397 Commits

Author SHA1 Message Date
Mark McLoughlin
3102bd700a Revert dependency on oslo.config 1.2.0
Fixes bug #1185174

This reverts commit b8b2c4e, 2f13345, 362bd7f, 8da2fb7 and 956b873.

We don't yet have the infrastructure in place to use latest oslo.config
in the gate or even get the correct metadata for it in our packaging.

The gory details are here:

  http://lists.openstack.org/pipermail/openstack-dev/2013-May/009586.html

Change-Id: Idf89ca418df158e6f94279c9c5fa44f23073a9d7
2013-05-29 06:54:55 +01:00
Aaron Rosen
67ad85db59 Add sqlalchemy_pool_size option to default config files
This patch exposes the sqlalchemy_pool_size option to config files of
plugins that already expose sql_ options besides sql_connection.

Fixes bug 1185260

Change-Id: Ifaff02fae5e5349efb992c071adc0b02f10d61a7
2013-05-28 20:40:56 -07:00
Salvatore Orlando
27bdfcab29 Reduce plugin accesses from policy engine
Bug 1179745

This patch introduces a new type of check whose aim is to fetch
the parent resource's owner only when a rule that explicitly needs
it needs to be checked.

Change-Id: I1ff429eb3f92b35bcb9b4c4e01b65f8c0a595f48
2013-05-29 00:14:19 +02:00
Dirk Mueller
d1a623bc97 Use exec_dirs for rootwrap commands
Avoid depending on platform specific paths for rootwrap
by using exec_dirs in rootwrap. Fixes rootwrap configuration
for SUSE.

Fixes bug #1156044

Change-Id: I54d082c543fd84b40db0caa3571300ac0bb07b57
2013-05-28 13:47:12 +02:00
Jenkins
bf5deb5c65 Merge "Add support for OVS l2 agent in XS/XCP domU." 2013-05-28 03:44:29 +00:00
Gary Kotton
cb50defbfe Fix quantum.conf comment
Fixes bug 1183209

Change-Id: I87b47e5d5793fde0996712e05b4ddf12be07d3da
2013-05-23 08:20:18 +00:00
Jenkins
f1c2183306 Merge "Enable network to be scheduled to N DHCP agents" 2013-05-22 04:10:22 +00:00
Zhongyue Luo
b8b2c4ebec Reference OVS OptGoup names in lowercase
To have consistent option group name format across projects,
oslo.config now normalizes all non lowercase group names to lowercase
when loading conf files.
Thus conf files are backwards compatible but option group references
in the code must now use lowercase before we update oslo.config.

This patch replaces all 'OVS' references to 'ovs'

Change-Id: Id8697138d822e331a6776f847915c61b40f8dd6a
2013-05-22 01:36:42 +08:00
Gary Kotton
c95e58b707 Enable network to be scheduled to N DHCP agents
Fixes bug 1174132

Change-Id: Iabe96fd8a98f3539eb21268fb5ef58df8dbd8782
2013-05-21 14:33:35 +00:00
Jenkins
058d156395 Merge "Make endpoint_type configurable for the metadata agent" 2013-05-21 14:06:22 +00:00
Oleg Bondarev
a7441a4f0e Make endpoint_type configurable for the metadata agent
Fixes bug 1176227

Change-Id: Ib4efe29a08efb7ec391d6b16779b27aeb9178324
2013-05-21 14:11:13 +04:00
Jenkins
abb25dad09 Merge "Reference DEFAULT_SERVICETYPE OptGoup names in lowercase" 2013-05-21 09:47:15 +00:00
Zhongyue Luo
2f13345b86 Reference DEFAULT_SERVICETYPE OptGoup names in lowercase
To have consistent option group name format across projects,
oslo.config now normalizes all non lowercase group names to lowercase
when loading conf files.
Thus conf files are backwards compatible but option group references
in the code must now use lowercase before we update oslo.config.

This patch replaces all 'DEFAULT_SERVICETYPE' references to
'default_servicetype'

Change-Id: Iccab055c4664e11c9618706e594416194065048b
2013-05-18 21:53:59 +08:00
Zhongyue Luo
362bd7fd09 Reference QUOTA OptGoup names in lowercase
To have consistent option group name format across projects,
oslo.config now normalizes all non lowercase group names to lowercase
when loading conf files.
Thus conf files are backwards compatible but option group references
in the code must now use lowercase before we update oslo.config.

This patch replaces all 'QUOTA' references to 'quota'

Change-Id: I74c2a35aea7a52f9586eb598fe52d2cecb1851ef
2013-05-17 00:02:31 +00:00
Jenkins
97ea776f29 Merge "Fix linuxbridge RPC message format" 2013-05-16 06:06:39 +00:00
Bob Kukura
56cac98626 Fix linuxbridge RPC message format
The linuxbridge, openvswitch, and hyperv plugins all use the same
basic RPC interface between their plugins and L2 agents. But the
attributes describing a virtual network passed from the plugin to the
agent over this interface differed for historical reasons. The
openvswitch and hyperv plugins each pass network_type,
physical_network, and segmentation_id attributes, whereas the
linuxbridge plugin previously passed vlan_id and physical_network
attributes, using special vlan_id values to indicate flat or local
network types.

This patch changes the linuxbridge plugin to pass network_type and
segmentation_id attributes instead of the vlan_id attribute, bringing
its message formats into sync with the other plugins. RPC
compatibility is required for blueprint modular-l2 so that the ml2
plugin can work with all three existing types of L2 agent. This RPC
message format change is also required for blueprint
vxlan-linuxbridge.

Unlike the vxlan-linuxbridge patch on which it is based (see
https://review.openstack.org/#/c/26516/), this patch does not bump the
linuxbridge RPC version number, as the ml2 plugin will require all
three L2 agents to use the same RPC version. Instead, the updated
linuxbridge agent maintains compatibility with old linuxbridge plugins
by accepting either the old or new attributes. There is also a
configuration option, currently turned on by default, to enable the
updated linuxbridge plugin to pass the vlan_id attribute expected by
old linuxbridge agents along with the new attributes. These message
format compatibility mechanisms are intended to aid during upgrades,
and can eventually be removed.

Change-Id: I7cc1c9f96b09db6bab2c7d9f2b30b79fa4dab919
2013-05-15 22:06:00 -04:00
Salvatore Orlando
13f9e02a64 Remove calls to policy.check from plugin logic
Blueprint make-authz-orthogonal

This patch implements part #3 of this blueprint, according to its
specification.
It does so by allowing the view generator in the API layer to strip
off fields which do not satify authorization policies.
Also, some checks in unit tests for plugins relied on the
capability of the plugin to invoke directly the policy engine.
This checks have been removed and replaced by equivalent unit tests.
Finally, this patch required changes to most test cases for API
extensions in order to ensure the resource attribute map was
updated with the extension's attributes

Change-Id: I1ef94a8a628d34697254b68d7a539bd1c636876e
2013-05-15 01:49:34 +02:00
Aaron Rosen
531f8d880d make default transport type configurable nvp
Fixes bug 1179759

Change-Id: I8f644f2bc0d5d144f52e5ed0bd2e991503581ad2
2013-05-13 19:52:20 -07:00
Jenkins
b100c598c0 Merge "add db to save host for port" 2013-05-13 13:50:09 +00:00
gongysh
73900fd0f4 add db to save host for port
blueprint portbinding-ex-db

related patch in nova:
https://review.openstack.org/#/c/21141/

Only OVS and linux bridge plugins now support this feature.

Change-Id: I42d9bc59130e2758dd6a221d8953d63ec10e1f3c
2013-05-13 13:04:00 +00:00
Irena Berezovsky
94492767e0 blueprint mellanox-quantum-plugin
Implements Mellanox Quantum plugin.
This plugin implements Quantum v2 APIs with support for Mellanox embedded
switch functionality as part of the VPI (Ethernet/InfiniBand) HCA.

Change-Id: I22907dfec5b6cb8f6ad8c3b6e390abc4f8e0ac10
2013-05-13 15:36:14 +03:00
Jenkins
4e1837cd84 Merge "Add a configuration item to disable metadata proxy" 2013-05-13 06:01:16 +00:00
armando-migliaccio
91b56e41ee Do not require sudo/rootwrap to check for dnsmasq version
The dnsmasq version check does not need root privileges
to run as with low privs it works just fine. As a side
effect, the use of the rootwrapper was causing unit tests
to hung because the execute call in check_version was not
being stubbed out. Weirdly enough this wasn't caught in
a previous Gerrit run; there must be a passwordless sudo
lurking around somewhere in the Gerrit infrastructure.

Fixes bug #1178800

Change-Id: I4d0bd218768eec2439d3907587682ff35884a262
2013-05-10 14:12:18 -07:00
Jenkins
00b26f6c5c Merge "Log a warning if dnsmasq version is below the minimum required" 2013-05-10 12:40:37 +00:00
Maru Newby
c544ebdc89 Add kill-metadata rootwrap filter to support RHEL.
* Fixes bug 1178419

Change-Id: I9c1cf0d19d1134ec3b85c905c6c8bb7145847ce7
2013-05-09 21:04:44 +00:00
gongysh
a299091d00 Add a configuration item to disable metadata proxy
Bug #1166543

Change-Id: If7aee8d79b7ca275f89cf9299eac1f76d5500fcc
2013-05-09 14:08:02 +08:00
armando-migliaccio
3640328972 Log a warning if dnsmasq version is below the minimum required
It has been noted that older versions of dnsmasq may have unexpected
behavior, so this patch introduces a check on dnsmasq version; if
the minimum version is not met, a warning is logged. This is less
invasive than raising an Exception and abort the dhcp agent, even
though this also seems like a perfectly acceptable behavior.

Fixes bug 1170793

Change-Id: Idd91c3753fb05f223ed0e3c53ad692ee65ea4905
2013-05-08 02:02:10 -07:00
Maru Newby
7ff0c53564 Add support for OVS l2 agent in XS/XCP domU.
* Config doc: http://wiki.openstack.org/QuantumDevstackOvsXcp

 * The Open vSwitch agent needs to be deployed on domU but
   interact with a dom0 bridge.
 * Add a root wrapper and associated XenAPI plugin to allow the
   agent to execute networking commands against dom0 from domU.
 * Update ovs_lib mac address discovery to use ip_lib to
   ensure that discovery works even for bridges not local to
   the agent (i.e. dom0 bridges).  A bridge configured with
   a dom0 root wrapper will execute ip link on dom0.
 * Update ip_lib to use a root helper by default to ensure that
   the 'ip' command will execute on dom0.
 * Remove obselete rpm spec and installer for dom0 agent.
 * Credit where credit is due - the XenAPI plugin and its
   packaging were largely copied from nova.
 * Supports blueprint xenapi-ovs

Change-Id: I7795446ee1267712c896f5cb3401f84fb1763ce7
2013-05-01 23:10:53 +00:00
Salvatore Orlando
4d6f02440b Remove calls to policy.enforce from plugin and db logic
Blueprint make-authz-orthogonal

This patch implementes item #2 of the blueprint
Remove calls to policy.enforce when the policy check can be performed
safely at the API level, and modify policy.json to this aim.
This patch does not address enforce calls in the agent scheduler
extension, as that extension is currently not defined as a quantum.v2.api
resource class.
This patch also adds an API-level test case for the provider networks
extension, which was missing in Quantum and was necessary to validate
the API behaviour with the default policy settings.

Change-Id: I1c20a5870279bc5fce4470c90a210eae59675b0c
2013-04-29 12:12:21 +02:00
armando-migliaccio
ea9aeb6de0 Simplify NVP plugin configuration
Fixes bug #1121605

This patch replacest the nvp_controller_connection configuration option
with a set of options more intutitive to user which also avoid
repetitions in ini files.

In order to simplify the configuration of the plugin, this patch also
removes named clusters. As the plugin supports a single cluster at
the moment, this can be simply specified in the [DEFAULT] configuration
section.

Also, this patch restrucures nvp_cluster.NvpCluster so that per-cluster
configuration options are not store anymore multiple times.

Change-Id: Id5f84220122d7c5f3239e3333cb772247d1ed05e
2013-04-25 13:56:32 -07:00
Salvatore Orlando
35988f1393 Make the 'admin' role configurable
Bug 1158434

This patch adds a new policy named 'context_is_admin' which defines
an admin user as a collection of roles or else. The quantum context
has been updated to check for this policy when setting the is_admin
flag.
This patch also adds a method for gathering 'admin' roles from policy
rules as current logic requires the context to be always populate with
the correct roles for admin rules, even when the context is implicitly
generated with get_admin_context or context.elevated.
Backward compatibility is ensuring by preserving the old behavior if
the 'context_is_admin' policy is not found in policy.json

Change-Id: I9acea75cca0c47e083a9149e358328ea3ca12d68
2013-04-22 20:42:02 +02:00
Aaron Rosen
a6bb8f2916 Add missing security group quota settings to quantum.conf
Fixes bug 1164154

Change-Id: I32d1952fcc11559cc01c0dbde11de558b2a0b1fb
2013-04-03 14:16:29 -07:00
Jenkins
2ac053e9cf Merge "Add RabbitMQ and QPID HA support flags to quantum.conf" 2013-04-03 07:25:11 +00:00
EmilienM
d452ecee20 Add RabbitMQ and QPID HA support flags to quantum.conf
Since Quantum supports HA queues with RabbitMQ (https://review.openstack.org/#/c/13760/),
quantum.conf should provide new flags for explain how to configure multiple RabbitMQ servers and enable HA.

New flags :
rabbit_hosts=$rabbit_host:$rabbit_port
rabbit_ha_queues=false
qpid_hosts = localhost:5672

Fix Bug #1160369

Change-Id: I35903b1b7b66fde8d70ac7e8076e0def2a1f2d04
2013-04-02 19:52:25 +02:00
Rich Curran
f164a60f15 blueprint cisco-single-config
Scope: Unification of all the various plugin files for the Cisco plugin into a single file.

Use Cases: Quantum with the Cisco plugin.

Implementation Overview: All the config values contained in the various files in
etc/quantum/plugins/cisco will be unified into a single file
etc/quantum/plugins/cisco/cisco_plugin.ini. The plugins needs to be modified to
read from a single file instead of multiple.
Added quantum.openstack.common.cfg support.

Change-Id: I9ef356eccfe330c3733f441b96400d03c3d7d1df
2013-04-02 12:06:38 -04:00
Salvatore Orlando
dc110b71c1 Enable authZ checks for member actions
Blueprint make-authz-orthogonal

This implements work item #1 of the blueprint.
This patch enables authZ checks for 'member actions' in the base
controller and removes explicit checks from l3_db.
This patch also addresses a small glitch in the policy engine which
was assuming the request always had a body.

Change-Id: I7e0f386eedcfff24ea1fee7294bbadd6c5ec781c
2013-03-30 02:06:38 +01:00
Davanum Srinivas
a4faa98b99 Support for SSL in wsgi.Server
SSL are entirely optional. Support for SSL as well using code from glance. We
have some new options for configuring the SSL support. There are tests for
accessing a sample app w/o ipv6 or ssl, one with just ssl and one with
ipv6 and ssl

Fixes LP# 1101342

DocImpact

Change-Id: I824acef4130d27828dcf199736b3ca668d6202d7
2013-03-28 12:55:50 +00:00
Aaron Rosen
891a860d58 Add metadata support for nvp plugin without namespaces
If using a host that does not support namespaces the nvp plugin did not have
a way to leverage metadata unless using enable_isolated_metadata which
requires a subnet to not have a gateway. This patch changes the metadata
configuration for the NVP plugin by adding a flag metadata which can be
set to access_network (which was previously enable_metadata_access_network)
or dhcp_host_route. When set to dhcp_host_route when the dhcp agent creates
it's port a host_route is added towards the dhcp server's ip for the
destination 169.254.169.254/32 only if the subnet has as gatway_ip.
In order for a host to leverage metadata via dhcp_route_route it requires
the host's dhcp client to support host routes (code 121).

Fixes bug 1155786

Change-Id: I2ff52adc3dfebcdd6d9c05d5dc79aa65ae100c74
2013-03-25 17:52:17 -07:00
Gary Kotton
c6bf10d86c Ensure that lockfile are defined in a common place
Fixes bug 1158146

Change-Id: I0e986eb16a7ec5b9972a37af583f697ba3624a80
2013-03-21 05:42:06 +00:00
Salvatore Orlando
95f677d7f3 Fix typo in policy.json and checks in nicira plugin
Bug 1155379

This patch removes extra colons from policy.json.
Also, it fixes some checks in the nicira plugin which were not
passing correctly the target resource for the policy engine.

Change-Id: I89a1d170818173eaa90b50158289a06455febadc
2013-03-20 19:53:21 +01:00
Dan Wendlandt
48e7848a2e add ns-metadata-proxy rootwrap filters to dhcp.filters
bug 1150628

now that dhcp-agent also uses ns-metadata-proxy, we need to make sure
those rootwrap filters are installed in scenarios where dhcp-agent is
installed by l3-agent is not.

Change-Id: I141b2291aceb93d650258ff1df1ef0122ce8da90
2013-03-06 17:40:52 -08:00
gongysh
32a029bc5e Allow DHCP and L3 agents to choose if they should report state
Bug #1143195
blueprint quantum-scheduler

Change-Id: Iba7bf82d7130462be4dda6c1c5f9a0fc5633707d
2013-03-04 17:09:28 +08:00
Jenkins
ed665dc9ba Merge "Enable HA proxy to work with fedora" 2013-03-04 02:26:01 +00:00
Gary Kotton
9c0c158cbc Enable HA proxy to work with fedora
Fixes bug 1142133

Change-Id: I0dc02c96efa8d5f8ab693480e510dbbefcc6a674
2013-03-03 16:34:47 +00:00
Akihiro MOTOKI
aeec6f1283 Change the default l3_agent_manager to L3NATAgent
This is a l3-agent version of 349aa3ef3563c019f4d0a98fc30117ae0a6cade3.

The combination of the plugin without agent extension support
and L3NATAgentWithStateReport results in an error:
"AttributeError: No such RPC function 'report_state'".

This patch changes l3_agent_manager to be L3NATAgent instead of
L3NATAgentWithStateReport since all plugins do not support
L3NATAgentWithStateReport and having this as the default breaks
all current deployments that upgrade source without changing
their config files.

Fixes bug 1139726

Change-Id: Ibb5c04c89bfad741ec43a372cbf97445f7b3d76c
2013-03-03 16:58:10 +09:00
Mark McClain
f8de8c4450 LBaaS Agent Reference Implementation
implements blueprint lbaas-namespace-agent

This a reference implemention of the Quantum load balancing service
using HAProxy.  The implemention is designed for vendors, developers,
and deployers to become familiar with the API and service workflow.

This change also adds some constraint checks for data integrity.

Change-Id: I10a67da11840477ccf063b98149f4f77248802a1
2013-02-27 21:49:57 -05:00
gongysh
0070b452f1 Add scheduling feature basing on agent management extension
3rd part of blueprint quantum-scheduler

1. Allow networks to be hosted by certain dhcp agents.
Network to dhcp agent is a
many to many relationship. Provide a simple
scheduler to schedule a network randomly
to an active dhcp agent when a network or port is created.
2. Allow admin user to (de)schedule network to a
certain dhcp agent manually.
3. Allow routers to be hosted by a certain l3 agent.
Router to l3 agent is a many to one relationship.
Provide a simple scheduler to
schedule a router to l3 agent if the router is not
scheduled when the router is  updated.
4. Auto schedule networks and routers to agents when agents
start.
5. Only support ovs plugin at this point

Change-Id: Iddec3ea9d4c0fe2d51a59f7db47145722fc5a1cd
2013-02-27 21:20:51 +08:00
Gary Kotton
785cbcca4f Limit amount of fixed ips per port
Fixes bug 1100476

The patch also updates the quantum configuration file to
contain the following:
 - max number of host routes
 - max number of dns servers

Change-Id: Ic5d90034b0231687dfbde8fc65780ab52222c0fd
2013-02-26 16:26:34 +00:00
Gary Kotton
5483199b2a Add default state_path to quantum.conf
Fixes bug 1132793

Change-Id: I7af0b773105443672ede30b352d3b207f1ae7c5d
2013-02-25 13:46:53 +00:00
Jenkins
94352039f8 Merge "Remove external_id and security group proxy code" 2013-02-24 18:11:39 +00:00