Assaf Muller [Thu, 12 Mar 2015 23:50:43 +0000 (19:50 -0400)]
Replace keepalived notifier bash script with Python ip monitor
Previously L3 HA generated a bash script and copied it to a per-router
configuration directory that was visible to that router's keepalived
instance. This patch changes the in-line generated Bash script to a
Python script that can be maintained in the repository.
The bash script was used as a keepalived notifier script, that was invoked
by keepalived whenever a state transition occured. These notifier scripts
may be invoked by keepalived out of order in case it transitions quickly
twice. For example, if the master failed and two slaves fight for the new
master role. One will transition to master, and the other will often
transition to master and then immidiately back to standby. In this case,
the transition scripts were often fired out of order, resulting in the
wrong state being reported.
The proposed approach is to get rid of the keepalived notifier scripts
entirely. Instead, monitor IP changes on the HA device. If the omnipresent
IP address was configured on the HA device, it means that we're looking
at a master instance. If it was deleted, the router transition to standby
or fault.
In order to keep the L3 agent CPU usage down, it will spawn a process
per HA router. That process will start the ip address monitor.
Whenever it gets an IP address change event, it will notify the L3 agent
via a unix domain socket.
Fix broken link, add missing header, and remove new contributions
from the list. This table should just capture the progress status
of existing plugins and drivers at the time the decomp was conceived.
Pritesh Kothari [Mon, 23 Feb 2015 17:52:28 +0000 (09:52 -0800)]
Adding VLAN Transparency support for ML2 along with REST API changes
* Exposing vlan transparency attributes via the network api
calls so POST and GET operations can be performed.
* Tied in the vlan transparency attribute with create network
call and use the config default.
* Update the unit test to cover vlan tranparency.
* Add support for ml2 to take advantage of vlan transparency
attribute.
Shivakumar M [Tue, 25 Nov 2014 08:46:07 +0000 (00:46 -0800)]
DHCP Service LoadBalancing Scheduler
In this blueprint, we also propose to write a generic scheduler
framework which can be used to schedule a new resource on
selected least loaded agents.
Currently dhcp_load_type will be fetched from neutron.conf file
and corresponding load is obtained by the agent report state.
The obtained load will be populated in the "load" column of the
agents table.
During scheduling, agent will be selected based on sorting all
the agents of particular type based on load column.
Example dhcp_load_type is networks
DocImpact
Implements: blueprint dhcpservice-loadbalancing
Change-Id: I5ec8adf0c4336f885d603662223caa7694708876
Author: Shivakumar M <shiva.kum.m@hp.com> Co-Authored-By: Praveen Kumar SM <praveen-sm.kumar@hp.com> Co-Authored-By: Benjamin GRASSART <benjamin.grassart@thalesgroup.com> Co-Authored-By: Sourabh Patwardhan <sopatwar@cisco.com>
Boris Pavlovic [Sat, 14 Mar 2015 13:15:42 +0000 (16:15 +0300)]
Run more Rally benchmark on every patch
* Since 24 Nov 2014 we added a lot of Neutron benchmarks
Running more Neutron related benchmarks in Neutron gate allows
to avoid performance regressions and races.
* Neutron benchmarks are described here:
https://github.com/stackforge/rally/blob/master/rally/benchmark/scenarios/neutron/network.py
It's quite simple code be free to take a look.
* All changes in concurrency and times are related to optimization
of duration/usefulness
* To get description of benchmarks use:
rally info find NeutronNetworks.create_and_update_networks
New benchmarks:
- NeutronNetworks.create_and_update_networks
- NeutronNetworks.create_and_delete_networks
- NeutronNetworks.create_and_update_subnets
- NeutronNetworks.create_and_delete_subnets
- NeutronNetworks.create_and_update_routers
- NeutronNetworks.create_and_delete_routers
- NeutronNetworks.create_and_list_routers
- NeutronNetworks.create_and_update_ports
- NeutronNetworks.create_and_delete_ports
- NeutronNetworks.create_and_list_ports
- Quotas.neutron_update
related bug: #bug 1419723
Change-Id: Ie3c84e057fc96c0f35ad77b7297c564442ebcf10
Angela Smith [Tue, 10 Feb 2015 23:38:37 +0000 (15:38 -0800)]
Add ML2 VLAN mechanism driver for Brocade MLX and ICX switches.
This thin driver will introduce VLAN support on Brocade MLX and ICX
switches. Vendor specific driver implementation will reside in a
separate repository.
Dane LeBlanc [Mon, 16 Mar 2015 14:23:26 +0000 (10:23 -0400)]
Include IPv6 SLAAC addresses implicitly for port create
(Patch set #1 for the multiple-ipv6-prefixes blueprint)
This patch set resolves an issue whereby auto-address subnets
are not being included implicitly for port create operations
that include a fixed_ips list.
Assaf Muller [Mon, 16 Mar 2015 19:43:24 +0000 (15:43 -0400)]
Don't delete HA router primary VIP on agent restarts
An HA router's primary VIP was being deleted from the router
namespace when the L3 agent is restarted. Make sure that
doesn't happen and change the functional test to make sure
the bug stays squashed.
Carl Baldwin [Thu, 13 Nov 2014 19:27:27 +0000 (12:27 -0700)]
Introduce External IPAM Interface
This introduces an interface for an external IPAM driver. Neutron needs to be
modified to make calls using it for its IPAM needs. Additionally, the default
IPAM interface must be written to implement this interface.
Pradeep Kilambi [Tue, 10 Feb 2015 22:42:20 +0000 (14:42 -0800)]
Expose Rest Api access to mtu attributes
Exposing Read only access to mtu attributes via the network
api calls so GET operations can be performed. Tied in the
mtu attribute with create network call and use the config
default. Also included unit tests to cover default and
override config case for segment_mtu attribute.
mamtap [Wed, 11 Mar 2015 12:43:44 +0000 (05:43 -0700)]
IBM SDN-VE Plugin decomposition
This addresses the changes in ml2 mech-driver
and l3 service plugin to comply with the
core-vendor-decomposition spec
The monolithic sdnve plugin will not be removed with this change
as it is still being used. Once the ml2 plugin is merged and the
older plugin becomes obsolete, it will be removed from the
neutron tree.
Eugene Nikanorov [Sat, 14 Mar 2015 20:35:08 +0000 (23:35 +0300)]
Handle DBDuplicateError exception properly when creating default sg
Previously, an exception was not caught in one of invocations
(create_network) of _ensure_default_security_group.
Move exception handling inside that method so it never fails
with such exception.
Kevin Benton [Thu, 12 Mar 2015 01:32:52 +0000 (18:32 -0700)]
Schedule net to a DHCP agt on subnet create
Change the DHCP notifier behavior to schedule a network
to a DHCP agent when a subnet is created rather than
waiting for the first port to be created.
This will reduce the possibility to get a VM port created
and have it send a DHCP request before the DHCP agent is
ready. Before, the network would be scheduled to an agent
as a result of the API call to create the VM port, so the
DHCP port wouldn't be created until after the VM port.
After this patch, the network will have been scheduled to
a DHCP agent before the first VM port is created.
There is still a possibility that the DHCP agent could be
responding so slowly that it doesn't create its port and
activate the dnsmasq instance before the VM sends traffic.
A proper fix will ensure that the dnsmasq instance is
truly ready to serve requests for a new port will require
significantly more code for barriers (either on the subnet
creation, port creation, or the nova boot process) are too
complex to add this late in the cycle.
This patch also eliminates the logic in the n1kv plugin that
was already doing the same thing.
Yalei Wang [Mon, 9 Feb 2015 19:22:27 +0000 (03:22 +0800)]
Add portsecurity extension support
Add portsecurity extension driver into ML2 plugin and implement it in
iptables_firewall.
The scope of this change is:
- Abstract a common class PortSecurityDbCommon from the old
PortSecurityDbMixin
- Add a new extension driver port-security, implement process_xxx and
extend_xxx_dict method and provide a db migration from the existing
networks and ports
- Update the new added 'unfiltered_ports' in iptables firewall of l2 agent
to reflect the update of port-security
Co-Authored-By: Shweta P <shpadubi@cisco.com>
Change-Id: I2da53168e2529db7a8094ce90ef3a8a93fe55727
Partially Implements: blueprint ml2-ovs-portsecurity
This patch introduces an issue with the Tempest test. Already there was a similar patch that broke the tempest test for DVR.
This patch consistently failed to pass test_add_list_remove_router_on_l3_agent.
I would recommend to revert this patch until the tempest test is fixed.
Assaf Muller [Thu, 12 Mar 2015 23:50:24 +0000 (19:50 -0400)]
Move Unix domain socket helpers to a common place
As part of the all consuming report-ha-router-master, a new
per router neutron-keepalived-state-change daemon will alert
the L3 agent on every keepalived state change. Since it will
use the Unix domain socket helpers, and they're currently
located in metadata related places, this patch moves them
to a common location.
Also, the UnixDomainHTTPConnection connection string
may now be overridden.
Matthew Thode [Mon, 9 Feb 2015 17:02:58 +0000 (11:02 -0600)]
replaces enumeration method used to get a list of interfaces
ip_lib was parsing tunnel links incorrectly. We can create interface
names with any character the filesystem supports (not '..', '/', ':').
Given this we do not know what to delimit on so parsing iproute2 output
is probably not a good idea.
I asked the iproute2 devs what the proper way we should get interface
names is and was told NOT to parse iproute2 output but to use something
like sysfs instead. http://www.spinics.net/lists/netdev/msg316577.html
This patch pulls interfaces from sysfs (/sys/class/net) and verifies them
via checking if they are links (bonding creates files for instance and
needs to be skipped).
Currently it is not possible without jumping through a ton of hoops to
access a network namespace without iproute2 or cython, so we use ip to
run find to find the correct sysfs directory. We also only call out to
iproute2 _ONLY_ if needed.
ChuckC [Mon, 9 Mar 2015 00:51:09 +0000 (17:51 -0700)]
Prevent updating mac address of bound port
Currently, a port's mac address can be updated even if it is bound.
This fixes the _check_mac_update_allowed() call to pass just port update
attributes rather than the entire payload and fills in missing testing.
Maru Newby [Fri, 13 Mar 2015 18:17:29 +0000 (18:17 +0000)]
Set TEMPEST_CONFIG_DIR in the api tox env
TEMPEST_CONFIG_DIR needs to be set for the api job to execute
successfully. Previously this was being set by the gate but local
execution required manually setting the variable.
Miguel Angel Ajo [Thu, 12 Mar 2015 14:58:39 +0000 (14:58 +0000)]
Add a netns-cleanup functional test
We have lots of regressions on netns, because unit test
is not enough. This commit adds basic functional testing
to the netns_cleanup.
This work should be extended when we have functional testing
for the dhcp agent, spawning dhcp services, and then
making sure they're fully cleaned up.
Sergey Belous [Mon, 9 Feb 2015 16:38:05 +0000 (19:38 +0300)]
Reduce db calls count in get_devices_details_list
Each Neutron agent will impose db calls to Neutron Server
to query devices, port and networks.
Network caching is added to reduce the number
of db calls on get_devices_details_list.
Added unit tests for the check caching.
Code Review / openstack-build / neutron-build.git / log