Cisco: Fix test cases which make incorrect create requests
Some test cases in the test_n1kv_plugin module are sending more than
one dictionary while creating the network profile resources. This
patch corrects these erroneous test cases while preserving the test
cases intended behavior.
This patch changes the name of directory from mech_arista to arista
This name change of directroy is needed so that additional drivers
can be moved into this directory and share the code among drivers.
In order to accomodate this name change, setup.cfg is modified to
point to the Arista ML2 driver at the new location. Additionally,
a similar new directroy is created for test files as well.
Irena Berezovsky [Tue, 18 Feb 2014 13:13:58 +0000 (15:13 +0200)]
ML2 mechanism driver for SR-IOV capable NIC based switching, Part 1
This set of changes introduces the ML2 mechanism driver for SR-IOV capable NIC based switching.
Please see the blueprint for more information.
The review is submitted in two parts:
- Part 1 (this part)
The Mechanism Driver to support port binding for SR-IOV virtual functions of
SRIOV capable switching NICs, such as Mellanox ConnectX Family.
Use configurable list of supported NIC vendor and product PCI ids to filter
devices to bind the SR-IOV port.
Use configurable agent_required option to require SRIOV L2 Agent
for bort binding.
This patch introduces changes to the L2 agent, whereby the L2 agent
relies on a DVR component that takes care of the port wiring and the
management of tunnels in face of topology changes due to the life
cycles or VM's as well as the life cycles of distributed virtual
routers.
Support for DVR needs to be explicitly enabled. Default behavior
remains unchanged.
Previously there was a bug that resulted in a security group being
added to router ports which was not supported in NSX. Removing the
security group didn't actually completely solve the problem as we
never cleared the allowed_address_pairs on the router port. This
patch fixes this issue by disabling port_security_enabled on the
router port.
Cedric Brandily [Fri, 20 Jun 2014 09:31:01 +0000 (11:31 +0200)]
Add partial specs support in ML2 for multiprovider extension
ML2 provider network partial specs let admins choose some
multiprovider network attributes and let neutron choose remaining
attributes. This change provides the implementation for
multiprovider networks.
In practice, for VLAN/GRE/VXLAN segments provider:segmentation_id
choice can be delegated to neutron, in such case neutron try to find
a segment in tenant network pools which respects provided segment
attributes. For VLAN segments provider:physical_network choice can
also be delegated.
Cedric Brandily [Mon, 16 Jun 2014 20:03:14 +0000 (22:03 +0200)]
Add partial specs support in ML2 for gre/vxlan provider networks
ML2 provider networks partial specs let admins choose some provider
network attributes and let neutron choose remaining attributes. This
change provides the implementation for GRE/VXLAN provider networks.
In practice, for GRE/VXLAN provider networks provider:segmentation_id
choice can be delegated to neutron, in such case neutron will try to
find a network in tenant network pools which respects provided
provider attributes.
DocImpact
Related to blueprint provider-network-partial-specs
Partial-Bug: #1330562
Ann Kamyshnikova [Mon, 21 Jul 2014 12:13:14 +0000 (16:13 +0400)]
Fix incorrect downgrade
In downgrade of migration b7a8863760e_rm_cisco_vlan_bindin is used
Integer type with parameter display_width. Integer should be used
without any parameters.
Robert Li [Fri, 11 Jul 2014 15:02:19 +0000 (11:02 -0400)]
Support Router Advertisement Daemon (radvd) for IPv6
Launch radvd from inside l3 agent when any router port has an IPv6 address. If
slaac is used for IPv6 addresses, advertise the prefix associated with the port;
otherwise, advertise default route only.
Change-Id: Ib8b0b3e71f7af9afa769c41357c66f88f4326807
Implements: blueprint neutron-ipv6-radvd-ra Co-Authored-By: Henry Gessau <gessau@cisco.com>
Cedric Brandily [Mon, 16 Jun 2014 20:43:13 +0000 (22:43 +0200)]
Add partial specs support in ML2 for vlan provider networks
ML2 provider networks partial specs let admins choose some provider
network attributes and let neutron choose remaining attributes. This
change provides the implementation for VLAN provider networks.
In practice, for VLAN provider networks provider:physical_network
and provider:segmentation_id choices can be delegated to neutron,
in such case neutron will try to find a network in tenant network
pools which respects provided provider attributes.
DocImpact
Related to blueprint provider-network-partial-specs
Partial-Bug: #1330562
NSX: fix validation logic on network gateway connect
This patch adds validation for the segmentation ID when the
network type for the gateway connection is vlan.
This will avoid requests with invalid vlan IDs are sent to
the backend resulting in 500 error responses being
returned to API users.
To this aim this patch slightly alters the current validation
logic due to the fact that some checks are unnecessary since
the same routine sets default values which avoid the
conditions being checked.
RpcProxy class is used as base in classes with multiple inheritance
(ex. MeteringAgent). To initialize objects of such classes correctly
every constructor should call its base constructor via super().__init__()
Background:
ML2 plugin sometimes uses truncated port uuids.
For example, in the case of ofagent and linuxbridge,
if port id is 804ceaa1-0e3e-11e4-b537-08606e7f74e7,
an agent would send "tap804ceaa1-0e" to the plugin.
ML2 plugin's _device_to_port_id() would restore it to
"804ceaa1-0e". While it's still truncated, ML2 plugin's
get_port() handles that by using "startswith".
The recently merged DVR change (https://review.openstack.org/#/c/102332/)
assumes that port_id is always a complete uuid (it's the case
for openvswitch) and fails to handle the above mentioned case.
This commit fixes the regression.
This patch introduces the RPC contract changes
required for both the server (plugin) and agent
to propagate and retrieve additional information
about Distributed Routers, like MAC addresses
and Port Bindings.
Allow to import _LC, _LE, _LI and _LW functions directly
_LC, _LE, _LI, _LW are translation helper functions. This change updates
hacking rules to allow importing them directly:
from neutron.openstack.common.gettextutils import _LC
from neutron.openstack.common.gettextutils import _LE
from neutron.openstack.common.gettextutils import _LI
from neutron.openstack.common.gettextutils import _LW
neutron.policy module has been updated as an example of _LE, _LI and
_LW uses.
This patch introduces the models, the DB migrations
and the config options required by the L2 layer to
support DVR east/west traffic.
These changes will be used by the control-plane made
of ML2, L2pop and L2 agent.
Two new configuration options have been introduced:
'dvr_base_mac' is used to set DVR MAC addresses apart
from tenant ones (every distributed router will have
ports being created on compute hosts) and
'enable_distributed_routing' is used to enable dvr
support in the L2 agent. This gives the capability of
rolling out the dvr functionality in stages.
Kevin Benton [Mon, 9 Jun 2014 19:20:18 +0000 (12:20 -0700)]
Big Switch: Remove consistency hash on full sync
Clears the consistency hash before performing a full
backend synchronization. Since all of the data is being
replaced, there is no reason to include this and it
currently requires special-casing to handle.
Paul Michali [Mon, 23 Jun 2014 20:42:41 +0000 (16:42 -0400)]
VPNaaS: separate out validation logic for ref impl
Modify the persistence logic for VPNaaS to separate out the
validation for the reference implmentation. This allows
providers to override/extend the validation, as needed.
Additional commits will address the separation for other
providers and for other L3 services.
In addition, the logic that sets default values for optional
attributes is also moved into separate methods to allow
providers to override the defaults used.
Only attributes that have multiple validations are considered
at this time, but this can be extended, as needed.
Currently, one UT fails due to an oslo.messaging bug that
has been fixed, but not yet released for Neutron use.
As a workaround, the affected test case has been commented
out. This test verifies that the right (only, in this case)
device driver is used for validation. Once the issue with
releasing oslo.messaging 1.4.0.0a2 or newer is resolved,
this can be uncommented.
In the future, TaskFlow may be used for the L3 services workflow,
and these changes will provide validation modularization for that
effort.
This patch introduces the model and extension
framework for implementing distributed virtual
routing on top of Open vSwitch.
A new admin-only 'distributed' (as opposed to a
'centralized' or legacy-mode) attribute is added
to the API router resource. It is possible to convert
an existing (centralized) router to a distributed
one; the opposite conversion, even though allowed by
the API, may not be honored by the underlying
plugin implementation and an appropriate error will
be reported.
When creating a router (regardless of the user role),
Neutron will rely on a system wide configuration, whose
default currently allows to create 'centralized' routers.
Tests are added for basic unit coverage; when the first
building blocks for neutron-testing-refactor
are complete, functional testing will be added.
This is because we should be moving away from how
extension tests have been done up until now.
Paul Michali [Mon, 7 Jul 2014 22:57:43 +0000 (18:57 -0400)]
VPNaaS Cisco REST client enhance CSR create
For the create of the REST client object that represents a Cisco CSR,
all of the info needed were passed in as separate parameters. This
change just uses a dict instead, so that additional parameters can
be added w/o changing the API.
Updated the currently unused UT module, just so that it can be used
locally and stays up-to-date until it can be converted to use the
new requests-mock package.
Fixes port update failure when device ID is not updated
The updation was failing because the changed_device_id variable
was undeclared.This fix declares the variable with a default value
at the beginning of the method.
NSX: Remove unneed call to _ensure_default_security_group
This patch removes an unneeded call to _ensure_default_security_group
which does not need to be called in create_security_group_rule_bulk()
as one would need to call get_security_groups() to look up the uuid
of the default security group which be would created it for us, BOOM!
Carl Baldwin [Thu, 6 Mar 2014 23:57:11 +0000 (23:57 +0000)]
L3 agent prefers RPC messages over full sync
When the L3 agent starts up and runs the sync task it doesn't process
any incoming RPC events until the sync task is complete.
This change combines the work from _rpc_loop and _sync_routers_task in
to a single loop called _process_routers_loop. This loop spawns
threads that pull from a priority queue. The queue ensures that RPC
messages are handled before _process_routers_loop. The latter is
generally maintenance tasks triggered by the agent rather than user
triggered tasks.
Synchronization between RPC and sync routers loops is no longer
necessary since they both feed in to a single queue. There were
places where it was necessary to reorder some things to allow for the
lack of synchronization. For example, it is necessary to list
namespaces before fetching the full list of routers to ensure that it
doesn't delete a new namespace that gets created after listing
namespaces. The lack of the need for synchronization between loops is
probably the main strength of this patch.
With multiple worker threads, need to handle the case where an RPC
message came in while a thread was working on a router. Another
thread should not handle the same router that is already in progress.
Adds a mechanism to signal to the working thread that an update came
in for the router it is working on. The original thread will repeat
processing the router when it is finished to get the update.
Multiple rapid updates to the same router will be consolidated.
Essentially, there is still synchronization of work for a given router
but not between routers. Much better than before.
Bertrand Lallau [Wed, 11 Jun 2014 13:46:58 +0000 (15:46 +0200)]
Dnsmasq config files syntax issue when dhcp_domain is empty
When using dhcp-agent with the following property dhcp_domain=""
addn_hosts and host files genererated for Dnsmasq have wrong syntax
concerning hostname parameter (dot char at the end).
As described in RFC-952 the hostname grammar is as follows:
<hname> ::= <name>*["."<name>]
<name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]
Hence it can't be conclude with a dot char.
Dnsmasq process is waiting for a hostname (2nd parameter) in the
following files:
"addn_hosts" file contains:
20.0.0.3 host-20-0-0-3. host-20-0-0-3
"host" file contains:
fa:16:3e:bf:e1:e4,host-20-0-0-3.,20.0.0.3
With the patch you will get:
"addn_hosts":
20.0.0.3 host-20-0-0-3 host-20-0-0-3
"host":
fa:16:3e:bf:e1:e4,host-20-0-0-3,20.0.0.3
Maruti [Sat, 7 Jun 2014 12:42:45 +0000 (05:42 -0700)]
Fixed audit notifications for l3-agent-router ops
l3-agent-router-add and l3-agent-router-remove do not
generate audit notifications which are used for security
compliance.
CRUD operations of core network resources are
handled by neutron/api/v2/base.py. In base.py, each of
create(), update(), delete() methods makes calls to
oslo.messaging.Notifier.info() to generate these notifications.
In the proposed fix, it is fixed in a similar fashion in
extensions/l3agentscheduler.py inside create() and delete()
methods by introducing info() method calls inside them.
Steven Hillman [Tue, 8 Jul 2014 22:35:10 +0000 (15:35 -0700)]
Send network name and uuid to subnet create
Added the network segment name and uuid parameters to the infomation sent to
Cisco N1kV during subnet creation to allow for proper association of the
subnet and network segment.
Robert Kukura [Wed, 12 Mar 2014 01:54:35 +0000 (21:54 -0400)]
ML2: Bind ports outside transactions
The ML2 plugin now calls the bind_port() operation on the registered
mechanism drivers outside of any enclosing DB transaction. Ports are
created or updated in one transaction, then a binding is established
if possible, and finally a second transaction commits the binding
result.
With [re]binding moved outside the DB transaction that triggered it,
it is now possible that multiple threads or processes will
concurrently try to bind the same port, or that the port will be
updated between transactions. Concurrent attempts to bind the same
port are allowed to proceed, which results are used is resolved in the
second transaction, and binding is retried if necessary.
Improvements to the Cisco Nexus driver and unit tests from Rich Curran
needed due to the binding changes are also included.
Jakub Libosvar [Thu, 26 Jun 2014 14:56:32 +0000 (16:56 +0200)]
Freeze models for healing migration
Take a snapshot of all models from the code base at the time when the
healing migration merges. The healing migration needs this frozen view
of the models to be available (even as the models change in the future)
to compare with the current DB schema. The healing migration will use
this comparison to heal the schema.
NSX: Optionally not enforce nat rule match length check
This patch adds the 'raise_on_len_mismatch' parameter to the
'delete_nat_rules_by_match' function. The plugin then leverages
this parameter for ensuring NAT rules deletion operations
are completed successfully even when duplicate rules are found
or no corresponding rules are found at all.
With this change, the 'remove_router_interface' operation will
correctly complete even in cases when NAT rules in Neutron and
the NSX backend are out of sync.
This patch also changes a check in delete_nat_rules_by_match in
order to make it less expensive.
While adding iptables rule, cidr is added as destination for both ingress
and egress directions. Modified code to add -s for egress and -d for ingress.