NSX: Fix KeyError in sync if nsx_router_id not found
Previously, a KeyError would occur in the sync code which would
cause the sync thread to stop running. This would occur if there
was a router entry in the database but no nsx_router_mapping and
the router was not found in nsx. Note: this should never happen unless
one did not run the db migration which introduced and migrated the data
for the NeutronNsxRouterMapping table.
NSX: ensure dhcp port is setup on metadata network
Change in scheduling behavior caused a regression
where the dhcp port is no longer provisioned on
the (admin) metadata network created when a subnet
is uplinked to a router.
This change recovers the past behavior and extend UT
coverage to avoid further regression.
Irena Berezovsky [Tue, 25 Mar 2014 07:30:17 +0000 (09:30 +0200)]
Add L2 Agent side handling for non consistent security_group settings
Add setting of the firewall_driver to NoopDriver when firewall_driver is None and
add warning if driver combination is not valid.
Modify is_valid_driver_combination to verify default settings: enable_security_group (True) and firewall_driver (None).
Kevin Benton [Tue, 8 Apr 2014 03:25:23 +0000 (20:25 -0700)]
BigSwitch: Stop HTTP patch before overriding
Stops the default HTTPConnection patch used by the
Big Switch tests before patching HTTPConnection with
another substitution. This prevents mock from losing
track of the default patch which was resulting in it
not consistently being stopped by the stopall call in
cleanup.
This also corrects an incorrectly targeted mock for the
HTTP patch in one of the test files.
Sean Dague [Mon, 7 Apr 2014 21:07:41 +0000 (17:07 -0400)]
set api.extensions logging to ERROR in unit tests
neutron.api.extensions generates a lot of output in a normal
unit test run. It's responsible for > 80% of the lines in the
subunit_log.txt. Logging each file load 10k times slows everything
down, takes up valuable memory, and doesn't really help with testing.
Instead we can set this to ERROR level in a fixture to ignore most
of that logging and help make the unit tests run faster.
Refactor the functional tests a bit to add a common base class for agent
tests. This is needed an upcoming commit which adds a functional test
for VXLAN version checking.
Kevin Benton [Fri, 7 Mar 2014 04:51:11 +0000 (20:51 -0800)]
BigSwitch: Improves server manager UT coverage
Improves the unit test coverage for the Big Switch
server manager module (100%). Also reorganizes the
capabilities test to avoid duplicating a lot of
router tests that are already covered.
Kevin Benton [Thu, 3 Apr 2014 10:00:37 +0000 (10:00 +0000)]
BigSwitch: Don't import portbindings_db until use
The Big Switch ML2 driver re-uses large parts of
code from the Big Switch plugin. However, the plugin
uses the old portbindings_db in its port tracking
code. This db is not created/used by ML2, so it does
not exist when the Big Switch ML2 driver is being used.
This caused a problem when the portbindings_db module
would be imported even though it wasn't being used
since the SQLAlchemy models would create the
relationships during the import.
This patch moves the portbindings_db import down to
the methods that leverage it so it won't be imported
during use by the ML2 driver.
This is a temporary solution which can be back-ported
if disabling auto schema generation is back-ported
to icehouse. An appropriate fix will require some
refactoring to avoid the port tracking code from
being imported for ML2.
This patch changes the policy engine behaviour and the API base
controller in order to ensure policy.init is invoked only once
for each API request.
This will avoid issues arising from policy file updates during
API processing and speed up response generation for list operations,
by about 5%.
Jakub Libosvar [Mon, 17 Mar 2014 15:36:01 +0000 (16:36 +0100)]
Sync service and systemd modules from oslo-incubator
This patch make systemd know when neutron-service was started. This is
needed in HA environment, previously systemd returned success even
before neutron-server was able to handle requests.
Robert Kukura [Thu, 3 Apr 2014 21:01:00 +0000 (17:01 -0400)]
ML2: ODL driver sets port status
The OpenDaylight mechanism driver does not depend on an L2 agent to
plug the port. Now that nova waits for notification that the port
status is ACTIVE, the ML2 driver API is extended so that the mechanism
driver that binds a port can optionally set the port status, and the
OpenDaylight mechanism driver uses this to set the port status to
ACTIVE.
Andreas Jaeger [Mon, 31 Mar 2014 20:17:18 +0000 (22:17 +0200)]
Fix Jenkins translation jobs
The job neutron-propose-translation-update
does not update from
transifex since our po files contain duplicate entries where
obsolete entries duplicate normal entries.
Remove all obsolete entries to fix the job.
Add test to pep8 that checks that no new breakages get
introduced.
Carl Baldwin [Tue, 1 Apr 2014 22:02:17 +0000 (22:02 +0000)]
Delete routers that are requested but not reported as active
There are two cases that I can think of that result in a router being
requested but not reported as active. One is that admin_state_up has
been set to False. In this case, the router is never removed and
continues to be operational.
The other case is if a router is changed and then deleted before the
change is processed. In this case, it is prudent to be sure that the
router is queued for deletion.
Joe Gordon [Wed, 2 Apr 2014 18:25:27 +0000 (11:25 -0700)]
Explicitly import state_path opt in tests.base
This wasn't explicitly needed in the unit tests because
neutron.common.config was already loaded, but this broke for the
functional tests (which are non-voting) so add a CONF.import_opt line so
functional tests know where to find the definition for state_path.
Miguel Angel Ajo [Mon, 31 Mar 2014 13:50:55 +0000 (15:50 +0200)]
fixes tests using called_once_ without assert
A few tests were using mock's called_once, or called_once_with_args
instead of assert_called_once or assert_called_once_with_args. Those
methods return a bool that needs to be actively checked.
The tests are fixed to avoid them from passing if the call condition
is not met.
This reverts changes from this review [1] which incorrectly removed
the return of the OVSBridge object when calling BaseOVS.add_bridge.
This broke all functional tests relying on this return.
Miguel Angel Ajo [Tue, 18 Mar 2014 12:33:19 +0000 (13:33 +0100)]
fixes broken neutron-netns-cleanup
Some configuration parameters used in neutron.agent.linux.utils
were missing. The namespace attribute in the FakeNetwork object
was missing, and used in neutron.agent.linux.dhcp. Also, the
plugin object was missing for release_dhcp_port operation.
We provide a fake plugin object to accept current and any future
plugin calls as this is meant to be an standalone tool that
should work without any RPC connectivity.
FakeNetwork was switched for neutron.agent.linux.dhcp.NetModel
to follow any future changes in NetModel.
Two wrong called_once_with_args calls without assert were fixed.
Xuhan Peng [Mon, 10 Feb 2014 03:02:33 +0000 (22:02 -0500)]
Permit ICMPv6 RAs only from known routers
Currently ingress ICMPv6 RAs are permitted from any IPs by
default to allow VMs to accept ICMPv6 RA from provider network.
In this way, VM can accept RAs from attacker VM and configure
a network prefix specified by the attacher VM.
Remove permitting ICMPv6 RAs from any IPs and add security rule
to only permit ICMPv6 RA from:
1. If the port's subnet is configured with ipv6_ra_mode value
(i.e.value is slaac, dhcpv6-stateful, or dhcpv6-stateless), RA
is sending from dnsmasq controlled by OpenStack. In this case,
allow RA from the link local address of gateway port (if the
gateway port is created).
2. If the subnet's gateway port is not managed by OpenStack, allow
the ICMPv6 RA sent from the subnet gateway IP if it's a link local
address. The administrator needs to configure the gateway IP as
link local address in this case to make the RA rule work.
Second firewall creation returns 500, but it is an expected behavior
of firewall reference implementation and an internal server error
should not be returned.
fumihiko kakuma [Tue, 18 Mar 2014 02:36:29 +0000 (11:36 +0900)]
OFA agent: use hexadecimal IP address in tunnel port name
The remote IP address is used to form the tunnel port name
With some OVS/Linux combinations there is a 15 character limit
on port names, so a name like 'gre-192.168.10.10' does not work.
This fix uses the shorter hexadecimal representation of
the IP address instead.
This problem was reported and fixed for OVS agent.
A minor change is made to the Arista API between ML2 Driver and the
back-end. This fix addresses this change to align Icehouse release with
Arista EOS releases.
Joe Gordon [Tue, 1 Apr 2014 22:06:36 +0000 (15:06 -0700)]
Use a temp dir for CONF.state_path
external_pids will defaults to $state_path(/var/lib/neutron)/external/pids
which isn't accessible when running unit tests so use a tempdir for
CONF.state_path. This bug arose when oslo.config 1.3.0 came out which
fixed bug #1282250 (I4324bda6f3de3cdf05f8eb3cf16052c04018dec8) and
caused this issue.
Code Review / openstack-build / neutron-build.git / log