Currently 'flows' is being checked for empty list in
a non standard way 'if flows == []:'. This patch
simplifies logic so that above check is unnecessary.
This patch simplifies the process for validating the request body for
POST and PUT requests and preparing it for dispatching to plugins.
In particular it removes the need for parsing the URL to find the
resource identifier, and instead leverages Pecan's routing engine
to extract it. As a result the attribute population hook now simply
deals with request body validation, and has been renamed accordingly.
The logic for loading the current state of the object from the plugin
in order to enforce authZ policy on PUT requests has been moved to
the appropriate hook, PolicyEnforcementHook.
The logic for managing plural/singular names for resource has also been
improved, and two helper functions to retrieve a resource's attributes
have been added to neutron.api.v2.attributes
The logic for aborting requests with unsupported HTTP methods has also
been moved to the REST controllers. It used to be in PolicyEnforcementHook,
which was probably not the right thing to do.
This patch also unskips a functional test concerning ownership checks,
and add functional tests for verifying correct request processing.
Unit tests for the newly added helper functions are also provided.
Kevin Benton [Thu, 7 Jan 2016 23:40:27 +0000 (15:40 -0800)]
make floating IP specification test robust to races
The get_unused_ip function returns an address that isn't in use on
the network at the time it's called. However, by the time the caller
uses it, it may have been allocated to another concurrent test if
the network is shared or external.
The test_create_floatingip_with_specified_ip_address test creates
a floating IP with an unused IP on the external network, which has
lots of activity on it from other tests so it would occasionally
have its address taken by another test.
This patch just catches the in use error and tries again with a
new IP.
Kevin Benton [Thu, 24 Dec 2015 08:29:08 +0000 (00:29 -0800)]
Ensure agent binding modules are loaded
This patch ensures that models_v2 and the router db module
import the agent binding modules so their models are defined
in the sqlalchemy metadata. Otherwise, using an agentless
core/L3 plugin may result in a failure to initialize if nothing
imported the agent module.
Akihiro Motoki [Fri, 8 Jan 2016 18:35:05 +0000 (03:35 +0900)]
Make neutron-debug command follow cliff command convention
In the guideline of cliff command, developers implementing
commands should override take_action() rather than run().
The similar effort is being done in neutronclient side and
this fix is required to complete the effort.
Logger definition in each command class is no longer needed.
This commit also drops them.
Rename _get_vm_port_hostid in dvr to reflect the right functionality
_get_vm_port_hostid returns the host id associated with the
dvr service ports. It not only returns the VM port hostid, but
also returns the host id associated with LBaaS vip port and
dhcp.
So to be in sync with other function names let us rename the
function to _get_dvr_service_port_hostid.
Kevin Benton [Fri, 8 Jan 2016 01:27:52 +0000 (17:27 -0800)]
Move notifications before DB retry decorator
This patch moves the start notifications emitted in the API
layer ('network.create.start', etc) to before the DB retry
decorator. This prevents benign retry events from resending
notifications onto the message bus.
Carl Baldwin [Tue, 22 Dec 2015 18:19:15 +0000 (11:19 -0700)]
Create a routing table manager
The routing table manager maps address scope ids to routing tables.
It uses the rt_tables file specific to each namespace to maintain the
mapping so that id can simply be used as the table name when running
iproute2 commands. This will be useful when debugging.
Shih-Hao Li [Wed, 30 Dec 2015 19:43:23 +0000 (11:43 -0800)]
Fix uuid passing in disable_isolated_metadata_proxy
In DhcpAgent, when enable_isolated_metadata_proxy() spawns
a metadata proxy agent for a network, it will pass router_id
instead of network_id if metadata network is enabled and
a router port is connected to this network.
Later, MetadataDriver will register this uuid (i.e. router_id)
with monitor for the new metadata proxy process.
But when disable_isolated_metadata_proxy() destroys a metadata
proxy agent for a network, it always passes network_id as the uuid.
Thus MetadataDriver can not find the matching process. So the
corresponding metadata proxy agent can not be destroyed.
Moshe Levi [Tue, 8 Dec 2015 11:11:33 +0000 (13:11 +0200)]
SR-IOV: Fix macvtap assigned vf check when kernel < 3.13
when creating macvtap passthrough to SR-IOV VF in Kernel >= 3.13 an
upper_macvtap symbolic link is created. For Kernel < 3.13 the only
way to know it is by parsing the ip link show output and look for
macvtap[0-9]+@<vf ifname>.
This patch used the ip link show command to detects
macvtap assigned vf so that detection of macvtap assigned vf
will work on all kernels
Yu Fukuyama [Tue, 22 Dec 2015 05:17:30 +0000 (05:17 +0000)]
Fix meter label rule creation
In the case of outbound traffic, set remote_ip to dst.
In the case of inbound traffic, set remote_ip to src.
Change-Id: I7f27b93efa67baf3efccaa94f6a1337d6886e230
Closes-Bug: #1528137
DocImpact: Clarify remote_ip_prefix description of metering label rule in API site
Assaf Muller [Mon, 4 Jan 2016 22:49:09 +0000 (17:49 -0500)]
Remove l2pop _get_port_infos method
It's a method called 'get_port_infos' that returned
4 values, most of which were not a function of the port.
What the method did or its naming was very unclear to me
so I broke it up according to its usage.
Martin Hickey [Tue, 15 Dec 2015 17:42:39 +0000 (17:42 +0000)]
Add test for Neutron object versions
Adds a test to Neutron to check object versions for any changes
to objects. It prompts the developer to update the version of the
changed object. It uses oslo.versionedobjects.
Change-Id: I99454b28ae0b5fa663354eeccdf709d4030a280b Co-Authored-By: Ryan Rossiter <rlrossit@us.ibm.com>
Mathieu Rohon [Wed, 4 Nov 2015 17:49:40 +0000 (17:49 +0000)]
Avoid duplicating tenant check when creating resources
The check of the tenant done in the method _get_tenant_id_for_create()
is already did by the Neutron Controller in prepare_request_body(),
with a call to attributes.populate_tenant_id().
Moreover, when the Controller processes a "create" requests, it
will add the 'tenant_id' to the resource dict.
Thus, _get_tenant_id_for_create() can be deleted.
Calls to this method are replaced by the res['tenant_id'].
Changes have to be done in UT to explicitly add the tenant_id while
creating resources, since the UT framework is bypassing the controller code
that automatically adds the tenant_id to the resource.
Sławek Kapłoński [Thu, 26 Nov 2015 22:31:11 +0000 (23:31 +0100)]
Add extension_manager and support for extensions in linuxbridge agent
There is extensions mechanism for l2 agents already but it was
implemented only for openvswitch l2 agent. This patch adds support for
such extensions also for linuxbridge agent.
This patch also adds support for network_update events received by the
agent via RPC. It is required because sometimes when a network is
updated (for example with a QoS policy is attached to it) all ports that
belong to the network should also be updated.
Assaf Muller [Tue, 5 Jan 2016 01:30:43 +0000 (20:30 -0500)]
Fix API tests
Patch https://review.openstack.org/#/c/256164/
broke the Neutron API job by unsetting Tempest configuration
values that were unused by Tempest, but used by Neutron's fork
of Tempest. This patch copies credentials from the 'auth' section
to the 'identity' section.
The longer term plan is detailed here:
https://etherpad.openstack.org/p/neutron-tempest-defork
TL;DR: Removed overlap of tests between the Tempest and Neutron
repos, then use Tempest's plugin architecture for the tests that
will remain in the Neutron repo.
rossella [Tue, 22 Dec 2015 19:14:15 +0000 (19:14 +0000)]
Support rootwrap sysctl and conntrack commands for non-l3 nodes
Iptables-firewall use commands sysctl and conntrack.
These are missed out in the plugins resulting in (No filter matched) errors in
non-l3 nodes. L3 nodes do not have this problem as l3.filters rootwraps these
commands.
houming-wang [Thu, 24 Dec 2015 15:22:12 +0000 (10:22 -0500)]
Remove openstack.common._i18n from Neutron
Since oslo-incubator is no longer maintained[1] after 90ae25e38915cc502d9e9c52d59e8fb668a72ae1. And
openstack/common/_i18n.py is not referenced by Neutron. Let's remove it.
Dongcan Ye [Wed, 30 Dec 2015 11:16:22 +0000 (19:16 +0800)]
Check missed ip6tables utility
In some scenario, like in OpenStack Kolla, system may lack
iptables-ipv6 package. This may cause command ip6tables-save
or ip6tables-restore invalid and ovs-agent error.
This patch allows checking ip6tables support from CLI:
neutron-sanity-check --ip6tables_installed
Or using configuration options, for example:
neutron-sanity-check --config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
Herman Ge [Mon, 28 Dec 2015 11:31:42 +0000 (06:31 -0500)]
Misspelling in message
Misspelling in following message:
"# interconnect physical and integration bridges using veth/patchs".
Should be:
"# interconnect physical and integration bridges using veth/patches".
Totally 1 occurrence in Neutron base code.
watanabe isao [Tue, 30 Jun 2015 05:36:40 +0000 (14:36 +0900)]
Mitigate restriction for fixed ips per dhcp port
When number of fixed ips per dhcp port exceeds max_fixed_ips_per_port,
a dhcp resync will be triggered.
The bug report stated how simply this issue can be triggered.
Moreover, "max_fixed_ips_per_port" value should be used for non-DHCP
port only and DHCP port is not affected by this parameter.
Kyle Mestery [Wed, 17 Jun 2015 14:46:47 +0000 (14:46 +0000)]
dhcp: Default to using local DNS resolution
It's pointless to not include default DNS resolution for Neutron.
This adds a new config option (dnsmasq_local_resolv) which defaults
to 'True' and will allow for DNS name resolution to work out of
the box. The caveat is that if the 'dnsmasq_dns_servers' is set it
will override the 'dnsmasq_local_resolv' setting, thus allowing
operators to explicitly set their own DNS servers.
DocImpact: Default to using local DNS resolution with the DHCP agent.