Stephen Gran [Thu, 29 Aug 2013 06:11:44 +0000 (07:11 +0100)]
Create RPC connection before modifying OVS bridges
On startup, the agent removes and readds flows to the OVS bridges. If
an RPC setup error exits the process prematurely, this can leave the
bridges in an unsafe state. It is better to set the RPC communication
up before making changes to the host system.
Closes-Bug: 1217980
Change-Id: Ib9bbb864b9129bb7b1376a150a37a0c07908d74b Signed-off-by: Stephen Gran <stephen.gran@guardian.co.uk>
Return 400 if creating a distributed router on old NVP platforms
Without checking for the right NVP support, creating a distributed
router will silently fail, i.e. ithe 'distributed' attribute will
be ignored and a centralized router will be created instead.
This patch adds support for NVP distributed logical routers
adding a simple attribute extension.
The default router type can be controlled used the default_router_type
option in the nvp section of neutron configuration.
In order to ensure backward compatibility, pre-existing routers
will be treated as centralized routers.
Akihiro MOTOKI [Thu, 29 Aug 2013 12:08:06 +0000 (21:08 +0900)]
Load tables of service plugins when migration auto generation
When we run "neutron-db-manage revision --autogenerate", it detects
table deletion of service plugins even when they are configured.
We need to load tables of service plugins to teach alembic such
tables exist.
Roman Podolyaka [Tue, 30 Apr 2013 12:12:15 +0000 (15:12 +0300)]
Fix a race condition in add_tunnel_endpoint()
If there are multiple OVS agents concurrently executing
'tunnel_sync' RPC call a race condition can occur
leading to insertion of two different TunnelEndpoint
entries having the same 'id' value.
Unfortunately, we can not rely on:
- @lockutils.synchronized(), because a Neutron installation can use
more than one API node
- with_lockmode('update'), because it works differently in PostgreSQL
comparing to MySQL and doesn't guarantee that no new rows have been
added to the table since the select query was issued. Please take a
look at http://www.postgresql.org/files/developer/concurrency.pdf for
more details.
The proposed fix:
- ensures there is a unique constraint set for 'id' column
- wraps creation of a new TunnelEndpoint entry into a
repeatedly executed transactional block (so even if a concurrent
DB transaction has been flushed or commited earlier than this one
we can handle an integrity error and try again, in spite of the
specified transactions isolation level value)
If a port is currently using the subnet's gateway IP, which usually
happens for router interfaces, do not allow updates to the gateway IP.
This patch adds an extra query on the IPAllocation model, which
returns at most a single record, and is executed in _validate_subnet
only when the subnet is updated.
There are cases in which an admin context is created only to grab a db
session and ensure no tenant filters are applied in _model_query. In
these cases evaluating the policy engine for grabbing admin roles is not
necessary, and can cause unexpected and serious issues if the context is
grabbed before all the extensions are loaded.
This patch enables the plugin to deal correctly with
newer versions of the NVP platform; this is done by
allowing the plugin to fall back to the closest known
version of the NVP platform. This is acceptable behavior
as L2/L3 operations implemented by the platform are most
certainly backward compatible.
This patch also improves test coverage for this part of the
code, which is critical to the correct behavior of the plugin.
There are trailing commas in default value of some options, uncomment
them will cause CRITICAL error for neutron-server. These sample config
may mislead operators, so this patch fix them to the correct format.
Claudiu Belu [Wed, 7 Aug 2013 14:15:09 +0000 (07:15 -0700)]
Adds support for the Hyper-V WMI V2 namespace
Blueprint: hyper-v-wmi-v2
The Hyper-V APIs are mainly based on WMI. The original 2008 Hyper-V
release introduced the "root\virtualization" namespace which got
superseded in Hyper-V Server / Windows Server 2012 by the
"root\virtualization\v2" namespace (referred as V2 in the sources).
The original namespace has been dropped in the upcoming Hyper-V 2012
R2 (currently available in preview), which means that the Grizzly code
will not be compatible with it as is.
The Hyper-V driver is structured with a clear decoupling between OS
interaction classes (so called *utils modules and classes) and the
agent's logic.
This allows us to provide an implementation of the V2 API without
impacting the rest of the agent's code, based on a factory module
added to instantiate the proper version of the *utils classes: the
original "V1" ones for versions of the OS predating 2012 and the
newer "V2" ones starting from Hyper-V 2012 (Windows kernel version
6.2).
Kevin Benton [Fri, 23 Aug 2013 12:51:54 +0000 (05:51 -0700)]
BigSwitch plugin - add portbinding info in requests to controller
Include portbinding info in requests to controller so it receives
information about the compute node like the VIF type and the host
ID. Also includes better debug output on back-end failures.
Maru Newby [Thu, 22 Aug 2013 07:57:00 +0000 (07:57 +0000)]
Minimize ovs l2 agent calls to get_vif_port_set()
The ovs l2 agent was previously calling get_vif_port_set() on the
integration bridge once per rpc_loop() iteration and then again in
the periodic _report_state() call that returns the current device
count to the neutron service. Since get_vif_port_set() is an
expensive call (relying on shell commands) and since there
is minimal risk associated with reporting stats that are a few
seconds old, this patch caches the device count for reuse by
_report_state().
Improve dhcp agent structure to support multiple dhcp models
This patch introduces some minor refactoring of the dhcp
code so that it is easy to support both an in-node/same
process dhcp provisioning model (e.g. with dnsmasq) and
proxy model, where DHCP is provided by an external node.
Higher separation of concerns is also achieved by doing
better data encapsulation.
Add a relationship performing eager load in the Port model, thus preventing
the 'extend' function from performing an extra query.
This patch also replaces assertTrue with assertEqual in unit tests as it
needs to evaluate whether the value of the mac_learning_enabled attribute
is equal to the boolean literal True, whereas assertTrue verifies that the
expression passed to it evaluates to True. This means that any value but
False will be enough for the test to pass, which is not correct.
This patch does a simple refactoring of test_l3_plugin, pushing out tests
aimed at validating the interactions of the l3 agent with the server.
These tests explicitly use TestL3NatPlugin, whereas all the
other tests use a configurable plugin, which might be specificed by a child
class. This might lead to confusion and possibly errors in unit tests for
child classes, especially those not using the l3 agent - for which running
these test is also superfluous.
Eugene Nikanorov [Thu, 22 Aug 2013 15:08:34 +0000 (19:08 +0400)]
Fix port creation issue appeared with postgresql backend
IPAllocationPool has relation to IPAvailabilityRange which is setup to
load eagerly. Eager loading is implemented with left outer join which is
incompatible with with_lockmode('update') on postgresql.
The fix redefines eager loading with options(joinedload) making it use
inner join.
Current packet processing in br-tun is based on tun-id,
as a consequence, two networks using different tunnel
types but sharing the same tun-id would not be properly isolated.
To ensure proper isolation within a single bridge, NORMAL action
can't be used any more as it floods unknown unicasts on all
bridges ports. It is replaced by a learn action that dynamically
sets-up flows when packets are recieved from tunnel ports. As mac
address are learnt in explicit flows (in table 20), we can use a
default action in that table to flood unknown unicasts to the
right set of ports, like broadcasts and multicasts packets.
See https://wiki.openstack.org/wiki/Ovs-flow-logic for a more
detailled explanation of the flow logic
Another alternative could have been to use distinct bridges for
each tunnel type (whithout modifying the current flow logic),
but previous alternative may be preferable as it paves the way
for new tunneling optimisations (like RPC based mac learning and
partial-mesh flooding proposed in bp/l2-population)
Irena Berezovsky [Sun, 11 Aug 2013 06:19:03 +0000 (09:19 +0300)]
Add recent neutron extentions and IB support
Additions to Mellanox Plugin:
Add ML2 compatibility support.
Enable Infiniband Network Type.
Keep the compatibility to Linux Bridge Plugin to allow Network node deployment via Linux Bridge L2 Agent.
Add support for Host Port Binding and L3/DHCP Agent Scheduler.
The value of auth_url is incorrect, some operators may not change
that value and problem will occur. According to keystone, 35357 is
the port number which the public admin listens on, 5000 should be
used for neutron instead.
Remove calls to policy.check and policy.enforce from plugin code
Completes blueprint make-authz-orthogonal
This patch removes a few explicit policy checks recently added to
the plumgrid and cisco plugins.
They are not necessary as the same checks are already performed
by the policy engine.
Luis A. Garcia [Tue, 20 Aug 2013 19:16:06 +0000 (19:16 +0000)]
Use system locale when Accept-Language header is not provided
Remove en_US as the default language when no header is provided, and use
None instead. Upon translation None will be defaulted to system as it
was before the translation changes.
ML2 doesn't support ext-gw-mode, resulting in L3 agents not
setting-up NAT rules in neutron routers (currently, l3 agents
will assume enable_snat=false if plugin doesn't provide this
parameter as described in bug 1212868)
This patchset adds the support of ext-gw-mode to ML2 plugin.
In order to support ext-gw-mode alembic migration (as well as
other potential migrations on plugin dbs), folsom_initial
migration script is fixed to include ML2 plugin. Otherwise
databases won't be set-up during migration script (but at
plugin startup by sqlalchemy), resulting in migration failures.
Code Review / openstack-build / neutron-build.git / log