Carl Baldwin [Thu, 16 Jan 2014 21:12:23 +0000 (21:12 +0000)]
Avoid unnecessarily checking the existence of a device
Plugging a device usually involves checking for the existence of the
device twice, once before calling plug and once after. It turns out
that these calls are expensive, often taking a half second or more
each. For that reason, it is worth the effort to make sure we check
only once.
The device driver is now responsible for cleanly plugging/unplugging
the device without knowing whether it exists or not. Pushing this
responsibility to the device driver allows implementing it more
efficiently in terms of calls made out to the operating system.
This is targetted at the neutron-tempest-parallel bp because it shaves
time off the time to set up a router, something that hinders parallel
performance.
Claudiu Belu [Mon, 17 Feb 2014 00:17:20 +0000 (16:17 -0800)]
Minor refactoring for Hyper-V utils and tests
A separate commit in the blueprint addressed by this patch
introduces the "_filter_acls" and "_create_acl" methods
which can be used in "enable_port_metrics_collection"
as well to reduce code duplication.
This commit eliminates also some code duplication
in test_hyperv_utilsv2.py.
Ann Kamyshnikova [Thu, 27 Feb 2014 12:27:40 +0000 (16:27 +0400)]
Different class names for VPNaaS migrations
In migrations 52ff27f7567a_support_for_vpnaas.py and
338d7508968c_vpnaas_peer_address_.py different class names are set:
neutron.services.vpn.plugin.VPNDriverPlugin and ne
utron.services.vpn.plugin.VPNPlugin.
Aaron Rosen [Fri, 28 Feb 2014 06:26:30 +0000 (22:26 -0800)]
ML2: database needs to be initalized after drivers loaded
Previously, if you started neutron-server with an empty database some
of the tables that drivers use are not automatically created. That said,
one should probably run neutron-db-manage manually to create the tables
and not rely on neutron to do this. This regression was cause in 326b85.
Change-Id: I2c578733de0213945b31fba86a3b0ea45c02295a
Closes-bug: #1285993 Co-Authored-By: Itsuro Oda <oda@valinux.co.jp>
Akihiro MOTOKI [Wed, 23 Oct 2013 04:40:53 +0000 (13:40 +0900)]
NEC plugin: PFC packet fitler support
It also enhances the following points of packet filter code:
- Allow to clear filter fields to wildcard by specifying None
in PUT method
- Return None for wildcard fields in an API response
- Determine eth_type based on protocol field on DB layer
- Support OFC driver-specific API validation and update support
- Refactor packet filter code and better validations
Aaron Rosen [Wed, 26 Feb 2014 18:26:20 +0000 (10:26 -0800)]
NSX: make sync backend run more often
This patch bumps the state_sync_interval from 120 seconds to 10 seconds
so that resource's operation status are synced to the db quicker. This cuts
the amount of time that tempest takes to run by half.
Ivar Lazzaro [Mon, 3 Mar 2014 19:29:17 +0000 (11:29 -0800)]
Embrane Plugin fails alembic migrations
Alembic migration from revision f44ab9871cd6 to 2eeaf963a447 is failing on
Embrane Plugin because the floatingips table doesn't exist.
The problem happens because the plugin is actually inheriting from OVS's Plugin,
and therefore it doesn't take part of the correct migration path at installation time.
As far as I have investigated, adding the support on ext_gw_mode and l3_support is enough to solve the problem.
This commit adds support for currently provided Mellanox Plugin
embedded switch functionality as part of the VPI (Ethernet/InfiniBand)
HCA as an ML2 MechanismDriver.
MechanismDriver adds support for VNIC_DIRECT and VNIC_MACVTAP vnic types.
MechanismDriver provides configurable default vif_type for neutron port created
with default VNIC_NORMAL vnic type till nova api support for vnic_type is available.
Remove nvplib and move utility methods into nsxlib
This patch completes the process of moving code from nvplib
to nsxlib. Utility methods such as do_request and get_all_query_pages
are transferred into nsxlib, so that nvplib can be safely removed.
berlin [Tue, 5 Nov 2013 02:31:00 +0000 (10:31 +0800)]
Support advanced NVP IPsec VPN Service
The patch adds NVP advanced IPsec VPN Service support for NVP with VCNS:
* NVP IPsec VPN is an advanced Service depending on NVP
advanced service router
* NVP IPsec VPN Service will finally call VCNS IPsec VPN bulk
reconfiguration to map to VPN DB logic
Shashank Hegde [Fri, 14 Feb 2014 02:20:45 +0000 (18:20 -0800)]
Improves Arista's ML2 driver's sync performance
In large scale deployments a full sync between Neutron and EOS can take minutes.
In order to cut that time, this patch batches multimle EOS CLI commands and
sends them to EOS instead of sending each command separately. For example, if a
tenant has 10 networks, instead of making 10 RPC calls to EOS to create those 10
networks, this patch builds a commands to create those 10 networks and makes
just one RPC call to EOS which cuts down sync times significantly. All the _bulk()
methods are added to batch such requests.
Another optimization is to timestamp when the Region data was modified (This
includes any tenant creation, their networks, VMs and ports). The sync gets the
timestamp from EOS and only if the timestamps do not match, the driver performs
a full sync.
Akihiro Motoki [Fri, 21 Feb 2014 08:42:46 +0000 (17:42 +0900)]
nec plugin: Avoid long transaction in delete_ports
db_plugin.delete_ports() can lead to long transaction
if plugin.deleete_port talks with external system.
This commit removes a transaction in delete_ports and
allows NEC plugin to use more granular db transactions
in delete_port. It greatly helps db race conditions and
timeouts in delete_port operations.
To avoid to impact other plugins/drivers by changing
db_plugin.delete_ports directly and to land this patch soon,
this commit overrides delete_ports() in NEC plugin.
Further disssion on transaction in delete_ports will be
discussed under bug 1282925.
Akihiro Motoki [Wed, 12 Feb 2014 17:51:45 +0000 (02:51 +0900)]
Avoid using "raise" to reraise with modified exception
The code changes the exception and reraises it.
This commit changes the code to use the same way as
excutils.save_and_reraise_exception does to ensure
the exception context.
This is the last patch of reraise clean up series.
fumihiko kakuma [Wed, 29 Jan 2014 01:54:12 +0000 (10:54 +0900)]
Implement OpenFlow Agent mechanism driver
This adds ML2 mechanism driver controlling OpenFlow switches
and an agent using Ryu as OpenFlow Python library.
- An agent acts as an OpenFlow controller on each compute nodes.
- OpenFlow 1.3 (vendor agnostic unlike OVS extensions).
Add a new 'status' attribute to the floating IP resource.
Extend the plugin RPC interface for allowing status updates from agents,
and implement support for operational status in the L3 agent.
The default behaviour for all the plugins different from
neutron.services.l3_router.l3_router_plugin is to set the status of
a floating IP to ACTIVE upon creation.
Kevin Benton [Tue, 11 Feb 2014 03:36:22 +0000 (19:36 -0800)]
BigSwitch: Add agent to support neutron sec groups
Adds a BigSwitch Agent responsible for supporting
neutron security groups on the compute node. Adds
the mixin classes to the plugin to support the
security group calls.
Jon Grimm [Wed, 27 Nov 2013 19:10:33 +0000 (13:10 -0600)]
Openvswitch update_port should return updated port info
Found when I enabled test_extension_allowedaddress_pairs, where
test_create_port_removed_allowed_address_pairs would fail due to the
returned port still containing the original addresspair. The cause is
ovs simply not updating the port info being returned.
This patch additionally enables test_extension_allowedaddress_pairs for
openvswitch.
Moved checks and updating into method similar to what we do for
extradhcpopts and security_groups.
Additionally, this required fixing is_address_pairs_attribute_updated() as
it was passing (non-hashable) dicts to utils.compare_elements.
Xuhan Peng [Fri, 14 Feb 2014 09:20:01 +0000 (04:20 -0500)]
Change firewall to DOWN when admin state down
Currently firewall remains in status "ACTIVE" after admin state
is changed to DOWN.
This fix sets firewall status to "DOWN" if admin state is updated
from "UP" to "DOWN". "DOWN" status is used by other network resources
so use "DOWN" to keep consistent.
Update License Headers to replace Nicira with VMware
In the process __init__.py involved have been emptied;
vim modelines and author lines have been dropped from
the license headers affected by the change as well.
This patch introduces DB mappings between neutron security
groups and NSX security profiles, thus not requiring anymore
the Neutron router ID to be equal to the NSX one.
This change is needed for enabling asynchronous operations in
the NSX plugin.
Related to blueprint nvp-async-backend-communication
Vincent Untz [Sun, 23 Feb 2014 16:57:05 +0000 (17:57 +0100)]
Fix get_vif_port_by_id to only return relevant ports
This is returning any port, even if it's not on the switch that we're
looking at. As a side-effect, this means that we can actually manipulate
these ports while we really shouldn't.
The migration path for the NSX plugin was not working correctly,
as two migrations (extra route and network gateways) were
skipped.
Therefore installations were partially relying on automatic
schema generation.
This patch fixes the migration path, as well as an attribute
whose name in the migration and the DB model differed.
Shuangtai Tian [Wed, 26 Feb 2014 11:11:38 +0000 (19:11 +0800)]
Add user-supplied arguments in log_handler
Sync from Oslo, change-id: I91289cc4a60f5dab89bca852e6f52b4b83831e47
When using PublishErrorsHandler, it will missing user-supplied
arguments. For example, do LOG.info("blabla %s", "foo"), the
payload only contains "blabla %s", but we expect it like "blabla foo".
Aaron Rosen [Wed, 12 Feb 2014 22:25:31 +0000 (14:25 -0800)]
NSX: Fix newly created port's status should be DOWN
Previously when creating a port in neutron using the nsx plugin
the port status returned would be ACTIVE even if this was not the
case. Now, DOWN is returned which will be updated by the backend
when the port goes ACTIVE.
Darragh O'Reilly [Tue, 14 Jan 2014 15:02:17 +0000 (15:02 +0000)]
Remove pyudev dependency
pyudev was only used by the linuxbridge-agent to get the list
of virtual network devices. This can be got from /sys instead.
This patch fixes the problem where testr could not import the
lb-agent module because pyudev was not in requirements.txt.
Akihiro Motoki [Wed, 19 Feb 2014 19:21:55 +0000 (04:21 +0900)]
Lower log level of errors due to user requests to INFO
Errors due to bad client requests (e.g., NotFound, BadRequest)
are logged as exception/trace level and it is annoying
from the point of operators' view.
This commit changes the log level for errors due to
user requests (HTTP 4xx errors) to INFO.
sridhargaddam [Mon, 24 Feb 2014 15:21:31 +0000 (20:51 +0530)]
Include proper Content-Type in the HTTP response headers
Neutron namespace proxy handler and metadata agent were not setting the
Content-Type in its response. Both of them were returning only the response
data which is obtained from the nova-metadata-service. Since they were returning
only the response data, the Content-Type returned to the clients has the default
one which is - "text/html". Ideally this should be set to the data type which is
present in the HTTP Response. The fix now includes the Content-Type which is
returned by nova-metadata-service
Oleg Bondarev [Thu, 24 Oct 2013 12:53:55 +0000 (16:53 +0400)]
LBaaS: check for associations before deleting health monitor
Need to prohibit health monitor deletion if it has associations with
pools. Given that pools may belong to different lbaas drivers the process
of monitor deletion becomes complex and unreliable since association
deletion may fail on any single driver.
mathieu-rohon [Thu, 20 Feb 2014 16:39:00 +0000 (17:39 +0100)]
l2-population/lb/vxlan : ip neigh add command failed
we were using ip neigh add command which must be replaced by
ip neigh replace, to avoid error when creating a VM with an ip
previously used by a deleted VM
mathieu-rohon [Thu, 20 Feb 2014 09:39:43 +0000 (10:39 +0100)]
l2-population : send flooding entries when the last port goes down
Delete port used to call update_port_down to calculate
its fdb entries during delete_port_precommit. But during
the pre-commit, the port is still up, so update_port_down
acts as if there was still one port on the agent, and
doesn't add flooding entry in its fdb_entries.
Terry Wilson [Fri, 24 Jan 2014 19:04:18 +0000 (13:04 -0600)]
Ensure ovsdb-client is stopped when OVS agent dies
If the OVS agent is killed, the interpreter is killed before any cleanup
is done. This patch adds a signal handler for SIGTERM that exits
normally so that the existing cleanup is done and the ovsdb-client
process is terminated.
The code that syncs router status to the neutron_db was using the nsx
router id instead of the neutron router id thus synchronize_router
would never update the database.
Also, the switch synchronization routine was not fetching the
appropriate neutron id tag thus causing switch synchronization to
be skipped.
This patch also fixes the error in the unit tests which allowed for
the bug to be introduced.
Bob Kukura [Thu, 13 Feb 2014 17:35:25 +0000 (12:35 -0500)]
ML2 binding:profile port attribute
The ML2 plugin stores the binding:profile port attribute, defined as a
dictionary, in its ml2_port_bindings DB table. Since the plugin can
support a variety of MechanismDrivers with different needs for
binding:profile attribute content, the plugin will accept, store, and
return arbitrary key/value pairs within the attribute. As with the
binding:host_id attribute, updates to binding:profile trigger
rebinding.
Rename/remove Nicira NVP references from VMware NSX unit tests
This patch sweeps for Nicira and NVP references and replace
them with VMware and NSX where possible. Some clean-up is
done along the way to improve the organization of the
unit tests module.
Irena Berezovsky [Thu, 16 Jan 2014 12:28:01 +0000 (14:28 +0200)]
Change tenant network type usage for IB Fabric
This patch changes tenant network type usage for InfiniBand Fabric
to vlan type. Add the indication of Fabric Type (Ethernet/InfiniBand)
to the provider_network via the plugin configuration file.
If physical network type is not specified for some provider network
listed in the network_vlan_ranges, use default physical network type.
Isaku Yamahata [Thu, 13 Feb 2014 11:19:25 +0000 (20:19 +0900)]
options: consolidate options definitions
Some config options(interface_driver, use_namespaces) are defined
multiple times in ad-hoc way. It causes DuplicateOptError exception
when using those module at the same time. Right now the exception is
avoided in ad-hoc way by each executable. Those duplicated
definitions should be consolidated and treated in uniformed way.
This is the blocker for blueprint: l3-agent-consolidation
neutron.services.loadbalancer.drivers.haproxy.agent periodic_interval
conflicts with neutron.service one. Since there is no way to fix it
without changing existing behavior/default value, it is untouched for now.
Bob Kukura [Tue, 4 Feb 2014 04:18:44 +0000 (23:18 -0500)]
Replace binding:capabilities with binding:vif_details
In addition to binding:vif_type, the neutron core plugin needs to
supply various information to nova's VIF driver, such as VIF security
details and PCI details when SR-IOV is being used. This information is
read-only, requires admin privileges, and is not intended for normal
users. Rather than add separate mechanisms throughout the stack for
each such requirement, the binding:capabilities port attibute, which
is a dictionary and is not currently not used by nova, is renamed to
binding:vif_details to serve as a general-purpose mechanism for
supplying binding-specific details to the VIF driver.
This patch does not remove or replace the CAP_PORT_FILTER boolean
previously used in binding:capabilities. A separate patch should
implement the specific key/value pairs carried by binding:vif_details
to implement VIF security. Another patch will implement the key/value
pairs needed for SR-IOV.
The ML2 plugin now allows the bound mechanism driver to supply the
binding:vif_details dictionary content, instead of just the
CAP_PORT_FILTER boolean previously carried by the binding:capabilities
attribute.
DocImpact: Need to update portbinding extension API, but no impact on
user or administrator documentation.
Dazhao [Fri, 21 Feb 2014 09:53:30 +0000 (17:53 +0800)]
Make sure dnsmasq can distinguish IPv6 address from MAC address
Currrently, due to in dnsmasq host file, the IPv6 address does
not be wrapped with '[]', dnsmasq cannot distinguish IPv6 address
from MAC address, it will cause the deployed instances cannot get
IPv6 address via dnsmasq dhcp service.
Itsuro Oda [Mon, 6 Jan 2014 06:03:14 +0000 (15:03 +0900)]
Make metaplugin be used with a router service plugin
"l3_plugin_list" configuration parameter of the metaplugin is permitted
blank now.
If "l3_plugin_list" is blank, router extension and extensions which extend
the router extension don't be included in "supported-extension-aliases" of
the metaplugin.
This makes the metaplugin be able to be used with a router service plugin.
Note that if "l3_plugin_list" is not blank, a router service plugin must
not be specified, otherwise the error of the bug report still occurs.
This patch removes some router extension related meaningless codes also.
(e.g. external-net extension belongs to L2 functionality and be handled
by core plugins properly.)
Kevin Benton [Sun, 9 Feb 2014 19:39:39 +0000 (11:39 -0800)]
BigSwitch: Fix tenant_id for shared net requests
The URI port requests are sent to on the backend
contains the tenant_id of the network. This corrects
a bug where, on port updates and deletes, the tenant_id
of the port rather than the network was being used,
which was incorrect when attached to a shared network.
zhhuabj [Fri, 17 Jan 2014 10:21:01 +0000 (18:21 +0800)]
Raise max header size to accommodate large tokens
The max header is exceeded in the following scenario
- Auth tokens built with a keystone v3 API catalog
- A catalog with approximately 8 or more endpoints defined
Aaron Rosen [Tue, 18 Feb 2014 21:15:02 +0000 (13:15 -0800)]
NSX: get_port_status passed wrong id for network
The call to get_port_status in update_port was passing in the neutron
network_id instead of the nsx_network_id. These used to be the same
but now are different. This patch updates the code so that it now
passes in the correct uuid.
Aaron Rosen [Wed, 19 Feb 2014 23:08:54 +0000 (15:08 -0800)]
Plugins should call __init__ of db_base_plugin for db.configure
Currently each plugin calls db.configure() within the plugin's __init__
class or defines an initialize() method that's sole job is to call this
method. Instead we should just call the super method of a plugin so that
db.configure() is called for us out of the db_base_plugin class.
Note: the only reason why I'm making this change is that I want to add
something to the __init__() class of the db_base_plugin that's needed for
the nova-event-callback blueprint and adding it in the base class of init
looks to be the best place.