Sudipta Biswas [Wed, 18 Mar 2015 18:05:57 +0000 (23:35 +0530)]
Add clock sync error detection on agent registration
For the server to determine if an agent is alive or not,
it depends on the agent's clock being mostly in sync with the server
clock. The neutron-server may reject and return the request if
there's a timestamp difference between the two nodes. Currently
there's no good way to detect this condition from the agent code.
This fix will improve the error handling
logic by writing an appropriate log in the neutron server's log
file for an early detection of the problem.
This fix targets quite rare case of race condition between
port creation and subnet deletion. This usually happens
during API tests that do things quickly.
DHCP port is being created after delete_subnet checks for
DHCP ports, but before it checks for IPAllocations on subnet.
The solution is to apply retrying logic, which is really necessary
as we can't fetch new IPAllocations with the same query and within
the active transaction in mysql because of REPEATABLE READ
transaction isolation.
Romil Gupta [Mon, 23 Mar 2015 15:05:41 +0000 (08:05 -0700)]
Move values for network_type to plugins.common.constants.py
It is quite confusing to have values for network type in common.constants.py
instead of having in plugins.common.constants.py.
Currently, the plugins/common/constants.py consists network_type constants
like VLAN, VXLAN, GRE etc. but values for network type like ranges
are defined in common.constants.py which is not good, it is better to have
both things at the same place.
This patch set addresses the same.
Moved out few methods which are predominantly used in plugins
from common.utils.py to plugins.common.utils.py.
Removed constants which were used in neutron-fwaas from
plugins.common.constants.py: https://review.openstack.org/#/c/168709/
Gal Sagie [Mon, 6 Apr 2015 05:36:01 +0000 (08:36 +0300)]
Add OVSDB connection as a parameter to the transaction
This adds the ovsdb connection as a parameter to the transaction
in the IDL implementation.
This allows other users to use this with a different connection
None of the agents log this information, and the reason is that
it's not useful. Any errors are logged, successful state reports
don't give actionable information as you can see that the agent
is up in neutron agent-list anyway.
The increase in ovs testing is resulting in job failure due to
timeouts in test_killed_monitor_respawns. Giving the test more
time to complete should reduce the failure rate.
Elena Ezhova [Thu, 26 Mar 2015 12:33:36 +0000 (15:33 +0300)]
Sync service from oslo-incubator
This sync includes changes that are required to fix handling
of SIGHUP in Neutron.
The following changes and bugfixes are included:
d24b658 Revert "Optimization of waiting subprocesses in ProcessLauncher" 593005b ProcessLauncher: reload config file in parent process on SIGHUP f29e865 Store ProcessLauncher signal handlers on class level bf92010 Optimization of waiting subprocesses in ProcessLauncher
Changes [1,2] recently merged in temptest. Change [2] in particular
is required if we run the API tests with DVR enabled, because now the
binding logic has been altered by [3].
This patch ensure that should that happen, the API job doesn't fail.
Dane LeBlanc [Sat, 4 Apr 2015 22:50:36 +0000 (18:50 -0400)]
Re-use context session in ML2 DB get_port_binding_host
This patch modifies ML2 DB get_port_binding_host method so that it
reuses the existing context session to do the database query
rather than creating a new database session.
Note that there are other methods in ML2 DB that do not re-use
the caller's session (get_port_from_device_mac() and
get_sg_ids_grouped_by_port()). These will be modified using
a separate bug (https://bugs.launchpad.net/neutron/+bug/1441205).
Change-Id: I8aafb0a70f40f9306ccc366e5db6860c92c48cce
Closes-Bug: #1440183
Change eba4c2941ee introduced these tests. However they are not that useful as they
simply mimick the code, without really ensuring that the behavior is expected, so
they provide negative value ([1]), plus, they fail randomly.
This patch removes them in favor of a more useful functional check.
Maru Newby [Tue, 24 Mar 2015 19:45:46 +0000 (19:45 +0000)]
Enhance TESTING.rst
Add detail about api testing and provide better visual separation
between the different types of testing.
The current testing guidelines are mainly about running tests, and
this change does little to fix that. The intention is to add detail
about writing tests in subsequent changes.
Arbitrarily restricting ourselves from using bash because developers on
platforms like netbsd don't want to install bash from ports doesn't
make sense. Any non-trivial shell script is likely to use features
like arrays or string manipulation that are poorly supported (if at
all) by sh, and the continued bumping of the number of expected bash
scripts is an indication that the check is not serving its purpose
anyway.
Along with removing the check, all shebang references to /bin/bash
have been replaced with /usr/bin/env bash in an attempt to be more
compatible across different hosts.
Ed Bak [Mon, 9 Feb 2015 23:13:18 +0000 (23:13 +0000)]
Return from check_ports_exist_on_l3agent if no subnet found
The call to get_subnet_ids_on_router can return an empty list.
If the subnet_ids list is empty, the subsequent call to get
the ports on a subnet returns all ports. If this occurs
when doing a remove_router_interface, the performance
of a remove_router_interface degrades significantly. This change
returns immediately from check_ports_exist_on_l3agents if no
subnet is found. A new unit test has been added to cover
the specific case of returning immediately without calling
get_ports when a remove_router_interface operation is performed.
YAMAMOTO Takashi [Wed, 18 Mar 2015 04:27:15 +0000 (13:27 +0900)]
linuxbridge UT: Fix a regression of the recent ip_lib change
A recently merged change, I07d1d297f07857d216649cccf717896574aac301,
changed IPWrapper.get_devices to use /sys instead of executing ip command.
Unfortunately it broke linuxbridge unit tests, which seems to assume that
mocking utils.execute is enough in some places. This commit fixes the
regression.
Recent refactor to the L3 Agent have introduced
this problem. When we create a VM after we
attach an interface to a router or when we add
an interface with an existing VM to a router, in
both cases the arp entries for the dvr serviced
ports are not getting populated in the Router
Namespace.
This change moves plugin test modules to conform to the new rules on
unit test tree structure (see TESTING.rst).
Vendor plugin paths continue to be ignored, and unit test modules that
test features instead of modules are also ignored pending their
removal to the functional test tree.
The unit test reorg is about moving files around so a test module is
clearly associated with the code module it targets, but the test
modules in this change needed to be manually merged because they both
targeted the same module.
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
regressions.
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
Brian Haley [Fri, 3 Apr 2015 01:11:06 +0000 (21:11 -0400)]
Add ipset element and hashsize tunables
Recently, these messages have been noticed in both tempest
logs, as well as reported by downstream users syslog:
Set IPv4915d358d-2c5b-43b5-9862 is full, maxelem 65536 reached
So the default of 64K is not sufficient enough.
This change adds two config options to control both the number
of elements as well as the hashsize, since they should be
tuned together for best performance. Slightly different
formats were required for 'ipset create' and 'ipset restore'.
The default values for these are now set to 131072 (maxelem) and
2048 (hashsize), which is an increase over their typical default values
of 65536/1024 (respectively), in order to fix the errors seen in
the tempest tests.
Cedric Brandily [Tue, 17 Mar 2015 15:20:07 +0000 (15:20 +0000)]
Allow metadata proxy running with nobody user/group
Currently metadata proxy cannot run with nobody user/group as metadata
proxy requires to connect to metadata_proxy_socket when queried.
This change allows to run metadata proxy with nobody user/group by
allowing to choose the metadata_proxy_socket mode with the new option
metadata_proxy_socket_mode (4 choices) in order to adapt socket
permissions to metadata proxy user/group.
This change refactors also where options are defined to enable
metadata_proxy_user/group options in the metadata agent.
In practice:
* if metadata_proxy_user is agent effective user or root, then:
* metadata proxy is allowed to use rootwrap (unsecure)
* set metadata_proxy_socket_mode = user (0o644)
* else if metadata_proxy_group is agent effective group, then:
* metadata proxy is not allowed to use rootwrap (secure)
* set metadata_proxy_socket_mode = group (0o664)
* set metadata_proxy_log_watch = false
* else:
* metadata proxy has lowest permissions (securest) but metadata proxy
socket can be opened by everyone
* set metadata_proxy_socket_mode = all (0o666)
* set metadata_proxy_log_watch = false
An alternative is to set metadata_proxy_socket_mode = deduce, in such
case metadata agent uses previous rules to choose the correct mode.
The example retargetable test that previously ran as part of the
functional suite is now skipped due to the fullstack example's db
fixture usage causing the test to fail if it the fullstack example
runs first on the same worker.
The unit test reorg is about moving files around so a test module is
clearly associated with the code module it targets, but the test
modules in this change needed to be manually merged because they both
targeted the same module.
test_api_v2 is also updated to use the path of neutron/tests/base.py
as the root of path to test implementations of extensions.
With subnetpool, we can create subnet with subnetpool.
User can specify CIDR or prefixlen for subnet allocation.
If neither is specified, CIDR will be chosen from the
pool using the default-prefixlen of the pool.
Paul Michali [Wed, 1 Apr 2015 17:47:43 +0000 (13:47 -0400)]
Refactoring cleanup for L3 agent callbacks
This commit completes the refactoring of the L3 agent callback mechanism.
The goal here is to also use the neutron/callbacks/ mechanism for L3 agent
notifications, instead of have two mechanisms.
[1] modified the L3 agent to send notifiactions for router create, udpate,
and delete events, using the neutron/callbacks/ mechanism.
[2] modified VPN to use this new mechanism, instead of the L3EventObservers
mechanism. Note:
[3] modified FW repo to no longer depended on the L3EventObserver and
related objects (it doesn't currently use the event notifications).
This commit removes the notifications for the L3EventObservers mechanism,
removed the related modules and tests, and adds in tests to verify that the
new notifications are called for the different events.
Once [1] and [2] are upstreamed, this commit can proceed.
Andrew Boik [Mon, 23 Mar 2015 15:21:11 +0000 (11:21 -0400)]
Support multiple IPv6 prefixes on internal router ports
(Patch set #3 for the multiple-ipv6-prefixes blueprint)
Provides support for adding multiple IPv6 subnets to an internal router
port. The limitation of one IPv4 subnet per internal router port
remains, though a port may contain one IPv4 subnet with any number of
IPv6 subnets.
This changes the behavior of both the router-interface-add and
router-interface-delete APIs. When router-interface-add is called with
an IPv6 subnet, the subnet will be added to an existing internal port
on the router with the same network ID if the existing port already has
one or more IPv6 subnets. Otherwise, a new port will be created on the
router for that subnet. When calling the router-interface-add with a
port (one that has already been created using the port-create command),
that port will be added to the router if it meets the following
conditions:
1. The port has no more than one IPv4 subnet.
2. If the port has any IPv6 subnets, it must not have the same
network ID as an existing port on the router if the existing
port has any IPv6 subnets.
If the router-interface-delete command is called with a subnet, that
subnet will be removed from the router port to which it belongs. If the
subnet is the last subnet on a port, the port itself will be deleted
from the router. If the router-interface-delete command is called with
a port, that port will be deleted from the router.
This change also allows the RADVD configuration to support advertising
multiple prefixes on a single router interface.
The ovsdb monitor test was using a timeout of 60s for monitor start.
This change sets the timeout to the global timeout value if it is
greater (it's 90s currently).
Regarding https://review.openstack.org/#/c/145829/
The old code of DnsMasq will always get root_helper from
neutron.agent.dhcp.agent.
However, new code will only set run_as_root when namespace
is used. That will cause permission error when namespace
is disabled and dnsmasq need to be started.
Tim Swanson [Tue, 31 Mar 2015 16:13:16 +0000 (12:13 -0400)]
Move network MTU from core REST API to extension API
The network MTU was added to the core REST API via
https://review.openstack.org/#/c/154921. This commit
reverts that change and adds the network MTU to the
extension API.
Paul Michali [Thu, 26 Mar 2015 12:01:58 +0000 (08:01 -0400)]
Refactoring of L3 agent notifications for router
The goal of this refactoring is to reduce duplication by
replacing the L3EventObservers mechanism (a specific
mechanism for L3 agent notifications), with the
CallbacksManager mechanism (a more general mechanism
currently in use), so that there is one method
used.
This is the first part of refactoring the L3 agent so that
it uses the new neutron.callbacks mechanism. To do this,
duplicate calls will be made for notifications related to
the router, only using the new callback mechanism.
This commit does two things. First, it puts in place the
notifiers for the new callback mechanism. Second, it updates
the metatdata proxy agent (which is in the same repo) to
use the new callback mechanism.
Later commits will update other repos from the old to new
callback mechanism, and to then remove the old callback
mechanism, once no longer used.
Code Review / openstack-build / neutron-build.git / log