368 Commits

Author SHA1 Message Date
Hongbin Lu
6179b0b2eb Fix iptables metering driver entrypoint
Closes-Bug: #1786347
Change-Id: If1c276338cec0c199d8cc8d8f6385025a3bb5d25
(cherry picked from commit adf38349c45c8871a8858d3440a2c6fb4d967583)
2018-08-13 19:02:48 +00:00
ZhaoBo
de9b39ed2c [agent side] L3 agent side Floating IP port forwarding
This patch contains the l3 agent extension and agent part code.
This patch introduce a new l3 agent extension named "port_forwarding",
to process the binding of the port forwarding resources, manage its own
floatingip configuration on router interface and floatingip status.
Currrently, we support all Neutron Router reference implementations.

This extension uses the period router sync task and PortForwarding OVO
rpc.

* The main idea about this new extension is using the generic router sync
  rpc to maintain the host port forwarding resources,
* For a single port forwarding create/update/delete, process it one by one
  in smaller scope for forbidding refresh the iptables with a larger
  scope frequently.

Partially-Implements: blueprint port-forwarding
Partial-Bug: #1491317
Change-Id: Ic56e67d428f6177099c285a9d1bccabc1e710f2b
2018-07-27 18:25:47 +08:00
ZhaoBo
21ae99d5b3 [server side] Floating IP port forwarding plugin
This patch implements the plugin.
This patch introduces an new service plugin for port forwarding resources,
named 'pf_plugin', and supports create/update/delete port forwarding
operation towards a free Floating IP.

This patch including some works below:
* Introduces portforwarding extension and the base class of plugin
* Introduces portforwarding plugin, support CRUD port forwarding
resources
* Add the policy of portforwarding

The race issue fix in:
https://review.openstack.org/#/c/574673/

Fip extend port forwarding field addition in:
https://review.openstack.org/#/c/575326/

Partially-Implements: blueprint port-forwarding
Change-Id: Ibc446f8234bff80d5b16c988f900d3940245ba89
Partial-Bug: #1491317
2018-07-26 11:43:34 +08:00
Boden R
232ba4ef3c expose objects as entry points in setup.cfg
We've already added support for pluggable (via entry points) object
loading in neutron-lib with [1]

This patch exposes the neutron.objects in setup.cfg using entry points
so that consumers can start to use them via the API in [1] rather than
directly import them from neutron.

[1] https://review.openstack.org/#/c/553838/

Change-Id: I25ddd77c55f48997ff6131f232addb4c2e629804
2018-05-24 09:49:03 -06:00
LIU Yulong
5e59cd2a5f Refactor for L3 router QoS extensions
Move the l3 qos extensions to a separated folder,
then we can move a following up router gateway IP
QoS extension to it.

And also extract some common code to a base class.

Related-Bug: #1757044
Change-Id: I63cc9506caa80f889ad817444281a0ac31bc9418
2018-05-17 10:11:27 +08:00
Brian Haley
3ad91f61f2 Remove deprecated IVS interface driver
This was marked deprecated in Queens for removal in Rocky,
https://review.openstack.org/#/c/505401/

Change-Id: I77fa59ae1819e87ab8ccc1fa5f0db86de3b90e2e
2018-04-26 20:15:46 +00:00
Nguyen Hai
0556a2ab73 Follow the new PTI for document build
For compliance with the Project Testing Interface as described in:
https://governance.openstack.org/tc/reference/project-testing-interface.html
http://lists.openstack.org/pipermail/openstack-dev/2017-December/125710.html

Remove the '[build_sphinx]' as described in:
http://lists.openstack.org/pipermail/openstack-dev/2018-March/128594.html

Change-Id: Id3d7065028b4c0831e6b5c2363b19626734817a3
2018-03-24 13:23:33 +09:00
Zuul
f8ce05c071 Merge "Include all rootwrap filters when building wheels" 2018-03-08 14:29:03 +00:00
Nguyen Phuong An
7bd8b37e38 [log] ovs fw logging implementation
This patch implements ovs firewall logging driver for security group
base discussed on the spec [1] and [2]

[1] https://specs.openstack.org/openstack/neutron-specs/specs/pike/logging-API-for-security-group-rules.html
[2] https://docs.google.com/presentation/d/1fteBesETsmA7CWV6wf1i2QKa7k8EHPpRjytj8Rzeb-A/edit#slide=id.p

Change-Id: Ib8668dd25ee7c5000a6dafcc7db3dbc33ad190be
Co-Authored-By: IWAMOTO Toshihiro <iwamoto@valinux.co.jp>
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
2018-01-09 09:26:40 +07:00
LIU Yulong
d0aaae2800 [L3][QoS] L3 agent side Floating IP rate limit
This patch implements the L3 agent side floating IP rate limit.
For all routers, if floating IP has qos rules, the corresponding
TC filters will be added to:
1. for legacy/HA router, the device is qg-device of qrouter-namespace,
   aka router gateway in network node.
2. for dvr (HA) router in compute node, the device is rfp-device, the
   namespace is qrouter-namespace.
3. for dvr (HA) router in network node, the device is qg-device in
   snat-namespace.

Partially-Implements blueprint: floating-ip-rate-limit

Change-Id: Ie8a5fe4ebaeccfb3998732dd972663c54542b5bf
2017-12-20 10:20:05 +08:00
Nguyen Phuong An
081870b1a5 [log]: Change entry point name of logging plugin
The name ('logapi') seems redundant 'api' and it looks inconsistent
with entry point name of logging agent extension ('log') and
LoggingPlugin class[1]. So this patch change 'logapi' to 'log' to
make it look consistent.

[1] https://github.com/openstack/neutron/blob/master/neutron/services/logapi/logging_plugin.py#L27

Change-Id: I57d0b86823670a1dc5d116d98059993c802ef86c
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
2017-12-19 14:31:00 +07:00
Chandan Kumar
813295f8cf Remove the bundled intree neutron tempest plugin
The plugin has been split into its own repository[1] in accordance with
Queens Goal "Split Tempest Plugins into Separate Repos/Projects[2]".
This patch removes the local copy as well as the setuptools entry point.
We can also now remove the autodoc_tree_excludes pbr option since
there's no more plugin to exclude and it defaults to [setup.py].

The patch leaves still in-tree base classes and constants in order to
avoid breakage of projects depending on such code. In the future, we
will deprecate those and gradually move affected subprojects to the new
repo.

List of affected repositories:
 - neutron-vpnaas
 - openstack-ansible-os_neutron
 - tripleo-quickstart-extras
 - networking-midonet
 - networking-l2gw
 - neutron-dynamic-routing
 - networking-vsphere
 - networking-plumgrid
 - networking-zvm

[1] http://git.openstack.org/cgit/openstack/neutron-tempest-plugin
[2] https://governance.openstack.org/tc/goals/queens/split-tempest-plugins.html

Depends-On: I371aa4d5f043f695df04b98b0f485c8f0548f2b3

Change-Id: Ia21aad29d0bbf779583964db6f1665c9b3b83161
2017-11-22 12:54:33 -08:00
Nguyen Phuong An
bb8954a228 [log]: implement logging agent extension
This patch introduces generic logging agent extension following
the spec [1].

[1] https://specs.openstack.org/openstack/neutron-specs/specs/pike/logging-API-for-security-group-rules.html

Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>

Change-Id: I1a59367cf23060fb1a0cd9bab6772b22da15c9f0
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
2017-10-11 16:04:14 +07:00
Jesse Pretorius
45f1404c68 Include all rootwrap filters when building wheels
The current method of specifying each rootwrap filter
in the file list is prone to errors when adding or
removing filters. Instead of relying on a manually
maintained list this patch just includes all the files
of the correct naming convention from the applicable
folder. This is simpler and easier to maintain.

Closes-Bug: #1718356
Change-Id: I7f8c55f63d1c5a85a6a92062e918426f7d2d3c35
2017-09-22 11:38:16 +00:00
Akihiro Motoki
d3c393ff6b Update the documentation link for doc migration
* Update the URLs affected by the doc-migration
  (/developer/<project>/ to <project>/latest/)
* Follow content rearrangement
* Convert links to local documents into :doc: or :ref:
* Use https instead of http for the updated links on docs.openstack.org.

Part of the doc-migration work.

Change-Id: I62e317d9198f175a43d73bbfd419b6878de90d5a
2017-07-22 18:46:13 +09:00
Jenkins
8c0bc37325 Merge "Add dns_domain attribute to ports in the API" 2017-07-21 00:00:15 +00:00
Miguel Lavalle
190b31e03a Add dns_domain attribute to ports in the API
This change adds a dns_domain attribute to ports in the API.

This patchset belongs to a series that adds dns_domain attribute
functionality to ports.

Change-Id: Ied1f2f0c1e96ae21c309b6e6fed9e3c602b0450b
Partial-Bug: #1650678
2017-07-13 16:51:54 -05:00
Nguyen Phuong An
913c9e78b9 [log]: implement logging plugin
This patch introduces the logging api definition and initial
implementation of LoggingApiPlugin. The api definition code will
be removed after [1] has been merged on neutron lib.

[1]https://review.openstack.org/#/c/415817/

Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>

Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
Change-Id: Iace31506502de25da9dce5fcfdbfe2c726bea27f
2017-07-12 13:30:50 +07:00
Jenkins
916bc96ee2 Merge "Expose neutron api application as a wsgi script" 2017-04-20 05:53:18 +00:00
Miguel Angel Ajo
6037e53f07 Remove deprecated support for QoS notification_drivers
In Ocata, notification_drivers were deprecated in favor of
the new QoSDriver architecture.

This patch removes backwards compatible support for notification
drivers along with its testing.

Change-Id: I5f747635be3fd66b70326d9f94c85a6736286bd2
2017-04-17 06:32:01 -07:00
Victor Morales
429703a9a8 Expose neutron api application as a wsgi script
This can then be loaded into a wsgi compatible web server like
apache2/httpd or nginx.

DocImpact A new neutron-api script is installed, and can be used to
start either a standalone wsgi server (calling the script directly),
or as a wsgi script loaded by a web server (e.g. by httpd/mod_wsgi).

Change-Id: Ie9bb8b33f6e1335219e574d832ac264b043d90e6
Partial-Bug: #1666779
Co-Authored-By: Brandon Logan <brandon.logan@rackspace.com>
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
2017-04-17 02:07:27 +00:00
Jenkins
f61955a74a Merge "Port data plane status extension implementation" 2017-04-16 04:15:17 +00:00
Carlos Goncalves
89de63de05 Port data plane status extension implementation
Implements the port data plane status extension. Third parties
can report via Neutron API issues in the underlying data plane
affecting connectivity from/to Neutron ports.

Supported statuses:
  - None: no status being reported; default value
  - ACTIVE: all is up and running
  - DOWN: no traffic can flow from/to the Neutron port

Setting attribute available to admin or any user with specific role
(default role: data_plane_integrator).

ML2 extension driver loaded on request via configuration:

  [ml2]
  extension_drivers = data_plane_status

Related-Bug: #1598081
Related-Bug: #1575146

DocImpact: users can get status of the underlying port data plane;
attribute writable by admin users and users granted the
'data-plane-integrator' role.
APIImpact: port now has data_plane_status attr, set on port update

Implements: blueprint port-data-plane-status

Depends-On: I04eef902b3310f799b1ce7ea44ed7cf77c74da04
Change-Id: Ic9e1e3ed9e3d4b88a4292114f4cb4192ac4b3502
2017-04-11 19:56:13 +00:00
Trevor McCasland
453e8064a5 Exit on failure to load mechanism drivers
By using the on_missing_entrypoints_callback and
on_load_failure_callback options[1] we can call a handler for the
missing driver error properly.

As the bug states, I logged it as a critical failure and terminated
the neutron server.

I used SystemExit, I wasn't sure if there was a more graceful way
of exiting.

[1] http://docs.openstack.org/developer/stevedore/managers.html

Change-Id: Id18afd159d0b0ada0cc36964dd9c1ebe7a1cd94b
Closes-Bug: #1659290
2017-04-11 09:56:08 -05:00
Jenkins
2dc0b20a87 Merge "Let setup.py compile_catalog process all language files" 2017-04-04 22:53:53 +00:00
Jenkins
e3ffe24b2c Merge "Update metering agent to use stevedore alias for driver" 2017-04-02 03:50:09 +00:00
Jean-Philippe Evrard
c9d4698409 Update metering agent to use stevedore alias for driver
Currently the metering agent is using the old import method,
use stevedore instead.

DocImpact

Two places in the networking guide should change to
'driver = iptables' from current format.

Partial-Bug: #1504536
Change-Id: I1e6d196a3ada8fbfc2b70d6a983984d8db09bbd0
2017-03-27 16:28:15 -04:00
Sven Anderson
cf42abc85e Let setup.py compile_catalog process all language files
Two years ago the translation files have been split into several
files, separating the log messages of different log levels from each
other, like X.pot, X-log-warning.pot, X-log-info.pot, and so on.
However, the setup.py command `compile_catalogs`, that comes from the
babel package and compiles the corresponding .po files into .mo
files, only supported one file per python package.  This means that
during packaging `compile_catalogs` never compiled the X-log-*.po
files, so the corresponding translations were always missing.

Since babel 2.3 the domain can be set to a space separated list of
domains.  This change adds the the additional log level files to the
domain list.

Change-Id: I436072d03f401240df6d7b8348616bc7c4731c4a
Closes-Bug: #1536226
2017-03-15 04:27:23 +00:00
Jenkins
26b8848a9e Merge "Switch ns-metadata-proxy to haproxy" 2017-03-14 17:32:13 +00:00
Daniel Alvarez
3b22541a2a Switch ns-metadata-proxy to haproxy
Due to the high memory footprint of current Python ns-metadata-proxy,
it has to be replaced with a lighter process to avoid OOM conditions in
large environments.

This patch spawns haproxy through a process monitor using a pidfile.
This allows tracking the process and respawn it if necessary as it was
done before. Also, it implements an upgrade path which consists of
detecting any running Python instance of ns-metadata-proxy and
replacing them by haproxy. Therefore, upgrades will take place by
simply restarting neutron-l3-agent and neutron-dhcp-agent.

According to /proc/<pid>/smaps, memory footprint goes down from ~50MB
to ~1.5MB.

Also, haproxy is added to bindep in order to ensure that it's installed.

UpgradeImpact

Depends-On: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
Depends-On: Ia37368a7ff38ea48c683a7bad76f87697e194b04

Closes-Bug: #1524916
Change-Id: I5a75cc582dca48defafb440207d10e2f7b4f218b
2017-03-08 15:20:50 +00:00
Andreas Jaeger
5c5fcaf528 Use Sphinx 1.5 warning-is-error
With pbr 2.0 and Sphinx 1.5, the setting for treat sphinx warnings as
errors is setting warning-is-error in build_sphinx section. Migrate
the setting from the old warnerrors one.

Change-Id: Ic4f2dd097137e4fa12acbdbfa47ea078d1b6d105
2017-03-04 02:30:10 +00:00
Jenkins
42747c03b4 Merge "Remove python 3.4 support" 2017-02-08 05:09:55 +00:00
Kevin Benton
1e1e7a842f Add Loki service plugin for optional DB havoc
This adds a service plugin to introduce random delays
and deadlocks to DB operations to make it easier for
us to see that retry decorators are correctly applied
and race conditions are handled.

Change-Id: I8e283c1b53165faee548d26b3560a2c883dfb977
2017-02-03 05:12:33 -08:00
Jianghua Wang
8047da17db XenAPI: Support daemon mode for rootwrap
For Neutron's compute agent in a XenServer's compute node, the commands
actually need run in Dom0. Currently XenServer only supports rootwrap
for that purpose by invoking a script which invokes XenAPI to execute
commands in dom0. There are much performance overhead due to it requires
parsing on the script and the configuration file every time running
commands.

This change is to support daemon mode with which each agent service will
call XenAPI directly to execute commands in dom0. And it will keep the
single XenAPI session.

DocImpact: Need update the following configuration.

file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
root_helper_daemon = xenapi_root_helper
[xenapi]
connection_url = http://169.254.0.1
connection_username = root
connection_password = xenroot

Closes-Bug: #1585510
Change-Id: I684034359fe0571bc92dbcf342a9821553b1da35
2017-01-19 07:33:43 +00:00
Gary Kotton
36f55b33f8 Remove python 3.4 support
The gating on python 3.4 is restricted to <= Mitaka. There is no
need to continue to keep these settings.

From Newton onwards we are gating on python 3.5.

Change-Id: Ib6e6c62212796f493bb99fb3c5e39ab4f2e45cfc
2017-01-08 05:37:48 -08:00
Daniel Alvarez
1d38f30555 Kill processes when cleaning up namespaces
This patch will kill processes that are listening on any port/UNIX
socket within the namespace to be cleaned up. To kill them it will
issue a SIGTERM to them (or to their parents if they were forked) and,
if they don't die after a few seconds, a SIGKILL to them and all their
children.

This is intended for those cases when there's no specific cleanup and
serves as a fallback method.

Change-Id: I4195f633ef4a1788496d1293846f19eef89416aa
Partial-Bug: #1403455
2016-12-20 10:52:41 +00:00
Henry Gessau
562b6380b8 Remove legacy oslo.messaging.notify.drivers
These were deprecated in https://review.openstack.org/247906

Now that Liberty is EOL we can remove these legacy entrypoints.

Closes-Bug: #1639103

Change-Id: I94e61cb219b23ce2f5d0f34dc9ae1c87650568bd
2016-11-23 16:07:57 +00:00
Jenkins
377a5c2362 Merge "Expose OVS bridge related options into metering agent config file" 2016-11-22 08:37:08 +00:00
Edan David
e8fd2505e2 SR-IOV: Remove deprecated supported_pci_vendor_devs option
The SR-IOV option supported_pci_vendor_devs has been deprecated in Newton
and This change removes it from Ocata.

Change-Id: I42dadfd0b62730ca2d34d37cb63f19f6fec75567
2016-10-31 18:33:26 +02:00
Ihar Hrachyshka
a8e1badbd2 Expose OVS bridge related options into metering agent config file
Agent state options (report_interval), or interface related options
(f.e. ovs_integration_bridge) should be exposed into all configuration
files for all agents that may report a state, or instantiate a bridge
object.

Since some of options that were previously considered 'base' don't apply
to metering agent (specifically, availability_zone), moved them into
separate lists and included them into relevant agents (l3 and dhcp).

The only glitch with the change is that log_agent_heartbeats option is
now exposed into metering agent configuration file, even though the
agent does not honour it. I think it's minor and we can live with it.

Change-Id: Ibceca20cec60e75a8c6ddd35f3f9cb8cca272a9e
2016-10-02 12:33:52 +00:00
Bernard Cafarelli
d1389dcc4b Install dibbler.filters rootwrap file
This file was added in https://review.openstack.org/#/c/185977, but was
not listed in setup.cfg
As a consequence, it is not installed in current RDO packages

Closes-Bug: #1626132
Change-Id: I1b87d89367ab534164394f9f18e81223ff4111ce
2016-09-21 16:41:05 +02:00
Kevin Benton
424a633fd9 Include timezone in timestamp fields
The Neutron 'created_at'/'updated_at' fields on API resources
were inconsistent with other OpenStack projects because we did
not include timezone information. This patch addressed that
problem by adding the zulu time indicator onto the end of the
fields.

Because this could break clients expecting no timezone, this patch
also eliminates the 'timestamp_core' and 'timestamp_ext' extensions
and consolidates them into a new 'timestamp' extension. This makes
the change discoverable via the API.

This is assuming the current API development paradigm where
extensions can come and go depending on the deployment and the client
is expected to handle this by checking the loaded extensions.
Once we decide extensions are permanent, this type of change will
no longer be possible.

Even though this is being proposed late in the cycle, it is better
to get this change in before the release where we expose even more
resources with incorrectly formatted timestamps.

APIImpact
Closes-Bug: #1561200
Change-Id: I2ee2ed4c713d88345adc55b022feb95653eec663
2016-09-14 12:04:15 -07:00
Ihar Hrachyshka
ffae42d730 Remove vpn service plugin stevedore aliases
The service plugin is maintained in a separate neutron-vpnaas repo, and
hence its aliases should be maintained there too.

The patch that introduces those aliases in neutron-vpnaas repo is:
Ieb4e9fce9f5cf9b5a60f1207ec38a59adfe400a8

Change-Id: I86b5b554ed9995a0d4538fb968526b370cad036b
2016-08-27 16:22:19 +00:00
Ihar Hrachyshka
6f475b4d78 Remove lbaas v1 service plugin stevedore aliases
The service plugin was removed from neutron-lbaas repo lately:
I506949e75bc62681412358ba689cb07b16311b68

We can now clean those remnants from neutron tree.

Change-Id: I2136a530a8351cc290418d9ae18af08b480707c5
2016-08-27 16:13:29 +00:00
Nate Johnston
15ca6b0dfc Remove FWaaS entries from neutron setup.cfg
Remove FWaaS directives from neutron's setup.cfg.  See [1] for the
change to add them to the FWaaS setup.cfg.

[1] https://review.openstack.org/362324

Change-Id: I94b224813c85b7e611e9681323a2f0d2806e0d41
2016-08-29 19:09:07 +00:00
lilintan
6e4fe008f5 Update the homepage with developer documentation page
Change-Id: Ic47206905eda90d62d7ce77235e6ba27c1f21433
2016-08-18 10:33:26 +08:00
Jenkins
4478987fbd Merge "Add support for Python 3.5" 2016-08-14 13:02:58 +00:00
Kevin Benton
4e8cc68349 Increment revision numbers on object changes
This adds the logic to increment the revision numbers
for objects whenever there are changes and it exposes
the revision number via a field in the API.

This is handled with a new default service plugin that
subscribes to DB events and bumps revision numbers for
any objects that were modified.

It also handles the logic for bumping the revision number
of a parent in a relationship where the children aren't
top-level neutron objects that would be tracked individually.
This is accomplished with a 'revises_on_change' attribute
on the child models that the service plugin will use to
find the parent and bump its revision.

API tests are included to test the revision numbers
added to each standard attribute enabled object.

Partially-Implements: bp/push-notifications
Change-Id: I476d3e03c8ee763cc4be6d679fe9f501eb3a19b5
2016-07-27 12:01:55 -07:00
Henry Gessau
345a4b28c1 Add support for Python 3.5
Depends-On: I1952f3247002fae73c2cfce294da91e5e013d68e

Change-Id: Ic2c880a48b3df4fe973b8a1737eb223048a4c47f
2016-07-14 22:07:59 -04:00
Jenkins
d4df22ae94 Merge "Enable CRUD for trunk ports" 2016-07-06 02:15:24 +00:00