From da8d5b4770fc86392e953de01b7250506c032500 Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Thu, 6 Apr 2017 14:03:15 +0000 Subject: [PATCH] Allow to disable DVR api extension loading A lot of clouds using the router service plugin don't configure for DVR, but the service plugin still loads the extension, and exposes it via API. Which will break if api consumers (admins with default policy.json) attempt to create new style routers based on the information passed through /extensions/ api. This change introduces a new config option that allows to avoid loading the extension. For complatibility sake, it requires an opt-in from ops side to disable it, otherwise the extension is still loaded as before. This is helpful for automation matters. It may also be useful when preparing tempest.conf api_extensions=, when you could actually pass the result of /extensions/ request into tempest and expect the test suite to pass without yanking dvr off the list for non-dvr setups. We could go further and try to check if the controller is configured properly. That is complicated by the fact that f.e. such validation may require talking to ml2 drivers, or even agents, which is not feasible during api startup. Change-Id: I84be9be93862fe71a2d5b5322d7ebd476c784163 Related-Bug: #1450067 --- neutron/db/l3_dvr_db.py | 4 +++ .../services/l3_router/l3_router_plugin.py | 28 +++++++++++++--- neutron/tests/contrib/gate_hook.sh | 4 +++ neutron/tests/contrib/hooks/disable_dvr | 4 +++ .../l3_router/test_l3_router_plugin.py | 33 +++++++++++++++++++ .../add-enable-dvr-knob-636268f775bb4569.yaml | 12 +++++++ 6 files changed, 81 insertions(+), 4 deletions(-) create mode 100644 neutron/tests/contrib/hooks/disable_dvr create mode 100644 neutron/tests/unit/services/l3_router/test_l3_router_plugin.py create mode 100644 releasenotes/notes/add-enable-dvr-knob-636268f775bb4569.yaml diff --git a/neutron/db/l3_dvr_db.py b/neutron/db/l3_dvr_db.py index ac327606ae0..a91c9839528 100644 --- a/neutron/db/l3_dvr_db.py +++ b/neutron/db/l3_dvr_db.py @@ -49,6 +49,10 @@ router_distributed_opts = [ default=False, help=_("System-wide flag to determine the type of router " "that tenants can create. Only admin can override.")), + cfg.BoolOpt('enable_dvr', + default=True, + help=_("Determine if setup is configured for DVR. If False, " + "DVR API extension will be disabled.")), ] cfg.CONF.register_opts(router_distributed_opts) diff --git a/neutron/services/l3_router/l3_router_plugin.py b/neutron/services/l3_router/l3_router_plugin.py index e1e7649be61..c2ab0a69a71 100644 --- a/neutron/services/l3_router/l3_router_plugin.py +++ b/neutron/services/l3_router/l3_router_plugin.py @@ -17,8 +17,10 @@ from neutron_lib import constants as n_const from neutron_lib.services import base as service_base from oslo_config import cfg from oslo_log import helpers as log_helpers +from oslo_log import log as logging from oslo_utils import importutils +from neutron._i18n import _LI from neutron.api.rpc.agentnotifiers import l3_rpc_agent_api from neutron.api.rpc.handlers import l3_rpc from neutron.common import rpc as n_rpc @@ -39,6 +41,16 @@ from neutron import service from neutron.services.l3_router.service_providers import driver_controller +LOG = logging.getLogger(__name__) + + +def disable_dvr_extension_by_config(aliases): + if not cfg.CONF.enable_dvr: + LOG.info(_LI('Disabled DVR extension.')) + if 'dvr' in aliases: + aliases.remove('dvr') + + class L3RouterPlugin(service_base.ServicePluginBase, common_db_mixin.CommonDbMixin, extraroute_db.ExtraRoute_db_mixin, @@ -56,10 +68,10 @@ class L3RouterPlugin(service_base.ServicePluginBase, l3_db.L3_NAT_db_mixin, l3_hamode_db.L3_HA_NAT_db_mixin, l3_dvr_db.L3_NAT_with_dvr_db_mixin, and extraroute_db.ExtraRoute_db_mixin. """ - supported_extension_aliases = ["dvr", "router", "ext-gw-mode", - "extraroute", "l3_agent_scheduler", - "l3-ha", "router_availability_zone", - "l3-flavors"] + _supported_extension_aliases = ["dvr", "router", "ext-gw-mode", + "extraroute", "l3_agent_scheduler", + "l3-ha", "router_availability_zone", + "l3-flavors"] __native_pagination_support = True __native_sorting_support = True @@ -83,6 +95,14 @@ class L3RouterPlugin(service_base.ServicePluginBase, self.add_worker(rpc_worker) self.l3_driver_controller = driver_controller.DriverController(self) + @property + def supported_extension_aliases(self): + if not hasattr(self, '_aliases'): + aliases = self._supported_extension_aliases[:] + disable_dvr_extension_by_config(aliases) + self._aliases = aliases + return self._aliases + @log_helpers.log_method_call def start_rpc_listeners(self): # RPC support diff --git a/neutron/tests/contrib/gate_hook.sh b/neutron/tests/contrib/gate_hook.sh index eb3b2e4087b..8e62c5960a8 100644 --- a/neutron/tests/contrib/gate_hook.sh +++ b/neutron/tests/contrib/gate_hook.sh @@ -85,6 +85,7 @@ case $VENV in ;; "api"|"api-pecan"|"full-ovsfw"|"full-pecan"|"dsvm-scenario-ovs"|"dsvm-scenario-linuxbridge") + # TODO(ihrachys) consider feeding result of ext-list into tempest.conf load_rc_hook api_all_extensions if [ "${FLAVOR}" = "dvrskip" ]; then load_rc_hook disable_dvr_tests @@ -108,6 +109,9 @@ case $VENV in if [[ "$VENV" =~ "ovs" ]]; then load_conf_hook ovsfw fi + if [[ "$FLAVOR" = "dvrskip" ]]; then + load_conf_hook disable_dvr + fi export DEVSTACK_LOCALCONF=$(cat $LOCAL_CONF) $BASE/new/devstack-gate/devstack-vm-gate.sh diff --git a/neutron/tests/contrib/hooks/disable_dvr b/neutron/tests/contrib/hooks/disable_dvr new file mode 100644 index 00000000000..ac9cec3db52 --- /dev/null +++ b/neutron/tests/contrib/hooks/disable_dvr @@ -0,0 +1,4 @@ +[[post-config|/$NEUTRON_CONF]] + +[DEFAULT] +enable_dvr=False diff --git a/neutron/tests/unit/services/l3_router/test_l3_router_plugin.py b/neutron/tests/unit/services/l3_router/test_l3_router_plugin.py new file mode 100644 index 00000000000..f045e58567b --- /dev/null +++ b/neutron/tests/unit/services/l3_router/test_l3_router_plugin.py @@ -0,0 +1,33 @@ +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from oslo_config import cfg + +from neutron.services.l3_router import l3_router_plugin as lrp +from neutron.tests import base + + +class TestL3PluginDvrConditional(base.BaseTestCase): + + def _test_dvr_alias_exposed(self, enabled): + cfg.CONF.set_override('enable_dvr', enabled) + plugin = lrp.L3RouterPlugin() + exposed = 'dvr' in plugin.supported_extension_aliases + self.assertEqual(enabled, exposed) + + def test_dvr_alias_exposed_enabled(self): + self._test_dvr_alias_exposed(enabled=True) + + def test_dvr_alias_exposed_disabled(self): + self._test_dvr_alias_exposed(enabled=False) diff --git a/releasenotes/notes/add-enable-dvr-knob-636268f775bb4569.yaml b/releasenotes/notes/add-enable-dvr-knob-636268f775bb4569.yaml new file mode 100644 index 00000000000..d75d5cc5fd0 --- /dev/null +++ b/releasenotes/notes/add-enable-dvr-knob-636268f775bb4569.yaml @@ -0,0 +1,12 @@ +--- +features: + - | + Allow to configure ``router`` service plugin without ``dvr`` API extension + loaded and exposed. To achieve that, set the new ``enable_dvr`` option to + ``False`` in ``neutron.conf`` file. +upgrade: + - | + Consider setting ``enable_dvr`` to ``False`` in ``neutron.conf`` file if + your setup doesn't support DVR. This will make Neutron stop advertising + support for the ``dvr`` API extension via its ``/v2.0/extensions`` API + endpoint.