Akihiro Motoki [Tue, 24 Nov 2015 03:15:05 +0000 (12:15 +0900)]
Update toctree of neutron document
* Display more contents in the top page.
It is useful to access various things from the top page.
The contents after this change looks reasonable.
* Remove "Indices and tables" section in policies and stadium index.
They are unnecessary.
Kevin Benton [Wed, 25 Nov 2015 23:42:46 +0000 (15:42 -0800)]
Don't drop ARP table jump during OVS rewiring
The previous OVS ARP spoofing code was dropping the rule to jump to
the ARP protection table each time it was called. This call was
unnecessary since the majority of port updates are not turning
off port security.
This patch adjusts the logic to only drop the jump rule if port-sec
is disabled or if it is a network port. The existing functional tests
ensure that connectivity works as expected.
Currently when the last HA router of a tenant is deleted the HA network
belonging to this tenant is not removed. While running tempest aganist an
OpenStack setup where tenant VLANs (with small VLAN range) is used we hit
the limits are tempest tests start to fail as we cannot create new networks.
This patch addresses this issue by deleting the HA network when the last HA
router is deleted for the tenant.
Milestone assignment is another mumbo jumbo effort in open source.
Artificially setting milestones implies that someone can reliably
predict the future when no-one is really in full control.
For this reason let's make clear that we optmistically target the
current milestone for work that is supposed to start asap, and
complete sooner rather than later. Rolling over until the work is
complete is the natural course of action.
Dashboards [1] then capture the entire workload (BP and RFE) for
the entire release cycle, and that's helpful to provide to overall
view.
Ihar Hrachyshka [Tue, 24 Nov 2015 14:13:00 +0000 (15:13 +0100)]
tox: pass TEMPEST_CONFIG_DIR envvar into api target environment
Currently, API job skips all tests because TEMPEST_CONFIG_DIR is not set
properly. The environment variable was hardcoded to
/opt/stack/tempest/etc before, and since that's the location for tempest
configuration files that was used in gate, it worked fine there.
But after we were forced to remove the hardcoded value from the file due
to regression in tox 2.2.0+ (If3742b6eabe295a5aaeb4901c55909a70c451698),
it was neither hardcoded, nor passed from the external gate environment.
Note that since tox 2.0.0, the tool does not pass all envvars into tox
targets, but require explicit specification of the list of variables
that should be allowed into the target environment, using passenv
directive.
So that's what the patch does: it allows TEMPEST_CONFIG_DIR to get into
api tox target, which should be enough to make the API job avoid
skipping all tests.
Users are still required to set TEMPEST_CONFIG_DIR variable locally if
they want to execute the suite locally.
Hong Hui Xiao [Tue, 24 Nov 2015 14:01:48 +0000 (09:01 -0500)]
Wait for the watch process in test case
Because the _watch_process and the failing_process are asynchronous,
there might be a chance that failing_process exit and _watch_process
is not executed.
If the _watch_process is blocked, the method that will be asserted
will not be called. This will fail the UT, but it is intermittent.
Ryan Moats [Mon, 2 Nov 2015 19:30:26 +0000 (13:30 -0600)]
Optimize router delete execution
Optimize the execution of router delete in the L3 agent
by not performing operations in the router namespace that
will be removed as the last step of the workflow.
Comparing the slopes of the least squares fit of delete
execution time shows that this optimization decreases that
slope by over half.
Change-Id: Ic425ab1f8c3afe882c9deaa72a814ac0d2053f3b Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Closes-Bug: 1512450
Cedric Brandily [Sun, 22 Nov 2015 22:22:58 +0000 (23:22 +0100)]
Deprecate l3-agent router_id option
L3-agent router_id option has been defined in order to associate a
l3-agent to a specific router when use_namespaces=False. The option
use_namespaces has been removed in Mitaka, so router_id option is no
longer needed and can be deprecated in order to prepare its removal in N
cycle.
Kevin Benton [Wed, 2 Sep 2015 23:37:17 +0000 (16:37 -0700)]
Make Neutron resources reference standard attr table
This adds a new 'standardattributes' table and adds a foreign-key
references from ports, subnets, networks, subnetpools, routers,
securitygroups, and floatingips to this table.
This will make it easy to add new things to the schema like
timestamp fields or anything else that applies to multiple types
of Neutron resources. The new fields would just be added to the
'neutronresources' table instead of being duplicated across each
resource's table. Or, if the the relationship is 1-to-many (e.g. tags),
the new association table would be related to the 'standardattribute'
table.
Ihar Hrachyshka [Wed, 4 Nov 2015 16:53:16 +0000 (17:53 +0100)]
devref: add upgrade strategy page
The page is intended to describe current upgrade features Neutron
supports, lay out potential improvements, describe testing strategy for
existing and planned upgrade features, and provide guidelines to
reviewers on where to look for potential upgrade breakages in proposed
patches.
Ihar Hrachyshka [Fri, 20 Nov 2015 16:20:09 +0000 (17:20 +0100)]
neutron-db-manage: mark several options as deprecated
I believe we don't rely on --core_plugin or --quota_driver for the tool
because database contents are independent of chosen plugins and drivers
since ~Juno.
Also marked --service with deprecated_for_removal=True.
shihanzhang [Sat, 31 Oct 2015 09:01:48 +0000 (17:01 +0800)]
Check gateway ip when update subnet
If a IP address is None, the method netaddr.IPAddress will raise a
error as 'failed to detect a valid IP address from None'.
When it updates subnet, if gateway_ip is None, it should not call the
method validate_gw_out_of_pools.
Kevin Benton [Sat, 3 Oct 2015 14:25:19 +0000 (07:25 -0700)]
Use diffs for iptables restore instead of all rules
This patch changes our iptables logic to generate a delta of
iptables commands (inserts + deletes) to get from the current
iptables state to the new state. This will significantly reduce
the amount of data that we have to shell out to iptables-restore
on every call (and reduce the amount of data iptables-restore has
to parse).
We no longer have to worry about preserving counters since
we are adding and deleting specific rules, so the rule modification
code got a nice cleanup to get rid of the old rule matching.
This also gives us a new method of functionally testing that we are
generating rules in the correct manner. After applying new rules
once, a subsequent call should always have no work to do. The new
functional tests added leverage that property heavily and should
protect us from regressions in how rules are formed.
The _apply_synchronized times seem to converge when dealing
with ~85k rules. In the profile I can see that both approaches
seem to wait on iptables-restore for approximately the same
amount of time so it could be hitting the performance limits
of iptables-restore.
Kanzhe Jiang [Thu, 22 Oct 2015 05:09:36 +0000 (22:09 -0700)]
Remove BigSwitch plugin and driver
The BigSwitch Vendor plugin and driver are in
openstack/networking-bigswitch repo and will be moved to
Openstack bigtent. This patch removes the duplicated code and
corresponding entry points. It also moves the bigswitch specific
db tables to openstack/networking-bigswitch.
Closes-Bug: #1508781
Stephen Eilert [Wed, 18 Nov 2015 00:49:19 +0000 (16:49 -0800)]
Fix get_subnet_ids_on_router in dvr scheduler
Added a check to verify if we do have any elements in the list of
fixed_ips, before trying to retrieve the first element of the list, to
get the subnet id. There were no checks in the original code, so it
would crash.
the module neutron.api.extension has a copyright attribute to a user
who never contributed a line to this module. It was probably copied
over in the initial commit for the module.
This commit is probably quite pointless; however it removes a little
oddity and does no harm to anyone.
Ihar Hrachyshka [Fri, 20 Nov 2015 16:35:10 +0000 (17:35 +0100)]
neutron-db-manage: expose alembic 'heads' command
This command shows current heads in all alembic branches. Even without
the command, we *can* get the heads values by looking into *_HEAD files
in tree. Still, those files may be missing; and the command is a tiny
bit more easy to use. Also, it gives access to more details on head
revisions if used with --verbose.
Ihar Hrachyshka [Wed, 11 Nov 2015 12:59:22 +0000 (13:59 +0100)]
Make sure we return unicode strings for process output
Process output is supposed to be represented with lines, so we should
put Python strings in the queue (not bytes). Just in case, we do it only
for Python 3 environment.
To fix that, we reuse code from utils.execute() linux/windows
implementations.
This fixes the TestAsyncProcess.test_async_process_respawns functional
test for Python 3 environment.
Pavel Bondar [Tue, 20 Oct 2015 16:11:30 +0000 (19:11 +0300)]
Use compare-and-swap for IpamAvailabilityRange
Existing locking mechanism 'select for update' causes
deadlocks with galera multi-writers.
Replaced locking rows with compare-and-swap approach.
Compare-and-swap verifies that row is not changed by
another thread before updating/deleting it.
Filter-and-update and filter-and-delete are used.
They return count of affected rows.
If count of affected row is less than expected,
then another thread already changed our row
and RetryRequest is raised.
Kevin Benton [Fri, 20 Nov 2015 04:37:05 +0000 (20:37 -0800)]
Fix use of fields argument in get_rbac_policies
The 'fields' argument wasn't being passed into the _get_collection
call so the results were always coming back with all of the fields.
This adds an API test to prevent a regression.
Ryan Moats [Thu, 19 Nov 2015 21:23:43 +0000 (15:23 -0600)]
Fix dashboard graphite URLs
The update to openstack graphite data is now storing nulls instead
of high frequency zero values. Therefore, make the following changes:
1. use stats_counts instead of stats data, as this accesses the raw
counters
2. apply transformNull to all data series so that null -> 0 is handled
correctly
3. add a global drawNullAsZero=true to handle discontinuities
Thanks to jeblair and sdague for tracking this down
Change-Id: Idebc046d7d867d80e2afe1c4b86c526f9205d3d5 Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
John Schwarz [Wed, 14 Oct 2015 12:39:33 +0000 (15:39 +0300)]
Keep reading stdout/stderr until after kill
Currently, when calling AsyncProcess.stop(), the code stops the stdout
and stderr readers and kills the process. There exists an end case (as
described in the bug report) in which after the readers have been
stopped the sub-process will generate a substantial amount of outputs to
either fd. Since the 'subprocess' module is launched with
subprocess.PIPE as stdout/stderr, and since Linux's pipes can be filled
to the point where writing new data to them will block, this may cause a
deadlock if the sub-process has a signal handler for the signal (for
example, the process is handling SIGTERM to produce a graceful exit of
the program).
Therefore, this patch proposes to only kill the readers until AFTER
wait() returned and the process truly died. Also, relying on _kill_event
had to cease since invoking its send() method caused a logical loop back
to _kill, causing eventlet errors.
A different possible solution is closing the stdout/stderr pipes. Alas,
this may raise an exception in the sub-process ("what? No stdout?!
Crash!") and defeats the 'graceful' part of the process.
Code Review / openstack-build / neutron-build.git / log