This patch introduces VXLAN support for Linuxbridge agent alongside
with ml2 plugin support in linubridge mechnism driver.
A new vxlan configuration section is added for vxlan related parameters.
The agent also implements l2population RPC callbacks which allows ml2
plugin using l2population mechnism driver to populate vxlan forwarding
and neighbor tables following portbinding events. It allows agent to
respond locally to ARP requests for remote VMs and avoid dataplane based
learning. This should help limiting the use of multicast or flooding
for broadcast emulation in vxlan networks.
These changes should anyway have a limited risk, as agent behaviour
shouldn't be affected, except when vxlan is enabled alongside ml2 plugin.
Francois Eleouet [Thu, 22 Aug 2013 14:51:01 +0000 (16:51 +0200)]
OVS agent implementation of l2-population
This patchset implements l2-population RPC callbacks in OVS agents,
it enables plugin to populate forwarding table following portbindings
events.
For now, it doesn't include ARP responder implementation which is
deferred to a future patchset (As this feature isn't yet supported by
OVS, it will require the use of an external responder such as ebtables)
It anyway brings some improvements in tunnelling management, as agent
will tear-down unecessary tunnels, and flood packets on a per-network
basis rather than to all other agents.
These changes should anyway have a limited risk, as tunnel management
won't be affected as long as l2_population option is not set. This
option must be used in conjonction with ml2 plugin using l2population
mechanism driver.
Bob Melander [Wed, 3 Apr 2013 19:22:30 +0000 (21:22 +0200)]
Adds support for L3 routing/NAT as a service plugin
- Adds L3 routing/NAT service plugin
- Removes L3 routing/NAT from ML2 plugin
- Moves "router:external" attribute to new extension "External-net"
- Introduces separate RPC topic for L3 callbacks from L3 agent
Kaiwei Fan [Fri, 23 Aug 2013 06:25:52 +0000 (23:25 -0700)]
Support for NVP advanced service router
When creating an LR:
- deploy an Edge asynchronously
- create a L2 switch for connecting LR and Edge
- attach a router port to the L2 switch.
- assign ip address 169.254.2.1/28 and nexthop 169.254.2.3 to LR
When set external gateway:
- configure Edge interface and default gateway
- Add static routes to Edge for all logic networks attached to LR via nexthop 169.254.2.1
- configure SNAT rules for all logic networks attached to LR
When add router interface:
- Add static route/SNAT rule for the network attached to LR
When associate floating IP address:
- configure DNAT rule for the floating ip and the port
Tests being done:
- Verified Edge is deployed asynchronously and LR is attached to the internal created L2 switch
- Manually attach Edge's vNic to the L2 switch and Edge is able to ping 169.254.2.1
- Verified router-delete deletes Edge asynchronously and remove the internal L2 switch
- Verified SNAT/DNAT/static-routes rules are configured on Edge in correct order
- Verified external vnic ip address/netmask and default gateway is configured
Help text was added to the configuration options defined in the brocade neutron
plugin. This help text should assist users of the brocade plugin. The OSTYPE
configuration option was not used in the plugin and was labeled as such so a
user of the plugin would not worry about the meaning of it.
The example etc file /etc/neutron/plugins/brocade/brocade.ini has been updated
to share the same help values where applicable.
Ensure pid file is removed when metadata ns daemon receives SIGTERM
These files from the metadata namespace proxy are not being removed
because delete_pid() is registered with atexit. This means it only runs
when a process exits normally and won't run when a process receives a
signal.
This patch registers a signal handler for SIGTERM that calls exit()
to make the process exit normally so delete_pid() gets called.
LBaaS: Fix healthmonitor disassociation for non-admin
Due to specifics of policy engine, checked object should have
tenant_id to be checked by rule admin_or_owner.
In 'disassociate' operation neutron API layer works with
PoolHealthMonitorAssociation which doesn't have tenant_id field.
Need to add it to resulting dict returned by get_pool_health_monitor.
Using tools/check_i18n.py to scan source directory, and fix most of
the errors.
- Message internationalization
- First letter must be capital
- Using comma instead of percent in LOG.xxx
Note: all extension's description are not touched in this patch,
can be fixed after discussing.
Note: all nicira/check_nvp_config.py print messages are not fixed.
Kaiwei Fan [Thu, 5 Sep 2013 20:57:13 +0000 (13:57 -0700)]
Fix IF checks on spawned green thread instance
Initially the symptom looks like race condition between two threads when
stopping the task manager. After further analysis/troubleshooting, it
turns out that two threads are spawned if a task manager is stopped and
started again, causing unexpected errors.
The IF check on the spawned thread sometimes return True sometime return False
if not compared against None explicitly. This makes start() method
think no thread has been started or stop() method think no thread is started.
Change the check to compare against None.
Also fixed a problem in unit-test where a thread may never terminated when
a stop call is invoked during db access.
Prevents 400 NVP errors caused by a None display_name
The API forbids a resource name to be None, but the
Model does not. Such errors may be induced by
programming directly against the plugin interface. With
this fix we avoid raising 400 faults which may be introduced
by involuntary programming errors.
neutron.common.log.log is useful for logging arguments of a method.
It outputs class name and method name, but module path is not output.
A module path is useful to search the log message.
stevedore requires an additional parameter to be used (name_order=True) to
sort the loaded extensions to match the order used in the parameter "names".
Kun Huang [Thu, 5 Sep 2013 06:20:23 +0000 (14:20 +0800)]
fix conversion type missing
Conversion type is missing in some places which would cause some
unexcepted error. By using 'grep -rn "%(\w\+)\W"', we could find
all cases of '%(variable_a)' and fix them.
Abhishek Raut [Tue, 20 Aug 2013 04:20:11 +0000 (21:20 -0700)]
Add sub-type field to VXLAN network profiles for Cisco N1KV plugin
Rename VXLAN type of network profiles to Overlay network profiles.
Add a new sub type column to Overlay network profiles. Support
enhanced VXLAN and native VXLAN as Overlay sub types. Allow plugin to
be flexible to support newer sub types.
_report_state is being called by setup_rpc so int_br_device_count needs
to be initialized earlier. To avoid
AttributeError: object has no attribute 'int_br_device_count'
This wasn't caught by unit tests for 3 separate reason
o The reference to self.int_br_device_count is wrapped in
except Exception: log / pass
- This reference has been moved outside of the try/except
o Unit tests set report_interval to 0 so the heartbeat wasn't called
during unit tests.
- now removed
o The function passed into FixedIntervalLoopingCall isn't started
anyways so wasn't calling self._report_state
- replaced FixedIntervalLoopingCall with a mock that calls the
function once.
Aaron Rosen [Fri, 16 Aug 2013 17:56:21 +0000 (10:56 -0700)]
Implement Allowed Address Pairs
The following patch adds the concept of allowed address pairs.
This allows one to add additional ip/mac address pairs on a port to
allow traffic that matches those specified values. This is useful in order
to leverage dataplane failover mechanisms like vrrp. This patch adds support
for the NVP plugin, the OVS plugin, and Ml2.
garyduan [Sun, 25 Aug 2013 00:34:00 +0000 (17:34 -0700)]
vArmour gateway agent and FWaaS driver
This patch enables vArmour's routing and firewall services to be deployed in
openstack environment.
- as gateway for internal networks
- support SNAT and DNAT (floating IP)
- FWaaS services
Fix NVP plugin to send notifications for gateway-less subnets
It was noted that an update notification should be sent
regardless; this patch addresses that. Since there is
no longer the need to distinguish on whether to send
the RPC message or not, the operation has been factored
out to avoid code duplication.
This patch does minimal changes in neutron.plugins.nicira.common.sync
providing unit tests with a reference to the looping call object, so
that they can control its lifecycle.
Also, it perform a bit of refactoring in test_l3_agent.py in the way
mocks are created and started.
Kaiwei Fan [Tue, 20 Aug 2013 21:28:58 +0000 (14:28 -0700)]
VCNS driver implementation
Implement API/driver interface for configuring vShield Edge Appliance.
Currently implemented functions:
- Deploy an Edge
- Destroy an Edge
- Configuring interfaces
- Configuring SNAT/DNAT rules
- Configuring default gateway and static routes
- Query Edge status
- Task-based asynchronous model
- Allow old routes/nat config to be skipped if new updates are coming
Mark McClain [Wed, 4 Sep 2013 18:36:11 +0000 (14:36 -0400)]
ensure that Arista test destroys the database
Out of order test execution has revealed that the database was not
properly cleaned up after each test run. This patch adds a call to
clear the database after each test.
Rich Curran [Wed, 21 Aug 2013 21:43:12 +0000 (17:43 -0400)]
ML2 Mechanism Driver for Cisco Nexus
Port of the quantum/plugin/cisco/nexus plugin to run under the Modular
Layer 2 (ML2) infrastructure as defined in
https://blueprints.launchpad.net/quantum/+spec/ml2-mechanism-drivers
Adds dedicated unit tests to the plugins which uses binding:profile
attribute (Mellanox and NEC plugins at now).
This commit also adds common unit tests for binding:profile to
the common PortBindingTestCase class.
- create_port with binding:profile whose value is None or {}
- update_port with binding:profile whose value is None or {}
- Reject binding:profile from non-admin user
Note that _make_port() in BigSwitch plugin test is updated
to allow passing arg_list() from the base test class.
Fix a bug in NEC plugin that 500 is returned when putting
binding:profile None to a port whose binding:profile is
already None (Closes-Bug: #1220720)
Akihiro MOTOKI [Fri, 23 Aug 2013 06:22:04 +0000 (15:22 +0900)]
OpenFlow distributed router support in NEC plugin
Implements blueprint nec-distribute-router
Two types of neutron router will be supported: l3-agent and distributed.
A type can be specified through "provider" attribute of a router.
The naming of the attribute "provider" is intentional since I plan to
support the service provider framework for router in the future and
would like to make it easy to migrate.
distributed router in NEC OpenFLow controller now does not support NAT,
so l3-agent and distributed router coexists. To achieve it, l3-agent
scheudler logic is modified in NEC plugin to exclude distributed routers
from candidates of floating IP hosting routers.
To support the above feature, the following related changes are done:
- Adds a new driver to PFC driver which supports OpenFlow based router
support in NEC OpenFlow products in PFlow v5.
- Update ofc_client to extract detail error message
from OpenFlow controller
This commit also changes the following outside of NEC plugin:
- Makes L3 agent notifiers configurable.
l3-agent router and OpenFlow distributed router can coexist.
Notication to l3-agent should be done only when routers are
hosted by l3-agent, so we need custom L3 agent notifiers
to filter non l3-agent routers.
- Split test_agent_scheduler base class (in OVS plugin) into
the base setup and testcases. By doing so we can implement
custom testcases related to agent scheduler.
Introduce periodic state synchronization with backend
Blueprint nicira-plugin-get-improvements
With this patch GET operations on the Nicira plugin will not
be forwarded anymore to the NVP backend.
Resource operational status will be periodically retrieved from
the NVP backend using a DynamicLoopingCall.
The process has been designed with the aim of avoiding:
1) frequent queries to NVP for retrieving resource status
2) execution of large queries to NVP for retrieving the status
of a consistent number of resources.
The process can be tuned using a set of configuration variables.
GET operations will now return a status which might differ
from the actual status of the resource. For retrieving status
in a punctual way, the field 'status' should be explicitly
specified in the GET request (only 'show' support has been
implemented in this patch)
This patchs also makes some changes to the fake nvp api client in
order to ensure each instance has a private set of dictionaries for
fake nvp entities.
Paul Michali [Mon, 2 Sep 2013 11:02:12 +0000 (07:02 -0400)]
Verify MTU is valid for ipsec_site_connection
Since the check relies on the vpnservice subnet to determine whether
this is IPv4 ro IPv6, we must check in the plugin. Test is done at
create/update time and ensures that the MTU is equal to or greater
than the minimum allowed values, which are set to 68 for IPv4
minimum and 1280 for IPv6, respectively.
Refactored code to allow reuse of create and update test functions,
by allowing tests to override some settings, and to provide a dict
of changed items (for update).
Code Review / openstack-build / neutron-build.git / log