35:58 +0000 (14:35 -0400)]
Support Subnets that are configured by external RAs
The IPv6 attributes for subnets provides support for IPv6 subnets that
are managed by non-OpenStack gateway devices, by creating a subnet that
has the ipv6_ra_mode attribute not set, and the ipv6_address_mode
attribute set to IPV6_SLAAC.
In order to support stateless IPv6, Neutron should calculate an IPv6
address based on the IPv6 prefix and MAC address via EUI-64 specification,
and assign this address to the port.
marios [Fri, 13 Dec 2013 16:57:28 +0000 (18:57 +0200)]
Make allocation_pools attribute of subnet updateable by PUT
Bug 1111572 was filed about a failed update (PUT) on
'allocation_pools' of subnet. This is currently not allowed by the
neutron API (hence DocImpact below). Following discussion on the
bug and subsequently, it seems this is a desirable feature.
This review makes the allocation_pools attribute of subnet
updateable by PUT. The semantics are that the entire allocation
pools attribute is replaced by the provided parameter (see
provided tests for details).
Unit tests added that exercise successful update of
allocation_pools with sane params and update using erroneous
allocation_pools that fall outside the subnet cidr.
DocImpact
Closes-Bug: 1111572
Change-Id: I47a3a71d0d196b76eda46b1d960193fb60417ba9 Co-Authored-By: Robert Collins <rbtcollins@hp.com>
Ihar Hrachyshka [Fri, 30 May 2014 13:53:25 +0000 (15:53 +0200)]
Monkey patch threading module as early as possible
In oslo.messaging, local thread store is used to pass RPC request
context [1]. If we try to import oslo.messaging before monkey patching
threading library, it attempts to access unpatched storage and fails
with AttributeError.
Ihar Hrachyshka [Fri, 30 May 2014 11:08:40 +0000 (13:08 +0200)]
Added RpcProxy class
This class is intended for easy and iterative migration from
oslo-incubator RPC implementation to oslo.messaging. It will adapt
oslo.messaging API to old oslo-rpc interfaces.
Migrated all affected classes to the new RpcProxy class.
ofagent: Fix VLAN usage for TYPE_FLAT and TYPE_VLAN
while ofagent uses OF1.3, the current coding incorrectly uses
OF1.0 terms in some places. namely, _local_vlan_for_flat uses
0xffff to mean "no VLAN". it should use OFPVID_NONE and
pop_vlan/push_vlan appropriately. the same problem exists for
reclaim_local_vlan.
Kevin Benton [Mon, 9 Jun 2014 07:46:30 +0000 (00:46 -0700)]
Start an unstarted patch in the hyperv unit tests
This starts a patch that was setup but never started
for a loopingcall that was allowing an occasional
exception to be thrown from the agent on unrelated patches.
Pierre Rognant [Wed, 28 May 2014 18:18:45 +0000 (14:18 -0400)]
Add an option to turn off DF for GRE and VXLAN tunnels
Modifications included allow to set a new option (dont_fragment) in
the ovs agent configuration file that can be used for (un-)setting the DF
bit on GRE or VXLAN tunnels. The default behaviour is not altered (DF on).
Kyle Mestery [Fri, 30 May 2014 08:48:37 +0000 (08:48 +0000)]
Default to setting secure mode on the integration bridge
Set the fail-mode on the integration bridge to be secure. This means if the agent
is stopped or crashes, and OVS is also restarted, OVS will not program a default
NORMAL action. As soon as the agent is restarted, it will correctly program the
integration bridge.
Terry Wilson [Thu, 17 Apr 2014 01:48:04 +0000 (21:48 -0400)]
Remove run-time version checking for openvswitch features
The current method of checking openvswitch and kernel versions for
specific feature support is brittle, distro-specific and unsupportable.
This patch removes the runtime version checks and implements a test
script which allows testing specific neutron features or can test
that all features required by a specific configuration are available.
For example, to test VXLAN support in openvswitch, either:
neutron-sanity-check --ovs_vxlan
or pass in the deployed configuration files with AGENT/tunnel_types
containing 'vxlan', like:
Deployment tools can then test that the required features exist without
relying on version numbers and without incurring a penalty every time
the agent is started.
DictModel is a dict where keys are accessible via attribute access.
The old version was an object with attributes created from dict keys and many
attributes where accessible only via getattr because they did not have a valid
python attribute naming (i.e.: 'provider:network_type' is not a valid
python variable/attribute name)::
One of the big advantages when debugging is that now in pdb, pp(d) (where d is
a DictModel instance) shows a nice dictionary structure, while with the old
version whe had to perform a "dir(d)" and introspect each attribute...
Pass object to policy when finding fields to strip
During the evaluation of fields to strip in responses to list
operations, pass also the first object in the list to the
policy engine.
This will avoid errors in policy evaluation if during
an upgrade from icehouse policy.json was not updated to remove
attribute-level policies dependent on resource values.
Allow L3 base to handle extensions on router creation
By changing the boolean flag, API extensions made to
the router model can be handled correctly: this means
that on router creation, the response body will
contain all the extension attributes being part of
the resource. Prior to this fix, it was only on GETs
or PUTs, leaving the user at loss as to whether
the flag was actually being processed.
This is done in preparation for the distributed
router functionality. Breaking down and factoring
out some functionality helps the DVR work to come
as a more loosely coupled addition to the L3
centralized case. This also ensures that the two
code bases are kept separately to minimize chance
of regression, and simplify code coverage effort.
Jakub Libosvar [Tue, 8 Apr 2014 10:41:11 +0000 (12:41 +0200)]
add engine parameter for offline migrations
Offline migration required config file containing connection string.
In that case only engine from URL was used. With this patch engine can be
passed from command line (or config file) along with plugins which sql
script will be generated accordingly.
Jakub Libosvar [Wed, 28 May 2014 16:39:47 +0000 (18:39 +0200)]
Check DB scheme prior to migration to Ml2
When using migration tool from LB/OVS plugin to Ml2, there is no
guarantee current scheme is supported by migration tool. This patch
checks version stored in DB by alembic and compares whether version
is supported.
Sudhakar [Mon, 3 Mar 2014 10:05:20 +0000 (15:35 +0530)]
Improve iptables_manager _modify_rules() method
As the number of ports per default security group increases, the
number of iptables entries on the Compute Node grows. Because of
this, there is a gradual increase in the time taken to apply chains
and rules.
Currently we are using list comprehensions to find if a new chain or
rule matches an existing one. Instead, walk through the list in
reverse to find a matching entry.
Added a new method, _find_last_entry(), to return the entry we are
searching for.
Aaron Rosen [Fri, 30 May 2014 18:59:36 +0000 (11:59 -0700)]
NSX: bump http_timeout to 30 seconds
We've seen that sometimes NSX takes longer then 10 seconds to return
in production setups under high bursts. Setting this value to 30 seconds
seems more appropriate and solves the issue at load.
Kevin Benton [Mon, 2 Jun 2014 05:43:02 +0000 (22:43 -0700)]
BSN: Set hash header to empty instead of False
Sets the consistency hash header to empty instead
of False since 'False' is handled like a string on
the backend and requires special-casing to detect.
Christoph Arnold [Thu, 29 May 2014 14:17:30 +0000 (16:17 +0200)]
Neutron does not follow the RFC 3442 spec for DHCP
When setting a gateway and additional host routes in neutron subnet, the
gateway is only sent to clients via the router dhcp option, dhcp clients
conforming to rfc3442 will ignore router option if
classless-static-routes are available. This patch ensures setting both
the router option and the classless-static-routes including the gateway
Aaron Rosen [Sun, 1 Jun 2014 18:37:05 +0000 (11:37 -0700)]
LBaaS add missing rootwrap filter for route
If one runs the lbaas agent from packages and does not have the l3-agent
installed on the same box as the lbaas agent it will fail to add the
default gw route. This is because it's missing the rootwrap filter for
route which is only present in l3.filters.
Aaron Rosen [Fri, 30 May 2014 22:24:06 +0000 (15:24 -0700)]
NSX: fix tenant_id passed as security_profile_id
Previously we were passing the tenant_id as the security_profile_id
to NSX so these ids would be switched around in the system backend.
This does not affect any operations as this is just extra metadata
in nsx to help an operator debug.
Aaron Rosen [Fri, 30 May 2014 22:11:27 +0000 (15:11 -0700)]
NSX: Fix request_id in api_client to increment
Previously, the NSX request_id in the api_client would always be
0 because the current request id was stored in the class which is
always initialized on each request. This patch fixes that by storing
the request_id as a class variable.
Kevin Benton [Tue, 6 May 2014 04:19:08 +0000 (04:19 +0000)]
Improve usage of MagicMocks in ML2 and L3 tests
Removes usage of a MagicMock in a case where it's not needed.
Replaces a manual function replacement with a mock.patch call
so it's correctly cleaned up by mock.patch.stopall.
Kevin Benton [Fri, 30 May 2014 03:59:00 +0000 (20:59 -0700)]
Remove function replacement with mock patch
In the hyperv unit tests, an rpc method is
manually replaced with a MagicMock using setattr.
This prevents it from being cleaned up by mock.patch.stopall.
This patch replaces it with a short-lived patch call
in a with statement.
Kevin Benton [Fri, 30 May 2014 03:49:48 +0000 (20:49 -0700)]
Remove unnecessary MagicMocks in cisco unit tests
Two patches that just return static data never have
assertions made on the MagicMocks generated. This
replaces the magicmocks with lambdas to make the code
easier to read and to get a minor performance gain.
Kyle Mestery [Thu, 29 May 2014 13:07:55 +0000 (13:07 +0000)]
Handle errors from run_ofctl() when dumping flows
The function dump_flows_for_table() calls run_ofctl(). If this occurs during an OVS
restart, run_ofctl() will return None. dump_flows_for_table() needs to realize this
and not try to call splitlines() on a None object.
Matt Riedemann [Thu, 29 May 2014 14:33:16 +0000 (07:33 -0700)]
Sync periodic_task from oslo-incubator
This is more or less to get commit c63fd5a from oslo into the core
projects which have several periodic tasks. Neutron has periodic tasks
for L3, load balancing and metering agents to sync up state with the
server and most don't have specific spacing values set which can lead to
non-deterministic spacing of when the tasks run.
Note that this does not include the gettextutils and log dependencies
since there are not functional changes in those modules needed for the
periodic_task changes synced in *and* more importantly, the changes
to gettextutils and log require pervasive changes to neutron which
should happen when neutron integrates with the oslo-i18n library for
blueprint i18n--messages.
Further note that this does not include jsonutils due to some
issues introduced with a change for python 2.6 that impacts how strings
are encoded with simplejson. The details for that issue are in bug 1314129. The jsonutils changes are not related to the periodic_task
changes being synced in so the dependency is not functionally required.
The LbaasAgentManager extends PeriodicTasks but wasn't calling the
parent class init function, which was causing failures since commit 47c9d60 changed PeriodicTasks to init _periodic_last_run, so also
fixed that here.
Changes:
c63fd5a Make unspecified periodic spaced tasks run on default interval f0dd798 Remove rendundant parentheses of cfg help strings fcf517d Update oslo log messages with translation domains 051b9f3 Refactor unnecessary arithmetic ops in periodic_task 674cdaf Refactor if logic in periodic_task b6b82c5 Use timestamp in periodic tasks 47c9d60 Don't share periodic_task instance data in a class attr 8b2b0b7 Use hacking import_exceptions for gettextutils._
Code Review / openstack-build / neutron-build.git / log