ML2 mech drivers have no direct exposure to security groups,
and they can only infer them from the associated network/ports.
This is problematic as agentless ML2 mech drivers have no way of
intercepting securitygroups events and propagate the information
to their backend, or more generally, react to them.
This patch leverages the callback registry to dispatch such events
so that interested ML2 mech drivers (or any interested party like
service plugins) can be notified and react accordingly.
This patch addresses create/update/delete of security groups and
create/delete of security groups rules. Other events may be added
over time, if need be.
This patch is only about emitting the events. The actual subscription
and implementation of the event handlers will have to take place where
deemed appropriate.
Dane LeBlanc [Thu, 9 Apr 2015 14:32:33 +0000 (10:32 -0400)]
IPv6 SLAAC subnet create should update ports on net
If ports are first created on a network, and then an IPv6 SLAAC
or DHCPv6-stateless subnet is created on that network, then the
ports created prior to the subnet create are not getting
automatically updated (associated) with addresses for the
SLAAC/DHCPv6-stateless subnet, as required.
Assaf Muller [Fri, 27 Mar 2015 23:31:51 +0000 (19:31 -0400)]
Stop running L3 functional tests with both OVSDB interfaces
Running the L3 functional tests with both OVSDB interfaces doubles
the run time and may discourage developers from running them
frequently during development. Since the OVSDB interfaces
are tested explicitly, I don't think the trade off is worth it
here. The L3 functional tests use OVS in a *really* trivial way
and won't catch any issues that the explicit tests won't.
Added an OVSInterfaceDriverTestCase plug functional test that runs with
both OVS interfaces to make it harder to introduce regressions.
Kevin Benton [Mon, 30 Mar 2015 18:49:40 +0000 (11:49 -0700)]
Pass correct port ID back to RPC caller
The previous response to get_device_details calls was returning
whatever the caller requested as the port_id in the response.
This was only correct in the case where the port_id was used
directly. In cases where device names were passed in, there was
no way to retrieve the full port ID.
This corrects that behavior by using the port ID from the database
and adds tests to ensure the behavior remains correct.
Brian Haley [Thu, 9 Apr 2015 21:48:40 +0000 (17:48 -0400)]
Fix intermittent ipset_manager test failure
Change ipset_manager _refresh_set() to make a copy of the list of
IPs when creating a set, instead of using a reference, else any
change to the set could update the caller's data.
Also made the IpsetManagerTestCase classes always pass maxelem and
hashsize to the parent class.
Sudipta Biswas [Wed, 18 Mar 2015 18:05:57 +0000 (23:35 +0530)]
Add clock sync error detection on agent registration
For the server to determine if an agent is alive or not,
it depends on the agent's clock being mostly in sync with the server
clock. The neutron-server may reject and return the request if
there's a timestamp difference between the two nodes. Currently
there's no good way to detect this condition from the agent code.
This fix will improve the error handling
logic by writing an appropriate log in the neutron server's log
file for an early detection of the problem.
This fix targets quite rare case of race condition between
port creation and subnet deletion. This usually happens
during API tests that do things quickly.
DHCP port is being created after delete_subnet checks for
DHCP ports, but before it checks for IPAllocations on subnet.
The solution is to apply retrying logic, which is really necessary
as we can't fetch new IPAllocations with the same query and within
the active transaction in mysql because of REPEATABLE READ
transaction isolation.
Romil Gupta [Mon, 23 Mar 2015 15:05:41 +0000 (08:05 -0700)]
Move values for network_type to plugins.common.constants.py
It is quite confusing to have values for network type in common.constants.py
instead of having in plugins.common.constants.py.
Currently, the plugins/common/constants.py consists network_type constants
like VLAN, VXLAN, GRE etc. but values for network type like ranges
are defined in common.constants.py which is not good, it is better to have
both things at the same place.
This patch set addresses the same.
Moved out few methods which are predominantly used in plugins
from common.utils.py to plugins.common.utils.py.
Removed constants which were used in neutron-fwaas from
plugins.common.constants.py: https://review.openstack.org/#/c/168709/
Gal Sagie [Mon, 6 Apr 2015 05:36:01 +0000 (08:36 +0300)]
Add OVSDB connection as a parameter to the transaction
This adds the ovsdb connection as a parameter to the transaction
in the IDL implementation.
This allows other users to use this with a different connection
Adds DVR functional test for multi-external networks
This patch adds DVR functional test for multiple
external networks related to FIP namespace.
This test validates that FIP namespaces are created
based on the external networks associated with the
router.
Ihar Hrachyshka [Sat, 28 Feb 2015 12:48:18 +0000 (13:48 +0100)]
context: reuse base oslo.context class for to_dict()
It is need to conform to expectations of consumers that rely on
oslo.context behaviour (f.e. oslo.log that relies [1] on user_identity
field being set for context objects).
Stephen Ma [Tue, 24 Feb 2015 23:31:33 +0000 (23:31 +0000)]
Router is not unscheduled when the last port is deleted
When checking for ports that are still in use on a DVR router,
the L3 agent scheduler makes the assumption that a port's
network must be owned by the same tenant. This isn't always
true as the admin could have created a shared network that
other tenants may use. The result of this assumption is that
the router associated with the shared network may not be
unscheduled from a VM host when the last VM (created by a
non-admin tenant) using the shared network is deleted from
the compute node.
The owner of a VM may not own all the ports of a shared
network. Other tenants may have VMs using the same shared
network running on the same compute node. Also the VM owner
may not own the router ports. In order to check whether a
router can be unscheduled from a node has to be run with
admin context so all the ports associated with router are
returned from database queries.
This patch fixes this problem by using the admin context to
make the queries needed for the DVR scheduler to make the
correct unschedule decision.
None of the agents log this information, and the reason is that
it's not useful. Any errors are logged, successful state reports
don't give actionable information as you can see that the agent
is up in neutron agent-list anyway.
The increase in ovs testing is resulting in job failure due to
timeouts in test_killed_monitor_respawns. Giving the test more
time to complete should reduce the failure rate.
Elena Ezhova [Thu, 26 Mar 2015 12:33:36 +0000 (15:33 +0300)]
Sync service from oslo-incubator
This sync includes changes that are required to fix handling
of SIGHUP in Neutron.
The following changes and bugfixes are included:
d24b658 Revert "Optimization of waiting subprocesses in ProcessLauncher" 593005b ProcessLauncher: reload config file in parent process on SIGHUP f29e865 Store ProcessLauncher signal handlers on class level bf92010 Optimization of waiting subprocesses in ProcessLauncher
Avoid synchronizing session when deleting networkdhcpagentbinding
Synchronizing session on delete leads to traces in neutron-server
logs when such binding is deleted concurrently.
Also, catch and ignore ObjectDeletedError during iterating over
bindings, that is possible since the code is not within a transaction.
Changes [1,2] recently merged in temptest. Change [2] in particular
is required if we run the API tests with DVR enabled, because now the
binding logic has been altered by [3].
This patch ensure that should that happen, the API job doesn't fail.
Dane LeBlanc [Sat, 4 Apr 2015 22:50:36 +0000 (18:50 -0400)]
Re-use context session in ML2 DB get_port_binding_host
This patch modifies ML2 DB get_port_binding_host method so that it
reuses the existing context session to do the database query
rather than creating a new database session.
Note that there are other methods in ML2 DB that do not re-use
the caller's session (get_port_from_device_mac() and
get_sg_ids_grouped_by_port()). These will be modified using
a separate bug (https://bugs.launchpad.net/neutron/+bug/1441205).
Change-Id: I8aafb0a70f40f9306ccc366e5db6860c92c48cce
Closes-Bug: #1440183
Change eba4c2941ee introduced these tests. However they are not that useful as they
simply mimick the code, without really ensuring that the behavior is expected, so
they provide negative value ([1]), plus, they fail randomly.
This patch removes them in favor of a more useful functional check.
Maru Newby [Tue, 24 Mar 2015 19:45:46 +0000 (19:45 +0000)]
Enhance TESTING.rst
Add detail about api testing and provide better visual separation
between the different types of testing.
The current testing guidelines are mainly about running tests, and
this change does little to fix that. The intention is to add detail
about writing tests in subsequent changes.
Arbitrarily restricting ourselves from using bash because developers on
platforms like netbsd don't want to install bash from ports doesn't
make sense. Any non-trivial shell script is likely to use features
like arrays or string manipulation that are poorly supported (if at
all) by sh, and the continued bumping of the number of expected bash
scripts is an indication that the check is not serving its purpose
anyway.
Along with removing the check, all shebang references to /bin/bash
have been replaced with /usr/bin/env bash in an attempt to be more
compatible across different hosts.
Ed Bak [Mon, 9 Feb 2015 23:13:18 +0000 (23:13 +0000)]
Return from check_ports_exist_on_l3agent if no subnet found
The call to get_subnet_ids_on_router can return an empty list.
If the subnet_ids list is empty, the subsequent call to get
the ports on a subnet returns all ports. If this occurs
when doing a remove_router_interface, the performance
of a remove_router_interface degrades significantly. This change
returns immediately from check_ports_exist_on_l3agents if no
subnet is found. A new unit test has been added to cover
the specific case of returning immediately without calling
get_ports when a remove_router_interface operation is performed.
YAMAMOTO Takashi [Wed, 18 Mar 2015 04:27:15 +0000 (13:27 +0900)]
linuxbridge UT: Fix a regression of the recent ip_lib change
A recently merged change, I07d1d297f07857d216649cccf717896574aac301,
changed IPWrapper.get_devices to use /sys instead of executing ip command.
Unfortunately it broke linuxbridge unit tests, which seems to assume that
mocking utils.execute is enough in some places. This commit fixes the
regression.
Recent refactor to the L3 Agent have introduced
this problem. When we create a VM after we
attach an interface to a router or when we add
an interface with an existing VM to a router, in
both cases the arp entries for the dvr serviced
ports are not getting populated in the Router
Namespace.
This change moves plugin test modules to conform to the new rules on
unit test tree structure (see TESTING.rst).
Vendor plugin paths continue to be ignored, and unit test modules that
test features instead of modules are also ignored pending their
removal to the functional test tree.
Code Review / openstack-build / neutron-build.git / log