gong yong sheng [Tue, 25 Aug 2015 08:21:39 +0000 (16:21 +0800)]
Add policy and policy rule belongs check
before updating and deletion of a qos rule under a policy,
we check if the qos is binding to the policy to avoid users
operating on policy rules binding to other policy.
Clark Boylan [Tue, 25 Aug 2015 17:58:57 +0000 (10:58 -0700)]
Run py34 tests with testr
This doesn't use os-testr but it results in html reports built from
the subunit logs.
A note from amuller: tox -e py27 uses ostestr. The primary difference
between testr and ostestr (For my money) is that ostestr spits out
progression. After a conversation with mtreinish (The author of ostestr)
it doesn't seem to be possible to use tox with ostestr for our py34
tests because we use a long regex that is split on newlines. ostestr
supports the --regex flag as such (regex_a|regex_b), however it's not
possible to use that with newlines and to play nice with tox.
Since I think that we do want to use ostestr (Just like the py27 venv),
I'll work with mtreinish to introduce a white list regex file in to
ostestr. The file will be maintained in the repo and passed in to
ostestr via tox.
Carl Baldwin [Tue, 25 Aug 2015 20:51:16 +0000 (20:51 +0000)]
Make a couple of methods private
I was just going over this class trying to understand what methods
really are used outside of the class. I found that these two are not.
I thought I'd submit a quick patch to mark them "private".
John Davidge [Wed, 24 Jun 2015 13:52:13 +0000 (14:52 +0100)]
L3 agent changes and reference implementation for IPv6 PD
This patch adds the common framework to be used by specific
implementations of the DHCPv6 protocol for Prefix Delegation.
It also includes a reference implementation based on the Dibbler
DHCPv6 client. Dibbler version 1.0.1 or greater is required.
Sanity tests are included to verify the installed version.
A patch for admin/user documentation is up for review here:
https://review.openstack.org/#/c/178739
Video guides for configuring and using this feature are available on
YouTube:
the argument is ignored and all whitelisted tests are executed.
This is not in line with the other testenv's. This patch ensures
that posargs are processed if available, and that we fall back on
the lot of tests when not specified.
Ryan Moats [Mon, 24 Aug 2015 13:49:09 +0000 (08:49 -0500)]
Remove redundant logging statements from RootWrapDaemonHelper
create_process and execute_rootwrap_daemon both current log
the command they are about to run. Remove these statements as
redundant (the log message showing the command's result includes
the command itself)
Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Change-Id: I8bdea7212f8a32a3b6b0b47c5b824ac1c561d83f
Ryan Moats [Fri, 21 Aug 2015 14:16:52 +0000 (09:16 -0500)]
Rationalize neutron logs to help in troubleshooting router issues
Currently the neutron logs are not very useful for troubleshooting
router issues - this patch adds additional logging statements to
help the triage process.
Change-Id: I014e0119205d4a947a1be142aeeb29940c4de3bd Signed-off-by: Ryan Moats <rmoats@us.ibm.com>
Oleg Bondarev [Mon, 24 Aug 2015 08:29:25 +0000 (11:29 +0300)]
Move db agent schedulers test to a more appropriate place
Current placing is confusing as in fact the tests have little to do
with ml2 and openvswitch.
This was triggered by discussion on https://review.openstack.org/199514
Next step should be to separate dhcp and l3 schedulers tests.
Kevin Benton [Mon, 24 Aug 2015 10:13:14 +0000 (03:13 -0700)]
Make models_v2 explicitly import rbac_db_models
The Network model was implicitly relying on a core plugin to import
the db_base_plugin_v2 module which would import the rbac model module
so "NetworkRBAC" would be defined by the time something would query
the DB. However, this isn't the case for scripts or agents that are
importing models_v2 and trying to query the DB directly so they will
now break with an sqlaclhemy error about a missing model.
This patch makes models_v2 import the rbac_db_models module directly
so the model will always be defined.
This would have resulted in a circular import because the
rbac_db_models module required the HasId and HasTenant classes
in models_v2. So this patch also moves these helper classes
into model_base.
Miguel Angel Ajo [Wed, 19 Aug 2015 13:15:21 +0000 (15:15 +0200)]
Make NeutronDbObjectDuplicateEntry exception more verbose
NeutronObjectDuplicateEntry is an exception derived from Conflict,
which is mapped to HTTPConflict. When such exception is thrown
during an API layer call, we will provide more detail to the caller
about what was exactly duplicated, and for which fields,
the information is extracted from the DB exception.
NeutronObjectDuplicateEntry is renamed into NeutronDbObjectDuplicate
to make clear it is for handling db duplicate exceptions, in
the future we could generalize to a base NeutronObjectDuplicate class
if we need separate handling for other object backings (mem, keystore,
etc).
Marga Millet [Wed, 12 Aug 2015 10:49:09 +0000 (03:49 -0700)]
Support dhcp metadata service for all networks
Vendors implementing Neutron L3 API in their devices may not be able to provide
metadata server access via the Neutron router. In such cases we want to allow
the metadata service as done for non-isolated networks segments.
Neil Jerram [Mon, 27 Jul 2015 13:43:18 +0000 (14:43 +0100)]
ip_lib: support creating Linux dummy interface
This is for use by a DHCP agent interface driver in the
networking-calico project. networking-calico connects VMs without
using bridging, so it needs an unbridged DHCP port interface with
which it can associate the DHCP subnet prefix, and the Linux dummy
interface (in conjunction with use of Dnsmasq's --bridge-interface
feature) is suitable for that purpose.
Ann Kamyshnikova [Fri, 21 Aug 2015 12:13:25 +0000 (15:13 +0300)]
Graceful OVS restart for DVR
Graceful OVS restart that was intoduced in I95070d8218859d4fff1d572c1792cdf6019dd7ea
missed that flows are also dropped in setup_dvr_flows_on_integ_br.
Neil Jerram [Thu, 23 Jul 2015 17:17:12 +0000 (18:17 +0100)]
DHCP agent: clarify logic of setup_dhcp_port
When the DHCP port already exists, the code for finding it is
unhelpfully mixed up with the code for updating its subnet IDs and
fixed IP addresses. Clarify that area by splitting setup_dhcp_port
into 3 subroutines, for each of the existing, reserved and new port
cases.
Sean Mooney [Fri, 26 Jun 2015 09:48:26 +0000 (10:48 +0100)]
Add config option to specify ovs datapath.
This change introduces a new datapath_type parameter
to allow specification of the ovs datapath to be used.
This change introduces new functional and unit tests.
Kevin Benton [Wed, 17 Jun 2015 06:43:59 +0000 (23:43 -0700)]
Neutron RBAC API and network support
This adds the new API endpoint to create, update, and delete
role-based access control entries. These entries enable tenants
to grant access to other tenants to perform an action on an object
they do not own.
This was previously done using a single 'shared' flag; however, this
was too coarse because an object would either be private to a tenant
or it would be shared with every tenant.
In addition to introducing the API, this patch also adds support to
for the new entries in Neutron networks. This means tenants can now
share their networks with specific tenants as long as they know the
tenant ID.
This feature is backwards-compatible with the previous 'shared'
attribute in the API. So if a deployer doesn't want this new feature
enabled, all of the RBAC operations can be blocked in policy.json and
networks can still be globally shared in the legacy manner.
Even though this feature is referred to as role-based access control,
this first version only supports sharing networks with specific
tenant IDs because Neutron currently doesn't have integration with
Keystone to handle changes in a tenant's roles/groups/etc.
Liang Bo [Thu, 20 Aug 2015 06:24:46 +0000 (14:24 +0800)]
Fixed broken link in neutron-server's documents
The neutron-server document contains a link (http://neutron.openstack.org)
which is not exist anymore. This patch updates the link to neutron's doc site
and wiki page.
Miguel Angel Ajo [Thu, 20 Aug 2015 13:57:19 +0000 (15:57 +0200)]
Fix qos api-tests after policy changes
The policy.json update in change
Ide1cd30979f99612fe89dddf3dc0e029d3f4d34a breaks the qos api-tests
due to actions which the default policy won't allow, like qos
rules or policies creation by non-admins.
We removed test_rule_association_nonshared_policy which
is not possible with the default policy.json in favor of
test_policy_create_forbidden_for_regular_tenants.
This commit unblocks the qos api-test re-enablement.
Jakub Libosvar [Thu, 20 Aug 2015 16:02:11 +0000 (16:02 +0000)]
fullstack: use migration scripts to create db schema
Previously, we used create_all() based on models. We don't use
create_all() in production code and there is no guarantee models and
scripts are in sync even though we have a good functional test that
validates that. There are still pieces that can't be compared by
alembic.
John Schwarz [Thu, 20 Aug 2015 14:05:02 +0000 (17:05 +0300)]
Only validate local_ip if using tunneling
Change I4b4527c28d0738890e33b343c9e17941e780bc24 introduced a new
validation to make sure that local_ip holds a valid IP that is present
in one of the interfaces on the machine. However, this test is not
relevant if tunneling is not enabled, since the value is ignored anyway.
This patch changes validate_local_ip to not check local_ip in case
tunneling is not enabled (if no value was put in the 'tunnel_types'
option).
Jakub Libosvar [Tue, 18 Aug 2015 13:42:37 +0000 (13:42 +0000)]
qos: Delete bw limit rule when policy is deleted
We need to add ON DELETE CASCADE to qos_policy_id on bw limit rule table
in order to delete policy successfully. There is a migration script that
creates db scheme with correct foreign key constraint but we miss this in
models. Currently, we have a functional test that guarantees parity
between migration scripts and models but we don't have guaranteed foreign
keys parity due to alembic bug [1].
Yalei Wang [Fri, 7 Aug 2015 14:43:30 +0000 (22:43 +0800)]
Add support for unaddressed port
Neutron could create a port without the IP address when the network doesn't
have a subnet. In this case, neutron will have no L3 knowledgee and we need
remove the L3 filter on it but reserve the L2 filter if there is.
This patch will make L2 agent verify the fixed_ips before converting the
security-group-rules into firewall rules, L3 rules in it will be removed.
And filter like arp-spoofing will be disabled for this port.
Code Review / openstack-build / neutron-build.git / log