Pavel Bondar [Thu, 11 Jun 2015 14:23:41 +0000 (17:23 +0300)]
Refactor _update_subnet_allocation_pools
Moved _update_subnet_allocation_pools to ipam_backend_mixin.py.
Call _rebuild_availability_ranges with self to make it overridable
on upper level (from non-pluggable backend).
Pavel Bondar [Wed, 10 Jun 2015 13:18:40 +0000 (16:18 +0300)]
Refactor update_port in db_base_plugin_v2
This commit is a preparation step for using pluggable IPAM.
- moved validations into _validate_port_for_update;
- updating ip addresses for port is backend specific, so
moved into _update_port_with_ips in ipam_non_pluggable_backend;
- writing port changes to db is common for both backends, so
moved into _update_db_port in ipam_backend_mixin;
- updated to use namedtuple to track add/original/remove ips;
- added _make_fixed_ip_dict to exclude keys other than
ip_address and subnet_id;
Pavel Bondar [Wed, 10 Jun 2015 11:56:58 +0000 (14:56 +0300)]
Refactor _update_ips_for_port
This commit is a preparation step for using pluggable IPAM.
_update_ips_for_port was refactored and split into two methods:
- _get_changed_ips_for_port
This method contains calculations common for pluggable and
non-pluggable IPAM implementation, was moved to ipam_backend_mixin.
- _update_ips_for_port
This method is specific for non-pluggable IPAM implementation, so it
was moved to ipam_non_pluggable_backend_common.
Other changes:
- _update_ips_for_port now returns namedtuple with added, removed, original
ips (previously added and original ips were returned).
List of removed ips is required by pluggable IPAM implementaion
to apply rollback-on-failure logic;
- removed unused port_id argument from _update_ips_for_port argument list;
Skip rescheduling networks if no DHCP agents available
This eliminates the problem of unscheduled networks in case
of communication failure between agents and servers which
can occur if messaging queue service fails.
Russell Bryant [Sat, 13 Jun 2015 01:26:37 +0000 (21:26 -0400)]
Reflect project moves from stackforge to openstack.
Several git repos were just moved from stackforge to openstack.
Reflect the move in various places where the URL was in docs and
comments. In passing, also change URLs to git.openstack.org instead
of github, as that is the official home of all of these repos.
rossella [Thu, 11 Jun 2015 08:43:36 +0000 (10:43 +0200)]
OVSNeutronAgent pass the config as parameter
Instead of using the global cfg.CONF, pass the config as parameter.
This is very useful to test the agent without having to override
the global config.
Dane LeBlanc [Tue, 24 Feb 2015 20:47:01 +0000 (15:47 -0500)]
Stop sending gratuitous arp when ip version is 6
This fix prevents calls to the arping utility for IPv6
addresses, thereby eliminating errors reported by arping
for IPv6 addresses.
The assumption is that NDP, DAD, and RAs are sufficient
for address resolution and duplicate address detection
for IPv6, and that unsolicited Neighbor Advertisements (NAs)
are not required for OpenStack services. If this turns out
not to be the case for some service/feature, then a separate
bug should be filed to add support for unsolicited NAs for
that service.
Fix Enum usage in 589f9237ca0e_cisco_n1kv_ml2_driver_tables
PostgreSQL is more sensitive with types than MySQL, it creates a
separate type when a Enum is created. In migration 589f9237ca0e
type profile_type is trying to be created, but the type with such
name was already created in havana_initial migration.
The solution for this is not to create type in 589f9237ca0e
migration when dialect is PostgreSQL and use already created.
Kevin Benton [Thu, 11 Jun 2015 04:45:41 +0000 (21:45 -0700)]
power grab
The current core reviewers hierarchy didn't have a place for the
parts of ML2 that weren't related to agent communication. For now
we can put all of ML2 under the built-in control-plane until we
decide it needs to be put somewhere else.
Cedric Brandily [Mon, 1 Jun 2015 20:29:39 +0000 (22:29 +0200)]
Ensure no "agent" functional tests are skipped in the gate
Some "agent" functional tests[1] can be skipped if some requirements are
not satisfied in order to allow developers to run functional tests on
various environments. These tests should not be skipped in the gate.
This change defines the decorator no_skip_on_missing_deps[2] to ensure
no "agent" functional tests are skipped in the gate. More precisely
no_skip_on_missing_deps transforms a skipTest into an error in:
* dsvm-functional and dsvm-fullstack jobs,
* functional and fullstack jobs when OS_FAIL_ON_MISSING_DEPS is
evaluated as True.
The change enlarges OS_FAIL_ON_MISSING_DEPS environment variable scope
(ie: missing dependencies + system requirements).
[1] in neutron.tests.functional
[2] in neutron.tests.common.base
Ihar Hrachyshka [Wed, 10 Jun 2015 11:10:54 +0000 (13:10 +0200)]
Actually allow to pass TRACE_FAILONLY to ostestr
The comment below suggests to use TRACE_FAILONLY to fail quickly when
running unit tests, while tox 2.0 does not allow to pass envvars from
the cli caller unless they are explicitly mentioned in passenv=
directive.
Jeremy Stanley [Wed, 20 May 2015 01:03:59 +0000 (01:03 +0000)]
Switch from MySQL-python to PyMySQL
As discussed in the Liberty Design Summit "Moving apps to Python 3"
cross-project workshop, the way forward in the near future is to
switch to the pure-python PyMySQL library as a default.
Jeremy Stanley [Tue, 9 Jun 2015 17:47:59 +0000 (17:47 +0000)]
Merge tag '2015.1.0'
This is a null-merge of the 2015.1.0 release tag back into the master
branch so that the 2015.1.0 tag will appear in the git commit history of
the master branch. It contains no actual changes to the master branch,
regardless of how our code review system's UI represents it. Please
ask in #openstack-infra if you have any questions, and otherwise try
to merge this as quickly as possible to avoid later conflicts on the
master branch.
Romil Gupta [Thu, 4 Jun 2015 11:21:14 +0000 (04:21 -0700)]
Fix a regression in "Separate ovs-ofctl using code as a driver" change
The tunnels are not getting established between Network Node and
Compute Nodes in non DVR mode with l2pop enabled and throws
the AttributeError: add_tunnel_port.
This fixes a regression in change Ie1224f8a1c17268cd7d1c474ed82fdfb8852eaa8.
Elena Ezhova [Tue, 7 Apr 2015 11:58:13 +0000 (14:58 +0300)]
Handle SIGHUP: neutron-server (multiprocess) and metadata agent
All launchers implemented in common.service require each service to
implement reset method because it is called in case a process
receives a SIGHUP.
This change adds the reset method to neutron.service.RpcWorker and
neutron.wsgi.WorkerService which are used to wrap rpc and api
workers correspondingly.
Now neutron-server running in multiprocess mode (api_workers > 0 and
rpc_workers > 0) and metadata agent don't die on receiving SIGHUP and support
reloading policy_path and logging options in config.
Note that reset is called only in case a service is running in daemon mode.
Other changes made in the scope of this patch that need to be mentioned:
* Don't empty self._servers list in RpcWorker's stop method
When a service is restarted all services are gracefully shutdowned,
resetted and started again (see openstack.common.service code).
As graceful shutdown implies calling service.stop() and then
service.wait() we don't want to clean self._servers list because
it would be impossible to wait for them to stop processing
requests and cleaning up their resources.
Otherwise, this would lead to problems with rpc after starting
the rpc server again.
* Create a duplicate socket each time WorkerService starts
When api worker is stopped it kills the eventlet wsgi server
which internally closes the wsgi server socket object. This server
socket object becomes not usable which leads to "Bad file
descriptor" errors on service restart.
Ihar Hrachyshka [Tue, 9 Jun 2015 10:46:54 +0000 (12:46 +0200)]
Make pep8 job succeed when /etc/neutron/neutron.conf is not installed
Currently, if /etc/neutron/neutron.conf is not installed in the system,
neutron-db-manage fails in oslo.config code when trying to determine the
default configuration file to use.
Test job should not rely on any contents inside /etc/.
Instead, pass --config-file with test-only configuration explicitly into
the utility.
neutron.conf.test was renamed into neutron.conf since for some reason
oslo.config does not support a name that does not have .conf at its
filename end.
Add a comment on _check_update_has_security_groups
Despite of its name, _check_update_has_security_groups can
handle create requests as well. There are plugins actually
using it for create. eg. ml2, vmware
Ihar Hrachyshka [Tue, 9 Jun 2015 08:57:29 +0000 (10:57 +0200)]
Enable all deprecation warnings for test runs
We would like to catch all deprecation warnings during test runs to be
notified in advance about potential problems with next library releases
we depend on.
get_admin_roles was introduced so that contextes generated from
within plugins could be used for policy checks. This was the case
up to the Havana release as several plugins invoked the policy
engine directly to authorize requests.
This was an incorrect behaviour and has now been fixed, meaning
that get_admin_roles is no longer need and can be safely removed.
This will result in a leaner and more reliable codebase. Indeed the
function being removed here was the cause of several bugs where the
policy engine was initialized too early in the server bootstrap
process.
While this patch removes the feature it does not remove the
load_admin_roles parameter from context.get_admin_context. Doing so
will break other projects such as neutron-lbaas. The parameter is
deprecated by this patch and an appropriate warning emitted.
As a consequence neutron's will now no longer perform policy checks
when context.is_admin=True. This flag is instead set either when
a context is explicitly created for granting admin privileges, or
when Neutron is operating in noauth mode. In the latter case every
request is treated by neutron as an admin request, and get_admin_roles
is simply ensuring the appropriate roles get pushed into the context
so that the policy engine will grant admin rights to the request.
This behaviour is probably just a waste of resource; also it is not
adding anything from a security perspective.
On the other hand not performing checks when context.is_admin is
True should not pose a security threat either in noauth mode or
with the keystone middleware. In the former case the software keeps
operating assuming admin rights for every requests, whereas in the
latter case the keystone middleware will always supply a context
with the appropriate roles, and there is no way for an attacker
to trick keystonemiddleware into generating a context for which
is_admin=True.
Finally, this patch also does some non-trivial changes in test_l3.py
as some tests were mocking context.to_dict ignoring the is_admin flag.
Kevin Benton [Thu, 4 Jun 2015 02:03:29 +0000 (19:03 -0700)]
Defer segment lookup in NetworkContext object
Avoid call to get network segments for network context objects until
a caller actually tries to lookup the segments. This optimizes cases
where the user of a port context never looks at the segments of the
associated network context (e.g. update_port_status).
shihanzhang [Tue, 26 May 2015 08:42:44 +0000 (16:42 +0800)]
Update ipset members when corresponding sg member is empty
if a security group has a rule with 'remote-group-id', the ports
in this security group should update its relevant ipset member
when the remote-group members is empty.
Send 'security_groups_member_updated' when port changes
With ml2 plugin, when a port's IP or security group changes, it
should send 'security_groups_member_updated' message to other l2
agents which have same security group with this changed port.
Assaf Muller [Sat, 6 Jun 2015 22:41:39 +0000 (18:41 -0400)]
Remove full stack log noise
"neutron-server isn't up yet" logs are useless because if
you time out when waiting for the server to start that information
will be in the trace. When you don't time out, the log is just spam.
Same reasoning for the "There are %d agents running!" log.
Also made the agents_count parameter mandatory for the
wait_until_env_is_up method because having a default of 0, or any
other default makes no sense. There's no reason to ever call that
method without specifying the agents_count. This method used
to be used with agents_count == 0 by the server to make sure
its up (And responding to REST calls), but the Neutron server
fixture now uses server_is_live method (Which calls list_networks)
instead.
Stephen Ma [Thu, 4 Jun 2015 20:09:23 +0000 (20:09 +0000)]
L3 agent should do report state before full sync at start
Sometimes the AgentNotFoundByTypeHost exception is reported during
L3-agent startup. The exception is generated when the first
get_routers RPC call is made. When the neutron server gets this
RPC call, it might not have handled the report state RPC call yet.
So the L3-agent hasn't been registered in the API server.
The result is a RPC Error exception. By the time the next
get_routers RPC call is made, the report state RPC call has already
been done and agent registered.
This patch modifies the L3 agent startup behavior to have the report
state done before the agent do the sync routers RPC call.
Code Review / openstack-build / neutron-build.git / log