For every router interface added to a router
with a default gateway there will be an internal
SNAT port generated and will be required by the
L3 Agent to process the SNAT rules.
This bug was introduced by the change ID below
Icc099c1a97e3e68eeaf4690bc83167ba30d8099a.
When the gateway is removed these ports have to
be removed from the namespace. These ports are
cached in the router_info and should be provided
to the get_snat_port_for_internal_port function
when called from external_gateway_removed or when
called from _dvr_internal_network_removed.
Ann Kamyshnikova [Fri, 18 Sep 2015 15:21:44 +0000 (18:21 +0300)]
Update _TestModelMigration
_TestModelMigrationTest contain some duplication of code from oslo.db.
As change 94d583acde16860e7ca535bd7a960e8993cd12d2 was merged and
included in oslo.db 2.4.1 this duplication can be avoid.
Pecan defines several efficient mechanism for routing requests to
the appropriate controller, but the current code for Neutron's
Pecan WSGI server basically uses Pecan hooks to route requests.
This patch partially fixes that, removing the 'resource_identifier'
pecan hook and replacing it with explicit pecan routes between
controllers added at resource registration time.
All the remaining hooks, like attribute_population and
policy_enforments, which were relying on finding the resource
name in the pecan.request threadlocal variable have been updated.
This patch also:
- ensures the appropriate plugin is always selected for a given
resource
- add a common NeutronPecanController base class for the classes
CollectionsController and ItemaController
- Fixes the way in which plurals and singulars are handled in
neutron.api.v2.resource_heper
Have you ever wondered why you were making the same mistakes
over and over again and wondered how you can remind yourself not
to repeat them again?
Have you ever felt like you posted review comments on some other
patch, only to see that the same anti-pattern was adopted in
someone else's?
Have you wondered what the heck that test was meant to validate?
Does that sound familiar to you? Yes? Great, we have the answer
for you! 'Effective Neutron' is the solution to all your problems!
From now on, everytime you bang your head against the monitor, do
not despair! You may find the answer to your grief in our collective
guide!
Go check it out!
(Your mileage may vary -- add your disclaimer here)
Jakub Libosvar [Thu, 17 Sep 2015 13:26:05 +0000 (13:26 +0000)]
Introduce kill_signal parameter to AsynProcess.stop()
All stop() calls of instances of AsyncProcess class were sending
hardcoded SIGKILL signal to its process. This patch leaves the default
behavior to SIGKILL but offers any number to be sent to kill command.
Note: Internal private methods also got a new parameter which is not
appended. Given that those methods are private and thus not used
outside of the class, we can afford it.
Ryan Moats [Tue, 25 Aug 2015 10:57:03 +0000 (05:57 -0500)]
Optimize if statement in dvr_local_router.py
The if statement for calling create_rtr_2_fip_link and kicking
the FW agent includes a check on floating_ips, that has already
been performed by the previous if block. Pull this block into
the previous block for code clarity.
Change-Id: I8661aa3998bda9341f558d0ecbc8e2663cd95aca Signed-off-by: Ryan Moats <rmoats@us.ibm.com> Co-Authored-By: Brian Haley <brian.haley@hpe.com>
As the Pecan server only server REST requests over HTTP, this
patch introduces a new server implementing the RPC over AMQP
endpoints for agent/server communication.
However, the REST server does not yet have the ability to send
notifications to the RPC server or directly to the agents.
This patch simply adapts the ML2 plugin to run the RPC notifiers
only when initialized in the pecan server, so that notification
to agents can still be sent.
This patch therefore is tantamount to a poor man's
implementation of REST/RPC separation which will be iteratively
improved.
Previously, it was possible for None to be passed to context.session.delete()
if a port was not found (usually a result of a concurrent delete). This
resulted in an UnmappedInstanceError. This is avoided now by calling
query.delete() directly which does not raise any exceptions.
Kevin Benton [Wed, 16 Sep 2015 20:08:57 +0000 (13:08 -0700)]
Remove restriction of adding constraints to expand
Adding a constraint to a table shouldn't be restricted
to an expand operation. There can be contraction migrations
required before the constraint can be safely added (e.g. inserting
records into the target table of the constraint).
Now tempest-lib provides token_client modules as library and the
interface is stable. So neutron repogitory doesn't need to contain
these modules.
This patch makes neutron use tempest-lib's token_client and removes
the own modules for the maintenance.
Kevin Benton [Wed, 16 Sep 2015 10:02:49 +0000 (03:02 -0700)]
Revert "Pecan WSGI: prevent plugins from opening AMQP connections"
This reverts commit 2ba2456f9dae2a4cf30804a562c08832c24b6231
because it has a conflict with upstream commit 9f6bd17703b7286be9e7d439d15f4dec2774e13a. We need to merge
master into pecan with this reverted and then revert the revert
and resolve the conflict there so we don't have any conflict
resolutions in merge commits.
Sachi King [Tue, 1 Sep 2015 05:10:54 +0000 (15:10 +1000)]
Add constraint target to tox.ini
This adds a pip install command to tox.ini that is only used when the
tox env is passed with the 'constraints' factor appended onto it.
As such this will not effect developer workflows or current unit tests.
The initial use of this will be in a non-voting job, to verify that the
constrained checks with tox are stable. DevStack is already running
constrained jobs, as such problems are no expected.
To run a tox with pip using constraints on a developer system a
developer should run the desired tox environment with -constraints.
For example: $(tox -epy27-constraints)
Pip will pull the current version of the upper-constraints.txt file down
from the git.openstack.org, however this method can be overriden to use
a local file setting the environment variable "UPPER_CONSTRAINTS_FILE"
to the local path or a different URL, it is passed directly to pip.
This is currently not enabled in the default tox run, however it is
possible to enable it as a default by adding it to 'envlist' in tox.ini
Jakub Libosvar [Thu, 13 Aug 2015 09:08:20 +0000 (09:08 +0000)]
Fix establishing UDP connection
Previously, in establish_connection() for UDP protocol data were sent
but never read on peer socket. That lead to successful read on peer side
if this connection was filtered. Having constant testing string masked
this issue as we can't distinguish to which test of connectivity data
belong.
This patch makes unique data string per test_connectivity() and
also makes establish_connection() to create an ASSURED entry in
conntrack table. Finally, in last test after firewall filter was
removed, connection is re-established in order to avoid troubles with
terminated processes or TCP continuing sending packets which weren't
successfully delivered.
Just like the global root controller "/" returns info for
all versions, with this change the version root controller
"/<version>" will return info about the selected version.
The patch also ensures the root version controller only
accepts GET requests.
Kevin Benton [Tue, 15 Sep 2015 17:22:35 +0000 (10:22 -0700)]
Log exception.msg before exception.message
The exception translation hook was logging the exception messages
before variables were interpolated, making it really unhelpful.
This patch corrects that and falls back to e.message if e.msg isn't
available.
Kevin Benton [Tue, 15 Sep 2015 17:13:38 +0000 (10:13 -0700)]
Add missing resource discriminator in update resp
The update method of the pecan itemcontroller was not returning
the response encapsulated correctly in a dictionary with the resource
type identifier. This was discovered via the standard API tests.
Kevin Benton [Tue, 15 Sep 2015 17:07:51 +0000 (10:07 -0700)]
Add basic bulk support to collection controller
This patch adds very basic bulk support to the
collection controller for bulk operations. TODOs
are inline for the things that still need to be
done. Functionality was verified with api tests.
Kevin Benton [Tue, 15 Sep 2015 16:46:05 +0000 (09:46 -0700)]
Remove duplicated API server
The server in neutron.cmd.eventlet.api was almost exactly the same
as neutron.cmd.eventlet.server.main_wsgi_pecan(). This patch just
gets rid of the former and updates a bash script to reference the
latter.
Moshe Levi [Mon, 10 Aug 2015 09:25:59 +0000 (12:25 +0300)]
QoS agent extension and driver refactoring
Moved some code common to all drivers into base
qos driver abstract class, so related bugfixes go all in one
place and we simplify the logic for every qos drivers.
Port/Policy mapping moved out to a separate class.
Similar to IPv4 arp protection support, this patch adds the necessary OVS
rules to prevent ports attached to agent from sending any icmpv6 neighbor
advertisement messages that contain an IPv6 address not belonging to the port.
For details please refer to "Figure 3. Attack against IPv6 Address Resolution"
http://www.cisco.com/web/about/security/intelligence/ipv6_first_hop.html
Cedric Brandily [Mon, 24 Aug 2015 20:24:10 +0000 (22:24 +0200)]
Remove out-of-tree vendor AGENT_TYPE_* constant
AGENT_TYPE_* constants[1] defines all agent types BUT the only vendor
one(AGENT_TYPE_NEC) is only used in out-of-tree networking-nec repo.
This changes removes out-of-tree AGENT_TYPE_NEC constant (dependant
change defines it in networking-nec repo).
Jakub Libosvar [Mon, 14 Sep 2015 14:54:34 +0000 (14:54 +0000)]
func: Don't use private method of AsyncProcess
In functional test we simulate crash of AsyncProcess by calling
_kill_process(). This method is a private method and such usage
introduced a race where process was respawned prior to calling wait() of
killed process, leading to infinite wait on newly spawned process.
This patch adds manual send of kill and then active waiting for process
to be respawned, similarly like done with recent keepalived patch [1].
Per [1] we are using a better way to keep tunnel connectivity,
so reset_bridge isn't used anymore. Bug in [2] was caused by
using method reset_bridge which will delete and recreate bridge.
For [1] makes method reset_bridge deprecated, it makes sense to
remove this method, and make [2] no longer produce.
Code Review / openstack-build / neutron-build.git / log