John Schwarz [Tue, 26 Aug 2014 08:43:11 +0000 (11:43 +0300)]
Don't spawn metadata-proxy for non-isolated nets
If the configuation option "enable_isolated_metadata = True" for the
DHCP agent is set, the neutron-ns-metadata-proxy process is spawned
for all networks, regardless if they are isolated or not. In case
the network is not isolated (ie. connected to a neutron router), the
L3 agent also spawns a proxy process, and the DHCP's proxy is left
unused. This patch adds a check prior to the spawning of new proxies:
if a network is not isolated, no proxy is spawned.
YAMAMOTO Takashi [Mon, 11 Aug 2014 00:02:22 +0000 (09:02 +0900)]
ofagent: Enable local arp responder for local VMs
Because ofagent makes every arp requests packet-in and
perform packet-out anyway, just make it respond arp requests
for local VMs. It would be simpler and more effective than
forwarding requests to the network as it did before this change.
Before this change:
request: src VM -> switch -> controller -> switch -> target VM
reply: target VM -> switch -> src VM
After this change:
request: src VM -> switch -> controller
reply: controller -> switch -> src VM
As a bonus, now we can test l2pop and local arp responder with
a single node setup, at least for some extents.
Highlights:
- Deprecate br-tun.
- Reduce the use of OFPP_NORMAL action. Use mac address info
obtained from get_device_details and l2-pop to reduce flooding.
- Use OpenFlow metadata instead of "internal" VLANs.
Now tenant networks are VLAN transparent.
The current ML2 plugin supports only extensions defined in the plugin and it
does not support any extensions in the mechanism drivers. The changes in this
commit allows mechanism drivers to define new extensions.
Nader Lahouti [Sat, 28 Jun 2014 01:09:19 +0000 (18:09 -0700)]
Cisco DFA ML2 Mechanism Driver
Part 1:
This commit contains changes to support ML2 mechanism driver for Cisco
DFA. For more details please see the blueprint which has more description and
link to document with requirements.
Part 2: Changes in OVS neutron agent.
(http://review.openstack.org/110065)
Part 3: DFA extension driver.
(http://review.openstack.org/111761)
Part 4: DFA config profile service plugin.
(http://review.openstack.org/111863)
Akihiro Motoki [Tue, 19 Aug 2014 15:54:30 +0000 (00:54 +0900)]
Provide a quick way to run flake8
"run_tests.sh -p" always checks every file for errors even though you
have probably only changed a handful. This patch adds "run_tests.sh -8"
which only checks the files that were modified in the HEAD commit or
in the current working tree.
It is borrowed from the recent nova commit b011325cc6.
The related ML post is:
http://lists.openstack.org/pipermail/openstack-dev/2014-August/043346.html
Akihiro Motoki [Sat, 23 Aug 2014 09:16:18 +0000 (18:16 +0900)]
Make SecurityGroupsRpcCallback a separate callback class
RPC has a version of itself. In Neutron a plugin implements
several RPC interface, so a single RPC version doesn't work.
In Mixin callback class approach, RPC versioning depends on
each plugin implementation and it makes harder to maintain
RPC version appropriately. This patch series replaces mixin
RPC callback of server side with a separate class.
This commit handles server-side callback of security group
RPC interface.
* The server-side callback of Security group RPC is moved to
api/rpc/handler and db/securitygroups_rpc_base now only
contains a mixin class to add agent-based security group
implementation with db operations.
* get_port_from_device method in server-side callback class
is moved to a mixin class of plugin implementation
(SecurityGroupServerRpcMixin) because it involves DB lookup
and is tightly coupled with plugin implementation rather
than RPC interface definition.
Most unit tests for SGServerRpcCallBackTestCase were skipped
in the base class before, but now they are no longer skipped.
The following items will be planned in later patches
to avoid drastic changes in a single patch.
* Merge security group RPC API and agent callback classes in
agent/securitygroups_rpc into api/rpc/handlers/securitygroup_rpc
* Remove completely duplicated db access code in get_port_from_device
and get_port_and_sgs
Adding mechanism driver in ML2 plugin for Nuage Networks
This patchset introduces basic ml2 driver for nuage.
In Juno release, mechanism driver will support basic
L2 functionality as a stepping stone to enhance
it in later releases.
Assaf Muller [Fri, 29 Aug 2014 11:44:10 +0000 (14:44 +0300)]
Fix state_path in tests
cfg.CONF.state_path is set to a random temporary directory
in neutron.tests.base:BaseTestCase.setUp. This value was then
over written in neutron.tests.unit.__init__. Tests that need
to read or pass cfg.CONF.state_path were getting the directory
from which the tests were running and not the temporary directory
specially created for the current test run. Note that the usage
of state_path to set lock_path, dhcp state path and the likes
was working as expected, and was not affected by this bug.
In order to insert the HA related code into the L3
agent, as part of blueprint l3-high-availability,
it's important to add functional tests for the L3 agent.
The L3 HA patch will use the framework provided here
to implement additional HA specific tests.
Prasoon Telang [Fri, 29 Aug 2014 13:55:35 +0000 (19:25 +0530)]
remove explicit include of the ovs plugin
On installing only neutron-linuxbridge-agent package, the
dhcp cannot start successfully because of the imports from
ovs plugin. This change removes the explicit include of the
ovs plugin from ovs_lib.py. INVALID_OFPORT has been moved to
ovs_lib.py while VXLAN_UDP_PORT has moved to
plugins/common/constants.py. The imports for these 2 constants
in files which uses it has been corrected to new location.
Aaron Rosen [Fri, 22 Aug 2014 18:09:29 +0000 (11:09 -0700)]
NSX: log request body to NSX as debug
Previously we never logged the request body that we sent to NSX. This makes
things hard to debug when issues arise as we don't actually log the body of
the request that we made. This patch adds the body to our issue request log
statement.
This patch changes the dependency of the embrane plugin from ovs to ml2.
Existing users of the old entry point will be upgraded on a case-by-case
base as needed, therefore no generic upgrade procedure is required.
Akihiro Motoki [Tue, 19 Aug 2014 12:16:19 +0000 (21:16 +0900)]
Make DvrServerRpcCallback a separate callback class
RPC has a version of itself. In Neutron a plugin implements
several RPC interface, so a single RPC version doesn't work.
In Mixin callback class approach, RPC versioning depends on
each plugin implementation and it makes harder to maintain
RPC version appropriately. This patch series replaces mixin
RPC callback of server side with a separate class.
This commit handles server-side callback of DVR ML2 RPC interface.
Akihiro Motoki [Mon, 18 Aug 2014 19:14:31 +0000 (04:14 +0900)]
Make DhcpRpcCallback a separate callback class
RPC has a version of itself. In Neutron a plugin implements
several RPC interface, so a single RPC version doesn't work.
In Mixin callback class approach, RPC versioning depends on
each plugin implementation and it makes harder to maintain
RPC version appropriately. This patch series replaces mixin
RPC callback of server side with a separate class.
This commit handles server-side callback of dhcp-agent RPC interface.
DHCP-agent server-side callback class is moved from db/ to
api/rpc/handlers because it doesn't involve any db operations
and defining all RPC interfaces in a single place sounds reasonable.
Note that moving other DHCP-agent related RPC interface class
to api/rpc/handlers can be done in a separate patch as this patch
focuses on reorganizing the server-side RPC callback class.
Ann Kamyshnikova [Wed, 20 Aug 2014 12:24:10 +0000 (16:24 +0400)]
Block downgrade from icehouse to havana
We are purging all downgrade methods from icehouse to havana because:
1) havana is going to become unsupported during Kilo cycle.
2) most people will upgrade from icehouse, while a minor percentage
from havana
3) downgrade use cases are mostly to revert after failed upgrades
See discussion in https://review.openstack.org/109952 for details.
This change removes all downgrade code in this migrations and raises
an exception in downgrade of icehouse_release.
Maru Newby [Thu, 28 Aug 2014 09:17:45 +0000 (11:17 +0200)]
Use lockutils module for tox functional env
A previous change (I4d6076e5f7586a11ea5381f18774d4bab57b0081) added
lockutils to only the dsvm-functional tox env. It also needs to be
added to the functional tox env.
Do not use auto_schedule_routers to add router to agent
auto_schedule_routers makes a number of DB calls that are
unnecessary as they are already made during the validation
phase of add_router_to_l3_agent. Once the validation is
done, the only business left is to create the binding: this
is what this patch does.
Maru Newby [Wed, 27 Aug 2014 15:33:29 +0000 (17:33 +0200)]
Fix func job hook script permission problems
- The hook script is the wrong place to unstack since
it needs to run as the stack user with sudo privileges and those
permissions are removed as part of the devstack-vm-gate.sh script.
- The functional job gate hook script needs to use sudo to
install the test-only rootwrap filter.
Eugene Nikanorov [Tue, 19 Aug 2014 19:01:11 +0000 (23:01 +0400)]
Fix l3 agent scheduling logic to avoid unwanted failures
In case router is being added to l3 agent which is already hosting
the router it is fine to let such a request to succeed.
This patch also adds a check for unnecessary scheduling that might happen
twice in described case and lead to unwanted messages in the logs.
This was discussed in review [1], and was deferred until the time was ripe
for the appropriate fix. As suggested and reported, auto_schedule_routers
is too affected by this error.
This patch takes care of the issue, in a similar way.
Akihiro Motoki [Mon, 18 Aug 2014 18:49:30 +0000 (03:49 +0900)]
Make L3RpcCallback a separate callback class
RPC has a version of itself. In Neutron a plugin implements
several RPC interface, so a single RPC version doesn't work.
In Mixin callback class approach, RPC versioning depends on
each plugin implementation and it makes harder to maintain
RPC version appropriately. This patch series replaces mixin
RPC callback of server side with a separate class.
This commit handles server-side callback of L3-agent RPC interface.
L3-agent server-side callback class is moved from db/ to
api/rpc/handlers because it doesn't involve any db operations
and defining all RPC interfaces in a single place sounds reasonable.
Note that moving other L3-agent related RPC interface class
to api/rpc/handlers will be done in a separate patch as this patch
focuses on reorganizing the server-side RPC callback class.
This method is more complicated than it needs
to be, and it makes it difficult to target
fixes for it.
Furthermore, this method calls into
auto_schedule_routers, which duplicates some
of the DB calls already made in the above
mentioned method. This refactoring
is done in preparation of the performance
improvement.
Henry Gessau [Sun, 27 Jul 2014 02:05:02 +0000 (22:05 -0400)]
Predictable iptables chains output order
This fixes the iptables unit tests that break with a randomized PYTHONHASHSEED
(see the bug report).
The chains for iptables are stored as sets to avoid duplicates. When they are
output by iptables_manager their order can therefore be unpredictable. This was
found hash seed 1016732220.
To fix this we:
- Sort the chains output by iptables_manager
- Update the unit tests to check for sorted chains
When multiple tables are processed, they can be processed in any order or
dumped in any order. Found with hash seed 3728666619.
To fix this we:
- Traverse the tables in sorted order for dumping
- Fix tests to allow for tables to be processed in any order
Note: There are several other unrelated unit tests that also break with a
randomized PYTHONHASHSEED, but they are not addressed here. They will be
addressed in separate patches.
This patch fixes a small glitch in the healing script.
If the script detects that a foreign key must be removed,
and the columns that it references must be removed as well,
then the foreign key removal would fail as the column would
not exist anymore.
This patch simply ensures foreign key are dropped before all
the remaining table/column operations. New foreign keys are
instead added after all table/column operations are completed.
Currently, DVR router namespaces are created only
when there is a valid VM port on the compute
node, or for the gateway-port on the service node.
But when an LBaaS VIP port is created the l3 agent
does not create a DVR namespace to service the VIP port.
This fix enables DVR namespaces to be created to
service the LBaaS VIP port.
Also, this fix enables L2 Agent running in DVR
mode, to add-in OVS rules to enable packets to
be routed to such LBaaS VIP Ports which are
resident on DVR routed interfaces.
Therefore, with this fix both East-West and
North-South traffic will be serviced by DVR
for LBaas VIP Ports.
Code Review / openstack-build / neutron-build.git / log