Kyle Mestery [Thu, 25 Jun 2015 20:36:47 +0000 (20:36 +0000)]
Consolidate sriov agent and driver code
In preparation for decomposing the built-in reference implementation,
this commits consolidates the sriov agent and driver code into a
coherent place for it's life in the new repository. I've also given
the unit tests a new home.
Kyle Mestery [Wed, 24 Jun 2015 19:12:06 +0000 (19:12 +0000)]
Restructure agent code in preparation for decomp
This commit moves the L2 agents (Linuxbridge and OVS) into the
ML2 directory, while at the same time also moving the ML2 server
bits into toplevel directories. It also moves the configuration
files and unit tests. We also move the l2pop RPC mixin while
here as well.
Pavel Bondar [Thu, 25 Jun 2015 13:52:08 +0000 (16:52 +0300)]
Extend SubnetRequestFactory to access subnet dict
SubnetRequestFactory incorporates logic for preparing arguments and
building right request.
Subnet dict, context and subnetpool are used to make decision on
what kind of reqest should be created.
SubnetRequestFactory can be overriden on ipam driver level,
it allows to easily extend existent Request model.
Kevin Benton [Fri, 26 Jun 2015 01:31:38 +0000 (18:31 -0700)]
Remove duplicated call to setup_coreplugin
The test case for vlan_transparent was calling setup_coreplugin
before calling the super setUp method which already calls
setup_coreplugin. This was causing duplicate core plugin fixtures
which resulted in patching the dhcp periodic check twice.
Kevin Benton [Fri, 26 Jun 2015 01:29:37 +0000 (18:29 -0700)]
Remove double mock of dhcp agent periodic check
The test case for the periodic check was patching a target
that the core plugin fixture already patched out. This removes
that and exposes the mock from the fixture so the test case
can reference it.
Kevin Benton [Fri, 26 Jun 2015 00:55:16 +0000 (17:55 -0700)]
Remove double callback manager mocks
setup_test_registry_instance() in the base test case class gives
each test its own registry by mocking out the get_callback_manager.
The L3 agent test cases were duplicating this.
Kevin Benton [Thu, 25 Jun 2015 23:57:30 +0000 (16:57 -0700)]
Remove ensure_dirs double-patch
test_spawn_radvd called mock.patch on ensure_dirs after the
setup method already patched it out. This causes issues when
mock.patch.stopall() is called because the mocks are stored
as a set and are unwound in a non-deterministic fashion.[1]
So some of the time they will be undone correctly, but others
will leave a monkey-patched in mock, causing the ensure_dir
test to fail.
Sukhdev Kapur [Thu, 25 Jun 2015 22:11:28 +0000 (15:11 -0700)]
Fix tenant-id in Arista ML2 driver to support HA router
When HA router is created, the framework creates a network and does
not specify the tenant-id. This casuse Arista ML2 driver to fail.
This patch sets the tenant-id when it is not passed explicitly by
by the network_create() call from the HA router framework.
Even though original issue was discovered for network_create()
it turns out the same issue applies for port_create() as well
so all the methods are fixed in this patch
Cedric Brandily [Wed, 24 Jun 2015 19:31:33 +0000 (21:31 +0200)]
Avoid env variable duplication in tox.ini
Some environment variables are defined multiple times in tox.ini. This
change defines "fake" tox jobs and refactors existing jobs to reduce
duplicated environment variables.
Kevin Benton [Wed, 3 Jun 2015 22:20:27 +0000 (15:20 -0700)]
Skip ARP protection if 0.0.0.0/0 in addr pairs
Don't setup ARP protection on ports with allowed address pairs
that allow them to use any IP address. This is necessary because
OVS doesn't support the /0 prefix in rules that match on ARP headers.
Russell Bryant [Wed, 24 Jun 2015 18:59:26 +0000 (14:59 -0400)]
Updated from global requirements
This patch takes the latest global requirements update from change
Ibcb49412a012f79be2f7fd697349ddbf43bd7b9b except takes out the update
to setup.py which reverts the windows specific requirements. We are
still working on getting the custom changes out of setup.py in change
I3c07c279d33f6aed46c3a97dd9ba81251e51429a.
Ihar Hrachyshka [Tue, 23 Jun 2015 15:33:38 +0000 (17:33 +0200)]
ovsdb: attempt to enable connection_uri for native impl on startup
The port is in most cases disabled, so to use it, we should first enable
it, and it means that we should still rely on ovs-vsctl for that initial
call.
Aaron Rosen [Wed, 3 Jun 2015 23:19:39 +0000 (16:19 -0700)]
Provide work around for 0.0.0.0/0 ::/0 for ipset
Previously, the ipset_manager would pass in 0.0.0.0/0 or ::/0 if
these addresses were inputted as allowed address pairs. This causes
ipset to raise an error as it does not work with zero prefix sizes.
To solve this problem we use two ipset rules to represent this:
Ipv4: 0.0.0.0/1 and 128.0.0.1/1
IPv6: ::/1' and '8000::/1
All of this logic is handled via _sanitize_addresses() in the ipset_manager
which is called to convert the input.
Kevin Benton [Wed, 24 Jun 2015 10:27:16 +0000 (03:27 -0700)]
Make DHCPv6 out of bounds API test deterministic
The test_dhcp_stateful_fixedips_outrange API test was randomly
picking an IP from last + 1 up to last + 10 in the allocation
range. This made it fail randomly when there was an issue related
to the subnet allocation having an off-by-one issue.
This adjusts the test to just always test last +1 and +2.
Kevin Benton [Wed, 24 Jun 2015 09:15:29 +0000 (02:15 -0700)]
Don't process network_delete events on OVS agent
There is no reason to reclaim the local VLAN on a network_delete
event since it will be reclaimed when the last port is deleted anyway.
This method was racey with recent port creation events and lead to
occasional traces when it would yank the local VLAN out from underneath
an ongoing port wiring process.
Cedric Brandily [Tue, 23 Jun 2015 22:08:22 +0000 (00:08 +0200)]
Support oslo_db 1.12
oslo_db 1.12[1] decorates oslo_context.context.RequestContext with
session management[2][3] and add a read-only attribute 'session'. Such
feature breaks Brocade plugin and its unittests because they define
on RequestContext the 'session' attribute which now is a read-only
property. This change uses neutron.context instead of
oslo_context.context in order to delegate session management to the
neutron.context and remove read-only attribute set.
A follow-up change will refactor neutron.context in order to use oslo_db
1.12 session management instead of homemade one.
Jeremy Stanley [Thu, 18 Jun 2015 19:09:05 +0000 (19:09 +0000)]
Override opportunistic database tests to PyMySQL
Set the OS_TEST_DBAPI_ADMIN_CONNECTION override variable so that
oslo.db opportunistic detection will know to use PyMySQL until
I12b32dc097a121bd43991bc38dd4d289b65e86c1 makes it the default
behavior.
This change removes previous code[1] enabling PyMySQL use.
[1] Ic5c1d12ab75443e1cc290a7447eeb4b452b4a9dd
Change-Id: Ic39feee0248f2ffabdba26f3779ab40a8f3838e6 Co-Authored-By: Victor Sergeyev <vsergeyev@mirantis.com> Co-Authored-By: Cedric Brandily <zzelle@gmail.com>
Cedric Brandily [Tue, 23 Jun 2015 18:00:30 +0000 (20:00 +0200)]
Extend default setenv instead of replacing it in tox.ini
Some tox jobs[1] define their own setenv without extending/referencing
default setenv, it disallows to define environment variables shared by
all jobs. This change updates previous jobs[1] in order to extend
instead of replacing default setenv and enable global environement
variables (used in daughter change).
One remark, this change sets VIRTUAL_ENV environment variable in updated
jobs[1] but it has no effect on them.
[1] (dsvm-)functional, (dsvm-)fullstack and api jobs
Fix FloatingIP Namespace creation in DVR for Late Binding
DVR has dependency on the portbinding host to determine
where to start the FloatingIP Namespace when floatingip
is configured. But when we assign a floatingip to a port
that is not bound, even though the API will succeed, the
FloatingIP Namespace will not be created by the Agent and
so the FloatingIP will not be functional.
This patch addresses the issue by creating the Namespace
and configuring the rules when the late binding happens.
The agent will be requesting the FIP agent gateway port,
if required and then proceed to configure the FloatingIP
Namespace.
Pavel Bondar [Tue, 23 Jun 2015 09:07:43 +0000 (12:07 +0300)]
Bulk move methods to ipam_backend_mixin.py
ipam_backend_mixin contains methods common for both backends:
pluggable and non-pluggable, so moving methods to make them accessible
by backends.
Next methods were moved from db_base_plugin_v2.py to
ipam_backend_mixin.py:
- _validate_subnet_cidr
- _validate_network_subnetpools
- _allocate_pools_for_subnet
- _save_subnet
This commit moves methods without any internal changes.
All future changes and decomposition of these methods will be handled in
next commits.
Rawlin Peters [Thu, 18 Jun 2015 17:22:13 +0000 (11:22 -0600)]
Optimize ipset usage in IptablesFirewallDriver
Currently, IptablesFirewallDriver._update_ipset_members() iterates
through a list of security group IDs and makes a call to
IpsetManager.set_members() for each security group ID in the list. The
problem is that set_members() is repeatedly called with the same
arguments over and over again because the list of security group IDs
contains duplicates. These duplicated calls are unnecessary because they
are idempotent.
For instance, with a security group of 50 rules created in this manner:
neutron security-group-rule-create $SECGRP --remote_group_id $SECGRP
--protocol tcp --port_range_min $i --port_range_max $i
Adding a server to that security group will cause 50 calls to
IpsetManager.set_members() because the list of security group IDs is 50 of
the same ID. Only one call to IpsetManager.set_members() is necessary
per security group ID.
This patch converts that list of security group IDs into a set, which
eliminates the duplicate idempotent calls to
IpsetManager.set_members() with the same arguments. This will affect
performance by reducing the amount of file locking around ipset when
adding servers to security groups.
Oleg Bondarev [Tue, 2 Jun 2015 13:14:40 +0000 (16:14 +0300)]
Fix callback registry notification for security group rule
Some housekeeping was done in
- SecurityGroupDbMixin:
- create_rule_bulk() calls to create_rule();
- registry notification is in create_rule();
- separate validation for a single rule and for a group of rules
- SecurityGroupServerRpcMixin:
- overriden methods call to corresponding super class methods;
David Edery [Sun, 21 Jun 2015 12:59:49 +0000 (15:59 +0300)]
Fix subnet creation failure on IPv6 valid gateway
Currently a valid IPv6 address gateway of the "*::ffff:ffff:ffff:ffff"
pattern is failing due to netaddr.broadcast returning value for both IPv6
and IPv4 addresses. IPv6 has no broadcast address so the fix checks if
the gateway is the subnet broadcast address only in the case of IPv4
subnet
Code Review / openstack-build / neutron-build.git / log