Paul Michali [Tue, 21 Apr 2015 20:12:38 +0000 (16:12 -0400)]
Enhance configure_for_func_testing.sh for *aaS use
Modify the script so that it can be used by the *aaS functional tests.
This is done by allowing callers, namely other *aaS repos, to override
information, like the project name and virtual environment used (for
example, VPNaaS has two functional jobs with different virtual env).
Finally let L3 and DHCP agents cleanup namespaces by default
There has been a problem with iproute package that resulted in errors
when deleting the namespaces, so deleting was turned off by default.
According to tests with iproute version 3.12.0 there is no such issue
so the option could be safely turned on by default.
With this change is the is_admin parameter is set to True when
creating a context, the is_advsvc property is set to True as well,
without executing a pointless check with policy engine.
Jakub Libosvar [Wed, 29 Apr 2015 10:04:03 +0000 (12:04 +0200)]
Don't use iterator in search for tunnel type
Changing dictionary size while using iterator causes RuntimeError. This
can happen in local vlan mapping under certain program flows. This patch
changes iteritems() to values() that returns list and thus preventing
from failure if local vlan mapping changes during creating tunnels.
Remove is_active property from SimpleInterfaceMonitor
is_active property from SimpleInterfaceMonitor shadows
the method is_active inherited from AsyncProcess.
The property checks that ovsdb monitor is running and
that it received some data. When ovsdb monitor starts
it always receives data, since it processes the interfaces
present on the machine, so the flag data_received will
always be set to true right after SimpleInterfaceMonitor
starts. Considering that, is_active can be removed and
the method is_active inherited from AsyncProcess can be
used instead.
Sam Betts [Wed, 29 Apr 2015 15:15:35 +0000 (16:15 +0100)]
Ensure mocks for lla allocator _write in test_agent
The test test_create_dvr_fip_interfaces_for_restart_l3agent_case was
causing a file fip-linklocal-networks to be created when the tests are
run, this patch ensures that the correct part of the LinkLocalAllocator
is patched to prevent this in the test case.
Gal Sagie [Wed, 29 Apr 2015 04:49:16 +0000 (07:49 +0300)]
Rename delete_gateway method name
Fix last comments from bug #1435012
Some comments were left out and the patch is already merged.
This patch address these comments.
Rename method and remove an unneeded comment
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
lijianlj [Thu, 29 Jan 2015 06:41:20 +0000 (14:41 +0800)]
Add icmpv6 to sg_supported_protocols
support using icmpv6 (protocol num 58) in the protocol option, when creating
a security group rule.At this time, port_range_min/port_range_max represent
icmpv6 type/code, and you can use only port_range_min to specify just one type.
eg:neutron security-group-rule-create --direction ingress \
--ethertype ipv6 --protocol icmpv6 --port-range-min 134 SECURITY_GROUP
Gal Sagie [Mon, 30 Mar 2015 07:40:36 +0000 (10:40 +0300)]
Suppress exception when trying to remove non existing device in SNAT redirect
L3 service plugin first calls to remove_router_interface from the L2 OVS agent
which delete this port from OVS and then the service plugin calls
to remove the router interface from L3 agent.
Catch the exception thrown on the delete gateway, if its due to device doesn't exists
ignore the exception
Support multiple IPv6 prefixes on internal router ports for an HA Router
As part of BP multiple IPv6 prefixes, we can have multiple IPv6 prefixes on
router internal ports. Patch, I7d4e8194815e626f1cfa267f77a3f2475fdfa3d1, adds
the necessary support for a legacy router.
For an HA router, instead of configuring the addresses on the router internal
ports we should be updating the keepalived config file and let keepalived
configure the addresses depending on the state of the router.
Following are the observations with the current code for an HA router.
1. IPv6 addresses are configured on the router internal ports (i.e., qr-xxx)
irrespective of the state of the router. As the same IP is configured on multiple
ports you will notice dadfailed status on the ports.
2. Keepalived configuration is not updated with the new IPv6 addresses.
This patch addresses the above issues for an HA Router.
Currently a HA router can be successfully created even when
there is not enough active l3 agent. Current code only checks
existing l3 agents but does not check if the agent is already
down.
This patch fixes this problem by checking only active l3 agents
when getting the number of agents for scheduling HA router.
Kevin Benton [Fri, 17 Apr 2015 11:54:41 +0000 (04:54 -0700)]
Eliminate extra queries used to retrieve gw_ports
The _get_sync_routers method was calling get_routers and
then getting the gateway ports from the db in a separate
get_ports call. This extra call is unnecessary since is
already an SQL relationship directly between the router
and it's gw_port.
This patch eliminates all of the additional gw_port retrieval
logic by replacing the get_routers call with a _get_collection
call to make use of the gw_port object already present on
each router object.
Kevin Benton [Fri, 17 Apr 2015 11:09:48 +0000 (04:09 -0700)]
Don't update port with host id of None
In the L3 RPC code if the host for a port is not
present, it ends up calling update_port with the
host_id set to None. This does not update the host
id at all because it's treated as an unset attribute
which leads to the same thing happening on the next
iteration. These pointless update calls are expensive
because they involve a semaphore and calls to mechanism
drivers.
This patch adjusts the logic to only send a port
update if it actually has a host to ensure is on
the port.
lzklibj [Sat, 21 Mar 2015 16:58:15 +0000 (09:58 -0700)]
fix l3-agent restart with last runtime fip for dvr
In DVR enabled environment, after we associated a floating
IP to a VM, when we restart L3-agent on the same compute
node, the L3-agent will miss to create rtr_fip_subnet for
router_info. The previous floating IP can still work, but
new associated floating IPs to VMs related to the same router
on this L3-agent will fail to configure and not work. This
patch will fix this.
The method create_dvr_fip_interfaces in dvr_router.py will
invoke fip_ns.create_rtr_2_fip_link, and the later one will
create rtr_fip_subnet, consider VMs related to the same router
will share the same rtr_fip_subnet, so processing here should
run only once for those VMs, once rtr_fip_subnet is created.
Current code will check dist_fip_count then decide to invoke
fip_ns.create_rtr_2_fip_link or not.
dist_fip_count should be zero if a router related VMs never
have been associated with any floating IPs before. But if a
router has floating IPs associated to its related VMs, after
it is restared, dist_fip_count will be non-zero, and this is
the point this patch try to fix. And for case rtr_fip_subnet
has been created, both dist_fip_count and is_fisrt will be
false, and fip_ns.create_rtr_2_fip_link will be no more need
to be invoked.
Kevin Benton [Fri, 17 Apr 2015 11:51:26 +0000 (04:51 -0700)]
Replace unnecessary call to get_sync_routers
Replaces a call to get_sync_routers with a single-column
router DB query in a method that doesn't use any of the
gateway information get_sync_routers spends extra
time populating.
Cedric Brandily [Thu, 5 Mar 2015 21:43:09 +0000 (21:43 +0000)]
Replace BaseLinuxTestCase by BaseSudoTestCase
BaseLinuxTestCase provides 2 methods which are used once/three time(s),
this change inlines these methods and removes BaseLinuxTestCase and
replaces it by BaseSudoTestCase.
This change removes a useless cleanup in RecursivePermDirFixture:
previously RecursivePermDirFixture reverts permission changes on
directories, but the cleanup is useless as directories are provided
by TempDir.
Kevin Benton [Fri, 24 Apr 2015 13:52:21 +0000 (06:52 -0700)]
Add missing interface to populate subnets method
Change Ib46f685d72eb61ecbaa2869e28fb173cd6d49552 introduced
and optimization to defer the lookup of interface subnet info
until all of the router interfaces were collected. However,
it didn't add the DVR SNAT interface to the list of interfaces
to populate subnet info so it broke DVR.
This patch corrects the behavior by adding the DVR SNAT interface
to the list of ports that need subnet info populated.
Elena Ezhova [Tue, 7 Apr 2015 11:54:45 +0000 (14:54 +0300)]
Refactor socket ssl wrapping
Move socket wrapping into a separate method in order to separate
its logic from other action done in _get_socket. Now, ssl wrapping
is applied to the socket returned by _get_socket method.
Additionally checks for ssl config options are now performed during
init and not each time wrap_socket is called.
Kevin Benton [Fri, 24 Apr 2015 07:35:31 +0000 (00:35 -0700)]
Don't resync on DHCP agent setup failure
There are various cases where the DHCP agent will try to
create a DHCP port for a network and there will be a failure.
This has primarily been caused by a lack of available IP addresses
in the allocation pool. Trying to fix all availability corner cases
on the server side will be very difficult due to race conditions between
multiple ports being created, the dhcp_agents_per_network parameter, etc.
This patch just stops the resync attempt on the agent side if a failure
is caused by an IP address generation problem. Future updates to the subnet
will cause another attempt so if the tenant does fix the issue they will
get DHCP service.
Code Review / openstack-build / neutron-build.git / log