Elena Ezhova [Thu, 19 Feb 2015 10:34:17 +0000 (13:34 +0300)]
Prevent calling waitall() inside a GreenPool's greenthread
When neutron-server is running with several api workers
sending it a termination signal (SIGTERM, SIGHUP or SIGINT)
leads to waitall() being called inside a GreenPool's greenthread.
The reason is that a wsgi server is started in a green thread
from the same green pool that is passed to the server itself
to be used for spawning client green threads.
To avoid it, it is reasonable to use different pools for spawning
a wsgi server and for its internal usage.
This is also the case for metadata agent running with several
metadata workers.
Assaf Muller [Sun, 22 Feb 2015 00:28:54 +0000 (19:28 -0500)]
Introduce ip address monitor
In Juno, we used keepalived notifier scripts to report the local
state of an HA router's state. These have been found to be
unreliable. The proposed approach is to not use them altogether.
Instead, monitor the omnipresent VIP on the HA device - It is
only configured on the master instance. In order to do that,
we'll use the 'ip monitor address' wrapper introduced in this patch
to get address change events as they happen to avoid polling.
TestUnixDomainMetadataProxy tests too many implementation details when
checking cases of existing and non-existing socket file. Reduce mock
checks to the minimum needed to test for expected behaviour.
Otherwise test may catch wrong isdir() calls (f.e. when policies are
initialized) and fail (I experienced it in local checkout).
Before refactoring _remove_unused_security_group_info, we
found a few corner cases that were not tested. We ensure
with this test that sg_rules and sg_members of the firewall
object are properly cleaned up when the objects they
keep are not referenced anymore.
Kyle Mestery [Tue, 3 Mar 2015 14:57:31 +0000 (14:57 +0000)]
Default the Linuxbridge agent to enabling VXLAN
Linux kernels from 3.7 and up have supported VXLAN with Linuxbridge.
I think it's time we default to enabling this support in the
Linuxbridge agent in Neutron as well.
Isaku Yamahata [Fri, 17 Oct 2014 08:35:55 +0000 (17:35 +0900)]
ml2 extension driver: more tests, fix data argument inconsistency
This patch adds more tests for ML2 extension driver.
It also fixes a minor bug which was revealed.
The data argument for process/update method of extension driver
was inconsist. some are given data like
{'resource': {'arg': 'value'...}}. But some are given one like
{'arg': 'value'}.
This inconsistency needs to be fixed so that argument is
{'arg': 'value'}. Given the argument is known to be network,
there is no point to carry outer dictionary.
Eric Brown [Wed, 25 Feb 2015 23:32:50 +0000 (15:32 -0800)]
Use oslo_config choices support
The oslo_config library added support for a choices keyword argument in
version 1.2.0a3. This commit leverages the use of choices for StrOpts in
Neutron's configuration.
Prevent direct port-delete of FIP Agent GW and CSNAT
FloatingIP Agent GW Port and Centralized SNAT port
that are currently used by DVR in FloatingIP and
SNAT Namespaces respectively should not be allowed
to delete directly using the Port-delete command by
an admin.
This patch fixes the above stated issue by adding the
respective device-owners to the router_device_owners
list in l3_dvr_db.py
Fawad Khaliq [Sat, 28 Feb 2015 19:30:04 +0000 (11:30 -0800)]
PLUMgrid plugin decomposition
As part of the plugin decomposition work, this change
removes PLUMgrid plugin code from Neutron and moves it
to networking-plumgrid repo [1]. Plugin code, config,
drivers and unit test cases are all moved to
networking-plumgrid.
Improve structure of Vendor Decomposition progress chart
After a few commits started being proposed, it became clear that, in
order to minimize merge conflicts, or potential errors with hyperlinks,
the structure had to change/improve slightly.
This patch proposes a different structure that aims at addressing
this concern.
Yoni Shafrir [Wed, 21 Jan 2015 06:25:50 +0000 (08:25 +0200)]
Removing a router twice from the same agent shouldn't cause an error
When we remove a router from an agent that has already been
unscheduled from we raise an exception that eventually causes an error.
The method '_unbind_router' raises a 'RouterNotHostedByL3Agent' exception
on failure. In both cases the actual removal of the router
from the same agent has no effect.
The solution is to stop raising 'RouterNotHostedByL3Agent' so
that _unbind_router() being invoked without error can indicate that
the router is no longer bound.
This solution matches the behaviour found when trying
to schedule a router to the same agent twice.
This patch proposes a way to capture the current status of affairs
for the core/vendor decomposition to help developers and distributors
understand where the Neutron team is in the effort of implementing
the specification.
Initially this was being captured in a Google Doc, but it became
evident that it is best to keep this information as close to the code
as possible. This is very much a collective effort and everyone is
welcome to contribute to keeping this chart current and accurate. In
fact, patches targeting decomposition work will have to address this
table in the same context of the patch that affects the code being
decomposed.
This is not intended to be a documentation tool, or a user reference to
what is and is not a Neutron driver or plugin.
Eric Brown [Wed, 25 Feb 2015 23:36:59 +0000 (15:36 -0800)]
Password config options should be marked secret
If passwords are not marked secret, there is the potential for
them to be logged in a world readable location.
Link to the OSSG guideline (may change in the future):
https://github.com/hyakuhei/OSSG-Security-Practices/blob/master/sensitive_config_file_options.md
Cedric Brandily [Wed, 25 Feb 2015 17:13:10 +0000 (17:13 +0000)]
Check whether sudo is enabled in BaseSudoTestCase.setUpClass
Currently functional test classes requiring invocation of commands via a
root helper inherit from BaseSudoTestCase[1] and should call explicitly
check_sudo_enabled in order to skip the test if sudo is disabled[2].
This change performs such check during BaseSudoTestCase.setUp in order
to ensure the check is done and replaces parent class for functional
test cases not requiring invocation of commands via a root helper.
This change prepares to transform BaseOVSLinuxTestCase[3] methods into
helper methods.
[1] in neutron.tests.functional.base
[2] sudo is enabled if OS_SUDO_TESTING is set to '1' or 'True'
[3] in neutron.tests.functional.agent.linux.base
Manish Godara [Thu, 22 Jan 2015 00:24:15 +0000 (16:24 -0800)]
Add filter for provider network attributes in ML2
Added code to implement filters for provider network attributes
in ML2 plugin. There was a todo item in code but never got done.
It is needed to lookup networks based on provider network attributes.
Ann Kamyshnikova [Fri, 27 Feb 2015 14:06:43 +0000 (17:06 +0300)]
Make listing security groups faster
If we have a large number of security groups (more than 1000) with
security group rules (about 100 for each group) listing them
could take rather long time(more than 1 minute).
Adding lazy join to backref to SecurityGroupRule model will make
it faster at list on 15%.
Claudiu Belu [Mon, 16 Feb 2015 17:04:34 +0000 (09:04 -0800)]
Adds migration script for Hyper-V Plugin tables
HyperVNeutronPlugin will be deprecated, so the tables it uses
('hyperv_vlan_allocations' and 'hyperv_network_bindings') will
have to be migrated the Ml2 equivalent tables.
Adds migration script in migrate_to_ml2.py to allow users to
migrate their table entries to the Ml2 tables.
Dermot Tynan [Fri, 20 Feb 2015 16:57:33 +0000 (16:57 +0000)]
Make del_fdb_flow() idempotent.
Addresses an issue where del_fdb_flow() gets a duplicate call for
the same port, which results in a KeyError. This change makes the
call more idempotent, so that it doesn't cause other follow-on
errors as a result of the uncaught exception.
Eugene Nikanorov [Tue, 24 Feb 2015 12:35:22 +0000 (15:35 +0300)]
Avoid ObjectDeletedError while accessing deleted binding
In some cases access to db object's attribute triggers its refresh.
When the object has been already removed from the database, it could
lead to ObjectDeletedError being thrown.
Unit test was added to cover code path where the issue occurs
however issue doesn't seem to be reproducible with sqlite.
Cedric Brandily [Thu, 26 Feb 2015 10:33:19 +0000 (10:33 +0000)]
Correct db functional tests to support oslo.db 1.50
Currently test_migrations[1] uses _cleanup private method defined in
oslo_db.sqlalchemy.test_migrations which has been removed in oslo.db
1.5.0. This change corrects test_migrations[1] based on oslo.db
change I16bfa3af0e1ad6a9231ea38dea7cd76092347f55.
Eugene Nikanorov [Mon, 23 Feb 2015 10:29:08 +0000 (13:29 +0300)]
Avoid DetachedInstanceError after session rollback
In some cases this exception is thrown while accessing Agent
object from logging statement after a transaction was rolled back.
There is a unit test that covers thsi code patch, but the issue
is not reproducible with sqlite.
Just avoid accessing db object after session had been closed.
This change proposes to move pylint violation checks to the pep8
testenv. This changes make pylint gating within Neutron as it would
participate in the vote. Having pylint executed on a separate job makes
it difficult to handle potential unexpected breakages, because we need
to get infra involved. When we need to renable the job, it is equally
painful.
Furthermore, it also causes us to spin an extra node, when the checks
can easily be handled by the node for the pep8 job.
Finally, having pylint running with tox -epep8 "helps" developers
become aware of pylint violations sooner rather than later, if they
"forget" to run the pylint testenv too before submitting the change.
In order to make this patch succeed, a couple of pylint violation
checks were skipped, as they slipped in, whilst the job was non-voting.
Assaf Muller [Mon, 23 Feb 2015 22:07:30 +0000 (17:07 -0500)]
Change L3 agent AdvancedService class to be non-singleton
The idea behind the AdvancedServices (Metadata, *aaS) services
to be singletons was to (1) offer a way to get an instance of such
a service in a convinient manner, and to (2) ensure that only one
service registered per service type.
(1) Since the AdvancedService.instance method required an instance
of a L3 agent, this point was kind of missed. If you have a L3 agent
instance in your hand, just use it to access the service you're looking
for.
(2) This is now fulfilled by asserting that only one driver is registered
(per type) in the .add method.
The motivation to make them non-singletons is that:
a) They don't need to be
b) The code is simplified this way
c) I've been facing crazy issues during functional testing where we're
constantly instantiating L3 agents, and the (singleton) metadata
service was referencing the wrong configuration object. The service
was re-initialized during a test, screwing up the configuration of
other mid-run tests.
Shweta P [Wed, 4 Feb 2015 01:23:31 +0000 (20:23 -0500)]
Passes the plugin context variable in the ML2 Extension Driver API
Many neutron extensions(like portsecurity) use the plugin_context
variable instead of just the database session. This change
modifies the extension driver api to pass the plugin_context
Change request also modifies the extend_XXX resource api to use the
respective data model(network/subnet/port) passed to it.
Roey Chen [Wed, 25 Feb 2015 16:00:31 +0000 (08:00 -0800)]
VMware NSXv: Added router-type to database model
NSXv supports 'exclusive' and 'shared' router types, this patch adds
support for different router types to the plugin database model.
This doesn't add an additional migration script,
but overrides the existing one, adding a migration script isn't needed
since the plugin is still under development.
Ihar Hrachyshka [Wed, 25 Feb 2015 14:20:31 +0000 (15:20 +0100)]
Remove discover from test requirements
The package is used to provide new unittest module features for python
installations older than 2.7. Since we don't support py26 target
anymore, the dependency is safe to kill.
This system helps Neutron entities to cooperate in a loose manner.
This is especially important in face of the advanced service split, where each
service gets to live independently from the core. This is also useful to clean
up some of the tight coupling between ML2 and L3, or L3 and VPN/FW.
This work was touted to be part of the effort on the v3 plugin API design.
(aka perestroika), however that is not going to bear the expected fruits
in time for the Kilo release. This framework is instead pretty crucial to
cleaning up the split between the various Neutron components and some of
the coupling between ML2 and DVR.
Subsequent patches will show how this framework is put into practice in relation
to cleaning up/decoupling the various Neutron components, however, a devref
how-to is added in the context of this patch to further clarify how the proposed
mechanism works and can be used.
Cedric Brandily [Sat, 20 Dec 2014 22:27:30 +0000 (23:27 +0100)]
Refactor Pinger class
This change refactors Pinger class by:
* removing testcase attribute in order to reduce coupling between
testcases and Pinger instances,
* defining client namespace in Pinger.__init__ instead of assert_*
methods because it's required by daughter change.
Create/Delete FIP Agent gateway port only if DVR Routers
A recent patch for creating FloatingIP Agent gateway
port without RPC dependency was trying to create
FloatingIP Agent Gateway port for both Legacy and
DVR routers.
"Change-id: Ieaa79c8bf2b1e03bc352f9252ce22286703e3715"
This patch fixes the problem by checking for the router,
before it tries to create or delete a FloatingIP Agent
Gateway Port.
Code Review / openstack-build / neutron-build.git / log