In the iptables firewall driver, each port method (update_port_filter,
prepare_port_filter, remove_port_filter) makes O(N) calls, where
N=len(firewall.ports), to IptablesManager methods that update dozens
of data structures. When the firewall methods are called in sequence,
e.g., by SecurityGroupAgentRpcMixin, the calls to IptablesManager's
methods start to add up.
This patch changes IptablesFirewallDriver to defer and coalesce calls
to IptablesManager. Now a sequence of M port method calls results in
O(N) calls to IptablesManager methods instead of O(N*M) as before.
Tom Fifield [Sun, 28 Jul 2013 18:35:01 +0000 (11:35 -0700)]
Update references with new Mailing List location
Yesterday, openstack@lists.launchpad.org was migrated with
all users to openstack@list.openstack.org.
This patch updates references to the old mailing list with the
new, to ensure that people encountering them don't accidentally
try and join the old list!
Fix creation of trusted queues for the NVP plugin.
Currently if an admin tries to create a trusted queue, Neutron will
fail with MissingDSCPForTrusted exception. However, the NVP semantic
is exactly the opposite, namely the DSCP field must be specified for
untrusted queues and omitted trusted ones.
Deal with intermittent OverflowError in gate-neutron-python26
This occurence looks like is related to a failure in
utils.execute. This patch attempts to deal with the error
by mocking out Popen.communicate altogether.
Gary Kotton [Thu, 20 Jun 2013 11:04:59 +0000 (11:04 +0000)]
Ensure that L3 managed port have status ACTIVE
Some plugins may set the port status as DOWN when it is created. This was not
updated when the port was actually up. This patch ensures that gateway and
router ports that are created will be set as ACTIVE when they are actually
up and running.
Ports that are attached to additional bridges in the OVS will only update the
port status as ACTIVE. There will be no tags set on the specific ports as this
will break the existing functionality.
* Defines logic and API for ServiceProvider - read-only entity
that admins provide in configuration and which is stored in memory
* ServiceType entity which maps to ServiceOfferings in new terms
is removed for now.
* Routed service insertion fixed to not to refer to service providers.
* In case configuration changes and some service providers are removed
then the resources must be cleanup in a special way (undeploy logical
resources). This is a matter of future work
* Add migration.
Jiajun Liu [Wed, 17 Jul 2013 03:00:23 +0000 (03:00 +0000)]
do not raise exception on ip address recycle operation
Currenty a exception will raise on ip address recycle operation if the ip
address doesn't belong to any allocation pool which will make user unable
to update port, even worse it will make user unable to create new port.
So do not raise exception if the ip address to be recycled doesn't belong
to any allocation, just delete it from the ip allocation table.
The latest dnsmasq no longer accepts hostnames which begin with a number. This
affects Fedora 19 right now, and will mean Fedora 19 will not work with Neutron
DHCP. dnsmasq should work with hostnames beginning with a number (RFC 1123 says
this is valid), but until this is fixed, many users will be left unable to use
Fedora 19 with Neutron.
This patch adds a "host-" prefix to each hostname entry generated by the DHCP
agent. This fixes the issue in Neutron.
Currently there is create_health_monitor() in the driver API so
a driver may create an object on device but there is no delete_health_monitor()
and monitor objects will remain on device forever.
Driver should at least call plugin to delete a db object.
Carl Baldwin [Tue, 16 Jul 2013 18:10:37 +0000 (18:10 +0000)]
Avoid refreshing firewall rules unnecessarily.
Adds a parameter to refresh_firewall allowing an array of ports to
be passed. If an array is passed then the firewall will be refreshed
only for those ports. If not passed, it will still refresh all
ports as it did before.
Oleg Bondarev [Wed, 29 May 2013 07:58:17 +0000 (11:58 +0400)]
Add agent scheduling for LBaaS namespace agent
- adds simple chance scheduling on create pool operation
- adds PoolsLoadbalancerAgentBinding db table
- adds lbaas_agentscheduler extension to list pools hosted by a particular agent
and to get an agent hosting a particular pool
- adds agent notifiers mapping to AgentSchedulerDbMixin to make it easier
for services to add their agent notifiers to the core plugin
Add support for the agent extension to NVP Plugin.
Of DHCP and L3 agents, NVP uses DHCP; This patch adds support
for the extension to this plugin.
This patch also moves some tests around, as a result of the
refactory done in https://review.openstack.org/#/c/35266/
Some code duplication is also removed.
Adin Scannell [Mon, 27 May 2013 17:21:42 +0000 (13:21 -0400)]
GRE tunnels should include local_ip.
This addresses the issue of having one or more multi-homed host.
Because you may only specify one local IP for a quantum agent, and
other hosts could be routed across different subnets (even for small
installations, for various reasons), it's important to also specify
the used local_ip when setting up the GRE tunnels. As long as the
address is routable on both ends, this will work. If the local_ip is
not specified, then traffic will mysteriously be dropped on one end
where the IP does not match the expected IP in the GRE tunnel.
Update the ML2 README file with the latest tunnel changes
The ML2 README file was slightly out of date with all of the H2 changes
which went in around GRE and VXLAN tunneling. This patch updates it to
reflect what the code is capable of currently.
The following change done in nova 7de916 started passing in the
rxtx_factor on update port rather than just on create_port which
is what we only originally supported. Therefore currently when
booting a vm and specifying --nic port-id it will fail to boot with:
Cannot update read-only attribute rxtx_factor. This patch is a work
around to allow the rxtx_factor value to be passed in on update port even
though we ignore the value. Later we'll implement updating rxtx_factor on
ports but this is a good work around for now.
In sync_routers L3-RPC method l3-agent sends router_ids but the
server side expected router_id. This commit fixes the server side
to accept router_ids, and drops "fullsync" arg from the agent side
(fullsync is not used anywhere and it does not affect RPC signature).
This change allows l3-agent to sync only the specified routers
instead of all routers.
As a result of the above change, auto_schedule_routers() and
list_active_sync_routers_on_active_l3_agent() in L3 scheduler
needs to handle a list of router IDs. This commit changes L3 scheduler
to accept a list of router IDs in the above two methods.
Also fixes the argument order of fullsync and router_ids in get_routers
in L3PluginApi. L3-agent main code expects router_ids as the second arg.
This commit adds unit tests for packet-filter in NEC Plugin.
This commit refactors packet-filter in NEC Plugin.
- Put packet-filter classes and methods into nec/packet_filter.py (a) and
nec/db/packetfilter.py (b), NEC Plugin specific codes are in (a)
- Change stateless methods to class methods in extenstions/packetfilter.py
- Add 'convert_to' option to the attribute map of packet-filter to convert
some string parameter to int at the api layer
Also, this commit includes the following changes in packet-filter.
- Fix attribute map of packet-filter; set in_port to allow_put=False
- Add new methods to update attribute map properly
- Make packet-filters ignore status of associated resource (network)
Code Review / openstack-build / neutron-build.git / log