[Openstack-security] [openstack/neutron] SecurityImpact review request change I3ac12f10f733e85c2352052e9d29b853e0799842
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Fri May 22 17:05:50 UTC 2015
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/185072
Log:
commit 84fb6660a337e5e1f515b600ac8c22c6fdf82ec9
Author: Anand Shanmugam <anand1712 at gmail.com>
Date: Thu May 21 02:03:33 2015 -0700
Adding loadbalanacerv2 device owner constant to neutron constants
The neutron constants doesn't have the constant for device owner
lbaasv2. This fix adds the constant. This is needed for the bug 1430394
as we need to check the device owner when the port is to be deleted.
Partial-Bug: #1430394
Change-Id: I222a9f44c5ed6c879feb2fb9e04047ae8f2c7745
commit 6c1cb05302f369b3105cea73cb86a00018ada6be
Author: Cyril Roelandt <cyril.roelandt at enovance.com>
Date: Wed May 20 15:09:13 2015 +0200
Python 3: use six.string_types instead of basestring
In Python 3, there is no "basestring". In Python 3, "six.string_types" is
"basestring", and "str" in Python 3.
Change-Id: Ic22e932cbf3c4b75cd424f4b41428da869f197cf
Blueprint: neutron-python3
commit 86d5944fcc2f44aac7cd786ea429f942fc5cb66e
Author: Sripriya <sseetha at brocade.com>
Date: Wed May 20 17:24:16 2015 -0700
Fix minor errors in the Vyatta L3 Plugin:
update management_network to management_network_id in vrouter.ini
Fix copyright header to refer to Brocade in vrouter_neutron_plugin.py
Fix neutron.service_plugins brocade_vyatta_l3 entry in setup.cfg
Change-Id: Ib9eb4a825454d99607deca61ceeb7acb43a9b248
Closes-Bug: #1457235
commit 29ea6436070762d38d17d9a34968bed8651b7c4b
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Wed May 20 23:17:19 2015 +0200
Remove middleware oslo-incubator module
The module was used during Kilo cycle to provide backwards compatibility
for users that upgrade to the release without updating their
api-paste.ini. We have issued the deprecation warning for a cycle now,
so we should be ok to just drop the compatibility layer.
Note that the change may require a notion in release notes to make sure
everyone is notified, even if they don't look through their logs.
DocImpact
Change-Id: I41693f4613b5a69a01a33e54f90e82177f42e1af
commit 12889f70e1ae547598f4c663e9da5b9bb03e347e
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri May 15 19:44:16 2015 -0700
Match order of iptables arguments to iptables-save
The way we were forming our iptables rules was not matching
the output of iptables-save. This caused the logic that preserves
counters to miss many of the rules.
This patch corrects the order for the comments and the allowed address
pairs to match the output order of iptables-save.
Closes-Bug: #1456823
Change-Id: I34c2249d0865485578767865c82414e1d813d563
commit fdf7107dece3c9ac891750c6752ccaf8d8403101
Author: Gary Kotton <gkotton at vmware.com>
Date: Fri May 15 08:12:54 2015 -0700
VMware NSXV: update configuration file
Update the configuration file to show the variables for configuring
the Edge username and password. This is very useful for administrators
when they wish to debug issues.
Change-Id: I7340b3b408a6edaf9b4b307909631e628befe921
commit 5836bbca83845fd78200c083465601d2558cdac2
Author: Adrien Vergé <adrienverge at gmail.com>
Date: Tue May 19 11:05:27 2015 +0200
Python 3: Use six.moves.range
The function `xrange` was renamed to `range` in Python 3.
* Remove `xrange` occurences so that Python 3 tests can pass. Use
`six.moves.range` instead to get the right function in both cases.
* Generalize the use of the efficient `range` (ex-`xrange`) in
critical sections (when iterating over large lists).
* Simplify code.
* Add a hacking check to prevent future usage of `xrange`.
Change-Id: I080acaaa1d4753619fbbb76dddba6d946d84e73f
Partially implements: blueprint neutron-python3
commit a52ce62845c899407879e8afbac611fa78eac769
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Thu Mar 19 04:59:48 2015 +0400
Use convenience method from db api to create nested transaction
Instead of dealing with conditional nesting, use method that
creates nested transaction if possible.
Change-Id: Icb1fbd5d35dcbecce54426b9ef1e1be18b706d8b
commit d89ee0b995259216cf4fdef6ad1afe315e3f549f
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Mon May 18 14:51:05 2015 -0700
Remove a unused Context class
This class in neutron.tests.unit.plugins.opencontrail.test_contrail.plugin
is not used anywhere and has no future development purpose.
Change-Id: Ibf149c5392b97f2aa33ccfc97c8ad6377f34bfee
commit bf71868ba809587b72da68b8cd4c248cf33990a1
Author: Assaf Muller <amuller at redhat.com>
Date: Fri May 15 17:58:13 2015 -0400
Optimize IptablesManager._find_last_entry
As it turns out calling .strip() thousands of times can be expensive.
I'll defer to security groups and iptables experts to try and find ways
to call the method less often, cache the results, or any other clever
trick.
Moving strip to the return statement speeds up the method by more than
x2.
Change-Id: I7522c6db50c76274bef93e0f0ea6a78d508b7fbe
Related-Bug: #1455675
commit 274713450c4f4cc1f5c466e153b72c9764dd96c9
Author: Angus Lees <gus at inodes.org>
Date: Tue Apr 21 11:04:33 2015 +1000
Take Daemon stdin/stdout/stderr args as file objects
Previously Daemon constructor took stdin/stdout/stderr as
paths (defaulting to '/dev/null') and opened them as regular files.
This greatly limits the type of filehandles supported (no pipes, for
example), and doesn't allow simple things like reusing existing fds.
This change switches to accepting file objects rather than strings,
and uses a sentinal value to represent the previous "open /dev/null"
default behaviour.
Change-Id: I51b36ce912194abd89ed46fad9943802f271444a
commit c7cffb66824f18b8bd04c588aae9a0ad6494f2e8
Author: Jeremy Stanley <fungi at yuggoth.org>
Date: Thu May 14 21:38:20 2015 +0000
Replace ci.o.o links with docs.o.o/infra
The http://ci.openstack.org/ documentation site has been deprecated,
replaced by redirects to corresponding paths within
http://docs.openstack.org/infra/ where other Project Infrastructure
documentation already resides.
Change-Id: I5b7d2d6699084cce38a4d1a84ebfc42f8a53624e
commit 750ae6979d920007dc87701cb69db82d72f99fd7
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Tue May 5 14:32:21 2015 +0200
Refactor initialize() of sriov mech driver
This patch rewrites checking correctness of supported_pci_vendor_devs
config value from C-style to Python-style. Patch also adds some tests
for wrong values passed.
Change-Id: I90855d665ab8d42c4dd26b91d2e8b63feef122f4
commit ce95331c6b7f811d6e12f6c0e7ca7a5e5ed8e140
Author: Assaf Muller <amuller at redhat.com>
Date: Wed Apr 29 13:23:57 2015 -0400
Centralized register_OVS_agent in tests
This will allow the helper to be used for new DVR and l2pop
unit tests.
Change-Id: Iabf2e94c2b2d91f68fe016695fc56831c1aa13e1
commit 6deed4363b6765093d0f3731f40c428810940f9b
Author: Oleg Bondarev <obondarev at mirantis.com>
Date: Thu May 14 15:03:54 2015 +0300
Don't pass namespace name in disable_isolated_metadata_proxy
It's not always possible/convenient to get namespace name
when need to disable some process (like metadata process for stale
router, see related bug). Since namespace name is not required
for process manager to disable process we can remove this parameter
from disable_isolated_metadata_proxy()
Change-Id: I0e0da01d9640aa9920f41989804fc6f320c1c1eb
Related-Bug: #1455042
commit d4a39439727055fed2cc0661f1ba02c73fd523dc
Author: Moshe Levi <moshele at mellanox.com>
Date: Wed Apr 22 14:17:28 2015 +0300
Add client id option support to dhcp agent
According to the dnsmasq man client id option should be
written to dhcp-hostsfile and not to the dhcp-optsfile.
Also this patch update the dhcp_release command to take
into account the client id when releasing old leases.
Closes-Bug: #1447105
Change-Id: I6f11b12040ad4e00ae871be45edda3b52b4ee0da
commit f3f2e59ae76ab2a52ee448bf53722be5503f0d43
Author: ankitagrawal <ankit11.agrawal at nttdata.com>
Date: Thu May 14 02:06:39 2015 -0700
Remove use of contextlib.nested
Removed use of contextlib.nested call from codebase, as it has been
deprecated since Python 2.7.
There are also known issues with contextlib.nested that were addressed
by the native support for multiple "with" variables. For instance, if
the first object is created but the second one throws an exception,
the first object's __exit__ is never called. For more information see
https://docs.python.org/2/library/contextlib.html#contextlib.nested
contextlib.nested is also not compatible with Python 3.
Multi-patch set for easier chunks. This one addresses the
neutron/tests/unit/agent/test_securitygroups_rpc.py tests.
Line continuation markers (e.g. '\') had to be used or syntax
errors were thrown. While using parentheses is the preferred way
for multiple line statements, but in case of long with statements
backslashes are acceptable.
Partial-Bug: 1428424
Change-Id: Ia66b98423b14fc7d1bbf6d8a673a49f798d328fa
commit c003b450b34dcbb2e67b3ffb573cf68f23eb213f
Author: shihanzhang <shihanzhang at huawei.com>
Date: Mon May 11 17:22:40 2015 +0800
Allow updating port 'binding:host_id' be None
with ml2 plugin, it should allow updating port 'binding:host_id'
be None directly, there is already a bug in nova#1441419.
Change-Id: I93e4c513e40a7cf5740dde6c658e2470788d716a
Closes-Bug: #1453715
commit 251f551a5fe8fe05cdc8c9b9cfad357245b39bb9
Author: Ryan Tidwell <ryan.tidwell at hp.com>
Date: Mon May 4 15:56:41 2015 -0700
Block subnet create when a network hosts subnets allocated from different pools
This change will ensure that all subnets with the same ip_version on a given
network have been allocated from the same subnet pool or no pool. This
provides cleaner subnet overlap detection.
Change-Id: I3c7366c69b10c202c0511126fbee6b3aac36759e
Closes-Bug: #1451559
commit 0933f26b2c9772c457bb259cff7c8f648d29f620
Author: Assaf Muller <amuller at redhat.com>
Date: Wed May 13 13:39:20 2015 -0400
Fix neutron tests
Tox updated to a new major version and changed some substitute
variables.
Change-Id: Ifd00abed7bf0a68d4d46d12230118022fa2292ef
commit c262695a31d698b75ee7e49328c324a045c365f5
Author: Henry Gessau <gessau at cisco.com>
Date: Tue Mar 31 10:54:51 2015 -0400
Allow unit tests to be run independently
Add various initializations and imports so that unit tests can be run
independently.
This change fixes the following test cases which could not be run
independently, that is running any individual unit test case by going
in to the py27 venv and running
"unit2 neutron.tests.unit.module.Class.test_case":
neutron.tests.unit.plugins.ml2.drivers.arista.test_mechanism_arista.*
neutron.tests.unit.plugins.ml2.drivers.cisco.apic.*
neutron.tests.unit.plugins.ml2.test_rpc.RpcCallbacksTestCase.*
neutron.tests.unit.services.l3_router.test_l3_apic.*
neutron.tests.unit.agent.dhcp.test_agent.TestDhcpAgentEventHandler.*
(Note that these issues are not seen when running tox because the
initializations occur when all test modules are imported for test
discovery.)
Closes-bug: 1438463
Closes-bug: 1454640
Change-Id: I681caa66b51ce9a7bfbee5dfc43d534ba0d51947
commit d2703d81f086a9c3f7bb822046794668dde8ea6b
Author: Angus Lees <gus at inodes.org>
Date: Tue Apr 21 11:00:04 2015 +1000
SystemExit is ok for child processes
DietTestCase catches SystemExit while running tests, interprets it as a
test failure, and then carry on with the next test (without exiting).
This greatly upsets forked child python processes, which may call exit()
legitimately, and expect that to result in process exit.
This change re-raises the SystemExit if the current process ID is not
the original pid.
Change-Id: Ia39a350b562b2856b5588cd73826afb3d072554f
commit 276028cca26af573c14938255e40c58358eabd4a
Author: Robert Collins <rbtcollins at hp.com>
Date: Wed May 13 07:49:15 2015 +1200
Update build hooks.
The pbr setup_hook has not been needed for a while, so remove it. The
neutron hook has been broken for a while: it places a setup_requires
build dependency on everything in neutron/__init__.py, which is
non-empty, but setup_requires is handled by easy install so we try
very hard to avoid it. Instead, we can use environment markers to
selectively include the win32 dependencies without requiring that
neutron be importable during setup.py execution. This is unusual
in OpenStack and will eventually be moved to a regular
requirements.txt dependency with the same marker - once we've finished
the integration work to make markers work properly in
requirements.txt.
Change-Id: Icdc403a3ccf06daeccf2a907a7bfeafd8dbbb5dd
commit 8d4cbb3911a4c5b38ef998b0425eab1994b3bc2d
Author: Carl Baldwin <carl.baldwin at hp.com>
Date: Tue Apr 21 21:36:33 2015 +0000
Append @randtoken to L3 agent namespaces in full stack tests
Change-Id: Ib180a5836f653385ec2877c50fbca6f850eff351
Closes-Bug: #1446261
commit 39af7fb15ef5abe9402d80da207c2c43ca905d23
Author: shihanzhang <shihanzhang at huawei.com>
Date: Fri May 8 08:51:19 2015 +0800
setup port filters when sg rules change
when security group rules change, the l2 agents which have the
ports in this security group should reload iptables, this bug
was introduced by patch#118274.
Closes-bug: #1452718
Change-Id: Idb1577128be5d8812024467f599166bc131d57ea
commit 54fc39308277d4aedc3e399286714d719ecacfbb
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Fri Apr 10 11:29:56 2015 +0200
tests: don't allow oslo.config to autodiscover config files
oslo.config makes attempts to autodiscover configuration files using
find_config_files() helper. If e.g. /etc/neutron/neutron.conf exists,
and is not readable, the following test failure can be experienced:
oslo_config.cfg.ConfigFilesPermissionDeniedError: Failed to open some
config files: /etc/neutron/neutron.conf
Unit tests must not rely on any external state of the system and run
successfully no matter whether neutron is actually installed on the
system, or not.
Closes-Bug: #1442543
Change-Id: Ic90d8c40b2072fdda152703b84081719936b5f4e
commit 3488559abaaffe28b0831689288938261a458adc
Author: Moshe Levi <moshele at mellanox.com>
Date: Sat May 9 18:53:59 2015 +0300
mlnx MD: mlnx_direct removal
mlnx_direct is deprecated from Juno release. sriov-nic-switch
with macvtap port is the replacement for it.
This patch removes the mlnx_direct from mlnx MD and
from the supported vif_types.
Closes-Bug: #1453410
Change-Id: I7ee528dc04cdafa27455d5f8fd18c04c858466d8
commit f3eef3c0edc8968ce9c839c723e39e5959583b22
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Mon Feb 23 13:37:47 2015 +0900
l2pop UT: Reduce code duplication in migration tests
Change-Id: Id5c2a849c242932ecfc243daef1d83f1892cbb0a
commit 922dae45d0a223f9256bdff1faa65d469cbc9275
Author: Robert Kukura <kukura at noironetworks.com>
Date: Wed Apr 1 17:11:59 2015 -0400
Add unit tests for ML2 DVR port binding and fix PortContext inconsistencies
Extends the existing ML2 port binding unit tests to cover the
distributed port bindings used for DVR. Within the test mechanism
driver, bindings are tracked per-host, and additional assertions are
added.
Fixes issues with PortContext attributes that were exposed by these
new tests. Adds new vif_type, original_vif_type, vif_details, and
original_vif_details PortContext attributes, similar to the exising
host, original_host, status, and original_status attributes, to
reflect host-specific details of distributed (or normal) port
bindings. Also fixes original_host and original_status to return None
when in the context of an operation other than an update, and fixes
original_host to reflect the specific host being bound for a
distributed port.
Closes-bug: 1453943
Closes-bug: 1453955
Change-Id: I467db0d48e4b82fdaad8d851e294e639a84a8160
commit ccc2fa44c53217c2b5c9a8ff5756571240749d4b
Author: Carl Baldwin <carl.baldwin at hp.com>
Date: Mon May 11 12:58:34 2015 -0600
Make it clear the rfe tag is lower-case
This tripped me up, I tried adding RFE to my bug and was denied.
It seems the tag was added with lower-case letters. This is fine with
me as it is consistent with most, if not all, other tags in the
project. If it stays lower-case, we should at least make the quoted
tag in the policy document lower-case.
Change-Id: I9c72a2db2a168b56b1137839f5bfc1d2068d9f0c
commit 05daedff691a78c9a7d21d082f048ecc63a42476
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Mon May 11 16:05:03 2015 +0200
Remove H305 from tox.ini pep8 ignore list
H305 is about grouping imports. It seems like we meet the requirement. I
don't think there a reason to keep it.
Change-Id: Ia2ddd467288c3c3aad39aed98eefb532b0e1d280
commit 8db41f04d54526104920f3a160203ecf7ef453b0
Author: Cyril Roelandt <cyril.roelandt at enovance.com>
Date: Thu May 7 13:00:38 2015 +0000
Allow users to run 'tox -epy34'
With this commit, it is possible to successfully run 'tox -epy34', even though
only a small amount of tests will actually be run. This is a required step in
making Neutron compatible with Python 3, as described in the 'Porting to Python
3' specification.
This commit:
- fixes some broken imports, while making sure they still work with Python 3;
- updates a call to gettext.install;
- adds a py34 target in tox.ini.
Change-Id: I91cc7a992d05ea85f7004d1c5a45a1c02cbf1c85
Blueprint: neutron-python3
commit a6b6e5597f32dfb0d92dc168d91e83d6daafe227
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Fri May 8 17:03:55 2015 -0700
Deprecate quota_items, register resources upon REST initialization
Register 'core' resources when the respective rest controllers are
instantiated, rather than at module load time.
Since in this way there will not be any need to iterate over
quota_items, the option is being deprecated.
This patch does not supply unit tests as the already-existing
routine for registering a resource from quota_items is being
deprecated as well (and was not covered by any unit test beforehand).
DocImpact
Change-Id: Icdb744adfd86d38363239a454ccf04f3c6b9c158
Closes-Bug: #1453322
commit 89489d2720c80c3465e36dad566aa835215fb92e
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Tue Apr 14 08:03:49 2015 +0000
Support BP:ipv6-router in Neutron HA Router
blueprint ipv6-router (ChangeID:Iaefa95f788053ded9fc9c7ff6845c3030c6fd6df),
supports an IPv6 Router where the router gateway port has no subnet.
The BP implements the following. If an external network (without any subnet)
is attached to the Neutron router, it reads the ipv6_gateway config parameter
(LLA of upstream router) from l3_agent.ini file and adds a default route that
points to this LLA. If the ipv6_gateway config value is not configured, it
would configure the gateway interface to accept router advts from upstream
router to build the default route.
For an HA router, we would have to configure keepalived to perform this
operation. This patch extends the functionality to an HA router.
Implements: blueprint ipv6-router
Change-Id: I26dc5ce9e46c74423358aa8a9559bc6c7cbdf85e
commit dcc9840684de11835625730aeca10aeaf416929b
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Sat May 9 22:56:44 2015 +0400
Catch ObjectDeletedError and skip port or subnet removal
When network is deleted service ports are deleted in the scope of
delete_network. Service ports could also be deleted by other entities
such as DHCP agent releasing dhcp port.
That could rarely lead to a race condition when port object used in
_delete_ports helper is already deleted causing ObjectDeletedError
exception.
Need to handle it and prevent object deletion in that case.
Change-Id: I531251d3211545c82a5bb7a471b7915da9b763b7
Closes-Bug: #1454408
commit 1d9fd2aec00cb85034e5a23cc1beac33c74e0110
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Mon May 11 01:34:35 2015 +0400
Randomize tunnel id query to avoid contention
When networks are created rapidly, neutron-servers compete
for segmentation ids which creates too much contention and
may lead to inability to choose available id in hardcoded amount
of attempts (11)
Randomize tunnel id selection so that condition is not hit.
Change-Id: I7068f90fe4927e6e693f8a62cb704213b2da2920
Related-Bug: #1382064
Closes-Bug: #1454434
commit c9284827eeec90a253157286214bc1d17771db24
Author: Henry Gessau <gessau at cisco.com>
Date: Mon Apr 20 14:50:50 2015 -0400
Remove skip of service-type management API test
Advanced services split is complete so remove the skip
for the service-type management API test.
(Yes, there is only one placeholder test. More tests
need to be developed.)
Also remove the obsolete 'JSON' suffix from the test
class.
Closes-bug: 1400370
Change-Id: I5b4b8a67b24595568ea13bc400c1f5fce6d40f28
commit 62ccf394c21eed132277b87b2428632efb07f1b0
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Sun May 10 06:15:11 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I879a3f7c7b0e970c91ef23b118f09ade99ceffc2
commit e833d33db199b6e8ca9f1877b2fd7914f376b433
Author: Kevin Benton <blak111 at gmail.com>
Date: Sat May 2 05:08:26 2015 -0700
Add capability to wait for IPv6 address in ip_lib
When an IPv6 address is added to an interface, it
goes into a tentative state for a couple of seconds
for duplicate address detection. During this time,
use of the address will fail. This is an issue for
functional tests where they may add an address to
an interface and then immediately run a ping and
expect success.
This patch adds a new wait_until_address_ready function
to ip_lib that will poll the interface every 200 ms until
the status transitions off of tentative or until a time limit
is exceeded. If the time limit is exceeded, it will raise an
exception.
It also adds unit tests and updates a functional test to
make use of the new feature.
Change-Id: I2fa51e3f55847f7b5062bec0c1c666f5c11364d5
commit 9c857dab6289047a272a4519479903c92a84dc4c
Author: Sukhdev Kapur <sukhdev at aristanetworks.com>
Date: Fri May 8 17:19:58 2015 -0700
remove router interface on Arista L3 plugin fails
The failure is because of mismatch of the
parameters to _validate_interface_info(). This patch removes
this code as it can be inherited from upstream
Change-Id: I5a92c6d05876e9ab5201e8fac018433eeb5c89e4
Closes-Bug: #1453323
commit 801dedebbfc7ff4ae6421c793a1154ca0d169e6c
Author: Assaf Muller <amuller at redhat.com>
Date: Fri May 1 13:29:26 2015 -0400
Extenuate register_dhcp_agent code duplication in tests
Non-obvious changes:
* Change helpers.register_agent to use a slimmed down version
of a plugin that knows how to register an agent. This allows
the helper to be used with tests that do not register a core
plugin.
Change-Id: Iefb1af676af6a984b01cdc1e9050541dffb5951a
commit 11cefbe5a38113cf8d782d3f0a9f52e2003d1c36
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Fri Apr 17 19:09:06 2015 +0000
Fix typos related to IPv6 use-cases
Change-Id: I8ede289ded70d2820a39c13a4cbfdaae570f699c
commit 6b4d006344e38dcbbc0048b17ca41af16e13e5a2
Author: Sergey Belous <sbelous at mirantis.com>
Date: Thu Jan 15 18:19:51 2015 +0300
Refactor checks for device existence
The code calling driver.plug() shouldn't check for the device existence,
it's a duplicate and it's an expensive call.
Move check for device existence to base LinuxInterfaceDriver.plug()
to remove code duplication. Make plug_new() abstract instead.
Change-Id: Id118a64012ad10b197ba681ce5f1b2742eb135b4
Closes-Bug:1348703
commit 9fd685a322107c2523f58d3653828118d67641a2
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Thu May 7 23:32:27 2015 +0000
Updated from global requirements
Change-Id: Iecf009725214efa30e42f62d14e4ef920d6ce4a1
commit 3a1175b88a436eecf00b8f04e5cc9f5cbce3ee06
Author: Kevin Benton <blak111 at gmail.com>
Date: Sat May 2 23:10:52 2015 -0700
Check for missing network in _bind_devices
_bind_devices was making the assumption that the ports it
was operating had local VLAN map entries for their network.
This wasn't the case when a network was deleted right before
_bind_ports was called because the VLAN was reclaimed.
This patch just checks to see if the the network ID has an entry
in the map. If not, it skips the port. The port will be handled
on the next scan_ports iteration when the agent will discover that
the port is no longer defined on the plugin and it will be placed
in the DEAD vlan.
Change-Id: Ica51d727aceb41848fec0f4edbd16916365941ee
Closes-Bug: #1452903
commit f1b4dfd52bd37ff613b0f8c9156386b6032295b2
Author: Yushiro FURUKAWA <y.furukawa_2 at jp.fujitsu.com>
Date: Tue Apr 7 10:56:55 2015 +0900
Add missed actions into policy.json
This patch adds following actions into policy.json.
1. v2.0/fw/firewall_policies/{firewall_policy_id}/insert_rule
2. v2.0/fw/firewall_policies/{firewall_policy_id}/remove_rule
Closes-Bug: #1439383
Change-Id: I8051a97852f0f1f21bf266c16a477a5e2fd32062
commit 47dd65cf986d712e9c6ca5dcf4420dfc44900b66
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Tue Apr 14 09:18:18 2015 -0400
Reuse caller's session in ML2 DB methods
This patch changes the get_port_from_device_mac() and
get_sg_ids_grouped_by_port() methods in ML2 db.py module so that
they do not create a new database session (via get_session()), but
instead reuse the session associated with the caller's context.
In order to make the session that is associated with the caller's
context available to these ML2 DB methods, the
get_ports_from_devices plugin API in securitygroups_rps_base.py
needs to be modified so that the context can be passed down to the
ML2 plugin. (A similar change is made to the get_port_from_device
plugin API for consistency.)
Change-Id: I3f990895887e156de929bd7ac3732df114dd4a4b
Closes-Bug: 1441205
commit f77c17ef9993ea8c545dc044ad2ac013a28dbc22
Author: Juergen Brendel <jbrendel at cisco.com>
Date: Thu Feb 26 13:51:04 2015 +1300
ARP spoofing patch: Data structures for rules.
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into smaller patch sets for easier review.
This patch set here includes the some classes for the maintenance of ebtable
chains and rules.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
https://review.openstack.org/#/c/70067/
Full spec can be found here: https://review.openstack.org/#/c/129090/
SecurityImpact
Change-Id: I3c66e92cbe8883dcad843ad243388def3a96dbe5
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel at cisco.com>
commit 1bfd86e1ef7148370798aa99c868d7f931fcbf78
Author: Andrew Boik <dboik at cisco.com>
Date: Wed Mar 25 16:05:41 2015 -0400
Limit router gw ports' stateful fixed IPs to one per address family
Validate a router's gateway port during a router update by ensuring
it has no more than one v4 fixed IP and one v6 (statefully-assigned)
fixed IP.
Note that there is no limit on v6 addresses from SLAAC and
DHCPv6-stateless subnets as they are automatically allocated.
Change-Id: I6a328048b99af39ab9497fd9f265d1a9b95b7148
Closes-Bug: 1438819
Partially-implements: blueprint multiple-ipv6-prefixes
commit 1612b2ad8d3f964f035ec49426c832d95e845477
Author: Kobi Samoray <ksamoray at vmware.com>
Date: Sun Apr 19 12:25:33 2015 +0300
VMWare NSXv: Metadata for distributed router
Metadata support for NSXv distributed routers is provided via DHCP Edge
appliances. In order to avoid conflicts between distributed routers and
DHCP Edges which map different networks with same CIDRs, we create a 1:1
mapping between an distributed router and a DHCP Edge.
This patch contains the data model for the above, while the implementation
is in vmware-nsx repository.
Change-Id: I324403f7d5df4861193840e05bedf7a473aea655
commit cf84ec4c10461bef6dd57b9645cb902e0c16584f
Author: Cedric Brandily <zzelle at gmail.com>
Date: Thu Oct 23 17:49:46 2014 +0200
Allow to define enable_snat default value
Currently neutron resets enable_snat attribute to True when enable_snat
is not provided in router external_gateway_info. But in some deployments
(private/enterprise clouds) such behavior is not the expected default
one as snat/nat/floating-ips is not used (at least by default).
This change defines the option enable_snat_by_default which allows
deployers to set enable_snat default value when neutron resets it. The
option default value is True for backward compatibility.
DocImpact
APIImpact
Closes-Bug: #1388858
Change-Id: I455a552230ec89fe907a087c1de8c8144b5d086e
commit 3e085ec97c4a8d77398e70c0db78ae0849dda841
Author: Kyle Mestery <mestery at mestery.com>
Date: Wed May 6 14:50:57 2015 +0000
Update the specs process for Liberty
This adds explicit wording around the fact we will not use a deadline
for specs submission during Liberty. It also adds wording around the
new requirement for a less heavy-weight template to be filled in
when submitting a spec.
Change-Id: Id54550fb4314117db8fcfea90dd0627899e80c74
commit dd9129d42cf280458301d5101a131c4c5c12abdf
Author: Matthew Thode <mthode at mthode.org>
Date: Wed May 6 14:39:20 2015 -0500
changes log level to debug for help calls
Calling help typically causes the program being called to exit non-zero.
This causes the command to be logged as an error even though it should not be.
By setting 'log_fail_as_error=False' we log to debug. This helps clean
up logs.
Change-Id: I13f9488b9bc524bb85047e9b2dcf4e8a76bd6c11
Closes-Bug: 1452425
commit 4cd1600b2548b3d15cdbc9dcc368c375d2f7fee9
Author: ankitagrawal <ankit11.agrawal at nttdata.com>
Date: Wed Mar 25 05:40:45 2015 -0700
Remove use of contextlib.nested
Removed use of contextlib.nested call from codebase, as it has been
deprecated since Python 2.7.
There are also known issues with contextlib.nested that were addressed
by the native support for multiple "with" variables. For instance, if
the first object is created but the second one throws an exception,
the first object's __exit__ is never called. For more information see
https://docs.python.org/2/library/contextlib.html#contextlib.nested
contextlib.nested is also not compatible with Python 3.
This is the first patch in a series for removing use of
contextlib.nested.
Added hacking check to catch if any new instances are added to
the codebase.
Line continuation markers (e.g. '\') had to be used or syntax
errors were thrown. While using parentheses is the preferred way
for multiple line statements, but in case of long with statements
backslashes are acceptable.
Partial-Bug: 1428424
Change-Id: I171fbdb89892a3d4548bf2ca52f4a7dd9ef8dccb
commit d7cb612b451edbcf35049a92a42e0583086e6fda
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Wed May 6 13:13:37 2015 +0200
Fix fetching prevent_arp_spoofing from cfg in neutron-sanity-check
Change-Id: I0e2ae9fb7236db3aadfc8969bd0adc1d28ea1fc7
Closes-bug: 1452241
commit a5a4ebfe5aa62c6b5f2925b9833919cd946ff488
Author: Gary Kotton <gkotton at vmware.com>
Date: Thu Apr 30 06:40:58 2015 -0700
VMware: add in router types for NSXv
The configuration file was updated to include the configuration
variable for the tenant_router_types
Change-Id: Id6d544f0d11bad3fa2fe33781a14c299f4043aff
commit 087eb159a61bcd3eb49860a23cb6ee7d12311d41
Author: Ann Kamyshnikova <akamyshnikova at mirantis.com>
Date: Thu Apr 30 15:42:06 2015 +0300
Add test for security groups
Add test that default security group name can not be updated.
Change-Id: Iff0a920122be8e19a1e1d92db33519f372a8b9b2
commit bd5373b670cdd7f21f8a1ece98fde6be9fda71ab
Author: yangxurong <yangxurong at huawei.com>
Date: Tue Aug 26 15:15:40 2014 +0800
Use iptables zone to separate different ip_conntrack
ip_conntrack causes security group rule failures when packets share
the same 5-tuple. Use iptables zone option to separate different
conntrack zone. Currently this patch only works for OVS agent.
Co-authored-by: shihanzhang <shihanzhang at huawei.com>
Change-Id: I90b4d2485e3e491f496dfb7bdee03d57f393be35
Partial-Bug: #1359523
commit 8978516e49a246fb490dad9a2a4e34f1e98afea5
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Tue May 5 00:07:15 2015 +0000
Updated from global requirements
Change-Id: Ic51f5b4e157bcc097bd42eb5607dd8223d01952d
commit a4ada8e0a980a40384c5c0fcd43b872469dcded7
Author: Paul Michali <pc at michali.net>
Date: Tue Apr 21 16:12:38 2015 -0400
Enhance configure_for_func_testing.sh for *aaS use
Modify the script so that it can be used by the *aaS functional tests.
This is done by allowing callers, namely other *aaS repos, to override
information, like the project name and virtual environment used (for
example, VPNaaS has two functional jobs with different virtual env).
Change-Id: I450273036e938a4acc9a7bc1dc193a9c207b2d58
Closes-Bug: #1446807
commit 26ef84f51ec34c20f43b3b75da3d0aa407fc3305
Author: Brian Haley <brian.haley at hp.com>
Date: Tue Apr 14 17:37:55 2015 -0400
Add IP version support to all ip_lib code
Added an ip_version argument to IpNeighCommand.show() and
IpRouteCommand.pullup_route() to match other code in the file.
Change-Id: Ifdf2abc5a77f551223bad061a1abdc88695fa5f1
commit 22c9e5421fbf7c9cdb3f919a84d4b51a30609f82
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Mon May 4 06:08:30 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I676a4c8fc05330990be3b8bfe3f123fcd897b12f
commit 26284228dfc3c5f121f869dd6b2d2a492afaf659
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 05:10:26 2015 -0700
Get all interfaces for get_snat_sync_interfaces
The get_snat_sync_interfaces method was being called for
each router individually during a sync, which resulted
in a new query to the database.
This patch eliminates that waste by querying for the snat
interfaces for all of the routers in the list at once.
Change-Id: I1e44a0cf15a70632e8b62ac89ce807a7a457747d
Partial-Bug: #1445412
commit dbe7ba1868f35af0142f78c70693ed69e6f42ca3
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Tue Apr 28 12:37:22 2015 +0900
OVS-agent: Ignore IPv6 addresses for ARP spoofing prevention
The flow rules to match on ARP headers for spoofing prevention
fail to install when an IPv6 address is used. These should be
skipped since the ARP spoofing prevention doesn't apply to IPv6.
Co-authored-by: Kevin Benton <blak111 at gmail.com>
Closes-Bug: #1449363
Change-Id: I4bb3135e62378c5c96d1ac0b646336ac9a637bde
commit 25795cbde864e249921c24561bea0e89a7024fea
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Wed Apr 15 15:07:45 2015 +0000
Remove un-used keys in keepalived tests
Change-Id: Ie1069f5ee6c7c28da67260656c4a0753b930624a
commit 9e0993b6adbc23b31e0c88cdb7404416a144420d
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Fri May 1 16:32:23 2015 -0700
Deprecate config-based Quota Driver
This patch displays a deprecation warning everytime the quota
driver neutron.quota.ConfDriver is loaded.
The driver will be removed in the "M" cycle.
Change-Id: Ifb799755bce50bb089f8df020286fd2e95c80a68
Closes-Bug: #1430523
commit d544e6daeea6447f217b5663dbb1f7976224ea2e
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Fri May 1 15:35:03 2015 -0700
Clarify stackforge/vmware-nsx is for VMware NSX suite
To avoid confusion with networking-vsphere
Change-Id: I5e787ba9d7aab75ff568baf5f5b9a6c37bf24d08
commit cc291499490cbd0f21f34310c96bfa76d4d2a2a1
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Fri May 1 20:18:50 2015 +0000
Updated from global requirements
Change-Id: I42cf4af2058c08e8e805c323a5d0b7075947c031
commit 74fd34eef8892efd8ef8a3c992e2d9e59d9b0959
Author: Matt Riedemann <mriedem at us.ibm.com>
Date: Fri May 1 08:04:00 2015 -0700
l3 agent: fix grammar in router info not found warning
This offends my delicate sensibilities...
Change-Id: I4d00747093da6c39d5dc73272efd5acbcaa3684d
commit 723162501a5e2e5f202af9d95a1b946e3d43cf96
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Wed Apr 22 19:45:57 2015 +0400
Finally let L3 and DHCP agents cleanup namespaces by default
There has been a problem with iproute package that resulted in errors
when deleting the namespaces, so deleting was turned off by default.
According to tests with iproute version 3.12.0 there is no such issue
so the option could be safely turned on by default.
DocImpact
Related-Bug: #1052535
Related-Bug: #1402739
Change-Id: I4c831f98fb2462382ef0f9216e265555186b965a
commit 661dea6b5e1861e56bfccc8ebe1ae637a70b3cbd
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Wed Apr 29 16:07:27 2015 -0700
Context: is_admin==True implies is_advsvc=True
With this change is the is_admin parameter is set to True when
creating a context, the is_advsvc property is set to True as well,
without executing a pointless check with policy engine.
Closes-Bug: #1450244
Change-Id: I0a21a82692665599260d07c00c55df18fc926eb5
commit 9a3d3764c509290999c3dee67d808ad5a433d8c7
Author: Ann Kamyshnikova <akamyshnikova at mirantis.com>
Date: Thu Apr 30 14:09:59 2015 +0300
Add some tests for floating ips
* Associate floating ip to port that has already another floating ip
* Associate floating ip with port from another tenant
Change-Id: I8da074e94526c21d4d6a6a7910052cda809a1338
commit b760fdf6640aedfcf480dd80913f4cf64bfcc51d
Author: Russell Bryant <rbryant at redhat.com>
Date: Tue Apr 21 11:53:08 2015 -0400
Add notes about official sub-projects.
There was recently a thread on openstack-dev titled "A big tent home
for Neutron backend code."
The thread began here:
http://lists.openstack.org/pipermail/openstack-dev/2015-April/062310.html
and has roughly ended up here:
http://lists.openstack.org/pipermail/openstack-dev/2015-April/062853.html
This patch is an attempt to reflect the end of that thread with
updates to docs.
Any further discussion should just continue on openstack-dev to avoid
forking the discussion between openstack-dev and gerrit.
Change-Id: I48dbe8ac69e60fbfd5e5082844004aaf9fdce539
commit b65b1e6645a48174703591f0f8bec8d79d294d9b
Author: Romil Gupta <romilg at hp.com>
Date: Thu Apr 30 01:37:34 2015 -0700
Updated ovsvapp_agent.ini in neutron
we have added the vxlan support for OVSvApp l2 Agent.
References:
https://review.openstack.org/#/c/168866/
https://review.openstack.org/#/c/175148/
https://review.openstack.org/#/c/177616/
Change-Id: I8061a1280b765e71aa682711c55c469f8425dac6
commit e1fd7a8c5d1dd683603a75244f5baf273d018fc7
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Wed Apr 29 12:04:03 2015 +0200
Don't use iterator in search for tunnel type
Changing dictionary size while using iterator causes RuntimeError. This
can happen in local vlan mapping under certain program flows. This patch
changes iteritems() to values() that returns list and thus preventing
from failure if local vlan mapping changes during creating tunnels.
Change-Id: I8a858d5c53e85f83a582f34205f9afa214cb4d58
Closes-Bug: 1449944
commit 3543d8858691c1a709127e25fc0838e054bd34ef
Author: rossella <rsblendido at suse.com>
Date: Thu Apr 23 22:57:18 2015 +0000
Remove is_active property from SimpleInterfaceMonitor
is_active property from SimpleInterfaceMonitor shadows
the method is_active inherited from AsyncProcess.
The property checks that ovsdb monitor is running and
that it received some data. When ovsdb monitor starts
it always receives data, since it processes the interfaces
present on the machine, so the flag data_received will
always be set to true right after SimpleInterfaceMonitor
starts. Considering that, is_active can be removed and
the method is_active inherited from AsyncProcess can be
used instead.
Change-Id: I05faeddd061ab45af51c044a10462c3a57593d4d
commit fc1608a6a1430253174ca3760e38ab96230bc6ef
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Wed Apr 29 19:18:14 2015 +0000
Updated from global requirements
Change-Id: Icec7a7d00ebdd07673cfdb49a46faa4c73d3908a
commit 350e2d1ee8a1e300d5ef182be152db77b65bd44c
Author: Assaf Muller <amuller at redhat.com>
Date: Tue Apr 28 11:44:16 2015 -0400
Disembowel register_l3_agent code duplication in tests
Change-Id: I32fe50ce0904ff439c615d9860782d76e94c48c3
commit 9b7beb0e29d1de3e7cc787a3c0e20d24ccb0427c
Author: Sam Betts <sam at code-smash.net>
Date: Wed Apr 29 16:15:35 2015 +0100
Ensure mocks for lla allocator _write in test_agent
The test test_create_dvr_fip_interfaces_for_restart_l3agent_case was
causing a file fip-linklocal-networks to be created when the tests are
run, this patch ensures that the correct part of the LinkLocalAllocator
is patched to prevent this in the test case.
Change-Id: Ifd0cae56324364b281a9279047b26a182b77905a
Closes-Bug: 1450090
commit 3e4e932a4d9dbfac908cf03c221b350e645d8b17
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Mar 30 11:29:44 2015 -0700
Fix _device_to_port_id for non-tap devices
This adjusts the _device_to_port_id function in ML2
to recognize other interfaces that belong to Neutron
under different name prefixes.
Adds unit tests to achieve full converage of _device_to_port_id
method.
Closes-Bug: #1443710
Change-Id: I80284ee67e5876cf5689e49e1592ca1351ae5fa1
commit 4d638cfcf6564e8e155de131c98000d0d10a7e22
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Wed Apr 29 06:14:13 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I35b81a59fe9d273742cdebf7ee3d47c23e2f5b9a
commit 6dac1d6a4b882e51102caeacd9ed8d960c22c84d
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Wed Apr 29 07:49:16 2015 +0300
Rename delete_gateway method name
Fix last comments from bug #1435012
Some comments were left out and the patch is already merged.
This patch address these comments.
Rename method and remove an unneeded comment
Change-Id: Ie087edf1fee7136eddf75ce01d4b640211445bfa
commit 5281e52512fc5b9b1017cf5c5da40cc92a7fe775
Author: Doug Hellmann <doug at doughellmann.com>
Date: Tue Apr 28 22:08:39 2015 +0000
Drop use of 'oslo' namespace package
The Oslo libraries have moved all of their code out of the 'oslo'
namespace package into per-library packages. The namespace package was
retained during kilo for backwards compatibility, but will be removed by
the liberty-2 milestone. This change removes the use of the namespace
package, replacing it with the new package names.
The patches in the libraries will be put on hold until application
patches have landed, or L2, whichever comes first. At that point, new
versions of the libraries without namespace packages will be released as
a major version update.
Please merge this patch, or an equivalent, before L2 to avoid problems
with those library releases.
Blueprint: remove-namespace-packages
https://blueprints.launchpad.net/oslo-incubator/+spec/remove-namespace-packages
Change-Id: If8a132de65ba1e57ea93f98daac66816a3cefaa8
commit 7759db3fe9396e4385fdfc01c0d86c1ce33e294f
Author: Brian Haley <brian.haley at hp.com>
Date: Tue Apr 28 16:07:47 2015 -0400
Remove 'IP' from device exception message
Message should match others of this type elsewhere, and isn't
IP-specific. Cleanup from https://review.openstack.org/#/c/168806/
Change-Id: I4cd3eb86e078f069b871b3cd08b66024682f92a6
commit dd05b8b8290e9310b77518dcf439bb1793a716a0
Author: lijianlj <lijianlj at cn.ibm.com>
Date: Thu Jan 29 14:41:20 2015 +0800
Add icmpv6 to sg_supported_protocols
support using icmpv6 (protocol num 58) in the protocol option, when creating
a security group rule.At this time, port_range_min/port_range_max represent
icmpv6 type/code, and you can use only port_range_min to specify just one type.
eg:neutron security-group-rule-create --direction ingress \
--ethertype ipv6 --protocol icmpv6 --port-range-min 134 SECURITY_GROUP
ApiImpact
DocImpact
Partial-Bug:#1427973
Change-Id: Ide4f7476cdb8a4f04f72983917ce7dbfc7be90a5
commit f6845986446601b92082c811f4181016ef0fefc8
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Mon Mar 30 10:40:36 2015 +0300
Suppress exception when trying to remove non existing device in SNAT redirect
L3 service plugin first calls to remove_router_interface from the L2 OVS agent
which delete this port from OVS and then the service plugin calls
to remove the router interface from L3 agent.
Catch the exception thrown on the delete gateway, if its due to device doesn't exists
ignore the exception
Closes-Bug: #1435012
Change-Id: Ieeaa01e7c0393f5200d1a8d2bbbc16befe7699a2
commit a5e54338770fc074e01fa88dbf909ee1af1b66b2
Author: Henry Gessau <gessau at cisco.com>
Date: Mon Apr 27 09:59:21 2015 -0400
Run radvd as root
During the refactoring of external process management radvd lost
its root privileges.
Closes-bug: 1448813
Change-Id: I84883fe81684afafac9b024282a03f447c8f825a
commit 99de7cdf700218a54fa6fc2e194cca3ccb35abd4
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Mon Apr 20 10:29:54 2015 +0000
Support multiple IPv6 prefixes on internal router ports for an HA Router
As part of BP multiple IPv6 prefixes, we can have multiple IPv6 prefixes on
router internal ports. Patch, I7d4e8194815e626f1cfa267f77a3f2475fdfa3d1, adds
the necessary support for a legacy router.
For an HA router, instead of configuring the addresses on the router internal
ports we should be updating the keepalived config file and let keepalived
configure the addresses depending on the state of the router.
Following are the observations with the current code for an HA router.
1. IPv6 addresses are configured on the router internal ports (i.e., qr-xxx)
irrespective of the state of the router. As the same IP is configured on multiple
ports you will notice dadfailed status on the ports.
2. Keepalived configuration is not updated with the new IPv6 addresses.
This patch addresses the above issues for an HA Router.
Closes-Bug: #1446161
Partially-implements: blueprint multiple-ipv6-prefixes
Change-Id: Icb9a0e4e6e5deafbdc0135ce7e6b100b1725df66
commit c27310638bff452f54086cf027c442ad2a62e65f
Author: Xu Han Peng <xuhanp at cn.ibm.com>
Date: Thu Apr 9 01:46:36 2015 -0400
Not creating HA router when not enough l3 agents
Currently a HA router can be successfully created even when
there is not enough active l3 agent. Current code only checks
existing l3 agents but does not check if the agent is already
down.
This patch fixes this problem by checking only active l3 agents
when getting the number of agents for scheduling HA router.
Closes-Bug: 1420117
Change-Id: I6c1d108db1a7c93b61c0dd0b1ffee319a411b17a
commit 682c0fdcc2faad07e82968a7a7739f2dedd7173f
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 04:54:41 2015 -0700
Eliminate extra queries used to retrieve gw_ports
The _get_sync_routers method was calling get_routers and
then getting the gateway ports from the db in a separate
get_ports call. This extra call is unnecessary since is
already an SQL relationship directly between the router
and it's gw_port.
This patch eliminates all of the additional gw_port retrieval
logic by replacing the get_routers call with a _get_collection
call to make use of the gw_port object already present on
each router object.
Change-Id: I478bfef8b0273b343aa72bcd6787a486eba4f006
Partial-Bug: #1445412
commit a80924dc3e648984873833399350ba4817f1eaa9
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 04:09:48 2015 -0700
Don't update port with host id of None
In the L3 RPC code if the host for a port is not
present, it ends up calling update_port with the
host_id set to None. This does not update the host
id at all because it's treated as an unset attribute
which leads to the same thing happening on the next
iteration. These pointless update calls are expensive
because they involve a semaphore and calls to mechanism
drivers.
This patch adjusts the logic to only send a port
update if it actually has a host to ensure is on
the port.
Change-Id: Ic55496dd2ba3abcef0a2de9fc8699c391b79fa51
Partial-Bug: #1445412
commit 51c53ea40a30e0fcfbe9e4184f63fe4c1887ed6f
Author: lzklibj <lzklibj at cn.ibm.com>
Date: Sat Mar 21 09:58:15 2015 -0700
fix l3-agent restart with last runtime fip for dvr
In DVR enabled environment, after we associated a floating
IP to a VM, when we restart L3-agent on the same compute
node, the L3-agent will miss to create rtr_fip_subnet for
router_info. The previous floating IP can still work, but
new associated floating IPs to VMs related to the same router
on this L3-agent will fail to configure and not work. This
patch will fix this.
The method create_dvr_fip_interfaces in dvr_router.py will
invoke fip_ns.create_rtr_2_fip_link, and the later one will
create rtr_fip_subnet, consider VMs related to the same router
will share the same rtr_fip_subnet, so processing here should
run only once for those VMs, once rtr_fip_subnet is created.
Current code will check dist_fip_count then decide to invoke
fip_ns.create_rtr_2_fip_link or not.
dist_fip_count should be zero if a router related VMs never
have been associated with any floating IPs before. But if a
router has floating IPs associated to its related VMs, after
it is restared, dist_fip_count will be non-zero, and this is
the point this patch try to fix. And for case rtr_fip_subnet
has been created, both dist_fip_count and is_fisrt will be
false, and fip_ns.create_rtr_2_fip_link will be no more need
to be invoked.
Change-Id: I3786eab86755a403991728ccb72d03f159ff8b63
Closes-Bug: 1434824
commit 0399bf5c8b65175d0d308a5d4a1541161cbfad7d
Author: rajeev <rajeev.grover at hp.com>
Date: Wed Feb 25 13:45:11 2015 -0500
Refactoring to adhere to coding convention
By convention, internal properties of the DvrRouter class
are initialized to None in the constructor. This patch
initializes the fip_ns property to None in order to adhere
to those guidelines
Change-Id: Ic135102a4c9372fcbbdba261f906b594e247d451
commit 4be5c2f6dc635e1139e268b078ba3c28c3bcefb6
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 04:51:26 2015 -0700
Replace unnecessary call to get_sync_routers
Replaces a call to get_sync_routers with a single-column
router DB query in a method that doesn't use any of the
gateway information get_sync_routers spends extra
time populating.
Change-Id: I35eae975209316aad6b2c97c909dce385729864d
Partial-Bug: #1445412
commit 521e036a45eeb26c72e66aae2dab1a3b383bccc5
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Sat Apr 25 00:50:25 2015 +0400
Move test_get_user_allocation*returns_none test to a proper class
Move it out of NeutronDbPluginV2TestCase so there is no test
duplication.
Change-Id: Ib01f2d651c1b0a48062656bd1f66c52481a86ad6
Closes-Bug: #1448268
commit 954b553439964b7258568c1b71d9fdfd1f5a91cb
Author: Cedric Brandily <zzelle at gmail.com>
Date: Thu Mar 5 21:43:09 2015 +0000
Replace BaseLinuxTestCase by BaseSudoTestCase
BaseLinuxTestCase provides 2 methods which are used once/three time(s),
this change inlines these methods and removes BaseLinuxTestCase and
replaces it by BaseSudoTestCase.
Change-Id: I2b60abf55193f535fc7d7637bcb2f15c6a372a87
commit e78a49c86cc00cb92bc143dc6d72747c9d875297
Author: Cedric Brandily <zzelle at gmail.com>
Date: Fri Apr 24 21:20:40 2015 +0200
Remove RecursivePermDirFixture useless cleanup
This change removes a useless cleanup in RecursivePermDirFixture:
previously RecursivePermDirFixture reverts permission changes on
directories, but the cleanup is useless as directories are provided
by TempDir.
Change-Id: I76c8dbefe3b42ec34a50fb164b9cbc25f4ac4245
commit d0d7030ce78cf3fb182a8d824b3770ab0f124d7a
Author: Carl Baldwin <carl.baldwin at hp.com>
Date: Mon Apr 20 22:15:46 2015 +0000
Utilities for building/parsing netns names to facilitate testing
Creating these utilities allows functional tests to mock them out more
easily to in order to change the namespace identification and cleanup
behavior.
Change-Id: I76cb2dc43a0ca4a7ea27c2ea71b27068b92154ce
Related-Bug: #1446261
commit e6bd3ed9c86ff493b7087c99797bfd3fb473c3a7
Author: armando-migliaccio <armamig at gmail.com>
Date: Fri Apr 24 09:27:40 2015 -0700
Fix MismatchError to nondeterministic order for list of controllers
The list of controllers returned by the ovsdb server can be in any order,
therefore we can't assert likes for likes. Assert the sorted lists instead.
Change-Id: Ice3bb8cc0b3da70f8c9aae50d8cdae2b474ff49b
Closes-bug: #1448202
commit 697c934933c9d5edcb2d9392a7626f2676d67ed7
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 24 06:52:21 2015 -0700
Add missing interface to populate subnets method
Change Ib46f685d72eb61ecbaa2869e28fb173cd6d49552 introduced
and optimization to defer the lookup of interface subnet info
until all of the router interfaces were collected. However,
it didn't add the DVR SNAT interface to the list of interfaces
to populate subnet info so it broke DVR.
This patch corrects the behavior by adding the DVR SNAT interface
to the list of ports that need subnet info populated.
Change-Id: I32054ff00bf6992c5dedd21735b6d2afd15c5fb3
commit 88510ef1b153fc548fc5bccc24e116a0882e66a8
Author: Elena Ezhova <eezhova at mirantis.com>
Date: Tue Apr 7 14:54:45 2015 +0300
Refactor socket ssl wrapping
Move socket wrapping into a separate method in order to separate
its logic from other action done in _get_socket. Now, ssl wrapping
is applied to the socket returned by _get_socket method.
Additionally checks for ssl config options are now performed during
init and not each time wrap_socket is called.
Added unit tests.
Related-Bug: #1276694
Change-Id: I706517ae351a7a681623ec91c9657a2f61cd2679
commit db9ac7e0110a0c2ef1b65213317ee8b7f1053ddc
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 24 00:35:31 2015 -0700
Don't resync on DHCP agent setup failure
There are various cases where the DHCP agent will try to
create a DHCP port for a network and there will be a failure.
This has primarily been caused by a lack of available IP addresses
in the allocation pool. Trying to fix all availability corner cases
on the server side will be very difficult due to race conditions between
multiple ports being created, the dhcp_agents_per_network parameter, etc.
This patch just stops the resync attempt on the agent side if a failure
is caused by an IP address generation problem. Future updates to the subnet
will cause another attempt so if the tenant does fix the issue they will
get DHCP service.
Change-Id: I0896730126d6dca13fe9284b4d812cfb081b6218
Closes-Bug: #1447883
commit 8a4540acac511cacb0d4f5680ce285e913f7ff50
Author: Cedric Brandily <zzelle at gmail.com>
Date: Sun Mar 1 23:05:36 2015 +0000
Replace BaseIPVethTestCase by FakeMachine
This change removes BaseIPVethTestCase class and moves Pinger class to
allow its use from a fake machine.
Change-Id: I0636f11a327e9535828e7b52e60195e52831a0b2
commit 6b6384d15ea84518238d4f34106022bef8fa85a2
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Fri Apr 24 06:13:56 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: Ib7e961af3fe219179b3c6847f8fec785ad040351
commit 27c8ad5108208afcae8494d5bb2827edb858545e
Author: Aaron Rosen <aaronorosen at gmail.com>
Date: Wed Mar 4 13:34:26 2015 -0800
Allow plugin to specify router_id
It is useful to allow the backend to specify the uuid that we want neutron to
use. We currently do this same thing for networks. This patch enables the same
behavior for routers as well.
Change-Id: If675dfd2997217886976301270ef5f773ffa7a13
commit 9274c590a78444e9157afd4d41bff566b26c9323
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Mon Dec 8 16:11:38 2014 +0000
Neutron to Drop Router Advts from VM ports
As part of Spoofing filter chain Neutron drops all the outbound
traffic where MAC/IP does not match the IP address assigned
to the VM ports (inc' allowed_address_pairs). Along with this,
we also drop traffic associated to dhcp[v6] server (i.e., do
not allow a VM to run dhcp[v6] server). Currently we do not
have any rules to drop Router Advts from VM ports. This can create
issues in the network as other devices in the network may not have
any protection for this kind of stuff.
Even if we allow RAs from the VM ports, because of the Anti-Spoofing
rules that are applied, a VM cannot act as a IPv6 router (i.e., it
cannot forward IPv6 traffic). So there is no point in allowing Router
Advts from VMs assuming that it would be useful in Service VM use-cases.
In order to properly implement IPv6 router as a Service VM, one needs
to use the port_security_extension [1] which allows us to disable
security group rules/anti-spoofing filters on the VM ports.
[1]https://review.openstack.org/#/c/99873/22/specs/kilo/ml2-ovs-portsecurity.rst
This patch disables Router Advts from VM ports.
Closes-Bug: #1372882
Change-Id: I8db5d6dbe60bf04f4e3754a886c6aa8a97a16bab
commit e2d5be1cb3094ffbfc979aa04262f3dbc43f38ec
Author: Assaf Muller <amuller at redhat.com>
Date: Thu Apr 23 13:43:29 2015 -0400
Fix L3 agent functional tests random failures
The test_ha_router_failover tests were not being unmocked. This
is because the same object was being mocked twice, but unmocked
once. The mock.patch.stopall call in the tests base class was rewinding
the value of the object from the second mock to the first mock.
Follow up tests in the same worker were using namespace
names defined via the first mock in the failover test.
Closes-Bug: #1446261
Change-Id: I8f24b8bb3a6a501dbe210c2cc67c47fa4b76257c
commit dd995ca711f642eba9a40ee7c75e48b497dab5a2
Author: Assaf Muller <amuller at redhat.com>
Date: Wed Apr 22 12:04:42 2015 -0400
Mock report_state during L3 agent functional tests
Less spam, yay!
Change-Id: I0a6162057f968511b200713359afdc54b107fc39
commit 4625c45a30ffe09fbd29c16337e64e264de75bd8
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Fri Apr 17 16:59:42 2015 -0700
Remove backward compatibility for check_is_admin
This routine in policy.py used to have a backward compatibility
check to ensure proper behaviour even when the policy.json file
did not have a specific 'context_is_admin' policy.
However, this backward compatibility check does not work. It
appears indeed that it has been broken for several release cycles;
it is also possible that actually it never worked.
When the 'context_is_admin' policy is not in the policy.json file
the enforcer simply ends up evaluating whatever is the default
policy configured there.
Therefore this patch:
- Removes the backward compatibility check, since it does not work
- Fails, for safety, check_is_admin if 'context_is_admin' policy is
not specified
- Fixeds check_is_advsvc in the same way (the backward compatibility
check never made any sense for this function)
- Fixes unit tests adding appropriate tests for check_is_admin and
check_is_advsvc
Change-Id: Ia47e5781d86a3f21b9d837c9ac70a62ac435d20b
Closes-Bug: #1445690
commit aa769e7065075df06d98c676de0bbff742cdc92a
Author: Kevin Benton <blak111 at gmail.com>
Date: Tue Apr 21 04:28:27 2015 -0700
Add weak reference test for callback manager
Adds a unit test to make sure the callback manager can
have weakly referenced functions as callbacks.
Change-Id: Ic811e8fe63bcde2d89cdb39f9a641cde1ebd9ddb
commit 2f9b0ce940099bcc82d2940b99bdc387db22d6fc
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Wed Apr 8 10:57:19 2015 +0000
Spawn RADVD only in the master HA router
Currently radvd is spawned in all the HA routers irrespective of the
state of the router. This approach has the following issues.
1. While processing the internal router ports (i.e., qr-xxx), ha_router
removes the LLA of the interface and adds it as a VIP to Keepalived conf.
Radvd daemon is spawned after this operation in the router namespace
(if the port is associated with any IPv6 subnets). Radvd notices that
qr-xxx interface does not have the LLA, so does not transmit any Router
Advts. In this state, VMs fail to acquire IPv6 addresses because of the
missing RAs. Radvd does not recover even after keepalived configures the
LLA of the interface. The only solution is to restart/reload radvd daemon.
Currently keepalived-state-change monitor does not do any radvd related
operations when a state transition happens. So we endup in this state
forever.
2. For all the routers in Backup state, qr-xxx interface does not have LLA
as it is managed by keepalived and configured only on the Master HA router.
In such agents syslog is flooded with the messages [1] and this can cause
loss of other useful info.
[1] - resetting ipv6-allrouters membership on qr-2e373555-97
This patch implements the following.
1. If the router is already in the Master state, we configure the LLA as a VIP
in keepalived conf but do not delete the LLA of the internal interface.
2. We spawn radvd only if the router is in the Master State.
3. Keepalived-state-change monitor takes care of enabling/disabling radvd upon
state transitions.
Closes-Bug: #1440699
Change-Id: I351c71d058170265bbb8b56e1f7a3430bd8828d5
commit 0c1f96ad5a6606c1205bd50ea944c3a383892cde
Author: watanabe.isao <zou.yun at jp.fujitsu.com>
Date: Wed Apr 15 15:48:08 2015 +0900
Restrict subnet create/update to avoid DHCP resync
As we know, IPs in subnet CIDR are used for
1) Broadcast port
2) Gateway port
3) DHCP port if enable_dhcp is True, or update to True
4) Others go into allocation_pools
Above 1) to 3) are created by default, which means if CIDR doesn't
have that much of IPs, subnet create/update will cause a DHCP resync.
This fix is to add some restricts to the issue:
A) When subnet create, if enable_dhcp is True, /31 and /32
cidrs are forbidden for IPv4 subnets while /127 and /128 cidrs are
forbidden for IPv6 subnets.
B) When subnet update, if enable_dhcp is changing to True and there are no
more IPs in allocation_pools, the request should be denied.
Change-Id: I2e4a4d5841b9ad908f02b7d0795cba07596c023d
Co-authored-by: Andrew Boik <dboik at cisco.com>
Closes-Bug: #1443798
commit d72572729152e709c5f7ebae2896d5f66748b59b
Author: watanabe.isao <zou.yun at jp.fujitsu.com>
Date: Thu Apr 2 10:54:56 2015 +0900
Make sure OVS restarts when Exception occurred
This fix let flows in br-tun automatically recover from an Exception,
which is an ideal situation.
Simplly improve a missed flag will make sure OVS restart properly
after we walked out of Exception loop.
Change-Id: Id0ac9399ec39fef19ce71566670ed245c681192e
Closes-Bug: #1439472
commit 8959032dfb195ba3836e50fbccecbfedb9164038
Author: armando-migliaccio <armamig at gmail.com>
Date: Tue Apr 21 16:47:09 2015 -0700
Remove dependency on weak reference for registry callbacks
The use of weakref was introduced as a preventive measure to avoid
potential OOM kills, however that limited our ability to employ
certain functions as callbacks, such as object methods (see [1] for
an example).
Since the adoption of the callback registry, it has been observed that
callbacks are generally long lived (for the entire duration of the
process they belong to), therefore this limitation appears to be too
restrictive at this point in time.
Some might argue that it's better safe than sorry, but until we
have some evidence of actual OOM kills, it's probably best to take
the bolder action of removing the adoption of weak references and
deal with the potential fallout, should it happen.
[1] https://review.openstack.org/#/c/175179/
Change-Id: Idcd0286fc4235af82901c8a17ea45bc758b62b37
commit ec408ac379108eee26d87a8d9834180db11877e0
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Wed Apr 22 13:27:53 2015 -0700
Ensure metadata network works with DVR
As DVR routers use a different type of interface, this patch
amends the DHCP agent code ensuring that a metadata proxy is
spawned when the metadata network feature is enabled on the
DHCP agent.
Change-Id: Id7f2e891c0753620a604cf6160c6b592db1aa284
Closes-Bug: #1447344
commit 16db327c8d65a13fb18538b537fdc631c256ce59
Author: Assaf Muller <amuller at redhat.com>
Date: Wed Apr 22 12:12:47 2015 -0400
Change callbacks logging from INFO to DEBUG
This is an internal implementation detail, would admins care
if internal events are being fired off successfully? What actionable
information does this present?
Change-Id: I81418c1ff529b5a8ffe60513d91f51d134a45f26
commit fc6484357c266d7e6111afd0003a6ff3daec9022
Author: Assaf Muller <amuller at redhat.com>
Date: Mon Apr 20 11:53:41 2015 -0400
Fix DVR functional tests resources leak
Change-Id: I882bd9127a61de7e016abfca53d22b01cbf57835
Closes-Bug: #1446288
commit 35acb27da0a762184129d97d43a7b93c9daddf91
Author: Brent Eagles <beagles at redhat.com>
Date: Tue Feb 17 13:45:25 2015 -0330
Refactor RESOURCE_ATTRIBUTE_MAP cleanup
This patch adds a AttributeMapMemento class that can be used for
restoring the RESOURCE_ATTRIBUTE_MAP on test tear down. Tests containing
their own cleanup code have been modified to use it instead.
Change-Id: I7ce5182bdfb8f541741a327feada63a29ddac2ae
commit 3b537033206a6321fe0f8300ce284ef518ac348c
Author: Robert Li <baoli at cisco.com>
Date: Tue Apr 21 15:58:00 2015 -0400
remove metadata_proxy_local filters for rootwrap
With the dependent patch Iade8b5b09bb53018485c85f8372fb94dbc2ad2da,
/usr/local/bin is added to exec_dirs in rootwrap.conf. Therefore, these
filters are no longer needed for devstack use case.
Depends-On: Iade8b5b09bb53018485c85f8372fb94dbc2ad2da
Change-Id: I98bff3cc679dfe19315f2b9b028ff48e4296e0de
commit 0109578a8ec07f743f7e2b654007e17f145ea20f
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Sat Apr 18 15:31:44 2015 +0400
Fix incorrect query for user ip allocations
Previously the query was fetching an IPAllocation object incorrectly
relying on the fact that it has port attribute that should be
join-loaded when it really is not.
Incorrect query produced by previous code:
SELECT ipallocations.port_id AS ipallocations_port_id,
ipallocations.ip_address AS ipallocations_ip_address,
ipallocations.subnet_id AS ipallocations_subnet_id,
ipallocations.network_id AS ipallocations_network_id
FROM ipallocations, ports
WHERE ipallocations.subnet_id = :subnet_id_1
AND ports.device_owner NOT IN (:device_owner_1)
The query then may have produced results that don't satisfy
the condition intended by the code.
Query produced by the fixed code:
SELECT ipallocations.port_id AS ipallocations_port_id,
ipallocations.ip_address AS ipallocations_ip_address,
ipallocations.subnet_id AS ipallocations_subnet_id,
ipallocations.network_id AS ipallocations_network_id
FROM ipallocations JOIN ports ON ports.id = ipallocations.port_id
WHERE ipallocations.subnet_id = :subnet_id_1
AND ports.device_owner NOT IN (:device_owner_1)
Change-Id: I34682df784e30e3ce49ee48c690f8b799ad58149
Closes-Bug: #1357055
commit 7743e571cd15ec50a35a34dc3cc668702c54393d
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Wed Apr 22 04:14:42 2015 +0400
OOP naming cleanup in l3_dvr_db
Start protected method names with underscore.
Closes-Bug: #1446911
Change-Id: Iddf4f467118e40eb5b4bfe18bde00aa9d34b2ec4
commit 2414834ffeb8ba7ce2401236d01c88702fec5a14
Author: Édouard Thuleau <edouard.thuleau at cloudwatt.com>
Date: Tue Feb 10 13:43:34 2015 +1300
ARP spoofing patch: Low level ebtables integration
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.
The complete patch is broken into a set of smaller patches for easier review.
This patch here is th first of the series and includes the low-level ebtables
integration, unit and functional tests.
Note:
This commit is based greatly on an original, now abandoned patch,
presented for review here:
https://review.openstack.org/#/c/70067/
Full spec can be found here:
https://review.openstack.org/#/c/129090/
SecurityImpact
Change-Id: I9ef57a86b1a1c1fa4ba1a034c920f23cb40072c0
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel at cisco.com>
commit 4000b18275112a0c9e3aa055fbaea634ac89a382
Author: Maru Newby <marun at redhat.com>
Date: Fri Apr 17 23:49:09 2015 +0000
Fix test discovery for api and functional paths
The use of the builtin unittest test loader was silently dropping tests
that couldn't be imported.
This change also drops the retargetable path from discovery in the api
path due to a previously-masked configuration problem, and fixes an
invalid import in a functional testing fixture module.
Fullstack tests are also disabled temporarily pending a fix for #1446261.
Change-Id: Ie44e45c117bd864538e7919dfcf499091fde7752
Related-Bug: #1440834
Related-Bug: #1443480
Closes-Bug: #1446405
commit 927399c011409b7d152b7670b896f15eee7d0db3
Author: Kevin Benton <blak111 at gmail.com>
Date: Tue Apr 21 02:01:39 2015 -0700
Block allowed address pairs on other tenants' net
Don't allow tenants to use the allowed address pairs extension
when they are attaching a port to a network that does not belong
to them.
This is done because allowed address pairs can allow things like
ARP spoofing and all tenants attached to a shared network might not
implicitly trust each other.
Change-Id: Ie6c3e8ad04103804e40f2b043202387385e62ca5
Closes-Bug: #1447242
commit 3b74095a935f6d2027e6bf04cc4aa21f8a1b46f2
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Apr 20 17:06:38 2015 +0200
tests: confirm that _output_hosts_file does not log too often
I3ad7864eeb2f959549ed356a1e34fa18804395cc didn't include any regression unit
tests to validate that the method won't ever log too often again,
reintroducing performance drop in later patches. It didn't play well
with stable backports of the fix, where context was lost when doing the
backport, that left the bug unfixed in stable/juno even though the patch
was merged there [1].
The patch adds an explicit note in the code that suggests not to add new
log messages inside the loop to avoid regression, and a unit test was
added to capture it.
Once the test is merged in master, it will be proposed for stable/juno
inclusion, with additional changes that would fix the regression again.
Related-Bug: #1414218
Change-Id: I5d43021932d6a994638c348eda277dd8337cf041
commit 46a842136e93ce21936cbf28950b6f0d358c3359
Author: Henry Gessau <gessau at cisco.com>
Date: Tue Apr 21 11:35:10 2015 -0400
Fix super cleanUp for fullstack ProcessFixture
This fixes a problem where the fullstack neutro-server process
would sometimes not be stopped after tests completed.
Change-Id: Iadf9f47fc22b39144cfc6163330ca60fefc8b464
commit 868e67b480b08cc815d802cf950547c6b5ac0153
Author: armando-migliaccio <armamig at gmail.com>
Date: Thu Apr 16 12:45:32 2015 -0700
Add security groups events
ML2 mech drivers have no direct exposure to security groups,
and they can only infer them from the associated network/ports.
This is problematic as agentless ML2 mech drivers have no way of
intercepting securitygroups events and propagate the information
to their backend, or more generally, react to them.
This patch leverages the callback registry to dispatch such events
so that interested ML2 mech drivers (or any interested party like
service plugins) can be notified and react accordingly.
This patch addresses create/update/delete of security groups and
create/delete of security groups rules. Other events may be added
over time, if need be.
This patch is only about emitting the events. The actual subscription
and implementation of the event handlers will have to take place where
deemed appropriate.
Closes-bug: #1444112
Change-Id: Ifa1d7ee9c967576f824f1129dd68e6e3abd48f5c
commit 615102520c0df3952347c3e176b60c0ddc97040b
Author: Ryan Tidwell <ryan.tidwell at hp.com>
Date: Tue Apr 14 15:53:02 2015 -0700
Block subnet create with mismatched IP versions
Change-Id: Ic0a3baf0e956505999d2473ae85ebac90e0970cd
Closes-Bug: 1444146
commit d3f13320be51afd8e4fa384602eee88b6e0438a5
Author: Jakub Libosvar <libosvar at redhat.com>
Date: Tue Apr 21 16:44:58 2015 +0200
Remove neutron.tests.common.agents package
It seems like agents' package content was removed by commit
01a7ba19cf6661b1aef7d08fb748bb2470caf28f but package itself was left in
the tree.
Change-Id: I651f8010aa7c4af59ce403b099db7bc064364133
commit 9701bd479529ccc243e48fdb944c284d2921c376
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 04:46:11 2015 -0700
L3 DB: Defer port DB subnet lookups
_populate_subnets_for_ports was being called multiple
times for different interface types during the get_routers
process.
This patch eliminates those extra queries by deferring the
subnet information population until after all of the interfaces
have been looked up. Includes a function rename as well to
indicate that a function is only used internally.
Change-Id: Ib46f685d72eb61ecbaa2869e28fb173cd6d49552
Partial-bug: #1445412
commit 6cf92011143eb55adda180ffac91886566fc7826
Author: Darragh O'Reilly <darragh.oreilly at hp.com>
Date: Thu Apr 16 18:21:03 2015 +0000
lb-agent: ensure tap mtu is the same as physical device
On compute-nodes, Nova creates the bridge with the tap before
the physical is in the bridge. This causes the tap to have the
default 1500 MTU which may be different to what is on the physical.
With this patch the linuxbridge agent ensures that the MTU on the
tap device is the same as what is on the physical device.
Change-Id: Id1a4f662ec33ca0333c15eb210366bc850d0d54c
Closes-Bug: 1443607
commit f85de393c469d1e649a1c1e5ee1b683246442351
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Apr 20 22:26:22 2015 -0700
Only update MTU in update code for MTU
The ML2 create_network_db was re-passing in the entire network
with extensions like vlan_transparency present that was causing
issues in the base update function it was calling.
This corrects the behavior by having it only update the MTU, which
is the only thing it was intending to update in the first place.
Change-Id: I723c5c138e0830de98f6024c7635ec65065e9346
Closes-Bug: #1446784
commit 0cde6752f86d84541c8c10a39bb1c8b0d65e5482
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Tue Apr 21 14:07:08 2015 +0900
Revive BaseLinuxTestCase._create_namespace
It was removed by commit 7f7343b1afc0b1b953e5c36a753397a6d37316cb
but still have a few users.
Closes-Bug: #1446465
Change-Id: I2914700f17ae38a775735906931f0f616c13c602
commit 649599457e29b58ad0aec9ace990e0a2b59b05d0
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 03:53:45 2015 -0700
Defer creation of router JSON in get_routers RPC
The get_routers method in the l3 RPC code has a log.debug
statement that formats all of the router data as indented
JSON. This method can be expensive if there are hundreds
of routers being synced and it happens even if debugging
is disabled since the function call result is the parameter
to the debug statement.
This patch adds and leverages a small helper class that takes a
callable and its args and defers calling it until the __str__ method
is called on it when it's actually trying to be rendered to a string.
Change-Id: I2bfceb286ce30f2a3595381b62bdc6dd71ed8483
Partial-Bug: #1445412
commit d36940b720616ec6607c62eca50023eb00bdae01
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Thu Apr 16 13:39:55 2015 +0900
ovs_lib: Fix a race between get_port_tag_dict and port removal
get_port_tag_dict() gets a list of ports using get_port_name_list()
and then queries the db again for ports in the list.
It fails if some of ports disappeared in between.
This change fixes it by ignoring "not exist" errors in the later query.
Closes-Bug: #1444797
Change-Id: Ic54b644bb1d72a4664b70f124863d17805c26fff
commit ccd30a8cab6b91259cfb09b16a8fbbf69747cdf4
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed Oct 22 14:03:13 2014 +0200
Correct inconsistent enable_snat management
Neutron resets enable_snat attribute when external_gateway_info is
cleared but not when external_gateway_info is only updated which
implies the following sets of actions have different behaviors:
neutron router-gateway-set router1 pub1 --disable-snat
neutron router-gateway-set router1 pub2
enable_snat is False after the last command
neutron router-gateway-set router1 pub1 --disable-snat
neutron router-gateway-clear router1
neutron router-gateway-set router1 pub2
enable_snat is True after the 2nd command resets the gateway AND
enable_snat.
This change proposes to always reset the attribute enable_snat when
enable_snat is not provided in external_gateway_info on POST/PUT for
consistency.
APIImpact
Change-Id: Ibab289936c55b1cf9614b44a4f18f54c959ee9e8
Closes-Bug: #1384146
commit bde4f6f767d3da4c3eca15390ea45a934f2ff398
Author: Aaron Rosen <aaronorosen at gmail.com>
Date: Mon Apr 20 12:45:12 2015 -0700
_create_subnet_from_implicit_pool assumes external network extension
network.external is only present if one is using the external_net_db
mixin. This patch just adds a check to see network has the attribute
external to avoid an Attribute error.
Closes-bug: 1441793
Change-Id: Ic003879b557a8c7ab52268a95d08d6d710618438
commit d9e3352f9a7df6e7bc571ca1696a1ef4ca716654
Author: Assaf Muller <amuller at redhat.com>
Date: Mon Apr 20 15:15:34 2015 -0400
Log caught exceptions while deleting a router
Change-Id: I2c270f1eebf4f3c0d2cecdef457efc626e503975
Closes-Bug: #1446349
commit 7f7343b1afc0b1b953e5c36a753397a6d37316cb
Author: Cedric Brandily <zzelle at gmail.com>
Date: Sun Mar 1 22:08:58 2015 +0000
Define FakeMachine helper for functional/fullstack tests
The change defines the FakeMachine fixture/helper which emulates a
machine through a namespace with:
* a port bound to a bridge,
* an ip on the port,
* a gateway (if requested).
The FakeMachine class can be used to emulate:
* a VM for testing network features (ex: metadata service),
* an external machine for testing "external" network features (ex:
routing/natting),
* a server for low level tests of network features (ex: iptables).
The change also defines PeerMachines fixture/helper to create some fake
machines bound to a bridge.
Change-Id: I4fde1a03badd9adfd14b9124b5602331b69dda9d
commit ba05644bc888d23e571386bbaa6ae8c7597c8c98
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Mar 30 18:41:28 2015 +0200
Replace custom method call logger with oslo.log helper
oslo.log now provides a logging helper that is similar to custom neutron
helper (actually, the helper in oslo.log started from neutron version).
Now switching to library implementation.
Deprecated neutron.common.log.log
Change-Id: I85d5fc570950ff18cfdb8db20ad20b166e195299
commit e214b56da9205be7ba927142cc92e4f69ad09b01
Author: Assaf Muller <amuller at redhat.com>
Date: Mon Mar 2 11:29:51 2015 -0500
Simplify keepalived.virtual_routes
keepalived.virtual_routes previously held one list of virtual
routes of different kinds, and the HA router class manipulated
that list directly. The list held both the default gateway
virtual route, and any extra routes. This means that when adding
extra routes for example, the HA router would first have to
remove all routes that are not default gateway routes, then add
the extra routes received via RPC.
This is messy because:
a) It's needlessly complicated
b) It's fragile
c) There's zero separation of concerns (HA router should not know
how keepalived maintains its list of virtual routes)
d) It requires changes to the management of the default gateway
and virtual routes just to add another type of extra routes
This patch solves these issues by separating the persistency of
virtual routes according to their role.
Co-Authored-By: gong yong sheng <gong.yongsheng at 99cloud.net>
Related-Bug: 1414640
Change-Id: I1406b1876c3a47b110818686b42e5f2f688154fa
commit 4791746f416164f45223332a0be1b257aeeeaa9a
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Mon Feb 23 13:23:53 2015 +0900
l2pop UT: Simplify migration tests
"port2" is created but not used in the tests.
Change-Id: Ib27d32063a2b5cecc707a6aece4e604cbfecefa7
commit a6af531339c870bdc330f3343c91dce3e6757c3e
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Wed Apr 8 17:29:10 2015 +0900
l2pop UT: Expire cached db objects before reusing a session
Partial-Bug: #1441488
Change-Id: Ic22ae49d99b52e9f650ea0ed638842e7c91831af
commit 35fbe1c884f7e91a27506ec782c6d379b804f4f9
Author: Terry Wilson <twilson at redhat.com>
Date: Fri Apr 17 16:13:09 2015 -0500
Correct typo for matching non-dict ovsdb rows
As can be seen just above, the correct operator for the equality
test is '=' and not '=='. This match isn't currently being used
in the neutron code, but will be used by the OVN driver.
The previous code would also raise NotImplemented when there was
no match.
Change-Id: I17ac85d1ad68d3e207225db300f65c0df1f6e1ad
commit c65d3ab6ad4589e6e4a6b488d2eb5d1e4cfee138
Author: Swaminathan Vasudevan <swaminathan.vasudevan at hp.com>
Date: Tue Apr 14 21:34:33 2015 -0700
Fixes race condition and boosts the scheduling performance
This patch fixes a race-condition that occurs when the
scheduler tries to check for dvr serviceable ports before
it schedules a router when a subnet is associated with
a router.
Sometimes the dhcp port creation is delayed and so the
router is not scheduled to the l3-agent.
Also it boosts the scheduling performance on dvr-snat
node for scheduling a router.
This patch will provide a work around to fix this race
condition and to boost the scheduling performance
by scheduling a router on a dvr-snat when
dhcp is enabled on the provided subnet, instead of checking
all the available ports on the subnet.
Closes-Bug: #1442494
Change-Id: I089fefdd8535bdc9ed90b3230438ab0bfb6aab4f
commit 9b53b82ce7dad551ebc0f02ff667d5345fb7e139
Author: mathieu-rohon <mathieu.rohon at gmail.com>
Date: Sat Mar 7 13:30:49 2015 +0100
ML2: Change port status only when it's bound to the host
Currently, nothing prevents the port status to be changed to BUILD
state when get_device_details() is sent by a host that doesn't own
the port.
In some cases the port might stay in BUILD state.
This could happen during a live-migration, or for multi-hosted ports
such as HA ports.
This commit allows the port status modification only if the port
is bound to the host that is asking for it.
Closes-Bug: #1439857
Closes-Bug: #1438040
Closes-Bug: #1416933
Change-Id: I9b3673f453abbafaaa4f78542fcfebe8dc93f2bb
commit 3310c3c3d4c05c0d13f32f08f978ba4813e2a39a
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 04:28:58 2015 -0700
Remove double queries in l3 DB get methods
Two frequently called functions were querying the routerport table
and the corresponding ports just to get the port ID. Then they were
calling get_ports again with those port IDs, resulting in two queries
to the port table when there should have only been one.
This eliminates the second call to get_ports since all of the necessary
data hase been retrieved from the port table.
Change-Id: I806e9c380b7de048fe084b2baf4b6f92ab0edf6b
Partial-Bug: #1445412
commit 6c6d3c9cca17a788a31526bb652dcdfc7bb54326
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 04:18:56 2015 -0700
Strip unnecessary overrides in extraroute_db mixin
The extra route DB mixin seemed to be overriding the
get_router and get_routers method for no reason. They
both just called the super version of themselves with
the same arguments.
This patch just pulls those functions out. Found in
tracebacks while working on a related bug.
Change-Id: Ifd1a0676073e91104db3a13df6fe1eb2189f20f5
Related-bug: #1445412
commit 10b17a884452736a6b214bcb7705b955192a1748
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Apr 17 03:36:50 2015 -0700
Set loading strategy to joined for Routerport/Port
The RouterPort model has a relationship to the ports model which
is frequently relied on to get the port IDs of interfaces attached
to a router. However, this defaults to the loading strategy to
'select', which meant a new query was being emitted for every
interface to the ports table just to get the ID.
This patch adjusts the relationship to be 'joined' by default so
one query will fetch the related ports.
Another option would have been not to use the port object at all since
the ID is all that the callers were usually interested in. However,
they would end up using the ID to do a port lookup, which is being
optimized away in another patch anyway so the full port object from
the relationship will end up getting used.
Change-Id: Id1ae35f845f7367d5f1f065c6fa637da7b980a2b
Partial-Bug: #1445412
commit 05a9f16257c2953bf40d11ca2a2f9651ba4e86b2
Author: armando-migliaccio <armamig at gmail.com>
Date: Thu Apr 16 17:37:51 2015 -0700
Avoid double-hopping deletes for security group rules
There is no need to get and delete; we can delete with one bullet.
This will most likely have quite a decent performance benefit overall.
The patch preserves the existing logic of raising and error on the missing
element; a test was added to spur up the coverage.
Related-bug: #1444112
Change-Id: Iaef77bd3f7775ed91d374838fb5488d925b4062c
commit a38b5df5cd3c47672705aad4c30e789ae11ec958
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Mar 30 23:52:56 2015 -0700
Set IPset hash type to 'net' instead of 'ip'
The previous hash type was 'ip' and this caused a major
issue with the allowed address pairs extension since it
results in CIDRs being passed to ipset. When the hash type
is 'ip', a CIDR is completely enumerated into all of its
addresses so 10.100.0.0/16 results in ~65k entries. This
meant a single allowed_address_pairs entry could easily
exhaust an entire set.
This patch changes the hash type to 'net', which is designed
to handle a CIDRs as a single entry.
This patch also changes the names of the ipsets because
creating an ipset with different parameters will cause an
error and our ipset manager code isn't robust enough to handle
that at this time. There is another ongoing patch to fix
that but it won't be ready in time.[1]
The related bug was closed by increasing the set limit, which
did alleviate the problem. However, this change would also
address the issue because the gate tests run an allowed address
pairs extension test with the CIDR mentioned above.
1. I59e2e1c090cb95ee1bd14dbb53b6ff2c5e2713fd
Related-Bug: #1439817
Closes-Bug: #1444397
Change-Id: I8177699b157cd3eac46e2f481f47b5d966c49b07
commit decdf03c61f303fcfc82fe601beb4096d3305536
Author: Salvatore Orlando <salv.orlando at gmail.com>
Date: Thu Apr 16 11:57:37 2015 -0700
Quota model: use HasTenantId mixin
This change simply changes the Quota model class to obtain
the tenant_id from the mixin class. As the attribute in the
mixin is identical to that in the model there is no need for
a migration.
This patch also removes a reference to quota classes in the
docstring, as Neutron does not implement those. It is good
to be careful when copying and paste code.
Change-Id: Idab15d5ef2ddd2b830a7dcde46990506064535f7
Closes-Bug: #1445169
commit dd2f87ae3fabaf4c1b46cd1dba0fe035c17e767e
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Apr 15 17:35:13 2015 -0700
Clarify the init logic for the ML2 plugin
This patch cleans up the init logic for the plugin so that
we better separate the tasks required for establishing
the integration with DHCP and RPC layers.
In other words: some bikeshedding whilst dealing with bug #1444112
Change-Id: I68710ad002b0e1b5bff40baa5de343b0bd7ecea6
commit 400ac8c27c2f8408aea9d11b7ea369aead52997d
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Apr 15 17:35:13 2015 -0700
Deal with TODO related to Security Groups RPC API's classes
Change-Id: Ifb70a118cef48c3c4cd313e22e907aa47bc51ad0
commit 43b5630aaf1d5f665aaddb8d5f4d26efc24c2889
Author: Henry Gessau <gessau at cisco.com>
Date: Thu Apr 16 13:38:46 2015 -0400
Add Kilo release milestone
Change-Id: Id7d969c92b7c757b766760681357ac13c8079ca3
commit 1c25a4fe448ccd7f8f1059c3ca46e787116a311c
Author: AKamyshnikova <akamyshnikova at mirantis.com>
Date: Thu Apr 16 16:25:42 2015 +0300
Add some more comments to models/frozen.py
Some people get confused and tried to add new models in models/frozen.py
To prevent this add some more information in comments in this file.
Change-Id: Iaa52ae2a826609f94e1aa81d815ae7c082bf9204
commit ae7ab01c76c8579288096e6c6e5567e4147d78cd
Author: nfedotov <nfedotov at cisco.com>
Date: Thu Mar 19 17:45:53 2015 +0300
Two api tests for 'firewall insertion mode' feature
Some time ago the feature called 'fwaas insertion mode' was merged.
It allows to associate a firewall with routers.
The patchset adds two api tests:
* Create firewall assiciated with a router, add another router
to the firewall, remove old one
* Create firewall assoicited with a router, try to create new
firewall on the same router
Change-Id: I7c4d41189056ff6da47bc1173d3479183e58a173
commit 9e7f484adc199b424bb9a5390c8cf3ced0f77278
Author: Terry Wilson <twilson at redhat.com>
Date: Thu Mar 19 12:43:21 2015 -0500
OVS_LIB API addition - change bridge controller connection-mode
Add an API to change controller connection mode to 'out-of-band', feature
which might be useful for many projects using Openflow controller with OVS
Change-Id: If93f6858f4eed05f5f1d9bdb1667838d80c490cd
Closes-Bug: #1433208
commit da8a9a0021edfdb6f5b299462f4c3ceb09059370
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Thu Apr 16 06:13:44 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I700d3463e560d09e61f9d709b60f64b91feaa735
commit 3bbf473b49457c4afbfc23fd9f59be8aa08a257d
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Apr 15 18:20:51 2015 -0700
Drop the ovs_lib compat layer as per TODO note
Breakage documented in [1]
[1] https://wiki.openstack.org/wiki/Neutron/LibraryAPIBreakage
Change-Id: I41820faf8ef7fd00cf864da6f1a63ccb79c25fd8
commit bd1044ba0e9d7d0f4752c891ac340b115f0019c4
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Thu Apr 9 10:32:33 2015 -0400
IPv6 SLAAC subnet create should update ports on net
If ports are first created on a network, and then an IPv6 SLAAC
or DHCPv6-stateless subnet is created on that network, then the
ports created prior to the subnet create are not getting
automatically updated (associated) with addresses for the
SLAAC/DHCPv6-stateless subnet, as required.
Change-Id: I88d04a13ce5b8ed4c88eac734e589e8a90e986a0
Closes-Bug: 1427474
Closes-Bug: 1441382
Closes-Bug: 1440183
commit e20a279b28f572a6ef2a5dee6cd38b973ff98248
Author: Oleg Bondarev <obondarev at mirantis.com>
Date: Fri Apr 10 12:03:09 2015 +0300
Use 'port' instead of 'ports' to reference port from IPAllocation
'ports' is just confusing as IPAllocation can be associated
with only one port.
Closes-Bug: #1442527
Change-Id: I36bfa65956f54e4b290bb7568499a47eca7c126f
commit ae0107f95664a3430131228600446cd7269e03ad
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Wed Apr 15 09:26:54 2015 +0300
Enhance OVSDB Transaction timeout configuration
OVSDB Transaction currently takes the timeout parameter
from a context object that assume to have a vsctl_timeout attribute
This doesnt fit well for other users of this class (like OVN)
This fix configure the transaction timeout in a more common way
Change-Id: I51bb8d8fdc6d061d44af828818aaf62e187795fd
Closes-Bug: #1444277
commit 26b4e57858ef83ef9343f053c2835a95f6e6c860
Author: Aman Kumar <amank at hp.com>
Date: Fri Jan 23 01:34:00 2015 -0800
Added config variable for External Network type in ML2
Description:
With the ML2 Plugin, every network created has segments with
provider:network_types being tenant_network_types.
When applied to external networks, the types that could be in
tenant_network_types parameter (like vxlan or gre) are not appropriate.
Implementation:
Added new config variable 'external_network_type' in ml2_conf.ini
which contains the default network type for external networks
when no provider attributes are specified, by default it is None.
It also includes small code re-factoring/renaming of import statement.
DocImpact
Closes-Bug: #1328991
Co-Authored-By: Romil Gupta <romilg at hp.com>
Change-Id: Idbbe6bced73cfedbe0f8e7abba35f87589b1a004
commit a44a3789741528524106186d1382e96f62d6c376
Author: armando-migliaccio <armamig at gmail.com>
Date: Tue Apr 14 14:40:13 2015 -0700
Update decomp progress chart
This patch updates the progress chart, now that the first cycle after the
decomp started. For the fully decomposed plugins/drivers and for known
projects that integrate with Neutron, this patch proposes a new
summary table that provides a go-to reference for everything Neutron related.
Related-blueprint: core-vendor-decomposition
Change-Id: Ib79a7b6d1401f1d9241621ae03cf6692685e12b1
commit 8be4e4d5fc052655f7a968fc5016c84aca48758e
Author: Li Ma <skywalker.nick at gmail.com>
Date: Sun Apr 12 22:29:56 2015 -0700
Provide details for configure multiple DHCP agents
The help text is not that good for operation. This fix adds more
information about the option 'dhcp_agents_per_network'.
Change-Id: I955c1e9989a9c65b0ffdbbdca9113c795ec72fe6
Closes-Bug: #1370934
commit 2c3b0763bade1b9765cd83bbfe9ee6002770b6e0
Author: Assaf Muller <amuller at redhat.com>
Date: Fri Mar 27 19:31:51 2015 -0400
Stop running L3 functional tests with both OVSDB interfaces
Running the L3 functional tests with both OVSDB interfaces doubles
the run time and may discourage developers from running them
frequently during development. Since the OVSDB interfaces
are tested explicitly, I don't think the trade off is worth it
here. The L3 functional tests use OVS in a *really* trivial way
and won't catch any issues that the explicit tests won't.
Added an OVSInterfaceDriverTestCase plug functional test that runs with
both OVS interfaces to make it harder to introduce regressions.
Related-Bug: #1442272
Change-Id: I387db347fe34f8497069ddf768624bccb9d1de8b
commit cc904070cc19a050002805bb6809d778677c17fb
Author: armando-migliaccio <armamig at gmail.com>
Date: Tue Apr 14 14:41:45 2015 -0700
Fix formatting errors in TESTING.rst
There were a few errors that went undetected.
TESTING.rst:266: SEVERE: Title level inconsistent:
TESTING.rst:67: ERROR: Unknown target name: "test".
TESTING.rst:74: ERROR: Unknown target name: "test".
Change-Id: Iad225e95c23b7460d228ba5447f4a361aa68d5dc
commit 76fa87e12eb69c962dd85a3399d3dbce0c5a3271
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Mar 30 11:49:40 2015 -0700
Pass correct port ID back to RPC caller
The previous response to get_device_details calls was returning
whatever the caller requested as the port_id in the response.
This was only correct in the case where the port_id was used
directly. In cases where device names were passed in, there was
no way to retrieve the full port ID.
This corrects that behavior by using the port ID from the database
and adds tests to ensure the behavior remains correct.
Closes-Bug: #1443714
Change-Id: Ibfc7b6659a29e892dfe6e83bd9340feb40e920dd
commit 40a1f410ff45ce129c08da0cd071020c7ea338af
Author: Brian Haley <brian.haley at hp.com>
Date: Thu Apr 9 17:48:40 2015 -0400
Fix intermittent ipset_manager test failure
Change ipset_manager _refresh_set() to make a copy of the list of
IPs when creating a set, instead of using a reference, else any
change to the set could update the caller's data.
Also made the IpsetManagerTestCase classes always pass maxelem and
hashsize to the parent class.
Change-Id: I45fc716ab0952b80363b0c7dabae29cda05604dc
Closes-bug: #1442377
commit 391c1b8cc1fc6f024232bef65bb5deb77357f294
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Tue Apr 14 11:05:40 2015 -0400
Fix mock return settings in test_full_uuids_skip_port_id_lookup
In the test_full_uuids_skip_port_id_lookup test in test_security_group.py,
there are a couple of problems with how a mock return value is being set
for a database query.
The first problem is that in this line:
fmock = sess_mock.query.return_value.outerjoin.return_value.filter
there is a missing '.return_value' missing between 'sess_mock' and 'query'.
The second problem is that in this line:
fmock.return_value.all.return_value = []
the 'all.return_value' should not be used.
For reference, the query for which this mock return value is being set
is in the get_sg_ids_grouped_by_port() method in ML2's db.py:
query = session.query(models_v2.Port,
sg_db.SecurityGroupPortBinding.security_group_id)
query = query.outerjoin(sg_db.SecurityGroupPortBinding,
models_v2.Port.id == sg_binding_port)
query = query.filter(or_(*or_criteria))
This patch fixes the problems mentioned above so that the query above
returns an empty list for the test_full_uuids_skip_port_id_lookup test.
Change-Id: I2cec2c27fcdc82557c91205d202a6ac79987e92a
Closes-Bug: 1444009
commit 304d68d9741fd15c14263d978e5b0bae43cde58e
Author: John Schwarz <jschwarz at redhat.com>
Date: Tue Oct 14 14:12:35 2014 +0300
Add full-stack test
Currently, the full-stack framework has only one test which only uses
the neutron-server. This patch adds an actual test which makes sure that
once a router is created, an actual namespace is create for it. Since
this test requires 3 processes (neutron-server, l3-agent, ovs-agent),
existing full-stack code is modified to add more streamlined support for
such code.
Partially-Implements: blueprint integration-tests
Change-Id: Id5a8852d38543590b90e4bbed261a7a458071a9a
commit 833ce26860c93bc8efb446a247c916d638a040ef
Author: John Schwarz <jschwarz at redhat.com>
Date: Thu Apr 2 18:17:03 2015 +0300
create_resource should return maximum length str
Previously, get_rand_name(max_length, prefix) returned a randomized
suffix integer which was concatenated to the end of the given prefix.
Effectively, the suffix was any decimal number between 1 and
0x7fffffff, so multiple calls to the function could return strings with
different length. This is unexpected since running an already
randomized name into the same function shouldn't return a different
string.
The suggested solution is to actually fill all the space needed until
the string is 'max_length' in size. Also, a check is added to
create_resource to make sure that it only generates a new port name if
the input prefix is less than the maximum device name and if the prefix
is long enough, don't generate a random port suffix.
Change-Id: I0d5a20c676f627bce2a377e3c451043150ca734c
commit 2797efc39faca97039714d3ffb6520634bf65b74
Author: Sudipta Biswas <sbiswas7 at in.ibm.com>
Date: Wed Mar 18 23:35:57 2015 +0530
Add clock sync error detection on agent registration
For the server to determine if an agent is alive or not,
it depends on the agent's clock being mostly in sync with the server
clock. The neutron-server may reject and return the request if
there's a timestamp difference between the two nodes. Currently
there's no good way to detect this condition from the agent code.
This fix will improve the error handling
logic by writing an appropriate log in the neutron server's log
file for an early detection of the problem.
Change-Id: If884f90c4b1786cfc63d3e2ff2d66f92122258c2
Closes-Bug: #1432582
commit a22c6bdc8286e96454d6c8652a7ee5f832ce0952
Author: Assaf Muller <amuller at redhat.com>
Date: Wed Apr 8 19:13:14 2015 -0400
Log RPC initialization in L3 service plugin and ML2
Under certain conditions the messaging server may be up but
not responding. In this case the Neutron server will fail to start
silently, making it pretty hard to track down the issue without
looking through a lot of code and adding a bunch of random logging.
Change-Id: I6a562476f2789386a020db7b21b9349c4c58c30c
commit 594353722ccba27d19c693c2f77905758e46223a
Author: Angela Smith <aallen at brocade.com>
Date: Thu Apr 9 16:55:35 2015 -0400
Add block name to switch config options for MLX plug-ins.
In the INI files, the switch_names option uses a dynamic
value to determine the block names for the switch options.
In order to create proper config option reference docs,
there needs to be an example block name for the switch
options.
Change-Id: Ic5bf6de02ba1b7d1bc90ee29a5a0570fb45b9956
Closes-Bug: #1442357
commit 791d57922b00857e3f8bb753bff9499f3c4e1ab9
Author: Numan Siddique <numan.siddique at enovance.com>
Date: Mon Apr 13 20:52:33 2015 +0530
Fix the ImportErrors in l3 and dhcp scheduler functional tests
Change-Id: I5b8746d37173869f78a9c23834f10d630d2a36cd
Closes-bug: #1443480
commit db4764587ce882766d53291983bd427d422e790f
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Apr 13 15:21:46 2015 +0200
Removed jsonrpclib dependency
It was used by Arista ML2 driver that is now decomposed from the tree.
The dependency is also one of those blocking our python 3 story [1].
[1]: https://caniusepython3.com/check/ba7f2a23-8a1b-4ec9-9d85-08c7d3b05230
Change-Id: I4de422da14e382ece49987da498d2d7f424e89b4
commit 77df532e10fac3cc18d1c4c6e505af8778ab5854
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Mon Apr 13 09:41:17 2015 +0300
Additions to TESTING.rst
Small addition on how to run pep8 tests only for latest
patch set.
Change-Id: I07fa2c633d17acd1284ccd726a99a46414100ba3
commit 1642bca4d9c4fee15129f74d93300c1eab1afd29
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Thu Apr 9 01:16:18 2015 +0300
Handle race condition on subnet-delete
This fix targets quite rare case of race condition between
port creation and subnet deletion. This usually happens
during API tests that do things quickly.
DHCP port is being created after delete_subnet checks for
DHCP ports, but before it checks for IPAllocations on subnet.
The solution is to apply retrying logic, which is really necessary
as we can't fetch new IPAllocations with the same query and within
the active transaction in mysql because of REPEATABLE READ
transaction isolation.
Change-Id: Ib9da018e654cdee3b64aa38de90f171c92ee28ee
Closes-Bug: 1357055
commit 7f406805d93298d0e65d340c2a06ba0d2dd6ff76
Author: Romil Gupta <romilg at hp.com>
Date: Mon Mar 23 08:05:41 2015 -0700
Move values for network_type to plugins.common.constants.py
It is quite confusing to have values for network type in common.constants.py
instead of having in plugins.common.constants.py.
Currently, the plugins/common/constants.py consists network_type constants
like VLAN, VXLAN, GRE etc. but values for network type like ranges
are defined in common.constants.py which is not good, it is better to have
both things at the same place.
This patch set addresses the same.
Moved out few methods which are predominantly used in plugins
from common.utils.py to plugins.common.utils.py.
Removed constants which were used in neutron-fwaas from
plugins.common.constants.py: https://review.openstack.org/#/c/168709/
Closes-Bug: #1441043
Change-Id: Iecfb15c541ed5d3cce95ba48f072af7fa60ac6f1
commit aa7567e8bb4fef17f6fc1d496ac6b75f10039063
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Mon Apr 6 16:11:23 2015 +0300
allow OVSDB connection schema to be configurable
Add the schema name as a parameter to the OVSDB IDL connection.
That way other users can use this with other schemas
Change-Id: I55ab5ae4f3f937d236eee773f9717b5090c18557
Closes-Bug: #1441180
commit 596a8c4c2c7588d4085f72fd5994b2d1cc8aab9e
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Mon Apr 6 08:36:01 2015 +0300
Add OVSDB connection as a parameter to the transaction
This adds the ovsdb connection as a parameter to the transaction
in the IDL implementation.
This allows other users to use this with a different connection
Change-Id: Iedc0a836c1fc11c88de275c6714e9657b40292df
Closes-Bug: #1440638
commit 2c0ac297494cd72029fe277a2a508140745d13ad
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Mon Apr 13 14:52:33 2015 +0900
l3_rpc: Fix a comment typo
Change-Id: Ibd6a9928b84567ac6ad93077d26072d4de560a95
commit 8791f8e86dad5779d62e8d9e87d42af156b18829
Author: Terry Wilson <twilson at redhat.com>
Date: Tue Mar 24 22:16:38 2015 -0500
Fix native OVSDB db_get handling for UUID columns
The OVS IDL python library returns Row objects for uuid-containing
columns. Ensure that db_get returns UUID strings in this case.
Closes-Bug: #1438751
Change-Id: Ia842a04fcad86329825d75db57680c7f23bed350
commit c72559f32dc7cabcd5614ae07e0da2e2248c2785
Author: Brian Haley <brian.haley at hp.com>
Date: Fri Apr 10 15:51:43 2015 -0400
Move iptables and ipset config registration into modules
Do not do this on a per-object basis, but instead in the module.
Change-Id: Ib1cc604c7c0135ca62a6194d8e20a3c29d3c5ed6
Closes-bug: #1441163
commit fd162a82776d64af9abc5595d1b8d2473dfce8f2
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Mar 30 14:35:15 2015 +0200
Kill hostname validation for subnet:dns_nameservers
DNS servers that are hostnames seem like a bad idea. They are also not
supported by base_db_plugin_v2 [1] anyway, so there is no big reason to
pass them thru API validation only to receive InvalidInput later inside
plugin code.
[1]: http://git.openstack.org/cgit/openstack/neutron/tree/neutron/db/db_base_plugin_v2.py#n1049
Change-Id: I2db00fe266fe0748d0e6327fbad22fa16b751da8
Related-Bug: #1396932
commit 61aa4a57b17594bb0412f870f361a8a35ec07b62
Author: Swaminathan Vasudevan <swaminathan.vasudevan at hp.com>
Date: Wed Mar 11 12:03:42 2015 -0700
Adds DVR functional test for multi-external networks
This patch adds DVR functional test for multiple
external networks related to FIP namespace.
This test validates that FIP namespaces are created
based on the external networks associated with the
router.
Change-Id: I0f8cd352e83f8c2f04bf420a8b0dd6407de6b5ce
commit 52cd81934b6a64bda80a140446d8895413789221
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Sat Feb 28 13:48:18 2015 +0100
context: reuse base oslo.context class for to_dict()
It is need to conform to expectations of consumers that rely on
oslo.context behaviour (f.e. oslo.log that relies [1] on user_identity
field being set for context objects).
[1]: https://github.com/openstack/oslo.log/blob/master/oslo_log/_options.py#L99
Closes-Bug: #1433687
Change-Id: I95e803b96e6e3e5b8c12298dc6327b974330c639
commit 2749fd41f066dd51116c2a18198f79aa3c640156
Author: Maru Newby <marun at redhat.com>
Date: Fri Apr 10 16:01:52 2015 +0000
Fix routerid constraint migration
The migration to add a fk constraint to the routerl3agentbindings
table could fail if orphaned records existed. This change ensures
that binding records are properly sanitized before constraint
addition is attempted.
Change-Id: Iace190916c9c0b9be75ddd43c4ca86480f8e017f
Closes-Bug: #1442683
commit 476f146ce20c87e93211248eb0d0cc4d8f199f58
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Fri Apr 10 17:30:30 2015 +0200
Synced versionutils from oslo-incubator
This is needed to get access to versionutils.deprecated.LIBERTY symbol.
Change-Id: Ifda59f762fd61437088750c988f03b782045f455
commit b3334eca0ae9f9c64ccd646035e69081f669e3e4
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Fri Apr 10 15:07:33 2015 +0200
Removed ml2_conf_odl.ini config file
The file is already packaged into decomposed networking-odl repo [1].
[1]: https://git.openstack.org/cgit/stackforge/networking-odl/tree/etc/neutron/plugins/ml2/ml2_conf_odl.ini
Closes-Bug: #1442615
Change-Id: Ic280454190aab4e3b881cde15a882808b652861e
commit edbade486102a219810137d1c6b916e87475d477
Author: Stephen Ma <stephen.ma at hp.com>
Date: Tue Feb 24 23:31:33 2015 +0000
Router is not unscheduled when the last port is deleted
When checking for ports that are still in use on a DVR router,
the L3 agent scheduler makes the assumption that a port's
network must be owned by the same tenant. This isn't always
true as the admin could have created a shared network that
other tenants may use. The result of this assumption is that
the router associated with the shared network may not be
unscheduled from a VM host when the last VM (created by a
non-admin tenant) using the shared network is deleted from
the compute node.
The owner of a VM may not own all the ports of a shared
network. Other tenants may have VMs using the same shared
network running on the same compute node. Also the VM owner
may not own the router ports. In order to check whether a
router can be unscheduled from a node has to be run with
admin context so all the ports associated with router are
returned from database queries.
This patch fixes this problem by using the admin context to
make the queries needed for the DVR scheduler to make the
correct unschedule decision.
Change-Id: I45477713d7ce16f2451fa6fbe04c610388b06867
Closes-bug: #1424096
commit f4c17f529f1d83c44118927fc019257840b5f356
Author: Assaf Muller <amuller at redhat.com>
Date: Thu Apr 9 13:06:07 2015 -0400
Remove L3 report_state logging
None of the agents log this information, and the reason is that
it's not useful. Any errors are logged, successful state reports
don't give actionable information as you can see that the agent
is up in neutron agent-list anyway.
Change-Id: I109373129808984d34abdf6780b8cda8ca8982be
commit 81098620c298394e1a98127ceeba7f297db2d906
Author: Maru Newby <marun at redhat.com>
Date: Thu Apr 9 17:00:57 2015 +0000
Double functional testing timeout to 180s
The increase in ovs testing is resulting in job failure due to
timeouts in test_killed_monitor_respawns. Giving the test more
time to complete should reduce the failure rate.
Change-Id: I2ba9b1eb388bfbbebbd6b0f3edb6d5a5ae0bfead
Closes-Bug: #1442272
commit ff9c92c712be07f9fa39832debc2af7ee239515b
Author: John Perkins <john.perkins at rackspace.com>
Date: Wed Apr 8 12:24:03 2015 -0500
Non-json body on POST 500's
If the body of a POST request is not json, we get crashes.
This can happen when middleware sends along unexpected data.
Closes-bug #1441879
Change-Id: Ifac59476e4785b86bca6e2a54759f4271629a193
commit dc31fecdd978a8c56d33bc0f1672e680e273111d
Author: Gal Sagie <gal.sagie at huawei.com>
Date: Thu Apr 9 18:57:52 2015 +0300
OVSDB python binding should use row.delete() to remove rows
The OVS python IDL recognize a delete event when delete() is called
on the row, this should be used to remove rows from the db
Change-Id: I50c94a4f089659d78f8881653cd55d4ef069cdc1
Closes-Bug: #1442217
commit e4095758868f6debdddb5a7cd65f8c0a244bee66
Author: John Schwarz <jschwarz at redhat.com>
Date: Thu Apr 9 18:41:06 2015 +0300
Revert connection option post full-stack tests
The full-stack framework overrides the database connection string before
every test is started, but after the test it doesn't revert the string
back to what it was originally. Since after the test the database is
deleted, the string is not actually valid once the test finished, and
this conflicts with tests which are ran on the same job (specifically
the retargetable tests - see associated bug). The proposed patch saves
the original connection string and reverts it after the test finishes.
Change-Id: I96c01483009084cbc2b81588a1283e84e6bcb4c4
Closes-bug: #1440797
commit d9251d6e35ac87b755b63aa58bb32da20496dfba
Author: Elena Ezhova <eezhova at mirantis.com>
Date: Tue Apr 7 14:55:50 2015 +0300
Handle SIGHUP in dhcp and l3 agents
All launchers implemented in common.service require each service to
implement reset method because it is called in case a process
receives a SIGHUP.
This change adds the reset method to neutron.service.Service class
which is used to start dhcp and l3 agents.
Now dhcp and l3 agents don't die on receiving SIGHUP and support
reloading policy_path and logging options in config.
Partial-Bug: #1276694
Change-Id: I96010e44928a665bea546865b2c81bde4ed0adf2
commit f92d22d91b8a29a0088c69a1cf4940c822d38847
Author: Elena Ezhova <eezhova at mirantis.com>
Date: Thu Mar 26 15:33:36 2015 +0300
Sync service from oslo-incubator
This sync includes changes that are required to fix handling
of SIGHUP in Neutron.
The following changes and bugfixes are included:
d24b658 Revert "Optimization of waiting subprocesses in ProcessLauncher"
593005b ProcessLauncher: reload config file in parent process on SIGHUP
f29e865 Store ProcessLauncher signal handlers on class level
bf92010 Optimization of waiting subprocesses in ProcessLauncher
Change-Id: If0aab4e8978422346f6ba4c9e6272cdaf39db6cb
Closes-Bug: #1433142
Related-Bug: #1276694
commit 7e95f878d9d5af968f970f20c3258436ab276e2a
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Thu Apr 9 06:58:54 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: Idf9c9beac35ee67d21986a172eb74b3ca6e93b54
commit d5aa1831ac95c16fcee6ec0bb8f0bf07afbe384c
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Wed Apr 8 02:23:22 2015 +0400
Add logging to dangling port to ml2 delete_subnet
This is useful when trouble shooting test failures.
Also, in db_base_plugin_v2, log only port_id instead of
full allocation object.
Change-Id: I3d77318aee70836de125687a7f6c0f495d545f21
Related-Bug: #1357055
commit 29dd67ff754eba3064549886c0906a83500d1879
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Wed Apr 8 00:15:43 2015 +0400
Avoid synchronizing session when deleting networkdhcpagentbinding
Synchronizing session on delete leads to traces in neutron-server
logs when such binding is deleted concurrently.
Also, catch and ignore ObjectDeletedError during iterating over
bindings, that is possible since the code is not within a transaction.
Change-Id: I7a2c9a8a59ce313c7d242230eeb5da69986bfbd4
Closes-Bug: #1424593
commit 1e06631d947a25589981b04acb221b2e4870dc2c
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Apr 8 12:50:19 2015 -0700
Update L3 Agent Scheduler API tests
Changes [1,2] recently merged in temptest. Change [2] in particular
is required if we run the API tests with DVR enabled, because now the
binding logic has been altered by [3].
This patch ensure that should that happen, the API job doesn't fail.
[1] https://review.openstack.org/#/c/169895/
[2] https://review.openstack.org/#/c/165246/
[3] https://review.openstack.org/#/c/154289/
Change-Id: Iead1b90030098139090ae6ad4b77f50068817083
commit 0107bdd5f03e3d0fef6be88b8b586f735f610522
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Apr 8 10:57:13 2015 -0700
Revert "IPv6 SLAAC subnet create should update ports on net"
This reverts commit 81f4469b620ec221f53d3ffb4d00b90896dc5ce1.
Change-Id: I63a392fccda29ceff3e91c0a4de741d263bd0e8e
Related-bug: #1441382
Related-bug: #1440183
commit 3d1277555e183a81b56c2ea2dc01342d8333afdd
Author: Edgar Magana <emagana at gmail.com>
Date: Mon Apr 6 22:57:06 2015 -0700
Add missing config parameters in neutron.conf
Include all missing configuration parameters already
integrated in Neutron code.
Change-Id: Iefa344a2f9ec2c74f6314e7c783ff3b213d76ea3
Closes-bug: #1438329
commit 809e434d2da99cb3e1a778be9838b1175e785e76
Author: Pritesh Kothari <pritesh.kothari at cisco.com>
Date: Wed Mar 25 11:34:05 2015 -0700
Moving VLAN Transparency support from core to extension
* Moving VLAN Transparency support from core to extension
* Remove the older unit tests and add new corresponding ones
DocImpact
Closes-Bug: #1434667
Change-Id: Ic551475ed7b64aad9627a57abb0df41acc19bfc1
commit aeb5efe3fbeae82a2d65f6bb68710d14156c58bf
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Sat Apr 4 18:50:36 2015 -0400
Re-use context session in ML2 DB get_port_binding_host
This patch modifies ML2 DB get_port_binding_host method so that it
reuses the existing context session to do the database query
rather than creating a new database session.
Note that there are other methods in ML2 DB that do not re-use
the caller's session (get_port_from_device_mac() and
get_sg_ids_grouped_by_port()). These will be modified using
a separate bug (https://bugs.launchpad.net/neutron/+bug/1441205).
Change-Id: I8aafb0a70f40f9306ccc366e5db6860c92c48cce
Closes-Bug: #1440183
commit e8603512c4e7aa976ad29dfaf609505267b8c870
Author: Andrew Boik <dboik at cisco.com>
Date: Fri Mar 27 16:21:29 2015 -0400
Consider all address scopes in init_l3
Currently init_l3 retrieves the list of global addresses from the kernel
on a specific device in a network namespace. If any of the addresses are
not in the ip_cidrs argument to init_l3, they will be deleted. The
problem with only listing global addresses is that if a site-local or
link-local address is added during a subnet-create, and the user wishes
to later delete the address, init_l3 will never consider that address
for deletion.
To fix this, init_l3 should not limit its scope when listing addresses
on an interface. It should, however, ignore the default IPv6 link-local
address assigned by the operating system as this address is not known to
Neutron and should not be deleted.
Change-Id: I3d7a3e318e32acae3836c51e4e2e95ae756e645b
Closes-Bug: #1437499
commit 14addb4f0ddd3288cf29849bc86d9c717d7374ff
Author: Sanjeev Rampal <srampal at cisco.com>
Date: Mon Apr 6 17:19:37 2015 -0700
Improves the description string for the config parameter metadata_workers.
Change-Id: I98d05ce52d7cd6c3631bfe1928509fda21d16b48
Closes-Bug: 1421892
commit 31631e82bbf974c50fb913dafe0ad86e2c0e6a8b
Author: armando-migliaccio <armamig at gmail.com>
Date: Tue Apr 7 15:37:59 2015 -0700
Fix intermittent UT failures in test_utils
Change eba4c2941ee introduced these tests. However they are not that useful as they
simply mimick the code, without really ensuring that the behavior is expected, so
they provide negative value ([1]), plus, they fail randomly.
This patch removes them in favor of a more useful functional check.
[1] http://googletesting.blogspot.com/2015/01/testing-on-toilet-change-detector-tests.html
Closes-bug: #1441347
Change-Id: I8a321995295deef7f6d30be303486be491e2771f
commit 23351390d87c3541e9df05164201024be0a3d42f
Author: Eugene Nikanorov <enikanorov at mirantis.com>
Date: Thu Mar 26 06:17:59 2015 +0400
OOP cleanup: start protected method names with underscore
This slightly improves readability of l3_schedulers module.
Change-Id: I362143939b513bb3b2a02e7472efa26e8c83cb96
Closes-Bug: #1436922
commit 3e83a26e665c43372f3639ba892198fa052fb2b2
Author: Maru Newby <marun at redhat.com>
Date: Tue Mar 24 19:45:46 2015 +0000
Enhance TESTING.rst
Add detail about api testing and provide better visual separation
between the different types of testing.
The current testing guidelines are mainly about running tests, and
this change does little to fix that. The intention is to add detail
about writing tests in subsequent changes.
Change-Id: I39d0439c91e5c6edb1d48d4da310443c99fb6d9e
commit e37dcd4c76e3ab61c585b116c34d32382c592b9f
Author: Maru Newby <marun at redhat.com>
Date: Tue Apr 7 15:00:25 2015 +0000
Remove check for bash usage
Arbitrarily restricting ourselves from using bash because developers on
platforms like netbsd don't want to install bash from ports doesn't
make sense. Any non-trivial shell script is likely to use features
like arrays or string manipulation that are poorly supported (if at
all) by sh, and the continued bumping of the number of expected bash
scripts is an indication that the check is not serving its purpose
anyway.
Along with removing the check, all shebang references to /bin/bash
have been replaced with /usr/bin/env bash in an attempt to be more
compatible across different hosts.
Change-Id: Ief72dc380cc88af38959c330897e2c127e33c332
Closes-Bug: #1440824
commit 760fe6a8fabc921e75367b5f02bab4fc326b8115
Author: Ed Bak <ed.bak2 at hp.com>
Date: Mon Feb 9 23:13:18 2015 +0000
Return from check_ports_exist_on_l3agent if no subnet found
The call to get_subnet_ids_on_router can return an empty list.
If the subnet_ids list is empty, the subsequent call to get
the ports on a subnet returns all ports. If this occurs
when doing a remove_router_interface, the performance
of a remove_router_interface degrades significantly. This change
returns immediately from check_ports_exist_on_l3agents if no
subnet is found. A new unit test has been added to cover
the specific case of returning immediately without calling
get_ports when a remove_router_interface operation is performed.
Change-Id: I247d3bae152ab4f8ab7e00bd24d878eb08dca1ba
Closes-Bug: #1420032
Depends-On: I15bbf16fd4378c6431e9da8942d0968e7a012a91
commit 1c1dbf5676bcd934fbe8a8053641fcad6d37f075
Author: Thierry Carrez <thierry at openstack.org>
Date: Tue Apr 7 15:50:46 2015 +0200
Open Liberty development
Bump pre-version in setup.cfg to formally open Liberty development.
Kilo release branch will be cut from the previous commit.
Change-Id: I9ca77808093741f6c52e49f3041e90c3cc7a74b6
commit 3c35b40b20b8245350968d0a78de03aacba0cc33
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Wed Mar 25 14:07:58 2015 +0900
Remove duplicated l3 router scheduler test cases
Turn L3SchedulerTestCase to a mixin to reduce the number of
duplicated test cases. There's no reason to run them in both
of L3SchedulerTestCase and L3ChanceSchedulerTestCase.
Closes-Bug: #1436164
Change-Id: Iee33f77fa2f9b9e20bb9c3fc4fb11a38de14bca5
commit fed9c30b984fa69a048bc1672362e40c2fe0ad6c
Author: Assaf Muller <amuller at redhat.com>
Date: Mon Apr 6 23:56:15 2015 -0400
Remove tests from HA routers test framework
The framework class should not contain tests. Running the module
was running an additional 9 tests that should not have been run.
Change-Id: Iabc6367e8bfda18e395d1a19809b07507200003d
commit 78d3b40899b81dd2ecfadcc8547c8eabc6849e53
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Wed Mar 18 13:27:15 2015 +0900
linuxbridge UT: Fix a regression of the recent ip_lib change
A recently merged change, I07d1d297f07857d216649cccf717896574aac301,
changed IPWrapper.get_devices to use /sys instead of executing ip command.
Unfortunately it broke linuxbridge unit tests, which seems to assume that
mocking utils.execute is enough in some places. This commit fixes the
regression.
Closes-Bug: #1433417
Related-Bug: #1374663
Change-Id: I9570abe703b438a3fc358f747e25d023934d1ffd
commit e585c822e38919451beeb95406c521b09b18e9fc
Author: Swaminathan Vasudevan <swaminathan.vasudevan at hp.com>
Date: Thu Apr 2 17:25:39 2015 -0700
Fix dynamic arp populate error for dvr routers
Recent refactor to the L3 Agent have introduced
this problem. When we create a VM after we
attach an interface to a router or when we add
an interface with an existing VM to a router, in
both cases the arp entries for the dvr serviced
ports are not getting populated in the Router
Namespace.
Closes-Bug: #1438969
Change-Id: I4a82e2435d176f3d9336d7f0dab9726c063840b9
Co-authored-by: Armando Migliaccio <armamig at gmail.com>
commit 21bef562c23d96fe41daeedeb43c0bb2d1c53ed0
Author: Maru Newby <marun at redhat.com>
Date: Mon Apr 6 21:53:39 2015 +0000
Reorganize plugin test modules
This change moves plugin test modules to conform to the new rules on
unit test tree structure (see TESTING.rst).
Vendor plugin paths continue to be ignored, and unit test modules that
test features instead of modules are also ignored pending their
removal to the functional test tree.
Change-Id: I482c377ca72ffd58692ad84bd9692356513e4c98
Closes-Bug: #1440834
commit 5bdcacad62ba468de1bd339cad44428c2374d973
Author: Maru Newby <marun at redhat.com>
Date: Mon Apr 6 21:51:23 2015 +0000
Merge open source plugin test code modules
The unit test reorg is about moving files around so a test module is
clearly associated with the code module it targets, but the test
modules in this change needed to be manually merged because they both
targeted the same module.
Change-Id: I80f4b97fadd318896e7fa4e7e7e939f924127b2a
Partial-Bug: #1440834
commit 1105782e3914f601b8f4be64939816b1afe8fb54
Author: Maru Newby <marun at redhat.com>
Date: Sat Apr 4 00:22:05 2015 +0000
Reorganize unit test tree
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
regressions.
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
Change-Id: If307593259139171be21a71c58e3a34bf148cc7f
Partial-Bug: #1440834
commit b5b919a7a3569ccb93c3d7d523c1edfaeddb7cb9
Author: Brian Haley <brian.haley at hp.com>
Date: Thu Apr 2 21:11:06 2015 -0400
Add ipset element and hashsize tunables
Recently, these messages have been noticed in both tempest
logs, as well as reported by downstream users syslog:
Set IPv4915d358d-2c5b-43b5-9862 is full, maxelem 65536 reached
So the default of 64K is not sufficient enough.
This change adds two config options to control both the number
of elements as well as the hashsize, since they should be
tuned together for best performance. Slightly different
formats were required for 'ipset create' and 'ipset restore'.
The default values for these are now set to 131072 (maxelem) and
2048 (hashsize), which is an increase over their typical default values
of 65536/1024 (respectively), in order to fix the errors seen in
the tempest tests.
DocImpact
Change-Id: Ic0b5b38a840e737dc6be938230f4052974c8620f
Closes-bug: #1439817
commit 80bea7a38670620934faafd5f583fe6164b9f9b3
Author: Cedric Brandily <zzelle at gmail.com>
Date: Tue Mar 17 15:20:07 2015 +0000
Allow metadata proxy running with nobody user/group
Currently metadata proxy cannot run with nobody user/group as metadata
proxy requires to connect to metadata_proxy_socket when queried.
This change allows to run metadata proxy with nobody user/group by
allowing to choose the metadata_proxy_socket mode with the new option
metadata_proxy_socket_mode (4 choices) in order to adapt socket
permissions to metadata proxy user/group.
This change refactors also where options are defined to enable
metadata_proxy_user/group options in the metadata agent.
In practice:
* if metadata_proxy_user is agent effective user or root, then:
* metadata proxy is allowed to use rootwrap (unsecure)
* set metadata_proxy_socket_mode = user (0o644)
* else if metadata_proxy_group is agent effective group, then:
* metadata proxy is not allowed to use rootwrap (secure)
* set metadata_proxy_socket_mode = group (0o664)
* set metadata_proxy_log_watch = false
* else:
* metadata proxy has lowest permissions (securest) but metadata proxy
socket can be opened by everyone
* set metadata_proxy_socket_mode = all (0o666)
* set metadata_proxy_log_watch = false
An alternative is to set metadata_proxy_socket_mode = deduce, in such
case metadata agent uses previous rules to choose the correct mode.
DocImpact
Closes-Bug: #1427228
Change-Id: I235a0cc4f0cbd55ae4ec1570daf2ebbb6a72441d
commit b7ac8501a0a4753be09b37525ec1665bafacdd8b
Author: Maru Newby <marun at redhat.com>
Date: Mon Apr 6 16:28:00 2015 +0000
Skip example retargetable functional test
The example retargetable test that previously ran as part of the
functional suite is now skipped due to the fullstack example's db
fixture usage causing the test to fail if it the fullstack example
runs first on the same worker.
Change-Id: I0a34f9ba04c53a4291698be819070c66009c8b4a
Related-Bug: #1440797
commit 980e54713776584f2b810d136a369ce5a73b3a7f
Author: Maru Newby <marun at redhat.com>
Date: Fri Apr 3 23:42:31 2015 +0000
Prepare for unit test reorg
The unit test reorg is about moving files around so a test module is
clearly associated with the code module it targets, but the test
modules in this change needed to be manually merged because they both
targeted the same module.
test_api_v2 is also updated to use the path of neutron/tests/base.py
as the root of path to test implementations of extensions.
Change-Id: I432b84339e51c26ef0aa26d44e29b5a3311626ad
Implements: bp/reorganize-unit-test-tree
commit 3108d2dece0501dbb661e2f5a4bb530a199f9fde
Author: Maru Newby <marun at redhat.com>
Date: Fri Apr 3 17:26:33 2015 +0000
Remove orphaned nuage unit test module
Change I6d02df85c7a2c307ad11442d0afdd50c64210af4 implemented the
plugin decomp for nuage but one of the unit tests was missed.
Change-Id: I37e1b3f6645b5f7730218d5ef08ca28f72b91883
commit 39a3c8aff262b6b8a1257b84ac2832d4d813b68a
Author: zengfagao <zengfa.gao at hp.com>
Date: Thu Apr 2 09:44:53 2015 -0700
Add API tests for subnet-create with subnetpool
With subnetpool, we can create subnet with subnetpool.
User can specify CIDR or prefixlen for subnet allocation.
If neither is specified, CIDR will be chosen from the
pool using the default-prefixlen of the pool.
Change-Id: I2c4d81496e10826bed83a977ff0398f781d16c33
Partially-Implements: blueprint subnet-allocation
commit 9bca9ca84b76cc5bba03e9c0ff42bceaf5d2b028
Author: Paul Michali <pc at michali.net>
Date: Wed Apr 1 13:47:43 2015 -0400
Refactoring cleanup for L3 agent callbacks
This commit completes the refactoring of the L3 agent callback mechanism.
The goal here is to also use the neutron/callbacks/ mechanism for L3 agent
notifications, instead of have two mechanisms.
[1] modified the L3 agent to send notifiactions for router create, udpate,
and delete events, using the neutron/callbacks/ mechanism.
[2] modified VPN to use this new mechanism, instead of the L3EventObservers
mechanism. Note:
[3] modified FW repo to no longer depended on the L3EventObserver and
related objects (it doesn't currently use the event notifications).
This commit removes the notifications for the L3EventObservers mechanism,
removed the related modules and tests, and adds in tests to verify that the
new notifications are called for the different events.
Once [1] and [2] are upstreamed, this commit can proceed.
Refs:
[1] https://review.openstack.org/#/c/164466/
[2] https://review.openstack.org/#/c/165226/
[3] https://review.openstack.org/#/c/167275/
Change-Id: I7c4b4ea5f9fb19abb812665cdae5fb70c84fe3ec
Depends-On: If5040a827a6903cc7cb5e59cdb7fb95f61b13d47
Closes-Bug: #1433552
commit 30c2e203d9cba559d7533ab5dbd5b45e5445e06d
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Fri Apr 3 06:13:58 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: I7ce3288f62fdd9ffae81c47f3bc1a359833839e4
commit 54c05b500ac3ffad98cb480dc5bfd04bdcf91229
Author: Andrew Boik <dboik at cisco.com>
Date: Mon Mar 23 11:21:11 2015 -0400
Support multiple IPv6 prefixes on internal router ports
(Patch set #3 for the multiple-ipv6-prefixes blueprint)
Provides support for adding multiple IPv6 subnets to an internal router
port. The limitation of one IPv4 subnet per internal router port
remains, though a port may contain one IPv4 subnet with any number of
IPv6 subnets.
This changes the behavior of both the router-interface-add and
router-interface-delete APIs. When router-interface-add is called with
an IPv6 subnet, the subnet will be added to an existing internal port
on the router with the same network ID if the existing port already has
one or more IPv6 subnets. Otherwise, a new port will be created on the
router for that subnet. When calling the router-interface-add with a
port (one that has already been created using the port-create command),
that port will be added to the router if it meets the following
conditions:
1. The port has no more than one IPv4 subnet.
2. If the port has any IPv6 subnets, it must not have the same
network ID as an existing port on the router if the existing
port has any IPv6 subnets.
If the router-interface-delete command is called with a subnet, that
subnet will be removed from the router port to which it belongs. If the
subnet is the last subnet on a port, the port itself will be deleted
from the router. If the router-interface-delete command is called with
a port, that port will be deleted from the router.
This change also allows the RADVD configuration to support advertising
multiple prefixes on a single router interface.
DocImpact
Change-Id: I7d4e8194815e626f1cfa267f77a3f2475fdfa3d1
Closes-Bug: #1439824
Partially-implements: blueprint multiple-ipv6-prefixes
commit 6c4091418eec5f40bd2fe0c264b1d7d2b70894da
Author: Maru Newby <marun at redhat.com>
Date: Fri Apr 3 01:10:07 2015 +0000
Fix functional test using local timeout value
The ovsdb monitor test was using a timeout of 60s for monitor start.
This change sets the timeout to the global timeout value if it is
greater (it's 90s currently).
Closes-bug: #1439914
Change-Id: I95ee3d7dfdb5f010347a9d8db1b2bf610c0289d1
commit f93007952e40a7ae7cb2d4f3588059acf42ea209
Author: shihanzhang <shihanzhang at huawei.com>
Date: Tue Mar 31 16:14:12 2015 +0800
Add index for port
This patch will speed up SELECTs Port with filters by
'network_id + device_owner' and 'network_id + mac_address'.
Closes-bug: #1421089
Change-Id: Ied90b6304df971a6049871f65df3e1aaee624647
commit d82366fe015c6be91d12f3b94fb65f9a03189109
Author: Hong Hui Xiao <xiaohhui at cn.ibm.com>
Date: Thu Apr 2 08:24:35 2015 -0700
Always run dnsmasq as root
Regarding https://review.openstack.org/#/c/145829/
The old code of DnsMasq will always get root_helper from
neutron.agent.dhcp.agent.
However, new code will only set run_as_root when namespace
is used. That will cause permission error when namespace
is disabled and dnsmasq need to be started.
Change-Id: Ib00d6e54dba44dbbbec158b9e0518e6e42baceec
Closes-Bug: #1428007
commit 692de8fa522f8da644bb8fc1d06c16403689f06c
Author: Tim Swanson <tiswanso at cisco.com>
Date: Tue Mar 31 12:13:16 2015 -0400
Move network MTU from core REST API to extension API
The network MTU was added to the core REST API via
https://review.openstack.org/#/c/154921. This commit
reverts that change and adds the network MTU to the
extension API.
Change-Id: I7a7d679f471ced3230f230684d5ae9789bcca305
Closes-bug: 1434671
commit 593b64dee4c0923fc85d6656e29a2beb27f27b17
Author: Paul Michali <pc at michali.net>
Date: Thu Mar 26 08:01:58 2015 -0400
Refactoring of L3 agent notifications for router
The goal of this refactoring is to reduce duplication by
replacing the L3EventObservers mechanism (a specific
mechanism for L3 agent notifications), with the
CallbacksManager mechanism (a more general mechanism
currently in use), so that there is one method
used.
This is the first part of refactoring the L3 agent so that
it uses the new neutron.callbacks mechanism. To do this,
duplicate calls will be made for notifications related to
the router, only using the new callback mechanism.
This commit does two things. First, it puts in place the
notifiers for the new callback mechanism. Second, it updates
the metatdata proxy agent (which is in the same repo) to
use the new callback mechanism.
Later commits will update other repos from the old to new
callback mechanism, and to then remove the old callback
mechanism, once no longer used.
Change-Id: If134947957fd671aa99a0b2d2b37f7ec65e37766
Partial-Bug: #1433552
commit 0616171a8c493731a85dacde3e10838e5a0053ec
Author: Assaf Muller <amuller at redhat.com>
Date: Thu Apr 2 10:59:00 2015 -0400
Fix docstring for l3_dvr_db.dvr_vmarp_table_update
Change-Id: I783b0357833cda0e5143581284be720e5d4f3a97
commit 2041ead12d1bf4c2b03fd980fd2a6ce5f653dcfb
Author: Sudipta Biswas <sbiswas7 at in.ibm.com>
Date: Thu Apr 2 15:06:35 2015 +0530
Treat all negative quota values as -1
Currently if the quota_port, quota_network, quota_subnet values
in the neutron.conf are set to a negative value not equal to -1,
neutron reports the values as is to consumers like Nova.
Nova treats -1 as the infinite quota indicator and doesn't expect
neutron to return any other non-negative value.
The fix allows the flexibility of having any negative number for the
quota parameters in the neutron.conf file and allows the nova boot
to succeed subsequently. The fix would report any negative value
as -1 for port, subnet and network.
Change-Id: Ib9a7136b0bfd01bdf04a5d0937854590029b1010
Closes-Bug: 1438738
Co-Authored-By: Salvatore Orlando <salv.orlando at gmail.com>
commit ce2ae2fbe53ba9b019dfb6838264fca0b5b98042
Author: abhishek60014726 <abhishek.g-m at hp.com>
Date: Wed Mar 25 05:50:29 2015 -0700
Router test enhancements
Add test to attach two routers to the same network
-Create a network
-Create a subnet
-Create two port for the same network
-Create two routers
-Add router interface with the port_id for two routers by using respective port_ids
-Verify the port device_id with that of router_id
-Verify the port network id with that of created network
Change-Id: Id9de0edf687319b6e20804daee347b41d8b840a2
commit da12e748d129c6ba38173d0b7a20f7b140bddbd6
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Thu Apr 2 13:57:52 2015 +0900
ovs_neutron_agent: Remove a redundant assignment of ovs_status
Change-Id: I8ed572aa48ccc226137f65514c58ca5c3ba77870
commit 0d98dcc673631265d35d06dee3fe78a51b3be2f7
Author: armando-migliaccio <armamig at gmail.com>
Date: Wed Apr 1 17:52:01 2015 -0700
Move orphaned api test - deux
According to changes [1,2], API tests' new home is under neutron/tests/api.
Change 92d2054f8a slipped through the cracks. It seems also that wrong
imports lead to tests silently dropped (i.e. not executed). This patch
rectifies the issue.
[1] https://review.openstack.org/#/c/169850/
[2] https://review.openstack.org/#/c/167320/
Change-Id: I64be376d7cff9512bd027720116dc039831e7955
commit 81f4469b620ec221f53d3ffb4d00b90896dc5ce1
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Mon Mar 2 22:03:10 2015 -0500
IPv6 SLAAC subnet create should update ports on net
If ports are first created on a network, and then an IPv6 SLAAC
or DHCPv6-stateless subnet is created on that network, then the
ports created prior to the subnet create are not getting
automatically updated (associated) with addresses for the
SLAAC/DHCPv6-stateless subnet, as required.
Change-Id: I5901db6655c045c0e78c7cb7fc51ce8c9a9e1933
Closes-Bug: 1427474
commit 1e3cb4ee504b6e1e135cc7a97e2146f13361fe9e
Author: armando-migliaccio <armamig at gmail.com>
Date: Tue Mar 24 11:30:08 2015 -0700
Add API tests for Neutron DVR extension
This patch adds a number of positive and negative tests for
the DVR functionality implemented by Neutron.
Generated using:
./tools/copy_api_tests_from_tempest.sh [path to tempest working directory]
Change-Id: Ia300b736250249ba54bd8fefa1307e6898f71652
commit c5ae4145bc9c92de75f1408b19d0f04fac122178
Author: Cedric Brandily <zzelle at gmail.com>
Date: Wed Apr 1 22:43:13 2015 +0200
Add missing neutron/tests/unit/agent/common/__init__.py
neutron/tests/unit/agent/common directory defines tests but is not a
valid python2 package: __init___.py is missing.
Change-Id: Ida0055b64c23c4af3f4cdce2a777b19418451f33
commit fbc22784149cd6b3ca6d8161e360d3d7c10d94ac
Author: Cedric Brandily <zzelle at gmail.com>
Date: Tue Mar 3 22:26:52 2015 +0000
Allow metadata proxy to log with nobody user/group
Currently metadata proxy cannot run with nobody user/group as
metadata proxy (as other services) uses WatchedFileHandler handler to
log to file which does not support permissions drop (the process must
be able to r/w after permissions drop to "watch" the file).
This change allows to enable/disable log watch in metadata proxies with
the new option metadata_proxy_log_watch. It should be disabled when
metadata_proxy_user/group is not allowed to read/write metadata proxy
log files. Option default value is deduced from metadata_proxy_user:
* True if metadata_proxy_user is agent effective user id/name,
* False otherwise.
When log watch is disabled and logrotate is enabled on metadata proxy
logging files, 'copytruncate' logrotate option must be used otherwise
metadata proxy logs will be lost after the first log rotation.
DocImpact
Change-Id: I40a7bd82a2c60d9198312fdb52e3010c60db3511
Partial-Bug: #1427228
commit eff8af9a22f8b045048b3ad491cf6ea3309110d2
Author: Maru Newby <marun at redhat.com>
Date: Wed Apr 1 17:30:55 2015 +0000
Move orphaned api test
A recent change added a new api test to the old location that is no
longer used for discovery. This change moves it to
neutron/tests/api/admin to ensure that it can be discovered and run.
Change-Id: Ifcada8f9b2178b3159151b0d1953fd841d82ffa6
commit 342859455690fed57adc9296c457f1bd7a7a93a2
Author: Carl Baldwin <carl.baldwin at hp.com>
Date: Thu Mar 26 18:10:10 2015 +0000
Implement default subnet pool configuration settings
The default_ipv6_subnet_pool option was added [1] as an integration
point between prefix delegation work and subnet allocation work. This
patch completes the integration with subnet allocation. This
addresses the use case where a deployer wants all ipv6 addresses to
come -- by default -- from a globally routable pool of ipv6 addresses.
In a deployment with this option set, an API user can still access the
old behavior by passing None explicitly as subnetpool_id when creating
a subnet.
This patch also adds the default_ipv4_subnet_pool for completeness.
[1] https://review.openstack.org/#/c/166973
Change-Id: I301189b5cd31d7c5fa4a40fa3e04f8e6ac77592b
Partially-Implements: blueprint subnet-allocation
commit 748420518c2d9ffdf85ba3f78797326f5c8ec54f
Author: Cedric Brandily <zzelle at gmail.com>
Date: Fri Feb 27 14:08:23 2015 +0000
Define bridge/port fixtures for OVS/LinuxBridge/Veth backends
This change defines for OVS, LinuxBridge and veth[1] bridge and port
fixture classes in order to handle bridge and port setUp/cleanUp.
It allows to simplify BaseOVSLinuxTestCase[2] and remove
BaseBridgeTestCase[2].
[1] veth backend simulates a bridge with a veth
[2] in neutron.tests.functional.agent.linux.base
Change-Id: If34c9a8fb6fa584fb1e30173ec619d1aac9701f9
commit 650bd4a3f964e7cb36f27ffc181b664639744f98
Author: Kyle Mestery <mestery at mestery.com>
Date: Fri Mar 13 14:54:37 2015 +0000
Update core reviewer responsibilities
This patch more clearly lays out who can merge code into the plethora
of Neutron repositories. It also clarifies a few things with the
existing text in places.
Change-Id: I2628dad7ba2bbc0b63dd9ed716db6221a5b30b2d
commit a8c7db5b9d9bba44660de3c7a64295f9f318b63a
Author: Assaf Muller <amuller at redhat.com>
Date: Wed Apr 1 09:38:21 2015 -0400
Remove "Arguments dropped when creating context" logging
This log was previously reduced from warning to debug.
Cinder removed it entirely in:
https://bugs.launchpad.net/cinder/+bug/1329156
The root cause is this:
Agent heartbeats use an admin context. The context is serialized
with its to_dict method, which exposes 'tenant' and 'project_name'
(These are properties of the class that are calculated from other
attributes). In the controller, this dict is used to initialize a
ContextBase, which does not accept tenant and project_name as arguments,
de facto sending those values as key word arguments.
We can either handle 'tenant' and 'project_name' specially, fix
it any other way, or drop the logging entirely. Is this logging
ever useful?
Change-Id: Ifd51b62bae7b96de44f04836015d2ed939bcb650
Closes-Bug: #1255441
commit a1b8a770c1f78d346fc33ddadbe5746d5ecdcee8
Author: sridhargaddam <sridhar.gaddam at enovance.com>
Date: Wed Apr 1 12:01:03 2015 +0000
Some cleanup in L3 HA code
This patch addresses the following.
1. removes the un-used variables.
2. process_monitor (argument to KeepalivedManager) is changed to
a non-default parameter as its used in spawn, disable methods.
Change-Id: I8b130b21965ed3387e994818be947eb95d73a423
commit d313e668ba03a5438ce2c266bbb236303d5b3227
Author: Assaf Muller <amuller at redhat.com>
Date: Thu Feb 19 20:34:17 2015 -0500
Fix reference to non-existent setup_dvr_flows_on_integ_tun_br
Found via the pylint no-member check.
Co-authored-by: Kevin Benton <blak111 at gmail.com>
Closes-Bug: #1423775
Change-Id: Id4104fa783aa8c34917df6d16ff1290882f93af5
commit eb79e5fe53e61af11033a5b824052d052ee755a9
Author: Henry Gessau <gessau at cisco.com>
Date: Thu Mar 26 22:54:21 2015 -0400
Modify a different agent in test_update_agent_description
API test_update_agent_description modifies an agent's description, and
test_list_agent assumes the first agent is never modified. We make
sure that an agent other than the first one is modified.
Closes-bug: 1437124
Change-Id: I7593e2896ab7ef8a14ad35005314382e65e805cb
commit 57a445d6c8deab47a9e8615ca7a99da3654fb3de
Author: Maru Newby <marun at redhat.com>
Date: Tue Mar 24 16:21:57 2015 +0000
Move API tests to neutron.test.api
To make api test development simpler, move the tests to
neutron.tests.api. The neutron.tests.tempest subtree will remain
while work continues to transition the required functionality to
tempest-lib.
Change-Id: Ie90671fbfe2f633e851da82728e152482133fd87
commit 2fa1fc4bb1a324e3878c68a74ca7bdb4bd545db1
Author: Ryan Tidwell <ryan.tidwell at hp.com>
Date: Mon Mar 16 11:02:13 2015 -0700
Simple subnetpool allocation quotas
Enables enforcement of allocation quotas on subnet pools. The quota
is pool-wide, with the value of allocation_quota applied to every
tenant who uses the pool. allocation_quota must be non-negative,
and is an optional attribute. If not supplied, no quotas are
enforced. Quotas are measured in prefix space allocated. For IPv4
subnet pools, the quota is measured in units of /32 ie each tenant
can allocate up to X /32's from the pool. For IPv6 subnet pools, the
quota is measured in units of /64 ie each tenant can allocate up to
X /64's from the pool. For backward-compatibility, allocation quotas
are not applied to the implicit (AKA null) pool. Standard subnet
quotas will continue to be applied to all requests.
ApiImpact
Partially-Implements: blueprint subnet-allocation
Change-Id: I7e4641f47790414c693c7cc9b7a44b1889087801
commit fb8ea72240700573e97a70597418453374fbd02f
Author: Ryan Tidwell <ryan.tidwell at hp.com>
Date: Thu Feb 19 15:29:08 2015 -0800
Subnet allocation from a subnet pool
Contains API changes, model changes, and logic required to enable a subnet to
be allocated from a subnet pool. Users can request a subnet allocation by
supplying subnetpool_id and optionally prefixlen or cidr. If cidr is
specified, an attempt is made to allocate the given CIDR from the pool. If
prefixlen is specified, an attempt is made to allocate any CIDR with the
given prefix length from the pool. If neither is specified, a CIDR is chosen
from the pool using the default prefix length for the pool.
ApiImpact
Partially-Implements: blueprint subnet-allocation
Change-Id: I59a221f4f434718fb77bd132dbbe1ff50fce4b0c
commit 5723970e5fd9fcb44f791881bef56cabf514a857
Author: Maru Newby <marun at redhat.com>
Date: Tue Mar 24 01:30:11 2015 +0000
Simplify retargetable test framework
The retargetable testing prototype previously relied on each test case
defining the 'scenarios' attribute used to parametize testing with
testscenarios. Anticipating the requirement to retrofit the imported
tempest api test cases, this change moves scenario definition to a
base class since scenarios are common across all api tests.
This change also sets the retargetable test to skip when invoked
against rest. Tempest uses class-level setup for auth and this needs
to be broken out into fixtures before the retargetable testing will
work again.
Change-Id: I70eb21db9b983d45e9bcc7ea90e36f202d3e3e45
commit 749886eb6b065a93dfad7fe7ed930cb77fe37b94
Author: Kevin Benton <blak111 at gmail.com>
Date: Tue Mar 31 11:20:18 2015 -0700
Increase max attempts to 2 for pings on ARP tests
If the server under test is under heavy load, the requirement
of the very first ping passing may be too strict. This patch
increases the max attempts to 2 for the ARP spoofing tests to
give time for the OVS flow changes to take effect.
Change-Id: Ib70790da23861a8ed9c77f9c11aaf8fa41bf581c
Closes-Bug: #1443916
commit 03be14a569d240865dabff8b4c30385abf1dbe62
Author: Kevin Benton <blak111 at gmail.com>
Date: Tue Mar 31 08:53:56 2015 -0700
Revert "Add ipset element and hashsize tunables"
This reverts commit b5b919a7a3569ccb93c3d7d523c1edfaeddb7cb9.
The current ipset manager code isn't robust enough to handle
ipsets that already exist with different parameters. This reverts
the ability to change the parameters so we don't break upgrades
to Kilo.
Change-Id: I538714df52424f0502cb75daea310517d1142c42
Closes-Bug: #1444201
commit 92d2054f8a19cc1a759a8d9707e76c58b3b492d3
Author: zengfagao <zengfa.gao at hp.com>
Date: Wed Mar 25 07:28:25 2015 -0700
Add API tests for subnetpool allocation
Add subnetpool creating, listing, updating and deleting
via REST API.
Change-Id: I0be397e6739a651ce1562137f9b03d0ca8739697
Depends-on: I88c6b15aab258069758f1a9423d6616ceb4a33c4
Partially-Implements: blueprint subnet-allocation
commit e7e2609fae70dbffa0ddbf37c7804587e216648c
Author: Kevin Benton <blak111 at gmail.com>
Date: Mon Mar 30 20:29:51 2015 -0700
Handle no ofport in get_vif_port_to_ofport_map
Newly added ports to OVSDB might not yet have an
ofport number assigned to them. This causes the
return from the DB query to return a list instead
of a port number.
This patch handles that by attempting to convert
each result into an integer and then catching the
exception and continuing through the iteration to
ignore uninitialized ports like these.
It also adds a unit test based on data from a
failure observed in the gate.
Change-Id: I5c1bc8363cc7b07a03df12e3ccd49a09b1907ad2
Closes-Bug: #1444269
commit fa3a3401c1788dcffae64d93966c56cf963e7e28
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Tue Mar 31 11:00:14 2015 +0900
Update .coveragerc after the removal of Cisco Nexus monolithic plugin
Related-Bug: #1350387
Change-Id: I3b8cb6412f1f13141a82515ab131e373b5a0628d
commit 5154d974fdce4625710d3b4f360d45568678eb2f
Author: Itsuro Oda <oda at valinux.co.jp>
Date: Wed Feb 25 13:34:04 2015 +0900
Make floatingip reachable from the same network
The problem is that if one tries to communicate from a tenant network
to floatingip which attached to a port on the same network, the
communication fails.
This problem is a regression cased by [1].
[1] https://review.openstack.org/131905/
Before [1] SNAT rule is as follows:
-s %(internal_cidr)s -j SNAT --to-source ...
(for each internal interface)
After [1] SNAT rule is as follows:
-o %(interface_name)s -j SNAT --to-source ...
(for an external interface)
The new rule was considered a super-set of the packets going out to
the external interface compared to the old rules. This is true but
there is a lack of consideration.
Note that the packet is 'going out to external interface' OR 'DNATed'
at this point since the rule:
! -o %(interdace_name)s -m conntrack ! --ctstate DNAT -j ACCEPT
was applied already. So we should consider the following three cases.
1) going out to external interface
should be SNATed. It is OK under the new rule but there was a lack
of rules for packets from indirectly connected to the router under the
old rules. ([1] fixed this.)
2) DNATed (and going out to internal interface)
2-1) came in from internal interface
should be SNATed because the return traffic needs to go through the
router to complete the conntrack association and to reverse the effect
of DNAT on the return packets. If a packet is not SNATed, the return
packet may be sent directly to the private IP of the initiator.
The old rules done SNAT in this case but the new rule doesn't.
2-2) came in from external interface
nothing to do.
This patch adds a rule for the case 2-1).
This patch also adds mangle rules to examine whether a packet came from
external interface.
Change-Id: Ifa695ac5428fb0edba60129a4d61ec0e127a5818
Closes-Bug: #1428887
commit b278feada205330898897bcc446bb3623414f1e1
Author: Maru Newby <marun at redhat.com>
Date: Mon Mar 30 21:17:19 2015 +0000
Fix functional configure script
A recent change to devstack renamed lib/neutron to lib/neutron-legacy,
and this change updates the functional setup script to reflect the
change.
Change-Id: I5eb4b4052da4b0db128feb42feae50a8bc59f373
Closes-Bug: #1438426
commit 012840e2f5397454601c0eb332178da41ff707c8
Author: Kevin Benton <blak111 at gmail.com>
Date: Sun Apr 12 14:14:38 2015 -0700
Enable ARP spoofing prevention by default
Turn on the ARP spoofing prevention added in
I7c079b779245a0af6bc793564fa8a560e4226afe by
default. It was disabled by default since it
was going into Kilo at the last minute and we
didn't want to risk shipping with a default
that might have broken an edge case that we
didn't consider.
This patch enables it by default since there
shouldn't be any need to have it disabled.
Change-Id: Id17939914ebf8292dce76ccb7d0f6486c91f49e5
commit 07077bebb69da29994257d061d3a8d7ea9598c3d
Author: Abishek Subramanian <absubram at cisco.com>
Date: Mon Mar 30 13:24:09 2015 -0400
Support IPv6 Router
Allow router-gateway-set to work even without an assigned
subnet with the net_id so as to enable IPv6 L3 routing
using the assigned LLA for the gateway.
The goal is to allow for IPv6 routing using just
the allocated LLA address for the gateway port to be
used as the external gateway to connect to the upstream
router. For this purpose router-gateway-set no
longer has a requirement of an assigned subnet.
A new config has also been added to the l3_agent.ini
to allow the user to set a valid ipv6_gateway address
to be used as the gateway for the default ::/0 route
If the ipv6_gateway config is not set and a gateway
is still created without a subnet, the gateway interface
will be configured to accept router advertisements (RAs)
from the upstream router so as to build the default route.
Unit test changes and additions reflect these changes.
APIImpact
DocImpact
UpgradeImpact
Implements: blueprint ipv6-router
Change-Id: Iaefa95f788053ded9fc9c7ff6845c3030c6fd6df
commit 8a93a0665b42d2d2f86bbd8d340398629b076cd7
Author: Carl Baldwin <carl.baldwin at hp.com>
Date: Tue Mar 10 23:12:51 2015 +0000
Move final remnants of router processing to router classes
Change-Id: I467bb680666ec9bc82e55cfe534d74db29009cce
Partially-Implements: bp/restructure-l3-agent
commit 34380df15b3e28d7bfa4ca3a5a11fcbbcb65e376
Author: Kevin Benton <blak111 at gmail.com>
Date: Wed Mar 18 04:13:11 2015 -0700
Only call get_engine().pool.dispose if _FACADE
Avoid calling neutron.db.api.get_engine().pool.dispose() if
an engine facade has not yet been created since there won't
be any connections to get rid of. Calling it on services
that do not use the DB (e.g. agents) unnecessarily creates
a database connection engine that will never be used.
Change-Id: I3dbad1bef5da7b3765898e7d539b4d119b89e73a
Closes-Bug: #1433536
commit 8d8be7ee29d13a28e29be1185bb2fc55d392e3c9
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Mon Mar 30 18:55:04 2015 +0200
Stop using deprecated DEFAULT group for lock_path
While we set the configuration option in DEFAULT section, we get the
following deprecation message in our logs:
WARNING oslo_config.cfg [-] Option "lock_path" from group "DEFAULT" is
deprecated. Use option "lock_path" from group "oslo_concurrency".
Switch to the new configuration option location.
Change-Id: I89783cc975a4a845ee57920d83236d6eb698af9c
commit 3b66a9ff77a0c77075a1320d832f97de7aeab22a
Author: Ihar Hrachyshka <ihrachys at redhat.com>
Date: Wed Mar 18 14:21:57 2015 +0100
tests: don't rely on configuration files outside tests directory
etc/... may be non existent in some build environments. It's also pip
does not install those files under site-packages neutron module, so
paths relative to python files don't work.
So instead of using relative paths to etc/... contents, maintain our own
version of configuration files. It means we need to maintain tests only
policy.json file too, in addition to neutron.conf.test and
api-paste.ini.test.
Ideally, we would make etc/policy.json copied under site-packages in
addition to /etc/neutron/. In that way, we would not maintain a copy of
policy.json file in two places.
Though it seems that setuputils does not have a good way to install
files under site-packages that would consider all the differences
between python environments (specifically, different prefixes used in
different systems).
Note: it's not *absolutely* needed to update the test policy.json file
on each next policy update, though it will be needed in cases when we
want to test policy changes in unit tests. So adding a check to make
sure files are identical.
This partially reverts commit 1404f33b50452d4c0e0ef8c748011ce80303c2fd.
Conflicts:
neutron/policy.py
Related-Bug: #1433146
Change-Id: If1f5ebd981cf06558d5102524211799676068889
commit ca92ebdf968bef67e5259cdacce27c2cab84bd8a
Author: Kevin Benton <blak111 at gmail.com>
Date: Tue Sep 16 20:36:42 2014 -0700
Set floating IP port status to "N/A"
The status of the port associated with a floating IP
would always show as DOWN. This caused confusion to
operators that weren't aware that this is expected behavior
since the port is only used for an IP allocation.
This commit sets the port status to "N/A" to reflect the fact
that the port associated with a floating IP has no operational
status.
DocImpact
APIImpact
Closes-Bug: #1196851
Change-Id: I2f94afa001b213d61f0e5892aae2e6e6de98fe4c
commit aa7356b729f9672855980429677c969b6bab61a1
Author: Kevin Benton <blak111 at gmail.com>
Date: Sun Mar 29 03:37:25 2015 -0700
Add simple ARP spoofing protection
Adds an option to setup OVS rules that will prevent
ports attached to the agent from sending any ARP responses
that contain an IP address not belonging to the port
(in fixed IPs or allowed_address_pairs).
It is disabled by default and requires an OVS version that
can match on ARP fields. If it is too old, traffic will
still flow but it won't have ARP spoofing protection.
There is a sanity check to verify that ARP header matching
is supported.
This prevention is specific to OVS so it will not help with
other plugins that use the reference iptables filtering. A
non-OVS-specific general approach will require something like
the ebtables integration in Ibc6d3d520c1383cf7e00f4bdeb7853a41ac4b14b.
Details:
A new table is added for ARP spoofing prevention. All ARP traffic
on the local switching table is sent to this spoofing table.
The spoofing table will allow all ARP requests because we aren't
interested in them. It will then install an ARP response allow rule
for each IP address the port is assigned. All other ARP responses are
dropped.
DocImpact
SecurityImpact
Partial-Bug: #1274034
Change-Id: I7c079b779245a0af6bc793564fa8a560e4226afe
commit b7bff9e54b4f70fa9d6ee05e27011abdb3fd8dc4
Author: OpenStack Proposal Bot <openstack-infra at lists.openstack.org>
Date: Sun Mar 29 06:13:27 2015 +0000
Imported Translations from Transifex
For more information about this automatic import see:
https://wiki.openstack.org/wiki/Translations/Infrastructure
Change-Id: Iff665505f6cf88bf23e27c0e37a6babb221560d2
commit be77b688b9d7255b2ce68e342af819012ad86f12
Author: Miguel Lavalle <miguel at mlavalle.com>
Date: Sun Mar 8 17:32:21 2015 -0500
Add tests for the l3 agent namespaces manager
The following tests are added for the l3 agent namespaces manager:
1) Unit tests
2) Funtional test
3) A test case within the l3 funtional test for periodic_sync_routers_task
Change-Id: Ia26f1ccdc0a6619aa231c8799acc80377f4144f8
Partially-Implements: bp restructure-l3-agent
commit 8c989e67b99745f55d462e21be0eaa00f6a0e9b8
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Jan 15 08:11:49 2015 -0800
Make L3 agent honor periodic_interval setting
The periodic_task decorator for the sync routers task was resulting
in a default spacing of 60 seconds. This meant that any values less
than that for the periodic_interval setting would not work correctly.
The fixed interval looping call would run at the periodic_interval
but this task would not execute every time as expected.
For example, if the periodic_interval was 40 seconds, the task would
only end up running every other interval (80 seconds in this case)
because every other attempt would be blocked by the default 60 second
barrier of periodic_task.
This sets the periodic_taks spacing variable to 1 second so the
interval is controlled only by the loopingcall as expected.
Ultimately periodic_task should probably be completely removed since
it's not compatible with the fixed interval loopingcall in this manner.
Closes-Bug: #1411085
Change-Id: I23818c3fab2640b241692f00f9b5a2f923e3cf31
commit bfe3b679096e73015bae6592f926b26fa427f112
Author: Terry Wilson <twilson at redhat.com>
Date: Thu Mar 19 12:43:21 2015 -0500
Handle non-index lookups in native OVSDB backend
ovs-vsctl get/set/clear/list can use a record_id that is not an
index on the table being queried. For example, the Controller table
can be queried by a bridge name.
This patch implements the lookup table that ovs-vsctl uses to do
these lookups.
Change-Id: I1983c48c5839df016046ba2596c7c4affa1ebe00
Closes-Bug: 1435567
commit d907762f3cca1405eedaaad5d5841491576c8c54
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Mar 27 23:18:08 2015 -0700
Fix error raising in security groups method
In case there were security groups not belonging to tenant on port
_get_security_groups_on_port would try to raise exception but fail
trying to index set.
This patch simply joins the whole set as a string and inserts it
into the standard SecurityGroupNotFound exception.
No new exception types, no string freeze violations.
Co-Author: watanabe.isao <zou.yun at jp.fujitsu.com>
Co-Author: Jacek Swiderski <jacek.swiderski at codilime.com>
Change-Id: I039ea57269dc53ced8dece0985f33ce9ae7eab17
Closes-Bug: #1373816
commit f45f16537dc2948f69572328338afa2bcd06d10b
Author: Akihiro Motoki <motoki at da.jp.nec.com>
Date: Sat Mar 28 18:06:18 2015 +0900
Update NEC plugin decomposition status
PyPI is now available and update the document.
Related-Bug: #1419396
Related to blueprint core-vendor-decomposition
Change-Id: I8d8d96fb4473aa03b518c2e223b9a92fa1cca7e9
commit df7aa02aa5235b389ed8ad013acf9fccd7e877cd
Author: Andrew Boik <dboik at cisco.com>
Date: Tue Mar 3 22:39:57 2015 -0500
Auto-update gateway port after subnet-create
(Patch set #6 for the multiple-ipv6-prefixes blueprint)
In the multi-prefix scenario, one can add two subnets
to an external gateway port by adding the two subnets
to the external network and using router-gateway-set.
However, if there is only one subnet on the port and
the user wishes to add another later, it is desirable
to have the newly-created external subnet automatically
added to the port. This patch adds this functionality.
Change-Id: I9395834f673038dc23b25eaeefe14895fe154e0e
Partially-implements: blueprint multiple-ipv6-prefixes
commit e2666293c449ca98c52fc7f661be43323ee36828
Author: Andrew Boik <dboik at cisco.com>
Date: Fri Feb 27 18:48:29 2015 -0500
Allow update of ext gateway IP's w/out port delete
(Patch set #5 for the multiple-ipv6-prefixes blueprint)
Updating an external gateway port currently triggers a port-delete
followed by a port-create. In the multi-prefix case, if a second
subnet is added to an external gateway port, the port will be
deleted, freeing the original IP allocation, and then the port will
be recreated with new IP allocations from the two subnets. This is
undesirable as the port can't keep the same IP address from the
original subnet.
This patch modifies the behavior so that a fixed-ip change on an
external gateway port will cause a port-update instead of a
delete/create. If the gateway port network id has changed, however,
the port will be deleted and recreated as before.
Change-Id: I5b19d3b167668ce5c04e7ce8adc63249a4501d0e
Partially-implements: blueprint multiple-ipv6-prefixes
commit 420c21f6c75484d047a2ed64e4c12f19c495e377
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Wed Mar 18 16:38:57 2015 -0400
Support Dual-Stack Gateway Ports on Neutron Routers
(Patch set #2 for multiple-ipv6-prefixes blueprint)
This patchset adds support for dual-stack gateway ports on Neutron
routers. Some background on the changes included in this patchset:
- The L3 driver's init_l3() method has been changed to accept a list
of gateway IPs, rather than a single gateway IP.
- The Neutron port dictionary's singular 'subnet' entry has been
replaced with a 'subnets' list, since ports can now be associated
with multiple subnets.
- The Neutron port dictionary no longer has a (singular) 'ip_cidr'
entry, since a port can now be associated with multiple IP CIDRs
(e.g. up to one IP CIDR per IP family on gateway ports).
Instead, a 'prefixlen' entry has been added to the Neutron
fixed_ips dictionary, so that the port's (multiple) IP CIDRs can
be derived from the matching 'ip_address' and 'prefixlen' pairs
in the port's fixed_ips.
Change-Id: I150da5938e79eeef0c947ddb1a4282e37d0515ee
Partially-implements: blueprint multiple-ipv6-prefixes
commit fe210a6ae25a1b143ed97ef9ac366e16a18d9393
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Mar 20 18:56:51 2015 -0700
Remove auto deletion of routers in unit tests
Remove the automatic deletion behavior of the router
context manager in the L3 unit tests. Any tests that
depend on the router being deleted should do so
explicitly.
It additionally removes the logic from the test_l3_plugin
unit tests that was just related to tearing down enough
stuff to allow the context managers to exit. It was code
that distracted from what the tests were actaully verifying.
All of the context managers for port, network, and subnet
do not auto delete by default and that will be extended to
the L3 constructs as well. The patch that did this for
ports/subnets/networks is here:
https://review.openstack.org/#/c/102465/
Change-Id: Iec97198f18e9fc390ff0747b795f7f309c8f3990
commit 04cd03840977bc32b2bcadcd185a8c4ae19b7159
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Wed Mar 18 12:41:25 2015 -0400
No allocation needed for specific IPv6 SLAAC addr assignment
(Patch set #7 for the multiple-ipv6-prefixes blueprint)
On internal router ports, Neutron allows for an address to
be assigned for an IPv6 SLAAC subnet that is not necessarily
EUI-64. This makes it easier for subnet create, since a
convenient address, e.g. one ending in ::1, can be used as
the subnet gateway IP address.
Currently, when an internal router port is created with a specific
(non-EUI-64) address for a SLAAC subnet, the call flow includes
a call to _allocate_specific_ip. This call is not necessary,
since we're not allocating an address from a pool (and
recalibrating availability ranges, etc.).
This patch set prevents the call to _allocate_specific_ip for
this scenario.
Co-Authored-By: Baodong (Robert) Li <baoli at cisco.com>
Change-Id: I2533ee82980bb602faa663b875787ca50b268b34
Partially-implements: blueprint multiple-ipv6-prefixes
commit 15a507afb18ebfd0b65b97c6d41a9d490ebdb040
Author: Maru Newby <marun at redhat.com>
Date: Fri Mar 27 17:39:41 2015 +0000
Remove neutron.tests.sub_base
Change Ifca5615680217818b8c5e8fc2dee5d089fbd9532 was intended to
remove the neutron.tests.sub_base module, but a bad rebase means that
it was left in the tree.
Change-Id: I5656a10bf3f8d3e87bf481a5a4f4a764bec17843
commit 18c5a8b2e9161e8beda8a14078a1e8d666e900d1
Author: Kevin Benton <blak111 at gmail.com>
Date: Fri Mar 27 08:13:58 2015 -0700
Fix test case for DHCP agent interface restart
One of the new test cases in the recent DHCP
interface patch[1] was supposed to confirm that
the driver wouldn't be restarted if the IP address
stayed the same. However, it wasn't matching the
device ID of the agent so it was never making it
to that conditional.
This patch just fixes that UT so it's exercising
the right code path.
1. c4a7447e2d659b3a240a62ae9d34e6e0b9cee7a3
Change-Id: I8735c6e533d6b486c32cfded2c22eac8a25c855d
commit 2756d9efe08d7cc1f1b244ce72b23007834d9b4f
Author: Terry Wilson <twilson at redhat.com>
Date: Tue Mar 24 21:59:44 2015 -0500
Store and log correct exception info
Since OVSDB commands execute in a different thread, the exceptions
that are passed to the original thread do not contain traceback
info from the exception. This patch stores the text from the
exception as it is caught so that the calling thread can log it.
Change-Id: If462c3d5dc104b349218dc910aa281220a5af528
commit f2fca84f7c2ecab79b4b9424d579450a97959ef2
Author: abhishek60014726 <abhishek.g-m at hp.com>
Date: Wed Mar 25 04:20:55 2015 -0700
Test to verify shared attribute of network
Add Funtion to create a shared network
Add function to create a shared network in bulk
Add a test to create and update a shared network
Add a test to create a port in a shared network using non admin tenant
Add test to create shared networks in bulk
Add function to list and show shared network
Add test to list and show the shared network by admin and non admin
Change-Id: I1894d73977d6018306faeda1231bc8523d35f357
commit 90e833a3cbbe4835de82e3d83196cbe4545818c1
Author: Miguel Angel Ajo <mangelajo at redhat.com>
Date: Tue Mar 24 13:10:37 2015 +0000
Enable Process Monitor by default.
Process monitor is enabled by default by this patch,
with a default 60 second monitoring interval, this
interval was calculated early in the development
process to scale to 1000s of processes with light load.
We believe it's important to have it enabled to get
user feedback as we release kilo.
Process monitor is sucessfully enabled and backported
to Red Hat D/S distributions from icehouse to juno
without any issue.
Specific process monitor functional tests provide
coverage, also keepalived checks that it can be
properly respawned.
We should follow up with dhcp and l3 agent functional
testing for killing and checking their processes
correctly respawned. Normal process start/stop is
already validated by other functional tests and tempest.
DocImpact
Change-Id: I85fe31bee30714148168a293eea29fa0a37f9701
Implements: blueprint agent-child-processes-status
commit c4a7447e2d659b3a240a62ae9d34e6e0b9cee7a3
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Mar 12 02:06:47 2015 -0700
Reload DHCP interface when its port is updated
When a DHCP port corresponding to a DHCP agent is updated,
trigger a reload on the namespace so it uses the latest port
attributes (e.g. IP address).
Closes-Bug: #1431248
Change-Id: I3d1d7b95a8baa4416f1ea3fbbf25a51b818c2c23
commit abc12279f774bafdc83e03234ef2bad679072a8b
Author: Kevin Benton <blak111 at gmail.com>
Date: Thu Mar 26 19:52:23 2015 -0700
Don't eagerly load ranges from IPAllocationPool
The subnet object eagerly loads the IPAllocationPools
associated with it. Each of these was eagerly loading
the IPAvailabilityRange objects associated with it.
On a large subnet with lots of churn, this could be
thousands of records. All of these records were being
loaded for every call to get_subnet, which means all
get_subnets, get_networks, and so-on. icky
This patch changes the relationship between IPAllocationPool
and available_ranges to a 'select' load, so they won't be
loaded until referenced. On my test system with a subnet
that contained 10k ports, this changed the subnet-show time
from 4.7 seconds to 0.56 seconds.
There is no performance downside to this in the upstream
code. At the time of this patch, there were no references
to 'available_ranges' on an IPAllocationPool result. The
logic that deals with the available ranges queries them
explicitly using join statements.
Change-Id: Ia94ce9437ad21e4f21526ba84213fd673693db34
Closes-Bug: #1437131
commit 3f0c2b552a28b2e9cb8b80dc1691680f65d812db
Author: Dan Prince <dprince at redhat.com>
Date: Thu Mar 26 22:19:58 2015 -0400
Revert "Fix validation of physical network name for flat nets"
This reverts commit dbe37d571474ca759e57e61308cd3926a00b481e.
This validation change broke TripleO's os-cloud-config
setup-neutron script.
Change-Id: I94c419b26ba93c67c9064fc110c8986c1ff68897
Closes-bug: #1437116
commit 766c2738ae16ebbae37f26b17e261f0112616bb5
Author: Itsuro Oda <oda at valinux.co.jp>
Date: Fri Jan 9 08:47:56 2015 +0900
Enable services on agents with admin_state_up False
Previously when admin_state_up of an agent is turned to False,
all services on it will be disabled.
This fix makes existing services on agents with admin_state_up
False keep available.
To keep current behavior available the following configuration
parameter added.
* enable_services_on_agents_with_admin_state_down
If the parameter is True, existing services on agents with admin_state_up
False keep available. No more service will be scheduled to the agent
automatically. But adding a service to the agent manually is available.
i.e. admin_state_up: False means to stop automatic scheduling under the
parameter is True.
The default of the parameter is False (current behavior).
Change-Id: Ifba606a5c1f3f07d717c7695a7a64e16238c2057
Closes-Bug: #1408488
commit a314544defd29bc95e2f012ad24028ea1aabfae8
Author: Maru Newby <marun at redhat.com>
Date: Mon Mar 23 23:18:44 2015 +0000
Simplify base test cases
Previous changes (Ifa270536481fcb19c476c9c62d89e6c5cae36ca1 and
I44251db399cd73390a9d1931a7f253662002ba10) separated out test setup
that had to import Neutron to allow the api tests to run. The api
tests previously imported Tempest, and errors would result if both
Neutron and Tempest were imported in the same test run. Now that the
api tests do not import Tempest, the base test cases can be simplified
by reversing the referenced changes.
A dependent change to neutron-fwaas removes reference to testlib
plugin: I0f2098cfd380fb6978d643cfd09bcc5cf8ddbdb9
Change-Id: Ifca5615680217818b8c5e8fc2dee5d089fbd9532
commit 6abc6399df4903881a1ee292be9f721e0252c529
Author: Ilya Sokolov <falconmain at gmail.com>
Date: Tue Dec 23 13:22:20 2014 +0000
Send only one rule in queue on rule create/delete
Now we send all labels and rules per rule create/delete
and rebuild whole iptables chains.
In this patch we send only affected rule and create/
delete only this rule from iptables.
Change-Id: I58ebd8d810c62980c09a340ee1680be17c12b74a
Closes-Bug: #1400280
commit e0ea5edc128e7191d11514868b5711c23ef23821
Author: John Schwarz <jschwarz at redhat.com>
Date: Tue Oct 14 14:09:14 2014 +0300
Add full-stack tests framework
This patch introduces the full-stack tests framework, as specified in
the blueprint. In short, this adds the neutron.tests.fullstack module,
which supports test-managed neutron daemons. Currently only
neutron-server is supported and follow-up patches will support for
multiple agents.
Implements: blueprint integration-tests
Co-Authored-By: Maru Newby <marun at redhat.com>
Change-Id: Iff24fc7cd428488e918c5f06bc7f923095760b07
commit f8d6aa9c9ad676a29ff0874b5bf5b9fb898259c7
Author: Miguel Angel Ajo <mangelajo at redhat.com>
Date: Tue Mar 24 13:07:37 2015 +0000
Stop any spawned ProcessMonitor at test cleanup
Base test class adds a cleanup fixture to stop any
spawned process monitor via unit or functional tests,
which otherwise would keep running after the tests already
finished, and execution functions go unpatched.
Without this patch unit tests will randomly fail
when we enable process monitor by default at change:
I85fe31bee30714148168a293eea29fa0a37f9701
Co-Authored-By: Maru Newby <marun at redhat.com>
Change-Id: Ide799a52391b14ff921de25788e8b0f0463fb8f8
commit fa7e7d022ef14099b3261462a4f72bde4df7d4a8
Author: armando-migliaccio <armamig at gmail.com>
Date: Thu Mar 26 11:15:19 2015 -0700
Add missing DeferredOVSBridge export
To preserve bw compat.
Change-Id: Ice23208bacfe855b6d6224604a5d4fc1550eb7e3
commit af1f99478722893ea5e68e79ea8790f7e390a631
Author: Assaf Muller <amuller at redhat.com>
Date: Tue Mar 24 19:56:37 2015 -0400
Use router state in get_ha_device_name and ha_network_added
get_ha_device_name and ha_network_added were moved from the
agent to the router class, but they're not using the router
state. Rather, they're accepting arguments that they don't
need.
Partially-Implements: bp/restructure-l3-agent
Change-Id: I9a70cbc4c45ceadd8b0a86c49ac35f0885db4997
commit 857345c9e21a044b3e2a9cd7b070e34bd75c27fd
Author: Mike Kolesnik <mkolesni at redhat.com>
Date: Thu Mar 26 15:35:05 2015 +0200
Added note about removing bridge from mappings
A bridge removed from mappings is not managed by the OVS agent anymore,
but continues to be connected to the integration bridge.
Added a note about it in the config so that deployers make sure they
don't end up in a sticky situation.
Change-Id: I8992f842046651e0f231c6bf08b65efa07056757
Related-bug: #1436267
commit 72093e26a5a61c78e046d994f114ae650efdf482
Author: Kyle Mestery <mestery at mestery.com>
Date: Thu Mar 26 12:58:08 2015 +0000
Add language around re-proposing specs for new releases
Attempt to provide guidance over how we handle specs which do not make
a release and want to be re-proposed into the next release.
Change-Id: I3820438e81fced0630c471f1e240174e63bbf062
commit 1c49571d296db07deb766149fe66756b5b4db66a
Author: Romil Gupta <romilg at hp.com>
Date: Sun Mar 22 23:38:00 2015 -0700
Follow up patch for Validate when DVR enabled, l2_pop is also enabled
Reference:
https://review.openstack.org/#/c/165311/
For a VLAN underlays, DVR does not mandate l2-pop to be turned ON.
So just checking for enable_tunneling and validating for l2-pop being
turned ON is more than sufficient.
Change-Id: I96695dc623b4ea37d3ef1384eb9ac9c1384d3da3
Closes-Bug: #1417633
commit 379243ca1af79e622623bd83b6cc5f065caabaef
Author: Ann Kamyshnikova <akamyshnikova at mirantis.com>
Date: Wed Mar 25 12:57:43 2015 +0300
Fix displaying of devref for TestModelsMigrations
One of the lists is displaying incorrectly in description of
results of output from TestModelsMigrations.
Change-Id: Ib400bb49b4189169c9e5ae1ba62e86aec4926fb1
commit bb9b0e01a4fe8df80c1917235252d721324828a5
Author: jun xie <easonxie160 at 163.com>
Date: Thu Mar 26 14:18:59 2015 +0800
Use 1/0 as booleans for DB2
DB2 stores booleans as 0 and 1. It does not recognize True/False.
Change-Id: Idaba2fa5bba259e69a1f92c531c3389b3293cf75
Closes-Bug: #1436674
commit d6f1fb67d2ee7b5d138ab952a1d6ae7673aeab77
Author: rajeev <rajeev.grover at hp.com>
Date: Fri Mar 6 10:02:30 2015 -0500
If configured, set the MTU for fpr/rfp intefaces
if network_device_mtu parameter is configured, set the MTU for
fpr and rfp interfaces to the value specified by the parameter
at the time of creation of these interfaces.
Enhanced DVR functional test to verify MTU gets
set for the fpr/rfp interfaces.
Co-Authored-By: Adolfo Duarte <adolfo.duarte at hp.com>
Closes-bug: #1429162
Change-Id: Ie41122d1f7306dfd3debbbb8dbf2ecabf716dcb8
commit 5b44f48ff384d60833c0fadcea78f35ce98d6f11
Author: Angela Smith <aallen at brocade.com>
Date: Wed Mar 4 15:59:23 2015 -0800
Add L3 router plugin shim for Brocade MLX
Change-Id: I4eba6a3fb8ce2b22e0d142643d753ee2314425b8
Closes-Bug: #1428316
commit f0d9410a8268e01369a43c5159621f3083855b5f
Author: Adelina Tuvenie <atuvenie at cloudbasesolutions.com>
Date: Tue Mar 24 11:29:17 2015 -0700
OVS agent support on Hyper-V
This patch abstracts away platform specific differences in
agent/linux/utils.py and agent/linux/polling.py in order for
OVS neutron agent to work on Hyper-V.
agent.linux.utils uses fcntl that is not available on Windows and
also uses rootwrap which is no necessary on Windows.
ovsdb_monitor.SimpleInterfaceMonitor works only on GNU/Linux because
agent.linux.async_process uses platfom specific components like the
kill command.
Unit tests have been updated accordingly
Implements blueprint: hyper-v-ovs-agent
Change-Id: I3326414335467d9dc5da03e6d1016d0e32330dd0
commit d74603cb8136bf8b9574e7197892f8f762221688
Author: Dane LeBlanc <leblancd at cisco.com>
Date: Sat Mar 14 20:54:16 2015 -0400
No IPv6 SLAAC addrs for create router intf without fixed_ips
Consider the following sequence:
- Create a neutron network
- Create multiple subnets on the network, including one or more IPv6 SLAAC
subnets
- Create a router port on the network without specifying fixed_ips
The port created in this case is incorrectly getting associated with
addresses from the SLAAC subnet(s). This patch corrects this
behavior.
Change-Id: Ic0ab2294c5487f85baade8f879946dfe738d109b
Closes-Bug: 1432270
commit 79fcf57b3757dd52cbae6cf0898d07f067ea375b
Author: Assaf Muller <amuller at redhat.com>
Date: Tue Mar 24 19:45:11 2015 -0400
Move process_ha_router_added/removed from HA agent to router
* Move process_ha_router_added/removed from ha.py to
ha_router.py, rename them initialize and terminate
* Remove _process_ha_router (Spawns/disables keepalived) from
process_router (Called when adding/updating and deleting
a router), move its content to process_router for add/update
and terminate for delete
* Rename ha_router.spawn_keepalived to enable_keepalived
(Consistent with disable_keepalived and process_manager
semantics)
Partially-Implements: bp/restructure-l3-agent
Change-Id: I1f21acdae2ae1faa2c78affaa3f1ce9056487104
commit 94951504a12735309e84f643d6d685a77bbd8f5a
Author: Martin Kletzander <mkletzan at redhat.com>
Date: Thu Mar 19 17:25:57 2015 +0100
Fix common misspellings
Wikipedia's list of common misspellings [1] has a machine-readable
version. This patch fixes those misspellings mentioned in the list
which don't have multiple right variants (as e.g. "accension", which can
be both "accession" and "ascension"), such misspellings are left
untouched. The list of changes was manually re-checked for false
positives.
[1] https://en.wikipedia.org/wiki/Wikipedia:Lists_of_common_misspellings/For_machines
Partial-Bug: #1390035
Change-Id: Ie5d86247cc4f50b6578a9b76c9c8cade35128d5a
Signed-off-by: Martin Kletzander <mkletzan at redhat.com>
commit 355ab2f31cf81575c6e1c0899526177711425428
Author: Darragh O'Reilly <darragh.oreilly at hp.com>
Date: Wed Mar 18 20:45:10 2015 +0000
Fix port status not being updated properly
This problem was introduced by hierarchical port bindings and
affected ports bound on linuxbridge hosts as that agent only
passes the first 11 chars of the port_id to the plugin.
Closes-Bug: 1433461
Change-Id: I8a3863ac1bb1c359de210c535462acbb107adf98
commit 15947d3399cff8a61750e8040c4017a2ec1e2892
Author: armando-migliaccio <armamig at gmail.com>
Date: Tue Feb 10 12:50:11 2015 -0800
Decouple L3 and service plugins during DVR router migration
This change leverages the event registry to decouple L3, VPN and FW
when checking whether a router can be converted to a DVR router.
This patch cleans the UT's too.
Depends-on: I5bfec047ec8404a6d699115a9da332988518f807
Depends-on: I6505fd11776e29895457e67806bec34d3f2c6e24
Related-blueprint: services-split
Related-blueprint: plugin-interface-perestroika
Change-Id: I6b5769a51b81b965c644d8a9a4e7d424f4f89114
commit 0a12058aab0b176eb33ebdc550df7050552b1e12
Author: Saggi Mizrahi <saggi.mizrahi at huawei.com>
Date: Wed Mar 18 15:57:41 2015 +0200
Fix minor nits in _notify_l3_agent_new_port()
- Moved string formatting to the log instead of call
- Used dict.get() instead of __getitem__(). I assume that was the
author's intent or the subsequent condition in redundant.
Change-Id: If2fa3654591607c01effc12cc1bafea38ac4945d
Signed-off-by: Saggi Mizrahi <saggi.mizrahi at huawei.com>
commit 403ac1011d2642fff3ecf433b95d71a8dd03e2ac
Author: Kobi Samoray <ksamoray at vmware.com>
Date: Tue Mar 3 11:44:18 2015 +0200
VMWare NSXv: Metadata default gateway param
Add a default gateway parameter for metadata access from remote
network.
This parameter is necessary when NSXv metadata proxy is on a different
cluster than the management VM and network, and hence requires routing.
Change-Id: I420f48ee315e4406a1a684467bcea0cb8a79f53f
Partially-Implements: blueprint vmware-nsx-v
commit 0e8f7e1712b2bd92725622568b99901e0bcda59a
Author: Kevin Benton <blak111 at gmail.com>
Date: Sat Mar 21 09:10:25 2015 -0700
Remove unnecessary 'IN vs ==' sql query branches
Removes some branches in the codebase that switch
queries depending on whether a WHERE match is against
a single criteria or multiple criteria. For multiple
options an 'IN' statement was used and for a single
option an '==' was used.
This is completely unnecessary complexity and brancing
in our codebase because the 'col IN items' statement is
just a nice syntax offered by SQL that gets converted into
'col==item1 OR col==item2 OR col==item3...' statements
under the hood. So in the case of one item, 'WHERE col IN "F"'
is the same as 'WHERE col = "F"'.
Change-Id: I8bee8c49d72958f5ae424f87c9dc98b8abe6f579
commit c1893ae8d4579840ce9bfe95fbf80aa952a1110e
Author: Roey Chen <roeyc at vmware.com>
Date: Wed Mar 18 09:29:19 2015 -0700
Fix create_security_group_rule_bulk_native to return all created rules
create_security_group_rule_bulk_native should return all of the created
security-group rules, but returns only one, this patch fix the issue and
adds a unittest to validate it.
Closes-Bug: #1434207
Change-Id: I8611c83fecf90e025b24b09fc3a371cbeebce637
commit b96a22661290ce2ea747537512eab2fb767679e6
Author: Erik Colnick <erik.colnick at hp.com>
Date: Fri Jan 23 12:16:28 2015 -0700
Improve DVR scale performance
Only process floating ips on a router that are relevant to the agent
hosting the router (don't process floating ips assigned to a router
if the associated vm is not hosted on the compute node requesting the
router sync). In this way, the number of database calls made during
the DVR router updates is optimized to eliminate unnecessary
duplication of calls which return the same data or are made to get
data for routers which are not relevant to the sync_routers request
from the agent.
Change-Id: I4e8477bb61ffff164d2f3bbebb94e95a25838ce0
Partial-Bug: #1413314
commit 88fb463b3cfcd27888c02858cb45c5c5f3bda3a6
Author: Yushiro FURUKAWA <y.furukawa_2 at jp.fujitsu.com>
Date: Tue Jan 6 17:53:54 2015 +0900
Enable to apply policies to resources with special plural
Some neutron resource with special plural form
can not apply the policy control using policy.json
when create/update/delete the resource.
Following resources can not apply the policy control
because of wrong pluralize process:
* firewall_policy
* ipsec_policy
* ikepolicy
Current pluralize process is as following:
"resource" + "s"
e.g. *_policy -> *_policys
This fix enables to apply the policy control with those resources.
*_policy -> *_policies
Change-Id: I38a55e95f653f69edd477dbbcbdd6e956c0a0e2b
Closes-Bug: 1407886
commit e5cdaf22f82f1aac429e815d72123e3333bacd5d
Author: Yushiro FURUKAWA <y.furukawa_2 at jp.fujitsu.com>
Date: Thu Feb 19 19:11:27 2015 +0900
Enable to specify context on POST requests during unittests
NeutronDbPluginV2TestCase has a method 'new_create_request'
to send 'POST' request. But, it doesn't have a argument 'context'.
So, we can not execute create-test as a tenant-user(NOT admin user)
e.g. FWaaS resources can not test with the context in creating.
This fix enables to specify 'context' when executing new_create_request.
Closes-Bug: #1423470
Related-Bug: #1408236
Change-Id: Id8dc8cff87ca658e86c192b8da047f0c62989a4e
commit 5dccff1cb3367f88b7a7851988b19caad313b036
Author: YAMAMOTO Takashi <yamamoto at valinux.co.jp>
Date: Wed Mar 18 11:07:09 2015 +0900
Fix DBDuplicateError handling in _ensure_default_security_group
The coding in change-id Ibb0597d4db187c856f9ac1d9700701e0165c3c73
catches and ignores DBDuplicateError in a nested transaction.
It would cause another exception, InvalidRequestError, on the
next operation. ("This Session's transaction has been rolled back")
This commit fixes it.
Also, tweak a test case to expose the error.
Closes-Bug: #1433418
Related-Bug: #1419723
Change-Id: Ie4de271c0512fb2ecc6ed6842ad20386e3785a9c
commit dca76ab40976241cd48417f91eaed8d74a31693f
Author: Ivar Lazzaro <ivarlazzaro at gmail.com>
Date: Mon Mar 2 10:56:36 2015 -0800
Missing entry points for cisco apic topology agents
Change-Id: I75eb481bac67436299b4ea3ac6bca6ea1a7dd4d6
Closes-Bug: 1427343
commit 3d1d08e0085d45c61fd19e4d1dcedda386f040f8
Author: watanabe.isao <zou.yun at jp.fujitsu.com>
Date: Thu Jan 8 11:15:44 2015 +0900
Validate string length at API level
Add validation of string field.
The the length of API validation matches max length of DB entries,
which is 255.
[Before fix]
DB returns 500 internal DB Error.
[After fix]
Neutron returns 400 Bad Request Error
(e.g. "XXX" exceeds maximum length of 255).
APIImpact
Change-Id: Ide98f347da563c5df10daca00491027a1b78523b
Closes-Bug: 1408230
commit 9436cbdfb2c0d113517bc6108ded7d0397a096cb
Author: Isaku Yamahata <isaku.yamahata at intel.com>
Date: Fri Oct 17 15:35:44 2014 +0900
ml2: remove stale _filter_nets_l3 in get_networks
The commit of 0156ec175cc047826b211727d43d5d14a3e1f2d2
change-id of I47e01a11afaf6e6bcf06da7bd713fd39b05600ff
which fixes bug 1132849 removed the call of _filter_nets_l3 methods.
But somehow the fix missed ml2 plugin.
This patch fixes ml2 plugin and removes the unused mothod.
Change-Id: I4d13223c170fd6777773970e0d22a191b98dd5ee
Closes-Bug: #1382360
More information about the Openstack-security
mailing list