Kyle Mestery [Thu, 29 May 2014 13:07:55 +0000 (13:07 +0000)]
Handle errors from run_ofctl() when dumping flows
The function dump_flows_for_table() calls run_ofctl(). If this occurs during an OVS
restart, run_ofctl() will return None. dump_flows_for_table() needs to realize this
and not try to call splitlines() on a None object.
Matt Riedemann [Thu, 29 May 2014 14:33:16 +0000 (07:33 -0700)]
Sync periodic_task from oslo-incubator
This is more or less to get commit c63fd5a from oslo into the core
projects which have several periodic tasks. Neutron has periodic tasks
for L3, load balancing and metering agents to sync up state with the
server and most don't have specific spacing values set which can lead to
non-deterministic spacing of when the tasks run.
Note that this does not include the gettextutils and log dependencies
since there are not functional changes in those modules needed for the
periodic_task changes synced in *and* more importantly, the changes
to gettextutils and log require pervasive changes to neutron which
should happen when neutron integrates with the oslo-i18n library for
blueprint i18n--messages.
Further note that this does not include jsonutils due to some
issues introduced with a change for python 2.6 that impacts how strings
are encoded with simplejson. The details for that issue are in bug 1314129. The jsonutils changes are not related to the periodic_task
changes being synced in so the dependency is not functionally required.
The LbaasAgentManager extends PeriodicTasks but wasn't calling the
parent class init function, which was causing failures since commit 47c9d60 changed PeriodicTasks to init _periodic_last_run, so also
fixed that here.
Changes:
c63fd5a Make unspecified periodic spaced tasks run on default interval f0dd798 Remove rendundant parentheses of cfg help strings fcf517d Update oslo log messages with translation domains 051b9f3 Refactor unnecessary arithmetic ops in periodic_task 674cdaf Refactor if logic in periodic_task b6b82c5 Use timestamp in periodic tasks 47c9d60 Don't share periodic_task instance data in a class attr 8b2b0b7 Use hacking import_exceptions for gettextutils._
berlin [Thu, 22 May 2014 07:42:25 +0000 (15:42 +0800)]
FWaaS plugin doesn't need to handle firewall rule del ops
If firewall rule is attached to firewall policy, it would raise
FirewallRuleInUse excpetion in DB ops, else it is a pure DB delete ops.
So it is useless to handle delete_firewall_rule ops in fwaas plugin.
Closes-Bug: #1322076
Kyle Mestery [Fri, 16 May 2014 04:21:32 +0000 (04:21 +0000)]
Reprogram flows when ovs-vswitchd restarts
When OVS is restarted, by default it will not reprogram flows which were
programmed. For the case of the OVS agent, this means a restart will cause
all traffic to be switched using the NORMAL action. This is undesirable for
a number of reasons, including obvious security reasons.
This change provides a way for the agent to check if a restart of ovs-vswitchd
has happened in the main agent loop. If a restart of ovs-vswitchd is detected,
the agent will run through the setup of the bridges on the host and reprogram
flows for all the ports connected.
DocImpact
This changes adds a new table (table 23) to the integration bridge, with a
single 'drop' flow. This is used to monitor OVS restarts and to reprogram
flows from the agent.
This is caused by a missing network_id in the port body.
This patch adds it so that a warning message can be traced
correctly. Wording is slightly tweaked to ensure it applies
to the right context.
Gary Kotton [Wed, 28 May 2014 13:37:16 +0000 (06:37 -0700)]
NSX: fix bug for flat provider network
The flat provider network would cause an exception when writing to
database. This is due to the fact that the DB expected an integer
and received an object instead.
Eugene Nikanorov [Tue, 27 May 2014 22:08:17 +0000 (02:08 +0400)]
Disallow regular user to update firewall's shared attribute
Shared firewalls should only be operable by admins.
Currently only admin can provide shared attribute at firewall creation,
so update_firewall should be consistent with that as well.
Erik Colnick [Tue, 6 May 2014 13:56:31 +0000 (07:56 -0600)]
Support 'infinite' dhcp_lease_duration
Process a dhcp_lease_duration value of -1 as 'infinite'
when setting the dnsmasq dhcp-range values to support
cases where it is undesirable for instance dhcp leases
to expire.
Akihiro Motoki [Tue, 27 May 2014 17:48:30 +0000 (02:48 +0900)]
NEC plugin: Bump L3RPC callback version to 1.1
update_floatingip_statuses RPC call implemented in Icehouse expects
RPC version 1.1 and RPC version of L3RpcCallback of other plugins
was bumped to 1.1, but the version of L3RpcCallback in NEC plugin
was not bumped to 1.1 yet.
Benedikt Trefzer [Mon, 26 May 2014 20:45:25 +0000 (22:45 +0200)]
fix openvswitch requirement check
With VXLAN enabled on openvswitch, neutron checks
module version of the openvswitch kernel module.
If the pattern to extract the version matches twice
(eg. for path and version) the agent dies.
This patch ensures, that only the version is checked
against the pattern.
This patchset fixes a couple of bugs wrt processing requests
before sending them to the backend controller and adjusts the
requests based on the controller requirements. It also corrects
typos, add quotas and changes the default for a configuration
parameter.
Change-Id: I4b64c2b49ff4854949afc1e54cba1057f376b058
Closes-Bug: #1311260
DocImpact: The default tenant type is chganged from OF to OVERLAY
ronak [Thu, 15 May 2014 14:38:43 +0000 (07:38 -0700)]
Extraroute extension support for nuage plugin
Nuage's VSP supports adding static-route to L3 Domain
which fits nicely with extraroute extension supported
by openstack's neutron. This set of change enables that.
Carl Baldwin [Thu, 24 Apr 2014 23:06:10 +0000 (23:06 +0000)]
Set onlink routes for all subnets on an external network
The addition of the on-link routes gives us some freedom to allocate a
router's IP address from any one of multiple subnets on one external
network. Different routers can get their IPs from different subnets and
they still have direct on-link connectivity to each other. For example,
one router with its primary IP from 10.0.0.0/24 and another from
192.168.0.0/24 can communicate directly. It is important that each
router has on-link routes to *all* of the subnets.
Any router can host floating ips from any of the subnets regardless of
which subnet the primary IP address comes from.
This is an alternative to the "Multiple floating IP pools" section in
the administration guide. It is a simpler alternative that avoids
having to create multiple external networks. It is also more flexible
because routers will no longer be restricted to getting floating IPs
from the pool to which they happen to be connected.
DocImpact
Document the procedure for adding subnets to the external network.
Potentially remove the existing procedure for "Multiple floating IP
pools" from the docs.
Arvind Somya [Thu, 13 Feb 2014 17:57:50 +0000 (09:57 -0800)]
Cisco APIC ML2 mechanism driver, part 2
This set of changes introduces a mechanism driver for the
Cisco APIC. This is the second and final part of a 2 part commit.
Please see the blueprint for more information.
The review is submitted in two parts:
- Part 1 (Posted earlier, required for Part 2)
o APIC REST Client
o APIC data model and migration script
o APIC configurations
- Part 2 (this commit)
o APIC mechanism driver
o APIC manager
Andreas Jaeger [Thu, 22 May 2014 16:48:04 +0000 (18:48 +0200)]
Remove all mostly untranslated PO files
We now only import PO files that are at least 75 % translated,
so we can delete now all other PO files. The patch only
removes the mostly untranslated files. Once a file becomes mostly
translated, the bot will import it again.
Jakub Libosvar [Thu, 30 Jan 2014 14:27:02 +0000 (15:27 +0100)]
Metadata agent caches networks for routers
During cloud-init there are several calls that asks neutron API for the
same data which will not be most likely changed. Specifically router's
networks are cached.
Jakub Libosvar [Tue, 11 Feb 2014 14:59:06 +0000 (15:59 +0100)]
Common decorator for caching methods
Decorator caches methods' results, the key is composed from function
name and its parameters. Implementation of cache itself should be in
object implementing decorated method. Cache backend should be taken
from oslo-incubator.
Ryan Moe [Fri, 2 May 2014 20:08:45 +0000 (13:08 -0700)]
Make pid file locking non-blocking
fcntl.flock will block indefinitely if another process holds an exclusive
lock. A non-blocking flock operation will raise an error when a lock already
exists so we can fail immediately.
Allowed Addresspairs: Removing check for overlap with fixed ips
Current code does not allow assigning a fixed ip to a port when that ip
overlaps with one of the addresses in the allowed-addresspairs list.
This is an unnecessary check as the overlap does not have any negative
effect. Further, such a check actually makes it hard to use this
API. For example, if a fixed IP 10.10.1.1 exists on a port and we
want to allow addresses in 10.10.1.0/24 cidr on that port, then one
has to configure a list of 8 cidrs ([10.10.1.0/32, 10.10.1.2/31,
10.10.1.4/30, ..., 10.10.1.128/25]) on the allowed-addresspairs.
In addition to the above reasons, the current code also does not
check for the overlaps in all cases.
Rajesh Mohan [Wed, 21 May 2014 02:41:26 +0000 (19:41 -0700)]
Do not defer IPTables apply in firewall path
By default, iptables apply is deferred in L3 agent. For
external gateways, iptables is applied immediately (to
enable NAT for floating IP). Similarly, when firewall
is created/updated/deleted, iptable rules are applies
immediately.
Steven Gonzales [Mon, 12 May 2014 14:51:13 +0000 (07:51 -0700)]
Metaclass Python 3.x Compatibility
According to the OpenStack style guide
(http://docs.openstack.org/developer/hacking/),
for Python 3.x compatibility use "six.add_metaclass"
instead of " __metaclass__."
Terry Wilson [Tue, 20 May 2014 15:58:32 +0000 (10:58 -0500)]
Remove hard dependency on novaclient
The nova notification patch introduces a hard dependency on
novaclient when it is a runtime-configurable dependency. The
import from novaclient should be conditional on the
appropriate nova notification options being enabled in the
config.
Ed Bak [Fri, 7 Mar 2014 17:16:15 +0000 (17:16 +0000)]
Provide way to reserve dhcp port during failovers
This change provides a way to save the dhcp port when failing
over a network from one dhcp agent to another. When a
dhcp-agent-network-remove is issued, the dhcp port device_id is
marked as reserved which causes it to not be deleted. When a
subsequent dhcp-agent-network-add is issued, the reserved port
is used and the device_id is corrected. This is desirable
in order to maintain the dhcp port ip address so that dns doesn't
get impacted. Unit test added.
With ML2 plugin and l2-pop mechanism driver, it's possible to locally
answer to the ARP request of the VM and avoid ARP broadcasting emulation
on overlay which is costly.
When this functionality is enabled, the OVS flows logic evolves to [1].
This functionality was introduce in 2.1 OVS branch [2].
A README is added to describe l2-pop mechanism driver and the agents
particularities.
Sam Hague [Fri, 2 May 2014 18:08:09 +0000 (14:08 -0400)]
Allow vlan type usage for OpenDaylight ml2
The initial OpenDaylight integration with Openstack did not support
vlan isolation so it was not included as a valid type. This change
adds the vlan type as allowed.
Also modified tests to include vlan as supported in the
check_segment().
DocImpact:
Use of VLANs with ML2 and the OpenDaylight mechanism driver
requires OpenDaylight Helium or newer to be installed.
NSX: fix error when creating VM ports on subnets without dhcp
The error was caused by a missing LSN port (which is created when
the subnet is setup with dhcp enabled). Therefore, check the port
is in place before proceeding with the setup.
To allow migration of networks from the agent based model
to the agentless one, both modes need to be available; prior
to this change the extension was available in 'agentless' mode
too; this may lead to leftovers during the migration step.
This patch makes the extension available in 'combined' mode
only, which was the intended behavior.
Code Review / openstack-build / neutron-build.git / log