This patch contains the l3 agent extension and agent part code.
This patch introduce a new l3 agent extension named "port_forwarding",
to process the binding of the port forwarding resources, manage its own
floatingip configuration on router interface and floatingip status.
Currrently, we support all Neutron Router reference implementations.
This extension uses the period router sync task and PortForwarding OVO
rpc.
* The main idea about this new extension is using the generic router sync
rpc to maintain the host port forwarding resources,
* For a single port forwarding create/update/delete, process it one by one
in smaller scope for forbidding refresh the iptables with a larger
scope frequently.
Partially-Implements: blueprint port-forwarding
Partial-Bug: #1491317
Change-Id: Ic56e67d428f6177099c285a9d1bccabc1e710f2b
This patch implements the plugin.
This patch introduces an new service plugin for port forwarding resources,
named 'pf_plugin', and supports create/update/delete port forwarding
operation towards a free Floating IP.
This patch including some works below:
* Introduces portforwarding extension and the base class of plugin
* Introduces portforwarding plugin, support CRUD port forwarding
resources
* Add the policy of portforwarding
The race issue fix in:
https://review.openstack.org/#/c/574673/
Fip extend port forwarding field addition in:
https://review.openstack.org/#/c/575326/
Partially-Implements: blueprint port-forwarding
Change-Id: Ibc446f8234bff80d5b16c988f900d3940245ba89
Partial-Bug: #1491317
We've already added support for pluggable (via entry points) object
loading in neutron-lib with [1]
This patch exposes the neutron.objects in setup.cfg using entry points
so that consumers can start to use them via the API in [1] rather than
directly import them from neutron.
[1] https://review.openstack.org/#/c/553838/
Change-Id: I25ddd77c55f48997ff6131f232addb4c2e629804
Move the l3 qos extensions to a separated folder,
then we can move a following up router gateway IP
QoS extension to it.
And also extract some common code to a base class.
Related-Bug: #1757044
Change-Id: I63cc9506caa80f889ad817444281a0ac31bc9418
This patch implements the L3 agent side floating IP rate limit.
For all routers, if floating IP has qos rules, the corresponding
TC filters will be added to:
1. for legacy/HA router, the device is qg-device of qrouter-namespace,
aka router gateway in network node.
2. for dvr (HA) router in compute node, the device is rfp-device, the
namespace is qrouter-namespace.
3. for dvr (HA) router in network node, the device is qg-device in
snat-namespace.
Partially-Implements blueprint: floating-ip-rate-limit
Change-Id: Ie8a5fe4ebaeccfb3998732dd972663c54542b5bf
The name ('logapi') seems redundant 'api' and it looks inconsistent
with entry point name of logging agent extension ('log') and
LoggingPlugin class[1]. So this patch change 'logapi' to 'log' to
make it look consistent.
[1] https://github.com/openstack/neutron/blob/master/neutron/services/logapi/logging_plugin.py#L27
Change-Id: I57d0b86823670a1dc5d116d98059993c802ef86c
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
The plugin has been split into its own repository[1] in accordance with
Queens Goal "Split Tempest Plugins into Separate Repos/Projects[2]".
This patch removes the local copy as well as the setuptools entry point.
We can also now remove the autodoc_tree_excludes pbr option since
there's no more plugin to exclude and it defaults to [setup.py].
The patch leaves still in-tree base classes and constants in order to
avoid breakage of projects depending on such code. In the future, we
will deprecate those and gradually move affected subprojects to the new
repo.
List of affected repositories:
- neutron-vpnaas
- openstack-ansible-os_neutron
- tripleo-quickstart-extras
- networking-midonet
- networking-l2gw
- neutron-dynamic-routing
- networking-vsphere
- networking-plumgrid
- networking-zvm
[1] http://git.openstack.org/cgit/openstack/neutron-tempest-plugin
[2] https://governance.openstack.org/tc/goals/queens/split-tempest-plugins.html
Depends-On: I371aa4d5f043f695df04b98b0f485c8f0548f2b3
Change-Id: Ia21aad29d0bbf779583964db6f1665c9b3b83161
The current method of specifying each rootwrap filter
in the file list is prone to errors when adding or
removing filters. Instead of relying on a manually
maintained list this patch just includes all the files
of the correct naming convention from the applicable
folder. This is simpler and easier to maintain.
Closes-Bug: #1718356
Change-Id: I7f8c55f63d1c5a85a6a92062e918426f7d2d3c35
* Update the URLs affected by the doc-migration
(/developer/<project>/ to <project>/latest/)
* Follow content rearrangement
* Convert links to local documents into :doc: or :ref:
* Use https instead of http for the updated links on docs.openstack.org.
Part of the doc-migration work.
Change-Id: I62e317d9198f175a43d73bbfd419b6878de90d5a
This change adds a dns_domain attribute to ports in the API.
This patchset belongs to a series that adds dns_domain attribute
functionality to ports.
Change-Id: Ied1f2f0c1e96ae21c309b6e6fed9e3c602b0450b
Partial-Bug: #1650678
This patch introduces the logging api definition and initial
implementation of LoggingApiPlugin. The api definition code will
be removed after [1] has been merged on neutron lib.
[1]https://review.openstack.org/#/c/415817/
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
Change-Id: Iace31506502de25da9dce5fcfdbfe2c726bea27f
In Ocata, notification_drivers were deprecated in favor of
the new QoSDriver architecture.
This patch removes backwards compatible support for notification
drivers along with its testing.
Change-Id: I5f747635be3fd66b70326d9f94c85a6736286bd2
This can then be loaded into a wsgi compatible web server like
apache2/httpd or nginx.
DocImpact A new neutron-api script is installed, and can be used to
start either a standalone wsgi server (calling the script directly),
or as a wsgi script loaded by a web server (e.g. by httpd/mod_wsgi).
Change-Id: Ie9bb8b33f6e1335219e574d832ac264b043d90e6
Partial-Bug: #1666779
Co-Authored-By: Brandon Logan <brandon.logan@rackspace.com>
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
Implements the port data plane status extension. Third parties
can report via Neutron API issues in the underlying data plane
affecting connectivity from/to Neutron ports.
Supported statuses:
- None: no status being reported; default value
- ACTIVE: all is up and running
- DOWN: no traffic can flow from/to the Neutron port
Setting attribute available to admin or any user with specific role
(default role: data_plane_integrator).
ML2 extension driver loaded on request via configuration:
[ml2]
extension_drivers = data_plane_status
Related-Bug: #1598081
Related-Bug: #1575146
DocImpact: users can get status of the underlying port data plane;
attribute writable by admin users and users granted the
'data-plane-integrator' role.
APIImpact: port now has data_plane_status attr, set on port update
Implements: blueprint port-data-plane-status
Depends-On: I04eef902b3310f799b1ce7ea44ed7cf77c74da04
Change-Id: Ic9e1e3ed9e3d4b88a4292114f4cb4192ac4b3502
By using the on_missing_entrypoints_callback and
on_load_failure_callback options[1] we can call a handler for the
missing driver error properly.
As the bug states, I logged it as a critical failure and terminated
the neutron server.
I used SystemExit, I wasn't sure if there was a more graceful way
of exiting.
[1] http://docs.openstack.org/developer/stevedore/managers.html
Change-Id: Id18afd159d0b0ada0cc36964dd9c1ebe7a1cd94b
Closes-Bug: #1659290
Currently the metering agent is using the old import method,
use stevedore instead.
DocImpact
Two places in the networking guide should change to
'driver = iptables' from current format.
Partial-Bug: #1504536
Change-Id: I1e6d196a3ada8fbfc2b70d6a983984d8db09bbd0
Two years ago the translation files have been split into several
files, separating the log messages of different log levels from each
other, like X.pot, X-log-warning.pot, X-log-info.pot, and so on.
However, the setup.py command `compile_catalogs`, that comes from the
babel package and compiles the corresponding .po files into .mo
files, only supported one file per python package. This means that
during packaging `compile_catalogs` never compiled the X-log-*.po
files, so the corresponding translations were always missing.
Since babel 2.3 the domain can be set to a space separated list of
domains. This change adds the the additional log level files to the
domain list.
Change-Id: I436072d03f401240df6d7b8348616bc7c4731c4a
Closes-Bug: #1536226
Due to the high memory footprint of current Python ns-metadata-proxy,
it has to be replaced with a lighter process to avoid OOM conditions in
large environments.
This patch spawns haproxy through a process monitor using a pidfile.
This allows tracking the process and respawn it if necessary as it was
done before. Also, it implements an upgrade path which consists of
detecting any running Python instance of ns-metadata-proxy and
replacing them by haproxy. Therefore, upgrades will take place by
simply restarting neutron-l3-agent and neutron-dhcp-agent.
According to /proc/<pid>/smaps, memory footprint goes down from ~50MB
to ~1.5MB.
Also, haproxy is added to bindep in order to ensure that it's installed.
UpgradeImpact
Depends-On: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
Depends-On: Ia37368a7ff38ea48c683a7bad76f87697e194b04
Closes-Bug: #1524916
Change-Id: I5a75cc582dca48defafb440207d10e2f7b4f218b
With pbr 2.0 and Sphinx 1.5, the setting for treat sphinx warnings as
errors is setting warning-is-error in build_sphinx section. Migrate
the setting from the old warnerrors one.
Change-Id: Ic4f2dd097137e4fa12acbdbfa47ea078d1b6d105
This adds a service plugin to introduce random delays
and deadlocks to DB operations to make it easier for
us to see that retry decorators are correctly applied
and race conditions are handled.
Change-Id: I8e283c1b53165faee548d26b3560a2c883dfb977
For Neutron's compute agent in a XenServer's compute node, the commands
actually need run in Dom0. Currently XenServer only supports rootwrap
for that purpose by invoking a script which invokes XenAPI to execute
commands in dom0. There are much performance overhead due to it requires
parsing on the script and the configuration file every time running
commands.
This change is to support daemon mode with which each agent service will
call XenAPI directly to execute commands in dom0. And it will keep the
single XenAPI session.
DocImpact: Need update the following configuration.
file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
root_helper_daemon = xenapi_root_helper
[xenapi]
connection_url = http://169.254.0.1
connection_username = root
connection_password = xenroot
Closes-Bug: #1585510
Change-Id: I684034359fe0571bc92dbcf342a9821553b1da35
The gating on python 3.4 is restricted to <= Mitaka. There is no
need to continue to keep these settings.
From Newton onwards we are gating on python 3.5.
Change-Id: Ib6e6c62212796f493bb99fb3c5e39ab4f2e45cfc
This patch will kill processes that are listening on any port/UNIX
socket within the namespace to be cleaned up. To kill them it will
issue a SIGTERM to them (or to their parents if they were forked) and,
if they don't die after a few seconds, a SIGKILL to them and all their
children.
This is intended for those cases when there's no specific cleanup and
serves as a fallback method.
Change-Id: I4195f633ef4a1788496d1293846f19eef89416aa
Partial-Bug: #1403455
These were deprecated in https://review.openstack.org/247906
Now that Liberty is EOL we can remove these legacy entrypoints.
Closes-Bug: #1639103
Change-Id: I94e61cb219b23ce2f5d0f34dc9ae1c87650568bd
The SR-IOV option supported_pci_vendor_devs has been deprecated in Newton
and This change removes it from Ocata.
Change-Id: I42dadfd0b62730ca2d34d37cb63f19f6fec75567
Agent state options (report_interval), or interface related options
(f.e. ovs_integration_bridge) should be exposed into all configuration
files for all agents that may report a state, or instantiate a bridge
object.
Since some of options that were previously considered 'base' don't apply
to metering agent (specifically, availability_zone), moved them into
separate lists and included them into relevant agents (l3 and dhcp).
The only glitch with the change is that log_agent_heartbeats option is
now exposed into metering agent configuration file, even though the
agent does not honour it. I think it's minor and we can live with it.
Change-Id: Ibceca20cec60e75a8c6ddd35f3f9cb8cca272a9e
This file was added in https://review.openstack.org/#/c/185977, but was
not listed in setup.cfg
As a consequence, it is not installed in current RDO packages
Closes-Bug: #1626132
Change-Id: I1b87d89367ab534164394f9f18e81223ff4111ce
The Neutron 'created_at'/'updated_at' fields on API resources
were inconsistent with other OpenStack projects because we did
not include timezone information. This patch addressed that
problem by adding the zulu time indicator onto the end of the
fields.
Because this could break clients expecting no timezone, this patch
also eliminates the 'timestamp_core' and 'timestamp_ext' extensions
and consolidates them into a new 'timestamp' extension. This makes
the change discoverable via the API.
This is assuming the current API development paradigm where
extensions can come and go depending on the deployment and the client
is expected to handle this by checking the loaded extensions.
Once we decide extensions are permanent, this type of change will
no longer be possible.
Even though this is being proposed late in the cycle, it is better
to get this change in before the release where we expose even more
resources with incorrectly formatted timestamps.
APIImpact
Closes-Bug: #1561200
Change-Id: I2ee2ed4c713d88345adc55b022feb95653eec663
The service plugin is maintained in a separate neutron-vpnaas repo, and
hence its aliases should be maintained there too.
The patch that introduces those aliases in neutron-vpnaas repo is:
Ieb4e9fce9f5cf9b5a60f1207ec38a59adfe400a8
Change-Id: I86b5b554ed9995a0d4538fb968526b370cad036b
The service plugin was removed from neutron-lbaas repo lately:
I506949e75bc62681412358ba689cb07b16311b68
We can now clean those remnants from neutron tree.
Change-Id: I2136a530a8351cc290418d9ae18af08b480707c5
Remove FWaaS directives from neutron's setup.cfg. See [1] for the
change to add them to the FWaaS setup.cfg.
[1] https://review.openstack.org/362324
Change-Id: I94b224813c85b7e611e9681323a2f0d2806e0d41
This adds the logic to increment the revision numbers
for objects whenever there are changes and it exposes
the revision number via a field in the API.
This is handled with a new default service plugin that
subscribes to DB events and bumps revision numbers for
any objects that were modified.
It also handles the logic for bumping the revision number
of a parent in a relationship where the children aren't
top-level neutron objects that would be tracked individually.
This is accomplished with a 'revises_on_change' attribute
on the child models that the service plugin will use to
find the parent and bump its revision.
API tests are included to test the revision numbers
added to each standard attribute enabled object.
Partially-Implements: bp/push-notifications
Change-Id: I476d3e03c8ee763cc4be6d679fe9f501eb3a19b5