Adelina Tuvenie [Tue, 24 Mar 2015 16:29:45 +0000 (09:29 -0700)]
Moves ovs_lib to agent/common
This patch moves ovs_lib from agent/linux to agent/common
since it will be used by ovs_neutron_agent on both Linux
and Windows platforms. To provide compatibility with out of
tree code, a placeholder has been left in agent/linux.
Sandhya Dasu [Thu, 5 Feb 2015 17:21:05 +0000 (12:21 -0500)]
Cisco UCS Manager ML2 Mechanism Driver
Introduces a ML2 based Mechanism Driver for Cisco UCS Manager. The vendor
specific driver code referenced by this MD resides in stackforge repo
networking-cisco. This MD did not exist in the Neutron tree before so no files
have to be removed as part of this change.
Assaf Muller [Wed, 25 Mar 2015 00:27:29 +0000 (20:27 -0400)]
Rename/move/remove HaRouter methods
All of the methods that use verify_ha are now part of the HaRouter
class. The check has outlived its usefulness and may die
a peaceful yet horrifying death. At its point of death,
verify_ha is akin to a guy walking down the street and yelling:
'Am I me? Am I me?' - Yes, you're you, shut up. An HA router
is an HA router, there's no point in the class checking if
it's indeed an HA router.
* keepalived_manager._get_full_config_file_path was being used
outside of the keepalived_manager, removed the leading underscore
* _ha_get_existing_cidrs doesn't need an 'ha' prefix, it's already
a part of the HA router class. This patch renames the method to
a more descriptive name
* HARouter._get_ipv6_lladdr had nothing to do with HA routers, nor
did it use the HARouter state. Moved it to ip_lib
Darragh O'Reilly [Tue, 17 Mar 2015 16:03:51 +0000 (16:03 +0000)]
lb-agent: use 'replace' instead of 'add' with 'bridge fdb'
l2pop on the linuxbridge agent can fail to add permanent entries
because the 'bridge fdb add' command fails if a temporary entry
exists. This patch uses 'replace' which always works.
YAMAMOTO Takashi [Tue, 27 Jan 2015 06:32:19 +0000 (15:32 +0900)]
Fix a usage error of joinedload + filter in l3 scheduler
This commit fixes admin_state_up filtering in
get_l3_agents_hosting_routers. Also, adapt its callers
which rely on the current broken implementation.
Details:
With the current coding, joinedload() produces a JOIN and
the following filter() on the columns from the joined table
would create another JOIN of the same table. (As t1 in the
following example). It doesn't seem to be the intended
behaviour. As a consequence the filter (WHERE clause in
the following examples) doesn't work as expected.
Queries before this fix looked like the following,
where t1 and t2 are Agent and RouterL3AgentBinding respectively:
SELECT t2.aaa, t1_1.bbb, ...
FROM t1, t2 LEFT OUTER JOIN t1 AS t1_1 ON t1_1.ccc = t2.ddd
WHERE t1.eee = ...;
After the fix, it would be:
SELECT t2.aaa, t1.bbb, ...
FROM t2 JOIN t1 ON t1.ccc = t2.ddd
WHERE t1.eee = ...;
Adelina Tuvenie [Tue, 24 Mar 2015 10:06:21 +0000 (03:06 -0700)]
Add eventlet monkey_patch helper
Eventlet monkey patching the os and thread modules causes subprocess.Popen
to fail on Windows when using pipes due to missing non-blocking IO support.
There is an reported bug on eventlet [1] with this issue. The solution
for this issue is to not monkey_patch os and thread.
This change is needed in order to run ovs_neutron_agent on Windows platforms.
John Davidge [Mon, 23 Mar 2015 19:00:14 +0000 (19:00 +0000)]
Add the default_ipv6_subnet_pool config option
This config option will allow an admin to set the default subnet-pool
to be used for automatic subnet CIDR allocation in the case of subnet-create
being called without a CIDR or subnet-pool ID.
This also paves the way for enabling IPv6 Prefix Delegation in PD-capable
environments.
Cedric Brandily [Thu, 19 Mar 2015 14:18:03 +0000 (14:18 +0000)]
Transform BaseLinuxTestCase methods in helpers
This change transforms BaseLinuxTestCase[1] methods into helpers. They
are not removed but transformed into wrappers to helpers methods to
reduce change size. A follow-up change will remove them and adapt
testcases currently using them.
Fix intermittent failure in TestNetworksFailover UT
Ensure that the periodic check does not get in the way of method
calls being tested, by stopping the periodic task from running.
This patch moves the mock for the periodic check into the
setup_coreplugin call so it gets called by unit tests that
use the core plugin.
The previous location after the construction of the API router was
too late because the core plugin was already constructed by the
neutron manager. This led to random failures because the periodic
tasks leaked by all of the unit tests would occasionally preempt
test_reschedule_network_from_down_agent in automatically removing
a network from an agent.
Kevin Fox [Wed, 18 Feb 2015 22:01:49 +0000 (14:01 -0800)]
Fixes floating IP regression with multiple routers
During the refactor here:
Change-Id: I09e8a694cdff7f64a642a39b45cbd12422132806
Too much code was removed and caused floating ips to get miss assigned when
multiple routers with external networks in the same tenant are present. The
first router in the tenant was always being chosen. This patch adds back
some of the original code as well as a unit test.
Kevin Benton [Sat, 21 Mar 2015 00:40:43 +0000 (17:40 -0700)]
Add no_delete flag to UT router context manager
Adds a no_delete flag to the router context manager in
the unit tests to allow specific tests to avoid executing
all of the cleanup logic for floating IPs and interfaces
just to exit the test.
Ultimately, this should become the default once we are
comfortable that there is adequate explicit unit tests
for the deletion logic.
Send notification to controller about HA router state change
The L3 agent gets keepalived state change notifications via
a unix domain socket. These events are now batched and
send out as a single RPC to the server. In case the same
router got updated multiple times during the batch period,
only the latest state is sent.
Cedric Brandily [Fri, 20 Mar 2015 16:11:53 +0000 (16:11 +0000)]
Move metadata proxy shared options to neutron.conf
This change moves metadata proxy options shared between dhcp and l3
agents to neutron.conf. This change prepares follow-up changes allowing
to run metadata proxy with nobody user/group
Roey Chen [Wed, 18 Mar 2015 18:00:30 +0000 (11:00 -0700)]
Allow plugin to specify security-group rules ids upon creation
This patch enables plugin to specify the security-group rules ids,
it is optional and defaults to current behavior.
This approach is already used with network creation, where a plugin can
specify the network uuid.
Terry Wilson [Thu, 22 Jan 2015 11:39:57 +0000 (05:39 -0600)]
Add native OVSDB implementation of OVSDB API
This patch adds a native OVSDB protocol version of the new OVSDB
API. As such, it does not require using sudo/rootwrap but instead
uses the OVS IDL Python library that ships with openvswitch.
Break coupling between ML2 and L3 during delete operation
This is an initial attempt at breaking out the L3 logic from the ML2
framework as much as possible. This patch takes care of the notification
to the L3 agent(s), after a port has been deleted. Both base L3 and
L3+DVR operations are affected.
Gal Sagie [Wed, 18 Mar 2015 06:36:29 +0000 (08:36 +0200)]
Validate when DVR enabled, l2_pop is also enabled
The agent should fail to start when
enable_distributed_routing = True and l2_population = False
otherwise the router won't behave as expected.
All the cross subnet traffic (between VMs of the same tenant)
in DVR is now handled locally on the compute node using the router namespace.
A Linux namespace is created for every virtual router,
on each compute node that hosts VMs that are connected to that router.
The local DVR performs the routing and replaces the source MAC address and
the destination MAC address for every packet leaving the compute node.
In order to do that correctly, the router must be populated with
all the L2 addresses of the attached networks
Ryan Tidwell [Thu, 15 Jan 2015 21:17:17 +0000 (13:17 -0800)]
Basic subnetpool CRUD
Enable creating, reading, updating, and deleting subnet pools via REST API.
Includes required changes to REST, model, alembic migrations, and unit tests.
Subnet pools carry a list of IPv4 or IPv6 prefixes from which a subnet can be
allocated. This will enable tenants to request a subnet from a pool rather
than being forced to explicitly provide their own CIDR's for their subnets.
This change simply enables managing the lifecycle of a subnet pool and does
not yet enable allocation of subnet prefixes from a pool.
Subnet pools can have their prefix bounds (min, max, default), name, and
prefix list updated. Changes to prefix bounds do not alter existing
allocations and will not be blocked by existing allocations. Prefix lists can
only be appended to. Prefixes cannot be removed from the pool once added.
YAMAMOTO Takashi [Tue, 27 Jan 2015 06:33:36 +0000 (15:33 +0900)]
Fix a usage error of joinedload + filter in dhcp scheduler
This commit fixes filtering in get_dhcp_agents_hosting_networks.
Also, separate the argument "active" into two; active (heartbeat thing)
and admin_state_up. Because all in-tree callers with active=True seem
to mean only the former, currently the new admin_state_up argument is not
used. (Thus this commit doesn't change any behaviour yet. The argument
might be useful for other changes like [1])
[1] https://review.openstack.org/#/c/147032/
Details:
With the current coding, joinedload() produces a JOIN and
the following filter() on the columns from the joined table
would create another JOIN of the same table. (As t1 in the
following example). It doesn't seem to be the intended
behaviour. As a consequence the filter (WHERE clause in
the following examples) doesn't work as expected.
Queries before this fix looked like the following,
where t1 and t2 are Agent and NetworkDhcpAgentBinding respectively:
SELECT t2.aaa, t1_1.bbb, ...
FROM t1, t2 LEFT OUTER JOIN t1 AS t1_1 ON t1_1.ccc = t2.ddd
WHERE t1.eee = ...;
After the fix, it would be:
SELECT t2.aaa, t1.bbb, ...
FROM t2 JOIN t1 ON t1.ccc = t2.ddd
WHERE t1.eee = ...;
Assaf Muller [Mon, 22 Dec 2014 15:01:37 +0000 (17:01 +0200)]
Allow to request metadata proxy only from internal interfaces
Currently the metadata service can be requested on 169.254.169.254:80
from all interfaces including external interfaces. This change updates
PREROUTING rules to allow request on 169.254.169.254:80 only from
internal interfaces.
Assaf Muller [Thu, 12 Mar 2015 23:50:43 +0000 (19:50 -0400)]
Replace keepalived notifier bash script with Python ip monitor
Previously L3 HA generated a bash script and copied it to a per-router
configuration directory that was visible to that router's keepalived
instance. This patch changes the in-line generated Bash script to a
Python script that can be maintained in the repository.
The bash script was used as a keepalived notifier script, that was invoked
by keepalived whenever a state transition occured. These notifier scripts
may be invoked by keepalived out of order in case it transitions quickly
twice. For example, if the master failed and two slaves fight for the new
master role. One will transition to master, and the other will often
transition to master and then immidiately back to standby. In this case,
the transition scripts were often fired out of order, resulting in the
wrong state being reported.
The proposed approach is to get rid of the keepalived notifier scripts
entirely. Instead, monitor IP changes on the HA device. If the omnipresent
IP address was configured on the HA device, it means that we're looking
at a master instance. If it was deleted, the router transition to standby
or fault.
In order to keep the L3 agent CPU usage down, it will spawn a process
per HA router. That process will start the ip address monitor.
Whenever it gets an IP address change event, it will notify the L3 agent
via a unix domain socket.
Code Review / openstack-build / neutron-build.git / log