While plugging vif, VIFDriver in Nova follows "ovs_hybrid_plug" and
"port_filter" in "binding:vif_detail" which is passed from Neutron, but
those are always true. This patch make ML2 OVS mech driver set those
param depends on enable_security_group flag. It enables users to avoid
ovs_hybrid plugging.
This patch also fixes the same issue in the following plugins/drivers:
* NEC Plugin
* BigSwitch Plugin
* Ryu Plugin
* ML2 Plugin - OFAgent Mech Driver
This patch has a few benign changes that should be easily reviewed.
The purpose of this patch is to allow me to make cleaner edits in
follow on patches so that they're more easily reviewed in their
specific contexts.
Indicate the begin and end of the sync process to EOS
Send a trigger to EOS when a sync operation is initiated, and,
another trigger when the sync operation is complete.
Additionally, sync_interval value (from ml2_conf_arista.ini)
is passed down to EOS. This is used by EOS to timeout the
transaction.
Only setup dhcp interface if dhcp is not active on network
When enabling (DhcpLocalProcess.enable()) dhcp for a network the agent
first sets dhcp interface, then checks if dhcp is curently active and
if it's true then the agent restarts dhcp.
Restart (DhcpBase.restart()) first disables dhcp and then enables it again
by calling DhcpLocalProcess.enable() recursively which in turn sets
dhcp interface again (it doesn't see the port created earlier as network
is not re-fetched from db). This leads to duplicate dhcp interface
for the network.
The fix is to only setup dhcp interface if dhcp is not active.
HA routers master state now distributed amongst agents
We're currently running with no pre-emption, meaning that
the first router in a cluster to go up will be the master,
regardless of priority. Since the order in which we sent
notifications was constant, the same agent hosted the
master instances of all HA routers, defeating the idea
of load sharing.
The functional job was breaking due to the interaction between
devstack installing neutron system-wide in editable mode (pip install
-e) and tox packaging in the same path. Installing in editable
mode meant that neutron.egg-info/PKG_INFO could be updated (in this
case by tox) to change the installed version of the neutron package
without updating scripts that depended on the installed version
(e.g. rootwrap). This fix is to set the dsvm-functional env to
use system packages and avoid having tox update PKG_INFO.
Kevin Benton [Thu, 18 Sep 2014 20:46:51 +0000 (13:46 -0700)]
Delete a broken subnet delete unit test
A test to delete a subnet in use was incorrectly
calling 'subnet' instead of 'subnets' in the API request
and asserting a 404 instead of a 409. Even the correct
version of this test is already covered by the
'test_port_prevents_subnet_deletion' method so this
commit just removes the broken test.
A recent change has made this attribute required for nova
integration.
This patch adds this attribute to responses generated by the NSX
plugin, and also ensures relevant unit tests are executed for the
vmware NSX plugin.
Paul Michali [Fri, 12 Sep 2014 18:16:35 +0000 (14:16 -0400)]
Access correct key for template name
When an exception occurs while loading the config agent driver, the
handler tries to log a message, but accesses the wrong key to get the
template name. This causes another exception, which masks the original
exception.
This change accesses the correct key and performs logging inside a
with block to (defensively) preserve the exception context.
This fix ensures that DHCP Ports that are
available on DVR routed subnets, are serviced
by DVR neutron infrastructure.
Here servicing by DVR means, creation of
DVR namespaces on such nodes holding DHCP
Ports and also applying DVR specific OVS
Rules to the br-int and br-tun bridges on
such nodes, to enable traffic to be routed
via DVR to such DHCP Ports.
Currently, there is no check which validates the values of
tunnel range for VXLAN/GRE networks. The VXLAN VNI is 24 bit
which have range between 1 to 2^24 - 1. Similarly, GRE key field
is 32 bit which have range between 1 to 2^32 - 1.
Kevin Benton [Tue, 2 Sep 2014 18:27:51 +0000 (11:27 -0700)]
BSN: Add context to backend request for debugging
Include the request context with calls to the backend
Big Switch controllers to assist with event correlation
and debugging object provenance. The auth token is
stripped since this information is sensitive and
these requests will appear in debug logs.
This also removes mutable objects from default arguments
in some of the server manager function definitions that
were interferring with the new use of the headers dict.
Sylvain Afchain [Wed, 6 Aug 2014 12:32:51 +0000 (15:32 +0300)]
Add HA support to the l3 agent
* Add HA mixins used by RouterInfo and LNAT3Agent
* For HA routers: Internal, external and floating IP addresses are no
longer configured by the agent. Instead the interfaces and addresses
are passed to a keepalived configuration, which configures the
addresses when the router transitions to the master state.
* Only the master instance of the router opens the metadata proxy.
This happens due to keepalived notification scripts that are
called upon state transitions.
* Extra routes are handled via keepalived virtual routes and are
no longer configured by the agent.
* HA routers create a 'HA device' on a VRRP-traffic only HA-network.
* Functional testing: Add two new tests to the L3 agent:
1) Translation of a router configuration to a keepalived
configuration.
2) HA specific events when creating a HA router - Assert that
keepalived is up, etc.
Kevin Benton [Sun, 14 Sep 2014 09:22:57 +0000 (02:22 -0700)]
Fix a test_db_plugin unit test side_effect usage
One of the unit tests didn't correctly use the side_effect
parameter for a mock to return different responses to multiple
calls, which resulted in an extra try-except block and an inline
note. This commit fixes the side_effect and removes the extra
catching code.
Fix KeyError on missing gw_port_host for L3 agent in DVR mode
The order of Mixin imports broke the MRO, which caused some methods
in the L3 hierarchy to be ignored. In particular, _build_routers_list
for DVR was no longer called, which led to the stacktrace observed on
the L3 agent side.
Andreas Jaeger [Sat, 13 Sep 2014 07:29:37 +0000 (09:29 +0200)]
Stop using intersphinx
Remove intersphinx from the docs build as it triggers network calls that
occasionally fail, and we don't really use intersphinx (links other
sphinx documents out on the internet)
This also removes the requirement for internet access during docs build.
This can cause docs jobs to fail if the project errors out on
warnings.
Pritesh Kothari [Thu, 21 Aug 2014 06:51:16 +0000 (23:51 -0700)]
Remove the Cisco Nexus monolithic plugin
The Cisco Nexus monolithic plugin does not work without the Open
vSwitch plugin. The Open vSwitch plugin is scheduled to be removed
as per #1323729. This patch removes the Nexus Hardware switch
related plugin code. The N1KV virtual switch related code will
still remain in the tree as it doesn't depend on Open vSwitch
plugin.
ronak [Fri, 8 Aug 2014 19:13:16 +0000 (12:13 -0700)]
Check for ports in subnet before deleting it from Nuage VSD
There could exist a port in subnet in neutron in which case subnet delete
is not allowed. In the nuage's plugin code, this validation needs to
be handle prior to sending delete subnet request to backend.
Sylvain Afchain [Mon, 20 Jan 2014 22:38:29 +0000 (23:38 +0100)]
Add a new scheduler for the l3 HA
This patch updates all schedulers in order to support the
scheduling of HA routers. It also refactors and adds tests for
the auto scheduling part.
The schedulers aren't expected to work when creating a router
that's both distributed and highly available. Specific issues
will be reported as bugs and fixed in a future patch.
This patch amends migrations added after the icehouse release
and before the healing migration.
Migrations are changed in a way that they are not anymore
dependent on configuration parameters but are anyway aware of
the fact that the database has not yet been healed.
To this aim, amended migrations now will need to inspect the
current schema and cannot be anymore be used in offline mode;
this is consistent with the behaviour of the healing migration.
This patch does not remove the logic for generating and
managing configuration-dependent migrations. For this reason
upgrade and downgrade routines still accept the active_plugins
parameter, which will not be used.
This patch replaces folsom initial state and all migrations
from folsom to havana, with a new, configuration independent
initial db state, corresponding to the havana release.
In order to avoid large modules, "init ops" modules have been
created for all plugins, service plugins, and extensions.
Some migrations after the havana release were amended or
removed to reflect the new initial state being introduced.
shihanzhang [Mon, 4 Aug 2014 09:31:01 +0000 (17:31 +0800)]
Adds ipset support for Security Groups
Iptables chain is linear storage and filtering, when iptables rules are
large, the load of l2 agent is heavy, this patch introduces ipset to
security group for improving the security group performance.
In router remove path process_router(), processing of floating ips
is getting skipped. This change adds processing of floating ips
if the external gateway for the router was previously set. Since
DVR uses FIP namespaces and agent gateway ports, this change ensures
such ports and namespaces are removed.
Code Review / openstack-build / neutron-build.git / log