This patch adds an API extension, the relevant DB logic, and the NVP
plugin logic for managing a NVP-specific feature, Layer-2 Network
Gateway, through the Quantum API.
The proposed extension is meant to be used with the NVP plugin only.
Nachi Ueno [Thu, 17 Jan 2013 01:52:47 +0000 (17:52 -0800)]
Routing table configuration support on L3
Implements bp quantum-l3-routes
-- Adding the extraroute extension
-- Updating the routing table based on routes attribute on route
-- Updated OVS plugin, linuxbridge plugin, metaplugin
NEC plugin, Ryu plugin
User can configure the routes through quantum client API by
using the extension feature.
sample
quantum router-update <router_id> \
--routes type=dict list=true destination=40.0.1.0/24,nexthop=10.1.0.10
He Jie Xu [Thu, 1 Nov 2012 08:05:44 +0000 (16:05 +0800)]
Supporting pagination in api v2.0
Implements bp support-pagination-in-api-v2.0
Add sort and pagination feature for api v2.0.
*Add sort_key, sort_dir for sorting feature.
*Add limit, marker, page_reverse for pagination feature.
*Add emulated sorting and pagination
Allows the NVP plugin to leverage the metadata proxy, by creating an
ad-hoc topology for allowing access to a metadata proxy from a NVP
router leveraging existing agents.
This patch also removes previous code for metadata support in the
NVP plugin, which was based on DHCP Option 121. This is now provided
by the dhcp agent as well.
Network cannot be created in NEC plugin when OFC network ID is
unique inside a tenant. Some OFC implmenetations generate a network
ID unique inside a tenant. In this case generated network IDs on can
be duplicated in system-wide. To fix it, this changes resource ID on
OFC to REST URI to make sure IDs on OFC globally unique.
In Quantum resource relationship is not limited inside a tenant.
E.g., a non-owner tenant can create a port on a shared network.
To deal with it the provider layer should not be aware of tenants
each resource belongs to even when it has a kind of tenant concept.
This commit changes ofc_manager to pass a parent resource for resource
creation and identify a resouce by REST URI used to access OFC resources.
It decouples Quantum resource access model from OFC resource models.
OFC IDs created before this commit are also looked up.
Primary keys of OFC ID mapping tables are changed to quantum_id because
most of all accesses to these mapping tables are done by quantum_id.
However the current version of alembic does not support changing primary
keys, so new OFC ID mapping tables for tenant, network, port and packet
filter are created. Dropping the previous mapping tables will be done
along with the data migration logic.
This commit also changes the following minor issues.
- Make sure ID on ProgrammableFlow OpenFlow controller (PFC) is less than
32 chars. The current PFC accepts only 31 chars max as ID and 127 chars
as a description string.
- Some database accesses created their own session and did not support
subtransactions. Make sure to use context.session passed from the API layer.
- Removes Unused methods (update_network, update_port) in trema/pfc drivers.
Tomoe Sugihara [Mon, 18 Feb 2013 06:24:55 +0000 (15:24 +0900)]
Fix SG interface to reflect the reality
The signitures of abstract methods in SecurityGroupPluginBase
has diverged from db mixin implementation.
This patch updates the methods to fix the divergence, mainly
by removing update method from the base. Note that there's an
issue for missing update(bug #1124865).
Aaron Rosen [Mon, 18 Feb 2013 02:49:40 +0000 (18:49 -0800)]
Need to pass port['port'] to _get_tenant_id_for_create()
This change set I9ac44a8e moved this logic out of the transaction
which caused this bug. Unit tests did not catch this because
this error is caused on NVP since the tenant_id is passed in as a tag
and this change resulted in the tenant_id becoming None which is not
an allowed tag value. Will improve error handling and edge cases like
this to fake_nvpapiclient in different commit.
Aaron Rosen [Sun, 17 Feb 2013 00:26:14 +0000 (16:26 -0800)]
Improve error handling when nvp and quantum are out of sync
Previouly when nvp and quantum were out of sync an exception would
be raised notifying the user of this. This patch changes the behavior so that
now when elements are found in the quantum db but not in NVP they are
put into error state. In addition there error state elements are now able
to be deleted if not found in nvp.
This patch also removes outdated doc strings that seem to keep being adding.
Aaron Rosen [Sun, 17 Feb 2013 23:45:24 +0000 (15:45 -0800)]
Decouple helper functions from L3NatDBTestCase
In order to use the helper functions i.e _create_router in L3NatDBTestCase as
a mixin one needs to also run all the unit tests within L3NatDBTestCase.
These helper functions should be decoupled in the same way that
QuantumDbPluginV2TestCase() is done.
This patch also removes any unused variables within test_l3_plugin.py
Mark McLoughlin [Mon, 11 Feb 2013 00:00:19 +0000 (19:00 -0500)]
Use oslo-config-2013.1b3
The cfg API is now available via the oslo-config library, so switch to
it and remove the copied-and-pasted version.
Add the 2013.1b3 tarball to tools/pip-requires - this will be changed
to 'oslo-config>=2013.1' when oslo-config is published to pypi. This
will happen in time for grizzly final.
Remove the 'deps = pep8' from tox.ini as it means all the other deps
get installed with easy_install which can't install oslo-config from
the URL.
Retain dummy cfg.py file until keystoneclient middleware has been
updated (I18c450174277c8e2d15ed93879da6cd92074c27a).
Aaron Rosen [Sat, 16 Feb 2013 21:01:29 +0000 (13:01 -0800)]
Unable to update port as non-admin nvp plugin
The port security patch to the nvp plugin broken the ability to update a port
as a non admin user. This patch fixes that and adds a unit test for updating
a port as a non-admin user since there was not one before.
Aaron Rosen [Sat, 16 Feb 2013 06:08:10 +0000 (22:08 -0800)]
Rename admin_status_up to admin_state_up
This patch renames all instances of admin_status_up to admin_state_up since
that is the correct name. There was also one instances of this for NVP which
was renamed to admin_status_enabled since that is what the name is in NVP.
This patch introduces a simple framework for enabling
nvlib to call the appropriate routine according to the
current version. To this aim, we leverage the 'server' header
which is returned by every NVP API calls (except login/logout).
The patch also accounts for the changes introduced in NVP 3.0
Sumit Naiksatam [Wed, 6 Feb 2013 04:25:46 +0000 (20:25 -0800)]
L3 API support for BigSwitch-FloodLight Plugin
In keeping with the philosophy of the RESTProxy plugin, L3 extension calls
are processed (CRUD of logical resources) and the state changes are proxied
to a backend controller.
A configuration variable specific to the RESTProxy plugin is being added
to identify that particular Quantum server's ID.
Matthew Treinish [Fri, 15 Feb 2013 20:28:04 +0000 (15:28 -0500)]
Add an update option to run_tests.sh
This commit adds an update option to run_tests.sh. This option
is used to rerun install_venv.py on an already installed venv.
This will then just update out of date packages with pip.
Alessio Ababilov [Fri, 15 Feb 2013 07:52:24 +0000 (09:52 +0200)]
Allow tests from test_dhcp_agent run independently
Some tests from test_dhcp_agent depend on each other
and cannot be run in arbitrary order. TestDhcpAgent
and TestDhcpAgentEventHandler need config options that
are initialized in other tests. This patch eliminates
such dependencies.
Michael J Fork [Mon, 4 Feb 2013 15:27:37 +0000 (15:27 +0000)]
Mark password config options with secret
Config object supports masking values when writing out if the secret
flag is set on the option definition. This change flags all quantum
options containing a password.
Shiv Haris [Wed, 23 Jan 2013 03:33:55 +0000 (03:33 +0000)]
Adds Brocade Plugin implementation
blueprint brocade-quantum-plugin
This plugin is meant to orchestrate Brocade VCS switches
running NOS, examples of these are:
1. VDX 67xx series of switches
2. VDX 87xx series of switches
Stephen Gran [Wed, 6 Feb 2013 14:57:57 +0000 (14:57 +0000)]
Persist updated expiration time
Without creating a subtransaction, the database query wasn't actually
being run and the data was being lost. This resulted in the case that
on termination of long running VMs, the VM IP address was immediately
available for reuse instead of being held as it should have been.
Fixes: bug #1116500
Change-Id: I7774273b8e799d945c27329e9da2dba34e39fdb8 Signed-off-by: Stephen Gran <stephen.gran@guardian.co.uk>
mathieu-rohon [Thu, 7 Feb 2013 15:05:22 +0000 (16:05 +0100)]
Add check for subnet update with conflict gateway and allocation_pools
Fixes: bug 1062061
The patch will raise exception 'GatewayConflictWithAllocationPools' when
subnet update with conflict gateway and allocation_pools.
Because before validate gateway ip with conflict allocation pools, we need
validate allocation pools first. Move the validation of allocation pools
into _validate_subnet. Then_allocate_pools_for_subnet is only responsible
for pools allocation, and_validate_subnet is responsible for most validate
for subnet.
Aaron Rosen [Tue, 12 Feb 2013 00:17:22 +0000 (16:17 -0800)]
Fix NVP L3 gateway ports admin_state_down on creation
Some of the transaction code that was added was removed in the L3 patch
for nvp. This reintroduced the logic where ports would be created in the
quantum db with admin_state_up=False. This caused L3 gateway patch ports
to be created with admin_state_up=False.
Paul Michali [Mon, 11 Feb 2013 14:58:41 +0000 (09:58 -0500)]
Remove cfg option default value and check if missing
Currently, several plugins already check config options at __init__()
for validity and will exit, if the settings are incorrect. However,
most (all?) config option definitions have default values, so if the
option is missing, a valid, but maybe unexpected value will be used.
This is what occurred in the bug.
The proposed fix is to take a config option, sql_connection, which is
used by many plugins, and remove the default value. Then, at init
time, when the config option is used in configure_db(), a check is
made for the value. If the value is not set, a warning is logged and
the value is set to the default, for db/api.py. It is expected that
this will be the only module to consume this config option.
Added UT to check that log warning is issued. Also, changed the timing
so that the test takes 0.25 secs vs 12 secs. Removed UTs in two plugin
tests that checked the default value for sql_connection.
Other alternatives explored in previous patches, were to either
raise an exception, or mark this config option as "required". This
resulted in a large number of changes to tests, and required config
overrides in plugins that imported quantum.db.api, but did not use
sql_connection.
In order to keep this solution (of this log-hanging fruit) fix, the
proposed, simpler change is being made.
Some cleanup to the Cisco plugin test case was also made, so that
the mock was more in line with what production code does.
If multiple instances of l3_agent are running on the same host, all qrouter-
namespaces will be destroyed as new l3_agents are started. This fix allows
for multiple l3_agents to be running on the same host when router_id is set
for each agent.
Akihiro MOTOKI [Mon, 11 Feb 2013 13:31:19 +0000 (22:31 +0900)]
Move auth_token configurations to quantum.conf
keystone auth_token middleware now allows quantum to have auth_token
configuration in quantum.conf. This commit moves the example of
auth_token configuration from api-paste.ini to quantum.conf.
This simplifies user configuations and users is no longer required
to edit api-paste.ini.
This change does not break backward compatibility. auth_token first
tries the configurations in /etc/quantum/api-paste.ini and then the
above configurations. Thus a user who already use api-paste.ini
does not need to change it.
This patch adds supports the Quantum L3 API extension to the nicira NVP
Quantum Plugin.
The patch includes code for managing Quantum routers, router interfaces,
external gateways, and floating IPs, and for applying the relevant
configurations on the NVP controller using the NVP API.
The patch also includes NVP-specific support for access to the nova
metadata server via injection of a host route in VM instances.
firewall_driver configuration option has been introduced in the patch
of OVS security group support and it affects Linux Bridge plugin.
The default value of firewall_driver is NoopDriver.
Thus firewall_driver configuration is required in Linux Bridge plugin.