Doug Wiegley [Thu, 5 Feb 2015 03:33:35 +0000 (21:33 -0600)]
Fix breakage in all service repo unit tests, due to duplicate imports of exts
Duplicate imports of the same class + super() are not playing nicely
together, and our unit test base classes cause some dups in the extension
search path, breaking the service repos. This was not noticed earlier
in the extension moving process, because the temporary move code had a crude
mechanism to prevent the loading of same named extensions.
When dnsmasq is restarted, it forgets about all leases (since it runs
with leasefile-ro option). When client tries to renew its lease, dnsmasq
sends DHCPNAK reply with message "lease not found". Then client shuts
down the network and re-request lease from DHCP server (and gets exactly
same IP address). There's a small network downtime which affects
services, like zookeeper, running in VMs.
lijianlj [Fri, 16 Jan 2015 09:02:40 +0000 (17:02 +0800)]
Fix extra-dhcp-opt on stateless dhcpv6 subnet
The opts in dnsmasq opt-file is depending on the tag set
in the host-file. When you have only one stateless dhcpv6 subnet,
it will be filtered by the _iter_host() function, and will not be
written to the host-file, this may lead to extra-dhcp-opt not working.
Robert Kukura [Thu, 29 Jan 2015 22:13:00 +0000 (17:13 -0500)]
ML2: Use same port binding logic for DVR ports as non-DVR ports
DVR ports are now bound using the same function,
Ml2Plugin._bind_port_if_needed(), that is used to bind non-DVR ports,
so that concurrent binding attempts are properly handled and mechanism
driver update_port_precommit() and update_port_postcommit() methods
are called. The Ml2Plugin._commit_dvr_port_binding() function is
eliminated, and the DvrPortContext class has been folded into the
PortContext class, reducing duplicated logic.
A followup patch will address the duplication of ML2 DB schema for DVR
and further reduce the duplicated and special-case port binding logic
supporting DVR.
Jakub Libosvar [Fri, 30 Jan 2015 17:30:22 +0000 (18:30 +0100)]
Decrease rpc timeout after agent receives SIGTERM
The patch sets different timeout to rpc api objects in OVS agent after
SIGTERM is received. Given timeout is configurable. This action prevents
long waiting for rpc call() methods to timeout and decreases amount of time
needed to successfully stopping OVS agent.
singhannie [Wed, 31 Dec 2014 11:47:38 +0000 (03:47 -0800)]
Configures RADVD to send managed flag in RA
for DHCP_STATEFUL
RADVD process is configured so that it sends
managed flag in RA for the subnets with
ra_mode set to DHCP_STATEFUL. UT case is
updated to check the presence of managed
flag in config file of RADVD for
DHCP_STATEFUL.
Kevin Benton [Fri, 30 Jan 2015 20:53:57 +0000 (12:53 -0800)]
Make prevent_l3_port_deletion handle missing port
This adjusts the prevent_l3_port_deletion function to handle
the case where the port ID that is passed to it does not have
an entry in the database.
Previously it was raising an exception in this case, which is
inconsistent to how ML2 was handling concurrent port_delete requests
further in the port delete function (log them but don't fail).
Move data models for the QoS extensions into
neutron.plugins.vmware.dbexts.nsx_models
This patch is part of a set of minor refactorings in the NSX plugin
which will then lead to a semi-full decomposition by the end of
the Kilo release cycle.
Move models for mac learning and logical services extensions
into the module neutron.plugins.vmware.dbexts.nsx_models
This patch is part of a set of minor refactorings in the NSX plugin
which will then lead to a semi-full decomposition by the end of
the Kilo release cycle.
This patch simply changes the logic for discriminating which
extensions have already been loaded using the extension alias
rather than the module name.
This will avoid failures already observed in unit tests occurring
if two extension modules happen to have the same module file name
even if they're unrelated.
This change cannot be unit-tested as the neutron unit test
framework is currently lacking a mechanism to mock and validate
extension loading from the file system.
Manish Godara [Wed, 21 Jan 2015 23:49:43 +0000 (15:49 -0800)]
Refactor ml2 manager
Refactor code to facilitate other changes. Keeping the
refactored code in different patch for ease of review.
This patch mainly consolidates the keys that are referenced
together most of the time in reference to providernet
extension. By doing this, the subsequent changes are less
repetitive and makes the code little cleaner as well.
Doug Wiegley [Mon, 2 Feb 2015 16:08:17 +0000 (10:08 -0600)]
Extension moving tweaks, exceptions and extension path fix
- Put a few shared *aas exceptions into neutron.common exceptions, pending
them being unnecessary after L3 refactor.
- Fix extension path creation, which dropped the extensions sub-module
for service repos in one of the patch refactors.
This patch introduces a new module for hosting NSX DB model classes,
and populates it with models for the 'network gateway' extension,
which are then removed from the model hosting the network gateway
mixin.
This patch is part of a set of minor refactorings in the NSX plugin
which will then lead to a semi-full decomposition by the end of
the Kilo release cycle.
Carl Baldwin [Sat, 31 Jan 2015 00:27:52 +0000 (00:27 +0000)]
Don't pass the port down to the floating ip processing
This is justified by the Law of Demeter. I ran in to this while
trying to refactor the floating ip processing here [1]. The scope of
that patch can be reduced significantly with this refactor. Also, it
helps us to decouple the floating ip NAT processing from the details
of the port which is a long-term goal.
Carl Baldwin [Wed, 7 Jan 2015 19:25:41 +0000 (19:25 +0000)]
Encapsulate DVR Fip namespace
The floating ip namespace is an important concept that links a DVR
enabled L3 agent to DVR routers. The namespace is shared by all of
the dvr routers on a compute host connected to the same network. It
is managed by the dvr enabled agent. Hence, it should be known to the
agent and made available to the DVR routers as well. This calls for a
proper encapsulation of this functionality in a class which can be
accessed by both the agent and the routers.
In trying to tease floating ip functionality out of the L3 agent and
in to the new router classes, I found it very difficult to do because
the logic around the floating ip namespace has not yet been properly
encapsulated.
Carl Baldwin [Tue, 27 Jan 2015 22:34:06 +0000 (22:34 +0000)]
Move ha router functionality from the agent to ha_router
This was pretty much a mechanical change. Most of the methods passed
in ri as the first argument and so changing the way they're called was
a simple matter of replacing self with ri. In the methods themselves,
I first made sure that self was not referenced for anything that
wasn't available in the router context and then replaced ri with self.
Add requirements.txt file for OpenDaylight Mech Driver
Move the driver into its own module, but make the change
backward compatible so that we don't break the ODL driver
counterpart (which will use the new module when [1] merges).
Doug Wiegley [Wed, 28 Jan 2015 03:17:00 +0000 (20:17 -0700)]
Mechanisms to move extensions and config into service repos
- Extensions will automatically be loaded from service repos in addition
to neutron proper, but neutron proper will take precedence.
- Config entries for service repos will be read out of neutron-{service}.conf
first, and then neutron.conf. After Kilo, they will be read only from
neutron-{service}.conf.
- Service providers for drivers will be collected from all neutron conf files.
This is review 1 of 3. The second set will be in the server repos, moving
the extensions. The third will be in neutron, removing the service exts.
Cedric Brandily [Mon, 10 Nov 2014 13:46:51 +0000 (14:46 +0100)]
Allow to request metadata proxy only with redirection
metadata service should be requested on 169.254.169.254:80 and router
namespace iptables rules redirect the request to the metadata-ns-proxy
on 127.0.0.1:$metadata_port. But currently the metadata-ns-proxy can be
requested directly on $router-ip:$metadata_port.
To avoid such behavior, this change marks packets redirection in mangle
table (PREROUTING), redirects (PREROUTING) them in nat table, accepts
them in filter table (INPUT) using the mark. Packets send to the
metadata proxy port without mark (so directly) are dropped. The
mark can be configured through the new option metadata_access_mark.
Remark: redirected packets are not local packets (in general), so
setting metadata proxy server host to 127.0.0.1 will disallow direct
queries but so redirected queries.
Sukhdev [Tue, 20 Jan 2015 18:37:33 +0000 (10:37 -0800)]
Thining Arista ML2 driver from neutron tree
Moving all the back-end drivers for the Arista
ML2 driver. The DB Models and Config is
left in the tree. Rest all is moving to
networking-arista project.
Reorganize the code to ensure a smoother transition
to a decomposed Arista ML2 driver.
ChuckC [Mon, 4 Aug 2014 23:52:36 +0000 (16:52 -0700)]
Allow port mac_address to be modified
With ironic servers, a NIC can fail and be replaced with one that has a
different mac. The corresponding neutron port needs to be updated with
the new mac address so the NIC can be guaranteed to retain the same IP
address.
This change enables this feature in the ml2 plugin. There may need to
be changes to other plugins to disable or complete the implementation of
this feature.
Closes-Bug: #1341268
Partially-implements: blueprint allow-mac-to-be-updated
APIImpact: Ports
DocImpact: minor port update api change
Change-Id: I1864c0882cda7eddc9ced519ed3f96c91b2b63f3
Miguel Angel Ajo [Mon, 18 Aug 2014 11:00:58 +0000 (13:00 +0200)]
Implements the ProcessMonitor in the l3_agent
The ProcessMonitor class will watch over spawned external processes,
taking the administrator configured action in the case of any
of the external processes dying unexpectedly.
It covers both the neutron-ns-metadata-proxy for non-ha routers
and the IPv6 radvd external processes. Keepalived +
neutron-ns-metadata-proxy needs to be covered in a second follow up
patch when neutron-ns-metadata-proxy is handled by the l3-agent
(instead keepalived) in the ha-routers.
Moshe Levi [Sun, 11 Jan 2015 13:25:59 +0000 (15:25 +0200)]
Thin MLNX ML2 mechanism driver and agent
This commit thins the in-tree MLNX ML2 MechanismDriver and Agent. A matching
change to the stackforge/networking-mlnx project has the backend logic
there.
Xu Han Peng [Fri, 23 Jan 2015 05:29:47 +0000 (13:29 +0800)]
Not assign dynamic IPv6 address on dhcp interface
When SLAAC IPv6 subnet using external router advertisement
(ipv6_ra_mode=None, ipv6_address_mode=slaac) is added to a
dual-stack network, the device of dnsmasq or router gateway may
already be assigned with dynamic SLAAC IPv6 address. Current
code only checks for permanent address on a device when
initilizing the l3 address of that device. This results
assigning duplicated address to dhcp tap device, which leads
to dhcp agent failure.
This fix changes dhcp code to not init dynamic IPv6 address
on dhcp device so dynamic address can be auto-configured by
either internal or external RA device.
Ann Kamyshnikova [Fri, 12 Dec 2014 12:30:06 +0000 (15:30 +0300)]
Default security group table
This change prevents the race condition by enforcing a single default
security group via new table default_security_group. It has tenant_id
as primary key and security_group_id, which is id of default
security group. Migration that inroduces this table has sanity check that
verifies that there is no duplicate default security group in any
tenant.
This idea has come up from discussion in comments to
https://review.openstack.org/135006
Code Review / openstack-build / neutron-build.git / log