rajeev [Fri, 22 Aug 2014 22:54:46 +0000 (18:54 -0400)]
Stop tracking connections in DVR FIP Namespace
For DVR, connections to external network using floating IPs do not
need to be tracked in FIP namespace because they are being
already tracked in router namespace.
This fix adds iptable rules to not track connections.
Avoid testing code duplication which introduced testing bugs
SecurityGroupAgentEnhancedRpcTestCase duplicated code in
SecurityGroupAgentRpcTestCase setUp, also
TestSecurityGroupAgentEnhancedRpcWithIptables duplicated
code from TestSecurityGroupAgentWithIptables setUp()
introducing bugs by improper initialization, like a missing
self.iptables.use_ipv6 = True
which in combination with tests.unit.test_ipv6.TestIsEnabled
produced inconsistent testing results.
Kevin Benton [Fri, 5 Sep 2014 04:55:47 +0000 (21:55 -0700)]
Reset IPv6 detection flag after IPv6 tests
Resets a module level flag that was being left in the
state that the previous test set it to. This was causing
unrelated tests to fail if the last state was left disabled.
John Schwarz [Thu, 4 Sep 2014 11:11:26 +0000 (14:11 +0300)]
Revert "Skip functional l3 agent test"
This reverts commit 0918ce91e5af5100ee3a4fcd6861741c4f00ac41. The
specified commit skipped a test which caused non-deterministic gate
failures, but the actual reason for the failures was found and fixed
so the skip is no longer needed.
John Schwarz [Thu, 4 Sep 2014 08:34:29 +0000 (11:34 +0300)]
Fix leftover Timeout effecting most eventlet calls
When registering a new eventlet.timeout.Timeout object, eventlet
automatically starts a timer for most (if not all) future eventlet
calls. Normally, eventlet codes do not hold a timeout unless such a
timeout is used or a specific timeout length is specified through
the API, but once a Timeout object is initialized, it is left there
unless canceled.
This change fixes an un-canceled Timeout which causes some
functional tests to fail, reintroduces a fix for bug #1358206,
which was written prior to discovering the uncanceled timeout, and
increases the timeout of a test that depended on this timeout.
Carl Baldwin [Tue, 2 Sep 2014 16:49:45 +0000 (16:49 +0000)]
Cleanup rename of get_compute_ports_on_host_by_subnet
A recent merge [1] renamed this method to remove "compute_" from the
name. Unfortunately, the rename was not done thoroughly. This patch
cleans that up. No bug is referenced since this is an obvious
ommission in a recent patch.
The reverted patch incorrectly ties with Keystone and should have never been
approved since the approved version only partially addressed review concerns.
This revert also ensure migration timeline integrity.
shihanzhang [Mon, 4 Aug 2014 08:44:31 +0000 (16:44 +0800)]
Refactor security group rpc call
Refactor rpc call of 'security_group_rules_for_devices' into
'security_group_info_for_devices' to reduce the response
message size and server side processing time. Includes
agent-side auto detection of rpc version, and fall back
to the old one.
Change-Id: If19be8579ca734a899cdd673c919eee8165aaa0e
Implements: blueprint security-group-rules-for-devices-rpc-call-refactor
DocImpact Co-Authored-By: Miguel Angel Ajo <mangelajo@redhat.com>
when an interface is added to a router with gateway, the method
internal_network_added(..) incorrectly configures the IP address
of the new snat interface same as the IP address of the new
subnet interface.
Kevin Benton [Thu, 21 Aug 2014 16:12:15 +0000 (09:12 -0700)]
BSN: Bind external ports in ML2 driver
Add a binding capability to the Big Switch ML2 mechanism
driver to mark external ports as bound. Ports with the
owner type 'neutron:external_port' will be assigned to the first
VLAN segment available in the network. The port update operation
will then carry the HOST ID with the identifier to the backend
for the necessary fabric configuration.
Cedric Brandily [Tue, 26 Aug 2014 18:23:04 +0000 (20:23 +0200)]
Remove SELECT FOR UPDATE use in delete_firewall
SELECT FOR UPDATE expression, which is triggered with the use of the
SQLAlchemy Query object's with_lockmode('update') method, is
detrimental to performance and scalability of the database
performance code in Neutron due to the lock contention it produces.
SELECT FOR UPDATE can be entirely avoided in delete_firewall method
with the use of single-shot DELETE expressions.
Sayaji [Tue, 12 Aug 2014 01:16:12 +0000 (18:16 -0700)]
Implements sync mechanism between Neutron and Nuage VSD
This will sync resources between Neutron and VSD based on
the configuration parameters. "enable_sync" will enable/disable
the sync and "sync_interval" will control the time interval
between consecutive sync cycles.
YAMAMOTO Takashi [Thu, 14 Aug 2014 03:06:53 +0000 (12:06 +0900)]
ofagent: Enable local arp responder for TYPE_FLAT
handling TYPE_FLAT is particularly useful because,
as stated in README, a flat provider network is
the recommended way to provide public network connectivity
for ofagent.
Miguel Angel Ajo [Mon, 18 Aug 2014 10:59:32 +0000 (12:59 +0200)]
Implements ProcessMonitor to watch over external processes
This class takes care of all the spawned external processes,
taking the administrator configured action in the case of any
of the external processes die unexpectedly.
Kevin Benton [Mon, 1 Sep 2014 20:03:27 +0000 (13:03 -0700)]
Prevent SystemExits when running tests
Adds a check for SystemExit exceptions during tests
to convert them into a test failure rather than an exit.
Includes the traceback in the failure so the source of
the exit can be located.
Kevin Benton [Tue, 12 Aug 2014 21:04:24 +0000 (14:04 -0700)]
Big Switch: Separate L3 functions into L3 service
Separate the L3 functions from the core Big Switch
plugin into an L3 service plugin. This is will allow
the L3 functions to be used in ML2 deployments that
use the Big Switch ML2 driver.
Kevin Benton [Wed, 13 Aug 2014 02:02:51 +0000 (19:02 -0700)]
Big Switch: Bind IVS ports in ML2 driver
Add support to bind IVS ports in the Big Switch ML2
mechanism driver. The backend controller will be checked
to determine if a host is connected using the Indigo vswitch.
If so, the mechanism driver will mark it as bound since
it will be provisioned by the backend controller.
Fix a bug in Mellanox plugin RPC caused by secgroup RPC refactoring
SecurityGroupsRpcCallback RPC refactoring patch (commit 2781fce238)
moves get_port_from_device method from plugin RPC callback class to
plugin layer, but Mellanox plugin RPC callback was forgot to update
and as a result RPC calls from agents to Mellanox plugin fails.
John Schwarz [Tue, 26 Aug 2014 08:43:11 +0000 (11:43 +0300)]
Don't spawn metadata-proxy for non-isolated nets
If the configuation option "enable_isolated_metadata = True" for the
DHCP agent is set, the neutron-ns-metadata-proxy process is spawned
for all networks, regardless if they are isolated or not. In case
the network is not isolated (ie. connected to a neutron router), the
L3 agent also spawns a proxy process, and the DHCP's proxy is left
unused. This patch adds a check prior to the spawning of new proxies:
if a network is not isolated, no proxy is spawned.
Currently "tunnel_types" is used for two different purposes; l2pop and
check_segment_for_agent. This commit introduces a new agent
configuration "l2pop_network_types" to allow overriding the former.
This will be used by ofagent, which wants l2pop info for TYPE_VLAN
as well.
Robert Kukura [Mon, 1 Sep 2014 11:27:10 +0000 (07:27 -0400)]
ML2: Fix release of network segments to allocation pools
The recent merge of https://review.openstack.org/#/c/115025/ broke the
release of network segments to allocation pools on network delete,
resulting in network creates eventually failing with
NoNetworkAvailable exceptions. The network_delete() code is rearranged
to properly release the network segments, and a unit test is updated
to verify that the type drivers' release_segment() method is called.
This fixes UT failures on systems without the procfs entry
by adding appropriate mocking. The problem introduced by
the following change:
https://review.openstack.org/#/c/116826/
commit 0c963f6140237d8d3f361c6aaa7d2a6b656504db
Also, add a test for the case which the change in question fixed.
Angus Lees [Thu, 28 Aug 2014 07:26:01 +0000 (17:26 +1000)]
Remove chain for correct router during update_routers()
The existing code incorrectly used the stale value from a previous list
comprehension - and deleted the chains for the wrong router :(
(Found via pylint)
Also: change to using a set() rather than a list(), since it is used for
repeated membership tests.
Also: refactor test cases to remove test case duplication.
YAMAMOTO Takashi [Mon, 11 Aug 2014 00:02:22 +0000 (09:02 +0900)]
ofagent: Enable local arp responder for local VMs
Because ofagent makes every arp requests packet-in and
perform packet-out anyway, just make it respond arp requests
for local VMs. It would be simpler and more effective than
forwarding requests to the network as it did before this change.
Before this change:
request: src VM -> switch -> controller -> switch -> target VM
reply: target VM -> switch -> src VM
After this change:
request: src VM -> switch -> controller
reply: controller -> switch -> src VM
As a bonus, now we can test l2pop and local arp responder with
a single node setup, at least for some extents.
Highlights:
- Deprecate br-tun.
- Reduce the use of OFPP_NORMAL action. Use mac address info
obtained from get_device_details and l2-pop to reduce flooding.
- Use OpenFlow metadata instead of "internal" VLANs.
Now tenant networks are VLAN transparent.
Assaf Muller [Tue, 5 Aug 2014 20:47:18 +0000 (23:47 +0300)]
Introduces a keepalived manager for HA
This patch introduces a keepalived manager
which will be used for the blueprint
blueprint l3-high-availability.
The manager can create a keepalived.conf compliant configuration,
start, stop and restart the service, as well as create keepalived
notification scripts.
The current ML2 plugin supports only extensions defined in the plugin and it
does not support any extensions in the mechanism drivers. The changes in this
commit allows mechanism drivers to define new extensions.
Nader Lahouti [Sat, 28 Jun 2014 01:09:19 +0000 (18:09 -0700)]
Cisco DFA ML2 Mechanism Driver
Part 1:
This commit contains changes to support ML2 mechanism driver for Cisco
DFA. For more details please see the blueprint which has more description and
link to document with requirements.
Part 2: Changes in OVS neutron agent.
(http://review.openstack.org/110065)
Part 3: DFA extension driver.
(http://review.openstack.org/111761)
Part 4: DFA config profile service plugin.
(http://review.openstack.org/111863)
Andreas Jaeger [Sat, 30 Aug 2014 19:30:24 +0000 (21:30 +0200)]
Improve some plugins help strings
For consistency add a "." everywhere, remove an extra space at end of a
string, add missing space between strings, fix descriptions and
capitalization.
Code Review / openstack-build / neutron-build.git / log