Paul Michali [Mon, 18 Feb 2013 13:57:14 +0000 (08:57 -0500)]
Add bulking support for Cisco plugin
For each bulk request, the Cisco plugin will handle the call,
and, through the base class method, convert them into a series of
non-bulking calls wrapped in a transaction (emulated bulking).
Those non-bulking requests will all be forwarded to the Cisco
model (VirtualPhysicalSwitchModelV2), which will either handle
the request locally (as in create_port), or delegate the request
to the OVS plugin (OVSQuantumPluginV2).
As a result, the model should not receive any bulking calls.
However, the model was set up to delegate any bulk calls to the
OVS plugin (which would act like the existing code, in case we
decide later to pass along any bulk calls). An alternative would
be to raise an exception, if a bulk call was made to the model.
Prior to this change, all bulking calls were forwarded from the
Cisco plugin to the model plugin, which would would delegate
(directly or indirectly) to the OVS plugin. The OVS plugin would
turn the request into a transction of non-bulking calls.
The effective difference proposed is that the create_port will now
create the port in OVS and then create the network in the Nexus
plugin.
The Nexus plugin does not currently handle bulking so this commit
is implementing emulated (versus native) bulking.
This patch has been updated with latest from upstream (Havana).
Alessio Ababilov [Mon, 18 Mar 2013 16:48:30 +0000 (18:48 +0200)]
Allow tests in TestDhcpAgentEventHandler run independently
Tests in TestDhcpAgentEventHandler depend on dhcp_confs
option that is defined in quantum.agent.linux.dhcp. We have
to register the option in order to allow independent testing.
Zhongyue Luo [Thu, 7 Mar 2013 08:11:31 +0000 (16:11 +0800)]
Resolves ryu plugin unittest errors
Removed obsolete DATABASE value tests in ryu/test_defaults.py
Added fake_ryu client in test_ryu_security_group.py
Imported quantum.plugins.ryu.db.models_v2 in test_ryu_plugin.py
Dan Wendlandt [Wed, 13 Mar 2013 05:36:35 +0000 (22:36 -0700)]
First havana commit.
This commit indicates that the master branch has moved on to
representing the "havana" release. The previous commit will be use to
start the milestone-proposed branch for grizzly.
All future changes for grizzly must first be merged
into master, and then back-ported to a grizzly milestone-proposed branch
(or once grizzly is released, the stable/grizzly branch).
If the entry for the mapping between a quantum and a NVP port identifier
is not found in the Quantum DB, search the port on NVP, and, if found,
add the mapping entry.
This ensures upgraded folsom databases keep working with Grizzly code.
Aaron Rosen [Sun, 10 Mar 2013 21:09:28 +0000 (14:09 -0700)]
port_security migration does not migrate data
The port security migration previously created the correct table structure but
it did not migrate the old data into this table. This patch adds code that
copies the id fields from networks and ports into portsecuritybindings
and networksecuritybindings tables.
One thing to note is that in grizzly when a port is created on a network that
has port_security_enabled=True, the port will also be created with
port_security_enabled=True. But since ports in NVP were not previously
created with the mac/ip security address pairs we have to set existing ports
and networks port_security_enabled value to be False. One could easily
write a script to set these values to True after applying this migration.
Roman Podolyaka [Tue, 5 Mar 2013 16:53:51 +0000 (18:53 +0200)]
Fix detection of deleted networks in DHCP agent.
The DHCP-agent uses an in-memory networks cache to find out which networks must
be deleted and which ones must be updated. In a case of agent restart the networks
cache is empty and it's not possible to cleanup DHCP-processes serving networks
which were deleted while the DHCP-agent was down. The proposed fix fills the networks
cache when the agent starts using a list of networks which have existing config files.
Several plugins added l3 support in the grizzly release. This means that
when upgrading from the folsom data model, the relevant data model changes
should be applied.
In order to do so this patch refactors the initial migration in order
to be able to reuse the upgrade_l3 and downgrade_l3 routines.
Due to a bug in setting up external ports the Hyper-V agent fails to work in
scenarios with VLAN and flat networks.
Furthermore, a warning message on Hyper-V 2012 indicates that external
port settings are ignored. As a result the agent can be simplified by
avoiding vswitch external ports configurations.
Raise an exception causing a 409 error to be returned if port_id or
subnet_id specified in request body do not exist before further
processing the operation (which will cause a 500 error to be
returned to the user)
This patch checks if a metadata access network is still present when
removing a router in the NVP plugin. If yes, the network is detached
from the router and then destroyed, thus ensuring a safe completion of
the operation as well as removal of metadata access network resources.
This patch simply causes a 409 to be returned when attempting to
delete a subnet which has IPs on ports whose device_owner is
network:router_interface
This does not address a similar problem that arises when the ips for
a port owned by a router_interface are updated. This problem is hidden
when updating a port which has been assigned the gateway_ip by an
exception in the IP recycling process. However, it will hit when the
port was explicitly added to the router, since it will have an ip
different from the subnet's gateway ip.
Aaron Rosen [Fri, 8 Mar 2013 18:02:31 +0000 (10:02 -0800)]
Update to Quantum Client 2.2.0
This patch updates tools/pip-requires to use the python-quantumclient 2.2
It also limits the version to <3.0.0 to prevent breaking something accidently
when 3.0.0 is released.
Aaron Rosen [Wed, 6 Mar 2013 20:21:08 +0000 (12:21 -0800)]
Add explicit egress rules to nvp security profile
The following commit 7e26074b changed the previous behavior of quantum
security groups by explicitly adding egress rules to the security profile.
When these rules are removed the vm is no longer able to send traffic out.
This patch adds these rules for NVP. One thing to note in the patch
is that now a bunk rule of IPv4 127.0.0.1/32 is added to each security
profile. The reason for this is by default NVP security profiles allow
all egress traffic until a rule is added and then it just lets traffic
matching those rules out. Adding this bunk rule achieves this behavior
that quantum now uses.
Dan Prince [Thu, 7 Mar 2013 17:41:30 +0000 (12:41 -0500)]
Update tox.ini to support RHEL 6.x.
In order to support running unit tests on RHEL 6.x we need to patch
eventlet with contrib/redhat-eventlet.patch. We already
have support for this in the tools/install_venv_common.py but we
need to make a couple changes to allow tox to consume this:
1) Sync in the latest intall_venv_common.py from oslo. This changes
patch to use the -N option (ignore already applied patches) and
makes it safe to call the patching function more than once.
2) Add a new patch_tox_venv.py script in tools.
3) Update tox.ini to call patch_tox_venv.py before it runs tests and
coverage.
NOTE: This will hopefully go away eventually once this patch lands:
Akihiro MOTOKI [Wed, 13 Feb 2013 13:42:29 +0000 (22:42 +0900)]
Disable secgroup extension when Noop Firewall driver is used
When Noop Firewall driver is used, Quantum security group actually does
nothing in OVS and Linux Bridge plugin. It would be better to disable
security group extension for such case to avoid confusion.
By this we can determine whether quantum security group is enabled
by checking the extension list.
This commit changes OVS/LB/NEC/Ryu plugins with agent firewall_driver
based security group implementation.
Currently the format of error message returned by quota extension was
different with quantum other resource. Other resource will return as
json(eg, '{"QuantumError": "error message"}'). But quota extension only
return messages without any format.
'quantum.api.v2.resource.Resource' provider error messages processing.
So wrap quota controller with it.
By the way, fix some small stuff:
* Use specific exception 'QuotaTenantNotFound' instead of generic exception.
* Correct error message.
* Use attribute mapping checking the request body.
Code Review / openstack-build / neutron-build.git / log