Functional tests log to a file only if they inherit from
the Sudo tests base class. This patch changes the base
class for some test cases to make them log.
Related-Bug: #1567668
Change-Id: I494ad5410e48489f1fb3689cec44c5a29bbc42f3
Turns out the patch with Git commit hash prefix 13993764
disabled functional tests logging completely. This patch
fixes that by moving the neutron-db-manage logging setup
from import to the main function. Fixing that, it looks like
patch with Git commit hash prefix 4980f031fe turned off
DEBUG level logging for functional tests. I changed the
tests default logging from INFO to DEBUG to fix that.
Closes-Bug: #1567613
Change-Id: If02c18af20a236514409f37fa993224903877a8b
Forking a process when multiple threads are running is an unsafe
operation and could cause a lot of problems because only current
thread will continue working in child thread. Any locked by other
thread resource will remain locked forever.
We faced with this problem during oslo.messaging development and
added workaround to hide this problem:
https://review.openstack.org/#/c/274255/
I tried to fix this problem in oslo.service:
https://review.openstack.org/#/c/270832/
but oslo folks said that this fix is ugly and it is wrong way to add
workarounds to common libraries because projects use them incorrectly.
I think that is fair.
So this patch fixes incorrect usage of oslo libraries. In this patch
I extended functionality of NeutronWorker and add there
`worker_process_count` parameter which determines how many processes
should be spawned for this worker. If `worker_process_count` = 0 - don't
create process and spawn thread in scope of current process for worker
Then I moved all background tasks to workers and return them by
`get_workers` method. start_plugin_workers collects plugin's workers
using `get_workers` method and starts in ProcessLauncher first workers
with `worker_process_count` > 0 and only after this starts threaded
workers by simple Launcher
Closes-bug: #1569404
Change-Id: I0544f1d47ae53d572adda872847a56fa0b202d2e
Currently fullstack tests don't use hybrid plugging but they use hybrid
firewall by default. Using iptables is not segregated and OVS agents
running in parallel may interfere between each other.
This patch removes using iptables in ovs agents per created port.
Change-Id: Ic15c942360a4a6ecf0eb5d8ecbbc54e59b10431d
Closes-Bug: #1575033
IPv6 issues can cover many areas from the API down to agents and
wiring. Add a couple of people to the tag to cover more things.
Change-Id: I1b9f3669f92f4590d1bf21a6d90c3b323b725c3f
Fix the status codes returned by the shim controller
to match the expectations of the API tests.
Closes-bug: #1567801
Change-Id: Ibfede6b6bc4ba24cf2b9e4ff5540c2249695252f
This was planned to be removed a long time ago but no one ever got to
it. This shouldn't come as a surprise.
Closes-Bug: #1500960
Change-Id: I3a50d4c069dc54a7c86e7d79586d893a3ae31f2c
Co-authored-by: Ryan Moats <rmoats@us.ibm.com>
The paginate_query method was copied from nova which was copied
from glance. Now it is available in oslo_db.
Check and convert the sort keys and sort directions for
consumption by the oslo_db version of the method, and fix up
some grammar in the exception messages.
This work is related to the neutron-lib effort. The lib should
not propagate neutron's copy of paginate_query().
Related-Blueprint: neutron-lib
Change-Id: Ie7da16b94fa2023c9c3d84d96d55f33d0f76903f
IPv6 includes the concept of link-local addresses. There are address
within the fe80::/64 prefix which are used only within the local layer 2
network. They should never be routed. DHCPv6 is one of several protocols
which utilize link-local addresses.
Previously the blanket permit DHCPv6 rule permitted DHCPv6 requests from
a link-local source, before the source address was validated.
The structure of the IPtables egress firewall is:
a. fixed rules for special traffic
b. validate source address
c. fixed rules necessary for host to function
d. user rules defined by security groups
This change restricts the special traffic permitted in part (a) to only
that traffic which utilizes the "unspecified address" (::), by moving
the fixed permit ICMPv6 and DHCPv6 rules to part (c), so they are
applied after the source address has been validated. In order to enable
DHCPv6 and other protocols utilizing link-local addresses, the
link-local address corresponding to each MAC address are included in the
permitted source addresses. After the source address is verified, the
fixed rules permit ICMPv6 and DHCPv6, then the user defined security
group rules are applied.
In the existing implementation ICMPv6 and DHCPv6 rules in the fixed
ip6tables firewall rules are too permissive: they permit ICMPv6 and
DHCPv6 traffic, regardless of source MAC or IPv6 address. These rules
where intended to allow a host to acquire an IPv6 address, but
inadvertently allowed a malicious or compromised host to spoof another's
MAC or IPv6 address.
A host acquiring an IPv6 address should preform DAD (duplicate address
detection). To preform this the host must join the multicast group
corresponding to the tentative IPv6 address and the all nodes multicast
group. To join these groups the host sends ICMP MLD (multicast listener
discovery) report messages before it has an IPv6 address assigned, so
the unspecified address is used as the source address. To complete DAD,
ICMP neighbor solicitation messages are sent to solicit if any nodes
using that address. This should be the only use of the unspecified IPv6
address as a source address. The IPv4 case is similar the unspecified
address is used for DHCP discovery and request messages.
To summarize, this patch permits only ICMPv6 traffic from the unspecified
address which is used for duplicate address detection. Then it enforces
the source IPv6 and MAC addresses and finally, allows only ICMPv6 traffic
which has passed this source address validation.
In addition this patch permits traffic from all link-local addresses
associated with each MAC address assigned to the port. This is required
by many IPv6 protocols, such as DHCPv6, which depend on the link-local
addresses. This traffic was previously allowed by the blanket allow
ICMPv6 and allow DHCPv6 rules before the source address was validated.
Finally, it includes a functional test for IPv6 spoofing using both
ICMPv6 and DHCPv6 traffic. OVSFirewall currently permits this spoofed
DHCPv6 traffic. I'm excluding the OVSFirewall implementation from test
so it can be fixed in a follow on patch.
Change-Id: Ice1c9dd349864da28806c5053e38ef86f43b7771
Partial-Bug: 1502933
Once the spinout is undergoing we should perform the eviction.
Partially-implements: blueprint bgp-spinout
Depends-on: I8be510153edbc496575cde34943ca4c56645e0fb
Change-Id: I20b6ddd37d10eae70e8294d578e53137c0f866fe
Some 'Port' queries use 'device_id' column for lookup.
Such queries could be observed in database query log (at least) during
instance launch. In the absence of 'device_id' index that leads to full
table scan. That causes unnecessary database load and impacts query
response time.
Change-Id: If42b7d3265e216d393d3ab8c172b97637af908cc
Closes-Bug: #1574750
This reverts commit 81823e8632.
Unneeded optimization: this commit only improves execution
time on the order of milliseconds, which is less than 1% of
the total router update execution time at the network node.
This also
Closes-bug: #1574881
Change-Id: Icbcdf4725ba7d2e743bb6761c9799ae436bd953b
Below devref documents are updated for the newly created repository.
* bugs.rst
* neutron-teams.rst
* sub_projects.rst
Change-Id: Ia210109be80a4856a7ee9138e42d05ff6bf95f8a
This patch introduces the following:
- data models and related schema migrations
- first stub at DB operations
- trunk module structure
This is a tepid attempt to land the first functional code
for this sorely needed feature.
Partially-implements: blueprint vlan-aware-vms
Change-Id: I84b2a7604b6a282ec7cb953482bf7b567ae2344d
Without setattr defined, setting an attr will end up
setting a new attribute on the deprecated instance
rather than changing my_globals. This means that other
functions in my_globals that have a reference to the original
will have a different view than external users that get
the new attribute.
Closes-Bug: #1575316
Change-Id: I7d1f00b5649399cb6db5213fa5efc7a924cf30a8
Without this, users could improperly overlook either
get_availability_zones or validate_availability_zones.
Change-Id: I6530dca041a92da2f1d0bf01d359e5edea3df5c0
Closes-Bug: #1573388
This test has run out of its useful purpose. It was meant to protect
accidental schema changes involving external tables. After a few cycles
now, it is very unlikely that human error will not be spotted during
code review, where external tables are referenced/modified during Neutron
core schema migrations.
Putting effort into fixing the BGP removal corner case is not worth it,
and it is probably best to get rid of the test entirely.
Change-Id: I71da8ea5aa5513056a0dc62b6ac9d8c0394583dd
Related-bug: 1466704
Current OVSDB Connection will register all tables with schema_helper.
It doesn't matter for most cases, but for implementation for bp
routed-networks in networking-ovn, we don't need all tables in OVN_
Southbound DB are registered. We only need a certain table named
Chassis can be registered.
This patch add a parameter for OVSDB Connection to allow it to
register certain tables, instead of all tables.
Change-Id: I79df60a08a7a6c555b07a9b566d7c09b97e2463c
Closes-Bug: #1568718
This reverts commit 7a4633a9ca.
Revert to using 0 as the default value for path_mtu.
In most situations, underlying MTU does not differ for tunnel backed and
vlan/flat tenant networks, in which case the only configuration expected
from operators is setting global_physnet_mtu to the appropriate MTU
value as reflecting all data paths that tenant traffic may take between
nodes.
But with the non-zero value set for path_mtu, if an operator would like
to raise the global underlying MTU used by neutron to support Jumbo
frames, both global_physnet_mtu and path_mtu need a bump, which is not
ideal.
So switch back to using a zero value for path_mtu, effectively making it
not participating in MTU calculation, unless explicitly overridden.
Left the original release note intact since it reflects the state for
Mitaka.
Added a release note for the change.
Conflicts:
neutron/plugins/ml2/config.py
releasenotes/notes/1500-default-mtu-b0d6e4ab193b62a4.yaml
Change-Id: I97c4aa647efc85d7b6b45359e43e2a2ae2514a69
Assaf Muller