Wei Hu [Thu, 13 Nov 2014 10:19:39 +0000 (18:19 +0800)]
Remove DBDuplicateEntry columns check
DBDuplicateEntry exception does not provide columns for db2.
we have to remove this exception columns check in neutron/
db/agents_db.py. It is safe to remove columns check here, since
only the duplication of host and agent_type can raise this
exception.
Cedric Brandily [Thu, 11 Dec 2014 13:10:30 +0000 (13:10 +0000)]
Correct l3-agent iptables rule for metadata proxy
2 iptables rules are defined to ensure the metadata proxy is reachable
from vms on 169.254.169.254:80:
* REDIRECT 169.254.169.254:80 packets to the router on port 9697
* ACCEPT traffic to 127.0.0.1 on port 9697
The REDIRECT rule replaces destination ip by:
* 127.0.0.1 if the packet is local,
* router ip (the one on the input interface, metadata proxy case).
So ACCEPT rule filter is not matched ... the metadata proxy is only
reachable because INPUT policy is ACCEPT.
This change removes the destination constraint in the ACCEPT rule.
Ihar Hrachyshka [Wed, 7 Jan 2015 12:23:48 +0000 (13:23 +0100)]
Bump minimal dnsmasq version to 2.67
Versions prior to 2.67 did not support MAC address matching for IPv6 clients.
Quoting dnsmasq CHANGELOG:
"
version 2.67
[...]
Support identification of clients by MAC address in
DHCPv6. When using a relay, the relay must support RFC
6939 for this to work. It always works for directly
connected clients. Thanks to Vladislav Grishenko
for prompting this feature.
"
Jakub Libosvar [Fri, 3 Oct 2014 12:02:55 +0000 (14:02 +0200)]
Add Process class helper to manage processes with namespace
This class extends Popen class with usage of namespace and root-helper.
Because of usage of root wrapper, this class re-uses get_child_pid() for
killing the child process. get_child_pid() is taken out of AsyncProcess
as a part of this patch.
Make lb mechanism driver use enable_security_group flag
This patch allows Neutron security groups to be enabled or
disabled with the enable_security_group flag when using the
linuxbridge ml2 mechanism driver.
Eugene Nikanorov [Tue, 23 Dec 2014 17:28:12 +0000 (20:28 +0300)]
Catch PortNotFound and SubnetNotFound during network_delete
In some cases PortNotFound exception during network_delete
could be caused by concurrent port deletion by DHCP agent.
This condition should not prevent network from deleting.
rajeev [Tue, 23 Dec 2014 18:49:19 +0000 (13:49 -0500)]
HA for DVR - schema migration and change
To support HA for DVR SNAT, default SNAT has to be schedulable
on multiple L3 agents. The csnat_l3_agent_bindings table is being
modified to include l3_agent_id in the primary key.
The migration script and Class definition update is included in
this patch. For modularity and code management, HA/DVR methods
that would make use of this change will be included in a different
patch.
The L3 agent metadata driver was added but then reverted
because it broke the functional job. The fix to the functional
job was merged, and this patch reverts the revert, thereby
adding the metadata driver back.
Matthew Thode [Wed, 10 Dec 2014 21:12:25 +0000 (15:12 -0600)]
moving vxlan module check to sanity checks and making practical
Instead of checking via modinfo (which only checks if a module is
available) this checks actual usage, which is a more reliable way of
testing real world problems.
sridhargaddam [Mon, 24 Nov 2014 10:17:36 +0000 (10:17 +0000)]
Validate IPv6 subnet while associating to Router
Currently Neutron allows attaching a subnet (configured to use an external
router, by only setting ipv6_address_mode and leaving ipv6_ra_mode unset)
to Neutron Router. Ideally Neutron should not allow this operation and
should return an appropriate error message to the user.
Kobi Samoray [Thu, 25 Dec 2014 10:06:16 +0000 (12:06 +0200)]
VMWare-NSXv: VMWare NSXv database models
For Kilo, the vendor-specific code should be moved to stackforge repo,
excluding the database models (https://review.openstack.org/#/c/134680/).
This patch adds the database model for VMWare NSXv plugin from
stackforge/vmware-nsx repo.
Maru Newby [Tue, 25 Mar 2014 08:04:50 +0000 (01:04 -0700)]
Add support for retargetable functional api testing
This patch introduces the concept of a 'retargetable' functional api
test. Such a test targets an abstract client class, and by varying
the implementation of the client, the test can target multiple
backends.
The test added by this patch (test_network_lifecycle) can be run
against the programmatic plugin api (for configured plugins) via both
tox -e functional and tox -e dsvm-functional. The latter env is used
by the gating neutron-dsvm-functional job.
The test can also be run against a live Neutron service via 'tox -e api'
which will soon be run as part of the check queue by the
neutron-dsvm-api job [1]. Running this tox env requires
devstack-deployed Neutron and Tempest.
The intention is to refactor the existing plugin tests
(e.g. NeutronDbPluginV2TestCase) to use this model. Functional tests
don't have to isolate functionality - they just need to exercise it -
so fewer tests will be required. The new tests will be able to target
plugins directly rather than through the wsgi stack, so execution time
will be decreased. The refactored tests should be easier to maintain
and take less time to run.
Perhaps best of all, since the same tests will be able to target a
deployed service in the neutron-dsvm-api job, the deployed behaviour
of api changes will finally be able to gate merges to the Neutron
tree.
Notable parts of the change:
- tests/api
- base_v2 - defines the client interface (BaseNeutronClient)
and the base class (BaseTestApi) for the
retargetable test (test_network_lifecycle)
- test_v2_rest - implements the client interface for the tempest
rest client and configures the retargetable test
with scenarios for json serialization
- tests/functional/api
- test_v2_plugin - implements the client interface for the
programmatic plugin api and configures the
retargetable test with scenarios targeting the
linuxbridge and openvswitch plugins
- tests/unit
- refactor bits of the existing plugin tests for reuse
1: https://review.openstack.org/#/c/82226/
Implements: bp retargetable-functional-testing
Change-Id: Ib5470040c0fa91ec143f38d273e1e259b3adfb2e
Tweak gate hooks scripts to handle both functional and api jobs
With this change both the API and Functional job will benefit
from the use of gate hooks. This is especially useful to make
the API job emit the test results the same way other jobs do.
NOTE: Changes are applied to both contrib directories under
neutron/tests and neutron/tests/functional; these two directories
are supposed to be in sync until change [1] merges, after which
we can drop neutron/tests/functional/contrib, in favor of
neutron/tests/contrib. This was done because of the symlink issue
caused by [2].
Maru Newby [Tue, 6 Jan 2015 00:42:52 +0000 (00:42 +0000)]
Replace mention of nose with nose2 in devref
Documentation for the nose test runner was previously included in the
testing section of the developer reference. Due to nose's lack of
support for the load_tests protocol - required to support
testscenarios-based generative testing - the documentation has been
updated to suggest the load_tests-supporting nose2 instead.
Add developer documentation for plugins/drivers contributions
This is the initial step to provide documentation and
how-to for developers interested in contributing plugins and
drivers according to the core-vendor-decomp proposal.
This patch deletes the floating agent gw port
on floatingip disassociate.
A recent change in the neutron trunk broke
this functionality. This was introduced by
the patch that addressed the re-order
operations in (l3_dvr) update floating ip.
Sam Betts [Mon, 20 Oct 2014 12:26:33 +0000 (13:26 +0100)]
Ensure test_metaplugin handles random hashseeds
2 tests fail in test_metaplugin when using hashseed 2701526934 this is
down to the nature of using dictionaries and sets in Python having
unpredictable ordering when retrieving data stored in them. This patch
ensures that no matter the order fake1 and fake2 get placed into
self.plugins that the test can assert both possible scenarios.
Kevin Benton [Sun, 4 Jan 2015 09:47:01 +0000 (01:47 -0800)]
Ignore non-existent ports during OVS intf list
A recent commit[1] to pass the list of port names directly to
ovs-vsctl during a list operation introduced a new possible
failure condition where one of the names might refer to a port
which no longer exists. By default this causes ovs-vsctl to quit
in a fit of rage[2].
Previously, all interfaces were retrieved and the ones that were a
subset of the name list were processed. The name list could contain
extra non-existent names (e.g. recently deleted interfaces).
This patch just passes the '--if-exists' flag to the 'list Interface'
command to match the same previous behavior.
Angus Lees [Tue, 23 Dec 2014 00:13:27 +0000 (11:13 +1100)]
Enable the "not-callable" pylint check
This check catches attempts to call variables that pylint believes are
not functions. A trivial example would be:
# Trivial example caught by this check:
foo = dict()
print foo('bar') # <- oops, meant foo['bar']
This change enables the "not-callable" pylint check, after disabling a
few cases where the alert triggers but the usage was intended (defining
decorators).
Angus Lees [Mon, 22 Dec 2014 04:41:28 +0000 (15:41 +1100)]
ovs_dvr: Use lazy logging interpolation
There are a small number of examples of "eager" interpolation in
neutron:
logging.debug("foo %s" % arg)
These should be converted to perform the interpolation lazily within
the logging function, since if the severity is below the logging level
then the interpolation can be skipped entirely.
This change addresses all such examples found in ovs agent via a pylint
test. Other occurrences are addressed elsewhere.
Maru Newby [Tue, 28 Oct 2014 19:50:31 +0000 (19:50 +0000)]
Add a constant for router interface device owners
In the absense of a port object that includes a check for whether a
given port is implementing a router interface, this change adds the
ROUTER_INTERFACE_OWNERS tuple containing the relevant DEVICE_OWNER_*
constants.
This change was suggested by https://review.openstack.org/#/c/129865/
Stale VXLAN & GRE tunnel endpoint deletion from DB
Description:
Stale GRE and VXLAN tunnel endpoints persists in neutron db this should be
deleted from the database. Also, if local_ip of L2 agent changes the
stale tunnel ports and flows persists on br-tun on other Compute Nodes and
Network Nodes for that remote ip this should also be removed.
Implementation
Plugin changes:
Added host column in 'ml2_vxlan_endpoints' and 'ml2_gre_endpoints' table.
Added delete_endpoint method for deleting the stale endpoints from db.
Modified tunnel_sync() method to accommodate these changes.
Modified testcases in test_type_vxlan.py
Modified testcases in test_type_gre.py
Agent changes:
Added tunnel_delete rpc for removing stale ports and flows from br-tun.
tunnel_sync rpc signature upgrade to obtain 'host'.
Added testcases for TunnelRpcCallbackMixin().
This patch-set only deals with plugin side changes.
Irena Berezovsky [Thu, 18 Dec 2014 04:34:59 +0000 (06:34 +0200)]
Add support for flat networks in SRIOV Mechanism Driver
Allow flat network segment to be bound by SRIOV Mechanism Driver.
Populate vif_details with vlan_id = 0 to support flat networking
(according to man page of ip command).
Terry Wilson [Fri, 11 Jul 2014 23:55:30 +0000 (17:55 -0600)]
Retry on unassigned ofport instead of treating it as a failure
Open vSwitch will return '[]' when querying an interface's ofport
when the ofport has not yet been assigned. This doesn't signal a
failure, but the get_port_ofport code was treating it as such.
This patch uses a decorator from python-retrying which has been
added as a dependency of oslo_concurrency and therefore packaged
everywhere. The call to fetch the ofport is retried until the
vsctl_timeout is reached and, on failure, INVALID_OFPORT is
returned.
The add_port function will attempt to delete the port if
INVALID_OFPORT is returned from get_port_ofport. add_port is also
extended to take optional Interface options so that the
add_tunnel_port and add_patch_port functions can reuse it instead
of just duplicating its functionality.
abhishekkekane [Tue, 21 Oct 2014 11:15:15 +0000 (04:15 -0700)]
Eventlet green threads not released back to pool
Presently, the wsgi server allows persist connections. Hence even after
the response is sent to the client, it doesn't close the client socket
connection. Because of this problem, the green thread is not released
back to the pool.
In order to close the client socket connection explicitly after the
response is sent and read successfully by the client, you simply have to
set keepalive to False when you create a wsgi server.
Added a parameter to take advantage of the new(ish) eventlet socket timeout
behaviour. Allows closing idle client connections after a period of time, eg:
$ time nc localhost 8776
real 1m0.063s
Setting 'client_socket_timeout = 0' means do not timeout.
Terry Wilson [Sat, 20 Dec 2014 02:01:36 +0000 (19:01 -0700)]
Don't unnecessarily loop through all ports/interfaces
The ovs-vsctl 'list' command can take a list of records as an
argument, so there is no need to manually loop through all records
discarding the ones with names that don't match the bridge's
port name list.
Also, since the data is returned as json, the ofport returned isn't
a string, so we don't have to convert it to int for testing.
Terry Wilson [Fri, 26 Dec 2014 20:06:20 +0000 (13:06 -0700)]
Set type=internal as part of port creation
When creating an internal device with ovs-vsctl, the 'set'
operation must occur as part of the transaction that creates the
port, otherwise the device creation will fail and an ofport will
not be assigned.
Xu Han Peng [Wed, 3 Dec 2014 06:58:34 +0000 (14:58 +0800)]
Fix DVR flow problems for IPv6 subnet
This code fixes DVR flow problems by changing proto='ip' to
proto='ipv6' and changing nw_dst to ipv6_dst.
When DVR is enabled, RADVD is spawned by l3 agent on each compute
node. This code also prevent IPv6 Router Advertisement from
sending to other compute nodes.
fujioka yuuichi [Fri, 31 Jan 2014 01:54:34 +0000 (10:54 +0900)]
Allow to specify IP address of floating ip
IP address of floating ip will be automatically allocated.
There are cases where users need to specify a floating IP address.
This patch addresses the problem.
The feature is limited by "create_floatingip:floating_ip_address" in
"policy.json".
By default, it needs an admin role.
Numan Siddique [Mon, 1 Dec 2014 13:19:30 +0000 (18:49 +0530)]
Do not count dvr agents while creating HA ports
Presently dvr agents are not excluded when a
ha router interface is created, because of which
an interface is created even in the dvr agent namespace.
This patch fixes the issue by supporting a filter - 'agent_modes'
in the function L3AgentSchedulerDbMixin.get_l3_agents.
If this filter is defined, only the l3 agents whose modes
defined in this filter are returned
Cedric Brandily [Mon, 24 Nov 2014 15:53:04 +0000 (15:53 +0000)]
Do not run neutron-ns-metadata-proxy as root on L3 agent
Currently neutron-ns-metadata-proxy runs with root permissions when
namespaces are enabled on the l3 agent because root permissions are
required to "enter" in the namespace. But neutron-ns-metadata-proxy
permissions should be reduced as much as possible because it is
reachable from vms.
This change allows to change neutron-ns-metadata-proxy permissions
after its startup through the 2 new options metadata_proxy_user and
metadata_proxy_group which allow to define user/group running metadata
proxy after its initialization. Their default values are
neutron-l3-agent effective user and group.
Permissions drop is done after metadata proxy daemon writes its
pid in its pidfile (it could be disallowed after permissions drop).
Using nobody as metadata_proxy_user/group (more secure) is currently
not supported because:
* nobody has not the permission to connect the metadata socket,
* nobody has not the permission to log to file because neutron uses
WatchedFileHandler (which requires read/write permissions after
permissions drop).
This limitation will be addressed in a daughter change.
Code Review / openstack-build / neutron-build.git / log