Eugene Nikanorov [Tue, 10 Jun 2014 03:55:40 +0000 (07:55 +0400)]
Fix race condition with firewall deletion
In some cases when firewall is created and then deleted in short
period of time, there could be a race condition of firewall status
changes. Agent may change firewall status from PENDING_DELETE to ACTIVE
because the agent has just set it up on the backend.
Delete request then is not properly served and firewall remains in ERROR
state and can't be deleted at all.
To fix this changing status from PENDING_DELETE is not allowed.
Deleting firewall in ERROR state is allowed.
Russell Bryant [Mon, 9 Jun 2014 20:53:21 +0000 (16:53 -0400)]
Ensure routing key is specified in the address for a direct producer
This change is already merged in oslo-incubator. Original commit
message body includes:
Porting this fix from oslo.messaging. This fixes the impl_qpid.py
driver to allow it to work with the latest stable upstream QPID broker
(version 0.28). See the Apache Qpid Jira bug
https://issues.apache.org/jira/browse/QPID-5557
Sean M. Collins [Mon, 7 Apr 2014 18:35:58 +0000 (14:35 -0400)]
Support Subnets that are configured by external RAs
The IPv6 attributes for subnets provides support for IPv6 subnets that
are managed by non-OpenStack gateway devices, by creating a subnet that
has the ipv6_ra_mode attribute not set, and the ipv6_address_mode
attribute set to IPV6_SLAAC.
In order to support stateless IPv6, Neutron should calculate an IPv6
address based on the IPv6 prefix and MAC address via EUI-64 specification,
and assign this address to the port.
marios [Fri, 13 Dec 2013 16:57:28 +0000 (18:57 +0200)]
Make allocation_pools attribute of subnet updateable by PUT
Bug 1111572 was filed about a failed update (PUT) on
'allocation_pools' of subnet. This is currently not allowed by the
neutron API (hence DocImpact below). Following discussion on the
bug and subsequently, it seems this is a desirable feature.
This review makes the allocation_pools attribute of subnet
updateable by PUT. The semantics are that the entire allocation
pools attribute is replaced by the provided parameter (see
provided tests for details).
Unit tests added that exercise successful update of
allocation_pools with sane params and update using erroneous
allocation_pools that fall outside the subnet cidr.
DocImpact
Closes-Bug: 1111572
Change-Id: I47a3a71d0d196b76eda46b1d960193fb60417ba9 Co-Authored-By: Robert Collins <rbtcollins@hp.com>
Kyle Mestery [Thu, 29 May 2014 13:07:55 +0000 (13:07 +0000)]
Handle errors from run_ofctl() when dumping flows
The function dump_flows_for_table() calls run_ofctl(). If this occurs during an OVS
restart, run_ofctl() will return None. dump_flows_for_table() needs to realize this
and not try to call splitlines() on a None object.
Kyle Mestery [Fri, 16 May 2014 04:21:32 +0000 (04:21 +0000)]
Reprogram flows when ovs-vswitchd restarts
When OVS is restarted, by default it will not reprogram flows which were
programmed. For the case of the OVS agent, this means a restart will cause
all traffic to be switched using the NORMAL action. This is undesirable for
a number of reasons, including obvious security reasons.
This change provides a way for the agent to check if a restart of ovs-vswitchd
has happened in the main agent loop. If a restart of ovs-vswitchd is detected,
the agent will run through the setup of the bridges on the host and reprogram
flows for all the ports connected.
DocImpact
This changes adds a new table (table 23) to the integration bridge, with a
single 'drop' flow. This is used to monitor OVS restarts and to reprogram
flows from the agent.
Akihiro Motoki [Tue, 27 May 2014 17:48:30 +0000 (02:48 +0900)]
NEC plugin: Bump L3RPC callback version to 1.1
update_floatingip_statuses RPC call implemented in Icehouse expects
RPC version 1.1 and RPC version of L3RpcCallback of other plugins
was bumped to 1.1, but the version of L3RpcCallback in NEC plugin
was not bumped to 1.1 yet.
Earlier Cisco N1kv plugin was using list events api to
poll policies from VSM.
It was inefficient and caused delay in processing.
So, now Cisco N1kv plugin switched to list profiles to
poll policies from VSM.
Carl Baldwin [Wed, 2 Apr 2014 16:53:33 +0000 (16:53 +0000)]
Replace loopingcall in notifier with a delayed send
The loopingcall thread here was started before processes fork and so
the thread stops working after the fork call. This is a problem that
will probably need to be worked out in the long run.
To ensure that this notifier works correctly in all processes, this
change replaces the persistent loopingcall thread with a thread
created on demand to delay and batch up notifications. The first
notification will trigger spawning the thread to wait to send it. Any
notifications that come in the meantime will notice that there is
already a thread waiting to send and will return without spawning.
Joe Gordon [Wed, 2 Apr 2014 18:25:27 +0000 (11:25 -0700)]
Explicitly import state_path opt in tests.base
This wasn't explicitly needed in the unit tests because
neutron.common.config was already loaded, but this broke for the
functional tests (which are non-voting) so add a CONF.import_opt line so
functional tests know where to find the definition for state_path.
To allow migration of networks from the agent based model
to the agentless one, both modes need to be available; prior
to this change the extension was available in 'agentless' mode
too; this may lead to leftovers during the migration step.
This patch makes the extension available in 'combined' mode
only, which was the intended behavior.
NSX: fix error when creating VM ports on subnets without dhcp
The error was caused by a missing LSN port (which is created when
the subnet is setup with dhcp enabled). Therefore, check the port
is in place before proceeding with the setup.
The OVS lib deferred apply methods use a dict to save flows to add,
modify or delete when deffered apply is switched off.
If another thread adds, modifies or deletes flows on that dict during
another process called deffered_apply_off, its flows could be ignored.
This fix stash reference flows list and point the flows list to a new
cleared flows list. Then, it applies flows from the stashed flows list.
NSX: ensure that no LSN is created on external networks
Logical Service Nodes (LSN) are those that provide dhcp
and metadata services to networks when the NSX plugin is
used without the openstack dhcp and metadata proxy
agents. External networks do not work with Neutron's
dhcp and metadata services, therefore there is no need
to provision a LSN in this case.
Kevin Benton [Thu, 8 May 2014 23:33:06 +0000 (16:33 -0700)]
Big Switch: Check source_address attribute exists
Check that the source_address attribute exists on
HTTPSConnection objects before referencing it since
it's not present on python 2.6 deployments. If it
does not exist, create a socket connection without
specifying the source.
Attila Fazekas [Sun, 4 May 2014 17:54:37 +0000 (19:54 +0200)]
L3 RPC loop could delete a router on concurrent update
routers_updated does not acquire any lock just updates
a set for future rpc loop processing.
The self.updated_routers can be changed by concurrent update
notification. If this change happens at the time around the
self.plugin_rpc.get_routers call, the additional routers
- by mistake - is considered as admin_state_up=false routers, which
are safe to delete.
Creating a local copy of the updated_routers and preserve
the fresh updated_routers entries for the next _rpc_loop
operations.
In the check for all security groups on port belong to tenant,
add a filter to get security groups for the tenant which are in
common with the security groups of the port.
Sean Dague [Mon, 7 Apr 2014 21:07:41 +0000 (17:07 -0400)]
set api.extensions logging to ERROR in unit tests
neutron.api.extensions generates a lot of output in a normal
unit test run. It's responsible for > 80% of the lines in the
subunit_log.txt. Logging each file load 10k times slows everything
down, takes up valuable memory, and doesn't really help with testing.
Instead we can set this to ERROR level in a fixture to ignore most
of that logging and help make the unit tests run faster.
Dan Prince [Thu, 10 Apr 2014 16:40:13 +0000 (12:40 -0400)]
Make default nova_url use a version
The default nova_url for neutron is missing an API
version number. This can cause requests to fail
because the Nova /versions API cannot respond
to Neutron notification requests.
It seems reasonable for the default value to
at least have a chance at being correct so
this patch upgrades the default Nova API url to
use the Nova 'v2' API.
In case the network is without a subnet, calling the validation
logic during the report phase leads to an error because the LSN
would have been already allocated during the migration phase.
Bypass the issue by calling the plugin directly, which is what
the validation logic does in the first place.
Russell Bryant [Wed, 9 Apr 2014 15:32:44 +0000 (11:32 -0400)]
Update ensure()/reconnect() to catch MessagingError
The error handling code that gets connections reset if necessary
caught ConnectionError. It really needs to catch MessagingError,
which ConnectionError inherits from. There are other types of
MessagingErrors that may occur, such as InternalError, and they need
to cause the connection to reset, as well.
This fix has already been merged into oslo.messaging.
If one quries NSX doing GET /ws.v1/lswitch/LS_UUID/lport and LS_UUID
is a UUID that does not exist in NSX. NSX raises a 404. If LS_UUID is *
NSX returns an empty result string. This patch fixes the fake_api_client
so that it's behavior is correct.
netaddr<=0.7.10 raises ValueError instead of AddrFormatError
This patch ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
marios [Fri, 29 Nov 2013 16:23:54 +0000 (18:23 +0200)]
Validate CIDR given as ip-prefix in security-group-rule-create
There was no validation for the provided ip prefix. This just adds
a simple parse using netaddr and explodes with appropriate message.
Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32).
Validation occurs at the attribute level (API model) as well as at
the db level, where the ethertype is validated against the ip_prefix
address type.
Unit test cases added - bad prefix, unmasked prefix and incorrect
ethertype. Also adds attribute test cases for the added
convert_ip_prefix_to_cidr method
This forces the object to be ready ahead of accessing time.
The change in loading behavior is also beneficial while listing
routers, as reduces the amount of queries being issued. Tests
show a performance gain of 15-30% for router-list times.
NSX: ensure dhcp port is setup on metadata network
Change in scheduling behavior caused a regression
where the dhcp port is no longer provisioned on
the (admin) metadata network created when a subnet
is uplinked to a router.
This change recovers the past behavior and extend UT
coverage to avoid further regression.
Ihar Hrachyshka [Fri, 30 May 2014 13:53:25 +0000 (15:53 +0200)]
Monkey patch threading module as early as possible
In oslo.messaging, local thread store is used to pass RPC request
context [1]. If we try to import oslo.messaging before monkey patching
threading library, it attempts to access unpatched storage and fails
with AttributeError.
Ihar Hrachyshka [Fri, 30 May 2014 11:08:40 +0000 (13:08 +0200)]
Added RpcProxy class
This class is intended for easy and iterative migration from
oslo-incubator RPC implementation to oslo.messaging. It will adapt
oslo.messaging API to old oslo-rpc interfaces.
Migrated all affected classes to the new RpcProxy class.
ofagent: Fix VLAN usage for TYPE_FLAT and TYPE_VLAN
while ofagent uses OF1.3, the current coding incorrectly uses
OF1.0 terms in some places. namely, _local_vlan_for_flat uses
0xffff to mean "no VLAN". it should use OFPVID_NONE and
pop_vlan/push_vlan appropriately. the same problem exists for
reclaim_local_vlan.
Kevin Benton [Mon, 9 Jun 2014 07:46:30 +0000 (00:46 -0700)]
Start an unstarted patch in the hyperv unit tests
This starts a patch that was setup but never started
for a loopingcall that was allowing an occasional
exception to be thrown from the agent on unrelated patches.
Pierre Rognant [Wed, 28 May 2014 18:18:45 +0000 (14:18 -0400)]
Add an option to turn off DF for GRE and VXLAN tunnels
Modifications included allow to set a new option (dont_fragment) in
the ovs agent configuration file that can be used for (un-)setting the DF
bit on GRE or VXLAN tunnels. The default behaviour is not altered (DF on).
Code Review / openstack-build / neutron-build.git / log