The endpoints 'network_driver_program_external_connectivity'
and 'network_driver_revoke_external_connectivity' will dynamically
create security group and security group rules to open the ports
exposed by the docker container. However, such processing invokes
too much neutron API calls thus significantly slowing down the
container start/stop. However, such processing is not mandatory
because users can manually configure the SGs to achieve the
equivalent.
This patch make the processing of exposed ports configurable.
As a result, it can be disabled if users want a better performance.
Change-Id: I6d6d176512e6b30bb7372408aec1a7bac12335ab
`tag` and `tag-ext` Neutron extensions are deprecated and scheduled for
removal in Rocky. Those are replaced by `standard-attr-tag` extensions
and this commit implements its support in kuryr-libnetwork.
Change-Id: I295a5b84eb7fa3439561fa009b7499f94d8df4d2
Closes-Bug: 1756305
if port with device_id has been created by user,
kuryr should not release it.
Change-Id: Ia6c8d673b29fea653c034684e846d8104d570d2d
Closes-bug: #1753357
* Introduce a new config 'enabled_port_drivers'. This config allows
operators to specify multiple port drivers to enable. This enables
Kuryr to dynamically choose from a list of port drivers (Veth or
SRIOV).
* Introduce a new SRIOV port driver for performing SRIOV port binding
* Choose port driver according to the type of the port. If the neutron
port has SRIOV vnic type, choose the SRIOV port driver. Otherwise,
choose the normal port driver (i.e. veth).
* To use this feature, users are supposed to pre-create a SRIOV port
and have the binding:profile populated. Furthermore, users should
pass the SRIOV port to Kuryr (i.e. using --mac-address <port_mac>
and/or --ip <port_ip> on 'docker run') so that Kuryr will choose
the right driver.
Implements: blueprint sriov-support
Change-Id: I0d6552ce4a2c50edb164aff3de802e6239671c2c
Right now, we use libnetwork endpoint ID as the device_id of
neutron port. However, if the neutron port is pre-created by users,
users might want to customize the value of device_id. A use case is
to set the device_id as the ID of the container so that users can
list ports belonging to a specific container.
This patch proposes to perserve the device_id of existing neutron
ports if the device_id is not empty.
Change-Id: I9cdfdb0b0db6bf9ab0983144a0d7f0dc5ecbd05f
Change generic KuryrException to the specfic one - ConflictConfigOption
Depends-On: I448cf979fb87de7fe57325cca579b47b43c37f36
Change-Id: I90a961d5b9dc825a4ea933a69ded1c8b57ade7e9
Subnetpools related to the shared neutron network should be shared
as well.
Change-Id: I7a0907a6af91b27c4dcc2b543346814182e94ddb
Needed-By: I9e84acc294ac891f3d4e65866dd2cf415309ed01
Implements: blueprint shared-kuryr-subnetpool
We have debug statement for request data which is helpful. It is
even better to have debug statement for response data as well.
Change-Id: Id92df0c18259c4c829ffbd15878458c685353721
Kuryr currently supports running container with existing neutron
port with matched IP address(es). This patch adds support for
searching existing neutron port with matching MAC address as
alternative.
End-users have two options to pass existing neutron port to kuryr:
* Use --ip and/or --ip6 to specify the IP address(es) of the
existing neutron port
* Use --mac-address to specify the MAC address of the existing port.
If both IP and MAC address are specified, kuryr will search with IP
first, then search with MAC. If both searches are missed, kuryr
will create a new port with the specified IP and MAC address.
Implements: blueprint existing-port-by-mac
Change-Id: I1bca7d25aa951d218e579e160a4f18b00b7c14f6
Currently, we rely on user-provided cidr to select the subnet from which the
port creates. This approach has some limitations, i.e. overlapping cidr. This
BP proposes to introduce driver-specific options (e.g. neutron.subnet.uuid) to
allow users to specify a specific subnet. To identify the right subnetpools
has the same prefixes. The approach is to use tagging, tag subnetpool with the
uuid of the specified subnet.
For e.x - Need both ipam-option *and* option:
docker network create ... --ipam-opt neutron.subnet.uuid=xxx -o
neutron.subnet.uuid=xxx (User can pass neutron.subnet.name also)
Change-Id: I01223e9c7668ba083a90d86e007cc5ff16af84e3
Implement: blueprint existing-subnet
New os-testr uses stestr under the hood, which creates .stestr but not
.testrepository directory in the current dir. Other than that, it
doesn't seem like there is any difference in the format or names of
files generated in the directory.
Change-Id: Iead2b550fc2c3accf25e450db0eb0a56603fc571
Closes-Bug: #1716746
Change kuryr config file dir from /etc/kuryr to /etc/kuryr-libnetwork.
This is because the gate expects the location as /etc/<project-name>.
If the location is wrong, the config files won't be copied over
at the end of the gate.
Change-Id: Icce77b8cfb2885e7e8a625913773dbc97d223876
In before, the existing net tag is static. This doesn't work well
if there are two docker network creating from the same neutron net.
In this senario, each docker network will tag the neutron net on
creation and untag the neutron net on deletion. Neutron net will
be tag/untag multiple times with the same value which leads to bugs.
This commit enhance the existing net tag. It makes each tag unique
by appending the first 12 chars of the docker network id. If there
are two docker networks, they will have a different tag. Each tag
will be cleanup on the deletion of its corresponsing network.
Change-Id: I4fe8a7e13832202dae026b0b4df788f95c41de3c
Closes-Bug: #1695682
Fixed network ID schema to allow new network ID pattern, [0-9a-z]{25},
used in Docker Swarm mode.
Change-Id: I047a575852c580b43a2881f905e3831dc68d1fa3
Closes-Bug: 1706527
This commit removes almost all the pep8 rules from ignore list. Most of
these rules only required minor changes or were redundant and could be
enabled without any changes.
The only rule exclusion left active is E128 to keep the commit small
enough.
Change-Id: Iec4f00cff9e023515082caae525207054341b94b
The pypi package 'docker-py' [1] has been renamed to 'docker' [2].
We need to move to the new 'docker' package in order to leverage
the up-to-date features.
[1] https://pypi.python.org/pypi/docker-py
[2] https://pypi.python.org/pypi/docker
Change-Id: I0a6fdb905016ff064d90b3170c3bcf90311aaaad
For ipam_request_pool, if users specify an existing pool, check
if the cidr of requested pool matches the requested cidr. If
unmached, create a new subnetpool and return the ID of the new
subnetpool instead of the ID of the existing pool. The rational
is that ipam_request_address searches neutron subnet with
matched cidr of the pool. An unmatched cidr will lead to failure
on requesting address for the container.
Change-Id: Ic9d9c7dc93c9d8a1861e777e9200fa9a16a404e7
Closes-Bug: #1695678
recent discussions on the ML have led to the decision to eliminate all
translations for messages that are destined for log files but retain
them for messages that are going to be returned as exceptions and
potentially shown to end users via an API. see [1], [2].
This change does that as follows.
1. If a string is being used to generate an exception, it will still be translated.
Still kuryr_libnetwork used _LE, _LW, _LI for these translations
2. If a string is used for a logging message, remove the use of _LE, _LW, _LI.
[1] http://lists.openstack.org/pipermail/openstack-operators/2017-March/012887.html
[2] http://lists.openstack.org/pipermail/openstack-dev/2017-March/113365.html
Change-Id: Ic2efcea9a1e2e785a8678c86a0b1209d68bb2a1c
Kuryr-libentwork missed AllocateNetwork and FreeNetwork.
This two apis also missed in libnetwork document:
https://github.com/docker/libnetwork/issues/1699
Change-Id: Ic84ecb65ed9b801c70e90d519965e1316ac4ca72
Closes-Bug: #1677299
Partially-Implements: BP docker-v2plugin
Previous code test for release_address in existing Neutron
network, this patch add from Kuryr side.
Change-Id: I174c68c7dd34fa96d90b6c2ddb3ba5af4438d953