Gary Kotton [Mon, 29 Dec 2014 09:38:25 +0000 (01:38 -0800)]
VMWare-NSXv: VMWare NSXv extensions
For Kilo, the vendor-specific code should be moved to stackforge repo,
excluding the extensions (https://review.openstack.org/#/c/134680/).
This patch adds the extensions VMWare NSXv plugin from
stackforge/vmware-nsx repo.
There are 2 new extensions:
1. advanced_service_providers - this is required to enabled the NSXv to provide
metadata support (there is no metadata agent)
2. vnic_index - the security group support for the NSXv requires the vNIC index
Currently the test assumes delete_ports_by_device_id deletes ports in
the order they were created but nothing ensures it. This change
updates _test_delete_ports_by_device_id_second_call_failure to avoid
such (incorrect) assumption. The assumption is in general broken in
daughter change which adds a unique constraint on Port table.
Carl Baldwin [Mon, 12 Jan 2015 16:36:40 +0000 (16:36 +0000)]
Create arping helper in ip_lib
In trying to restructure the L3 agent in to more modules, some helpers
like arping will be used by several modules. It is better to relocate
it to a common module which all of them will import and use.
Since there is only one spot which passed 'distributed=True', I chose
to break the utility in to two. Also, 'distributed' doesn't really
describe what that argument is for. So, I named the second utility
differently to indicate that it is for sending garps when proxyarp is
in use for the address on the interface.
Kyle Mestery [Mon, 8 Dec 2014 02:18:53 +0000 (02:18 +0000)]
Initial thin ML2 mechanism driver
This commit thins the in-tree OpenDaylight ML2 MechanismDriver. A matching
change to the stackforge/networking-odl project has the backend logic
there.
Miguel Angel Ajo [Thu, 15 Jan 2015 00:23:29 +0000 (00:23 +0000)]
Call on dhcp-agent DhcpLocalProcess.restart() breaks dhcp
The bugfix implemented on Ib37651f7f802debd472ab292b148c2a2496063a3
creates the network_conf_dir only during __init__, and restart()
method calls disable(), then enable(), where disable will remove
the config directory and all configuration files.
Previous implementation re-created the network_conf_dir on the
interface_name setter (called from enable) with ensure_conf_dir=True.
Sukhdev [Sat, 10 Jan 2015 01:02:53 +0000 (17:02 -0800)]
Fixs shared networks in Arista ML2 driver
When a shared network is created, it is stored
in arista_provisioned_nets under the tenant_id of
owner of the network. Later, when a different
tenant launches an instance on the shared network,
above mentioned DB is looked to find the network
under requesting tenant's ID, and it is not found,
and hence, the request is rejected.
The fix is made such that when a network is not
found under the requesting tenant's ID, check if
this network is shared network. If yes, then
check the DB to ensure that owner tenant exists
in the DB. If yes, then this is a valid request
and do not reject it. Otherwise reject it - as an
unknown tenant or network is specified in the
request.
- Don't assume the path of mktemp command. It's /usr/bin/mktemp
for some platforms. eg. NetBSD. Also, always provide a template
as it's necessary for some platforms, eg. OS X. This snippet was
taken from the example in NetBSD's mktemp(1).
- Move a comment to the appropriate place.
- Improve a regex to ignore more comments.
- As the pattern for find -path is not a regex, no escape is necessary
for period.
When troubleshooting issues having to parse the \n mentally is kind of
difficult. Be nice to the user and have the newlines interpreted correctly.
It's fine if we waste some spaces in the logs, storage is cheap these days.
Jaume Devesa [Wed, 24 Dec 2014 09:45:05 +0000 (09:45 +0000)]
Midonet plugin decomposition
Remove the midonet plugin code and add the requirements.txt file to
set the dependency to the vendor plugin. Dependency is not pinned: we
will use the newest library during the Kilo cycle and we will submit a
patch with the pinned version a bit before the Kilo code freeze.
Vendor plugin code is available here:
https://github.com/midonet/python-neutron-plugin-midonet
Plugin already available in pypi:
https://pypi.python.org/pypi/neutron-plugin-midonet/
Kevin Benton [Tue, 13 Jan 2015 16:05:19 +0000 (08:05 -0800)]
Fix topic for provider security group update
Commit 8098b6bd20bb12520e438ef9125dc7b96664f712 accidentally changed
the topic for the provider security group update to a regular member
update. This resulted in the L2 agent not asking for the latest
security group rules after a DHCP port was created. If a regular
compute port was brought online and wired up by the L2 agent
before the DHCP port was created, the VM would never get its allow
rule to communicate with the DHCP server.
Kobi Samoray [Sun, 11 Jan 2015 09:28:42 +0000 (11:28 +0200)]
VMWare NSXv DB model bugfix
DB Model and migration for VMWare NSXv had two issues:
In DB migration, nsxv_security_group_section_mappings table is not dropped on downgrade.
In nsxv_models.py, tz_network_bindings_binding_type enum name should be
nsxv_tz_network_bindings_binding_type to match migration code.
Yoni Shafrir [Mon, 5 Jan 2015 13:27:47 +0000 (15:27 +0200)]
Speed up initial L3 full sync time
When a L3 agent starts up the initial full sync occurs
on the first periodic task interval.
This means that from the point the agent is ready to
process updates it can take ~1 minute until traffic
can start flowing through the L3 agent's routers.
When using a highly available solution (not VRRP)
the startup delay adds around a full minute to
the minimum downtime.
This patch simply does a manual (i.e. not periodic) full
sync once the L3 agent is ready (in 'after_start' method).
The change results in a much faster sync on a new agent.
With the patch it takes several seconds until routers are
created on the new/restarted L3 agent.
* Remove references in tox.ini to removed rules.
* Remove custom @author check since it's now implemented in hacking.
* Move N323 to N322 that is freed due to @author check removal.
* Temporarily skip W292 (no newline at the end of file).
* Temporarily skip H238 (old style classes).
Wei Wang [Thu, 7 Aug 2014 08:16:37 +0000 (16:16 +0800)]
Use "if dict.get(key):" instead "if key in dict and dict[key]:"
Use "if dict.get(key):" instead of "if key in dict and dict[key]:"
which makes code more clear and intelligible. Note this patch doesn't
change judging conditions, all "is not None" are retained.
Ensure config directory created before updating leases
Under high load conditions dhcp-agent could try to start the
dhcp local process via reload_allocations. But it will fail since
the dhcp config directory for the specific network is not
created yet.
WeiHu [Tue, 30 Dec 2014 02:45:55 +0000 (10:45 +0800)]
Fix IPv6 Subnet Slaac Check
Currently, "is_slaac_subnet" method only checks "ipv6_address_mode".
This will let neutron allocate a stateful IPv6 address for instance
when ipv6_ra_mode set to "stateless" or "slaac", and "ipv6_address_mode"
unset. But actually, instance get IPv6 address prefix from radvd, and
auto configure IPv6 address by itself. This change will let "is_slaac_
subnet" also check ipv6_ra_mode attribute, which will no longer allow
fixed IPs on auto-address subnets and delete subnet will correctly delete
auto-address ports.
Terry Wilson [Thu, 11 Dec 2014 18:10:37 +0000 (11:10 -0700)]
Move non-bridge-related OVSBridge methods to BaseOVS
This patch moves several methods in OVSBridge that don't really have
anything to do with OVS bridges to BaseOVS where they are a much
better fit. Since OVSBridge inherits from BaseOVS, no modules using
ovs_lib will have to change to support this move.
Also, several module-level functions that essentially re-implement
BaseOVS.run_vsctl() are moved to BaseOVS and converted to use
run_vsctl. In order to avoid changing the API, the module-level
functions are then reimplemented by creating a BaseOVS instance and
calling the associated method.
Sayaji [Mon, 1 Dec 2014 23:25:57 +0000 (15:25 -0800)]
Run only one instance of Nuage sync cycle at a time
Sync can run as part of Neutron and as a standalone tool.
So when sync is triggered through Neutron, someone can
trigger another sync cycle using the standalone tool.
Similarly when sync is triggered by standalone tool, Neutron
can trigger another sync cycle. This can lead to unexpected
sync behaviour .This fix will allow only one sync cycle at a
time and the other cycle will be blocked till the first one is
complete.
Russell Bryant [Thu, 18 Dec 2014 20:11:07 +0000 (20:11 +0000)]
Scope metadata rpc api using a messaging namespace
This patch does a couple of things. First it adds docstrings to the
client/server pair of the rpc interface used by the metadata service
to make calls back into the Neutron server. The docs tell you where
the other side of the interface is found in the code, and where docs
are that give more info on the rules for changing them.
The second thing done in this patch is to scope this interface using a
messaging namespace. Right now some plugins expose several interfaces
via the default namespace. This effectively means they are a single
API and should be managed with a single version stream. It's much
more managable to just treat these as separate interfaces and this
change makes that explicit and functionally true. Now when a method
is invoked, the only classes considered for handling that request will
be ones marked with the right namespace.
Russell Bryant [Wed, 17 Dec 2014 19:55:43 +0000 (19:55 +0000)]
Provide doc string pointers for the dhcp agent rpc api
There is an rpc interface defined for the Neutron plugin to be able to
execute methods in the DHCP agent. Provide docstring pointers in the
client and server side that tells you where to find the other side of
the interface.
No namespace usage is needed here. This API is the only one exposed
via the DHCP agent, so the default namespace used now is fine.
The DhcpAgent class was updated to explicitly define the
messaging.Target(). Previously it was using the equivalent one
defined in the Manager base class. Having it specified here makes it
more obvious that this is an rpc endpoint, and also provides the
obvious place that must have the version updated if the interface is
changed.
Break out config and entry point out of l3/agent file
This is done in order to show the split between a main() and
the agent's inner workings. At the same time the L3 agent for
Neutron is also being restructured and to this aim, its config
is also moved out of the agent file.
Keep main() for the time being until we get dependent
services updated.
Partially-Implements: bp restructure-l3-agent
Partially-Implements: bp core-vendor-decomposition
Cedric Brandily [Thu, 11 Dec 2014 13:10:30 +0000 (13:10 +0000)]
Correct l3-agent iptables rule for metadata proxy
2 iptables rules are defined to ensure the metadata proxy is reachable
from vms on 169.254.169.254:80:
* REDIRECT 169.254.169.254:80 packets to the router on port 9697
* ACCEPT traffic to 127.0.0.1 on port 9697
The REDIRECT rule replaces destination ip by:
* 127.0.0.1 if the packet is local,
* router ip (the one on the input interface, metadata proxy case).
So ACCEPT rule filter is not matched ... the metadata proxy is only
reachable because INPUT policy is ACCEPT.
This change removes the destination constraint in the ACCEPT rule.
Code Review / openstack-build / neutron-build.git / log