Eugene Nikanorov [Mon, 17 Nov 2014 07:00:49 +0000 (11:00 +0400)]
Change transaction isolation so retry logic could work properly
Lower isolation level from REPEATABLE READ to READ COMMITTED for
transaction that is used to create a network.
This allows retry logic to see changes done in other connections
while doing the same query.
Perform that only for mysql db backend.
Kevin Benton [Thu, 15 Jan 2015 07:45:14 +0000 (23:45 -0800)]
Clarify misleading iptables comment
Update the comment for the iptables rule matching the
conntrack INVALID state. The previous entry was misleading
because it sounded like it dropped all new connections.
Gary Kotton [Mon, 29 Dec 2014 09:38:25 +0000 (01:38 -0800)]
VMWare-NSXv: VMWare NSXv extensions
For Kilo, the vendor-specific code should be moved to stackforge repo,
excluding the extensions (https://review.openstack.org/#/c/134680/).
This patch adds the extensions VMWare NSXv plugin from
stackforge/vmware-nsx repo.
There are 2 new extensions:
1. advanced_service_providers - this is required to enabled the NSXv to provide
metadata support (there is no metadata agent)
2. vnic_index - the security group support for the NSXv requires the vNIC index
Currently the test assumes delete_ports_by_device_id deletes ports in
the order they were created but nothing ensures it. This change
updates _test_delete_ports_by_device_id_second_call_failure to avoid
such (incorrect) assumption. The assumption is in general broken in
daughter change which adds a unique constraint on Port table.
Carl Baldwin [Mon, 12 Jan 2015 16:36:40 +0000 (16:36 +0000)]
Create arping helper in ip_lib
In trying to restructure the L3 agent in to more modules, some helpers
like arping will be used by several modules. It is better to relocate
it to a common module which all of them will import and use.
Since there is only one spot which passed 'distributed=True', I chose
to break the utility in to two. Also, 'distributed' doesn't really
describe what that argument is for. So, I named the second utility
differently to indicate that it is for sending garps when proxyarp is
in use for the address on the interface.
Kyle Mestery [Mon, 8 Dec 2014 02:18:53 +0000 (02:18 +0000)]
Initial thin ML2 mechanism driver
This commit thins the in-tree OpenDaylight ML2 MechanismDriver. A matching
change to the stackforge/networking-odl project has the backend logic
there.
Tan Lin [Thu, 23 Oct 2014 11:00:22 +0000 (19:00 +0800)]
Enable adding new tag with options
It is useful to add a new tag when update the options
with dnsmasq.
We have a use case in Ironic to support ipxe with dnsmasq.
It looks like this:
dhcp_opts.append({'opt_name': 'tag:!ipxe,bootfile-name',
'opt_value': CONF.pxe.pxe_bootfile_name})
Miguel Angel Ajo [Thu, 15 Jan 2015 00:23:29 +0000 (00:23 +0000)]
Call on dhcp-agent DhcpLocalProcess.restart() breaks dhcp
The bugfix implemented on Ib37651f7f802debd472ab292b148c2a2496063a3
creates the network_conf_dir only during __init__, and restart()
method calls disable(), then enable(), where disable will remove
the config directory and all configuration files.
Previous implementation re-created the network_conf_dir on the
interface_name setter (called from enable) with ensure_conf_dir=True.
Sukhdev [Sat, 10 Jan 2015 01:02:53 +0000 (17:02 -0800)]
Fixs shared networks in Arista ML2 driver
When a shared network is created, it is stored
in arista_provisioned_nets under the tenant_id of
owner of the network. Later, when a different
tenant launches an instance on the shared network,
above mentioned DB is looked to find the network
under requesting tenant's ID, and it is not found,
and hence, the request is rejected.
The fix is made such that when a network is not
found under the requesting tenant's ID, check if
this network is shared network. If yes, then
check the DB to ensure that owner tenant exists
in the DB. If yes, then this is a valid request
and do not reject it. Otherwise reject it - as an
unknown tenant or network is specified in the
request.
- Don't assume the path of mktemp command. It's /usr/bin/mktemp
for some platforms. eg. NetBSD. Also, always provide a template
as it's necessary for some platforms, eg. OS X. This snippet was
taken from the example in NetBSD's mktemp(1).
- Move a comment to the appropriate place.
- Improve a regex to ignore more comments.
- As the pattern for find -path is not a regex, no escape is necessary
for period.
When troubleshooting issues having to parse the \n mentally is kind of
difficult. Be nice to the user and have the newlines interpreted correctly.
It's fine if we waste some spaces in the logs, storage is cheap these days.
Jaume Devesa [Wed, 24 Dec 2014 09:45:05 +0000 (09:45 +0000)]
Midonet plugin decomposition
Remove the midonet plugin code and add the requirements.txt file to
set the dependency to the vendor plugin. Dependency is not pinned: we
will use the newest library during the Kilo cycle and we will submit a
patch with the pinned version a bit before the Kilo code freeze.
Vendor plugin code is available here:
https://github.com/midonet/python-neutron-plugin-midonet
Plugin already available in pypi:
https://pypi.python.org/pypi/neutron-plugin-midonet/
Kevin Benton [Tue, 13 Jan 2015 16:05:19 +0000 (08:05 -0800)]
Fix topic for provider security group update
Commit 8098b6bd20bb12520e438ef9125dc7b96664f712 accidentally changed
the topic for the provider security group update to a regular member
update. This resulted in the L2 agent not asking for the latest
security group rules after a DHCP port was created. If a regular
compute port was brought online and wired up by the L2 agent
before the DHCP port was created, the VM would never get its allow
rule to communicate with the DHCP server.
If Network contains dhcpv6-stateful Subnet with prefix other than /64,
dnsmasq refuses to start if prefix-len is not specified in dhcp-range
option. From dnsmasq(8) manpage:
For IPv6, the parameters are slightly different: instead of netmask
and broadcast address, there is an optional prefix length which must
be equal to or larger then the prefix length on the local interface.
If not given, this defaults to 64. Unlike the IPv4 case, the prefix
length is not automatically derived from the interface
configuration. The mimimum size of the prefix length is 64.
It is safe to always specify prefix length, so dnsmasq will use correct
configuration.
Kobi Samoray [Sun, 11 Jan 2015 09:28:42 +0000 (11:28 +0200)]
VMWare NSXv DB model bugfix
DB Model and migration for VMWare NSXv had two issues:
In DB migration, nsxv_security_group_section_mappings table is not dropped on downgrade.
In nsxv_models.py, tz_network_bindings_binding_type enum name should be
nsxv_tz_network_bindings_binding_type to match migration code.
Yoni Shafrir [Mon, 5 Jan 2015 13:27:47 +0000 (15:27 +0200)]
Speed up initial L3 full sync time
When a L3 agent starts up the initial full sync occurs
on the first periodic task interval.
This means that from the point the agent is ready to
process updates it can take ~1 minute until traffic
can start flowing through the L3 agent's routers.
When using a highly available solution (not VRRP)
the startup delay adds around a full minute to
the minimum downtime.
This patch simply does a manual (i.e. not periodic) full
sync once the L3 agent is ready (in 'after_start' method).
The change results in a much faster sync on a new agent.
With the patch it takes several seconds until routers are
created on the new/restarted L3 agent.
* Remove references in tox.ini to removed rules.
* Remove custom @author check since it's now implemented in hacking.
* Move N323 to N322 that is freed due to @author check removal.
* Temporarily skip W292 (no newline at the end of file).
* Temporarily skip H238 (old style classes).
Wei Wang [Thu, 7 Aug 2014 08:16:37 +0000 (16:16 +0800)]
Use "if dict.get(key):" instead "if key in dict and dict[key]:"
Use "if dict.get(key):" instead of "if key in dict and dict[key]:"
which makes code more clear and intelligible. Note this patch doesn't
change judging conditions, all "is not None" are retained.
Ensure config directory created before updating leases
Under high load conditions dhcp-agent could try to start the
dhcp local process via reload_allocations. But it will fail since
the dhcp config directory for the specific network is not
created yet.
WeiHu [Tue, 30 Dec 2014 02:45:55 +0000 (10:45 +0800)]
Fix IPv6 Subnet Slaac Check
Currently, "is_slaac_subnet" method only checks "ipv6_address_mode".
This will let neutron allocate a stateful IPv6 address for instance
when ipv6_ra_mode set to "stateless" or "slaac", and "ipv6_address_mode"
unset. But actually, instance get IPv6 address prefix from radvd, and
auto configure IPv6 address by itself. This change will let "is_slaac_
subnet" also check ipv6_ra_mode attribute, which will no longer allow
fixed IPs on auto-address subnets and delete subnet will correctly delete
auto-address ports.
Terry Wilson [Thu, 11 Dec 2014 18:10:37 +0000 (11:10 -0700)]
Move non-bridge-related OVSBridge methods to BaseOVS
This patch moves several methods in OVSBridge that don't really have
anything to do with OVS bridges to BaseOVS where they are a much
better fit. Since OVSBridge inherits from BaseOVS, no modules using
ovs_lib will have to change to support this move.
Also, several module-level functions that essentially re-implement
BaseOVS.run_vsctl() are moved to BaseOVS and converted to use
run_vsctl. In order to avoid changing the API, the module-level
functions are then reimplemented by creating a BaseOVS instance and
calling the associated method.
Sayaji [Mon, 1 Dec 2014 23:25:57 +0000 (15:25 -0800)]
Run only one instance of Nuage sync cycle at a time
Sync can run as part of Neutron and as a standalone tool.
So when sync is triggered through Neutron, someone can
trigger another sync cycle using the standalone tool.
Similarly when sync is triggered by standalone tool, Neutron
can trigger another sync cycle. This can lead to unexpected
sync behaviour .This fix will allow only one sync cycle at a
time and the other cycle will be blocked till the first one is
complete.
Russell Bryant [Thu, 18 Dec 2014 20:11:07 +0000 (20:11 +0000)]
Scope metadata rpc api using a messaging namespace
This patch does a couple of things. First it adds docstrings to the
client/server pair of the rpc interface used by the metadata service
to make calls back into the Neutron server. The docs tell you where
the other side of the interface is found in the code, and where docs
are that give more info on the rules for changing them.
The second thing done in this patch is to scope this interface using a
messaging namespace. Right now some plugins expose several interfaces
via the default namespace. This effectively means they are a single
API and should be managed with a single version stream. It's much
more managable to just treat these as separate interfaces and this
change makes that explicit and functionally true. Now when a method
is invoked, the only classes considered for handling that request will
be ones marked with the right namespace.
Code Review / openstack-build / neutron-build.git / log