189 Commits

Author SHA1 Message Date
Doug Hellmann
2db459f284 Update version for Liberty
Update the version for Liberty, switching from date-based versioning
to pre-versioning using SemVer. See
http://lists.openstack.org/pipermail/openstack-dev/2015-May/065211.html
and
http://lists.openstack.org/pipermail/openstack-dev/2015-June/067082.html
for details.

Change-Id: I6a35fa0dda798fad93b804d00a46af80f08d475c
2015-06-17 21:28:09 +00:00
Henry Gessau
9cac5c3a9f Decompose the NCS ML2 Mechanism Driver
The last of the Cisco drivers to decompose.

Closes-bug: #1416713
Co-Authored-By: Nikolay Fedotov <nfedotov@cisco.com>

Change-Id: Icd2b358fb0db3d859ee287225ab8eeb10d7da871
2015-06-04 07:11:10 -04:00
Pavel Bondar
bacd69386d Implement IPAM Driver loader
IPAM Driver is loaded based on value of 'ipam_driver'.
Added new variable 'ipam_driver' in config.

DocImpact
Partially-Implements: blueprint neutron-ipam

Change-Id: Ia52ad70ef4f0b02cf82cfefcf50b9f1e30b05b79
2015-06-01 20:05:19 +03:00
Sripriya
86d5944fcc Fix minor errors in the Vyatta L3 Plugin:
update management_network to management_network_id in vrouter.ini
Fix copyright header to refer to Brocade in vrouter_neutron_plugin.py
Fix neutron.service_plugins brocade_vyatta_l3 entry in setup.cfg

Change-Id: Ib9eb4a825454d99607deca61ceeb7acb43a9b248
Closes-Bug: #1457235
2015-05-20 17:38:39 -07:00
Jenkins
bc28aa7f36 Merge "Update build hooks." 2015-05-13 12:21:51 +00:00
Robert Collins
276028cca2 Update build hooks.
The pbr setup_hook has not been needed for a while, so remove it.  The
neutron hook has been broken for a while: it places a setup_requires
build dependency on everything in neutron/__init__.py, which is
non-empty, but setup_requires is handled by easy install so we try
very hard to avoid it. Instead, we can use environment markers to
selectively include the win32 dependencies without requiring that
neutron be importable during setup.py execution. This is unusual
in OpenStack and will eventually be moved to a regular
requirements.txt dependency with the same marker - once we've finished
the integration work to make markers work properly in
requirements.txt.

Change-Id: Icdc403a3ccf06daeccf2a907a7bfeafd8dbbb5dd
2015-05-13 10:58:08 +12:00
Moshe Levi
3488559aba mlnx MD: mlnx_direct removal
mlnx_direct is deprecated from Juno release. sriov-nic-switch
with macvtap port is the replacement for it.
This patch removes the mlnx_direct from mlnx MD and
from the supported vif_types.

Closes-Bug: #1453410

Change-Id: I7ee528dc04cdafa27455d5f8fd18c04c858466d8
2015-05-12 12:44:25 +03:00
Édouard Thuleau
2414834ffe ARP spoofing patch: Low level ebtables integration
ARP cache poisoning is not actually prevented by the firewall
driver 'iptables_firewall'. We are adding the use of the ebtables
command - with a corresponding ebtables-driver - in order to create
Ethernet frame filtering rules, which prevent the sending of ARP
cache poisoning frames.

The complete patch is broken into a set of smaller patches for easier review.

This patch here is th first of the series and includes the low-level ebtables
integration, unit and functional tests.

Note:
    This commit is based greatly on an original, now abandoned patch,
    presented for review here:

        https://review.openstack.org/#/c/70067/

    Full spec can be found here:

        https://review.openstack.org/#/c/129090/

SecurityImpact

Change-Id: I9ef57a86b1a1c1fa4ba1a034c920f23cb40072c0
Implements: blueprint arp-spoof-patch-ebtables
Related-Bug: 1274034
Co-Authored-By: jbrendel <jbrendel@cisco.com>
2015-04-22 09:32:02 +12:00
Ihar Hrachyshka
b3334eca0a Removed ml2_conf_odl.ini config file
The file is already packaged into decomposed networking-odl repo [1].

[1]: https://git.openstack.org/cgit/stackforge/networking-odl/tree/etc/neutron/plugins/ml2/ml2_conf_odl.ini

Closes-Bug: #1442615
Change-Id: Ic280454190aab4e3b881cde15a882808b652861e
2015-04-10 15:13:37 +02:00
Thierry Carrez
1c1dbf5676 Open Liberty development
Bump pre-version in setup.cfg to formally open Liberty development.
Kilo release branch will be cut from the previous commit.

Change-Id: I9ca77808093741f6c52e49f3041e90c3cc7a74b6
2015-04-07 15:50:46 +02:00
Maru Newby
1105782e39 Reorganize unit test tree
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module.  A check is added to the pep8 job to protect against
regressions.

The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.

Change-Id: If307593259139171be21a71c58e3a34bf148cc7f
Partial-Bug: #1440834
2015-04-06 23:28:31 +00:00
Jenkins
7186a43164 Merge "Add L3 router plugin shim for Brocade MLX" 2015-03-26 23:15:58 +00:00
Jenkins
5972cc4ed5 Merge "Missing entry points for cisco apic topology agents" 2015-03-26 19:37:52 +00:00
Angela Smith
5b44f48ff3 Add L3 router plugin shim for Brocade MLX
Change-Id: I4eba6a3fb8ce2b22e0d142643d753ee2314425b8
Closes-Bug: #1428316
2015-03-25 13:59:35 -07:00
Sandhya Dasu
c96b4f0f6e Cisco UCS Manager ML2 Mechanism Driver
Introduces a ML2 based Mechanism Driver for Cisco UCS Manager. The vendor
specific driver code referenced by this MD resides in stackforge repo
networking-cisco. This MD did not exist in the Neutron tree before so no files
have to be removed as part of this change.

DocImpact

Partially-implements: blueprint core-vendor-decomposition
Implements: blueprint ml2-ucs-manager-mechanism-driver
Closes-Bug: #1434401

Conflicts:
	etc/neutron/plugins/ml2/ml2_conf_cisco.ini
	neutron/db/migration/alembic_migrations/versions/HEAD
	setup.cfg

Change-Id: I5a32b18f0d4e3ef55738c51e65e3e81d8f415da4
2015-03-25 17:03:07 +00:00
Abhishek Raut
81ac74359c Cisco Nexus1000V ML2 Mechanism Driver
Introduces the Cisco Nexus1000V Mechanism driver for ML2 plugin.
All the vendor specific code resides in stackforge repo networking-cisco.

Closes-Bug: #1425632
Partial-Implements: blueprint core-vendor-decomposition

Change-Id: I66bf83f45bf1e0269d0876196f6aa032b0fa859f
Co-Authored-By: Steven Hillman <sthillma@cisco.com>
2015-03-25 16:57:04 +00:00
Jenkins
ca620cc136 Merge "Add eventlet monkey_patch helper" 2015-03-25 04:58:59 +00:00
Romil Gupta
862bb9f2f8 Ml2 Mechanism Driver for OVSvApp Solution
With the introduction of stackforge/networking-vsphere project
which includes the OVSvApp L2 agent for doing vsphere networking
using neutron.

We need to have thin mechanism driver in neutron which integrates
the ml2 plugin with the OVSvApp L2 Agent.

The mechanism driver implements the abstract method given in
mech_agent.SimpleAgentMechanismDriverBase.

Closes-Bug: 1426365
Partially-implements: blueprint core-vendor-decomposition

Change-Id: I57b2abb58671b8a1c6a2734959346ddeb8fda988
2015-03-24 16:28:10 +00:00
Adelina Tuvenie
8a3942d64a Add eventlet monkey_patch helper
Eventlet monkey patching the os and thread modules causes subprocess.Popen
to fail on Windows when using pipes due to missing non-blocking IO support.
There is an reported bug on eventlet [1] with this issue. The solution
for this issue is to not monkey_patch os and thread.

This change is needed in order to run ovs_neutron_agent on Windows platforms.

[1] https://bitbucket.org/eventlet/eventlet/issue/132/eventletmonkey_patch-breaks

Partially implements blueprint: hyper-v-ovs-agent

Change-Id: I73f5dfc16563da2c09b5440a687484ba5a1fc2de
2015-03-24 08:44:00 -07:00
Claudiu Belu
f39d96d3af Hyper-V Agent decomposition
Decomposes Hyper-V Neutron Agent and adds the requirements.txt
file to set the dependency to the vendor agent.

Adds README containing information on how to properly use the
Hyper-V Neutron Agent and the ML2 Mechanism Driver.

Vendor plugin code is available on stackforge:
https://github.com/stackforge/networking-hyperv

Plugin already available in pypi:
https://pypi.python.org/pypi/networking-hyperv

DocImpact

Partially-implements: blueprint core-vendor-decomposition

Change-Id: Iedff2718732c884c297cb0be855593057bd64c38
2015-03-19 12:17:19 +02:00
Jenkins
0daf9b3e73 Merge "Replace keepalived notifier bash script with Python ip monitor" 2015-03-19 03:50:09 +00:00
Assaf Muller
9bae3b1832 Replace keepalived notifier bash script with Python ip monitor
Previously L3 HA generated a bash script and copied it to a per-router
configuration directory that was visible to that router's keepalived
instance. This patch changes the in-line generated Bash script to a
Python script that can be maintained in the repository.
The bash script was used as a keepalived notifier script, that was invoked
by keepalived whenever a state transition occured. These notifier scripts
may be invoked by keepalived out of order in case it transitions quickly
twice. For example, if the master failed and two slaves fight for the new
master role. One will transition to master, and the other will often
transition to master and then immidiately back to standby. In this case,
the transition scripts were often fired out of order, resulting in the
wrong state being reported.

The proposed approach is to get rid of the keepalived notifier scripts
entirely. Instead, monitor IP changes on the HA device. If the omnipresent
IP address was configured on the HA device, it means that we're looking
at a master instance. If it was deleted, the router transition to standby
or fault.

In order to keep the L3 agent CPU usage down, it will spawn a process
per HA router. That process will start the ip address monitor.
Whenever it gets an IP address change event, it will notify the L3 agent
via a unix domain socket.

Partially-Implements: blueprint report-ha-router-master
Change-Id: I2022bced330d5f108fbedd40548a901225d7ea1c
Closes-Bug: #1402010
Closes-Bug: #1367705
2015-03-18 18:59:33 -04:00
Jenkins
87a534f9b0 Merge "Add portsecurity extension support" 2015-03-18 16:48:40 +00:00
Angela Smith
1678b55dce Add ML2 VLAN mechanism driver for Brocade MLX and ICX switches.
This thin driver will introduce VLAN support on Brocade MLX and ICX
switches.  Vendor specific driver implementation will reside in a
separate repository.

Partial-Bug: 1420045

Change-Id: Ia5af6c2e9b52129749c17db53d1d3891d42ec7f1
2015-03-17 18:42:34 -07:00
Jenkins
89c084e7c4 Merge "IBM SDN-VE Plugin decomposition" 2015-03-17 21:40:15 +00:00
mamtap
ce9ee556ac IBM SDN-VE Plugin decomposition
This addresses the changes in ml2 mech-driver
and l3 service plugin to comply with the
core-vendor-decomposition spec

The monolithic sdnve plugin will not be removed with this change
as it is still being used. Once the ml2 plugin is merged and the
older plugin becomes obsolete, it will be removed from the
neutron tree.

Partially-implements: blueprint core-vendor-decomposition
Closes-bug: #1430216
Change-Id: I5bc85a5f0a62b690004d8352b3bc43b9612c213d
2015-03-17 09:07:43 -07:00
Sripriya
46e3a2f4e9 Brocade Vyatta vrouter shim plugin for vendor decomposition
Vendor plugin code is available at:
https://github.com/stackforge/networking-brocade/tree/master/networking_brocade/vyatta

DocImpact
Partially-implements: blueprint core-vendor-decomposition
Closes-bug: #1414733

Change-Id: I2503560795567a77df855b5137f4231dea3520ad
2015-03-17 08:32:24 -07:00
Yalei Wang
554d266f56 Add portsecurity extension support
Add portsecurity extension driver into ML2 plugin and implement it in
iptables_firewall.

The scope of this change is:
    - Abstract a common class PortSecurityDbCommon from the old
      PortSecurityDbMixin
    - Add a new extension driver port-security, implement process_xxx and
      extend_xxx_dict method and provide a db migration from the existing
      networks and ports
    - Update the new added 'unfiltered_ports' in iptables firewall of l2 agent
      to reflect the update of port-security

Co-Authored-By: Shweta P <shpadubi@cisco.com>

Change-Id: I2da53168e2529db7a8094ce90ef3a8a93fe55727
Partially Implements: blueprint ml2-ovs-portsecurity
2015-03-17 05:13:04 +08:00
Moshe Levi
60035bb130 Move mlnx agent to be under ml2/drivers/mlnx
* move the mlnx agent to be under ml2/drivers/mlnx
* update the main entry point to be under cmd
* remove unused vnic_type parameter in agent config

Partially-implements: blueprint core-vendor-decomposition

Change-Id: Ibbb99de3124d5d81bbccbc06b33ce32b19c1daef
2015-03-16 16:27:13 +02:00
Jenkins
9616c5f475 Merge "Brocade vendor code decomposition from neutron repo." 2015-03-13 23:44:43 +00:00
Jenkins
84243b2f08 Merge "Add rootwrap daemon mode support" 2015-03-13 23:30:35 +00:00
Jenkins
e41a34ccef Merge "Remove vendor entry point" 2015-03-13 23:11:19 +00:00
Henry Gessau
3e93bf220e Remove vendor entry point
Remove entry point pointing to external vendor package.
This console script entry point already exists in the vendor repo.

Change-Id: Ib85acffc155ae6b49477f90d06346269330220b5
Closes-bug: #1431627
2015-03-13 13:18:24 -04:00
Shiv Haris
bad92a463e Brocade vendor code decomposition from neutron repo.
Brocade code decomposition of VDX mechanism driver,
includes moving out the driver and unit tests. Left
behind are the DB model for migration and config

Closes bug: #1427793

Change-Id: I3b06a1800cce1ddbb87c6ebd7981e3f249df5060
2015-03-13 07:32:42 -07:00
Rich Curran
1508213c38 ML2 cisco_nexus MD: sync config and models with vendor repo
Updates required to the upstream neutron ML2 cisco nexus MD code to
support stackforge repo changes.

Original development done under cisco-openstack repo. File history for
these changes can be found under the staging/junoplus branch.

Change-Id: Idc9da84cefa4131a84b911f77d99a3b1647103a8
Closes-Bug: 1429879
2015-03-13 09:13:38 -04:00
Terry Wilson
0df884ac93 Add rootwrap daemon mode support
This patch introduces support for rootwrap daemon mode. It adds
a new config option, AGENT.root_helper_daemon with no default. To
enable, set to something like:

root_helper_daemon = sudo neutron-rootwrap-daemon /etc/neutron/rootwrap.conf

The patch currently assumes that the root_helper_daemon value, and specifically
the rootwrap config, will not change once calls to execute() happen. While it
would not be hard to generate a rootwrap daemon client for each new config, I
couldn't think of a legitimate reason to support it and left it out as YAGNI.

This patch does change the behavior of the addl_env argument to create_process
and execute. Previously, an environment dict would be passed to Popen. If
a root helper was used, this environemnt would actually be passed to 'sudo'
which would filter it before passing it to the underlying command. In the case
of daemon mode, this would cause a problem as the enviornment is filtered by
sudo only once, at daemon startup. Any environment variables added at execute
time would then just be passed directly to the underyling command unfiltered.

oslo.rootwrap 1.6.0 fixes this issue by denying the passing of environment
variables to the daemon altogether. Instead, anything using rootwrap and needing
to pass additional environment variables should define an EnvFilter and run the
command with env var=val cmd. utils.execute/create_process have been modified to
run code in this way (which netns.execute already did).

No code in neutron currently uses both run_as_root=True and addl_env, so this
change does not require any change in code or filters.

DocImpact
Implements: blueprint rootwrap-daemon-mode
Change-Id: I567334bb611253c7b9d830d50c5be308a5153baf
2015-03-12 21:12:07 -05:00
Jenkins
7dc6f01ca7 Merge "ofagent: Have a thin driver module" 2015-03-11 03:21:21 +00:00
Akihiro Motoki
1fdbcb1343 NEC plugin code split
- Removes main codes and unit tests of NEC plugin
- Add plugin-specific requirements.txt to the plugin dir.
- Move config to the plugin top dir
- Remove references of networking_nec from config module
  because it may prevent config guide generator.
- agent command can be moved to neutron/cmd/eventlet
  if some consensus has been made.

Closes-Bug: #1419396
Related to blueprint core-vendor-decomposition

Change-Id: I946e0f829e8f6251a63572331c783d7a7b5f6c01
2015-03-10 16:28:02 +09:00
YAMAMOTO Takashi
edcda156a0 ofagent: Have a thin driver module
It seems preferable to have a thin driver module
rather than directly referencing an external module in setup.cfg.

This also introduces "ofagent" directory which can be used to
put requirements.txt later.

Closes-Bug: #1412653
Related: blueprint core-vendor-decomposition
Change-Id: Id86ade4ae75dceb5ce4283869f42f4c0d1af7c4d
2015-03-10 02:00:01 +00:00
Jenkins
41166d5333 Merge "Vendor decomposition to move CSR1000v support to the networking-cisco repo" 2015-03-09 17:52:19 +00:00
Jenkins
829f60bd8e Merge "ofagent: Vendor code decomposition" 2015-03-05 23:19:45 +00:00
Tom Holtzen
b6ba733d85 Vendor decomposition to move CSR1000v support to the networking-cisco repo
Closes-Bug: 1425181

Change-Id: I39fd2454114466540c97760e502f8a1bfc310c6b
2015-03-05 14:02:08 -08:00
Salvatore Orlando
56bc2e093e Decompose the VMware plugin
This patch remove all the business logic pertaining to the VMware
plugin. The following modules are left in openstack/neutron:
- plugin-specific API extension declarations
- database models (and a module with constants they use)
- integration module pointing to the external repository

Change-Id: I8a01a977889b36015a9cfa900173c05bfd516457
Partially-Implements: blueprint core-vendor-decomposition
2015-03-05 07:28:15 -08:00
Jenkins
025db48901 Merge "ml2 extension driver: more tests, fix data argument inconsistency" 2015-03-05 02:07:23 +00:00
Jenkins
0f04be6e5e Merge "Remove HyperVNeutronPlugin" 2015-03-05 01:12:13 +00:00
Claudiu Belu
3cceb99dfd Remove HyperVNeutronPlugin
HyperVNeutronPlugin is hereby removed, as it is outdated
and it is no longer needed, thanks to Ml2Plugin. All of its
users should switch to Ml2Plugin.

The database tables 'hyperv_vlan_allocations' and
'hyperv_network_bindings' will no longer be used, since their
consumer will be removed.

Adds database migration script which will move all the existent
entries in the mentioned tables to their Ml2 equivalent ones.

Partially-implements: blueprint core-vendor-decomposition

Change-Id: If02c4761d9653dcd81fc0043ecce86a3b149dd99
2015-03-03 05:00:44 -08:00
Isaku Yamahata
a3801bea4e ml2 extension driver: more tests, fix data argument inconsistency
This patch adds more tests for ML2 extension driver.
It also fixes a minor bug which was revealed.

The data argument for process/update method of extension driver
was inconsist. some are given data like
{'resource': {'arg': 'value'...}}. But some are given one like
{'arg': 'value'}.
This inconsistency needs to be fixed so that argument is
{'arg': 'value'}. Given the argument is known to be network,
there is no point to carry outer dictionary.

Partially Implements: blueprint ml2-ovs-portsecurity
Change-Id: I4614c3ba5eff0ace46cc928517e31c14b7b2e448
2015-03-02 17:02:20 -08:00
YAMAMOTO Takashi
af4de72054 ofagent: Vendor code decomposition
networking-ofagent is now available on StackForge.
(http://git.openstack.org/cgit/stackforge/networking-ofagent)

Partially-implements: blueprint core-vendor-decomposition
Closes-Bug: #1412653
Change-Id: I8a5bd10a346df5ec726635c47f18bb5c472823ed
2015-03-03 06:50:34 +09:00
Ivar Lazzaro
dca76ab409 Missing entry points for cisco apic topology agents
Change-Id: I75eb481bac67436299b4ea3ac6bca6ea1a7dd4d6
Closes-Bug: 1427343
2015-03-02 10:56:36 -08:00
YAMAMOTO Takashi
95e07c6294 test_l2population: Use a fake mech driver instead of ofagent
As ofagent mech driver is subject to be moved out of neutron tree
for vendor code decomposition, use a fake mech driver for UTs
instead.

An alternative to remove the relevant test cases was considered.
But it's still nice to have test cases involving multiple drivers.

Anyway using fake drivers rather than real ones for UTs like this
is a good thing.

Partial-Bug: #1412653
Related: blueprint core-vendor-decomposition
Change-Id: I4b0d344da9ccbda79482f64535396fcc1a495d0f
2015-02-23 10:48:52 +09:00