Kevin Benton [Tue, 11 Feb 2014 03:36:22 +0000 (19:36 -0800)]
BigSwitch: Add agent to support neutron sec groups
Adds a BigSwitch Agent responsible for supporting
neutron security groups on the compute node. Adds
the mixin classes to the plugin to support the
security group calls.
Jon Grimm [Wed, 27 Nov 2013 19:10:33 +0000 (13:10 -0600)]
Openvswitch update_port should return updated port info
Found when I enabled test_extension_allowedaddress_pairs, where
test_create_port_removed_allowed_address_pairs would fail due to the
returned port still containing the original addresspair. The cause is
ovs simply not updating the port info being returned.
This patch additionally enables test_extension_allowedaddress_pairs for
openvswitch.
Moved checks and updating into method similar to what we do for
extradhcpopts and security_groups.
Additionally, this required fixing is_address_pairs_attribute_updated() as
it was passing (non-hashable) dicts to utils.compare_elements.
Xuhan Peng [Fri, 14 Feb 2014 09:20:01 +0000 (04:20 -0500)]
Change firewall to DOWN when admin state down
Currently firewall remains in status "ACTIVE" after admin state
is changed to DOWN.
This fix sets firewall status to "DOWN" if admin state is updated
from "UP" to "DOWN". "DOWN" status is used by other network resources
so use "DOWN" to keep consistent.
Update License Headers to replace Nicira with VMware
In the process __init__.py involved have been emptied;
vim modelines and author lines have been dropped from
the license headers affected by the change as well.
This patch introduces DB mappings between neutron security
groups and NSX security profiles, thus not requiring anymore
the Neutron router ID to be equal to the NSX one.
This change is needed for enabling asynchronous operations in
the NSX plugin.
Related to blueprint nvp-async-backend-communication
Vincent Untz [Sun, 23 Feb 2014 16:57:05 +0000 (17:57 +0100)]
Fix get_vif_port_by_id to only return relevant ports
This is returning any port, even if it's not on the switch that we're
looking at. As a side-effect, this means that we can actually manipulate
these ports while we really shouldn't.
The migration path for the NSX plugin was not working correctly,
as two migrations (extra route and network gateways) were
skipped.
Therefore installations were partially relying on automatic
schema generation.
This patch fixes the migration path, as well as an attribute
whose name in the migration and the DB model differed.
Shuangtai Tian [Wed, 26 Feb 2014 11:11:38 +0000 (19:11 +0800)]
Add user-supplied arguments in log_handler
Sync from Oslo, change-id: I91289cc4a60f5dab89bca852e6f52b4b83831e47
When using PublishErrorsHandler, it will missing user-supplied
arguments. For example, do LOG.info("blabla %s", "foo"), the
payload only contains "blabla %s", but we expect it like "blabla foo".
Aaron Rosen [Wed, 12 Feb 2014 22:25:31 +0000 (14:25 -0800)]
NSX: Fix newly created port's status should be DOWN
Previously when creating a port in neutron using the nsx plugin
the port status returned would be ACTIVE even if this was not the
case. Now, DOWN is returned which will be updated by the backend
when the port goes ACTIVE.
Darragh O'Reilly [Tue, 14 Jan 2014 15:02:17 +0000 (15:02 +0000)]
Remove pyudev dependency
pyudev was only used by the linuxbridge-agent to get the list
of virtual network devices. This can be got from /sys instead.
This patch fixes the problem where testr could not import the
lb-agent module because pyudev was not in requirements.txt.
Akihiro Motoki [Wed, 19 Feb 2014 19:21:55 +0000 (04:21 +0900)]
Lower log level of errors due to user requests to INFO
Errors due to bad client requests (e.g., NotFound, BadRequest)
are logged as exception/trace level and it is annoying
from the point of operators' view.
This commit changes the log level for errors due to
user requests (HTTP 4xx errors) to INFO.
sridhargaddam [Mon, 24 Feb 2014 15:21:31 +0000 (20:51 +0530)]
Include proper Content-Type in the HTTP response headers
Neutron namespace proxy handler and metadata agent were not setting the
Content-Type in its response. Both of them were returning only the response
data which is obtained from the nova-metadata-service. Since they were returning
only the response data, the Content-Type returned to the clients has the default
one which is - "text/html". Ideally this should be set to the data type which is
present in the HTTP Response. The fix now includes the Content-Type which is
returned by nova-metadata-service
Oleg Bondarev [Thu, 24 Oct 2013 12:53:55 +0000 (16:53 +0400)]
LBaaS: check for associations before deleting health monitor
Need to prohibit health monitor deletion if it has associations with
pools. Given that pools may belong to different lbaas drivers the process
of monitor deletion becomes complex and unreliable since association
deletion may fail on any single driver.
mathieu-rohon [Thu, 20 Feb 2014 16:39:00 +0000 (17:39 +0100)]
l2-population/lb/vxlan : ip neigh add command failed
we were using ip neigh add command which must be replaced by
ip neigh replace, to avoid error when creating a VM with an ip
previously used by a deleted VM
mathieu-rohon [Thu, 20 Feb 2014 09:39:43 +0000 (10:39 +0100)]
l2-population : send flooding entries when the last port goes down
Delete port used to call update_port_down to calculate
its fdb entries during delete_port_precommit. But during
the pre-commit, the port is still up, so update_port_down
acts as if there was still one port on the agent, and
doesn't add flooding entry in its fdb_entries.
Terry Wilson [Fri, 24 Jan 2014 19:04:18 +0000 (13:04 -0600)]
Ensure ovsdb-client is stopped when OVS agent dies
If the OVS agent is killed, the interpreter is killed before any cleanup
is done. This patch adds a signal handler for SIGTERM that exits
normally so that the existing cleanup is done and the ovsdb-client
process is terminated.
The code that syncs router status to the neutron_db was using the nsx
router id instead of the neutron router id thus synchronize_router
would never update the database.
Also, the switch synchronization routine was not fetching the
appropriate neutron id tag thus causing switch synchronization to
be skipped.
This patch also fixes the error in the unit tests which allowed for
the bug to be introduced.
Bob Kukura [Thu, 13 Feb 2014 17:35:25 +0000 (12:35 -0500)]
ML2 binding:profile port attribute
The ML2 plugin stores the binding:profile port attribute, defined as a
dictionary, in its ml2_port_bindings DB table. Since the plugin can
support a variety of MechanismDrivers with different needs for
binding:profile attribute content, the plugin will accept, store, and
return arbitrary key/value pairs within the attribute. As with the
binding:host_id attribute, updates to binding:profile trigger
rebinding.
Rename/remove Nicira NVP references from VMware NSX unit tests
This patch sweeps for Nicira and NVP references and replace
them with VMware and NSX where possible. Some clean-up is
done along the way to improve the organization of the
unit tests module.
Irena Berezovsky [Thu, 16 Jan 2014 12:28:01 +0000 (14:28 +0200)]
Change tenant network type usage for IB Fabric
This patch changes tenant network type usage for InfiniBand Fabric
to vlan type. Add the indication of Fabric Type (Ethernet/InfiniBand)
to the provider_network via the plugin configuration file.
If physical network type is not specified for some provider network
listed in the network_vlan_ranges, use default physical network type.
Isaku Yamahata [Thu, 13 Feb 2014 11:19:25 +0000 (20:19 +0900)]
options: consolidate options definitions
Some config options(interface_driver, use_namespaces) are defined
multiple times in ad-hoc way. It causes DuplicateOptError exception
when using those module at the same time. Right now the exception is
avoided in ad-hoc way by each executable. Those duplicated
definitions should be consolidated and treated in uniformed way.
This is the blocker for blueprint: l3-agent-consolidation
neutron.services.loadbalancer.drivers.haproxy.agent periodic_interval
conflicts with neutron.service one. Since there is no way to fix it
without changing existing behavior/default value, it is untouched for now.
Bob Kukura [Tue, 4 Feb 2014 04:18:44 +0000 (23:18 -0500)]
Replace binding:capabilities with binding:vif_details
In addition to binding:vif_type, the neutron core plugin needs to
supply various information to nova's VIF driver, such as VIF security
details and PCI details when SR-IOV is being used. This information is
read-only, requires admin privileges, and is not intended for normal
users. Rather than add separate mechanisms throughout the stack for
each such requirement, the binding:capabilities port attibute, which
is a dictionary and is not currently not used by nova, is renamed to
binding:vif_details to serve as a general-purpose mechanism for
supplying binding-specific details to the VIF driver.
This patch does not remove or replace the CAP_PORT_FILTER boolean
previously used in binding:capabilities. A separate patch should
implement the specific key/value pairs carried by binding:vif_details
to implement VIF security. Another patch will implement the key/value
pairs needed for SR-IOV.
The ML2 plugin now allows the bound mechanism driver to supply the
binding:vif_details dictionary content, instead of just the
CAP_PORT_FILTER boolean previously carried by the binding:capabilities
attribute.
DocImpact: Need to update portbinding extension API, but no impact on
user or administrator documentation.
Dazhao [Fri, 21 Feb 2014 09:53:30 +0000 (17:53 +0800)]
Make sure dnsmasq can distinguish IPv6 address from MAC address
Currrently, due to in dnsmasq host file, the IPv6 address does
not be wrapped with '[]', dnsmasq cannot distinguish IPv6 address
from MAC address, it will cause the deployed instances cannot get
IPv6 address via dnsmasq dhcp service.
Itsuro Oda [Mon, 6 Jan 2014 06:03:14 +0000 (15:03 +0900)]
Make metaplugin be used with a router service plugin
"l3_plugin_list" configuration parameter of the metaplugin is permitted
blank now.
If "l3_plugin_list" is blank, router extension and extensions which extend
the router extension don't be included in "supported-extension-aliases" of
the metaplugin.
This makes the metaplugin be able to be used with a router service plugin.
Note that if "l3_plugin_list" is not blank, a router service plugin must
not be specified, otherwise the error of the bug report still occurs.
This patch removes some router extension related meaningless codes also.
(e.g. external-net extension belongs to L2 functionality and be handled
by core plugins properly.)
Kevin Benton [Sun, 9 Feb 2014 19:39:39 +0000 (11:39 -0800)]
BigSwitch: Fix tenant_id for shared net requests
The URI port requests are sent to on the backend
contains the tenant_id of the network. This corrects
a bug where, on port updates and deletes, the tenant_id
of the port rather than the network was being used,
which was incorrect when attached to a shared network.
zhhuabj [Fri, 17 Jan 2014 10:21:01 +0000 (18:21 +0800)]
Raise max header size to accommodate large tokens
The max header is exceeded in the following scenario
- Auth tokens built with a keystone v3 API catalog
- A catalog with approximately 8 or more endpoints defined
Aaron Rosen [Tue, 18 Feb 2014 21:15:02 +0000 (13:15 -0800)]
NSX: get_port_status passed wrong id for network
The call to get_port_status in update_port was passing in the neutron
network_id instead of the nsx_network_id. These used to be the same
but now are different. This patch updates the code so that it now
passes in the correct uuid.
Aaron Rosen [Wed, 19 Feb 2014 23:08:54 +0000 (15:08 -0800)]
Plugins should call __init__ of db_base_plugin for db.configure
Currently each plugin calls db.configure() within the plugin's __init__
class or defines an initialize() method that's sole job is to call this
method. Instead we should just call the super method of a plugin so that
db.configure() is called for us out of the db_base_plugin class.
Note: the only reason why I'm making this change is that I want to add
something to the __init__() class of the db_base_plugin that's needed for
the nova-event-callback blueprint and adding it in the base class of init
looks to be the best place.
This patch is follow up of change set of 4808f91eb2c245344517fc89c37c6c4c88e9051b bug/1260262 review/61694.
The change set adds unnecessary self.addCleanup(cfg.CONF.reset) to
VxlanTypeMultiRangeTest as pointed out. This patch Remove the line.
Akihiro Motoki [Tue, 18 Feb 2014 08:01:01 +0000 (17:01 +0900)]
Handle racing condition in OFC port deletion
Multiple delete_port operations can run in parallel.
For such case later operation(s) will receive 404 (NotFound)
error from OFC or NotResultFound sqlalchemy exception.
These are valid exceptions and they should be ignored
in delete_port operations.
OFCConsistencyBroken is renamed to OFCMappingNotFound
because when multiple delete_port operations run in parallel
OFCConsistencyBroken can occur and it is a valid case
so the excepion name looks inappropriate.
Xiaolin Zhang [Thu, 16 Jan 2014 14:28:28 +0000 (22:28 +0800)]
Adds https support for metadata agent
Adds two configure options to support https client for metadata proxy
* auth_insecure: turn off verification of the certificate for ssl, or
* auth_ca_cert: CA cert to check against with for ssl.
berlin [Wed, 19 Feb 2014 07:34:47 +0000 (15:34 +0800)]
Fix VPN agent does not handle multiple connections per vpn service
Once the OpenSwan process is created, incoming updated vpnservice
data would not be updated into the process class which leads to config
files and openswan process always keep old configurations
Aaron Rosen [Wed, 8 Jan 2014 21:10:54 +0000 (13:10 -0800)]
Don't require passing in port_security=False if security_groups present
If creating a port on a network that is marked as port_security_enabled=False
and one passes in a security_group in the port_create request previously an
error was raised saying they needed to also pass in
port_security_enabled=False. This patch removes that requirement and instead
sets port_security_enabled=True internally if a port has an ip_address and a
security_group is passed in. This is more convient and does not break
backwards compatibility.
Use different context for each API request in unit tests
test_router_add_interface_subnet_with_port_from_other_tenant in
neutron.tests.unit.test_l3_plugin.L3NatTestCaseBase was mocking
neutron.context.Context thus performing multiple API requests
with the same context instance. As a context instance also has
a DB session attribute, this might cause unexpected side effects,
especially for plugins which process request asynchronously.
The plugin neutron.plugins.nicira.NeutronServicePlugin was being
affected.
This patch ensures each request has a different context object
without changing the unit test semantics.
It also refactors slightly test_edge_router.py in the nicira
unit test package to avoid executing twice the same unit tests.
Youcef Laribi [Wed, 20 Nov 2013 20:29:01 +0000 (12:29 -0800)]
Implements an LBaaS driver for NetScaler devices
This driver for the Neutron LBaaS plugin allows for
using the Citrix NetScaler loadbalancing devices
to provide Neutron LBaaS functionality in OpenStack.
vshield task manager: abort tasks in stop() on termination
This patch kills the manager thread, and aborts active tasks
rather than sending an exception to the manager thread and
have it do the abort on termination.
Unit tests involving vshield task manager might take longer
as a side effect of this patch.
Kevin Benton [Fri, 14 Feb 2014 06:52:36 +0000 (06:52 +0000)]
BigSwitch: Move config and REST to diff modules
No functionality change. Separates the config,
rest call, and backend server management from
the main plugin.py file. Necessary to make
downstream patches more managable and easier
to review.
Irena Berezovsky [Mon, 10 Feb 2014 12:55:49 +0000 (14:55 +0200)]
Add support to request vnic type on port
This patch adds support for requested vnic_type to be plugged to neutron port to ML2 plugin.
This patch contains:
1. New attribute 'binding:vnic_type' added to port binding extension.
Possible values are 'direct', 'macvtap' and 'normal'.
'binding:vnic_type' is allowed to be defined on port creation or changed
on port update by admin or tenant user.
'binding:vnic_type' can be also skipped in port defintion
2. Management of vnic_type by ML2 plugin, assuming default
vnic_type=normal
3. Add 'vnic_type' to ml2_port_bindings DB table
4. Add supported vnic_types for MechanismDrivers that are capable to bind
port.
5. Add DB migration script for ml2_vnic_type.
DocImpact: Need to update portbindings API docs and include in SR-IOV user docs
Isaku Yamahata [Tue, 18 Feb 2014 02:02:56 +0000 (11:02 +0900)]
tests/unit: Initialize core plugin in TestL3GwModeMixin
TestL3GwModeMixin can fail randomly because it doesn't initialize
core_plugin and can be run random core plugin depending on execution
order of tests. It also fails with core plugin uninitialized when it
is run without other tests.
This patch refactors the setup code of core plugin and apply it to the
related tests.
This patch reveled the same bug of test_metaplugin.py which is also
fixed by this patch.
This fix improves unit test coverage for:
quantum/plugins/cisco/models/virt_phy_sw_v2.py
Test coverage is improved from about 78% to 99%.
One change included in this fix is removal of some code in
the _invoke_plugin() method in virt_phy_sw_v2.py which looks
like it's attempting to handle the case where the number of
arguments being passed to _invoke_plugin() exceeds the number
of arguments expected for the target plugin method. This
section of code does not get executed for any existing
calls to _invoke_plugin(), and it doesn't appear that
this logic would work (except when the target plugin method
includes a **kwargs expansion).
Ivar Lazzaro [Tue, 14 Jan 2014 19:17:05 +0000 (11:17 -0800)]
Embrane Tempest Compliance
This changeset tracks the changes needed by the Embrane's Neutron Plugin
in order to consistently pass tempest tests.
Changes:
- Some db transactions were too long and were causing lock timeout
exception. Removed useless transactions (waiting on non-db tasks to complete)
to fix the problem.
- The operation filter was useless, and breaking the tests. Most of the
logic which guarantees the appliance correct state when an operation in executed
is now in the internal library used for the heleos APIs.
The filter was therefore removed (as well as the corresponding exception).
- Fixed "sync" mode. The behavior was incorrect due to the queue timeout.
Furthermore, parallel requests were not waiting on the correct thread.
- Added missing methods for floating IPs (not all the scenarios were covered).
Édouard Thuleau [Thu, 16 Jan 2014 09:15:07 +0000 (10:15 +0100)]
Update help message of flag 'enable_isolated_metadata'
Thanks to the commit c73b54e50b62c489f04432bdbc5bee678b18226e,
the way of DHCP agent determines how a subnet is isolated evolves.
But the flag help message wasn't updtated accordingly to this evolution.
shihanzhang [Tue, 18 Feb 2014 01:50:57 +0000 (09:50 +0800)]
Fix invalid facilities documented in rootwrap.conf
The values user0 and user1 do not map to valid facility values.
local1, etc. Using user0 results in a pri value that does not map
back to a facility of the same name in syslog.
RFC5424 suggest values values of local0 through local7. Setting
syslog_log_facility to one of those values results in a message with a
priority that can be mapped back to the original string value.
This fix adjusts the comment in rootwrap.conf to suggest the local
prefix instead of the user prefix.
This patch replaces regex matching of text output with parsing
of JSON output in ovs_lib.get_vif_port_by_id.
This makes the code more reliable as subtle, possibly even
cosmetic, changes in ovs-vsctl output format could cause the
regular expression match to fail.
Also, this makes the code consistent with ovs_lib.get_vif_port_set
which already uses JSON output.
Finally this patch slightly changes the behaviour of
ovs_lib.get_vif_port_by_id returning None if elements such as
mac address or ofport were not available.
test_router_add_interface_subnet_with_port_from_other_tenant
is causing intermittent failures in unit tests because of
issues related with sql session autoflush.
This patch skips this test, since it is already covered
by another test case in the same module. This should prevent
job failures while the relevant bug is addressed.
Code Review / openstack-build / neutron-build.git / log