rajeev [Tue, 12 Aug 2014 00:42:18 +0000 (20:42 -0400)]
Fix interface add for dvr with gateway
when an interface is added after router gateway set, external
connectivity using snat fails. Instead of just adding the snat port for
the new subnet, method internal_network_added(..) incorrectly re-adds
all the snat ports with wrong cidr.
Stephen Ma [Wed, 6 Aug 2014 22:33:32 +0000 (22:33 +0000)]
Delete DVR namespaces on node after removing last VM
After removing the last VM using a distributed router,
the router's namespaces are still present on the VM host
The problem is that the neutron API server sent the router
remove notification to the L3 agent using the name of the
host running the L3 agent instead of the agent's uuid. This
caused an error when sending the notification. So the L3
agent never had the chance to cleanup the namespace.
This problem is fixed here.
Afterwards, it was found that the notification was still not
sent. The reason is that the router/L3-agent binding has
already been deleted before the routine that sends the
router removed notification was called. The notifier routine
errored out when it tried to delete the same router/L3 agent
binding. This problem is fixed in this patch by removing the
binding removal step from the DVR scheduler.
Method sync_routers is used by the L3 agent to query
routers it knows about. Routers and GW ports lists
are populated in two different times, which means that
they can be interleaved by a delete request which
results in gateway ports being missing in one of the
two data structures.
Paul Michali [Wed, 13 Aug 2014 01:26:27 +0000 (21:26 -0400)]
VPNaaS: Cisco fix validation for GW IP
The validation to check that the router has a GW IP
for the Cisco service driver was trying to directly
get the gw_port information, which is not available, as
the validator only has a dict of the vpn_service info.
Modified validator to get the router object (not a
dict representation), using the vpn_service's router_id
and then check the attributes for the router directly.
The metadata agent was unable to find networks
attached to the DVR router because it was only
filtering ports for 'centralized' routers.
To fix the issue, this patch expands the search
filters to include DVR router interfaces during
the network lookup operation.
The extra filter cause no evident performance
loss while serving the request; a different
approach would require to pass the router type
around to narrow down the search filter, but it
sounds like an overkill.
Make plugin and l3plugin available as mixin's properties
This makes the code simpler and slightly more efficient.
This is a minor refactoring related to a race condition
observed when the agent is processing a router while its
interfaces are being removed.
Isaku Yamahata [Mon, 4 Aug 2014 14:44:18 +0000 (23:44 +0900)]
add auth token to context
As discussed at
http://lists.openstack.org/pipermail/openstack-dev/2014-July/040644.html
SerivceVM project (and other routervm plugins) need auth token in context.
The first user will be l3 routervm plugin.
Michael Smith [Wed, 6 Aug 2014 22:02:35 +0000 (15:02 -0700)]
Fixes an issue with FIP re-association
When the last FIP is disassociated, the namespace and
interfaces should be removed. The internal interface
wasn't removed before without problems, but now the
namespace cannot be removed with that interface present.
The fix is to remove the internal FIP interface before
removing the namespace.
This is done by adopting the router_extra_attributes
models. However, the NSX 'distributed' extension is
slightly different in that it is visible to tenants
and prevents router conversion (allow_put=false).
PUT requests are made return the correct HTTP code;
The access control misalignments will need to be
adjusted via rules in policy.json. This will be
properly documented.
This patch clarifies that in order to use NSX distributed
routers, the replication_mode parameter should be set to
'service'. This is already its default value, so no further
change is needed beyond clarifying wording.
Roey Chen [Tue, 20 May 2014 14:10:17 +0000 (17:10 +0300)]
MLNX Agent: ensure removed ports get treated on resyncs
This patch ensures that removed ports will be cleaned up properly if exception
occurs in the daemon_loop.
It does the same for the mlnx-agent as was done for the lb-agent in
Ieada34ad315c0c29aa8462ebf041a448fde007b8.
Refactoring the daemon_loop and scan_ports in a way that -
If there's an exception, the ports that were flagged for cleaning will
be retreated in the following iteration,
unlike previous exception handling, where only existing ports
were treated in the following iteration.
Cédric Ollivier [Thu, 29 May 2014 10:01:28 +0000 (12:01 +0200)]
Add delete operations for the ODL MechanismDriver
This commit adds delete operations (networks, subnets and ports) for the ODL MechanismDriver.
It also modifies sync_single_resource to reduce db operations.
Sam Betts [Mon, 11 Aug 2014 09:57:40 +0000 (10:57 +0100)]
Removes extra indents from TestSubresourcePlugin
Removed extra indents from in front of each function in the
TestSubresourcePlugin class in test_api_v2.py so that it
meets pep8 requirements and matches up with the rest of the code.
Roey Chen [Sun, 18 May 2014 08:44:00 +0000 (11:44 +0300)]
MLNX Agent: Process port_update notifications in the main agent loop
This patch changes the way mlnx agent process port_update notifications.
It does the same for the mlnx agent as was done for the ovs-agent in
I219c6bdf63b0b5e945b655677f9e28fa591f03cd.
Processing a port_update notification directly in the RPC
call may cause competition with the main RPC loop.
To prevent this problem, the actual process of ports updates is done
in the main RPC loop, whereas the RPC call merely adds the updated
port MAC address to a set of updated ports.
port_update notifications received within a single main loop iteration
will be coalesced and processed only once.
Carl Baldwin [Fri, 8 Aug 2014 17:31:59 +0000 (17:31 +0000)]
Remove unneeded device_owner field from l2pop tuple
The DVR development added this device_owner to the middle of this
tuple during early development because it was thought to be needed.
Over the course of development, it was found to be unnecessary and
much of the code that read it from this value was removed or
obsoleted. That job went unfinished and so this commit completes it.
This essentially restores the code to what it was before and fixes the
regression that was caused.
Removing local_vlan_map entry here makes later port_unbound no-op.
While it isn't a problem right now, it will be when per-port cleanup
is introduced.
This commit simply removes network_delete method. The local_vlan_map
will be cleaned up when the last port on the network is removed.
Sudipta Biswas [Tue, 5 Aug 2014 14:10:06 +0000 (19:40 +0530)]
Fix to throw correct error code for bad attribute
Currently the neutron network API throws up error code 500 for
the extended attribute for segmentation id. This can be reproduced
if the user types in a random string in place of an integer value
for the segmentation id. The proper behavior should throw an error
code 400 with the appropriate failure message. This patch fixes the
same issue and covers it with a test case.
Once gateway is set, external_gateway_added() was getting called every time
a router update was received. The check for change in external
gateway compared previously cached copy of gateway port (ri.ex_gw_port) with
the one passed in through update router (ri.router['gw_port']).
The cached copy was already being modified by code so the two values would
always appear to be different.
Making the change to compare correctly and remove actions not required
for gateway update.
Pritesh Kothari [Mon, 4 Aug 2014 21:14:20 +0000 (14:14 -0700)]
Do not assume order of pci slot list
This fixes the neutron.tests.unit.sriovnicagent.test_eswitch_manager
.TestEmbSwitch.test_get_pci_list unit test that breaks with a
randomized PYTHONHASHSEED (see the bug report).
The test assumed that the pci slot list was sorted, so sort
the result before comparing.
Note: There are several other unrelated unit tests that also break with a
randomized PYTHONHASHSEED, but they are not addressed here. They will be
addressed in separate patches.
The DeferredBridge should allow add_tunnel_port
method as passthrough in addition to add_port
and delete_port. L2Pop uses add_tunnel_port to
dynamically establish tunnel endpoints on cloud
nodes.
Juergen Brendel [Wed, 6 Aug 2014 01:23:52 +0000 (01:23 +0000)]
Enabled Cisco ML2 driver to use new upstream ncclient
The code is still able to handle the old, custom ncclient that
we used before. It uses the different function signatures
for the ncclient's connect() function to detect which version
is installed.
This change fixes the information used by the L2pop
driver to populate l2pop rules that enables DVR to
route packets across compute servers that have
tenant VMs that belong to different networks.
It also fixes the case where VMs were not able to
obtain IP Addresses when such VMs are on DVR
hosted subnets.
Wei Wang [Wed, 6 Aug 2014 16:19:41 +0000 (00:19 +0800)]
Remove duplicated check for router connect to external net
In the function get_assoc_data, we check the router which get
from _get_router_for_floatingip whether connect to external net,
but as it has already checked in _get_router_for_floatingip.
Kevin Benton [Fri, 1 Aug 2014 01:13:52 +0000 (18:13 -0700)]
Return 403 instead of 404 on attr policy failures
Return an HTTP Forbidden code (403) instead of an
HTTP Not Found code (404) if a tenant is trying to
update it's own object. This is a safe adjustment
since the tenant already knows this object exists
so pretending it doesn't isn't improving secuirty
as much as it is causing confusion.
Say rule r2 is associated with policy p2. If user tries to insert rule r1
into a policy p1 before/after r2, error should be thrown saying that rule
r2 is not associated with policy p1.
Carl Baldwin [Mon, 4 Aug 2014 19:29:33 +0000 (19:29 +0000)]
Simple refactor to stop passing around an unused parameter
There is no functional change in this patch. However, this refactor
allows another patch [1] to make a simpler change to the code base.
This patch includes localizing the initialization of "internal_cidrs"
to a later spot in the "process_router" method. This has the
advantage that it will be initialized under the same condition that it
will be used.
This patch refactors L3_NAT_DB_mixin to split out db operation and
rpc notification.
l3 plugin for routervm will implement the method for REST resource
operation as something like
def op_resource():
additional operation
with session
additional db operation
db operation of super class => super().db_op_resoruce
additional db operation
additional operation
l3 rpc notification
However, The current L3_NAT_DB_mixin intermixes db operations with l3 rpc.
So it is difficult to reuse the db operation code without l3 rpc.
This patch splits db operation from l3 rpc notification so that
db operation logic can be reused easily. Thus the l3 plugin for routervm
will be simplified with this patch.
Related to blueprint cisco-routing-service-vm
Related to blueprint l3-plugin-brocade-vyatta-vrouter
cedric.brandily [Fri, 16 May 2014 20:18:45 +0000 (16:18 -0400)]
OVS flows apply concurrently using a deferred OVSBridge
This change is an improvement of the commit 501213686886baccd3280e10b8856a25d3517519 and provides a cleaner
implementation. Previously flows were applied on
OVSBridge.defer_apply_off which could be called by an other
greenthread: it was impossible to ensure that all flows are applied
in a unique OVSBridge.defer_apply_off call. This change ensures that
all flows defined using a DeferredOVSBridge are applied on
DeferredOVSBridge.apply_flows or DeferredOVSBridge.__exit__ if not
exception is raised.
Pritesh Kothari [Mon, 4 Aug 2014 20:37:56 +0000 (13:37 -0700)]
Do not assume order of network_uuid's
This fixes the neutron.tests.unit.test_linux_dhcp.TestDnsmasq
.test_existing_dhcp_networks unit test that breaks with a
randomized PYTHONHASHSEED (see the bug report).
The test assumed that the network_uuid's list was sorted, so sort
the result before comparing.
Note: There are several other unrelated unit tests that also break with a
randomized PYTHONHASHSEED, but they are not addressed here. They will be
addressed in separate patches.
Kevin Benton [Fri, 25 Jul 2014 19:25:39 +0000 (12:25 -0700)]
Big Switch: Only update hash header on success
This patch moves the hash update call into the success block
of the server manager so the database isn't updated with
a hash header from an error response. Additionally, it prevents
the hash from being updated to an empty value if the hash header
is not present in the response.
Perform dumb polling instead.
Now ofagent port monitoring is mostly ovsdb-free.
(except _find_lost_vlan_port stuff, which is planned to be retired
by blueprint ofagent-merge-bridges)
Remove code to report port status for ancillary bridges because
it relies on ovsdb. While we could adapt the code to use OFP in
a similar way we did for the integration bridge, it doesn't worth
the effort because the almost same functionality can be achieved
using provider network. Update README to suggest the use of
provider network.
Henry Gessau [Mon, 4 Aug 2014 12:47:08 +0000 (08:47 -0400)]
Add a tox test environment for random hashseed testing
The newer versions of tox by default enable a random PYTHONHASHSEED. However,
this breaks many Neutron unit tests, so PYTHONHASHSEED=0 is currently hard-
coded for Neutron's unit test environments.
We want to clean up the unit test cases that break with a random hashseed
(there are many). To be able to find the broken tests and then verify them,
we need to have an easy way of enabling random hashseed testing.
This is step 2 implementation of OFAgent l2-population.
This handles an arp packet responding locally to an arp request in such a way
that sends an arp request as a packet-in message to controller and
builds and sends an arp reply packet.
Currently this only supports tunnel.
Code Review / openstack-build / neutron-build.git / log