Dane LeBlanc [Thu, 9 Apr 2015 14:32:33 +0000 (10:32 -0400)]
IPv6 SLAAC subnet create should update ports on net
If ports are first created on a network, and then an IPv6 SLAAC
or DHCPv6-stateless subnet is created on that network, then the
ports created prior to the subnet create are not getting
automatically updated (associated) with addresses for the
SLAAC/DHCPv6-stateless subnet, as required.
Assaf Muller [Fri, 27 Mar 2015 23:31:51 +0000 (19:31 -0400)]
Stop running L3 functional tests with both OVSDB interfaces
Running the L3 functional tests with both OVSDB interfaces doubles
the run time and may discourage developers from running them
frequently during development. Since the OVSDB interfaces
are tested explicitly, I don't think the trade off is worth it
here. The L3 functional tests use OVS in a *really* trivial way
and won't catch any issues that the explicit tests won't.
Added an OVSInterfaceDriverTestCase plug functional test that runs with
both OVS interfaces to make it harder to introduce regressions.
Kevin Benton [Mon, 30 Mar 2015 18:49:40 +0000 (11:49 -0700)]
Pass correct port ID back to RPC caller
The previous response to get_device_details calls was returning
whatever the caller requested as the port_id in the response.
This was only correct in the case where the port_id was used
directly. In cases where device names were passed in, there was
no way to retrieve the full port ID.
This corrects that behavior by using the port ID from the database
and adds tests to ensure the behavior remains correct.
Brian Haley [Thu, 9 Apr 2015 21:48:40 +0000 (17:48 -0400)]
Fix intermittent ipset_manager test failure
Change ipset_manager _refresh_set() to make a copy of the list of
IPs when creating a set, instead of using a reference, else any
change to the set could update the caller's data.
Also made the IpsetManagerTestCase classes always pass maxelem and
hashsize to the parent class.
Sudipta Biswas [Wed, 18 Mar 2015 18:05:57 +0000 (23:35 +0530)]
Add clock sync error detection on agent registration
For the server to determine if an agent is alive or not,
it depends on the agent's clock being mostly in sync with the server
clock. The neutron-server may reject and return the request if
there's a timestamp difference between the two nodes. Currently
there's no good way to detect this condition from the agent code.
This fix will improve the error handling
logic by writing an appropriate log in the neutron server's log
file for an early detection of the problem.
This fix targets quite rare case of race condition between
port creation and subnet deletion. This usually happens
during API tests that do things quickly.
DHCP port is being created after delete_subnet checks for
DHCP ports, but before it checks for IPAllocations on subnet.
The solution is to apply retrying logic, which is really necessary
as we can't fetch new IPAllocations with the same query and within
the active transaction in mysql because of REPEATABLE READ
transaction isolation.
Romil Gupta [Mon, 23 Mar 2015 15:05:41 +0000 (08:05 -0700)]
Move values for network_type to plugins.common.constants.py
It is quite confusing to have values for network type in common.constants.py
instead of having in plugins.common.constants.py.
Currently, the plugins/common/constants.py consists network_type constants
like VLAN, VXLAN, GRE etc. but values for network type like ranges
are defined in common.constants.py which is not good, it is better to have
both things at the same place.
This patch set addresses the same.
Moved out few methods which are predominantly used in plugins
from common.utils.py to plugins.common.utils.py.
Removed constants which were used in neutron-fwaas from
plugins.common.constants.py: https://review.openstack.org/#/c/168709/
Gal Sagie [Mon, 6 Apr 2015 05:36:01 +0000 (08:36 +0300)]
Add OVSDB connection as a parameter to the transaction
This adds the ovsdb connection as a parameter to the transaction
in the IDL implementation.
This allows other users to use this with a different connection
Adds DVR functional test for multi-external networks
This patch adds DVR functional test for multiple
external networks related to FIP namespace.
This test validates that FIP namespaces are created
based on the external networks associated with the
router.
Ihar Hrachyshka [Sat, 28 Feb 2015 12:48:18 +0000 (13:48 +0100)]
context: reuse base oslo.context class for to_dict()
It is need to conform to expectations of consumers that rely on
oslo.context behaviour (f.e. oslo.log that relies [1] on user_identity
field being set for context objects).
None of the agents log this information, and the reason is that
it's not useful. Any errors are logged, successful state reports
don't give actionable information as you can see that the agent
is up in neutron agent-list anyway.
The increase in ovs testing is resulting in job failure due to
timeouts in test_killed_monitor_respawns. Giving the test more
time to complete should reduce the failure rate.
Elena Ezhova [Thu, 26 Mar 2015 12:33:36 +0000 (15:33 +0300)]
Sync service from oslo-incubator
This sync includes changes that are required to fix handling
of SIGHUP in Neutron.
The following changes and bugfixes are included:
d24b658 Revert "Optimization of waiting subprocesses in ProcessLauncher" 593005b ProcessLauncher: reload config file in parent process on SIGHUP f29e865 Store ProcessLauncher signal handlers on class level bf92010 Optimization of waiting subprocesses in ProcessLauncher
Avoid synchronizing session when deleting networkdhcpagentbinding
Synchronizing session on delete leads to traces in neutron-server
logs when such binding is deleted concurrently.
Also, catch and ignore ObjectDeletedError during iterating over
bindings, that is possible since the code is not within a transaction.
Changes [1,2] recently merged in temptest. Change [2] in particular
is required if we run the API tests with DVR enabled, because now the
binding logic has been altered by [3].
This patch ensure that should that happen, the API job doesn't fail.
Dane LeBlanc [Sat, 4 Apr 2015 22:50:36 +0000 (18:50 -0400)]
Re-use context session in ML2 DB get_port_binding_host
This patch modifies ML2 DB get_port_binding_host method so that it
reuses the existing context session to do the database query
rather than creating a new database session.
Note that there are other methods in ML2 DB that do not re-use
the caller's session (get_port_from_device_mac() and
get_sg_ids_grouped_by_port()). These will be modified using
a separate bug (https://bugs.launchpad.net/neutron/+bug/1441205).
Change-Id: I8aafb0a70f40f9306ccc366e5db6860c92c48cce
Closes-Bug: #1440183
Change eba4c2941ee introduced these tests. However they are not that useful as they
simply mimick the code, without really ensuring that the behavior is expected, so
they provide negative value ([1]), plus, they fail randomly.
This patch removes them in favor of a more useful functional check.
Maru Newby [Tue, 24 Mar 2015 19:45:46 +0000 (19:45 +0000)]
Enhance TESTING.rst
Add detail about api testing and provide better visual separation
between the different types of testing.
The current testing guidelines are mainly about running tests, and
this change does little to fix that. The intention is to add detail
about writing tests in subsequent changes.
Arbitrarily restricting ourselves from using bash because developers on
platforms like netbsd don't want to install bash from ports doesn't
make sense. Any non-trivial shell script is likely to use features
like arrays or string manipulation that are poorly supported (if at
all) by sh, and the continued bumping of the number of expected bash
scripts is an indication that the check is not serving its purpose
anyway.
Along with removing the check, all shebang references to /bin/bash
have been replaced with /usr/bin/env bash in an attempt to be more
compatible across different hosts.
Ed Bak [Mon, 9 Feb 2015 23:13:18 +0000 (23:13 +0000)]
Return from check_ports_exist_on_l3agent if no subnet found
The call to get_subnet_ids_on_router can return an empty list.
If the subnet_ids list is empty, the subsequent call to get
the ports on a subnet returns all ports. If this occurs
when doing a remove_router_interface, the performance
of a remove_router_interface degrades significantly. This change
returns immediately from check_ports_exist_on_l3agents if no
subnet is found. A new unit test has been added to cover
the specific case of returning immediately without calling
get_ports when a remove_router_interface operation is performed.
YAMAMOTO Takashi [Wed, 18 Mar 2015 04:27:15 +0000 (13:27 +0900)]
linuxbridge UT: Fix a regression of the recent ip_lib change
A recently merged change, I07d1d297f07857d216649cccf717896574aac301,
changed IPWrapper.get_devices to use /sys instead of executing ip command.
Unfortunately it broke linuxbridge unit tests, which seems to assume that
mocking utils.execute is enough in some places. This commit fixes the
regression.
Recent refactor to the L3 Agent have introduced
this problem. When we create a VM after we
attach an interface to a router or when we add
an interface with an existing VM to a router, in
both cases the arp entries for the dvr serviced
ports are not getting populated in the Router
Namespace.
This change moves plugin test modules to conform to the new rules on
unit test tree structure (see TESTING.rst).
Vendor plugin paths continue to be ignored, and unit test modules that
test features instead of modules are also ignored pending their
removal to the functional test tree.
The unit test reorg is about moving files around so a test module is
clearly associated with the code module it targets, but the test
modules in this change needed to be manually merged because they both
targeted the same module.
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
regressions.
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
Brian Haley [Fri, 3 Apr 2015 01:11:06 +0000 (21:11 -0400)]
Add ipset element and hashsize tunables
Recently, these messages have been noticed in both tempest
logs, as well as reported by downstream users syslog:
Set IPv4915d358d-2c5b-43b5-9862 is full, maxelem 65536 reached
So the default of 64K is not sufficient enough.
This change adds two config options to control both the number
of elements as well as the hashsize, since they should be
tuned together for best performance. Slightly different
formats were required for 'ipset create' and 'ipset restore'.
The default values for these are now set to 131072 (maxelem) and
2048 (hashsize), which is an increase over their typical default values
of 65536/1024 (respectively), in order to fix the errors seen in
the tempest tests.
Cedric Brandily [Tue, 17 Mar 2015 15:20:07 +0000 (15:20 +0000)]
Allow metadata proxy running with nobody user/group
Currently metadata proxy cannot run with nobody user/group as metadata
proxy requires to connect to metadata_proxy_socket when queried.
This change allows to run metadata proxy with nobody user/group by
allowing to choose the metadata_proxy_socket mode with the new option
metadata_proxy_socket_mode (4 choices) in order to adapt socket
permissions to metadata proxy user/group.
This change refactors also where options are defined to enable
metadata_proxy_user/group options in the metadata agent.
In practice:
* if metadata_proxy_user is agent effective user or root, then:
* metadata proxy is allowed to use rootwrap (unsecure)
* set metadata_proxy_socket_mode = user (0o644)
* else if metadata_proxy_group is agent effective group, then:
* metadata proxy is not allowed to use rootwrap (secure)
* set metadata_proxy_socket_mode = group (0o664)
* set metadata_proxy_log_watch = false
* else:
* metadata proxy has lowest permissions (securest) but metadata proxy
socket can be opened by everyone
* set metadata_proxy_socket_mode = all (0o666)
* set metadata_proxy_log_watch = false
An alternative is to set metadata_proxy_socket_mode = deduce, in such
case metadata agent uses previous rules to choose the correct mode.
The example retargetable test that previously ran as part of the
functional suite is now skipped due to the fullstack example's db
fixture usage causing the test to fail if it the fullstack example
runs first on the same worker.
Code Review / openstack-build / neutron-build.git / log