allow delete_port to work when there are multiple floating ips
It is possible to associate multiple floating ip addresses with a single
port through the use of multiple *fixed* ip addresses, e.g.:
nova boot ... --nic net-id=my-net-id myserver
nova add-fixed-ip myserver my-net-id
nova add-floating-ip --fixed-address x.x.x.1 myserver y.y.y.y.1
nova add-floating-ip --fixed-address x.x.x.2 myserver y.y.y.y.2
In this situation, neutron.db.l3_db.disassociate_floatingips would throw
an exception:
Exception: Multiple floating IPs found for port <port-id>
This would prevent someone from deleting an instance that was associated
with multiple floating ips.
This patch corrects disassociate_floatingips so that it will
disassociate all floating ips associated with the port, allowing the
delete operation to proceed correctly.
netaddr<=0.7.10 raises ValueError instead of AddrFormatError
This patch is based on Aarons work for the Bug#1308675.
It ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
netaddr<=0.7.10 raises ValueError instead of AddrFormatError
This patch ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
If neutron sends a single event to nova and the server_uuid isn't found
in nova. The python-novaclient will raise a 404 error. This patch ensures
we explicitly catch that exception and use LOG.warning instead of LOG.exception
as this is not an error and can happen when deleting an instance if neutron
detects that the port_status goes down before the port is deleted because
nova first unplugs the vif and then deletes it from neutron.
marios [Fri, 29 Nov 2013 16:23:54 +0000 (18:23 +0200)]
Validate CIDR given as ip-prefix in security-group-rule-create
There was no validation for the provided ip prefix. This just adds
a simple parse using netaddr and explodes with appropriate message.
Also makes sure ip prefix _is_ cidr (192.168.1.1-->192.168.1.1/32).
Validation occurs at the attribute level (API model) as well as at
the db level, where the ethertype is validated against the ip_prefix
address type.
Unit test cases added - bad prefix, unmasked prefix and incorrect
ethertype. Also adds attribute test cases for the added
convert_ip_prefix_to_cidr method
Paul Michali [Fri, 4 Apr 2014 19:14:36 +0000 (19:14 +0000)]
Support enhancements to Cisco CSR VPN REST APIs
Incorporate latest enhancements and fixes in Cisco CSR router REST API
to the VPNaaS device driver and unit test cases. Primarily, is support in
the REST API for different IKE and IPSec encryption algorithms, name length
error handling, disable of anti replay window, and IKE keep alive.
Also includes minor typos and comment fixes mentioned in previous reviews.
Note: notest_cisco_csr_rest.py, which tests the CSR REST client, is not
part of the UT suite yet, pending resolution of httmock package inclusion
as test requirement.
There exist a case where deleting router from neutron without
deleting router-interface deletes router from VSD but not from neutron.
If router has an interface with subnet router deletion is not allowed.
Needs to precheck this condition before deleting router from
backend (VSD).
Shweta Patil [Thu, 13 Mar 2014 18:48:58 +0000 (11:48 -0700)]
Improved quota error message
Removed two negatives and showed a clear message when
tried to see quota of different tenants.
When a user who does not belong to a project tries to access the
quota of that project, the message that gets displayed is not clear.
In this change the user would understand the error more properly.
Itsuro Oda [Wed, 2 Apr 2014 04:24:42 +0000 (13:24 +0900)]
Add support for multiple RPC workers under Metaplugin
Metaplugin needs a fix to support multiple RPC workers properly
because a plugin which supports multiple RPC workers cannot
initialize RPC connections at plugin initialization.
Currently there is no validation in Security Group rules
when an ICMP rule is added with icmp code alone. A rule
is getting added but there is a mismatch between SG rules
and the corresponding iptables rule that is added.
This patch does the necessary validation on the input.
DHCP agent should check interface is UP before adding route
The DHCP agent should check not only that an interface for
network's DHCP exists but also make sure that is UP before
adding a default route.
For this purpose a method "ensure_device_is_ready" was
added to ip_lib.
berlin [Fri, 11 Apr 2014 00:04:47 +0000 (08:04 +0800)]
Fix LBaaS Haproxy occurs error if no member is added
If no member is added and session_persistence.type=HTTP_COOKIE,
haproxy agent would not add cookie persistence option to the backend.
Closes-Bug: #1302283
Add functional tests to verify ovs_lib VXLAN detection
This commit adds a functional test to verify host VXLAN support. It compares
the results of this functional test with the logic in ovs_lib to ensure both
report the same values.
Paul Ward [Sat, 12 Apr 2014 15:18:18 +0000 (10:18 -0500)]
Add nova_api_insecure flag to neutron
Neutron did not have any way to allow SSL validation problems in the
novaclient similar to the way nova has the neutron_api_insecure flag.
This change adds the nova_api_insecure flag to the neutron config and
also passes it in the novaclient instantiation.
Kevin Benton [Sun, 6 Apr 2014 11:57:36 +0000 (04:57 -0700)]
Verify ML2 type driver exists before calling del
Verifies that an ML2 type driver exists for a given
segment type before attempting to call the release_segment
method on it. Logs an error if a type driver is not
found.
This covers the case where a segment is created with
a given type and then ML2 is reconfigured without
support for that type.
DocImpact
The ML2 documentation should be updated with a warning
that disabling a network type driver and re-enabling
it later may lead to possible DB inconsistencies.
Kevin Benton [Sat, 12 Apr 2014 21:27:36 +0000 (21:27 +0000)]
Fix dangling patches in Cisco and Midonet tests
Cisco Nexus Tests:
Explicitly stops the patch to sys.modules immediately
after use to fix sporadic failures caused by the patch
not being handled correctly by mock.patch.stopall.
Midonet Interface Test:
Removes the double-patch of the 'device_exists' method
in ip_lib.
Dan Prince [Thu, 10 Apr 2014 16:40:13 +0000 (12:40 -0400)]
Make default nova_url use a version
The default nova_url for neutron is missing an API
version number. This can cause requests to fail
because the Nova /versions API cannot respond
to Neutron notification requests.
It seems reasonable for the default value to
at least have a chance at being correct so
this patch upgrades the default Nova API url to
use the Nova 'v2' API.
Oleg Bondarev [Wed, 16 Oct 2013 13:51:04 +0000 (17:51 +0400)]
Reschedule router if new external gateway is on other network
An L3 agent may be associated with just one external network.
If router's new external gateway is on other network then the router
needs to be rescheduled to the proper l3 agent
Russell Bryant [Wed, 9 Apr 2014 15:32:44 +0000 (11:32 -0400)]
Update ensure()/reconnect() to catch MessagingError
The error handling code that gets connections reset if necessary
caught ConnectionError. It really needs to catch MessagingError,
which ConnectionError inherits from. There are other types of
MessagingErrors that may occur, such as InternalError, and they need
to cause the connection to reset, as well.
This fix has already been merged into oslo.messaging.
Properly apply column default in migration pool_monitor_status
server_default parameter should be used to apply default value at
table/column creation time. Otherwise non-nullable column can't
be created because of existing rows in the tables.
Converts ICMP protocol to the equivalent protocol number.
Adds default ICMP reject rules.
Adds default ANY protocol rules if the rule does not
contain any protocol.
NSX: Fix KeyError in sync if nsx_router_id not found
Previously, a KeyError would occur in the sync code which would
cause the sync thread to stop running. This would occur if there
was a router entry in the database but no nsx_router_mapping and
the router was not found in nsx. Note: this should never happen unless
one did not run the db migration which introduced and migrated the data
for the NeutronNsxRouterMapping table.
Kevin Benton [Tue, 8 Apr 2014 16:04:08 +0000 (09:04 -0700)]
BigSwitch: Create router ports synchronously
Since router ports are created as part of a
long transaction with multiple REST calls, they
need to be created sychronously. This is to prevent
the async thread from deleting them from the backend
if it can't find them in cases where they haven't been
committed to the DB yet.
NSX: ensure dhcp port is setup on metadata network
Change in scheduling behavior caused a regression
where the dhcp port is no longer provisioned on
the (admin) metadata network created when a subnet
is uplinked to a router.
This change recovers the past behavior and extend UT
coverage to avoid further regression.
Ann Kamyshnikova [Fri, 14 Mar 2014 11:09:36 +0000 (15:09 +0400)]
Set correct columns' length
In migration 569e98a8132b_metering incorrect length is set for
description column (255 instead of 1024) and in migration
39cf3f799352_fwaas_havana_2_model for firewall_rules table
incorrect length is set for protocol column (24 instead of 40).
Irena Berezovsky [Tue, 25 Mar 2014 07:30:17 +0000 (09:30 +0200)]
Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and
add warning if driver combination is not valid.
Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None).
Code Review / openstack-build / neutron-build.git / log