Kyle Mestery [Thu, 5 Mar 2015 17:34:05 +0000 (17:34 +0000)]
Move Neutron Policy pages into the tree
The information from the NeutronPolicies wiki page [1] is useful. But
having it in a static wiki is less so. Moving this into the Neutron
documentation in-tree will allow for an easier maintenance of this
information.
Add ability to run pylint check on modified files only
Change c0aa0b fused pylint with the checks done with the pep8 testenv.
This has the drawback of increasing the execution time of the command
'tox -epep8' fourfold.
This change introduces the ability to execute the pylint check on just
the list of python files affected by a specific patch. For instance,
this can be done with the following command:
tox -epep8 HEAD~1
A kind reminder is added, so that folks who end up noticing the spike of
time execution when they run tox -epep8 without posargs, can learn how
they can get their precious minutes back.
Change 17cae2c added tests that pass regardless of whatever code they
are supposed to validate. If one asked for a bad example of how not to
write/review test, change 17cae2c would be one of it.
This patch remove all the business logic pertaining to the VMware
plugin. The following modules are left in openstack/neutron:
- plugin-specific API extension declarations
- database models (and a module with constants they use)
- integration module pointing to the external repository
Assaf Muller [Wed, 11 Feb 2015 21:11:33 +0000 (16:11 -0500)]
Change metadata driver unit tests to use monitored spawn
The modified unit test is currently the sole user of the
unmonitored _spawn_metadata_proxy. We must remove this usage so that
when the L3 agent manages the metadata proxy for HA routers,
the unmanaged methods may be removed.
Decouple L3 and VPN service plugins during router operations
This change leverages the event registry to decouple L3 and VPN
when checking whether certain router operations can be permitted
or not. Follow-up changes will clean up the rest of the coupling.
This clean-up is required because the existing code couples the two
service plugins together, as L3 needs to know about a higher-level
service, like VPN. A similar coupling would be needed for any other
service that might be using or interested in knowning about router
resources; in a world where advanced services have a life of their
own this hardly works or it leads to the tight coupling
experienced so far, which is not the right way to go about it.
Carl Baldwin [Mon, 23 Feb 2015 20:57:02 +0000 (20:57 +0000)]
Move _set_subnet_arp_info to dvr_router
Further teasing DVR apart from the agent and other router types. This
change illustrates the need to use plugin_rpc and context from the
agent. It leaves this as a dependence of dvr_router on the instance
of the agent. So, when the agent creates a dvr_router, it passes
itself in as an argument. It doesn't do this with other router types.
I would like to eliminate the dependence of RPC while processing a
router. However, this is just a refactor and at least decouples it as
much as possible and isolates the dependence to DVR only.
Carl Baldwin [Mon, 23 Feb 2015 20:20:24 +0000 (20:20 +0000)]
Refactor DVR _arp_entry methods
This should decouple the DVR stuff from the agent. This moves some
methods to dvr_router to encapulate them better. It removes a
reference to fullsync from DVR to better separate concerns.
Miguel Lavalle [Fri, 16 Jan 2015 04:16:01 +0000 (22:16 -0600)]
Refactor management of namespaces in the L3 Agent
Creates classes representing the 3 types of namespaces handled by the L3 agent:
router, snat and fip.
The scope of this change is:
- Creation and deletion methods are provided for each namespace class
- Creation and deletion of router and snat namespaces are moved to the router
classes. These namespaces are now members of the corresponding router class
- Invocation of Fip namespace creation and deletion is left in the agent, since
the agent owns it
- A context manager is provided to move the namespaces (router and snat)
cleanup code out of the agent
A follow up patchset will add methods to create and delete interfaces in the
namespaces. These methods are intended to be used by the router classes
Change-Id: I54b14e593ded6b2990d57a3ae9d598a699ae133e
Partially-Implements: bp restructure-l3-agent
Assaf Muller [Sun, 22 Feb 2015 00:28:54 +0000 (19:28 -0500)]
Introduce ip address monitor
In Juno, we used keepalived notifier scripts to report the local
state of an HA router's state. These have been found to be
unreliable. The proposed approach is to not use them altogether.
Instead, monitor the omnipresent VIP on the HA device - It is
only configured on the master instance. In order to do that,
we'll use the 'ip monitor address' wrapper introduced in this patch
to get address change events as they happen to avoid polling.
TestUnixDomainMetadataProxy tests too many implementation details when
checking cases of existing and non-existing socket file. Reduce mock
checks to the minimum needed to test for expected behaviour.
Otherwise test may catch wrong isdir() calls (f.e. when policies are
initialized) and fail (I experienced it in local checkout).
Before refactoring _remove_unused_security_group_info, we
found a few corner cases that were not tested. We ensure
with this test that sg_rules and sg_members of the firewall
object are properly cleaned up when the objects they
keep are not referenced anymore.
Kyle Mestery [Tue, 3 Mar 2015 14:57:31 +0000 (14:57 +0000)]
Default the Linuxbridge agent to enabling VXLAN
Linux kernels from 3.7 and up have supported VXLAN with Linuxbridge.
I think it's time we default to enabling this support in the
Linuxbridge agent in Neutron as well.
Isaku Yamahata [Fri, 17 Oct 2014 08:35:55 +0000 (17:35 +0900)]
ml2 extension driver: more tests, fix data argument inconsistency
This patch adds more tests for ML2 extension driver.
It also fixes a minor bug which was revealed.
The data argument for process/update method of extension driver
was inconsist. some are given data like
{'resource': {'arg': 'value'...}}. But some are given one like
{'arg': 'value'}.
This inconsistency needs to be fixed so that argument is
{'arg': 'value'}. Given the argument is known to be network,
there is no point to carry outer dictionary.
Eric Brown [Wed, 25 Feb 2015 23:32:50 +0000 (15:32 -0800)]
Use oslo_config choices support
The oslo_config library added support for a choices keyword argument in
version 1.2.0a3. This commit leverages the use of choices for StrOpts in
Neutron's configuration.
Prevent direct port-delete of FIP Agent GW and CSNAT
FloatingIP Agent GW Port and Centralized SNAT port
that are currently used by DVR in FloatingIP and
SNAT Namespaces respectively should not be allowed
to delete directly using the Port-delete command by
an admin.
This patch fixes the above stated issue by adding the
respective device-owners to the router_device_owners
list in l3_dvr_db.py
Fawad Khaliq [Sat, 28 Feb 2015 19:30:04 +0000 (11:30 -0800)]
PLUMgrid plugin decomposition
As part of the plugin decomposition work, this change
removes PLUMgrid plugin code from Neutron and moves it
to networking-plumgrid repo [1]. Plugin code, config,
drivers and unit test cases are all moved to
networking-plumgrid.
Improve structure of Vendor Decomposition progress chart
After a few commits started being proposed, it became clear that, in
order to minimize merge conflicts, or potential errors with hyperlinks,
the structure had to change/improve slightly.
This patch proposes a different structure that aims at addressing
this concern.
Yoni Shafrir [Wed, 21 Jan 2015 06:25:50 +0000 (08:25 +0200)]
Removing a router twice from the same agent shouldn't cause an error
When we remove a router from an agent that has already been
unscheduled from we raise an exception that eventually causes an error.
The method '_unbind_router' raises a 'RouterNotHostedByL3Agent' exception
on failure. In both cases the actual removal of the router
from the same agent has no effect.
The solution is to stop raising 'RouterNotHostedByL3Agent' so
that _unbind_router() being invoked without error can indicate that
the router is no longer bound.
This solution matches the behaviour found when trying
to schedule a router to the same agent twice.
Add InvalidIpForNetwork and InvalidIpForSubnet exception
When posting an 'attach interface' request to Nova with an invalid
ip for defined network, Nova returns an HTTP 500 error. In fact,
Neutron returns 'InvalidInput' error, but Neutron client is not able
to translate this error to a specific exception. So that a general
'BadRequest' exception is thrown. Neutron client and Nova need a more
specific Neutron error type, in order to address and translate the
error in to a proper Nova exception.
This patch proposes a way to capture the current status of affairs
for the core/vendor decomposition to help developers and distributors
understand where the Neutron team is in the effort of implementing
the specification.
Initially this was being captured in a Google Doc, but it became
evident that it is best to keep this information as close to the code
as possible. This is very much a collective effort and everyone is
welcome to contribute to keeping this chart current and accurate. In
fact, patches targeting decomposition work will have to address this
table in the same context of the patch that affects the code being
decomposed.
This is not intended to be a documentation tool, or a user reference to
what is and is not a Neutron driver or plugin.
Eric Brown [Wed, 25 Feb 2015 23:36:59 +0000 (15:36 -0800)]
Password config options should be marked secret
If passwords are not marked secret, there is the potential for
them to be logged in a world readable location.
Link to the OSSG guideline (may change in the future):
https://github.com/hyakuhei/OSSG-Security-Practices/blob/master/sensitive_config_file_options.md
Cedric Brandily [Wed, 25 Feb 2015 17:13:10 +0000 (17:13 +0000)]
Check whether sudo is enabled in BaseSudoTestCase.setUpClass
Currently functional test classes requiring invocation of commands via a
root helper inherit from BaseSudoTestCase[1] and should call explicitly
check_sudo_enabled in order to skip the test if sudo is disabled[2].
This change performs such check during BaseSudoTestCase.setUp in order
to ensure the check is done and replaces parent class for functional
test cases not requiring invocation of commands via a root helper.
This change prepares to transform BaseOVSLinuxTestCase[3] methods into
helper methods.
[1] in neutron.tests.functional.base
[2] sudo is enabled if OS_SUDO_TESTING is set to '1' or 'True'
[3] in neutron.tests.functional.agent.linux.base
Manish Godara [Thu, 22 Jan 2015 00:24:15 +0000 (16:24 -0800)]
Add filter for provider network attributes in ML2
Added code to implement filters for provider network attributes
in ML2 plugin. There was a todo item in code but never got done.
It is needed to lookup networks based on provider network attributes.
Ann Kamyshnikova [Fri, 27 Feb 2015 14:06:43 +0000 (17:06 +0300)]
Make listing security groups faster
If we have a large number of security groups (more than 1000) with
security group rules (about 100 for each group) listing them
could take rather long time(more than 1 minute).
Adding lazy join to backref to SecurityGroupRule model will make
it faster at list on 15%.
Claudiu Belu [Mon, 16 Feb 2015 17:04:34 +0000 (09:04 -0800)]
Adds migration script for Hyper-V Plugin tables
HyperVNeutronPlugin will be deprecated, so the tables it uses
('hyperv_vlan_allocations' and 'hyperv_network_bindings') will
have to be migrated the Ml2 equivalent tables.
Adds migration script in migrate_to_ml2.py to allow users to
migrate their table entries to the Ml2 tables.
Dermot Tynan [Fri, 20 Feb 2015 16:57:33 +0000 (16:57 +0000)]
Make del_fdb_flow() idempotent.
Addresses an issue where del_fdb_flow() gets a duplicate call for
the same port, which results in a KeyError. This change makes the
call more idempotent, so that it doesn't cause other follow-on
errors as a result of the uncaught exception.
Code Review / openstack-build / neutron-build.git / log