Terry Wilson [Tue, 23 Dec 2014 20:49:15 +0000 (13:49 -0700)]
Add OVSDB abstract API
Abstract all existing run_vsctl calls to an abstract OVSDB API.
This will allow the future addition of a native OVSDB protocol
implementation of the API without breaking backward compatibility.
Assaf Muller [Thu, 18 Dec 2014 14:25:54 +0000 (16:25 +0200)]
Configure IPv6 LLADDR only on master L3 HA instance
HA standby routers must never transmit traffic from
any of their ports. This is because we allocate the same
port on all agents. For example, for a given external interface,
we place the same port with the same IP/MAC on every agent
the HA router is scheduled on. Thus, if a standby router
transmits data out of that interface, the physical switches
in the datacenter will re-learn the MAC address of the external
port, and place it on a port that's looking at a standby and
not at the master. This causes 100% packet loss for any incoming
traffic that should be going through the master instance of the
router.
Keepalived manages addresses on the router interfaces, and makes
sure that these addresses only live on the master. However, we
forgot about IPv6 link local addresses. They are generated
from the MAC address of the interface, and thus are identical on
all agents.
This patch tries to treat IPv6 link local addresses the same
as IPv4 addresses - define them as VIPs and let keepalived
move them around.
Miguel Angel Ajo [Thu, 21 Aug 2014 10:53:05 +0000 (12:53 +0200)]
Implements ProcessMonitor in the dhcp_agent
The ProcessMonitor class will watch over spawned external processes,
taking the administrator configured action in the case of any
of the external processes die unexpectedly.
It covers both the neutron-ns-metadata-proxy for isolated metadata
and dnsmasq in the dnsmasq driver.
ProcessMonitor has been extended to allow specific pid files
for backwards-compatible dnsmasq pid file location.
Sachi King [Mon, 8 Dec 2014 06:42:48 +0000 (17:42 +1100)]
If router is HA, get current_cidrs from keepalived object
When using L3 HA and keepalived neutron is no longer directly managing
the floating IP addresses itself. Neutron should not check against
which addresses are currently configured on the system, but the
addresses the keepalived object has configured.
Miguel Angel Ajo [Thu, 22 Jan 2015 14:17:30 +0000 (14:17 +0000)]
Move process monitor settings to neutron.conf AGENT section
Instead of defining specific settings on each agent configuration
file for later patches in the series, we provide a single
point of configuration in the AGENT section of the neutron.conf
file, which could yet be overriden per agent config file if needed.
Russell Bryant [Wed, 21 Jan 2015 21:39:37 +0000 (16:39 -0500)]
Drop SecurityGroupServerRpcApiMixin
The code base has now been migrated away from using this class, so it
can be removed. This was a prerequisite to being able to put this rpc
api into a messaging namespace.
Russell Bryant [Wed, 21 Jan 2015 20:57:31 +0000 (15:57 -0500)]
sriovnicagent: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in sriovnicagent.
This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as
a mixin.
This patch separates the use of SecurityGroupAgentRpcMixin out to its
own class. This matches most of the rest of the code base. This
separation is needed to be able to eventually move this rpc API into
its own messaging namespace. Now that it's separate, a future change
can pass the new class an instance of SecurityGroupServerRpcApi
instead of assuming that the PluginApi instance includes
SecurityGroupServerRpcApiMixin.
Russell Bryant [Wed, 21 Jan 2015 19:52:53 +0000 (14:52 -0500)]
mlnx: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the mlnx agent.
This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as
a mixin.
Russell Bryant [Wed, 21 Jan 2015 19:44:23 +0000 (14:44 -0500)]
mlnx: untangle SecurityGroupAgentRpcMixin
This patch separates the use of SecurityGroupAgentRpcMixin out to its
own class. This matches most of the rest of the code base. This
separation is needed to be able to eventually move this rpc API into
its own messaging namespace. Now that it's separate, a future change
can pass the new class an instance of SecurityGroupServerRpcApi
instead of assuming that the PluginApi instance includes
SecurityGroupServerRpcApiMixin.
Russell Bryant [Wed, 21 Jan 2015 18:40:18 +0000 (13:40 -0500)]
linuxbridge: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the linuxbridge agent.
This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as
a mixin.
Russell Bryant [Wed, 21 Jan 2015 19:34:12 +0000 (14:34 -0500)]
linuxbridge: untangle SecurityGroupAgentRpcMixin
This patch separates the use of SecurityGroupAgentRpcMixin out to its
own class. This matches most of the rest of the code base. This
separation is needed to be able to eventually move this rpc API into
its own messaging namespace. Now that it's separate, a future change
can pass the new class an instance of SecurityGroupServerRpcApi
instead of assuming that the LinuxBridgePluginApi includes
SecurityGroupServerRpcApiMixin.
Cedric Brandily [Sat, 10 Jan 2015 14:25:04 +0000 (14:25 +0000)]
Use db constraint to ensure mac address uniqueness
Currently port mac address uniqueness per network is checked before Port
db object create but without locking. It implies 2 port create requests
can allocate the same mac address on a network if each request performs
mac address uniqueness check before the other creates the Port db object.
This change replaces the check by a db unique constraint on Port
(network_id, mac_address).
adolfo duarte [Wed, 3 Dec 2014 05:48:50 +0000 (21:48 -0800)]
Added test_dvr_router_lifecycle to cover dvr
Several additions were necessary to support testing the lifecycle of a
dvr router. Added new function _dvr_router_lifecycle and necessary
supporting functions to avoid impacting any other section of the code
or tests.
Tests Added:
test_dvr_router_lifecycle_without_ha_without_snat_with_fips
test_dvr_router_lifecycle_without_ha_with_snat_with_fips
Michael Smith [Wed, 10 Sep 2014 23:59:14 +0000 (16:59 -0700)]
Initialize dist_fip_count after agent restart
Runtime router variable dist_fip_count has been
used to keep track of FIPs for DVR routers.
This variable is not re-initialized correctly on
agent restart and can get stale from other errors
which cause problems with namespace and port cleanup.
This patch will initialize the ri.dist_fip_count
once in process_router for dvr routers only. This
method was selected instead of the _router_added or
_router_removed path because it is the one central
entry point for rotuer add, delete, and update.
The object self.agent_gateway_port also needs to be
properly handled after an agent restart and this
patch will handle that as well.
When needed, the system will be read via system
calls to determine the state of namespaces and ports
since the variables cannot be relied on.
System calls will be kept to a minimum to reduce
and possible performance hits.
Carl Baldwin [Fri, 16 Jan 2015 19:39:46 +0000 (19:39 +0000)]
Replace FLOATING_IP_CIDR_SUFFIX constant with utils
FLOATING_IP_CIDR_SUFFIX is a global constant used in manipulating ip
addresses and cidrs as string. This patch replaces that with
well-tested utilities for doing the conversions more safely and
readably.
Russell Bryant [Fri, 16 Jan 2015 15:29:04 +0000 (10:29 -0500)]
tests: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the unit tests.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 15:15:17 +0000 (10:15 -0500)]
ovs: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the ovs plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 15:06:00 +0000 (10:06 -0500)]
oneconvergence: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the oneconvergence
plugin. This is required to be able to eventually move this API into
a messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 14:54:53 +0000 (09:54 -0500)]
ofagent: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the ofagent plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 14:37:52 +0000 (09:37 -0500)]
nec: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the nec plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 14:09:48 +0000 (09:09 -0500)]
hyperv: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the hyperv plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Fri, 16 Jan 2015 13:52:40 +0000 (08:52 -0500)]
bigswitch: drop usage of SecurityGroupServerRpcApiMixin
Drop usage of SecurityGroupServerRpcApiMixin in the bigswitch plugin.
This is required to be able to eventually move this API into a
messaging namespace. It needs to use its own messaging client
instance, instead of a different one it gets after being used as a
mixin.
Russell Bryant [Tue, 13 Jan 2015 18:06:44 +0000 (13:06 -0500)]
Create SecurityGroupServerRpcApi and add some docs
Create SecurityGroupServerRpcApi, which is intended to replace
SecurityGroupServerRpcApiMixin over time. The new class is the same
code, but used as a standalone class. This is needed to be able to
eventually move this API into a messaging namespace.
In passing, add docstrings that show where to find the corresponding
other side of this interface in the code base.
Improve agent-based flat/vlan ml2 port binding failure logging
Port binding failure is an error and should be reported as such.
Additionally, if a port binding fails on a host due to missing
bridge mappings, it's currently quite a mystery to find out. This
should be logged instead of requiring users to debug code. Not
everyone enjoys debugging Python, as weird as that is!
I refactored out the common code in check_segment_for_agent
in order to make logging more robust for all agent-based mechanism
drivers. The OVS and LB mech drivers already log due to a bridge
mappings mismatch and the other agent based mech drivers
will now log as well.
Assaf Muller [Mon, 19 Jan 2015 18:55:49 +0000 (13:55 -0500)]
SIGHUP keepalived if L3 agent restarts
Currently restarting the L3 agent does not SIGHUP any running
keepalived processes. This is an issue if the L3 agent crashes
and is then restarted by an external tool. In this case, the L3
agent resyncs with the controller but does not SIGHUP keepalived.
Maru Newby [Tue, 20 Jan 2015 02:23:48 +0000 (02:23 +0000)]
Switch to using abc in the retargetable client
abc is preferable to raising NotImplementedError because it will
prevent instantiation of a subclass that doesn't implement the
required methods rather than failing only when a missing method is
called.
Change-Id: I1043eefde675dd3b653d5b508be22cfd52d2fe8f
Implements: bp retargetable-functional-testing
Simplfy register_model_query_hook() and register_dict_extend_funcs().
Move register_dict_extend_funcs() into CommonDbMixin attribute
because the related class attribute, _dict_extend_functions, is
defined in CommonDbMixin. They should be defined in same class.
Ihar Hrachyshka [Sun, 18 Jan 2015 11:59:39 +0000 (12:59 +0100)]
Drop _test_rootwrap_exec test
It's not a unit test and didn't participate in gating. The test would belong to
functional suite, though since it's pretty trivial, and rootwrap is already
tested as part of other functional tests, it's better to drop it then adopt to
new requirements.
Cedric Brandily [Fri, 16 Jan 2015 23:41:16 +0000 (23:41 +0000)]
Fix pylint unbalanced-tuple-unpacking warning
Pylint last version(1.4.1), at least, reports an
unbalanced-tuple-unpacking warning[1] in keepalived[2] module because
self.authentication is defined as an empty tuple in __init__ method and
unpacked in build_config method as if it was a 2-tuple.
self.authentication references an empty tuple (defined in __init__
method) or a 2-tuple (updated in set_authentication method). Such
warning is a false positive because the unpacking is only performed if
self.authentication is not evaluated to false which only appends if
self.authentication is a 2-tuple.
Defining self.authentication as None in __init__ avoids such warning
without disabling unbalanced-tuple-unpacking warning check.
[1]
W:252,12: Possible unbalanced tuple unpacking with sequence defined at
line 153: left side has 2 label(s), right side has 0 value(s)
(unbalanced-tuple-unpacking)
Carl Baldwin [Mon, 22 Dec 2014 21:01:45 +0000 (21:01 +0000)]
Create DvrRouter and HaRouter as a sub-class of Router
This commit creates them as simple sub-classes and instantiates them
when appropriate. It also moves the basic mixin classes from
RouterInfo. Since all of the properties and attributes from these
mixins are only used in the ha or dvr contexts, this is safe. Future
refactoring will further tease things out until they are properly
encapsulated.
They inherit everything else from their base class so that they all
still share the same code. Creating them up front provides a place
for dvr and ha specific logic to land as methods are moved from the L3
agent and mixins to the new router classes. Eventually, all of the
specific logic will be teased in to the specific classes.
Wrap dhcp agent into its own module and break out configurations and
entry point for better seperation. This lead to some test cleanup
that revealed that options were registered unnecessarily.
When/if the dhcp agent goes through a restructuring along the same
lines of the L3 agent's, this would be the step to start from.
Move Monkey patch back to being as early as possible
Commit 6ca8cb84fd8 moved the patching early in the loading process.
After some reshuffling in the agents, this might not be as early
as possible, so move them closer to their main()'s.
In order to run the API job successfully, must be installed and
configured. Today when using devstack-vm-gate.sh this means that
Tempest will run as well, which we do not want. To fix this problem
there are changes needed both in project-config and devstack-gate.
As a stop-gap solution, we bring in the scripts required and run
them directly within the gate hooks that we already have.
Once changes in devstack-gate and project-config will be accepted, this
solution can be dropped.
Code Review / openstack-build / neutron-build.git / log