* This patch adds support for subnets created with 'ipv6_address_mode'
set to 'dhcpv6-stateful' or 'dhcpv6-stateless' by dnsmasq.
* If no dnsmasq process for subnet's network is launched, Neutron
will launch new dnsmasq process on subnet's dhcp port in 'qdhcp-'
namespace. If previous dnsmasq process is already launched,
restart dnsmasq with new configuration.
* Neutron will update dnsmasq process and restart it when subnet
gets updated.
* This patch enforces the version check of dnsmasq. dhcp-agent will
fail to start if version of dnsmasq<2.63.
DocImpact
UpgradeImpact
Blueprint dnsmasq-ipv6-dhcpv6-stateful
Blueprint dnsmasq-ipv6-dhcpv6-stateless
Change-Id: I30e9950bbc5a89f01ccb9c561471f155a9fd1d11
When using dhcp-agent with the following property dhcp_domain=""
addn_hosts and host files genererated for Dnsmasq have wrong syntax
concerning hostname parameter (dot char at the end).
As described in RFC-952 the hostname grammar is as follows:
<hname> ::= <name>*["."<name>]
<name> ::= <let>[*[<let-or-digit-or-hyphen>]<let-or-digit>]
Hence it can't be conclude with a dot char.
Dnsmasq process is waiting for a hostname (2nd parameter) in the
following files:
"addn_hosts" file contains:
20.0.0.3 host-20-0-0-3. host-20-0-0-3
"host" file contains:
fa:16:3e:bf:e1:e4,host-20-0-0-3.,20.0.0.3
With the patch you will get:
"addn_hosts":
20.0.0.3 host-20-0-0-3 host-20-0-0-3
"host":
fa:16:3e:bf:e1:e4,host-20-0-0-3,20.0.0.3
Change-Id: I4c10169019becaed6b2968b74f03ef356244a057
Closes-Bug: #1326256
This patch bumps the min version requirement from 2.59 to 2.63
for dnsmasq which is needed to use multiple tags for dual stack IPv4/6.
DocImpact
Change-Id: Ib71b8a3a866f5781b57d1589741bcaae594b76db
Closes-bug: 1233339
When it is not possible to determinate the dnsmasq version
or dnsmasq is not installed, neutron shows only a warning message.
With this commit the dhcp-agent process will be stopped if the
dnsmasq service is not installed.
Modifies the dhcp version unit test with the expected SystemExit exception
Change-Id: Ia26eaae6f432305f412a4b6a4a6b2b7b15d99d45
Closes-Bug: 1212401
In certain configurations, Neutron calculates SLAAC addresses for IPv6
subnets and adds them to the fixed_ips field of a port. Since those
subnets are not being managed by DHCP, do not add those fixed_ip entries
to the host file.
Closes-bug: #1316190
Related-bug: #1257446
Change-Id: I77dd55063296990c9df385f331f5de5d42402786
DictModel is a dict where keys are accessible via attribute access.
The old version was an object with attributes created from dict keys and many
attributes where accessible only via getattr because they did not have a valid
python attribute naming (i.e.: 'provider:network_type' is not a valid
python variable/attribute name)::
>>> d.provider:network_type
File "<stdin>", line 1
d.provider:network_type
^
SyntaxError: invalid syntax
This time we just subclass dict with attribute access to keys.
So dict keys are accessible via attribute access but remain accessible via key
access::
>>> d = DictModel({'foo': 'bar', 'provider:network_type': 'something'})
>>> d.foo == d['foo']
... True
>>> getattr(d, 'provider:network_type') == d.get('provider:network_type')
... True
>>> getattr(d, 'provider:network_type') == d['provider:network_type']
... True
One of the big advantages when debugging is that now in pdb, pp(d) (where d is
a DictModel instance) shows a nice dictionary structure, while with the old
version whe had to perform a "dir(d)" and introspect each attribute...
Change-Id: I05fad7cd9763f97f61680d45e1b6592a80049541
Closes-Bug: 1251653
When setting a gateway and additional host routes in neutron subnet, the
gateway is only sent to clients via the router dhcp option, dhcp clients
conforming to rfc3442 will ignore router option if
classless-static-routes are available. This patch ensures setting both
the router option and the classless-static-routes including the gateway
Change-Id: Ia00b9385025020f848872309ae42ddac08528f53
Closes-Bug: #1317935
This is caused by a missing network_id in the port body.
This patch adds it so that a warning message can be traced
correctly. Wording is slightly tweaked to ensure it applies
to the right context.
Closes-bug: #1324194
Change-Id: I4b67b5c3584aa33278eb0e9e879ca338ba0ca8b0
Process a dhcp_lease_duration value of -1 as 'infinite'
when setting the dnsmasq dhcp-range values to support
cases where it is undesirable for instance dhcp leases
to expire.
DocImpact
Closes-Bug: #1315430
Change-Id: I1cc3cfebfec355014e6d5b5cbd656a1300c43c0b
This change provides a way to save the dhcp port when failing
over a network from one dhcp agent to another. When a
dhcp-agent-network-remove is issued, the dhcp port device_id is
marked as reserved which causes it to not be deleted. When a
subsequent dhcp-agent-network-add is issued, the reserved port
is used and the device_id is corrected. This is desirable
in order to maintain the dhcp port ip address so that dns doesn't
get impacted. Unit test added.
Change-Id: I531d7ffab074b01adfe186d2c3df43ca978359cd
Closes-Bug: #1288923
Don't log the error using LOG.error or LOG.exception and then
passing the same string to SystemExit since this will result in the
error being logged twice. Instead log the error and raise SystemExit(1).
Change-Id: I88b6632e6596a36a7168155dd4219e7d55078621
A DHCP-network was deleted from one host using neutron
dhcp-agent-network-remove and then added to another host
using neutron dhcp-agent-network-add command. While the
dhcp-agent-network-remove command was in progress, the
host crashed. As a result, the removal of the DHCP-network
was partially done. The network was disassociated from
the agent in mysql. However, the agent never made the
release_dhcp_port RPC call to delete the port -- even
after the agent restarted. The end result is that there
are two DHCP ports for the same network. One of these
is found on the host that is no longer hosting the
dhcp-server.
This fix make the DHCP agent invoke the release_dhcp_port
RPC call on a stale network whose dnsmasq process is not
running (not active). Before this change, the RPC call is
made on a stale network only when the dnsmasq process is
running.
Closes-Bug: #1244860
Change-Id: Ie0bafdac698810b5455550c306c6a75ddf91d9bb
The DHCP agent should check not only that an interface for
network's DHCP exists but also make sure that is UP before
adding a default route.
For this purpose a method "ensure_device_is_ready" was
added to ip_lib.
Change-Id: I9af06aa0f39634fe7b63c064337cd4191db5c026
Closes-bug: #1302312
This flag is never used, it's always set to True by
DhcpLocalProcess.enable()
Change-Id: Ic30e0f2c97679d5919cc4e4afeb38666a6d41392
Closes-bug: #1305083
_set_default_route() was using an RPC to the plugin to get the DHCP
port for the network on the current host, and then used it to form
the tap device name. This happened on every allocation reload too.
This fix removes the RPC and gets the tap device name using local
methods instead. It also removes an unnecessary call to set the
default route in the restart method.
Closes-Bug: 1290068
Related-Bug: 1294254
Change-Id: I639bcf93725c4969d1011d2d20491d461ccfdbed
Each dnsmasq instance on a network is not aware of other dnsmasq's leases.
When dnsmasq is launched with --no-hosts and is not provided an --addn-hosts
file, it can resolve only the hosts to which it gives a dhcp lease and no more.
i.e.:
If dnsmasq service n°1 gives a lease to instance n°1, and dnsmasq service n°2
gives a lease to instance n°2, both VM instances and dnsmasq services being on
the same network: instance n°1 can not resolve instance n°2, because instance
n°1 queries dnsmasq n°1, and since it did not give the lease to instance n°2,
it can not resolve it (it is not aware of its existence). Same issue if
instance n°2 tries to resolve instance n°1.
The solution is to provide dnsmasq with an --addn-hosts file of all hosts on
the network. With an --addn-hosts file, each dnsmasq instance is aware of all
the hosts on the network even if they do not give the lease for a host,
therefore each dnsmasq instance can resolve any host on their network even if
they did not provide the lease for it themselves.
Change-Id: Ic6d4f7854d250889dded5491e4693fcdce32ed00
Fixes: bug #1242712
We've been seeing things that appear to be races between the hosts
files being written out for dnsmasq and dhcp requests coming in. We
will get occasional errors from dnsmasq saying "no address available",
"duplicate IP address" but by the time you look, the corresponding
host file has long since been replaced.
If we had some debugging like this, we could at least correlate what
neutron thought dnsmasq knew at the time the requests were coming in.
We store the filename to avoid multiple lookups, and also
s/name/filename/ to avoid ambiguity and be more consistent with the
rest of the code.
Closes-Bug: #1294892
Change-Id: Ifa92ca71419ce0155b28d2015eff9e82557a0825
This patch replaces all occurences of the strings
prefixed by network:* by their constant equivalent.
Closes-bug: #1270863
Change-Id: I149cc0ab7bde08ea83057e6c0697f668edbe29db
I saw some code in a couple of reviews today that check whether a
namespace is set and run it under "ip netns exec ..." if it is.
Otherwise, it runs the command without it in the default namespace.
Change-Id: I55e8f4f3523ec7a7c5a6f082addf918952a05741
Closes-Bug: #1287524
Some config options(interface_driver, use_namespaces) are defined
multiple times in ad-hoc way. It causes DuplicateOptError exception
when using those module at the same time. Right now the exception is
avoided in ad-hoc way by each executable. Those duplicated
definitions should be consolidated and treated in uniformed way.
This is the blocker for blueprint: l3-agent-consolidation
neutron.services.loadbalancer.drivers.haproxy.agent periodic_interval
conflicts with neutron.service one. Since there is no way to fix it
without changing existing behavior/default value, it is untouched for now.
Closes-bug: #1279769
Change-Id: Ifed79b7ee0033644854499416f8a2b22a20416fe
Currrently, due to in dnsmasq host file, the IPv6 address does
not be wrapped with '[]', dnsmasq cannot distinguish IPv6 address
from MAC address, it will cause the deployed instances cannot get
IPv6 address via dnsmasq dhcp service.
Change-Id: I023e44667a238664d11f2ac2cc484432cd301bcc
Closes-Bug: #1281916
to keep Python 3.x compatibility, use six.StringIO/BytesIO to
replace StringIO.StringIO
StringIO works for unicode
BytesIO works for bytes
Change-Id: I3892098e31d8d6984d58136110aae653dc4047ab
Closes-Bug: #1280100
This patch change the dnsmasq_server configuration option to a ListOpt
in order to enable user to specify multiple DNS forwarders for each
dnsmasq instance.
DocImpact
Change-Id: I21963b4a6c99e4edb11040d77a6aeaa35ff44641
Closes-bug: #1240027
Neither the midonet nor the linux dhcp driver needs a call to
release_lease. Removing this from the driver API simplifies more code
in the DHCP agent.
Change-Id: Ib144b2bf3720b1b999205ace1a7d1ffe5ef3b167
Closes-Bug: #1269505
Certain situations can cause the DHCP agent's local cache to get out
of sync with the leases held internally by dnsmasq. This method of
detecting when to call dhcp_release is idempotent and not dependent on
the cache. It is more robust.
Change-Id: I4eafd9cfb94a77a2f0229f89de5483dad23725cf
Closes-Bug: #1250644
Add dhcp option which provides all agent IPs
which will be used as nameserver entries when
neutron uses multiple dhcp agent per network and
when there is no dns nameserver provided by the
neutron server.
Change-Id: I639a844bba212a731616851ff479a5e735612cf8
Closes-bug: #1259482
Ensure exceptions due to conflicting
state of network or subnet resources
are dealt with by the dhcp agent.
Closes-bug: #1253344
Related-bug: #1243726
Change-Id: I4fd51442c034fabc91d5a3f065f4df98f5fad35b
If a network/subnet is deleted while creating the dhcp
port, the agent will detect a conflict on state of the
network and deal with it accordingly.
A concurrent delete may manifest itself via a number
of exceptions, IPAddressGenerationFailure amongst others,
hence the refactoring of the error handling logic into its
own utility method.
Partial-bug: #1253344
Related-bug: #1243726
Change-Id: I442beb5f82f3db8786eea53926903ef0ba0efbf1
Adds a configuration option to tell the network agents to delete
namespaces when they are no longer in use. The option defaults to
False so that the agent will not attempt to delete namespaces in
environments where this is not safe.
This has been working well in deployments where iproute2 has been
patched with commit 58a3e8270fe72f8ed92687d3a3132c2a708582dd or it is
new enough to include it without being patched.
Change-Id: Ice5242c6f0446d16aaaa7ee353d674310297ef72
Closes-Bug: #1250596
Related-Bug: #1052535
Due to timing issues, when the agent synchronizes
with the server wrt the representation of server's
and agent's networks, networks may have already
been deleted from the db. In such circumstances,
it is more appropriate to emit warnings rather than
full-blown exceptions as the agent handles these
circumstances just fine.
Close-bug: 1251874
Change-Id: I4b118b6087c7f42226f0d4265d2176c028d99f22
__metaclass__ cannot be used in python3.
six be used in general for python 3 compatibility.
Change-Id: Ib0d71b9676dc01390679396443575c05975d3b58
Closes-Bug: #1236648
The SystemExit exception should be logged in dhcp-agent, the
operator may miss the useful exception messages to debug.
* Add error log for SystemExit in dhcp-agent.
* Add addCleanup(mock.patch.stopall) in setup()
* Remove teardown()
* Add unit test for None and nonexistent interface_driver.
Closes-Bug #1239030
Change-Id: I01bef69adecaaf8d8a919034d33c60a43e4469a7
The dhcp agent only pushes out the metadata
static route when the subnet is isolated, and it
determines that by checking if the gateway_ip is
not set. This makes it tricky to use external
routers and metadata from dhcp at the same time.
This patch changes how the dhcp agent determines
that the subnet is isolated. It now considers it
isolated if there is no Neutron router on it.
This makes it straightforward to use an external
router on a provider network and get the
metadata from the dhcp namespace.
Change-Id: I0e29a2f058564c267176dab26da00f6ef579808b
Closes-Bug: 1236783
This change dynamically adjusts the maximum number of leases based on
the size of the subnets associated with a network. The upper bound is
limited by a configurable option to keep the max reasonable and prevent
denial of service.
Closes bug: 1225200
Change-Id: I75c3907bcf45cd991eadf5dd8c8ad7f1eaab3c85
This change fixes an issue that is most acute in test/dev
environments but that may affect production environments
as well: the presence of DHCP directories that no longer
represent networks that exist in the Neutron DB. This
issue can manifest itself over time if you delete networks
from the Server while the Agent node is down.
Without this fix, at the agent start-up the method
existing_dhcp_networks will return an empty list, and
as a consequence the directories that belong to networks
that have been removed from the server will stay because
the sync logic will not process them as it only looks at
the mismatch between active networks on the agent and
active networks on the server. With the fix instead, we
return *all* existing dhcp networks; if they are meant to
be active, the agent will bring them up, if they no longer
exist on the server, then the agent will dispose of the
resources. The dnsmasq driver will do the right thing when
enabling or disabling the process.
Fixes bug #1195770
Change-Id: I194064a449801713051d01193adc706bcb687c82
Some users of the Pidfile class don't specify root_helper,
which then defaults to 'sudo', which will generate an error.
Remove root_helper altogether since we actually don't need
root priveleges to read /proc/$pid/cmdline.
Changed code to use open.readline() instead of a shell, and
tweaked tests accordingly.
Also cleaned-up the rootwrap filters that allow it as they
are not used anymore.
Fixes bug 1218142
Change-Id: I6691feb1c9f7bfa261a7ec464fd8f3f92168c302
With the introduction of extra_dhcp_opt extension, DHCP agent
stopped serving mac adresses when used in conjunction with a
plugin that doesn't support this extension. This fixes the agent
by not assuming that port dict contains extra_dhcp_opt key.
Closes Bug: #1219893
Change-Id: I5bb52f3092f04c5e332b43cb3a04de05edc29cf5
Teach neutron how to manage PXE boot.
Allow pxe boot parameters to be specified when creating a network port.
Implements bp:pxeboot-ports
Change-Id: I45fe7a16bc6c5975a765dd6a065558b9ba702e5b
This patch introduces some minor refactoring of the dhcp
code so that it is easy to support both an in-node/same
process dhcp provisioning model (e.g. with dnsmasq) and
proxy model, where DHCP is provided by an external node.
Higher separation of concerns is also achieved by doing
better data encapsulation.
Implements blueprint dhcp-flexi-model
Change-Id: Icbd215e9682ecaebb6a4300423f3564e8e677566
Previously neutron was keeping track of dhcp lease time in order
to ensure it didn't hand out an ip address that was already leased.
This patch removes that logic and instead leverages the dhcp_release
utility. This allows us to reuse ip addresses immediately after a port
is deleted. This patch also bumps the lease time to 24 hours instead
of 2 minutes with reduces the amount of dhcp traffic.
DocImpact
There is a DocImpact for this bug related to the upgrade path. One should
first upgrade their dhcp-agents. Then wait till the dhcp_lease time has
expired. Lastly, update neutron-server in order to avoid the case where
an instance is deleted and the dnsmasq process has not released the lease
and neturon allocates that ip to a new port.
Fixes bug: 1202392
Implements blueprint: remove-dhcp-lease
Change-Id: Ifcb4f093c92904ceb896438987d53e692eb7fb26
The latest dnsmasq no longer accepts hostnames which begin with a number. This
affects Fedora 19 right now, and will mean Fedora 19 will not work with Neutron
DHCP. dnsmasq should work with hostnames beginning with a number (RFC 1123 says
this is valid), but until this is fixed, many users will be left unable to use
Fedora 19 with Neutron.
This patch adds a "host-" prefix to each hostname entry generated by the DHCP
agent. This fixes the issue in Neutron.
Fixes bug 1204125
Change-Id: I0e29ec033969c3fb958ed3a12b8962b73b0e3d94
This change renames everything to Neutron while providing backwards
compatible adjustments for Grizzly configuration files.
implements blueprint: remove-use-of-quantum
Change-Id: Ie7d07ba7c89857e13d4ddc8f0e9b68de020a3d19
There is a currently a hacky way to get the dhcp-agent to hand out a
gateway route using a host route on the subnet. If you pass a route
that has 0.0.0.0/0 as its destination, dnsmasq will pass it as a static
route. Unfortunately it will also pass the router option if the subnet
has a gateway set. This is inconsistent and precludes users from options
that are available in nova-network like using an external gateway.
This patch fixes things by allowing a 0.0.0.0/0 host route to override
the router setting passed by dnsmasq. This prevents the situation
where dnsmasq hands out two default routes.
Change-Id: Ia70223070bfd437f1c2eb48fde94491d7ee61fcb
Having 2 separate dhcp lease period flags (dhcp_lease_duration
used by the quantum db plugin, and dhcp_lease_time used by the
dnsmasq dhcp agent) means that you could potentially have different
lease periods being set, and used by different parts of the codebase.
It seems to me there is no real need to have 2 separate flags, so this
commit basically replaces references to dhcp_lease_time (which is used
by the dnsmasq dhcpagent) with dhcp_lease_duration. This way, there
is only one flag to set, and both the quantum db plugin and dnsmasq
dhcp agent will use the same lease period.
Change-Id: Ia99dfa9284b6e737144f61a80c59cd898c0949bb
Fixes: bug #1192550
Python 3.x deprecated octal literals in the form 0755.
Use the Python 2.x compatible version 0o755 instead.
Change-Id: I90ea601847752ae04d4e403ffa16a537efe442e2
Following the bug fix for bug 1170793 we are able to add
in support for dnsmasq versions that do not support tags.
2.48 is the version shipped in RHEL 6.4
Change-Id: Ia7d2b1c0adb477159ce146bcd4323d4b2795bff5
Xu Han Peng
Bertrand Lallau
Aaron Rosen
Alexander Ignatov
Edgar Magana
liu-sheng
Sean M. Collins
Yves-Gwenael Bourhis
Christoph Arnold
armando-migliaccio
Erik Colnick
Ed Bak
Joe Gordon
Stephen Ma
rossella
Darragh O'Reilly
Ian Wienand
Sylvain Afchain
Carl Baldwin
Isaku Yamahata
Dazhao
He Yongli
armando-migliaccio
fujioka yuuichi
Hui HX Xiang
Mark McClain
Brian Haley
Francois Eleouet
dekehn
Aaron Rosen
Kyle Mestery
Peng Yong
Vishvananda Ishaya
Darren Birkett
Dirk Mueller
Gary Kotton