Remove Neutron LBaaS
Neutron-LBaaS has now been retired and there will be no Train release[1]. This patch removes neutron-lbaas references from neutron. [1] https://review.opendev.org/658494 Closes-Bug: #1833125 Change-Id: I0fe3fbaf4adf7fb104632fd94cd093e701e12289
This commit is contained in:
parent
090ede21b0
commit
d1d0a04c37
doc/source
admin
contributor
install
neutron
agent/linux
cmd
conf
db
hacking
pecan_wsgi/controllers
plugins/common
tests/unit
releasenotes/notes
@ -5,8 +5,8 @@ Configure neutron agents
|
|||||||
Plug-ins typically have requirements for particular software that must
|
Plug-ins typically have requirements for particular software that must
|
||||||
be run on each node that handles data packets. This includes any node
|
be run on each node that handles data packets. This includes any node
|
||||||
that runs nova-compute and nodes that run dedicated OpenStack Networking
|
that runs nova-compute and nodes that run dedicated OpenStack Networking
|
||||||
service agents such as ``neutron-dhcp-agent``, ``neutron-l3-agent``,
|
service agents such as ``neutron-dhcp-agent``, ``neutron-l3-agent`` or
|
||||||
``neutron-metering-agent`` or ``neutron-lbaasv2-agent``.
|
``neutron-metering-agent``.
|
||||||
|
|
||||||
A data-forwarding node typically has a network interface with an IP
|
A data-forwarding node typically has a network interface with an IP
|
||||||
address on the management network and another interface on the data
|
address on the management network and another interface on the data
|
||||||
@ -46,7 +46,7 @@ agent on each node.
|
|||||||
#. Use the NSX Administrator Guide to add the node as a Hypervisor
|
#. Use the NSX Administrator Guide to add the node as a Hypervisor
|
||||||
by using the NSX Manager GUI. Even if your forwarding node has no
|
by using the NSX Manager GUI. Even if your forwarding node has no
|
||||||
VMs and is only used for services agents like ``neutron-dhcp-agent``
|
VMs and is only used for services agents like ``neutron-dhcp-agent``
|
||||||
or ``neutron-lbaas-agent``, it should still be added to NSX as a
|
, it should still be added to NSX as a
|
||||||
Hypervisor.
|
Hypervisor.
|
||||||
|
|
||||||
#. After following the NSX Administrator Guide, use the page for this
|
#. After following the NSX Administrator Guide, use the page for this
|
||||||
@ -348,76 +348,6 @@ The Neutron Metering agent resides beside neutron-l3-agent.
|
|||||||
|
|
||||||
service_plugins = router,metering
|
service_plugins = router,metering
|
||||||
|
|
||||||
Configure Load-Balancer-as-a-Service (LBaaS v2)
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
.. warning::
|
|
||||||
Neutron-lbaas is deprecated as of Queens. Load-Balancer-as-a-Service
|
|
||||||
(LBaaS v2) is now provided by the `Octavia project
|
|
||||||
<https://docs.openstack.org/octavia/latest/>`_. Please see the FAQ:
|
|
||||||
https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation
|
|
||||||
|
|
||||||
For the back end, use either ``Octavia`` or ``HAProxy``.
|
|
||||||
This example uses Octavia.
|
|
||||||
|
|
||||||
**To configure LBaaS V2**
|
|
||||||
|
|
||||||
#. Install Octavia using your distribution's package manager.
|
|
||||||
|
|
||||||
|
|
||||||
#. Edit the ``/etc/neutron/neutron_lbaas.conf`` file and change
|
|
||||||
the ``service_provider`` parameter to enable Octavia:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
|
||||||
|
|
||||||
service_provider = LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default
|
|
||||||
|
|
||||||
|
|
||||||
#. Edit the ``/etc/neutron/neutron.conf`` file and add the
|
|
||||||
``service_plugins`` parameter to enable the load-balancing plug-in:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
|
||||||
|
|
||||||
service_plugins = neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
|
|
||||||
|
|
||||||
If this option is already defined, add the load-balancing plug-in to
|
|
||||||
the list using a comma as a separator. For example:
|
|
||||||
|
|
||||||
.. code-block:: ini
|
|
||||||
|
|
||||||
service_plugins = [already defined plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#. Create the required tables in the database:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
# neutron-db-manage --subproject neutron-lbaas upgrade head
|
|
||||||
|
|
||||||
#. Restart the ``neutron-server`` service.
|
|
||||||
|
|
||||||
|
|
||||||
#. Enable load balancing in the Project section of the dashboard.
|
|
||||||
|
|
||||||
.. warning::
|
|
||||||
|
|
||||||
Horizon panels are enabled only for LBaaSV1. LBaaSV2 panels are still
|
|
||||||
being developed.
|
|
||||||
|
|
||||||
By default, the ``enable_lb`` option is ``True`` in the `local_settings.py`
|
|
||||||
file.
|
|
||||||
|
|
||||||
.. code-block:: python
|
|
||||||
|
|
||||||
OPENSTACK_NEUTRON_NETWORK = {
|
|
||||||
'enable_lb': True,
|
|
||||||
...
|
|
||||||
}
|
|
||||||
|
|
||||||
Apply the settings by restarting the web server. You can now view the
|
|
||||||
Load Balancer management options in the Project view in the dashboard.
|
|
||||||
|
|
||||||
Configure Hyper-V L2 agent
|
Configure Hyper-V L2 agent
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
@ -7,8 +7,7 @@ you define network connectivity and addressing in the cloud. The
|
|||||||
Networking service enables operators to leverage different networking
|
Networking service enables operators to leverage different networking
|
||||||
technologies to power their cloud networking. The Networking service
|
technologies to power their cloud networking. The Networking service
|
||||||
also provides an API to configure and manage a variety of network
|
also provides an API to configure and manage a variety of network
|
||||||
services ranging from L3 forwarding and NAT to load balancing, edge
|
services ranging from L3 forwarding and NAT to edge firewalls, and IPsec VPN.
|
||||||
firewalls, and IPsec VPN.
|
|
||||||
|
|
||||||
For a detailed description of the Networking API abstractions and their
|
For a detailed description of the Networking API abstractions and their
|
||||||
attributes, see the `OpenStack Networking API v2.0
|
attributes, see the `OpenStack Networking API v2.0
|
||||||
@ -105,60 +104,6 @@ Set these options to configure SSL:
|
|||||||
``backlog = 4096``
|
``backlog = 4096``
|
||||||
Number of backlog requests with which to configure the socket.
|
Number of backlog requests with which to configure the socket.
|
||||||
|
|
||||||
Load-Balancer-as-a-Service (LBaaS) overview
|
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
.. warning::
|
|
||||||
Neutron-lbaas is deprecated as of Queens. Load-Balancer-as-a-Service
|
|
||||||
(LBaaS v2) is now provided by the `Octavia project
|
|
||||||
<https://docs.openstack.org/octavia/latest/>`_. Please see the FAQ:
|
|
||||||
https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation
|
|
||||||
|
|
||||||
Load-Balancer-as-a-Service (LBaaS) enables Networking to distribute
|
|
||||||
incoming requests evenly among designated instances. This distribution
|
|
||||||
ensures that the workload is shared predictably among instances and
|
|
||||||
enables more effective use of system resources. Use one of these load
|
|
||||||
balancing methods to distribute incoming requests:
|
|
||||||
|
|
||||||
Round robin
|
|
||||||
Rotates requests evenly between multiple instances.
|
|
||||||
|
|
||||||
Source IP
|
|
||||||
Requests from a unique source IP address are consistently directed
|
|
||||||
to the same instance.
|
|
||||||
|
|
||||||
Least connections
|
|
||||||
Allocates requests to the instance with the least number of active
|
|
||||||
connections.
|
|
||||||
|
|
||||||
+-------------------------+---------------------------------------------------+
|
|
||||||
| Feature | Description |
|
|
||||||
+=========================+===================================================+
|
|
||||||
| **Monitors** | LBaaS provides availability monitoring with the |
|
|
||||||
| | ``ping``, TCP, HTTP and HTTPS GET methods. |
|
|
||||||
| | Monitors are implemented to determine whether |
|
|
||||||
| | pool members are available to handle requests. |
|
|
||||||
+-------------------------+---------------------------------------------------+
|
|
||||||
| **Management** | LBaaS is managed using a variety of tool sets. |
|
|
||||||
| | The REST API is available for programmatic |
|
|
||||||
| | administration and scripting. Users perform |
|
|
||||||
| | administrative management of load balancers |
|
|
||||||
| | through either the CLI (``neutron``) or the |
|
|
||||||
| | OpenStack Dashboard. |
|
|
||||||
+-------------------------+---------------------------------------------------+
|
|
||||||
| **Connection limits** | Ingress traffic can be shaped with *connection |
|
|
||||||
| | limits*. This feature allows workload control, |
|
|
||||||
| | and can also assist with mitigating DoS (Denial |
|
|
||||||
| | of Service) attacks. |
|
|
||||||
+-------------------------+---------------------------------------------------+
|
|
||||||
| **Session persistence** | LBaaS supports session persistence by ensuring |
|
|
||||||
| | incoming requests are routed to the same instance |
|
|
||||||
| | within a pool of multiple instances. LBaaS |
|
|
||||||
| | supports routing decisions based on cookies and |
|
|
||||||
| | source IP address. |
|
|
||||||
+-------------------------+---------------------------------------------------+
|
|
||||||
|
|
||||||
|
|
||||||
Firewall-as-a-Service (FWaaS) overview
|
Firewall-as-a-Service (FWaaS) overview
|
||||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
@ -1,501 +0,0 @@
|
|||||||
.. _config-lbaas:
|
|
||||||
|
|
||||||
==================================
|
|
||||||
Load Balancer as a Service (LBaaS)
|
|
||||||
==================================
|
|
||||||
|
|
||||||
.. warning::
|
|
||||||
Neutron-lbaas is deprecated as of Queens. Load-Balancer-as-a-Service
|
|
||||||
(LBaaS v2) is now provided by the `Octavia project
|
|
||||||
<https://docs.openstack.org/octavia/latest/>`_. Please see the FAQ:
|
|
||||||
https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation
|
|
||||||
|
|
||||||
The Networking service offers a load balancer feature called "LBaaS v2"
|
|
||||||
through the ``neutron-lbaas`` service plug-in.
|
|
||||||
|
|
||||||
LBaaS v2 adds the concept of listeners to the LBaaS v1 load balancers.
|
|
||||||
LBaaS v2 allows you to configure multiple listener ports on a single load
|
|
||||||
balancer IP address.
|
|
||||||
|
|
||||||
There are two reference implementations of LBaaS v2.
|
|
||||||
The one is an agent based implementation with HAProxy.
|
|
||||||
The agents handle the HAProxy configuration and manage the HAProxy daemon.
|
|
||||||
Another LBaaS v2 implementation, `Octavia
|
|
||||||
<https://docs.openstack.org/octavia/latest/>`_, has a separate API and
|
|
||||||
separate worker processes that build load balancers within virtual machines on
|
|
||||||
hypervisors that are managed by the Compute service. You do not need an agent
|
|
||||||
for Octavia.
|
|
||||||
|
|
||||||
.. warning::
|
|
||||||
|
|
||||||
Currently, no migration path exists between v1 and v2 load balancers. If you
|
|
||||||
choose to switch from v1 to v2, you must recreate all load balancers, pools,
|
|
||||||
and health monitors.
|
|
||||||
|
|
||||||
.. TODO(amotoki): Data mirgation from v1 to v2 is provided in Newton release,
|
|
||||||
but its usage is not documented enough. It should be added here.
|
|
||||||
|
|
||||||
LBaaS v2 Concepts
|
|
||||||
~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
LBaaS v2 has several new concepts to understand:
|
|
||||||
|
|
||||||
.. image:: figures/lbaasv2-diagram.png
|
|
||||||
:alt: LBaaS v2 layout
|
|
||||||
|
|
||||||
Load balancer
|
|
||||||
The load balancer occupies a neutron network port and has an IP address
|
|
||||||
assigned from a subnet.
|
|
||||||
|
|
||||||
Listener
|
|
||||||
Load balancers can listen for requests on multiple ports. Each one of those
|
|
||||||
ports is specified by a listener.
|
|
||||||
|
|
||||||
Pool
|
|
||||||
A pool holds a list of members that serve content through the load balancer.
|
|
||||||
|
|
||||||
Member
|
|
||||||
Members are servers that serve traffic behind a load balancer. Each member
|
|
||||||
is specified by the IP address and port that it uses to serve traffic.
|
|
||||||
|
|
||||||
Health monitor
|
|
||||||
Members may go offline from time to time and health monitors divert traffic
|
|
||||||
away from members that are not responding properly. Health monitors are
|
|
||||||
associated with pools.
|
|
||||||
|
|
||||||
LBaaS v2 has multiple implementations via different service plug-ins. The two
|
|
||||||
most common implementations use either an agent or the Octavia services. Both
|
|
||||||
implementations use the `LBaaS v2 API <https://docs.openstack.org/api-ref/network/v2/#lbaas-2-0-stable>`_.
|
|
||||||
|
|
||||||
Configurations
|
|
||||||
~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
Configuring LBaaS v2 with an agent
|
|
||||||
----------------------------------
|
|
||||||
|
|
||||||
#. Add the LBaaS v2 service plug-in to the ``service_plugins`` configuration
|
|
||||||
directive in ``/etc/neutron/neutron.conf``. The plug-in list is
|
|
||||||
comma-separated:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
service_plugins = [existing service plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
|
|
||||||
|
|
||||||
#. Add the LBaaS v2 service provider to the ``service_provider`` configuration
|
|
||||||
directive within the ``[service_providers]`` section in
|
|
||||||
``/etc/neutron/neutron_lbaas.conf``:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
service_provider = LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
|
|
||||||
|
|
||||||
If you have existing service providers for other networking service
|
|
||||||
plug-ins, such as VPNaaS or FWaaS, add the ``service_provider`` line shown
|
|
||||||
above in the ``[service_providers]`` section as a separate line. These
|
|
||||||
configuration directives are repeatable and are not comma-separated.
|
|
||||||
|
|
||||||
#. Select the driver that manages virtual interfaces in
|
|
||||||
``/etc/neutron/lbaas_agent.ini``:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
[DEFAULT]
|
|
||||||
device_driver = neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver
|
|
||||||
interface_driver = INTERFACE_DRIVER
|
|
||||||
[haproxy]
|
|
||||||
user_group = haproxy
|
|
||||||
|
|
||||||
Replace ``INTERFACE_DRIVER`` with the interface driver that the layer-2
|
|
||||||
agent in your environment uses. For example, ``openvswitch`` for Open
|
|
||||||
vSwitch or ``linuxbridge`` for Linux bridge.
|
|
||||||
|
|
||||||
#. Run the ``neutron-lbaas`` database migration:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
neutron-db-manage --subproject neutron-lbaas upgrade head
|
|
||||||
|
|
||||||
#. If you have deployed LBaaS v1, **stop the LBaaS v1 agent now**. The v1 and
|
|
||||||
v2 agents **cannot** run simultaneously.
|
|
||||||
|
|
||||||
#. Start the LBaaS v2 agent:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
neutron-lbaasv2-agent \
|
|
||||||
--config-file /etc/neutron/neutron.conf \
|
|
||||||
--config-file /etc/neutron/lbaas_agent.ini
|
|
||||||
|
|
||||||
#. Restart the Network service to activate the new configuration. You are now
|
|
||||||
ready to create load balancers with the LBaaS v2 agent.
|
|
||||||
|
|
||||||
Configuring LBaaS v2 with Octavia
|
|
||||||
---------------------------------
|
|
||||||
|
|
||||||
Octavia provides additional capabilities for load balancers, including using a
|
|
||||||
compute driver to build instances that operate as load balancers.
|
|
||||||
The `Hands on Lab - Install and Configure OpenStack Octavia
|
|
||||||
<https://www.openstack.org/summit/tokyo-2015/videos/presentation/rsvp-required-hands-on-lab-install-and-configure-openstack-octavia>`_
|
|
||||||
session at the OpenStack Summit in Tokyo provides an overview of Octavia.
|
|
||||||
|
|
||||||
The DevStack documentation offers a `simple method to deploy Octavia
|
|
||||||
<https://docs.openstack.org/devstack/latest/guides/devstack-with-lbaas-v2.html>`_
|
|
||||||
and test the service with redundant load balancer instances. If you already
|
|
||||||
have Octavia installed and configured within your environment, you can
|
|
||||||
configure the Network service to use Octavia:
|
|
||||||
|
|
||||||
#. Add the LBaaS v2 service plug-in to the ``service_plugins`` configuration
|
|
||||||
directive in ``/etc/neutron/neutron.conf``. The plug-in list is
|
|
||||||
comma-separated:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
service_plugins = [existing service plugins],neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2
|
|
||||||
|
|
||||||
#. Add the Octavia service provider to the ``service_provider`` configuration
|
|
||||||
directive within the ``[service_providers]`` section in
|
|
||||||
``/etc/neutron/neutron_lbaas.conf``:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
service_provider = LOADBALANCERV2:Octavia:neutron_lbaas.drivers.octavia.driver.OctaviaDriver:default
|
|
||||||
|
|
||||||
Ensure that the LBaaS v1 and v2 service providers are removed from the
|
|
||||||
``[service_providers]`` section. They are not used with Octavia. **Verify
|
|
||||||
that all LBaaS agents are stopped.**
|
|
||||||
|
|
||||||
#. Restart the Network service to activate the new configuration. You are now
|
|
||||||
ready to create and manage load balancers with Octavia.
|
|
||||||
|
|
||||||
Add LBaaS panels to Dashboard
|
|
||||||
-----------------------------
|
|
||||||
|
|
||||||
The Dashboard panels for managing LBaaS v2 are available starting with the
|
|
||||||
Mitaka release.
|
|
||||||
|
|
||||||
#. Clone the `neutron-lbaas-dashboard repository
|
|
||||||
<https://opendev.org/openstack/neutron-lbaas-dashboard/>`__
|
|
||||||
and check out the release
|
|
||||||
branch that matches the installed version of Dashboard:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ git clone https://opendev.org/openstack/neutron-lbaas-dashboard
|
|
||||||
$ cd neutron-lbaas-dashboard
|
|
||||||
$ git checkout OPENSTACK_RELEASE
|
|
||||||
|
|
||||||
#. Install the Dashboard panel plug-in:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ python setup.py install
|
|
||||||
|
|
||||||
#. Copy the ``_1481_project_ng_loadbalancersv2_panel.py`` file from the
|
|
||||||
``neutron-lbaas-dashboard/enabled`` directory into the Dashboard
|
|
||||||
``openstack_dashboard/local/enabled`` directory.
|
|
||||||
|
|
||||||
This step ensures that Dashboard can find the plug-in when it enumerates
|
|
||||||
all of its available panels.
|
|
||||||
|
|
||||||
#. Enable the plug-in in Dashboard by editing the ``local_settings.py`` file
|
|
||||||
and setting ``enable_lb`` to ``True`` in the ``OPENSTACK_NEUTRON_NETWORK``
|
|
||||||
dictionary.
|
|
||||||
|
|
||||||
#. If Dashboard is configured to compress static files for better performance
|
|
||||||
(usually set through ``COMPRESS_OFFLINE`` in ``local_settings.py``),
|
|
||||||
optimize the static files again:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ ./manage.py collectstatic
|
|
||||||
$ ./manage.py compress
|
|
||||||
|
|
||||||
#. Restart Apache to activate the new panel:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ sudo service apache2 restart
|
|
||||||
|
|
||||||
To find the panel, click on :guilabel:`Project` in Dashboard, then click the
|
|
||||||
:guilabel:`Network` drop-down menu and select :guilabel:`Load Balancers`.
|
|
||||||
|
|
||||||
LBaaS v2 operations
|
|
||||||
~~~~~~~~~~~~~~~~~~~
|
|
||||||
|
|
||||||
The same neutron commands are used for LBaaS v2 with an agent or with Octavia.
|
|
||||||
|
|
||||||
Building an LBaaS v2 load balancer
|
|
||||||
----------------------------------
|
|
||||||
|
|
||||||
#. Start by creating a load balancer on a network. In this example, the
|
|
||||||
``private`` network is an isolated network with two web server instances:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-loadbalancer-create --name test-lb private-subnet
|
|
||||||
|
|
||||||
#. You can view the load balancer status and IP address with the
|
|
||||||
:command:`neutron lbaas-loadbalancer-show` command:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-loadbalancer-show test-lb
|
|
||||||
+---------------------+------------------------------------------------+
|
|
||||||
| Field | Value |
|
|
||||||
+---------------------+------------------------------------------------+
|
|
||||||
| admin_state_up | True |
|
|
||||||
| description | |
|
|
||||||
| id | 7780f9dd-e5dd-43a9-af81-0d2d1bd9c386 |
|
|
||||||
| listeners | {"id": "23442d6a-4d82-40ee-8d08-243750dbc191"} |
|
|
||||||
| | {"id": "7e0d084d-6d67-47e6-9f77-0115e6cf9ba8"} |
|
|
||||||
| name | test-lb |
|
|
||||||
| operating_status | ONLINE |
|
|
||||||
| provider | octavia |
|
|
||||||
| provisioning_status | ACTIVE |
|
|
||||||
| tenant_id | fbfce4cb346c4f9097a977c54904cafd |
|
|
||||||
| vip_address | 192.0.2.22 |
|
|
||||||
| vip_port_id | 9f8f8a75-a731-4a34-b622-864907e1d556 |
|
|
||||||
| vip_subnet_id | f1e7827d-1bfe-40b6-b8f0-2d9fd946f59b |
|
|
||||||
+---------------------+------------------------------------------------+
|
|
||||||
|
|
||||||
#. Update the security group to allow traffic to reach the new load balancer.
|
|
||||||
Create a new security group along with ingress rules to allow traffic into
|
|
||||||
the new load balancer. The neutron port for the load balancer is shown as
|
|
||||||
``vip_port_id`` above.
|
|
||||||
|
|
||||||
Create a security group and rules to allow TCP port 80, TCP port 443, and
|
|
||||||
all ICMP traffic:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron security-group-create lbaas
|
|
||||||
$ neutron security-group-rule-create \
|
|
||||||
--direction ingress \
|
|
||||||
--protocol tcp \
|
|
||||||
--port-range-min 80 \
|
|
||||||
--port-range-max 80 \
|
|
||||||
--remote-ip-prefix 0.0.0.0/0 \
|
|
||||||
lbaas
|
|
||||||
$ neutron security-group-rule-create \
|
|
||||||
--direction ingress \
|
|
||||||
--protocol tcp \
|
|
||||||
--port-range-min 443 \
|
|
||||||
--port-range-max 443 \
|
|
||||||
--remote-ip-prefix 0.0.0.0/0 \
|
|
||||||
lbaas
|
|
||||||
$ neutron security-group-rule-create \
|
|
||||||
--direction ingress \
|
|
||||||
--protocol icmp \
|
|
||||||
lbaas
|
|
||||||
|
|
||||||
Apply the security group to the load balancer's network port using
|
|
||||||
``vip_port_id`` from the :command:`neutron lbaas-loadbalancer-show`
|
|
||||||
command:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron port-update \
|
|
||||||
--security-group lbaas \
|
|
||||||
9f8f8a75-a731-4a34-b622-864907e1d556
|
|
||||||
|
|
||||||
Adding an HTTP listener
|
|
||||||
-----------------------
|
|
||||||
|
|
||||||
#. With the load balancer online, you can add a listener for plaintext
|
|
||||||
HTTP traffic on port 80:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-listener-create \
|
|
||||||
--name test-lb-http \
|
|
||||||
--loadbalancer test-lb \
|
|
||||||
--protocol HTTP \
|
|
||||||
--protocol-port 80
|
|
||||||
|
|
||||||
This load balancer is active and ready to serve traffic on ``192.0.2.22``.
|
|
||||||
|
|
||||||
#. Verify that the load balancer is responding to pings before moving further:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ ping -c 4 192.0.2.22
|
|
||||||
PING 192.0.2.22 (192.0.2.22) 56(84) bytes of data.
|
|
||||||
64 bytes from 192.0.2.22: icmp_seq=1 ttl=62 time=0.410 ms
|
|
||||||
64 bytes from 192.0.2.22: icmp_seq=2 ttl=62 time=0.407 ms
|
|
||||||
64 bytes from 192.0.2.22: icmp_seq=3 ttl=62 time=0.396 ms
|
|
||||||
64 bytes from 192.0.2.22: icmp_seq=4 ttl=62 time=0.397 ms
|
|
||||||
|
|
||||||
--- 192.0.2.22 ping statistics ---
|
|
||||||
4 packets transmitted, 4 received, 0% packet loss, time 2997ms
|
|
||||||
rtt min/avg/max/mdev = 0.396/0.402/0.410/0.020 ms
|
|
||||||
|
|
||||||
|
|
||||||
#. You can begin building a pool and adding members to the pool to serve HTTP
|
|
||||||
content on port 80. For this example, the web servers are ``192.0.2.16``
|
|
||||||
and ``192.0.2.17``:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-pool-create \
|
|
||||||
--name test-lb-pool-http \
|
|
||||||
--lb-algorithm ROUND_ROBIN \
|
|
||||||
--listener test-lb-http \
|
|
||||||
--protocol HTTP
|
|
||||||
$ neutron lbaas-member-create \
|
|
||||||
--name test-lb-http-member-1 \
|
|
||||||
--subnet private-subnet \
|
|
||||||
--address 192.0.2.16 \
|
|
||||||
--protocol-port 80 \
|
|
||||||
test-lb-pool-http
|
|
||||||
$ neutron lbaas-member-create \
|
|
||||||
--name test-lb-http-member-2 \
|
|
||||||
--subnet private-subnet \
|
|
||||||
--address 192.0.2.17 \
|
|
||||||
--protocol-port 80 \
|
|
||||||
test-lb-pool-http
|
|
||||||
|
|
||||||
#. You can use ``curl`` to verify connectivity through the load balancers to
|
|
||||||
your web servers:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ curl 192.0.2.22
|
|
||||||
web2
|
|
||||||
$ curl 192.0.2.22
|
|
||||||
web1
|
|
||||||
$ curl 192.0.2.22
|
|
||||||
web2
|
|
||||||
$ curl 192.0.2.22
|
|
||||||
web1
|
|
||||||
|
|
||||||
In this example, the load balancer uses the round robin algorithm and the
|
|
||||||
traffic alternates between the web servers on the backend.
|
|
||||||
|
|
||||||
#. You can add a health monitor so that unresponsive servers are removed
|
|
||||||
from the pool:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-healthmonitor-create \
|
|
||||||
--name test-lb-http-monitor \
|
|
||||||
--delay 5 \
|
|
||||||
--max-retries 2 \
|
|
||||||
--timeout 10 \
|
|
||||||
--type HTTP \
|
|
||||||
--pool test-lb-pool-http
|
|
||||||
|
|
||||||
In this example, the health monitor removes the server from the pool if
|
|
||||||
it fails a health check at two five-second intervals. When the server
|
|
||||||
recovers and begins responding to health checks again, it is added to
|
|
||||||
the pool once again.
|
|
||||||
|
|
||||||
Adding an HTTPS listener
|
|
||||||
------------------------
|
|
||||||
|
|
||||||
You can add another listener on port 443 for HTTPS traffic. LBaaS v2 offers
|
|
||||||
SSL/TLS termination at the load balancer, but this example takes a simpler
|
|
||||||
approach and allows encrypted connections to terminate at each member server.
|
|
||||||
|
|
||||||
#. Start by creating a listener, attaching a pool, and then adding members:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-listener-create \
|
|
||||||
--name test-lb-https \
|
|
||||||
--loadbalancer test-lb \
|
|
||||||
--protocol HTTPS \
|
|
||||||
--protocol-port 443
|
|
||||||
$ neutron lbaas-pool-create \
|
|
||||||
--name test-lb-pool-https \
|
|
||||||
--lb-algorithm LEAST_CONNECTIONS \
|
|
||||||
--listener test-lb-https \
|
|
||||||
--protocol HTTPS
|
|
||||||
$ neutron lbaas-member-create \
|
|
||||||
--name test-lb-https-member-1 \
|
|
||||||
--subnet private-subnet \
|
|
||||||
--address 192.0.2.16 \
|
|
||||||
--protocol-port 443 \
|
|
||||||
test-lb-pool-https
|
|
||||||
$ neutron lbaas-member-create \
|
|
||||||
--name test-lb-https-member-2 \
|
|
||||||
--subnet private-subnet \
|
|
||||||
--address 192.0.2.17 \
|
|
||||||
--protocol-port 443 \
|
|
||||||
test-lb-pool-https
|
|
||||||
|
|
||||||
#. You can also add a health monitor for the HTTPS pool:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-healthmonitor-create \
|
|
||||||
--name test-lb-https-monitor \
|
|
||||||
--delay 5 \
|
|
||||||
--max-retries 2 \
|
|
||||||
--timeout 10 \
|
|
||||||
--type HTTPS \
|
|
||||||
--pool test-lb-pool-https
|
|
||||||
|
|
||||||
The load balancer now handles traffic on ports 80 and 443.
|
|
||||||
|
|
||||||
Associating a floating IP address
|
|
||||||
---------------------------------
|
|
||||||
|
|
||||||
Load balancers that are deployed on a public or provider network that are
|
|
||||||
accessible to external clients do not need a floating IP address assigned.
|
|
||||||
External clients can directly access the virtual IP address (VIP) of those
|
|
||||||
load balancers.
|
|
||||||
|
|
||||||
However, load balancers deployed onto private or isolated networks need a
|
|
||||||
floating IP address assigned if they must be accessible to external clients. To
|
|
||||||
complete this step, you must have a router between the private and public
|
|
||||||
networks and an available floating IP address.
|
|
||||||
|
|
||||||
You can use the :command:`neutron lbaas-loadbalancer-show` command from the
|
|
||||||
beginning of this section to locate the ``vip_port_id``. The ``vip_port_id``
|
|
||||||
is the ID of the network port that is assigned to the load balancer. You can
|
|
||||||
associate a free floating IP address to the load balancer using
|
|
||||||
:command:`neutron floatingip-associate`:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron floatingip-associate FLOATINGIP_ID LOAD_BALANCER_PORT_ID
|
|
||||||
|
|
||||||
Setting quotas for LBaaS v2
|
|
||||||
---------------------------
|
|
||||||
|
|
||||||
Quotas are available for limiting the number of load balancers and load
|
|
||||||
balancer pools. By default, both quotas are set to 10.
|
|
||||||
|
|
||||||
You can adjust quotas using the :command:`neutron quota-update` command:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron quota-update --tenant-id TENANT_UUID --loadbalancer 25
|
|
||||||
$ neutron quota-update --tenant-id TENANT_UUID --pool 50
|
|
||||||
|
|
||||||
A setting of ``-1`` disables the quota for a tenant.
|
|
||||||
|
|
||||||
Retrieving load balancer statistics
|
|
||||||
-----------------------------------
|
|
||||||
|
|
||||||
The LBaaS v2 agent collects four types of statistics for each load balancer
|
|
||||||
every six seconds. Users can query these statistics with the
|
|
||||||
:command:`neutron lbaas-loadbalancer-stats` command:
|
|
||||||
|
|
||||||
.. code-block:: console
|
|
||||||
|
|
||||||
$ neutron lbaas-loadbalancer-stats test-lb
|
|
||||||
+--------------------+----------+
|
|
||||||
| Field | Value |
|
|
||||||
+--------------------+----------+
|
|
||||||
| active_connections | 0 |
|
|
||||||
| bytes_in | 40264557 |
|
|
||||||
| bytes_out | 71701666 |
|
|
||||||
| total_connections | 384601 |
|
|
||||||
+--------------------+----------+
|
|
||||||
|
|
||||||
The ``active_connections`` count is the total number of connections that were
|
|
||||||
active at the time the agent polled the load balancer. The other three
|
|
||||||
statistics are cumulative since the load balancer was last started. For
|
|
||||||
example, if the load balancer restarts due to a system error or a configuration
|
|
||||||
change, these statistics will be reset.
|
|
@ -151,7 +151,7 @@ Known limitations
|
|||||||
If huge pages are not present in the guest, the interface will appear but
|
If huge pages are not present in the guest, the interface will appear but
|
||||||
will not function.
|
will not function.
|
||||||
* Expect performance degradation of services using tap devices: these devices
|
* Expect performance degradation of services using tap devices: these devices
|
||||||
do not support DPDK. Example services include DVR, FWaaS, or LBaaS.
|
do not support DPDK. Example services include DVR and FWaaS.
|
||||||
* When the ``ovs_use_veth`` option is set to ``True``, any traffic sent
|
* When the ``ovs_use_veth`` option is set to ``True``, any traffic sent
|
||||||
from a DHCP namespace will have an incorrect TCP checksum.
|
from a DHCP namespace will have an incorrect TCP checksum.
|
||||||
This means that if ``enable_isolated_metadata`` is set to ``True`` and
|
This means that if ``enable_isolated_metadata`` is set to ``True`` and
|
||||||
|
@ -21,7 +21,6 @@ Configuration
|
|||||||
config-fip-port-forwardings
|
config-fip-port-forwardings
|
||||||
config-ipam
|
config-ipam
|
||||||
config-ipv6
|
config-ipv6
|
||||||
config-lbaas
|
|
||||||
config-logging
|
config-logging
|
||||||
config-macvtap
|
config-macvtap
|
||||||
config-mtu
|
config-mtu
|
||||||
|
File diff suppressed because one or more lines are too long
Before (image error) Size: 21 KiB |
@ -15,8 +15,8 @@ define network connectivity and addressing in the cloud. The Networking
|
|||||||
service enables operators to leverage different networking technologies
|
service enables operators to leverage different networking technologies
|
||||||
to power their cloud networking. The Networking service also provides an
|
to power their cloud networking. The Networking service also provides an
|
||||||
API to configure and manage a variety of network services ranging from L3
|
API to configure and manage a variety of network services ranging from L3
|
||||||
forwarding and Network Address Translation (NAT) to load
|
forwarding and Network Address Translation (NAT) to perimeter firewalls, and
|
||||||
balancing, perimeter firewalls, and virtual private networks.
|
virtual private networks.
|
||||||
|
|
||||||
It includes the following components:
|
It includes the following components:
|
||||||
|
|
||||||
@ -166,8 +166,7 @@ VLAN
|
|||||||
using VLAN IDs (802.1Q tagged) that correspond to VLANs present in the
|
using VLAN IDs (802.1Q tagged) that correspond to VLANs present in the
|
||||||
physical network. This allows instances to communicate with each other
|
physical network. This allows instances to communicate with each other
|
||||||
across the environment. They can also communicate with dedicated servers,
|
across the environment. They can also communicate with dedicated servers,
|
||||||
firewalls, load balancers, and other networking infrastructure on the
|
firewalls, and other networking infrastructure on the same layer 2 VLAN.
|
||||||
same layer 2 VLAN.
|
|
||||||
|
|
||||||
GRE and VXLAN
|
GRE and VXLAN
|
||||||
VXLAN and GRE are encapsulation protocols that create overlay networks
|
VXLAN and GRE are encapsulation protocols that create overlay networks
|
||||||
|
@ -540,7 +540,7 @@ Extensions can be loaded in two ways:
|
|||||||
Service Providers
|
Service Providers
|
||||||
~~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
If your project uses service provider(s) the same way VPNAAS and LBAAS do, you
|
If your project uses service provider(s) the same way VPNAAS does, you
|
||||||
specify your service provider in your ``project_name.conf`` file like so::
|
specify your service provider in your ``project_name.conf`` file like so::
|
||||||
|
|
||||||
[service_providers]
|
[service_providers]
|
||||||
|
@ -127,7 +127,7 @@ network or a port, making all rules of the policy applied to the corresponding
|
|||||||
Neutron resource.
|
Neutron resource.
|
||||||
|
|
||||||
When applied through a network association, policy rules could apply or not
|
When applied through a network association, policy rules could apply or not
|
||||||
to neutron internal ports (like router, dhcp, load balancer, etc..). The QosRule
|
to neutron internal ports (like router, dhcp, etc..). The QosRule
|
||||||
base object provides a default should_apply_to_port method which could be
|
base object provides a default should_apply_to_port method which could be
|
||||||
overridden. In the future we may want to have a flag in QoSNetworkPolicyBinding
|
overridden. In the future we may want to have a flag in QoSNetworkPolicyBinding
|
||||||
or QosRule to enforce such type of application (for example when limiting all
|
or QosRule to enforce such type of application (for example when limiting all
|
||||||
|
@ -27,9 +27,6 @@ Service Extensions
|
|||||||
Historically, Neutron supported the following advanced services:
|
Historically, Neutron supported the following advanced services:
|
||||||
|
|
||||||
#. **FWaaS** (*Firewall-as-a-Service*): runs as part of the L3 agent.
|
#. **FWaaS** (*Firewall-as-a-Service*): runs as part of the L3 agent.
|
||||||
#. **LBaaS** (*Load-Balancer-as-a-Service*): implemented purely inside
|
|
||||||
neutron-server, does not interact directly with agents. **Deprecated as of
|
|
||||||
Queens**.
|
|
||||||
#. **VPNaaS** (*VPN-as-a-Service*): derives from L3 agent to add
|
#. **VPNaaS** (*VPN-as-a-Service*): derives from L3 agent to add
|
||||||
VPNaaS functionality.
|
VPNaaS functionality.
|
||||||
|
|
||||||
@ -47,7 +44,6 @@ consider adding an entry to the dictionary, please be kind and
|
|||||||
reach out to your PTL or a member of the drivers team for approval.
|
reach out to your PTL or a member of the drivers team for approval.
|
||||||
|
|
||||||
#. http://opendev.org/openstack/neutron-fwaas/
|
#. http://opendev.org/openstack/neutron-fwaas/
|
||||||
#. http://opendev.org/openstack/neutron-lbaas/
|
|
||||||
#. http://opendev.org/openstack/neutron-vpnaas/
|
#. http://opendev.org/openstack/neutron-vpnaas/
|
||||||
|
|
||||||
|
|
||||||
|
@ -24,7 +24,7 @@ Sub-Projects and Specs
|
|||||||
|
|
||||||
The `neutron-specs <http://opendev.org/openstack/neutron-specs>`_
|
The `neutron-specs <http://opendev.org/openstack/neutron-specs>`_
|
||||||
repository is only meant for specs from Neutron itself, and the advanced
|
repository is only meant for specs from Neutron itself, and the advanced
|
||||||
services repositories as well. This includes FWaaS, LBaaS, and VPNaaS. Other
|
services repositories as well. This includes FWaaS and VPNaaS. Other
|
||||||
sub-projects are encouraged to fold their specs into their own devref code
|
sub-projects are encouraged to fold their specs into their own devref code
|
||||||
in their sub-project gerrit repositories. Please see additional comments
|
in their sub-project gerrit repositories. Please see additional comments
|
||||||
in the Neutron teams :ref:`section <specs-core-reviewer-team>`
|
in the Neutron teams :ref:`section <specs-core-reviewer-team>`
|
||||||
|
@ -94,7 +94,7 @@ Some notes on the above:
|
|||||||
agents and ML2.
|
agents and ML2.
|
||||||
* The client includes commands installed server side.
|
* The client includes commands installed server side.
|
||||||
* L3 includes the L3 agent, DVR, Dynamic routing and IPAM.
|
* L3 includes the L3 agent, DVR, Dynamic routing and IPAM.
|
||||||
* Services includes FWaaS, LBaaS, and VPNaaS.
|
* Services includes FWaaS and VPNaaS.
|
||||||
* Note these areas may change as the project evolves due to code refactoring,
|
* Note these areas may change as the project evolves due to code refactoring,
|
||||||
new feature areas, and libification of certain pieces of code.
|
new feature areas, and libification of certain pieces of code.
|
||||||
* Infra means interactions with infra from a neutron perspective
|
* Infra means interactions with infra from a neutron perspective
|
||||||
|
@ -29,8 +29,8 @@ You can see a programmatic example of the exceptions here [3]_.
|
|||||||
If your code is in a neutron-\*aas repo, you should run against the tests
|
If your code is in a neutron-\*aas repo, you should run against the tests
|
||||||
for that repo. You may also run against every neutron change, if your service
|
for that repo. You may also run against every neutron change, if your service
|
||||||
driver is using neutron interfaces that are not provided by your service
|
driver is using neutron interfaces that are not provided by your service
|
||||||
plugin (e.g. loadbalancer/plugin.py). If you are using only plugin interfaces,
|
plugin (e.g. firewall/fwaas_plugin_v2.py). If you are using only plugin
|
||||||
it should be safe to test against only the service repo tests.
|
interfaces, it should be safe to test against only the service repo tests.
|
||||||
|
|
||||||
What Tests To Run
|
What Tests To Run
|
||||||
-----------------
|
-----------------
|
||||||
@ -47,11 +47,6 @@ example tempest setup for devstack-gate::
|
|||||||
export DEVSTACK_GATE_NEUTRON=1
|
export DEVSTACK_GATE_NEUTRON=1
|
||||||
export DEVSTACK_GATE_TEMPEST_REGEX='(?!.*\[.*\bslow\b.*\])((network)|(neutron))'
|
export DEVSTACK_GATE_TEMPEST_REGEX='(?!.*\[.*\bslow\b.*\])((network)|(neutron))'
|
||||||
|
|
||||||
An example setup for LBaaS::
|
|
||||||
|
|
||||||
export DEVSTACK_GATE_NEUTRON=1
|
|
||||||
export DEVSTACK_GATE_TEMPEST_REGEX='(?!.*\[.*\bslow\b.*\])(alancer|SimpleReadOnlyNeutron|tempest.api.network)'
|
|
||||||
|
|
||||||
Third Party CI Voting
|
Third Party CI Voting
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
|
@ -69,8 +69,6 @@ names, which were moved out of Neutron: ::
|
|||||||
|
|
||||||
VPNAAS_TABLES = [...]
|
VPNAAS_TABLES = [...]
|
||||||
|
|
||||||
LBAAS_TABLES = [...]
|
|
||||||
|
|
||||||
FWAAS_TABLES = [...]
|
FWAAS_TABLES = [...]
|
||||||
|
|
||||||
# Arista ML2 driver Models moved to openstack/networking-arista
|
# Arista ML2 driver Models moved to openstack/networking-arista
|
||||||
@ -81,7 +79,7 @@ names, which were moved out of Neutron: ::
|
|||||||
|
|
||||||
...
|
...
|
||||||
|
|
||||||
TABLES = (FWAAS_TABLES + LBAAS_TABLES + VPNAAS_TABLES + ...
|
TABLES = (FWAAS_TABLES + VPNAAS_TABLES + ...
|
||||||
+ REPO_ARISTA_TABLES + REPO_CISCO_TABLES)
|
+ REPO_ARISTA_TABLES + REPO_CISCO_TABLES)
|
||||||
|
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ Virtual Networking Infrastructure (VNI) and the access layer aspects
|
|||||||
of the Physical Networking Infrastructure (PNI) in your OpenStack
|
of the Physical Networking Infrastructure (PNI) in your OpenStack
|
||||||
environment. OpenStack Networking enables projects to create advanced
|
environment. OpenStack Networking enables projects to create advanced
|
||||||
virtual network topologies which may include services such as a
|
virtual network topologies which may include services such as a
|
||||||
firewall, a load balancer, and a virtual private network (VPN).
|
firewall, and a virtual private network (VPN).
|
||||||
|
|
||||||
Networking provides networks, subnets, and routers as object abstractions.
|
Networking provides networks, subnets, and routers as object abstractions.
|
||||||
Each abstraction has functionality that mimics its physical counterpart:
|
Each abstraction has functionality that mimics its physical counterpart:
|
||||||
@ -49,5 +49,5 @@ Each plug-in that Networking uses has its own concepts. While not vital
|
|||||||
to operating the VNI and OpenStack environment, understanding these
|
to operating the VNI and OpenStack environment, understanding these
|
||||||
concepts can help you set up Networking. All Networking installations
|
concepts can help you set up Networking. All Networking installations
|
||||||
use a core plug-in and a security group plug-in (or just the No-Op
|
use a core plug-in and a security group plug-in (or just the No-Op
|
||||||
security group plug-in). Additionally, Firewall-as-a-Service (FWaaS) and
|
security group plug-in). Additionally, Firewall-as-a-Service (FWaaS)
|
||||||
Load-Balancer-as-a-Service (LBaaS) plug-ins are available.
|
is available.
|
||||||
|
@ -147,8 +147,8 @@ infrastructure.
|
|||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
This option lacks support for self-service (private) networks, layer-3
|
This option lacks support for self-service (private) networks, layer-3
|
||||||
(routing) services, and advanced services such as
|
(routing) services, and advanced services such as FireWall-as-a-Service
|
||||||
Load-Balancer-as-a-Service (LBaaS) and FireWall-as-a-Service (FWaaS).
|
(FWaaS).
|
||||||
Consider the self-service networks option below if you desire these features.
|
Consider the self-service networks option below if you desire these features.
|
||||||
|
|
||||||
.. _figure-network1-services:
|
.. _figure-network1-services:
|
||||||
@ -167,7 +167,7 @@ self-service networks using overlay segmentation methods such
|
|||||||
as Virtual Extensible LAN (VXLAN). Essentially, it routes
|
as Virtual Extensible LAN (VXLAN). Essentially, it routes
|
||||||
virtual networks to physical networks using Network Address
|
virtual networks to physical networks using Network Address
|
||||||
Translation (NAT). Additionally, this option provides the foundation for
|
Translation (NAT). Additionally, this option provides the foundation for
|
||||||
advanced services such as LBaaS and FWaaS.
|
advanced services such as FWaaS.
|
||||||
|
|
||||||
The OpenStack user can create virtual networks without the knowledge
|
The OpenStack user can create virtual networks without the knowledge
|
||||||
of underlying infrastructure on the data network. This can also include
|
of underlying infrastructure on the data network. This can also include
|
||||||
|
@ -167,7 +167,7 @@ class ProcessMonitor(object):
|
|||||||
|
|
||||||
:param config: oslo config object with the agent configuration.
|
:param config: oslo config object with the agent configuration.
|
||||||
:type config: oslo_config.ConfigOpts
|
:type config: oslo_config.ConfigOpts
|
||||||
:param resource_type: can be dhcp, router, load_balancer, etc.
|
:param resource_type: can be dhcp, router, etc.
|
||||||
:type resource_type: str
|
:type resource_type: str
|
||||||
"""
|
"""
|
||||||
self._config = config
|
self._config = config
|
||||||
|
@ -37,12 +37,10 @@ from neutron.conf.agent import common as agent_config
|
|||||||
from neutron.conf.agent import dhcp as dhcp_config
|
from neutron.conf.agent import dhcp as dhcp_config
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
LB_NS_PREFIX = 'qlbaas-'
|
|
||||||
NS_PREFIXES = {
|
NS_PREFIXES = {
|
||||||
'dhcp': [dhcp.NS_PREFIX],
|
'dhcp': [dhcp.NS_PREFIX],
|
||||||
'l3': [namespaces.NS_PREFIX, dvr_snat_ns.SNAT_NS_PREFIX,
|
'l3': [namespaces.NS_PREFIX, dvr_snat_ns.SNAT_NS_PREFIX,
|
||||||
dvr_fip_ns.FIP_NS_PREFIX],
|
dvr_fip_ns.FIP_NS_PREFIX],
|
||||||
'lbaas': [LB_NS_PREFIX],
|
|
||||||
}
|
}
|
||||||
SIGTERM_WAITTIME = 10
|
SIGTERM_WAITTIME = 10
|
||||||
NETSTAT_PIDS_REGEX = re.compile(r'.* (?P<pid>\d{2,6})/.*')
|
NETSTAT_PIDS_REGEX = re.compile(r'.* (?P<pid>\d{2,6})/.*')
|
||||||
|
@ -33,7 +33,7 @@ netns_opts = [
|
|||||||
default=False,
|
default=False,
|
||||||
help=_('Delete the namespace by removing all devices.')),
|
help=_('Delete the namespace by removing all devices.')),
|
||||||
cfg.StrOpt('agent-type',
|
cfg.StrOpt('agent-type',
|
||||||
choices=['dhcp', 'l3', 'lbaas'],
|
choices=['dhcp', 'l3'],
|
||||||
help=_('Cleanup resources of a specific agent type only.')),
|
help=_('Cleanup resources of a specific agent type only.')),
|
||||||
]
|
]
|
||||||
|
|
||||||
|
@ -145,31 +145,6 @@ rules = [
|
|||||||
},
|
},
|
||||||
]
|
]
|
||||||
),
|
),
|
||||||
# TODO(amotoki): Remove LBaaS related policies once neutron-lbaas
|
|
||||||
# is retired.
|
|
||||||
policy.DocumentedRuleDefault(
|
|
||||||
'get_agent-loadbalancers',
|
|
||||||
base.RULE_ADMIN_ONLY,
|
|
||||||
'List load balancers on an LBaaS v2 agent',
|
|
||||||
[
|
|
||||||
{
|
|
||||||
'method': 'GET',
|
|
||||||
'path': '/agents/{agent_id}/agent-loadbalancers',
|
|
||||||
},
|
|
||||||
]
|
|
||||||
),
|
|
||||||
policy.DocumentedRuleDefault(
|
|
||||||
'get_loadbalancer-hosting-agent',
|
|
||||||
base.RULE_ADMIN_ONLY,
|
|
||||||
'List LBaaS v2 agents hosting a load balancer',
|
|
||||||
[
|
|
||||||
{
|
|
||||||
'method': 'GET',
|
|
||||||
'path': ('/lbaas/loadbalancers/{load_balancer_id}/'
|
|
||||||
'loadbalancer-hosting-agent'),
|
|
||||||
},
|
|
||||||
]
|
|
||||||
),
|
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
@ -53,7 +53,6 @@ class AgentSchedulerDbMixin(agents_db.AgentDbMixin):
|
|||||||
agent_notifiers = {
|
agent_notifiers = {
|
||||||
constants.AGENT_TYPE_DHCP: None,
|
constants.AGENT_TYPE_DHCP: None,
|
||||||
constants.AGENT_TYPE_L3: None,
|
constants.AGENT_TYPE_L3: None,
|
||||||
constants.AGENT_TYPE_LOADBALANCER: None,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
|
@ -18,6 +18,8 @@ VPNAAS_TABLES = ['vpnservices', 'ipsecpolicies', 'ipsecpeercidrs',
|
|||||||
'ipsec_site_connections', 'cisco_csr_identifier_map',
|
'ipsec_site_connections', 'cisco_csr_identifier_map',
|
||||||
'ikepolicies']
|
'ikepolicies']
|
||||||
|
|
||||||
|
# Neutron-lbaas is retired, but we need to keep this for the models until
|
||||||
|
# we decide to remove the tables.
|
||||||
LBAAS_TABLES = ['vips', 'sessionpersistences', 'pools', 'healthmonitors',
|
LBAAS_TABLES = ['vips', 'sessionpersistences', 'pools', 'healthmonitors',
|
||||||
'poolstatisticss', 'members', 'poolloadbalanceragentbindings',
|
'poolstatisticss', 'members', 'poolloadbalanceragentbindings',
|
||||||
'poolmonitorassociations']
|
'poolmonitorassociations']
|
||||||
|
@ -140,11 +140,11 @@ def check_oslo_i18n_wrapper(logical_line, filename, noqa):
|
|||||||
"""N340 - Check for neutron.i18n usage.
|
"""N340 - Check for neutron.i18n usage.
|
||||||
|
|
||||||
Okay(neutron/foo/bar.py): from neutron._i18n import _
|
Okay(neutron/foo/bar.py): from neutron._i18n import _
|
||||||
Okay(neutron_lbaas/foo/bar.py): from neutron_lbaas._i18n import _
|
Okay(neutron_fwaas/foo/bar.py): from neutron_fwaas._i18n import _
|
||||||
N340(neutron/foo/bar.py): from neutron.i18n import _
|
N340(neutron/foo/bar.py): from neutron.i18n import _
|
||||||
N340(neutron_lbaas/foo/bar.py): from neutron_lbaas.i18n import _
|
N340(neutron_fwaas/foo/bar.py): from neutron_fwaas.i18n import _
|
||||||
N340(neutron_lbaas/foo/bar.py): from neutron.i18n import _
|
N340(neutron_fwaas/foo/bar.py): from neutron.i18n import _
|
||||||
N340(neutron_lbaas/foo/bar.py): from neutron._i18n import _
|
N340(neutron_fwaas/foo/bar.py): from neutron._i18n import _
|
||||||
Okay(neutron/foo/bar.py): from neutron.i18n import _ # noqa
|
Okay(neutron/foo/bar.py): from neutron.i18n import _ # noqa
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@ -121,7 +121,7 @@ class V2Controller(object):
|
|||||||
# if collection exists in the extension to service plugins map then
|
# if collection exists in the extension to service plugins map then
|
||||||
# we are assuming that collection is the service plugin and
|
# we are assuming that collection is the service plugin and
|
||||||
# needs to be remapped.
|
# needs to be remapped.
|
||||||
# Example: https://neutron.endpoint/v2.0/lbaas/loadbalancers
|
# Example: https://neutron.endpoint/v2.0/fwaas/firewall_groups
|
||||||
if (remainder and
|
if (remainder and
|
||||||
manager.NeutronManager.get_resources_for_path_prefix(
|
manager.NeutronManager.get_resources_for_path_prefix(
|
||||||
collection)):
|
collection)):
|
||||||
|
@ -19,8 +19,6 @@ from neutron_lib.plugins import constants as p_const
|
|||||||
# Maps extension alias to service type that
|
# Maps extension alias to service type that
|
||||||
# can be implemented by the core plugin.
|
# can be implemented by the core plugin.
|
||||||
EXT_TO_SERVICE_MAPPING = {
|
EXT_TO_SERVICE_MAPPING = {
|
||||||
'lbaas': p_const.LOADBALANCER,
|
|
||||||
'lbaasv2': p_const.LOADBALANCERV2,
|
|
||||||
'fwaas': p_const.FIREWALL,
|
'fwaas': p_const.FIREWALL,
|
||||||
'vpnaas': p_const.VPN,
|
'vpnaas': p_const.VPN,
|
||||||
'metering': p_const.METERING,
|
'metering': p_const.METERING,
|
||||||
|
@ -123,9 +123,6 @@ class TestNetnsCleanup(base.BaseTestCase):
|
|||||||
def test_eligible_for_deletion_fip_namespace(self):
|
def test_eligible_for_deletion_fip_namespace(self):
|
||||||
self._test_eligible_for_deletion_helper('fip-', False, True, True)
|
self._test_eligible_for_deletion_helper('fip-', False, True, True)
|
||||||
|
|
||||||
def test_eligible_for_deletion_lbaas_namespace(self):
|
|
||||||
self._test_eligible_for_deletion_helper('qlbaas-', False, True, True)
|
|
||||||
|
|
||||||
def test_eligible_for_deletion_snat_namespace(self):
|
def test_eligible_for_deletion_snat_namespace(self):
|
||||||
self._test_eligible_for_deletion_helper('snat-', False, True, True)
|
self._test_eligible_for_deletion_helper('snat-', False, True, True)
|
||||||
|
|
||||||
|
@ -84,7 +84,7 @@ class DummyServicePlugin(service_base.ServicePluginBase):
|
|||||||
"""This is a simple plugin for managing instances of a fictional 'dummy'
|
"""This is a simple plugin for managing instances of a fictional 'dummy'
|
||||||
service. This plugin is provided as a proof-of-concept of how
|
service. This plugin is provided as a proof-of-concept of how
|
||||||
advanced service might leverage the service type extension.
|
advanced service might leverage the service type extension.
|
||||||
Ideally, instances of real advanced services, such as load balancing
|
Ideally, instances of real advanced services, such as firewall
|
||||||
or VPN will adopt a similar solution.
|
or VPN will adopt a similar solution.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@ -13,8 +13,6 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import copy
|
|
||||||
from datetime import datetime
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
from neutron_lib.api.definitions import agent as agent_apidef
|
from neutron_lib.api.definitions import agent as agent_apidef
|
||||||
@ -38,8 +36,6 @@ L3_HOSTA = 'hosta'
|
|||||||
DHCP_HOSTA = 'hosta'
|
DHCP_HOSTA = 'hosta'
|
||||||
L3_HOSTB = 'hostb'
|
L3_HOSTB = 'hostb'
|
||||||
DHCP_HOSTC = 'hostc'
|
DHCP_HOSTC = 'hostc'
|
||||||
LBAAS_HOSTA = 'hosta'
|
|
||||||
LBAAS_HOSTB = 'hostb'
|
|
||||||
|
|
||||||
|
|
||||||
class AgentTestExtensionManager(object):
|
class AgentTestExtensionManager(object):
|
||||||
@ -72,7 +68,7 @@ class AgentDBTestMixIn(object):
|
|||||||
self.assertEqual(expected_res_status, agent_res.status_int)
|
self.assertEqual(expected_res_status, agent_res.status_int)
|
||||||
return agent_res
|
return agent_res
|
||||||
|
|
||||||
def _register_agent_states(self, lbaas_agents=False):
|
def _register_agent_states(self):
|
||||||
"""Register two L3 agents and two DHCP agents."""
|
"""Register two L3 agents and two DHCP agents."""
|
||||||
l3_hosta = helpers._get_l3_agent_dict(
|
l3_hosta = helpers._get_l3_agent_dict(
|
||||||
L3_HOSTA, constants.L3_AGENT_MODE_LEGACY)
|
L3_HOSTA, constants.L3_AGENT_MODE_LEGACY)
|
||||||
@ -85,28 +81,7 @@ class AgentDBTestMixIn(object):
|
|||||||
helpers.register_dhcp_agent(host=DHCP_HOSTA)
|
helpers.register_dhcp_agent(host=DHCP_HOSTA)
|
||||||
helpers.register_dhcp_agent(host=DHCP_HOSTC)
|
helpers.register_dhcp_agent(host=DHCP_HOSTC)
|
||||||
|
|
||||||
res = [l3_hosta, l3_hostb, dhcp_hosta, dhcp_hostc]
|
return [l3_hosta, l3_hostb, dhcp_hosta, dhcp_hostc]
|
||||||
if lbaas_agents:
|
|
||||||
lbaas_hosta = {
|
|
||||||
'binary': 'neutron-loadbalancer-agent',
|
|
||||||
'host': LBAAS_HOSTA,
|
|
||||||
'topic': 'LOADBALANCER_AGENT',
|
|
||||||
'configurations': {'device_drivers': ['haproxy_ns']},
|
|
||||||
'agent_type': constants.AGENT_TYPE_LOADBALANCER}
|
|
||||||
lbaas_hostb = copy.deepcopy(lbaas_hosta)
|
|
||||||
lbaas_hostb['host'] = LBAAS_HOSTB
|
|
||||||
callback = agents_db.AgentExtRpcCallback()
|
|
||||||
callback.report_state(
|
|
||||||
self.adminContext,
|
|
||||||
agent_state={'agent_state': lbaas_hosta},
|
|
||||||
time=datetime.utcnow().strftime(constants.ISO8601_TIME_FORMAT))
|
|
||||||
callback.report_state(
|
|
||||||
self.adminContext,
|
|
||||||
agent_state={'agent_state': lbaas_hostb},
|
|
||||||
time=datetime.utcnow().strftime(constants.ISO8601_TIME_FORMAT))
|
|
||||||
res += [lbaas_hosta, lbaas_hostb]
|
|
||||||
|
|
||||||
return res
|
|
||||||
|
|
||||||
def _register_dvr_agents(self):
|
def _register_dvr_agents(self):
|
||||||
dvr_snat_agent = helpers.register_l3_agent(
|
dvr_snat_agent = helpers.register_l3_agent(
|
||||||
|
@ -60,20 +60,20 @@ class ServiceTypeManagerTestCase(testlib_api.SqlTestCase):
|
|||||||
svc_type=service_type))
|
svc_type=service_type))
|
||||||
|
|
||||||
def test_service_provider_driver_not_unique(self):
|
def test_service_provider_driver_not_unique(self):
|
||||||
self._set_override([constants.LOADBALANCER + ':lbaas:driver'])
|
self._set_override([constants.FIREWALL + ':fwaas:driver'])
|
||||||
prov = {'service_type': constants.LOADBALANCER,
|
prov = {'service_type': constants.FIREWALL,
|
||||||
'name': 'name2',
|
'name': 'name2',
|
||||||
'driver': 'driver',
|
'driver': 'driver',
|
||||||
'default': False}
|
'default': False}
|
||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
n_exc.Invalid,
|
n_exc.Invalid,
|
||||||
self.manager.config['LOADBALANCER'].add_provider, prov)
|
self.manager.config['FIREWALL'].add_provider, prov)
|
||||||
|
|
||||||
def test_get_service_providers(self):
|
def test_get_service_providers(self):
|
||||||
"""Test that get_service_providers filters correctly."""
|
"""Test that get_service_providers filters correctly."""
|
||||||
self._set_override(
|
self._set_override(
|
||||||
[constants.LOADBALANCER +
|
[constants.VPN +
|
||||||
':lbaas:driver_path1',
|
':vpnaas:driver_path1',
|
||||||
constants.FIREWALL +
|
constants.FIREWALL +
|
||||||
':fwaas:driver_path2'])
|
':fwaas:driver_path2'])
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
@ -82,7 +82,7 @@ class ServiceTypeManagerTestCase(testlib_api.SqlTestCase):
|
|||||||
|
|
||||||
res = self.manager.get_service_providers(
|
res = self.manager.get_service_providers(
|
||||||
ctx,
|
ctx,
|
||||||
filters=dict(service_type=[constants.LOADBALANCER])
|
filters=dict(service_type=[constants.FIREWALL])
|
||||||
)
|
)
|
||||||
self.assertEqual(1, len(res))
|
self.assertEqual(1, len(res))
|
||||||
|
|
||||||
@ -96,21 +96,21 @@ class ServiceTypeManagerTestCase(testlib_api.SqlTestCase):
|
|||||||
self.assertRaises(
|
self.assertRaises(
|
||||||
n_exc.Invalid,
|
n_exc.Invalid,
|
||||||
self._set_override,
|
self._set_override,
|
||||||
[constants.LOADBALANCER +
|
[constants.FIREWALL +
|
||||||
':lbaas1:driver_path:default',
|
':fwaas1:driver_path:default',
|
||||||
constants.LOADBALANCER +
|
constants.FIREWALL +
|
||||||
':lbaas2:driver_path:default'])
|
':fwaas2:driver_path:default'])
|
||||||
|
|
||||||
def test_get_default_provider(self):
|
def test_get_default_provider(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas1:driver_path:default',
|
':fwaas1:driver_path:default',
|
||||||
dp.DUMMY_SERVICE_TYPE +
|
dp.DUMMY_SERVICE_TYPE +
|
||||||
':lbaas2:driver_path2'])
|
':fwaas2:driver_path2'])
|
||||||
# can pass None as a context
|
# can pass None as a context
|
||||||
p = self.manager.get_default_service_provider(None,
|
p = self.manager.get_default_service_provider(None,
|
||||||
constants.LOADBALANCER)
|
constants.FIREWALL)
|
||||||
self.assertEqual({'service_type': constants.LOADBALANCER,
|
self.assertEqual({'service_type': constants.FIREWALL,
|
||||||
'name': 'lbaas1',
|
'name': 'fwaas1',
|
||||||
'driver': 'driver_path',
|
'driver': 'driver_path',
|
||||||
'default': True}, p)
|
'default': True}, p)
|
||||||
|
|
||||||
@ -148,24 +148,24 @@ class ServiceTypeManagerTestCase(testlib_api.SqlTestCase):
|
|||||||
for td in test_data}, names_by_id)
|
for td in test_data}, names_by_id)
|
||||||
|
|
||||||
def test_add_resource_association(self):
|
def test_add_resource_association(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas1:driver_path:default',
|
':fwaas1:driver_path:default',
|
||||||
dp.DUMMY_SERVICE_TYPE +
|
dp.DUMMY_SERVICE_TYPE +
|
||||||
':lbaas2:driver_path2'])
|
':fwaas2:driver_path2'])
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
self.manager.add_resource_association(ctx,
|
self.manager.add_resource_association(ctx,
|
||||||
constants.LOADBALANCER,
|
constants.FIREWALL,
|
||||||
'lbaas1',
|
'fwaas1',
|
||||||
uuidutils.generate_uuid())
|
uuidutils.generate_uuid())
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
1, servicetype_obj.ProviderResourceAssociation.count(ctx))
|
1, servicetype_obj.ProviderResourceAssociation.count(ctx))
|
||||||
servicetype_obj.ProviderResourceAssociation.delete_objects(ctx)
|
servicetype_obj.ProviderResourceAssociation.delete_objects(ctx)
|
||||||
|
|
||||||
def test_invalid_resource_association(self):
|
def test_invalid_resource_association(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas1:driver_path:default',
|
':fwaas1:driver_path:default',
|
||||||
dp.DUMMY_SERVICE_TYPE +
|
dp.DUMMY_SERVICE_TYPE +
|
||||||
':lbaas2:driver_path2'])
|
':fwaas2:driver_path2'])
|
||||||
ctx = context.get_admin_context()
|
ctx = context.get_admin_context()
|
||||||
self.assertRaises(provconf.ServiceProviderNotFound,
|
self.assertRaises(provconf.ServiceProviderNotFound,
|
||||||
self.manager.add_resource_association,
|
self.manager.add_resource_association,
|
||||||
@ -232,7 +232,7 @@ class ServiceTypeManagerExtTestCase(ServiceTypeExtensionTestCaseBase):
|
|||||||
self.service_providers = mock.patch.object(
|
self.service_providers = mock.patch.object(
|
||||||
provconf.NeutronModule, 'service_providers').start()
|
provconf.NeutronModule, 'service_providers').start()
|
||||||
service_providers = [
|
service_providers = [
|
||||||
constants.LOADBALANCER + ':lbaas:driver_path',
|
constants.FIREWALL + ':fwaas:driver_path',
|
||||||
dp.DUMMY_SERVICE_TYPE + ':dummy:dummy_dr'
|
dp.DUMMY_SERVICE_TYPE + ':dummy:dummy_dr'
|
||||||
]
|
]
|
||||||
self.service_providers.return_value = service_providers
|
self.service_providers.return_value = service_providers
|
||||||
|
@ -3096,30 +3096,6 @@ class TestOvsDvrNeutronAgent(object):
|
|||||||
device_owner=DEVICE_OWNER_COMPUTE,
|
device_owner=DEVICE_OWNER_COMPUTE,
|
||||||
ip_version=n_const.IP_VERSION_6)
|
ip_version=n_const.IP_VERSION_6)
|
||||||
|
|
||||||
def test_port_bound_for_dvr_with_lbaas_vip_ports(self):
|
|
||||||
self._test_port_bound_for_dvr_on_vlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCER)
|
|
||||||
self._test_port_bound_for_dvr_on_vlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCER,
|
|
||||||
ip_version=n_const.IP_VERSION_6)
|
|
||||||
self._test_port_bound_for_dvr_on_vxlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCER)
|
|
||||||
self._test_port_bound_for_dvr_on_vxlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCER,
|
|
||||||
ip_version=n_const.IP_VERSION_6)
|
|
||||||
|
|
||||||
def test_port_bound_for_dvr_with_lbaasv2_vip_ports(self):
|
|
||||||
self._test_port_bound_for_dvr_on_vlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCERV2)
|
|
||||||
self._test_port_bound_for_dvr_on_vlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCERV2,
|
|
||||||
ip_version=n_const.IP_VERSION_6)
|
|
||||||
self._test_port_bound_for_dvr_on_vxlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCERV2)
|
|
||||||
self._test_port_bound_for_dvr_on_vxlan_network(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCERV2,
|
|
||||||
ip_version=n_const.IP_VERSION_6)
|
|
||||||
|
|
||||||
def test_port_bound_for_dvr_with_dhcp_ports(self):
|
def test_port_bound_for_dvr_with_dhcp_ports(self):
|
||||||
self._test_port_bound_for_dvr_on_vlan_network(
|
self._test_port_bound_for_dvr_on_vlan_network(
|
||||||
device_owner=n_const.DEVICE_OWNER_DHCP)
|
device_owner=n_const.DEVICE_OWNER_DHCP)
|
||||||
@ -3478,20 +3454,6 @@ class TestOvsDvrNeutronAgent(object):
|
|||||||
self._test_treat_devices_removed_for_dvr(
|
self._test_treat_devices_removed_for_dvr(
|
||||||
device_owner=DEVICE_OWNER_COMPUTE, ip_version=n_const.IP_VERSION_6)
|
device_owner=DEVICE_OWNER_COMPUTE, ip_version=n_const.IP_VERSION_6)
|
||||||
|
|
||||||
def test_treat_devices_removed_for_dvr_with_lbaas_vip_ports(self):
|
|
||||||
self._test_treat_devices_removed_for_dvr(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCER)
|
|
||||||
self._test_treat_devices_removed_for_dvr(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCER,
|
|
||||||
ip_version=n_const.IP_VERSION_6)
|
|
||||||
|
|
||||||
def test_treat_devices_removed_for_dvr_with_lbaasv2_vip_ports(self):
|
|
||||||
self._test_treat_devices_removed_for_dvr(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCERV2)
|
|
||||||
self._test_treat_devices_removed_for_dvr(
|
|
||||||
device_owner=n_const.DEVICE_OWNER_LOADBALANCERV2,
|
|
||||||
ip_version=n_const.IP_VERSION_6)
|
|
||||||
|
|
||||||
def test_treat_devices_removed_for_dvr_with_dhcp_ports(self):
|
def test_treat_devices_removed_for_dvr_with_dhcp_ports(self):
|
||||||
self._test_treat_devices_removed_for_dvr(
|
self._test_treat_devices_removed_for_dvr(
|
||||||
device_owner=n_const.DEVICE_OWNER_DHCP)
|
device_owner=n_const.DEVICE_OWNER_DHCP)
|
||||||
|
@ -1480,14 +1480,6 @@ class TestMl2PortsV2(test_plugin.TestPortsV2, Ml2PluginV2TestCase):
|
|||||||
def test_check_if_compute_port_serviced_by_dvr(self):
|
def test_check_if_compute_port_serviced_by_dvr(self):
|
||||||
self.assertTrue(utils.is_dvr_serviced(DEVICE_OWNER_COMPUTE))
|
self.assertTrue(utils.is_dvr_serviced(DEVICE_OWNER_COMPUTE))
|
||||||
|
|
||||||
def test_check_if_lbaas_vip_port_serviced_by_dvr(self):
|
|
||||||
self.assertTrue(utils.is_dvr_serviced(
|
|
||||||
constants.DEVICE_OWNER_LOADBALANCER))
|
|
||||||
|
|
||||||
def test_check_if_lbaasv2_vip_port_serviced_by_dvr(self):
|
|
||||||
self.assertTrue(utils.is_dvr_serviced(
|
|
||||||
constants.DEVICE_OWNER_LOADBALANCERV2))
|
|
||||||
|
|
||||||
def test_check_if_dhcp_port_serviced_by_dvr(self):
|
def test_check_if_dhcp_port_serviced_by_dvr(self):
|
||||||
self.assertTrue(utils.is_dvr_serviced(constants.DEVICE_OWNER_DHCP))
|
self.assertTrue(utils.is_dvr_serviced(constants.DEVICE_OWNER_DHCP))
|
||||||
|
|
||||||
|
@ -40,10 +40,10 @@ class ParseServiceProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
self.assertEqual([], providers)
|
self.assertEqual([], providers)
|
||||||
|
|
||||||
def test_parse_single_service_provider_opt(self):
|
def test_parse_single_service_provider_opt(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas:driver_path'])
|
':fwaas:driver_path'])
|
||||||
expected = {'service_type': constants.LOADBALANCER,
|
expected = {'service_type': constants.FIREWALL,
|
||||||
'name': 'lbaas',
|
'name': 'fwaas',
|
||||||
'driver': 'driver_path',
|
'driver': 'driver_path',
|
||||||
'default': False}
|
'default': False}
|
||||||
res = provconf.parse_service_provider_opt()
|
res = provconf.parse_service_provider_opt()
|
||||||
@ -51,10 +51,10 @@ class ParseServiceProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
self.assertEqual([expected], res)
|
self.assertEqual([expected], res)
|
||||||
|
|
||||||
def test_parse_single_default_service_provider_opt(self):
|
def test_parse_single_default_service_provider_opt(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas:driver_path:default'])
|
':fwaas:driver_path:default'])
|
||||||
expected = {'service_type': constants.LOADBALANCER,
|
expected = {'service_type': constants.FIREWALL,
|
||||||
'name': 'lbaas',
|
'name': 'fwaas',
|
||||||
'driver': 'driver_path',
|
'driver': 'driver_path',
|
||||||
'default': True}
|
'default': True}
|
||||||
res = provconf.parse_service_provider_opt()
|
res = provconf.parse_service_provider_opt()
|
||||||
@ -62,10 +62,10 @@ class ParseServiceProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
self.assertEqual([expected], res)
|
self.assertEqual([expected], res)
|
||||||
|
|
||||||
def test_parse_multi_service_provider_opt(self):
|
def test_parse_multi_service_provider_opt(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas:driver_path',
|
':fwaas:driver_path',
|
||||||
constants.LOADBALANCER + ':name1:path1',
|
constants.FIREWALL + ':name1:path1',
|
||||||
constants.LOADBALANCER +
|
constants.FIREWALL +
|
||||||
':name2:path2:default'])
|
':name2:path2:default'])
|
||||||
res = provconf.parse_service_provider_opt()
|
res = provconf.parse_service_provider_opt()
|
||||||
# This parsing crosses repos if additional projects are installed,
|
# This parsing crosses repos if additional projects are installed,
|
||||||
@ -73,18 +73,18 @@ class ParseServiceProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
self.assertGreaterEqual(len(res), 3)
|
self.assertGreaterEqual(len(res), 3)
|
||||||
|
|
||||||
def test_parse_service_provider_invalid_format(self):
|
def test_parse_service_provider_invalid_format(self):
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':lbaas:driver_path',
|
':fwaas:driver_path',
|
||||||
'svc_type:name1:path1:def'])
|
'svc_type:name1:path1:def'])
|
||||||
self.assertRaises(n_exc.Invalid, provconf.parse_service_provider_opt)
|
self.assertRaises(n_exc.Invalid, provconf.parse_service_provider_opt)
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':',
|
':',
|
||||||
'svc_type:name1:path1:def'])
|
'svc_type:name1:path1:def'])
|
||||||
self.assertRaises(n_exc.Invalid, provconf.parse_service_provider_opt)
|
self.assertRaises(n_exc.Invalid, provconf.parse_service_provider_opt)
|
||||||
|
|
||||||
def test_parse_service_provider_name_too_long(self):
|
def test_parse_service_provider_name_too_long(self):
|
||||||
name = 'a' * 256
|
name = 'a' * 256
|
||||||
self._set_override([constants.LOADBALANCER +
|
self._set_override([constants.FIREWALL +
|
||||||
':' + name + ':driver_path',
|
':' + name + ':driver_path',
|
||||||
'svc_type:name1:path1:def'])
|
'svc_type:name1:path1:def'])
|
||||||
self.assertRaises(n_exc.Invalid, provconf.parse_service_provider_opt)
|
self.assertRaises(n_exc.Invalid, provconf.parse_service_provider_opt)
|
||||||
@ -121,20 +121,20 @@ class ProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
|
|
||||||
def test_add_provider(self):
|
def test_add_provider(self):
|
||||||
pconf = provconf.ProviderConfiguration()
|
pconf = provconf.ProviderConfiguration()
|
||||||
prov = {'service_type': constants.LOADBALANCER,
|
prov = {'service_type': constants.FIREWALL,
|
||||||
'name': 'name',
|
'name': 'name',
|
||||||
'driver': 'path',
|
'driver': 'path',
|
||||||
'default': False}
|
'default': False}
|
||||||
pconf.add_provider(prov)
|
pconf.add_provider(prov)
|
||||||
self.assertEqual(1, len(pconf.providers))
|
self.assertEqual(1, len(pconf.providers))
|
||||||
self.assertEqual([(constants.LOADBALANCER, 'name')],
|
self.assertEqual([(constants.FIREWALL, 'name')],
|
||||||
list(pconf.providers.keys()))
|
list(pconf.providers.keys()))
|
||||||
self.assertEqual([{'driver': 'path', 'default': False}],
|
self.assertEqual([{'driver': 'path', 'default': False}],
|
||||||
list(pconf.providers.values()))
|
list(pconf.providers.values()))
|
||||||
|
|
||||||
def test_add_duplicate_provider(self):
|
def test_add_duplicate_provider(self):
|
||||||
pconf = provconf.ProviderConfiguration()
|
pconf = provconf.ProviderConfiguration()
|
||||||
prov = {'service_type': constants.LOADBALANCER,
|
prov = {'service_type': constants.FIREWALL,
|
||||||
'name': 'name',
|
'name': 'name',
|
||||||
'driver': 'path',
|
'driver': 'path',
|
||||||
'default': False}
|
'default': False}
|
||||||
@ -143,15 +143,15 @@ class ProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
self.assertEqual(1, len(pconf.providers))
|
self.assertEqual(1, len(pconf.providers))
|
||||||
|
|
||||||
def test_get_service_providers(self):
|
def test_get_service_providers(self):
|
||||||
self._set_override([constants.LOADBALANCER + ':name:path',
|
self._set_override([constants.FIREWALL + ':name:path',
|
||||||
constants.LOADBALANCER + ':name2:path2',
|
constants.FIREWALL + ':name2:path2',
|
||||||
'st2:name:driver:default',
|
'st2:name:driver:default',
|
||||||
'st3:name2:driver2:default'])
|
'st3:name2:driver2:default'])
|
||||||
provs = [{'service_type': constants.LOADBALANCER,
|
provs = [{'service_type': constants.FIREWALL,
|
||||||
'name': 'name',
|
'name': 'name',
|
||||||
'driver': 'path',
|
'driver': 'path',
|
||||||
'default': False},
|
'default': False},
|
||||||
{'service_type': constants.LOADBALANCER,
|
{'service_type': constants.FIREWALL,
|
||||||
'name': 'name2',
|
'name': 'name2',
|
||||||
'driver': 'path2',
|
'driver': 'path2',
|
||||||
'default': False},
|
'default': False},
|
||||||
@ -173,13 +173,13 @@ class ProviderConfigurationTestCase(base.BaseTestCase):
|
|||||||
self.assertEqual([prov], p)
|
self.assertEqual([prov], p)
|
||||||
|
|
||||||
def test_get_service_providers_with_fields(self):
|
def test_get_service_providers_with_fields(self):
|
||||||
self._set_override([constants.LOADBALANCER + ":name:path",
|
self._set_override([constants.FIREWALL + ":name:path",
|
||||||
constants.LOADBALANCER + ":name2:path2"])
|
constants.FIREWALL + ":name2:path2"])
|
||||||
provs = [{'service_type': constants.LOADBALANCER,
|
provs = [{'service_type': constants.FIREWALL,
|
||||||
'name': 'name',
|
'name': 'name',
|
||||||
'driver': 'path',
|
'driver': 'path',
|
||||||
'default': False},
|
'default': False},
|
||||||
{'service_type': constants.LOADBALANCER,
|
{'service_type': constants.FIREWALL,
|
||||||
'name': 'name2',
|
'name': 'name2',
|
||||||
'driver': 'path2',
|
'driver': 'path2',
|
||||||
'default': False}]
|
'default': False}]
|
||||||
|
@ -32,7 +32,7 @@ DB_PLUGIN_KLASS = 'neutron.db.db_base_plugin_v2.NeutronDbPluginV2'
|
|||||||
|
|
||||||
|
|
||||||
class MultiServiceCorePlugin(object):
|
class MultiServiceCorePlugin(object):
|
||||||
supported_extension_aliases = ['lbaas', dummy_plugin.Dummy.get_alias()]
|
supported_extension_aliases = ['fwaas', dummy_plugin.Dummy.get_alias()]
|
||||||
|
|
||||||
|
|
||||||
class CorePluginWithAgentNotifiers(object):
|
class CorePluginWithAgentNotifiers(object):
|
||||||
@ -125,7 +125,7 @@ class NeutronManagerTestCase(base.BaseTestCase):
|
|||||||
"MultiServiceCorePlugin")
|
"MultiServiceCorePlugin")
|
||||||
manager.NeutronManager.get_instance()
|
manager.NeutronManager.get_instance()
|
||||||
plugins = directory.get_plugins()
|
plugins = directory.get_plugins()
|
||||||
# CORE, LOADBALANCER, DUMMY
|
# CORE, FIREWALL, DUMMY
|
||||||
self.assertEqual(3, len(plugins))
|
self.assertEqual(3, len(plugins))
|
||||||
|
|
||||||
def test_load_plugins_with_requirements(self):
|
def test_load_plugins_with_requirements(self):
|
||||||
@ -204,7 +204,6 @@ class NeutronManagerTestCase(base.BaseTestCase):
|
|||||||
svc_plugins = directory.get_plugins()
|
svc_plugins = directory.get_plugins()
|
||||||
self.assertEqual(3, len(svc_plugins))
|
self.assertEqual(3, len(svc_plugins))
|
||||||
self.assertIn(lib_const.CORE, svc_plugins.keys())
|
self.assertIn(lib_const.CORE, svc_plugins.keys())
|
||||||
self.assertIn(lib_const.LOADBALANCER, svc_plugins.keys())
|
|
||||||
self.assertIn(dummy_plugin.DUMMY_SERVICE_TYPE, svc_plugins.keys())
|
self.assertIn(dummy_plugin.DUMMY_SERVICE_TYPE, svc_plugins.keys())
|
||||||
|
|
||||||
def test_load_default_service_plugins(self):
|
def test_load_default_service_plugins(self):
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
deprecations:
|
||||||
|
- |
|
||||||
|
Neutron LBaaS has now been retired. References to neutron-lbaas have been
|
||||||
|
removed from neutron. For more information see
|
||||||
|
https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation
|
Loading…
x
Reference in New Issue
Block a user