Luis A. Garcia [Wed, 18 Sep 2013 23:11:06 +0000 (23:11 +0000)]
Sync gettextutils from oslo
Some Messages, such as those created from Invalid exceptions, use a
Message within a Message, and we were only translating the base Message
but not the Message substitution within.
Due to a recent change, reodering of rules within the
same policy was failing. This is fixed by checking if
the rules belong to the same policy we allow reordering.
There was also a missing call to reorder due to which
the position number on the rules was not reflected correctly
after the reordering. This is also fixed.
port binding feature of ML2 plugin registers a callback function with
db_base_plugin_v2.NeutronDbPluginV2, which is invoked during a query of
port DB. This function is registered by name instead by refefence. This
causes wrong context to be passed to the function upon invocation, which
causes the exception. If this query is made during neutron
initilization, Neutron service will fail to start.
This fix changes the registration from function name to function
pointer
Fixes two comment lines regarding when bind_port
is called. The correct comment should indicate that
bind_port is called prior to "create_port_precommit or
update_port_precommit" rather than
"create_network_precommit or update_network_precommit".
Kevin Benton [Tue, 17 Sep 2013 20:22:32 +0000 (13:22 -0700)]
BigSwitch plugin: passes context to all update_network calls
There were a few calls to update the network on the backend
that were not having the context passed to them so they were
incorrectly using the admin context. This patch corrects that
by passing the context to all network update calls. It also
disallows calls to _send_update_network that don't provide
the context because there is not a use case for that condition.
Mark McClain [Fri, 13 Sep 2013 21:48:20 +0000 (17:48 -0400)]
Dynamically adjust max number of leases
This change dynamically adjusts the maximum number of leases based on
the size of the subnets associated with a network. The upper bound is
limited by a configurable option to keep the max reasonable and prevent
denial of service.
linb [Tue, 20 Aug 2013 05:35:10 +0000 (13:35 +0800)]
Support advanced NVP LBaaS Service
The patch adds NVP advanced LBaaS service support for NVP with
VCNS:
* NVP LBaaS is an advanced Service of NVP depending on NVP
advanced service router
- Once an advanced router id created, one corresponding
vshield edge will be deployed, and then we can configure
LB service On the vshield edge
* NVP LBaaS service plugin still uses LBaaS DB service logic,
while finally calling vShield Edge to support FWaaS service
- When creating VIP object, service attaches the object to
the advanced router with routedserviceinsertion service.
Then before pushing VIP VCNS call, the server would first
pushing associated POOL VCNS call and associated Monitor
VCNS call to vShield Edge. Deleting VIP is opposite
operation
- Refering to CUD operation of other objects, service would
first find the associated VIP object and then find the edge bound to
the router which vip inserted. Then service would push corresponding
VCNS call to Vshield Edge
* on driver part, the driver will first convert the object
to VSM known object input, and then send a synchronous JSON
calling to VSM, and receive the result
berlin [Thu, 22 Aug 2013 07:58:58 +0000 (15:58 +0800)]
Support for NVP advanced FwaaS service
The patch adds advanced FWaaS service support for NVP with
VCNS:
* NVP FWaaS is an advanced Service of NVP depending on NVP
advanced service router
- Once an advanced router id created, one corresponding
vshield edge will be deployed, and then we can configure
FW service on the vshield edge
* NVP FWaaS service plugin still uses FWaaS DB service logic,
while finally calling vShield Edge to support FWaaS service
- When firewall object is created, we will attach the
object to the advanced router with routedserviceinsertion_db
service
* on driver part, the driver will first convert the object
to VSM known object input, and then send a synchronous JSON
calling to VSM, and receive the result
Paul Michali [Mon, 16 Sep 2013 14:08:56 +0000 (10:08 -0400)]
Increase size of peer_address attribute in VPNaaS
Increased the size so that peer_address could be FQDN. API
document changed constraint from IPAddress to string, however
in the plugin/service code, it is already a string and there is
no specific restriction on the value. Database migration will
be performed, due to the size change.
Fix error raised when router-interface-delete on no-snat routers
Previously, a 500 error would be raised trying to remove a subnet
from a no-snat router because we were trying to remove the snat
rules that didn't exist in the router.
_validate_network_tenant_ownership must be less strict
Neutron, currently does a strict validation code
so that for non-shared network the subnets and
ports must belong to the same tenant as the network. In
the case of a "service VM" created by
admin user, this function should return thus allowing
admin users to create ports and networks in a tenant
network.
If an existing firewall rule already associated with a
firewall policy is associated with a different firewall
policy, the new association should fail. The check for
the existing association was not being made, hence the
firewall rule was being removed from the older policy
and being associated with the newer policy (incorrect
behavior). This is being fixed here.
If the association with the newer policy has to be made
the rule should first be removed from the existing policy
association.
Fix haproxy agent unit test to be runnable alone by tox
haproxy agent uses periodic_interval option that can interfere
with the same option declared in neutron/service.py when running
'tox services.loadbalancer'
Bob Kukura [Fri, 13 Sep 2013 20:12:30 +0000 (16:12 -0400)]
Use same hostname function as nova
Certain plugin implementations of port binding depend on the port's
binding:host_id set by nova matching the compute node's hostname
reported by neutron agents in agents_db. Nova uses
socket.gethostname() to obtain the hostname, so this changes neutron
to also use socket.gethostname(), instead of socket.getfqdn() to
obtain the default hostname. If deployments require a specific
hostname format or value, the hostname can be specified in nova and
neutron configuration files.
Prevent stale DHCP directories for dhcp agent nodes
This change fixes an issue that is most acute in test/dev
environments but that may affect production environments
as well: the presence of DHCP directories that no longer
represent networks that exist in the Neutron DB. This
issue can manifest itself over time if you delete networks
from the Server while the Agent node is down.
Without this fix, at the agent start-up the method
existing_dhcp_networks will return an empty list, and
as a consequence the directories that belong to networks
that have been removed from the server will stay because
the sync logic will not process them as it only looks at
the mismatch between active networks on the agent and
active networks on the server. With the fix instead, we
return *all* existing dhcp networks; if they are meant to
be active, the agent will bring them up, if they no longer
exist on the server, then the agent will dispose of the
resources. The dnsmasq driver will do the right thing when
enabling or disabling the process.
This patch ensures the 'result_count' attribute from NVP API responses
is properly handled, and adds support for '_page_cursor' request query
parameter in the fake nvp api client in order to ensure issues like this
are captured by unit tests.
This patch fixes the _update_fix_assoc routine in the Nicira plugin,
ensuring the association of a floating IP with a router is removed
when the floating IP is disassociated.
This patch also adds a unit test for validating behaviour when a floating
IP is associated to a port on a different router, which was an
uncovered use case. This new unit test required some refactoring in
test_l3_plugin.py.
pass default l3_gateway_service_uuid if not specified
Previously, if one created an external network of type l3_ext and did
not specify the default_gw_service_uuid via --provider:physical_network
an exception would be raised on the backend as we need to specify the
l3_gw_service_uuid we want nvp to use.
Luis A. Garcia [Fri, 16 Aug 2013 16:07:47 +0000 (16:07 +0000)]
Enhance exception translation to better handle NeutronExceptions
NeutronExceptions have a 'message' class attribute that holds the
generic error message template, e.g. "Network %(network)s not found",
unfortunately, because the names are the same, it was overshadowing the
actual exception instance 'message', e.g. "Network 1 not found", after
translation when the exception was serialized to JSON.
This patch puts the exception's actual message in a new field called
'msg' and overwrites NeutronException unicode() so that 'msg' is used
during serialization and we'll get the correct message on the REST API
response.
Code Review / openstack-build / neutron-build.git / log