Russell Bryant [Mon, 9 Jun 2014 20:53:21 +0000 (16:53 -0400)]
Ensure routing key is specified in the address for a direct producer
This change is already merged in oslo-incubator. Original commit
message body includes:
Porting this fix from oslo.messaging. This fixes the impl_qpid.py
driver to allow it to work with the latest stable upstream QPID broker
(version 0.28). See the Apache Qpid Jira bug
https://issues.apache.org/jira/browse/QPID-5557
Kevin Benton [Mon, 9 Jun 2014 07:46:30 +0000 (00:46 -0700)]
Start an unstarted patch in the hyperv unit tests
This starts a patch that was setup but never started
for a loopingcall that was allowing an occasional
exception to be thrown from the agent on unrelated patches.
Pierre Rognant [Wed, 28 May 2014 18:18:45 +0000 (14:18 -0400)]
Add an option to turn off DF for GRE and VXLAN tunnels
Modifications included allow to set a new option (dont_fragment) in
the ovs agent configuration file that can be used for (un-)setting the DF
bit on GRE or VXLAN tunnels. The default behaviour is not altered (DF on).
Terry Wilson [Thu, 17 Apr 2014 01:48:04 +0000 (21:48 -0400)]
Remove run-time version checking for openvswitch features
The current method of checking openvswitch and kernel versions for
specific feature support is brittle, distro-specific and unsupportable.
This patch removes the runtime version checks and implements a test
script which allows testing specific neutron features or can test
that all features required by a specific configuration are available.
For example, to test VXLAN support in openvswitch, either:
neutron-sanity-check --ovs_vxlan
or pass in the deployed configuration files with AGENT/tunnel_types
containing 'vxlan', like:
Deployment tools can then test that the required features exist without
relying on version numbers and without incurring a penalty every time
the agent is started.
Pass object to policy when finding fields to strip
During the evaluation of fields to strip in responses to list
operations, pass also the first object in the list to the
policy engine.
This will avoid errors in policy evaluation if during
an upgrade from icehouse policy.json was not updated to remove
attribute-level policies dependent on resource values.
Allow L3 base to handle extensions on router creation
By changing the boolean flag, API extensions made to
the router model can be handled correctly: this means
that on router creation, the response body will
contain all the extension attributes being part of
the resource. Prior to this fix, it was only on GETs
or PUTs, leaving the user at loss as to whether
the flag was actually being processed.
This is done in preparation for the distributed
router functionality. Breaking down and factoring
out some functionality helps the DVR work to come
as a more loosely coupled addition to the L3
centralized case. This also ensures that the two
code bases are kept separately to minimize chance
of regression, and simplify code coverage effort.
Jakub Libosvar [Tue, 8 Apr 2014 10:41:11 +0000 (12:41 +0200)]
add engine parameter for offline migrations
Offline migration required config file containing connection string.
In that case only engine from URL was used. With this patch engine can be
passed from command line (or config file) along with plugins which sql
script will be generated accordingly.
Jakub Libosvar [Wed, 28 May 2014 16:39:47 +0000 (18:39 +0200)]
Check DB scheme prior to migration to Ml2
When using migration tool from LB/OVS plugin to Ml2, there is no
guarantee current scheme is supported by migration tool. This patch
checks version stored in DB by alembic and compares whether version
is supported.
Sudhakar [Mon, 3 Mar 2014 10:05:20 +0000 (15:35 +0530)]
Improve iptables_manager _modify_rules() method
As the number of ports per default security group increases, the
number of iptables entries on the Compute Node grows. Because of
this, there is a gradual increase in the time taken to apply chains
and rules.
Currently we are using list comprehensions to find if a new chain or
rule matches an existing one. Instead, walk through the list in
reverse to find a matching entry.
Added a new method, _find_last_entry(), to return the entry we are
searching for.
Aaron Rosen [Fri, 30 May 2014 18:59:36 +0000 (11:59 -0700)]
NSX: bump http_timeout to 30 seconds
We've seen that sometimes NSX takes longer then 10 seconds to return
in production setups under high bursts. Setting this value to 30 seconds
seems more appropriate and solves the issue at load.
Kevin Benton [Mon, 2 Jun 2014 05:43:02 +0000 (22:43 -0700)]
BSN: Set hash header to empty instead of False
Sets the consistency hash header to empty instead
of False since 'False' is handled like a string on
the backend and requires special-casing to detect.
Christoph Arnold [Thu, 29 May 2014 14:17:30 +0000 (16:17 +0200)]
Neutron does not follow the RFC 3442 spec for DHCP
When setting a gateway and additional host routes in neutron subnet, the
gateway is only sent to clients via the router dhcp option, dhcp clients
conforming to rfc3442 will ignore router option if
classless-static-routes are available. This patch ensures setting both
the router option and the classless-static-routes including the gateway
Aaron Rosen [Sun, 1 Jun 2014 18:37:05 +0000 (11:37 -0700)]
LBaaS add missing rootwrap filter for route
If one runs the lbaas agent from packages and does not have the l3-agent
installed on the same box as the lbaas agent it will fail to add the
default gw route. This is because it's missing the rootwrap filter for
route which is only present in l3.filters.
Aaron Rosen [Fri, 30 May 2014 22:24:06 +0000 (15:24 -0700)]
NSX: fix tenant_id passed as security_profile_id
Previously we were passing the tenant_id as the security_profile_id
to NSX so these ids would be switched around in the system backend.
This does not affect any operations as this is just extra metadata
in nsx to help an operator debug.
Aaron Rosen [Fri, 30 May 2014 22:11:27 +0000 (15:11 -0700)]
NSX: Fix request_id in api_client to increment
Previously, the NSX request_id in the api_client would always be
0 because the current request id was stored in the class which is
always initialized on each request. This patch fixes that by storing
the request_id as a class variable.
Kevin Benton [Fri, 30 May 2014 03:59:00 +0000 (20:59 -0700)]
Remove function replacement with mock patch
In the hyperv unit tests, an rpc method is
manually replaced with a MagicMock using setattr.
This prevents it from being cleaned up by mock.patch.stopall.
This patch replaces it with a short-lived patch call
in a with statement.
Kevin Benton [Fri, 30 May 2014 03:49:48 +0000 (20:49 -0700)]
Remove unnecessary MagicMocks in cisco unit tests
Two patches that just return static data never have
assertions made on the MagicMocks generated. This
replaces the magicmocks with lambdas to make the code
easier to read and to get a minor performance gain.
Kyle Mestery [Thu, 29 May 2014 13:07:55 +0000 (13:07 +0000)]
Handle errors from run_ofctl() when dumping flows
The function dump_flows_for_table() calls run_ofctl(). If this occurs during an OVS
restart, run_ofctl() will return None. dump_flows_for_table() needs to realize this
and not try to call splitlines() on a None object.
Matt Riedemann [Thu, 29 May 2014 14:33:16 +0000 (07:33 -0700)]
Sync periodic_task from oslo-incubator
This is more or less to get commit c63fd5a from oslo into the core
projects which have several periodic tasks. Neutron has periodic tasks
for L3, load balancing and metering agents to sync up state with the
server and most don't have specific spacing values set which can lead to
non-deterministic spacing of when the tasks run.
Note that this does not include the gettextutils and log dependencies
since there are not functional changes in those modules needed for the
periodic_task changes synced in *and* more importantly, the changes
to gettextutils and log require pervasive changes to neutron which
should happen when neutron integrates with the oslo-i18n library for
blueprint i18n--messages.
Further note that this does not include jsonutils due to some
issues introduced with a change for python 2.6 that impacts how strings
are encoded with simplejson. The details for that issue are in bug 1314129. The jsonutils changes are not related to the periodic_task
changes being synced in so the dependency is not functionally required.
The LbaasAgentManager extends PeriodicTasks but wasn't calling the
parent class init function, which was causing failures since commit 47c9d60 changed PeriodicTasks to init _periodic_last_run, so also
fixed that here.
Changes:
c63fd5a Make unspecified periodic spaced tasks run on default interval f0dd798 Remove rendundant parentheses of cfg help strings fcf517d Update oslo log messages with translation domains 051b9f3 Refactor unnecessary arithmetic ops in periodic_task 674cdaf Refactor if logic in periodic_task b6b82c5 Use timestamp in periodic tasks 47c9d60 Don't share periodic_task instance data in a class attr 8b2b0b7 Use hacking import_exceptions for gettextutils._
Aaron Rosen [Tue, 27 May 2014 20:39:39 +0000 (13:39 -0700)]
Make linux.utils.execute log error on return codes
Previously, the execute method in neutron logs everything as debug which hides
a lot of extremely fatal errors like unable to apply security group rules!
This patch changes this code so that we log all non 0 returns as error.
berlin [Thu, 22 May 2014 07:42:25 +0000 (15:42 +0800)]
FWaaS plugin doesn't need to handle firewall rule del ops
If firewall rule is attached to firewall policy, it would raise
FirewallRuleInUse excpetion in DB ops, else it is a pure DB delete ops.
So it is useless to handle delete_firewall_rule ops in fwaas plugin.
Closes-Bug: #1322076
Kyle Mestery [Fri, 16 May 2014 04:21:32 +0000 (04:21 +0000)]
Reprogram flows when ovs-vswitchd restarts
When OVS is restarted, by default it will not reprogram flows which were
programmed. For the case of the OVS agent, this means a restart will cause
all traffic to be switched using the NORMAL action. This is undesirable for
a number of reasons, including obvious security reasons.
This change provides a way for the agent to check if a restart of ovs-vswitchd
has happened in the main agent loop. If a restart of ovs-vswitchd is detected,
the agent will run through the setup of the bridges on the host and reprogram
flows for all the ports connected.
DocImpact
This changes adds a new table (table 23) to the integration bridge, with a
single 'drop' flow. This is used to monitor OVS restarts and to reprogram
flows from the agent.
This is caused by a missing network_id in the port body.
This patch adds it so that a warning message can be traced
correctly. Wording is slightly tweaked to ensure it applies
to the right context.
Gary Kotton [Wed, 28 May 2014 13:37:16 +0000 (06:37 -0700)]
NSX: fix bug for flat provider network
The flat provider network would cause an exception when writing to
database. This is due to the fact that the DB expected an integer
and received an object instead.
Eugene Nikanorov [Tue, 27 May 2014 22:08:17 +0000 (02:08 +0400)]
Disallow regular user to update firewall's shared attribute
Shared firewalls should only be operable by admins.
Currently only admin can provide shared attribute at firewall creation,
so update_firewall should be consistent with that as well.
Erik Colnick [Tue, 6 May 2014 13:56:31 +0000 (07:56 -0600)]
Support 'infinite' dhcp_lease_duration
Process a dhcp_lease_duration value of -1 as 'infinite'
when setting the dnsmasq dhcp-range values to support
cases where it is undesirable for instance dhcp leases
to expire.
Akihiro Motoki [Tue, 27 May 2014 17:48:30 +0000 (02:48 +0900)]
NEC plugin: Bump L3RPC callback version to 1.1
update_floatingip_statuses RPC call implemented in Icehouse expects
RPC version 1.1 and RPC version of L3RpcCallback of other plugins
was bumped to 1.1, but the version of L3RpcCallback in NEC plugin
was not bumped to 1.1 yet.
Code Review / openstack-build / neutron-build.git / log