[Openstack-security] [Bug 1334926] Re: floatingip still working once connected even after it is disociated
OpenStack Infra
1334926 at bugs.launchpad.net
Fri Jun 26 17:30:12 UTC 2015
Reviewed: https://review.openstack.org/196097
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1cfed745d54a6ce9cb3dd4e6f454666d9e6676c2
Submitter: Jenkins
Branch: feature/qos
commit ba7d673d1ddd5bfa5aa1be5b26a59e9a8cd78a9f
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Jun 25 18:31:38 2015 -0700
Remove duplicated call to setup_coreplugin
The test case for vlan_transparent was calling setup_coreplugin
before calling the super setUp method which already calls
setup_coreplugin. This was causing duplicate core plugin fixtures
which resulted in patching the dhcp periodic check twice.
Change-Id: Ide4efad42748e799d8e9c815480c8ffa94b27b38
Partial-Bug: #1468998
commit e64062efa3b793f7c4ce4ab9e62918af4f1bfcc9
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Jun 25 18:29:37 2015 -0700
Remove double mock of dhcp agent periodic check
The test case for the periodic check was patching a target
that the core plugin fixture already patched out. This removes
that and exposes the mock from the fixture so the test case
can reference it.
Change-Id: I3adee6a875c497e070db4198567b52aa16b81ce8
Partial-Bug: #1468998
commit 25ae0429a713143d42f626dd59ed4514ba25820c
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Jun 25 18:24:10 2015 -0700
Remove double fanout mock
The test_mech_driver was duplicating a fanout mock already setup
in the setUp routine.
Change-Id: I5b88dff13113d55c72241d3d5025791a76672ac2
Partial-Bug: #1468998
commit 993771556332d9b6bbf7eb3f0300cf9d8a2cb464
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Jun 25 17:55:16 2015 -0700
Remove double callback manager mocks
setup_test_registry_instance() in the base test case class gives
each test its own registry by mocking out the get_callback_manager.
The L3 agent test cases were duplicating this.
Partial-Bug: #1468998
Change-Id: I7356daa846524611e9f92365939e8ad15d1e1cd8
commit 0be1efad93734f11cd63fb3b7bd2983442ce1268
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Jun 25 16:57:30 2015 -0700
Remove ensure_dirs double-patch
test_spawn_radvd called mock.patch on ensure_dirs after the
setup method already patched it out. This causes issues when
mock.patch.stopall() is called because the mocks are stored
as a set and are unwound in a non-deterministic fashion.[1]
So some of the time they will be undone correctly, but others
will leave a monkey-patched in mock, causing the ensure_dir
test to fail.
1. http://bugs.python.org/issue21239
Closes-Bug: #1467908
Change-Id: I321b5fed71dc73bd19b5099311c6f43640726cd4
commit 0a2238e34e72c17ca8a75e36b1f56e41a3ece74e
Author: Sukhdev Kapur <sukhdev at aristanetworks.com>
Date: Thu Jun 25 15:11:28 2015 -0700
Fix tenant-id in Arista ML2 driver to support HA router
When HA router is created, the framework creates a network and does
not specify the tenant-id. This casuse Arista ML2 driver to fail.
This patch sets the tenant-id when it is not passed explicitly by
by the network_create() call from the HA router framework.
Even though original issue was discovered for network_create()
it turns out the same issue applies for port_create() as well
so all the methods are fixed in this patch
Change-Id: Id03e26dac003fa589477ed78a4ed3c44cc2f708d
Closes-Bug: 1468828
commit 334d9a33404f4c8438d105f91bff1a9fd9236513
Author: Assaf Muller <amuller at redhat.com>
Date: Thu Jun 25 16:34:09 2015 -0400
Log OVS agent configuration mismatch
Change-Id: I55aef3bdc32dcee3436cb8b987fb796a4898b20e
Closes-Bug: #1468893
commit c48e12b781c9ffd885ebc96283ecda2849fd1e22
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed Jun 24 21:31:33 2015 +0200
Avoid env variable duplication in tox.ini
Some environment variables are defined multiple times in tox.ini. This
change defines "fake" tox jobs and refactors existing jobs to reduce
duplicated environment variables.
Change-Id: I0ccebea4fbfff8dda34d1ed348b96b3b8ebd59e2
commit 747738d36572079307f228a861a067ca0cd815c2
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 3 15:20:27 2015 -0700
Skip ARP protection if 0.0.0.0/0 in addr pairs
Don't setup ARP protection on ports with allowed address pairs
that allow them to use any IP address. This is necessary because
OVS doesn't support the /0 prefix in rules that match on ARP headers.
Related-Bug: #1461054
Closes-Bug: #1468009
Change-Id: I913a86f22b228aa11fa3dabd9493c3995198f7ec
commit 61909ac515c337c94f55805641b1b7c725a95191
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Thu Jun 25 15:54:34 2015 +0200
linuxbridge: clean up README file
It's weird that we suggest users to copy python files around instead of
relying on generated console_scripts.
Other configuration information located here is trivial and is
documented elsewhere, f.e. [1].
[1]: http://docs.openstack.org/networking-guide/deploy_scenario1b.html
Change-Id: Ie8dd37087599ff4b5e23f0ad01105f94f5b886ab
commit 0af5abdb1f608a5e84a64627adf42dd8d5526560
Author: John Davidge <jodavidg at cisco.com>
Date: Thu Jun 25 15:12:59 2015 +0100
Fix tox errors in thirdparty-ci docs
Fixes errors causing tox failures.
Change-Id: I361ef791c0de1aac1304bb8ad979066400930434
Closes-Bug: #1468765
commit 9a6536de6e1a7fe9b2552adc142e254426b82b6f
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Thu Jun 25 15:41:02 2015 +0200
Removed test_lib module
It's not really needed. It was once used to allow some out-of-tox plugin
specific testing scripts to inject configuration files into
BaseTestCase.
Now, our testing story does not have any notion of out-of-gate plugin
specific testing, so let's just clean it up.
Change-Id: If287a38e80016b1dba049a2b745bad7af40583a8
commit 2557c47668ad822810aad523643014c6a5d4a064
Author: Russell Bryant <rbryant at redhat.com>
Date: Wed Jun 24 14:59:26 2015 -0400
Updated from global requirements
This patch takes the latest global requirements update from change
Ibcb49412a012f79be2f7fd697349ddbf43bd7b9b except takes out the update
to setup.py which reverts the windows specific requirements. We are
still working on getting the custom changes out of setup.py in change
I3c07c279d33f6aed46c3a97dd9ba81251e51429a.
Change-Id: Iee7612d39b520cf04e3b2ec503ec79d23f15f949
commit 2ecac909ba419f258e47b456196a1af7a87661ed
Author: Cedric Brandily <zzelle at gmail.com>
Date: Thu Jun 25 11:59:37 2015 +0000
Remove quantum untracked files from .gitignore
This change removes obsolete quantum untracked files from .gitignore.
Change-Id: I1ddf0b03d29066363f155dd5af8294efde5b0ef0
commit df06a326de39a6792e2e82eafa5cf50eb325b34e
Author: Matthew Booth <mbooth at redhat.com>
Date: Thu Jun 25 10:20:08 2015 +0100
Context class should initialise its own data
This is a trivial cleanup. A superclass was initialising data which
was only used in a subclass.
Change-Id: I6930fdaef3dcb960f6baaedbd191e22b565f319e
commit 2e1b0ea4032f05afef16efd451e2eea5df901d97
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Tue Jun 23 17:33:38 2015 +0200
ovsdb: attempt to enable connection_uri for native impl on startup
The port is in most cases disabled, so to use it, we should first enable
it, and it means that we should still rely on ovs-vsctl for that initial
call.
Closes-Bug: #1468259
Change-Id: I097b1c441df1f7f1785b8744f27809617bb21c14
commit 668b12c2c8a60ce20ecdad2193ede9371d5cc391
Author: Doug Wiegley <dougw at a10networks.com>
Date: Mon Jun 1 20:58:41 2015 -0600
Move third-party CI policy under docs/policies
Change-Id: Ib2ed587670f206283d735191b3a2580bf3d1a04f
commit 3bf62772d39d8b3b8b518ae88a6fcea7414d6884
Author: Doug Wiegley <dougw at a10networks.com>
Date: Mon Jun 1 20:31:01 2015 -0600
Remove lbaas API tests, which are now in the lbaas repo
Change-Id: I2009ca3f102d0ca0db3f12af3012989f2a036c48
commit 1a480203b2531925d7520b62c94954064a26139d
Author: Aaron Rosen <aaronorosen at gmail.com>
Date: Wed Jun 24 10:28:18 2015 -0700
Only create one netaddr.IPNetwork object
Change-Id: I8c6a08e0cf3b5b5386fe03af9f2174c663b8ac73
commit d9a23f882f0d78aaca34c3607d9ca9ad54ac063b
Author: Aaron Rosen <aaronorosen at gmail.com>
Date: Wed Jun 3 16:19:39 2015 -0700
Provide work around for 0.0.0.0/0 ::/0 for ipset
Previously, the ipset_manager would pass in 0.0.0.0/0 or ::/0 if
these addresses were inputted as allowed address pairs. This causes
ipset to raise an error as it does not work with zero prefix sizes.
To solve this problem we use two ipset rules to represent this:
Ipv4: 0.0.0.0/1 and 128.0.0.1/1
IPv6: ::/1' and '8000::/1
All of this logic is handled via _sanitize_addresses() in the ipset_manager
which is called to convert the input.
Change-Id: I8c6a08e0cf3b5b5386fe03af9f2174c666b8ac75
Closes-bug: 1461054
commit 93d564223e8b76d10aa7b55f1b1d49f592d1c800
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 24 09:19:18 2015 -0700
Fix >80 char lines that pep8 failed to detect
Change-Id: I602e0d484c5e00eb48b86c4c8c4eff0be195c3a5
commit 830e9114817765efc93c772dcbc735a6bb28a7ff
Author: Anthony Chow <vCloudernBeer at gmail.com>
Date: Tue Jun 23 22:05:23 2015 -0700
Deprecate "router_delete_namespaces" and "dhcp_delete_namespaces"
These 2 configuration options are no longer be necessary.
They are marked as deprecated in this release and will be removed in the
next release.
Change-Id: I4e02a291738b16c7c9b7600f0bc9a47fb1318569
Partial-Bug: #1418079
commit a84ef9ae54a7dfe6d9dee54a01b189dd40bce423
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 24 03:27:16 2015 -0700
Make DHCPv6 out of bounds API test deterministic
The test_dhcp_stateful_fixedips_outrange API test was randomly
picking an IP from last + 1 up to last + 10 in the allocation
range. This made it fail randomly when there was an issue related
to the subnet allocation having an off-by-one issue.
This adjusts the test to just always test last +1 and +2.
Related-Bug: #1468163
Change-Id: I641ab092e0ea0aae67ec717b492118a2f8a6f4fd
commit f527f8cf426ee63b592225d5e691ac107085784d
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 24 02:15:29 2015 -0700
Don't process network_delete events on OVS agent
There is no reason to reclaim the local VLAN on a network_delete
event since it will be reclaimed when the last port is deleted anyway.
This method was racey with recent port creation events and lead to
occasional traces when it would yank the local VLAN out from underneath
an ongoing port wiring process.
Change-Id: I5eee6175c053006b35b6efe274d27931a9d5d89f
Closes-Bug: #1468251
commit 1d61c5f736b9df7253a1939fe55f1875f988d1f4
Author: Henry Gessau <gessau at cisco.com>
Date: Wed Jun 24 03:16:52 2015 +0000
Revert "Fix subnet creation failure on IPv6 valid gateway"
Because it breaks tests.api.test_dhcp_ipv6.NetworksTestDHCPv6.test_dhcp_stateful_fixedips_outrange
This reverts commit ee51ef72d37a02005a7733b7f2faf7236db850a1.
Change-Id: Id02d9034ca809f194ff7551167bfda3559fb1200
commit 7eb9d9d316d35840706a767576ff083c9a04d781
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed Jun 24 00:08:22 2015 +0200
Support oslo_db 1.12
oslo_db 1.12[1] decorates oslo_context.context.RequestContext with
session management[2][3] and add a read-only attribute 'session'. Such
feature breaks Brocade plugin and its unittests because they define
on RequestContext the 'session' attribute which now is a read-only
property. This change uses neutron.context instead of
oslo_context.context in order to delegate session management to the
neutron.context and remove read-only attribute set.
A follow-up change will refactor neutron.context in order to use oslo_db
1.12 session management instead of homemade one.
[1] https://github.com/openstack/oslo.db/releases/tag/1.12.0
[2] https://github.com/openstack/oslo.db/commit/\
fdbd928b1fdf0334e1740e565ab8206fff54eaa6
[3] https://github.com/openstack/oslo.db/blob/\
fdbd928b1fdf0334e1740e565ab8206fff54eaa6/oslo_db/sqlalchemy/\
enginefacade.py#L782
Closes-Bug: #1468128
Change-Id: I0e3331f9a383fa2562706eeadb229f55593b888c
commit ad86291408fc74827c2bd31f89a2dce34f887823
Author: Cyril Roelandt <cyril at redhat.com>
Date: Tue Jun 23 15:28:34 2015 +0000
Python 3: do not use itertools.izip
This no longer exists in Python 3. Use the zip function instead.
Blueprint: neutron-python3
Change-Id: Id7d33ec3d27a27f17040d28bead10f2eb3b831bb
commit d23a59f1c808c50575f49f9291bd70c6b3a5797a
Author: Jeremy Stanley <fungi at yuggoth.org>
Date: Thu Jun 18 19:09:05 2015 +0000
Override opportunistic database tests to PyMySQL
Set the OS_TEST_DBAPI_ADMIN_CONNECTION override variable so that
oslo.db opportunistic detection will know to use PyMySQL until
I12b32dc097a121bd43991bc38dd4d289b65e86c1 makes it the default
behavior.
This change removes previous code[1] enabling PyMySQL use.
[1] Ic5c1d12ab75443e1cc290a7447eeb4b452b4a9dd
Change-Id: Ic39feee0248f2ffabdba26f3779ab40a8f3838e6
Co-Authored-By: Victor Sergeyev <vsergeyev at mirantis.com>
Co-Authored-By: Cedric Brandily <zzelle at gmail.com>
commit 04d44cee63f3fbba45956abd28f325d5ac3ca2d9
Author: Cedric Brandily <zzelle at gmail.com>
Date: Tue Jun 23 20:00:30 2015 +0200
Extend default setenv instead of replacing it in tox.ini
Some tox jobs[1] define their own setenv without extending/referencing
default setenv, it disallows to define environment variables shared by
all jobs. This change updates previous jobs[1] in order to extend
instead of replacing default setenv and enable global environement
variables (used in daughter change).
One remark, this change sets VIRTUAL_ENV environment variable in updated
jobs[1] but it has no effect on them.
[1] (dsvm-)functional, (dsvm-)fullstack and api jobs
Closes-Bug: #1468059
Change-Id: I99184f7375571fb8569a24ba04ae267108f5da08
commit b7dc34ef15061577158eeafc179915e5bde73c64
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Tue Jun 23 14:28:59 2015 +0200
Cleanup get_plugin_name() from the tree
It does not seem to be used since Icehouse: the patch that removed its
last usage is: 1b36e2077141749495bb32b423f3df8cbbd0eb40
I don't think we should have it as part of abstract interface for
service plugins.
Change-Id: If03f67a617efd3a7cadb96d1a86283ac14088a83
commit 277d89b67a6a8ea4f6a7bc216014d55ace5c1d2d
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Tue Jun 23 12:07:43 2015 +0300
Bulk move methods to ipam_backend_mixin.py
ipam_backend_mixin contains methods common for both backends:
pluggable and non-pluggable, so moving methods to make them accessible
by backends.
Next methods were moved from db_base_plugin_v2.py to
ipam_backend_mixin.py:
- _validate_subnet_cidr
- _validate_network_subnetpools
- _allocate_pools_for_subnet
- _save_subnet
This commit moves methods without any internal changes.
All future changes and decomposition of these methods will be handled in
next commits.
Partially-Implements: blueprint neutron-ipam
Change-Id: I1ec786754467fc9039d2276f084f1bceaab15635
commit c384b13ae6b83a8bad944972c60bdcbe6f4fa050
Author: Brian Haley <brian.haley at hp.com>
Date: Thu Apr 16 16:20:01 2015 -0400
Add IPset cleanup script
This will aid in removing stale IPsets when we change the prefix
used in creating IPset names.
Change-Id: Ia9ff79c34bd4c9124ec8663a8f616ded4f389f62
Partial-Bug: #1444201
commit 7e117c13fd3fb125c857dadfa2945799b39e1634
Author: Rawlin Peters <rawlin.peters at hp.com>
Date: Thu Jun 18 11:22:13 2015 -0600
Optimize ipset usage in IptablesFirewallDriver
Currently, IptablesFirewallDriver._update_ipset_members() iterates
through a list of security group IDs and makes a call to
IpsetManager.set_members() for each security group ID in the list. The
problem is that set_members() is repeatedly called with the same
arguments over and over again because the list of security group IDs
contains duplicates. These duplicated calls are unnecessary because they
are idempotent.
For instance, with a security group of 50 rules created in this manner:
neutron security-group-rule-create $SECGRP --remote_group_id $SECGRP
--protocol tcp --port_range_min $i --port_range_max $i
Adding a server to that security group will cause 50 calls to
IpsetManager.set_members() because the list of security group IDs is 50 of
the same ID. Only one call to IpsetManager.set_members() is necessary
per security group ID.
This patch converts that list of security group IDs into a set, which
eliminates the duplicate idempotent calls to
IpsetManager.set_members() with the same arguments. This will affect
performance by reducing the amount of file locking around ipset when
adding servers to security groups.
Change-Id: Id2c8c8c1093c8abcf1fd897b23b0358aeb55b526
Closes-Bug: 1466921
commit f44800f1eb649d83a338d320020d3479fc3b6790
Author: Cyril Roelandt <cyril at redhat.com>
Date: Mon Jun 22 14:59:59 2015 +0000
Python3: do not set Request.body to a text string
In Python 3, Request.body must be set to a bytes object.
Change-Id: I17785d1e9eb253a1c6cae300b207fb0a08873b0e
Blueprint: neutron-python3
commit 408af3f7dab477517b1761aeda2b76384f5fffbe
Author: Assaf Muller <amuller at redhat.com>
Date: Sun Jun 21 15:34:21 2015 -0400
Prepare for full stack CI job
Related-Bug: #1467275
Change-Id: I90f4794f48ae151a888f37df26c087a7fdcd9d31
commit 76b4803530c0d5f47659aa519585178cc33cba46
Author: Oleg Bondarev <obondarev at mirantis.com>
Date: Tue Jun 2 16:14:40 2015 +0300
Fix callback registry notification for security group rule
Some housekeeping was done in
- SecurityGroupDbMixin:
- create_rule_bulk() calls to create_rule();
- registry notification is in create_rule();
- separate validation for a single rule and for a group of rules
- SecurityGroupServerRpcMixin:
- overriden methods call to corresponding super class methods;
Hopefully code is now self-documented enough
Closes-Bug: #1461024
Change-Id: Ia75d7e206716bbe74aae89e4cebd0c2c40af68a8
commit 6da2d24ff44cbc8dd0ea8d2e6f72419a46026989
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Jun 22 15:43:20 2015 +0200
Ease debugging alembic by passing proper scripts path in alembic.ini
Otherwise, anyone who attempts to issue an alembic command with the file
gets:
FAILED: Path doesn't exist:
'<...>/neutron/neutron/db/migration/alembic'. Please use the 'init'
command to create a new scripts folder.
Change-Id: I5b5f2802b478c8d8c327d24faa838f7a6859b979
commit fe6654b25044de7d7d15573c689a0f003c018e99
Author: Martin Roy <mroy at iweb.com>
Date: Thu Jun 18 13:45:02 2015 -0400
Use string exception casting everywhere
Instead of the deprecated "message" member access,
casting to a string invokes the __str__ method of the exception
that is wired to return the message
Added a test of the failure cases of IpRouteCommand::delete_gateway
because they were missing
Running unit and functional tests locally no longer shows the warning
reported in the bug.
Change-Id: Ia79f526aa973ece1145615d65349f860aa3fd465
Closes-Bug: #1466542
commit c3d65a0ed920110223e1b73d6982968552ca7716
Author: ChangBo Guo(gcb) <eric.guo at easystack.cn>
Date: Tue Mar 3 17:08:48 2015 +0800
Switch to oslo_utils.uuidutils
Get rid of oslo-incubator uuidutils
Closes-Bug: #1467020
Depends-On: I2df519965883b05d5d58cdc4785c850b0685dc2c
Depends-On: I9f8e98ad9517864a9ffdacf01c0a9a5aab554edb
Depends-On: Ied0faac809a5b72b1cd466c8babc9ca5418692c3
Change-Id: Iebe491b981b4b7c02785412fadd27678bb5e47de
commit ee51ef72d37a02005a7733b7f2faf7236db850a1
Author: David Edery <david.edery at alcatel-lucent.com>
Date: Sun Jun 21 15:59:49 2015 +0300
Fix subnet creation failure on IPv6 valid gateway
Currently a valid IPv6 address gateway of the "*::ffff:ffff:ffff:ffff"
pattern is failing due to netaddr.broadcast returning value for both IPv6
and IPv4 addresses. IPv6 has no broadcast address so the fix checks if
the gateway is the subnet broadcast address only in the case of IPv4
subnet
Change-Id: I849f95b30343d0b1c90cf91203df220bf731d8d5
Closes-Bug: 1466322
commit b9e551936410eca647b48c48f49f2b2be5d2d4a4
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Fri Jun 19 17:58:57 2015 +0300
Decompose _create_subnet_from_pool
Moved validations into separate methods:
- _validate_pools_with_subnetpool
Verifies that allocation pools are set only for specific subnet request.
For any subnet request allocation pools can not be set manually
- _validate_ip_version_with_subnetpool
Verifies that subnet has the same ip version as subnet pool
Partially-Implements: blueprint neutron-ipam
Change-Id: I63f6aa2a0c94c3437fa624ac800943976f4fc50f
commit 29bb401973af81f4a4b8a667f8b7445e19e017da
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Thu Jun 18 15:24:44 2015 +0300
Move _delete_port
Pluggable ipam implementation will do additional actions on port
deletion (deallocate ip using ipam driver).
Existing _delete_port code will be resused.
Moving _delete_port to ipam_backend_mixin to make this code
accessible and extendable by both backends (pluggable and non
pluggable).
This commit is a preparation step before pluggable ipam implementation
can be used.
Partially-Implements: blueprint neutron-ipam
Change-Id: If6cd623aad9e5501a26e5fb8cdecd5f55e85cd05
commit c0ef7a8f4546cd3c081a61c742dd9ed70ec2c147
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Thu Jun 18 14:52:24 2015 +0300
Decompose create_port and save_subnet
This commit is a preparation step for enabling pluggable ipam.
Some actions in create_port and save_subnet are specific for
non pluggable ipam implementation.
- create_port
Moved allocation ips for port and storing results into separate method
_allocate_ips_for_port_and_store.
Moved to ipam_non_pluggable_backend, since pluggable implementation will
be different due to rollback on failure logic included.
- save_subnet
Moved saving allocation pools into new method _save_allocation_pools.
Moved to ipam_non_pluggable_backend, since pluggable ipam implementation
does not need to save IPAvailabilityRange (availability ranges are
maintained by ipam driver for pluggable case)
Partially-Implements: blueprint neutron-ipam
Change-Id: I4a3e5d7f3aa54630279d9589225a509c96ed2186
commit ee14186fbb2486f9088103e9621bc366cc64c552
Author: Henry Gessau <gessau at cisco.com>
Date: Sun Jun 21 01:30:05 2015 -0400
Allow setting Agents description to None
Fix the validator for the 'description' attribute of Agents, allowing
it to be set to None.
Fix an API test that had two problems:
1. It was not restoring the description to the agent it had updated
2. It was retoring the description to '' instead of None.
Closes-Bug: #1466642
Change-Id: I50723e1346be0953d26216ba24907bac008ccfb6
commit d0d62927e661c84003845a61d2b991a54e723ed4
Author: Darragh O'Reilly <darragh.oreilly at hp.com>
Date: Sat Jun 20 11:55:27 2015 +0000
Fix RPC version to be a string
The RPC version was being passed as a float which caused an
exception.
Change-Id: I2a2888fcafcc426009fc841b81049a22e072ce75
Closes-Bug: #1467087
commit 35654ec23ef9db6bda313ea300ab76c287a98ceb
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Mon May 25 15:20:05 2015 +0300
Decompose DVR CSNAT L3 Agent from Compute Node L3 Agent
Currently the same dvr router class is used both by the L3 Agent
in the compute nodes that is responsible for the virtual routers
namespace and the fip namespace and also used by the centralized
SNAT L3 Agent in the network node.
This is the first step to decompose the two into different
classes.
The above means that we have one class of DVR router which is used
for two jobs (the virtual router namespace wiring and the fips wiring
in the compute node in one hand and the centralized snat wiring in the other)
The end goal of this patch is to separate the two into different classes
which will also help maintaining it and also help projects that want
to use one but not the other (for example only use the centralized
SNAT behaviour with there own DVR implementation)
Change-Id: I581a097b9e7c49f20d0eb0e4ca66a25e90d9511b
Partial-Bug: #1458541
Partially-Implements: blueprint dvr-router-code-decompose
commit 0e48d9d203619f50adae94ddb6bbccd28f381737
Author: Davanum Srinivas <davanum at gmail.com>
Date: Sun Jun 7 10:10:18 2015 -0400
cleanup openstack-common.conf and sync updated files
Periodic update of latest files from oslo-incubator
Change-Id: Ie7eb02e4e9277c18abfb438b6cf710e0aa426b15
commit 74b0c53da5d7e4305606c100becf34966d8af350
Author: Oleg Bondarev <obondarev at mirantis.com>
Date: Thu Jun 11 13:38:55 2015 +0300
Fix l3 agent to not create already deleted router
In case router is deleted during l3 agent resync,
the "deleted" event is processed with higher priority, then
resync event for the router may be processed which will recreate
already deleted router.
This happens due to timestamp not being properly updated for deleted
router in router processor.
The fix adds timestamp update for deleted router.
Functional test will be updated in a follow-up patch
Logging was improved to make debugging a bit easier.
Closes-Bug: #1455439
Change-Id: I2d060064acccc10591a3d90be9011f116548cfce
commit 4f5171d2cedb32fdc5a59d241e7ae91c7284b75c
Author: Cyril Roelandt <cyril at redhat.com>
Date: Fri Jun 19 13:24:34 2015 +0000
Python3: do not use '+' on dict_items objects
In Python 3, dict.items() returns an iterator. Iterators cannot be added.
Blueprint: neutron-python3
Change-Id: I487178ebceae9946cb53dea1e847d7715f4577f3
commit b336b7c438f3f5d4ee8d23d6bb2d2cf8fe1657f4
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Fri Jun 19 15:52:35 2015 +0200
Disable keepalived process in keepalived func test
Previously, keepalived process itself was disabled that lead to
respawning of keepalived by KeepalivedManager. This patch disables
KeepalivedManager in cleanup thus no respawn happens.
Closes-Bug: #1466873
Change-Id: If5524116e5d4fc41600920d31481282c5b797f7b
commit a4b17cbb80b48c8e4bcd7cc005139f8e66066d68
Author: Cyril Roelandt <cyril at redhat.com>
Date: Thu Jun 18 11:52:28 2015 +0000
Python3: do not use im_self/im_func/func_closure
One should use __self__, __func__ and __closure__ instead, as they work
with both Python 2 and 3.
Change-Id: I2b2847cfd5b4fa70e45387ff369240227ce9e526
Blueprint: neutron-python3
commit 432567f9477eadd840e407c5c057fc664e46d731
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Wed Jun 17 15:48:09 2015 +0300
Add request factory for pluggable IPAM
Pluggable IPAM implementation requires separation between requesting
address/subnet and it's actual allocation, which can happen on
third-party IPAM servers. Request factory stands for simplifying
building right request from input.
Added AddressRequestFactory and SubnetRequestFactory.
AddressRequestFactory creates instance of AnyAddressRequest or
SpecificAddressRequest depending on presence of ip address in input.
SubnetRequestFactory creates instance of AnySubnetRequest or
SpecificSubnetRequest depending on input.
get_subnet_request_factory and get_address_request_factory can be
redefined on driver level to use custom request factories.
Partially-Implements: blueprint neutron-ipam
Change-Id: Iedc0cfa326d60810099148f0ef8a1edac9e8aa12
commit 870fb38b1c7ddd5ddb399e6ff13a4f7992f8f9a6
Author: Cyril Roelandt <cyril at redhat.com>
Date: Fri Jun 19 13:59:46 2015 +0200
Python3: use dict.keys() instead of dict.iterkeys()
The "keys" method works on both Python 2 and 3, and the performance
impact should be negligible.
Change-Id: I4771797859666000921e4e38cc5de72a8c084ca0
Blueprint: neutron-python3
commit 538a7bf3c73d968185590d81a9b3a6523190aeb4
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Tue Jun 9 03:41:07 2015 -0700
NSX QoS ext: RXTX factor can be decimal
In Nova flavors it is ok to specify a decimal RXTX factor.
For this reason when applying QoS to a port Neutron should not
convert this factor to an integer value, but simply ensure
it's a valid float number and positive.
Partial-Bug: #1463363
Change-Id: I983123ef7fd8f1b52b358aff3b579459fce63033
commit 5aaae68e5148f01e78a5e6013dce797dd42c1917
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Thu Jun 18 14:17:58 2015 +0300
Move _add_auto_addrs_on_network_ports
Moved to ipam_non_pluggable_backend.py since implementation
is specific for non pluggable ipam backend.
Pluggable implementation will additionally include rollback on failure actions.
This commit is a preparation step for using pluggable ipam.
More changes in this methods are expected to be done by following
patches.
Partially-Implements: blueprint neutron-ipam
Change-Id: I1876846526e370a7fcfa05b9a23fd9065973f111
commit 6669ee9af6bd635ae7efbc2f02e10914549ef708
Author: Lucas Alvares Gomes <lucasagomes at gmail.com>
Date: Thu Apr 9 14:02:36 2015 +0100
DHCP agent: Set an "ipxe" tag to work with Ironic
Ironic expects neutron to have an "ipxe" tag for the option 175 which is
sent by iPXE/gPXE when booting a node. The problem is that up to now this
tag was not created by Neutron, causing the nodes deployed with Ironic
+ iPXE to fail to boot. This patch is creating this tag when launching
the dnsmasq process.
DocImpact
Change-Id: I45a0f51365b37e7d85848fcdcbcf7aa6a1dddfed
Closes-Bug: #1442123
commit 735f193668d61dd7c09f710e555ab91d1d91abe6
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Wed Jun 17 18:47:11 2015 +0300
Remove _check_ip_in_allocation_pool
_check_ip_in_allocation_pool is not used anywhere in neutron.
Cleaning up unused code from db_base_plugin_v2.py.
Caller was removed over a year ago in change
Ib31550fa9000fc75768a327cb6cc1c419e06568f
Partially-Implements: blueprint neutron-ipam
Change-Id: I41b7254835c308dda679ee2a5ebbccba528fd108
commit e3710f59481b4f9c3430228e8f074c845e93fbe7
Author: shihanzhang <shihanzhang at huawei.com>
Date: Mon Jun 15 14:51:16 2015 +0800
Don't delete DVR namespace if there are still ports on this node
Skip deleting DVR namespaces if they contain ports in the BUILD or
DOWN status.
Change-Id: I026f2014ede800c0f4532ca15f1fccdaa59d5b61
Closes-bug: #1464527
commit 345ffb99ef92f567562c178c57b9c110740a3767
Author: Doug Wiegley <dougw at a10networks.com>
Date: Thu Jun 18 18:13:43 2015 -0600
Updated from global requirements
Since we can't merge proposal bot at the moment, due to a conflict with
setup.py, at least get our reqs files up to snuff.
Change-Id: Ie313c81502dfe17a4afdcfdba4e207b9866e1399
commit 42826a0e64b3499cda065fd9ffdf0b5af5754c85
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Jun 15 16:06:21 2015 +0200
Fixed the only sphinx warning in docs
We made previous attempt to get rid of all warnings, but it turned out
that gate does not execute tox's docs job but runs build_sphinx
directly.
The latter behaviour should be fixed, but while at it, we
should prepare neutron job to be executed in gate by cleaning up all
warnings.
Closes-Bug: #1466554
Change-Id: I8c265eae2175425568479116d1faef7d87fdcc02
commit 63e318f5f8159f108cf1e7a82c952fa5f882870f
Author: Moshe Levi <moshele at mellanox.com>
Date: Thu Jun 11 12:24:03 2015 +0300
Fix SR-IOV mech driver to set port status to down when agent is required
SR-IOV mech driver has 2 modes agent and agent-less. Currently in both
modes port status are active. This patch update the port status to down
when using agent mode. This will allow the SR-IOV agent to get port
update notification and apply its additional functionality
when launching vm.
Co-Authored-By: Berezovsky Irena <irenab.dev at gmail.com>
Closes-Bug: #1464186
Change-Id: Ibd9b31b4f2393b8732253d5cbfd36e8b5614860d
commit cdde9a3aeb929e80aa3c251a44060b8174ab7b6c
Author: venkata anil <anil.venkata at enovance.com>
Date: Thu Jun 18 10:03:12 2015 +0000
read_hosts_file_leases shouldn't parse stateless IPv6
Error when _read_hosts_file_leases tries to parse stateless IPv6 entry
in hosts file
TRACE neutron.agent.dhcp.agent ip = host[2].strip('[]')
TRACE neutron.agent.dhcp.agent IndexError: list index out of range
Neutron creates entries in dhcp host file for each subnet of a port.
Each of these entries will have same mac address as first field,
and may have client_id, fqdn, ipv4/ipv6 address for dhcp/dhcpv6 stateful,
or tag as other fields.
For dhcpv6 stateless subnet with extra_dhcp_opts,
host file will have only mac address and tag. So _read_hosts_file_leases
shouldn't check for ip address for this entry in host file.
Closes-bug: #1465330
Change-Id: Iad6605ac5c7bcd6ec9204352037ed021f5007738
commit 31f846c1b9fa17d1812f78dffe1dcf883da52bab
Author: shihanzhang <shihanzhang at huawei.com>
Date: Fri Jan 30 09:50:52 2015 +0800
Fix 'router_gateway' port status can't be updated
when it creates a ovs bridge without parameter 'bridge-id',
it's default 'bridge-id' is None, so ovs agent should also
deal with these ovs bridges, for example if ancillary bridge
br-ex does not be handled, the 'router_gateway' port status
can't be updated.
Change-Id: If428eadadfd36a9b19ea75920120e48ac49659f2
Closes-Bug: #1416181
commit 2db459f284002e45497d768a8a53c9b43d045d45
Author: Doug Hellmann <doug at doughellmann.com>
Date: Tue Jun 16 19:49:15 2015 +0000
Update version for Liberty
Update the version for Liberty, switching from date-based versioning
to pre-versioning using SemVer. See
http://lists.openstack.org/pipermail/openstack-dev/2015-May/065211.html
and
http://lists.openstack.org/pipermail/openstack-dev/2015-June/067082.html
for details.
Change-Id: I6a35fa0dda798fad93b804d00a46af80f08d475c
commit 98d0be2f82523a40e630cf08dd8479b4cbb48add
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Jun 17 11:33:56 2015 -0700
Add networking-sfc to the list of affiliated Neutron projects
The project is being bootstrapped in [1,2], this change reflects
that in the sub_projects doc.
[1] I3825a1e02713f45e2c769eaa8fd0f1ab48d14372
[2] Iec53129d7c19620d690e71032c83907f03c66d9f
Change-Id: I7c235bfe444bbb9afc7d4d8c92704c9bfc09ab49
commit 315b10dc9fa7b8d889a24e0c6cdf72f5341d92d5
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Jun 17 11:31:01 2015 -0700
Minor improvements to sub_projects document
Let's remove the empty table, to cut down the risk of inconsistency,
and further explain what the list of affiliated project is for.
Change-Id: I3c8970db8de4fc211233903e8220cda72d47e193
commit 53209ca19ac2116d293b6fbc7b31254cb27a3ecb
Author: Cyril Roelandt <cyril at redhat.com>
Date: Wed Jun 17 14:25:56 2015 +0000
Python 3: do not use cmp(), nor sorted(..., cmp=...)
* The "cmp" function has been removed, so we must not use it any more;
* The "cmp" keyword argument of the "sorted" function has been removed, so
replace it with "key=functool.cmp_to_key".
Change-Id: Ic39d29dc1002a68f36f04c32e53a36bc826dce78
Blueprint: neutron-python3
commit 4a73ab99c9fcc63adbbb41d4a9b9ba8669afdc61
Author: Miguel Angel Ajo <mangelajo at redhat.com>
Date: Tue Jun 16 13:48:26 2015 +0200
Move get_inteface_by_ip from LinuxBridge class to ip_lib
get_interface_by_ip is moved fro LinuxBridgeManager to ip_lib
as a more generic get_device_by_ip.
System-faking unit tests have been switched for functional
testing that also performs a negative test.
This can be reused in the openvswitch-agent code to validate
local_ip reusing the LinuxBridge logic.
Change-Id: I9237871a6e24dd99556c71844624be510e20d289
Related-Bug: #1464178
Related-Bug: #1408603
commit 76dd333167920f447bdbedbbee10fdab593abe5b
Author: Vladislav Belogrudov <vladislav.belogrudov at oracle.com>
Date: Wed Jun 17 14:02:22 2015 +0300
Fix cisco_csr_identifier_map.ipsec_site_conn_id
Some database engines require exact match of sizes of foreign keys
and referenced fields. Foreign key ipsec_site_conn_id of table
cisco_csr_identifier_map is varchar(64) but it references field
id varchar(36) of table ipsec_site_connections. This gives error
while running migration scripts in such databases.
This fix only applies to new installations. Existing databases will
be corrected by migration scripts introduced in
https://review.openstack.org/190569 - they will take care of resizing
the field and adjusting the model.
Change-Id: I6cc9625a2d96d1330b06eb727cc7fa5363c697b8
Depends-On: I384a9bbaba05ef94174b666bdcfb276eedc74134
Closes-Bug: #1463806
commit 7a7377681133785e12a296ff7077b039708da97d
Author: Thomas Morin <thomas.morin at orange.com>
Date: Wed Jun 17 12:13:35 2015 +0200
fix rootwrap debug filter for ping all
NeutronDebugAgent.ping_all calls ping with "-c 1 -w <number>' so
the filter should accept this order, and not only "-w .. -c ..".
Not changing the existing filter to not break other tools
that might use -w -c in that order.
Change-Id: I5b3d67dfcdc15c53ac3bf2fb39de29fd97e98a19
commit 7d704db18ec7635328bfce7dc6e936151f264f1f
Author: Aman Kumar <amank at hp.com>
Date: Tue Jun 16 23:16:24 2015 -0700
Refactor rpc_loop() in ovs neutron agent
This patch segregates the port_info recieved by
scan_ports and scan_ancillary_ports.
This refactoring is basically required for this patch set:
https://review.openstack.org/#/c/165023/
Co-Authored-By: Romil Gupta <romilg at hp.com>
Change-Id: I9b43c230cda9d2659ad0e806bebe8a3dc12826ec
Partial-Bug: #1329223
commit 4e77442d529d9803ff90de905b846af940eaf382
Author: Kevin Benton <blak111 at gmail.com>
Date: Sat Jun 13 18:45:19 2015 -0700
Add deadlock retry to API and ML2 RPC port update
With the switch to the pymsql SQL driver, eventlet will now yield
during database transactions. This greatly increased our probability
of multiple coroutines running transactions on the same table that
result in deadlocks.
These deadlocks could result from many things including the following:
* a coroutine holding a pessimistic "SELECT for UPDATE" lock when
another tries to update the locked records
* two coroutines both issue update statements using a WHERE clause
invalidated by the other update (e.g. from a compare and swap approach)
* two coroutines insert records that, when combined, violate a unique
constraint on the table in a master-master Galera deployment
* any two workers using "SELECT for UPDATE" in a master-master Galera
deployment (write-set certification failure translates to deadlock)
This problem is exacerbated by the switch to multiple API and RPC
workers, each of which can lead to most of the errors above even
without the switch to pymysql.
This patch adds a deadlock retry decorator to the delete, create,
and update methods at the HTTP API layer. Additionally, it adds a
decorator to the update_port_status AMQP API in ML2 since it updates
the port table, which is a heavily locked table by ML2 making it a
prime candidate for deadlocks.
Nova has had relied on the deadlock retry mechanism for quite some
time now. We were limping along by not using additional workers and
by relying on the unyielding nature of the MySQL C driver to
serialize everything.
Closes-Bug: #1464612
Change-Id: I635cc49ca69f589f99ab145d4d51e511b24194d2
commit 95b6a74af10e2150b017647028de8454ef1cda2f
Author: Aaron Rosen <aaronorosen at gmail.com>
Date: Tue Jun 16 17:23:09 2015 -0700
ovsdb: session.rpc never initialized
Previously, if idl.Transaction.commit_block() returned a status of
TRY_AGAIN we would check self.api.idl._session.rpc.status which would
result in an attribute error as rpc is None.
This patch fixes this attribute error by removing this unneeded check. In
addtion, the force_reconnect() is also removed as ovs.jsonrpc handles
reconnecting automatically for us.
Change-Id: Ibf3ce5cd3432845f8938a1d83637ecf59b14b5ca
Closes-bug: 1465889
commit fc0c3a83659a86453acd5745a5632729b99cb3de
Author: Rawlin Peters <rawlin.peters at hp.com>
Date: Mon Jun 15 10:57:02 2015 -0600
Remove duplicated debug logging around locking
Currently, iptables_manager.py does extra unnecessary logging about lock
acquisition and release. It uses lockutils.lock() which passes
do_log=True by default, which causes lockutils.lock() to do debug
logging about lock acquisition/release. IptablesManager itself also writes
debug log info about lock acquisition and release.
This change will eliminate unnecessary duplicate logging in order to
reduce log noise about locking. This change is also related to
https://github.com/harlowja/fasteners/commit/f88f2fea7fe250b7d26cdcbc84633ccbbc68eeee
which reduces the logging level in the underlying lock implementation
used by oslo.concurrency. That change along with this one will remove
the duplicate debug logging about locking in iptables_manager.py and also in
ipset_manager.py.
Change-Id: If6f4a7101f3783ad83645e28bbb5c577dd403d3b
Closes-Bug: 1464727
commit 8f2014ea556404fb99c78add1e46b80c718cf491
Author: Aman Kumar <amank at hp.com>
Date: Tue Jun 16 05:32:44 2015 -0700
Refactor scan_ports() and update_ancillary_ports() in OVS Neutron Agent
Used a helper method which contains the common code from scan_ports()
and update_ancillary_ports(). And also renamed the name of
update_ancillary_ports() method to scan_ancillary_ports() to have parity
between normal ports and ancillary ports.
Added unit tests for scan_ancillary_ports.
Co-Authored-By: Romil Gupta <romilg at hp.com>
Partial-Bug: #1329223
Change-Id: I8b3e00a9371d5a03cc8b4be24bf20eec10bef5df
commit 4f46d2ae3a089f36512fae3bf49f155927095922
Author: Cyril Roelandt <cyril at redhat.com>
Date: Tue Jun 16 13:38:13 2015 +0000
Python3: do not change the size of a dict while iterating over it
This does not work in Python3, so we have to store the items first.
Change-Id: I7d8641f980fe62d2900559433d5060a6281a97f8
Blueprint: neutron-python3
commit 0488ac707493575e084f02273df2c4ec598541ba
Author: Elena Ezhova <eezhova at mirantis.com>
Date: Mon Jun 1 12:34:41 2015 +0300
Refactor TestRpcWorker and TestWorkerService
TestRpcWorker and TestWorkerService have a duplicate test_reset.
This patch introduces a base class from which tests for service
workers can inherit.
Change-Id: Ic4690c3b066b03c2fbb463f1329208ad1307d83d
commit fca84f69659e4e81790de405213f31e80fd8c239
Author: Ann Kamyshnikova <akamyshnikova at mirantis.com>
Date: Tue Jun 2 18:45:51 2015 +0300
Juno_initial migration
Havana was deprecated with the kilo release, and icehouse will be
deprecated with the liberty release, so havana_inital migration should be
removed and replaced with juno_initial.
Closes-bug: #1461103
Change-Id: I2e6802c9ab64d164bd888278d555dfeeaf47257b
commit 037f3111cd3968ff00593387daf2b832761e5ef4
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Tue Jun 16 09:21:42 2015 +0200
docs: added job to well known tox envlist
This is to make 'tox -l' return the job name in its output (needed to
allow run-docs.sh script in project-config to determine whether the job
is present, to rely on it when generating docs in gate).
Change-Id: I80eb169b7b4e5a3490586722c64394dbb724928d
commit 9fc422a93a00f4126e91fa79ffcd43903ea9c8ac
Author: Sean M. Collins <sean at coreitpro.com>
Date: Mon Jun 15 13:51:05 2015 -0400
API Extensions: inherit from the ExtensionDescriptor
For consistency in the codebase, API extensions should inherit from the
abstract base class ExtensionDescriptor.
Change-Id: Id4829c265866e80c042c433bebcc01383e1e7417
commit 34aa030847ed24ad6ca7759459cbe9a6d0f43db3
Author: Henry Gessau <gessau at cisco.com>
Date: Mon Jun 15 14:47:21 2015 -0400
Remove fossilized remains
Clean up ancient stuff that hasn't been touched in over 3 years.
Change-Id: I67fcd85027fb6614cafe8d92ddbf8c24aed58a4f
commit f88f3dc8d6f7240d6c0d9d5006345b3a797ae067
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Wed Jun 10 16:18:40 2015 +0300
Refactor update_port in db_base_plugin_v2
This commit is a preparation step for using pluggable IPAM.
- moved validations into _validate_port_for_update;
- updating ip addresses for port is backend specific, so
moved into _update_port_with_ips in ipam_non_pluggable_backend;
- writing port changes to db is common for both backends, so
moved into _update_db_port in ipam_backend_mixin;
- updated to use namedtuple to track add/original/remove ips;
- added _make_fixed_ip_dict to exclude keys other than
ip_address and subnet_id;
Partially-Implements: blueprint neutron-ipam
Change-Id: I1110e88f372b1d0cc7ec72049ba69a6d548da867
commit a89f99c6b700b1c6f918fe359c7271ac25ed4bc4
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Wed Jun 10 14:56:58 2015 +0300
Refactor _update_ips_for_port
This commit is a preparation step for using pluggable IPAM.
_update_ips_for_port was refactored and split into two methods:
- _get_changed_ips_for_port
This method contains calculations common for pluggable and
non-pluggable IPAM implementation, was moved to ipam_backend_mixin.
- _update_ips_for_port
This method is specific for non-pluggable IPAM implementation, so it
was moved to ipam_non_pluggable_backend_common.
Other changes:
- _update_ips_for_port now returns namedtuple with added, removed, original
ips (previously added and original ips were returned).
List of removed ips is required by pluggable IPAM implementaion
to apply rollback-on-failure logic;
- removed unused port_id argument from _update_ips_for_port argument list;
Partially-Implements: blueprint neutron-ipam
Change-Id: Id50b6227c8c2d94c35473aece080a6f106a5dfd8
commit a8619e9bd1247e8ec494c456aee9ee7163231f62
Author: Cyril Roelandt <cyril at redhat.com>
Date: Mon Jun 15 15:07:28 2015 +0000
Python 3: use dict.values instead of dict.itervalues
This works with both Python 2 and 3, and should not have any performance
impact.
Change-Id: I2a14945c60de513b91c6f022ff5dcc503ce2a8ad
Blueprint: neutron-python3
commit 62faedddf2b0315484a04bd9092e96a3a828e46a
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Jun 15 16:15:11 2015 +0200
Put output of docs job into doc/build/html
This is the path where jenkins/scripts/run-docs.sh that is used by gate
to generate project documentation expects to see the output.
Change-Id: Id276fa59edb33f7789ab06055300b4dc2385472a
commit ad1c7a35dec614a26de0a426950fa005df5f489d
Author: Sean M. Collins <sean at coreitpro.com>
Date: Wed Jun 10 10:23:44 2015 -0400
Remove get_namespace from API extensions
Based on the conversation on the ML.
http://lists.openstack.org/pipermail/openstack-dev/2015-June/066219.html
APIImpact
DocImpact
Closes-Bug: #1464023
Depends-On: 6f900fc429bf24cb31e0d2f149aa732055fd5956
Change-Id: I3c406910991c33cf959c5345d76153eabe3ace2d
commit b370c69b75fe38cd285512f9516ce428e8a806dd
Author: Cedric Brandily <zzelle at gmail.com>
Date: Tue Jun 9 16:00:58 2015 +0000
Ensure no "db" related functional/fullstack tests are skipped in the gate
Currently neutron uses MySQLTestCase[1] and
PostgreSQLOpportunisticTestCase[2] for functional and fullstack tests
using a real MySQL/PostgreSQL database. These classes skip tests when
the db is unavailable (db not installed/configured, missing packages,
etc.) which is fine when tests are runned by developers but not when
runned by the gate jobs.
This change updates MySQLTestCase[1] and defines PostgreSQLTestCase[1]
as PostgreSQL oslo.db test class wrapper: when the db is unavailable,
these classes ensure tests will:
* fail in the gate (dsvm-functional, dsvm-fullstack jobs),
* be skipped by default otherwise (functional, fullstack jobs).
[1] neutron.tests.common.base
[2] oslo_db.sqlalchemy.test_base
Closes-Bug: #1404093
Change-Id: I77b12e728ce9a7b0222c3df081842635f6375a3e
commit 278a5fce29504c43d669feed210f7b3627616e22
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed Jun 10 22:35:11 2015 +0200
Use PyMySQL in MySQL related functional/fullstack tests
mysql-python driver has been replaced by PyMySQL driver[1] in neutron
code but MySQL related functional/fullstack tests try to use
mysql-python driver because of MySQLOpportunisticTestCase[2] and tests
are skipped because mysql-python driver is no more available.
This change provides a backend implementation for mysql+pymysql, a base
base testcase MySQLTestCase[2] using mysql+pymysql implementation
(currently oslo.db provides none of them but will in the future) and
replaces MySQLOpportunisticTestCase with MySQLTestCase.
[1] I73e0fdb6eca70e7d029a40a2f6f17a7c0797a21d
[2] neutron.tests.common.base
Closes-Bug: #1463980
Change-Id: Ic5c1d12ab75443e1cc290a7447eeb4b452b4a9dd
commit 1318437a0caf38e695a819848832a955fef7d909
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Fri Jun 5 01:46:22 2015 +0400
Skip rescheduling networks if no DHCP agents available
This eliminates the problem of unscheduled networks in case
of communication failure between agents and servers which
can occur if messaging queue service fails.
Change-Id: Ied4fa301fc3d475bee25c47f3a01c2381ae9a01e
Closes-Bug: #1461714
commit bb846c89ee120662eabdd4b0136fac82de076777
Author: Russell Bryant <rbryant at redhat.com>
Date: Fri Jun 12 21:26:37 2015 -0400
Reflect project moves from stackforge to openstack.
Several git repos were just moved from stackforge to openstack.
Reflect the move in various places where the URL was in docs and
comments. In passing, also change URLs to git.openstack.org instead
of github, as that is the official home of all of these repos.
Change-Id: I6c79a192d6604cef01e88d5b305fcc2b0f9c6b30
Co-Authored-By: Kyle Mestery <mestery at mestery.com>
Signed-off-by: Russell Bryant <rbryant at redhat.com>
Signed-off-by: Kyle Mestery <mestery at mestery.com>
commit 1710f7c72f2c509d1009ee36ba4f66b298967fe9
Author: Kobi Samoray <ksamoray at vmware.com>
Date: Thu Jun 4 15:49:13 2015 +0300
VMWare NSXv: Add distributed URL locking to ini
NSXv plugin supports distributed locking using tooz library.
This patch adds the required parameter to the ini file.
DocImpact
Depends-On: Icbcec938c1c5ae7a528350f2f283388b81fa66b7
Change-Id: I8a7c36d044c4be29b0dfa3fbb8e9379723cebd61
commit 9952abaab182f3ec701aad2397d6f3fcc0bacc7f
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Mon Jun 8 14:15:30 2015 +0300
Decompose db_base_plugin_v2.py with changes
This commit is a preparation step for using pluggable IPAM.
1. Moved get_subnets functionality to db_base_plugin_common to make it
accessible by ipam backends.
2. Reworked update_subnet routine:
- moved db part into update_db_subnet;
Partially-Implements: blueprint neutron-ipam
Change-Id: Idb8f54d9fccaad1137222d156590c37d86aa576b
commit a5bf502fab57453a1aedd3a53ce89eaf464e1cd9
Author: Cedric Brandily <zzelle at gmail.com>
Date: Fri Jun 12 21:11:02 2015 +0200
Remove duplicate tunnel id check in sync_allocations
Currently, gre/vxlan sync_allocations and _parse_tunnel_ranges both
check tunnel id values. This change removes the check in gre/vxlan
sync_allocations as they duplicate _parse_tunnel_ranges check and is
less fine.
Change-Id: I5827468aeaec5d6c79d469132b129aeb7da171e2
commit 901e6ae6fb05d65ccfc4a6602de4160c3a34031e
Author: Akihiro Motoki <motoki at da.jp.nec.com>
Date: Sat Jun 13 02:14:17 2015 +0900
Remove meaningless no_delete from L3 test
no_delete parameter was removed in Kilo and it no longer
has any effect.
Change-Id: Idf0f3ac24b3978392222efbf465cc9e6cfd5d346
commit ba2c44ef000221f8a18274a9569838d8c26014c0
Author: armando-migliaccio <armamig at gmail.com>
Date: Fri Jun 12 08:58:05 2015 -0700
Revert "Revert "Set default of api_workers to number of CPUs""
This reverts commit 12a564cf03e612dda36df26df8d28dfc75f1af6e.
We should re-enable this feature on a controlled basis so that we can
flush out any outstanding issue we may have.
Related-bug: #1432189
Change-Id: I2cfd93fdb032b461022b729347390ff8636ccdeb
commit 89a83bf199e7ea75c04f3205ff77987feed13184
Author: rossella <rsblendido at suse.com>
Date: Thu Jun 11 10:43:36 2015 +0200
OVSNeutronAgent pass the config as parameter
Instead of using the global cfg.CONF, pass the config as parameter.
This is very useful to test the agent without having to override
the global config.
Change-Id: I45534d79e044da9f2be4d596a58310fb28b7bf22
commit 7e0222409dab6223579efea34ba0d3ccf93e11d3
Author: Pavel Bondar <pbondar at infoblox.com>
Date: Thu Jun 11 17:23:41 2015 +0300
Refactor _update_subnet_allocation_pools
Moved _update_subnet_allocation_pools to ipam_backend_mixin.py.
Call _rebuild_availability_ranges with self to make it overridable
on upper level (from non-pluggable backend).
Partially-Implements: blueprint neutron-ipam
Change-Id: If7b1e720f88a2f0177b6772a015ae216f19ee22d
commit 5ff082bcfe12647036e5b033bfc2bac514acdb42
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Tue Feb 24 15:47:01 2015 -0500
Stop sending gratuitous arp when ip version is 6
This fix prevents calls to the arping utility for IPv6
addresses, thereby eliminating errors reported by arping
for IPv6 addresses.
The assumption is that NDP, DAD, and RAs are sufficient
for address resolution and duplicate address detection
for IPv6, and that unsolicited Neighbor Advertisements (NAs)
are not required for OpenStack services. If this turns out
not to be the case for some service/feature, then a separate
bug should be filed to add support for unsolicited NAs for
that service.
Change-Id: I14f869b7d488d7e691f7316eafcab3064e12cda6
Closes-Bug: 1357068
commit 1552f311532fdbd03a79ecfc1fae488b072c5a14
Author: Ann Kamyshnikova <akamyshnikova at mirantis.com>
Date: Tue Jun 9 11:30:06 2015 +0300
Fix Enum usage in 589f9237ca0e_cisco_n1kv_ml2_driver_tables
PostgreSQL is more sensitive with types than MySQL, it creates a
separate type when a Enum is created. In migration 589f9237ca0e
type profile_type is trying to be created, but the type with such
name was already created in havana_initial migration.
The solution for this is not to create type in 589f9237ca0e
migration when dialect is PostgreSQL and use already created.
Closes-bug: #1463301
Change-Id: I66e74d50cc70673de8635616076779cc20cde113
commit cd56a657a19a5a756d191c614becfd3e386b3c80
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Thu Jun 11 06:03:07 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: If91f3ac94562cc5130dd5ea5ac5d71aec64b74e3
commit 7b51521e31f896d0095510b52644b728aaadca5a
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 10 21:45:41 2015 -0700
power grab
The current core reviewers hierarchy didn't have a place for the
parts of ML2 that weren't related to agent communication. For now
we can put all of ML2 under the built-in control-plane until we
decide it needs to be put somewhere else.
Change-Id: Ic4924e0041c4cbb955d8fac0f96ec56406d6466e
commit 1c29fab7cb3e586be72dd7910e2022b45c809c5f
Author: Brian Haley <brian.haley at hp.com>
Date: Thu Jun 4 23:54:31 2015 -0400
Change ensure_dir to not check directory exists first
I224be69168ede8a496a5f7d59b04b722f4de7192 added an EEXIST
check, so no need to check if the directory is already
there, just try and create it.
Change-Id: Iba51fc8263bf59326489319d0dd3f69af00a8eeb
commit 7c331be77fb6a835f1fb79c674d8d6c39c7eb357
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Jun 10 16:53:25 2015 -0700
Document existence of br-tun and br-int in the OVS agent
Question about the use of the two bridges has come up in the past
multiple times, so let's fill the gap in the developer documentation.
A user-facing documentation patch will have to follow up, if we want
to be very thorough.
Change-Id: I6dac0f9bdaf7b3b7bff8745d4103ccc71df61a0a
commit 9c8a19ba4032f98ecbffe53c4e731587550ded96
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed Jun 10 22:08:45 2015 +0200
Correct indentation in neutron.api.v2.attributes
This change corrects subnetpool resource definition indentation in
neutron.api.v2.attributes.
Change-Id: I6738ff6b73bd0b943cec32f14ccb8946ba28d2e3
commit fd85b3ead32cd988e93f1d33d219ffd52cd77a51
Author: Cyril Roelandt <cyril at redhat.com>
Date: Wed Jun 10 10:20:58 2015 +0000
Python3: replace 'unicode' with 'six.text_type'
In Python 3, 'unicode' does not exist; 'six.text_type' should be used instead.
Change-Id: I71011b4beee9817a61278eb473804cfb798de74a
Blueprint: neutron-python3
commit c34ce7c9845cc56f981e0ee8714d1f9345df5852
Author: Saksham Varma <sakvarma at cisco.com>
Date: Tue Apr 7 18:12:02 2015 -0700
Moving out the cisco n1kv section to stackforge
Since most of the n1kv plugin code resides in stackforge/networking-cisco
repo, it's best to move the n1kv section there
Change-Id: Ic1388980dea0d27dfa5e84869f1f20cc9bff78e5
Closes-Bug: #1441400
commit 27df3e9fb98407e94bdeb9df493a9a3a0be639ca
Author: Cedric Brandily <zzelle at gmail.com>
Date: Mon Jun 1 22:29:39 2015 +0200
Ensure no "agent" functional tests are skipped in the gate
Some "agent" functional tests[1] can be skipped if some requirements are
not satisfied in order to allow developers to run functional tests on
various environments. These tests should not be skipped in the gate.
This change defines the decorator no_skip_on_missing_deps[2] to ensure
no "agent" functional tests are skipped in the gate. More precisely
no_skip_on_missing_deps transforms a skipTest into an error in:
* dsvm-functional and dsvm-fullstack jobs,
* functional and fullstack jobs when OS_FAIL_ON_MISSING_DEPS is
evaluated as True.
The change enlarges OS_FAIL_ON_MISSING_DEPS environment variable scope
(ie: missing dependencies + system requirements).
[1] in neutron.tests.functional
[2] in neutron.tests.common.base
Change-Id: Iacd4a5ef249fc1d7c75135ead9d0cf99d8a98a06
Closes-Bug: #1459844
commit ca63dfd0f39c7d691247c146b7529937c5804c9e
Author: Romil Gupta <romilg at hp.com>
Date: Wed Jun 10 09:43:56 2015 -0700
Remove useless pass from methods in type_tunnel.py
The pass is useless because there is a docstring in the methods.
Generally considered as uncovered by coverage tool.
Change-Id: Id1275c51e9adb865a3da9f0db007f3092b55b140
commit 87fecfcc50f371d8dd593b3cd372da9db56f39c6
Author: Sean M. Collins <sean at coreitpro.com>
Date: Wed Jun 10 10:29:33 2015 -0400
Make Vlantransparent extension inherit from ExtensionDescriptor
Change-Id: Ic615578a1fe1d401b53d0b44ff5275d9518b97fd
commit eeacb95e65a749ce3a032246c36d10cad9df22b1
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Wed Jun 10 13:10:54 2015 +0200
Actually allow to pass TRACE_FAILONLY to ostestr
The comment below suggests to use TRACE_FAILONLY to fail quickly when
running unit tests, while tox 2.0 does not allow to pass envvars from
the cli caller unless they are explicitly mentioned in passenv=
directive.
Change-Id: I6861498e7609b0c21fad844009420ea9734e2352
commit 1c124a309bc941c078b8bb622ea248a3ed3829e1
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Tue Jun 9 11:28:10 2015 +0200
Switch to os-testr to control testr
It's a nice wrapper spinned out recently from tempest-lib that should
cover all our needs that we currently fulfill with pretty_tox.sh.
Change-Id: I2268ed45ab628fe5dcab657d6287594847ab587c
commit da42745c466c14e6dbe58cdbc830ae5d1c8bb114
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Tue Jun 9 16:08:50 2015 +0000
Introduce functions using arping executable
The arpinger is gonna be used in the next changeset introducing
connection testers.
Change-Id: I90ae32c2f52f1debfb11ae2a08b2828ee2be04cc
commit 328b72cf8c5f514434de0b73c9137bde52b5eeea
Author: Kevin Benton <kevinbenton at buttewifi.com>
Date: Wed Jun 10 07:04:25 2015 +0000
Revert "Defer segment lookup in NetworkContext object"
This reverts commit e61865807c4c8ff959a7746fe3e17f1ae574c9d0.
This patch likely violated the idea of a NetworkContext
being a snapshot of the network at the time it was created.
This needs a different approach.
Change-Id: I20b132a0181d35b0517330fb7fbf293c3e979d0e
commit e33d92c894df4664d01d040ba4305c7cb4ef6e27
Author: Fawad Khaliq <fawad at plumgrid.com>
Date: Tue Jun 9 22:18:18 2015 -0700
Added networking-plumgrid in plugin requirements
Closes-Bug: 1463665
Change-Id: I7152dedd83659ee51274be31ef305af9e82d695a
commit f08e9f1f53efa97e07f21ca72a940fcbeb4570e5
Author: Jeremy Stanley <fungi at yuggoth.org>
Date: Wed May 20 01:03:59 2015 +0000
Switch from MySQL-python to PyMySQL
As discussed in the Liberty Design Summit "Moving apps to Python 3"
cross-project workshop, the way forward in the near future is to
switch to the pure-python PyMySQL library as a default.
https://etherpad.openstack.org/p/liberty-cross-project-python3
Change-Id: I73e0fdb6eca70e7d029a40a2f6f17a7c0797a21d
commit 6886655b491aede40aa9f4a0bd4c6d402d5a7a78
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Tue Apr 28 04:59:35 2015 -0700
Context: Remove logic for read_deleted and deprecate it
The read_deleted parameter in the Context object is simply unused.
This patch removes associated logic, and for what is worth, adds
deprecation warnings against explicit usage of read_deleted when
creating a context instance, generate an admin context, and
elevating a context instance.
Change-Id: Ic69d22dc229ebe8fac1f6be0c4860d19732505b1
Closes-Bug: #1449462
commit 303f37f4e0c84f90e40b95731a828fc6ce8a0bbf
Author: Cyril Roelandt <cyril at redhat.com>
Date: Mon Jun 8 16:09:49 2015 +0000
Python 3: use next() instead of iterator.next()
The latter only works in Python 2.
Also define a __next__ method in the classes that define a next method.
Change-Id: Iaa1a1e500facab50d8bcdffda39ccad3f2e4e9bb
Blueprint: neutron-python3
commit 9143ce10e422bd17c4817dfe08163879e0e5a4ca
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Thu Apr 23 12:12:52 2015 +0200
Consume oslo.policy
Some non intrusive changes to tests are needed, so that we don't rely on
library symbols that are now private (f.e. parse_rule).
Closes-Bug: #1458945
Change-Id: I90326479e908042fec9ecb25fa19a8dd5b15e7d8
commit 66fece4f84e62f14fb59a721b37986784976d0c4
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Thu Apr 23 14:03:52 2015 +0200
policy: cleanup deprecation code to handle old extension:xxx rules
It served and warned users for enough time (since Icehouse) to be sure
everyone was notified about the need to update their policy file.
Change-Id: I240b935741e49fbf65c0b95715af04af4b2a73e7
commit 53ec63c430d123cd1ed4acd3b94537e9cb380bcd
Author: Romil Gupta <romilg at hp.com>
Date: Thu Jun 4 04:21:14 2015 -0700
Fix a regression in "Separate ovs-ofctl using code as a driver" change
The tunnels are not getting established between Network Node and
Compute Nodes in non DVR mode with l2pop enabled and throws
the AttributeError: add_tunnel_port.
This fixes a regression in change Ie1224f8a1c17268cd7d1c474ed82fdfb8852eaa8.
Co-Authored-By: YAMAMOTO Takashi <yamamoto at midokura.com>
Closes-Bug: #1461486
Change-Id: I1106fd3dd32f6f827eb25dec4815ff1120af96f0
commit 753196480d9cca10c5b91dfa8221e89f658fa110
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Wed May 27 13:54:06 2015 +0000
Break Pinger class to functions
As the class served only for storing parameters that can be passed as
actual function parameters, there is no reason for class.
Change-Id: I553b4d6daeb78d495cda09894582a3d885b5d1b5
commit 6d0d72973152bb45587437c80d4ffe0fe7bba761
Author: Elena Ezhova <eezhova at mirantis.com>
Date: Tue Apr 7 14:58:13 2015 +0300
Handle SIGHUP: neutron-server (multiprocess) and metadata agent
All launchers implemented in common.service require each service to
implement reset method because it is called in case a process
receives a SIGHUP.
This change adds the reset method to neutron.service.RpcWorker and
neutron.wsgi.WorkerService which are used to wrap rpc and api
workers correspondingly.
Now neutron-server running in multiprocess mode (api_workers > 0 and
rpc_workers > 0) and metadata agent don't die on receiving SIGHUP and support
reloading policy_path and logging options in config.
Note that reset is called only in case a service is running in daemon mode.
Other changes made in the scope of this patch that need to be mentioned:
* Don't empty self._servers list in RpcWorker's stop method
When a service is restarted all services are gracefully shutdowned,
resetted and started again (see openstack.common.service code).
As graceful shutdown implies calling service.stop() and then
service.wait() we don't want to clean self._servers list because
it would be impossible to wait for them to stop processing
requests and cleaning up their resources.
Otherwise, this would lead to problems with rpc after starting
the rpc server again.
* Create a duplicate socket each time WorkerService starts
When api worker is stopped it kills the eventlet wsgi server
which internally closes the wsgi server socket object. This server
socket object becomes not usable which leads to "Bad file
descriptor" errors on service restart.
Added functional and unit tests.
DocImpact
Partial-Bug: #1276694
Change-Id: I75b00946b7cae891c6eb192e853118e7d49e4a24
commit ea35b299f06050608f3e7bb6fbc880006ed31024
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 3 18:25:14 2015 -0700
Allow update_port_status to take network param
Allow the update_port_status function to take a network as
an optional parameter to skip calling get_network again if
the caller has already done so.
Closes-Bug: #1463656
Change-Id: I994f3abdb1b0ad3b2766f409b206ad4a8b2309b6
commit d0be7bc57f573d5696108b571c731decfbde9f0b
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Tue Jun 9 12:46:54 2015 +0200
Make pep8 job succeed when /etc/neutron/neutron.conf is not installed
Currently, if /etc/neutron/neutron.conf is not installed in the system,
neutron-db-manage fails in oslo.config code when trying to determine the
default configuration file to use.
Test job should not rely on any contents inside /etc/.
Instead, pass --config-file with test-only configuration explicitly into
the utility.
neutron.conf.test was renamed into neutron.conf since for some reason
oslo.config does not support a name that does not have .conf at its
filename end.
Change-Id: I719829fc83a7b20a49c338aaf1dbef916dcc768c
commit 826428dc8aeef124c2251624ae34fdc003e69ca4
Author: YAMAMOTO Takashi <yamamoto at midokura.com>
Date: Tue Jun 9 19:00:40 2015 +0900
Add a comment on _check_update_has_security_groups
Despite of its name, _check_update_has_security_groups can
handle create requests as well. There are plugins actually
using it for create. eg. ml2, vmware
Change-Id: I3c26ad0ac00b12ce24096bfc27606797af2d9098
commit 6b13cc5275df53c765c450d570521c425c3345d9
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Tue Jun 9 10:57:29 2015 +0200
Enable all deprecation warnings for test runs
We would like to catch all deprecation warnings during test runs to be
notified in advance about potential problems with next library releases
we depend on.
Change-Id: I876d8c4de88618b01898ab537a44920789d8178e
commit 734e77365b0f241a3cea0f3c9dfb1d5fcf6eac8c
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Fri Apr 17 15:00:20 2015 -0700
Remove get_admin_roles and associated logic
get_admin_roles was introduced so that contextes generated from
within plugins could be used for policy checks. This was the case
up to the Havana release as several plugins invoked the policy
engine directly to authorize requests.
This was an incorrect behaviour and has now been fixed, meaning
that get_admin_roles is no longer need and can be safely removed.
This will result in a leaner and more reliable codebase. Indeed the
function being removed here was the cause of several bugs where the
policy engine was initialized too early in the server bootstrap
process.
While this patch removes the feature it does not remove the
load_admin_roles parameter from context.get_admin_context. Doing so
will break other projects such as neutron-lbaas. The parameter is
deprecated by this patch and an appropriate warning emitted.
As a consequence neutron's will now no longer perform policy checks
when context.is_admin=True. This flag is instead set either when
a context is explicitly created for granting admin privileges, or
when Neutron is operating in noauth mode. In the latter case every
request is treated by neutron as an admin request, and get_admin_roles
is simply ensuring the appropriate roles get pushed into the context
so that the policy engine will grant admin rights to the request.
This behaviour is probably just a waste of resource; also it is not
adding anything from a security perspective.
On the other hand not performing checks when context.is_admin is
True should not pose a security threat either in noauth mode or
with the keystone middleware. In the former case the software keeps
operating assuming admin rights for every requests, whereas in the
latter case the keystone middleware will always supply a context
with the appropriate roles, and there is no way for an attacker
to trick keystonemiddleware into generating a context for which
is_admin=True.
Finally, this patch also does some non-trivial changes in test_l3.py
as some tests were mocking context.to_dict ignoring the is_admin flag.
Closes-Bug: #1446021
Change-Id: I8a5c02712a0b43f3e36a4f14620ebbd73fbfb03f
commit 89c0875178f22651109a85d3c522d80324368caf
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Mon Jun 8 14:27:47 2015 +0300
Add documentations for VXLAN Tunnels
The VXLAN type driver is currently supported, this patch add
description and links for more information to the user.
Change-Id: Idb221ca4cce1a3a27bebe5ae6fc1e6ab5d030836
commit e61865807c4c8ff959a7746fe3e17f1ae574c9d0
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Jun 3 19:03:29 2015 -0700
Defer segment lookup in NetworkContext object
Avoid call to get network segments for network context objects until
a caller actually tries to lookup the segments. This optimizes cases
where the user of a port context never looks at the segments of the
associated network context (e.g. update_port_status).
Closes-Bug: #1463254
Change-Id: I7e95f81d9a3ef26ccdb18c6bfdf9adc29523aa79
commit d0bbfc090bb25f1e05b98f0ad70c18209b87ed6b
Author: Zhenguo Niu <niuzhenguo at huawei.com>
Date: Tue Jun 9 08:28:45 2015 +0800
Fix typos in docs
Change-Id: I71aeb8f1e5fc5f3e330e593a463858dd65e6093b
commit b322ebae09cc59ed0a860ea6e39ed9b6fa6c5c12
Author: yuyangbj <yangyu at vmware.com>
Date: Wed May 13 14:07:36 2015 +0800
Fixes bulk insertion of data to ml2_port_binding
We should use schema definition to insert bulk of data to table.
Closes-Bug: #1454566
Change-Id: I66b3ee8c2f9fa6f04b9e89dc49d1a3d277d63191
commit 3a5a8a62c372f3a516caa59fd655dcf923a82519
Author: Kyle Mestery <mestery at mestery.com>
Date: Mon Jun 8 15:27:23 2015 +0000
Add Neutron PTL Office Hours
To ensure a weekly oppurtunity to sync between the PTL and the
Lieutenants, officially setup Neutron PTL Office Hours.
Depends-On: Ia5c8090e90939097104cb95c0aa3b883f7b4dd9b
Change-Id: Iab3c21764937ebb3a1d0553b3a3d42b5c44bf3cc
Signed-off-by: Kyle Mestery <mestery at mestery.com>
commit 00899b56213753d523842f29d50353a067df6064
Author: Cyril Roelandt <cyril at redhat.com>
Date: Mon Jun 8 14:42:18 2015 +0000
Python3: Enable all working tests in tox.ini
Thanks to the recent Python3-related changes, these tests can now be run on
Python 3.
Change-Id: I7f689e221e59128012d46da2c90e61d5206fe828
Blueprint: neutron-python3
commit 725543684cbe0df0edc4b6924f85e63e1628fa92
Author: rossella <rsblendido at suse.com>
Date: Thu Mar 5 09:24:10 2015 +0000
Add get_events to OVSDB monitor
OVSDB monitor can generate the events that the OVS agent
needs to process (device added or updated). Instead of
notifying only that a change occurred and that polling
is needed, pass the events to the agent
Change-Id: I3d17bf995ad4508c4c6d089de550148da1465fa1
Partially-Implements: blueprint restructure-l2-agent
commit b239f75644bfdfec86f8a8efdabd6b11b766e822
Author: shihanzhang <shihanzhang at huawei.com>
Date: Tue May 26 16:42:44 2015 +0800
Update ipset members when corresponding sg member is empty
if a security group has a rule with 'remote-group-id', the ports
in this security group should update its relevant ipset member
when the remote-group members is empty.
Change-Id: I980ebfd8f6537f803d9d5cbf21ca33f727fea3b3
Closes-bug: #1458786
commit 127de06c7e09e1468f2855a3033fb6193a6b9365
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed May 6 22:40:39 2015 +0200
Clean only floating-ip related connection states
Currently init_l3 deletes connection states related to ALL ips deleted
in init_l3 but it's required only when floating-ips are deleted[1].
This change deletes only connection states related to floating-ips
deleted in init_l3 ... it avoids to delete connection states in dhcp
agents and on router internal ports!
[1] look at change Ia9bd7ae243a0859dcb97e2fa939f7d16f9c2456c
Closes-Bug: #1452434
Related-Bug: #1334926
Change-Id: Icfcfc585df6fd41de1e1345fd731e4631a6950ce
commit 713ba0e8d7ce59eaff41518360530b2e7831c322
Author: Carl Baldwin <carl.baldwin at hp.com>
Date: Thu Jun 4 22:25:44 2015 +0000
Refactor awkward logic in setup_dhcp_port
I noticed this logic as I was reviewing another patch set [1]. I
didn't like removing subnet ids from dhcp_enabled_subnet_ids and I
wasn't too keen on the ips_need_removal semantics that were kind of
forced by the existing structure of the code. I hope you find this
alternative much clearer. I like straight-forward code with less
indentation that doesn't use awkward booleans like ips_needs_removal.
[1] https://review.openstack.org/#/c/157697/6
Change-Id: I8bd3d6924a855ea08f8096e66bd3bfbb165a4da3
commit 45b28ddfe8ac23871e65feb4132d5f048c783222
Author: Vincent Legoll <vincent.legoll at iphc.cnrs.fr>
Date: Fri Jun 5 13:05:48 2015 +0200
Fix typo in test class name
Make "Redering" -> "Rendering"
Change-Id: Ieedb446fa1e06705eb70293d83350d4dfd57d2db
Signed-off-by: Vincent Legoll <vincent.legoll at iphc.cnrs.fr>
commit 359b7c971a88f6dff64e8e4d558210a880f3ee0f
Author: Ian Wienand <iwienand at redhat.com>
Date: Thu May 7 14:59:38 2015 +1000
Ensure netfilter is enabled for bridges
Since security-groups use iptables rules on Linux bridges, we need to
ensure that netfilter is enabled for bridges. Unfortunately, there
seems to be a long history of distributions having differing defaults
for this, best described in [1].
It seems at the moment everyone has to discover this for themselves;
packstack found it in Ia8c86dcb31810a8d6b133a161388604fde9bead4, then
fuel found the same thing in I8582c24706c3a7253e00569eef275f116d765bca
and then finally someone else hit it and put it into documentation
with I4ed3cec03a1b3a7d56dfe18394154ec1b2db6791. I just spent a long
time figuring it out too when deploying with devstack.
Rather than having yet another fix in devstack, I don't see why
neutron shouldn't be ensuring the setting is correct when it starts up
-- without these settings enabled, security-groups are silently
broken. This does that, and modifies test-cases to check we make the
calls.
[1] http://wiki.libvirt.org/page/Net.bridge-nf-call_and_sysctl.conf
Change-Id: If2d316eb8c422dc1e4f34b17a50b93dd72993a99
commit 3682e3391f188845d0c7f382f0ccd4b38db3904e
Author: Cedric Brandily <zzelle at gmail.com>
Date: Mon May 4 23:36:19 2015 +0200
Ensure non-overlapping cidrs in subnetpools without galera
_get_allocated_cidrs[1] locks only allocated subnets in a subnetpool
(with mysql/postgresql at least). It ensures we don't allocate a cidr
overlapping with existent cidrs but nothing disallows a concurrent
subnet allocation to create a subnet in the same subnetpool.
This change replaces the lock on subnetpool subnets by a lock on the
subnetpool itself. It disallows to allocate concurrently 2 subnets in
the same subnetpool and ensure non-overlapping cidrs in the same
subnetpool.
Moreover this change solves a trouble with postgresql which disallows
to lock an empty select with an outer join: it happens on first subnet
allocation in a subnetpool when no specific cidr is provided. Moving
the lock ensures the lock is done on a non-empty select.
But this change does not ensure non-overlapping cidrs in subnetpools
with galera because galera doesn't support SELECT FOR UPDATE locks. A
follow-up change will (try to?) remove locks from subnet allocation[1]
in order to ensure non-overlapping cidrs in subnetpools also with galera.
[1] in neutron.ipam.subnet_alloc.SubnetAllocator
Closes-Bug: #1451558
Partial-Bug: #1451576
Change-Id: I73854f9863f44621ae0d89c5dc4893ccc16d07e4
commit 3d2543d710c7071ffeb5c9857ac30a4d95695a7b
Author: dql <duquanglong at gmail.com>
Date: Mon Mar 9 12:52:11 2015 +0800
fix DHCP port changed when dhcp-agent restart
When DHCP server is started, the periodic task is running
before loading cache state.The method port_update_end
need to use the cache information, but the cache information
has not been loaded.
Change-Id: I0d1da11bb559b7f0f9d4428b82573fb26916a933
Closes-Bug: #1420042
commit 6d15bf48ee27ceab64e88f81ba6433058313759a
Author: Cedric Brandily <zzelle at gmail.com>
Date: Sat May 9 00:52:29 2015 +0200
Remove from BridgeDevice homemade execute in namespace
Currently BridgeDevice[1] defines homemade execute with namespace
support but could use IPWrapper. This change replaces homemade
implementation with IPWrapper use to respect DRY principle.
[1] neutron.agent.linux.bridge_lib
Change-Id: I12d4d40432e57ce8b6960276c41321c1efd98705
commit 7260e0e3fc2ea479e80e0962624aca7fd38a1f60
Author: Henry Gessau <gessau at cisco.com>
Date: Mon Apr 27 09:59:21 2015 -0400
Run radvd as root
During the refactoring of external process management radvd lost
its root privileges.
Closes-bug: 1448813
Change-Id: I84883fe81684afafac9b024282a03f447c8f825a
(cherry picked from commit a5e54338770fc074e01fa88dbf909ee1af1b66b2)
commit 4e71c48bbfd5e8b8c59f0c45ade52ba8eddc8b63
Author: rossella <rsblendido at suse.com>
Date: Thu Jan 15 16:15:23 2015 +0100
Add devices to update in RPC call security_groups_provider_updated
When a security_groups_provider_updated is received then a global
refresh of the firewall is performed. This can be avoided if the
plugins pass as parameter of the call the devices that belongs to
the network updated.
Partially-Implements: blueprint restructure-l2-agent
Change-Id: I1e78f3a5ec7e5c5bcba338a0097566422411ef7e
commit d37e566dcadf8a540eb5f84b668847fa192393a1
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 24 00:35:31 2015 -0700
Don't resync on DHCP agent setup failure
There are various cases where the DHCP agent will try to
create a DHCP port for a network and there will be a failure.
This has primarily been caused by a lack of available IP addresses
in the allocation pool. Trying to fix all availability corner cases
on the server side will be very difficult due to race conditions between
multiple ports being created, the dhcp_agents_per_network parameter, etc.
This patch just stops the resync attempt on the agent side if a failure
is caused by an IP address generation problem. Future updates to the subnet
will cause another attempt so if the tenant does fix the issue they will
get DHCP service.
Change-Id: I0896730126d6dca13fe9284b4d812cfb081b6218
Closes-Bug: #1447883
(cherry picked from commit db9ac7e0110a0c2ef1b65213317ee8b7f1053ddc)
commit 38211ae67cb76ade85b08c028b6e88bfc867afc9
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Apr 20 17:06:38 2015 +0200
tests: confirm that _output_hosts_file does not log too often
I3ad7864eeb2f959549ed356a1e34fa18804395cc didn't include any regression unit
tests to validate that the method won't ever log too often again,
reintroducing performance drop in later patches. It didn't play well
with stable backports of the fix, where context was lost when doing the
backport, that left the bug unfixed in stable/juno even though the patch
was merged there [1].
The patch adds an explicit note in the code that suggests not to add new
log messages inside the loop to avoid regression, and a unit test was
added to capture it.
Once the test is merged in master, it will be proposed for stable/juno
inclusion, with additional changes that would fix the regression again.
Related-Bug: #1414218
Change-Id: I5d43021932d6a994638c348eda277dd8337cf041
(cherry picked from commit 3b74095a935f6d2027e6bf04cc4aa21f8a1b46f2)
commit 53b3e751f3c7b32bed48c14742d3dd3a1178d00d
Author: Maru Newby <marun at redhat.com>
Date: Thu Apr 9 17:00:57 2015 +0000
Double functional testing timeout to 180s
The increase in ovs testing is resulting in job failure due to
timeouts in test_killed_monitor_respawns. Giving the test more
time to complete should reduce the failure rate.
Change-Id: I2ba9b1eb388bfbbebbd6b0f3edb6d5a5ae0bfead
Closes-Bug: #1442272
(cherry picked from commit 81098620c298394e1a98127ceeba7f297db2d906)
commit 0536ec113bc438265ba547bb8a8006aa96e646e3
Author: watanabe.isao <zou.yun at jp.fujitsu.com>
Date: Wed Apr 15 15:48:08 2015 +0900
Restrict subnet create/update to avoid DHCP resync
As we know, IPs in subnet CIDR are used for
1) Broadcast port
2) Gateway port
3) DHCP port if enable_dhcp is True, or update to True
4) Others go into allocation_pools
Above 1) to 3) are created by default, which means if CIDR doesn't
have that much of IPs, subnet create/update will cause a DHCP resync.
This fix is to add some restricts to the issue:
A) When subnet create, if enable_dhcp is True, /31 and /32
cidrs are forbidden for IPv4 subnets while /127 and /128 cidrs are
forbidden for IPv6 subnets.
B) When subnet update, if enable_dhcp is changing to True and there are no
more IPs in allocation_pools, the request should be denied.
Change-Id: I2e4a4d5841b9ad908f02b7d0795cba07596c023d
Co-authored-by: Andrew Boik <dboik at cisco.com>
Closes-Bug: #1443798
(cherry picked from commit 0c1f96ad5a6606c1205bd50ea944c3a383892cde)
commit cbfb3e487d97998ec49d7faa751bc26202da7d0e
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Apr 20 22:26:22 2015 -0700
Only update MTU in update code for MTU
The ML2 create_network_db was re-passing in the entire network
with extensions like vlan_transparency present that was causing
issues in the base update function it was calling.
This corrects the behavior by having it only update the MTU, which
is the only thing it was intending to update in the first place.
Change-Id: I723c5c138e0830de98f6024c7635ec65065e9346
Closes-Bug: #1446784
(cherry picked from commit f85de393c469d1e649a1c1e5ee1b683246442351)
commit 9bc812e92fb27b297ccfe960267dcab173aea6c9
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Thu Apr 23 02:15:06 2015 +0000
Updated from global requirements
Change-Id: I514c65fac38ef0e534e7401a5f3643b1906adea7
commit 407be289360ec6dabbbe14d9b18dae7c9fa2db79
Author: Kawaguchi <ken-kawaguchi at vt.jp.nec.com>
Date: Tue Apr 21 13:27:52 2015 +0900
Fix typo acomplished => accomplished
Change-Id: I73722e9984917a5a8c4e74207cf14d4040a7cf2f
Related-Bug: #1390035
commit b339391bcb223c0f03d30f36dea47d13adb12c71
Author: mathieu-rohon <mathieu.rohon at gmail.com>
Date: Sat Mar 7 13:30:49 2015 +0100
ML2: Change port status only when it's bound to the host
Currently, nothing prevents the port status to be changed to BUILD
state when get_device_details() is sent by a host that doesn't own
the port.
In some cases the port might stay in BUILD state.
This could happen during a live-migration, or for multi-hosted ports
such as HA ports.
This commit allows the port status modification only if the port
is bound to the host that is asking for it.
Closes-Bug: #1439857
Closes-Bug: #1438040
Closes-Bug: #1416933
Change-Id: I9b3673f453abbafaaa4f78542fcfebe8dc93f2bb
(cherry picked from commit 9b53b82ce7dad551ebc0f02ff667d5345fb7e139)
commit f7ae3a04b541767c638fc4c8ff1e0db78ab94996
Author: Andreas Jaeger <aj at suse.de>
Date: Mon Apr 20 11:07:37 2015 +0200
Release Import of Translations from Transifex
Manual import of Translations from Transifex. This change also removes
all po files that are less than 66 per cent translated since such
partially translated files will not help users.
This updates also recreates all pot (translation source files) to
reflect the state of the repository.
This change needs to be done manually since the automatic import does
not handle the proposed branches and we need to sync with latest
translations.
Change-Id: I1b7bd1773bcd12ab282e77ee0dc41c27846fb66b
commit e2f6902315de76a1020aa87ea161c8fdc6697ed7
Author: Swaminathan Vasudevan <swaminathan.vasudevan at hp.com>
Date: Tue Apr 14 21:34:33 2015 -0700
Fixes race condition and boosts the scheduling performance
This patch fixes a race-condition that occurs when the
scheduler tries to check for dvr serviceable ports before
it schedules a router when a subnet is associated with
a router.
Sometimes the dhcp port creation is delayed and so the
router is not scheduled to the l3-agent.
Also it boosts the scheduling performance on dvr-snat
node for scheduling a router.
This patch will provide a work around to fix this race
condition and to boost the scheduling performance
by scheduling a router on a dvr-snat when
dhcp is enabled on the provided subnet, instead of checking
all the available ports on the subnet.
Closes-Bug: #1442494
Change-Id: I089fefdd8535bdc9ed90b3230438ab0bfb6aab4f
(cherry picked from commit c65d3ab6ad4589e6e4a6b488d2eb5d1e4cfee138)
commit a6b2c22dcea73754dbfd0ef39c60ad28ab2dbb73
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Mar 30 23:52:56 2015 -0700
Set IPset hash type to 'net' instead of 'ip'
The previous hash type was 'ip' and this caused a major
issue with the allowed address pairs extension since it
results in CIDRs being passed to ipset. When the hash type
is 'ip', a CIDR is completely enumerated into all of its
addresses so 10.100.0.0/16 results in ~65k entries. This
meant a single allowed_address_pairs entry could easily
exhaust an entire set.
This patch changes the hash type to 'net', which is designed
to handle a CIDRs as a single entry.
This patch also changes the names of the ipsets because
creating an ipset with different parameters will cause an
error and our ipset manager code isn't robust enough to handle
that at this time. There is another ongoing patch to fix
that but it won't be ready in time.[1]
The related bug was closed by increasing the set limit, which
did alleviate the problem. However, this change would also
address the issue because the gate tests run an allowed address
pairs extension test with the CIDR mentioned above.
1. I59e2e1c090cb95ee1bd14dbb53b6ff2c5e2713fd
Related-Bug: #1439817
Closes-Bug: #1444397
Change-Id: I8177699b157cd3eac46e2f481f47b5d966c49b07
(cherry picked from commit a38b5df5cd3c47672705aad4c30e789ae11ec958)
commit 8b8095e43a143426c501669167490d7867a55749
Author: Kevin Benton <blak111 at gmail.com>
Date: Tue Mar 31 08:53:56 2015 -0700
Revert "Add ipset element and hashsize tunables"
This reverts commit b5b919a7a3569ccb93c3d7d523c1edfaeddb7cb9.
The current ipset manager code isn't robust enough to handle
ipsets that already exist with different parameters. This reverts
the ability to change the parameters so we don't break upgrades
to Kilo.
Conflicts:
neutron/agent/linux/ipset_manager.py
neutron/tests/unit/agent/linux/test_ipset_manager.py
Change-Id: I538714df52424f0502cb75daea310517d1142c42
Closes-Bug: #1444201
(cherry picked from commit 03be14a569d240865dabff8b4c30385abf1dbe62)
commit 2add4e5ad4d12c817737d04ddb973b3aeeb25af3
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Apr 16 16:27:38 2015 -0700
Update .gitreview to point to stable/kilo
This is the stable/kilo branch. When people make changes
here it's highly likely that they want to propose them
to stable/kilo on gerrit.
Change-Id: Ie61a9f0c0b0b4896da33a201e42b1c4bc4bae49b
commit ffc48f286e1756302d9259dc514dd562d3c251ba
Author: Henry Gessau <gessau at cisco.com>
Date: Thu Apr 16 13:38:46 2015 -0400
Add Kilo release milestone
Change-Id: Id7d969c92b7c757b766760681357ac13c8079ca3
commit 1dc98e414f200a78a6b1dc78f222c588646e6935
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Thu Apr 9 10:32:33 2015 -0400
IPv6 SLAAC subnet create should update ports on net
If ports are first created on a network, and then an IPv6 SLAAC
or DHCPv6-stateless subnet is created on that network, then the
ports created prior to the subnet create are not getting
automatically updated (associated) with addresses for the
SLAAC/DHCPv6-stateless subnet, as required.
Change-Id: I88d04a13ce5b8ed4c88eac734e589e8a90e986a0
Closes-Bug: 1427474
Closes-Bug: 1441382
Closes-Bug: 1440183
(cherry picked from commit bd1044ba0e9d7d0f4752c891ac340b115f0019c4)
commit 55536a4ecb6c71e5451b8a9664d87e32146f071d
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Fri Apr 10 15:07:33 2015 +0200
Removed ml2_conf_odl.ini config file
The file is already packaged into decomposed networking-odl repo [1].
[1]: https://git.openstack.org/cgit/stackforge/networking-odl/tree/etc/neutron/plugins/ml2/ml2_conf_odl.ini
Closes-Bug: #1442615
Change-Id: Ic280454190aab4e3b881cde15a882808b652861e
(cherry picked from commit b3334eca0ae9f9c64ccd646035e69081f669e3e4)
commit 40783cee5e520173a4cc37c23dd97be2d37b65fd
Author: Angus Lees <gus at inodes.org>
Date: Mon Mar 2 17:06:54 2015 +1100
Ensure tests run under python2.7
tox uses whatever python version that tox ran with as the default python
version for environments (py27,py3x, etc are given a more specific
default).
Debian's python-tox (for example) uses python3, but we require python2.7
- and a naive `apt-get install python-tox; tox -epep8` fails with
py3-related errors on Debian.
This change explicitly sets `basepython = python2.7` in several testing
environments that would otherwise have used the default basepython.
Change-Id: I377ac6d72dec5b85c105d8a1a74f6974efb84dcf
** Tags added: in-feature-qos
** Bug watch added: Python Roundup #21239
http://bugs.python.org/issue21239
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1334926
Title:
floatingip still working once connected even after it is disociated
Status in OpenStack Neutron (virtual network service):
Fix Released
Status in neutron icehouse series:
Fix Released
Status in OpenStack Security Notes:
Fix Released
Bug description:
After we create an SSH connection to a VM via its floating ip, even
though we have removed the floating ip association, we can still
access the VM via that connection. Namely, SSH is not disconnected
when the floating ip is not valid
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1334926/+subscriptions
More information about the Openstack-security
mailing list