317 Commits

Author SHA1 Message Date
Akihiro Motoki
76f9dfe237 Switch from oslosphinx to openstackdocstheme
* Switch the release note theme to openstackdocstheme.
* Use the new style of setting of openstackdocstheme
  of the in-tree documentation.

Change-Id: I0424f097c0f5d78a539bc997e2cd61119d606524
2017-07-06 06:56:06 +09:00
Jenkins
2ce4f19afd Merge "Ingress bandwidth limit rule in Linuxbridge agent" 2017-06-22 13:59:07 +00:00
Sławek Kapłoński
da646496e3 Ingress bandwidth limit rule in Linuxbridge agent
Add support for QoS ingress bandwidth limiting in
linuxbridge agent.
It uses traffic shaping done by tc with tbf qdisc.

DocImpact: Ingress bandwidth limit in QoS supported by
           Linuxbridge agent

Change-Id: Id495b302d31f5527db3e45b51517bc53153e7fc2
Partial-Bug: #1560961
2017-06-22 08:20:48 +00:00
Jenkins
dd52e9fbb8 Merge "Revert "Change list of available qos rules"" 2017-06-22 00:21:04 +00:00
Jenkins
817ca843fa Merge "Add support for ingress bandwidth limit rules in ovs agent" 2017-06-15 03:19:53 +00:00
Sławek Kapłoński
2d0d1a2d76 Add support for ingress bandwidth limit rules in ovs agent
Add support for QoS ingress bandwidth limiting in
openvswitch agent.
It uses default ovs QoS policies on bandwidth limiting
mechanism.

DocImpact: Ingress bandwidth limit in QoS supported by
           Openvswitch agent

Change-Id: I9d94e27db5d574b61061689dc99f12f095625ca0
Partial-Bug: #1560961
2017-06-14 11:11:43 +00:00
Ihar Hrachyshka
6ad51779f3 Revert "Use vif_type='tap' for LinuxBridge for consistency"
This reverts commit 1b987be2b55558dcc276fcfc8af6e39f8b6bac16.

This probably triggered a race between nova and l2 agent when
hot-detaching VIFs.

Change-Id: I2fc20666d43942446878da358ccf4472e04ad94c
Related-Bug: #1696125
2017-06-08 11:27:59 -07:00
YAMAMOTO Takashi
55d810c7e6 Revert "Change list of available qos rules"
This reverts commit 3299cdffae5cd7196a1676da103da5e2e413ec21.

At least, there's a user which relies on the previous
semantics. (Our tempest plugin)
We should not change API semantics lightly
in an incompatible way.

Closes-Bug: #1694396
Related-Bug: #1694190
Change-Id: I88a216951d8996ac8bc90078b4239f0d25392e58
2017-05-30 08:12:28 +00:00
Jenkins
3c2ce67efe Merge "VXLAN multicast groups in linuxbridge" 2017-05-30 00:55:21 +00:00
Jiri Kotlin
8a596f35bb VXLAN multicast groups in linuxbridge
Enable creation of VXLANs with different multicast addresses allocated
by VNI-address mappings. Dictionary of multicast addresses and
corresponding VXLAN VNI IDs should be loaded from settings. Usable to
not flood whole network when managing routers between more datacenters
and can not use L2population because VXLAN points to external device.

Co-Authored-By: Kevin Benton <kevin@benton.pub>
DocImpact: VXLAN addresses used by linux bridge can be specified per VNI
Closes-Bug: #1579068
Change-Id: I24f272ccd6d61d9fa7ea3b6f256fabd381f5434a
2017-05-29 14:08:19 -07:00
Rodolfo Alonso Hernandez
9d69822e43 Add "default" behaviour to QoS policies
This patch implements the "default" behaviour for QoS policies.
If this flag is enabled for a QoS policy in a project, all
new networks created will have this QoS policy assigned by default.

If a new QoS policy is created or updated with this flag and another
QoS policy in the same project is set as the default policy, the new
one won't be created or updated. To set another QoS policy as default,
the current one must be unset.

DocImpact: A "default" flag is introduced for QoS policies. If this flag
           is enabled in a QoS policy (attached to a project), then all
           networks created in this project would have this QoS policy
           assigned, unless an explicit policy is specified.
APIImpact

Closes-Bug: #1639220
Change-Id: If5ff2b00fa828f93aa089e275ddbd1ff542b79d4
2017-05-26 23:31:36 +00:00
Kevin Benton
1b987be2b5 Use vif_type='tap' for LinuxBridge for consistency
This adjusts the Linux Bridge mechanism driver to return
the 'tap' VIF type to Nova so the Linux Bridge agent is
responsible for plugging all ports into bridges.

This completely eliminates all of the work Nova was doing with
regard to bridges so we now have one consistent path how ports
(both compute and dhcp/l3) are connected into Linux Bridge
networks. Both Nova and the DHCP/L3 agents will now just create
a device and leave wiring to bridges to be completely the
responsibility of the L2 agent.

In order to preserve backwards compatibiliy with Ocata agents
that won't touch compute ports, we only report back vif_type='tap'
if the agent has a report_state value showing that it wires compute
ports.

This will also solve a longstanding bug (bug #1105488) that
is preventing Nova instances from using custom bridge mappings
since the agent will be guaranteed to be responsible for the
connection to the bridge.

Depends-On: I075595158d8f3b5a6811c4794aa7b91912940db5

Related-Bug: #1617447
Closes-Bug: #1673910
Closes-Bug: #1105488
Change-Id: I23c5faaeab69aede1fd038a36f4a0b8f928498ce
2017-05-18 02:55:45 +00:00
Jenkins
65ce6d6f49 Merge "Change list of available qos rules" 2017-05-04 09:34:39 +00:00
Sławek Kapłoński
3299cdffae Change list of available qos rules
This patch changes way how neutron calculates which QoS rules
are available to use. It now returns all rule types which are
supported by at least one loaded QoS driver.
If user will want to apply policy with rule unsupported by driver
used by port then it will be catched on port/network update event.
This validation mechanism was introduced in
I75bd18b3a1875daa5639dd141fb7bbd6e1c54118

DocImpact: list of returned available QoS rule types is changed

Change-Id: Ia00d349625db358ab486802fc0ff2e69eaa3895e
Closes-Bug: #1686898
2017-05-03 17:14:29 +00:00
Sławek Kapłoński
c29f3aaa7c Add QoS bandwidth limit for instance ingress traffic
This patch introduces the new parameter "direction" to
the QoS bandwidth limit rule. It will allow the creation
of bandwidth limit rules for either ingress or egress
traffic. For backwards compatibility the default direction
will be egress.

DocImpact: Ingress bandwidth limit available for QoS
APIImpact: New type of parameter for QoS rule in neutron API

Change-Id: Ia13568879c2b6f80fb190ccafe7e19ca05b0c6a8
Partial-Bug: #1560961
2017-04-27 12:51:50 +00:00
Jenkins
916bc96ee2 Merge "Expose neutron api application as a wsgi script" 2017-04-20 05:53:18 +00:00
Jenkins
e7937d149c Merge "Remove deprecated send_arp_for_ha option" 2017-04-19 05:32:41 +00:00
Jenkins
5e2fa751e8 Merge "Add a new configuration variable for api links." 2017-04-19 04:15:17 +00:00
Ihar Hrachyshka
8bb94820bd Remove deprecated send_arp_for_ha option
Now Neutron always sends three gARPs after address assigned to an
interface.

Change-Id: I0d44f4cc59e1675b20d0da329faf7fd3ab91acbf
Closes-Bug: #1639879
2017-04-18 13:38:35 -04:00
Mark Doffman
f45957a67f Add a new configuration variable for api links.
Currently we use WebOb.request.application_url to return a link to the
neutron api. This may not be the correct link in the case where
'X-Forwarded-Proto' is used. Nova provides the osapi_compute_link_prefix
variable for providing custom links to the api. This does the same
for Neutron.

Co-Authored-By: Kevin Benton <kevin@benton.pub>
Change-Id: I92227803b1bc2fec10ee168a0285f2f6f09f55b0
2017-04-18 15:16:41 +00:00
Jenkins
843c1a6a1b Merge "Don't override default values for oslo.db options" 2017-04-17 15:48:57 +00:00
Victor Morales
429703a9a8 Expose neutron api application as a wsgi script
This can then be loaded into a wsgi compatible web server like
apache2/httpd or nginx.

DocImpact A new neutron-api script is installed, and can be used to
start either a standalone wsgi server (calling the script directly),
or as a wsgi script loaded by a web server (e.g. by httpd/mod_wsgi).

Change-Id: Ie9bb8b33f6e1335219e574d832ac264b043d90e6
Partial-Bug: #1666779
Co-Authored-By: Brandon Logan <brandon.logan@rackspace.com>
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
2017-04-17 02:07:27 +00:00
Ihar Hrachyshka
da8d5b4770 Allow to disable DVR api extension loading
A lot of clouds using the router service plugin don't configure for DVR,
but the service plugin still loads the extension, and exposes it via
API. Which will break if api consumers (admins with default policy.json)
attempt to create new style routers based on the information passed
through /extensions/ api.

This change introduces a new config option that allows to avoid loading
the extension. For complatibility sake, it requires an opt-in from ops
side to disable it, otherwise the extension is still loaded as before.

This is helpful for automation matters. It may also be useful when
preparing tempest.conf api_extensions=, when you could actually pass the
result of /extensions/ request into tempest and expect the test suite to
pass without yanking dvr off the list for non-dvr setups.

We could go further and try to check if the controller is configured
properly. That is complicated by the fact that f.e. such validation may
require talking to ml2 drivers, or even agents, which is not feasible
during api startup.

Change-Id: I84be9be93862fe71a2d5b5322d7ebd476c784163
Related-Bug: #1450067
2017-04-16 17:44:31 -07:00
Jenkins
f61955a74a Merge "Port data plane status extension implementation" 2017-04-16 04:15:17 +00:00
Joe Talerico
27d18ac5c5 Don't override default values for oslo.db options
This change will make neutron-server use default values from oslo.db if
any of them are not overridden in config files, instead of applying its
own unique values that may be unexpected to users and operators.

It also makes our config files correct since now we don't claim wrong
values being default. (Remember the config generator was never aware of
our snowflake behaviour.)

If you wonder why we were overriding it in the first place, it was
needed back in the times when we were using db module from
oslo-incubator that has not provided proper defaults. Those times are
long gone.

Of course the change is not impact free, and operators who for some
reason want to keep the old values may need to adjust their
configuration files. Still, I believe using default values from oslo.db
is the correct thing to do long term.

We still need to set connection string for unit tests to sqlite:// since
oslo.db doesn't provide any default value for the option. It should be
fine to effectively unset default value for the option for
neutron-server since no one in production can use sqlite anyway.

This change also drops set_db_defaults function from
neutron.common.config. I have checked that there are no consumers for
the function outside the tree.

NeutronLibImpact
UpgradeImpact

Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
Change-Id: Ia97d6cf24e554f7b3878dd301ae4e7e10a1c9998
Closes-Bug: #1682307
2017-04-13 08:06:39 -07:00
Swaminathan Vasudevan
3162846a7b DVR: Create router to fip namespace connection based on gateway state
In order to route traffic between the internal subnets and the
external subnet that belong to the same address_scopes we need
to create the gateway port and the fip namespace irrespective of
the configured floatingips for the internal subnet.

This will consume an additional IP from the external subnet on
all nodes, but with the introduction of service_type networks,
this will not be an issue any more.

This patch is the first in series that creates the agent gateway
port and the fip namespace on every node when the gateway is set
for the router. For every router created it will connect the
router namespace to the fip namespace.

Partial-Bug: #1577488
DocImpact: Document the change in behavior for fip-agent-gw create
Change-Id: I30c4f7fc250e486fe9a71b68540e783e90a6cf15
2017-04-11 15:27:48 -07:00
Carlos Goncalves
89de63de05 Port data plane status extension implementation
Implements the port data plane status extension. Third parties
can report via Neutron API issues in the underlying data plane
affecting connectivity from/to Neutron ports.

Supported statuses:
  - None: no status being reported; default value
  - ACTIVE: all is up and running
  - DOWN: no traffic can flow from/to the Neutron port

Setting attribute available to admin or any user with specific role
(default role: data_plane_integrator).

ML2 extension driver loaded on request via configuration:

  [ml2]
  extension_drivers = data_plane_status

Related-Bug: #1598081
Related-Bug: #1575146

DocImpact: users can get status of the underlying port data plane;
attribute writable by admin users and users granted the
'data-plane-integrator' role.
APIImpact: port now has data_plane_status attr, set on port update

Implements: blueprint port-data-plane-status

Depends-On: I04eef902b3310f799b1ce7ea44ed7cf77c74da04
Change-Id: Ic9e1e3ed9e3d4b88a4292114f4cb4192ac4b3502
2017-04-11 19:56:13 +00:00
yuhui_inspur
b6a5b86854 Add Apache License Content in index.rst
Add Apache License 2.0 Content which is necessary
for ./releasenotes/source/index.rst.

Change-Id: Ia48ec9134adb3956a8fef084643860ea3d2e15a5
2017-04-09 19:33:00 +00:00
Jenkins
f9b9474e8c Merge "Use os-xenapi for neutron when XenServer as hypervisor" 2017-04-05 11:55:46 +00:00
Armando Migliaccio
4a6d06550b Inherit segmentation details for trunk subports if requested
This patch introduces support for requests where the user does
not know the segmentation details of a subport and by specifying
segmentation_type=inherit will let the trunk plugin infer these
details from the network to which the subport is connected to, thus
ignoring the segmentation_id in case it were to be specified.

This type of request is currently expected to have correct results
when the network segmentation type is 'vlan', and the network has
only one segment (provider-net extension use case).

DocImpact: Extend trunk documentation to include Ironic use case.

Closes-bug: #1648129

Depends-on: Ib510aade1716e6ca92940b85245eda7d0c84a070
Change-Id: I3be2638fddf3a9723dd852a3f9ea9f64eb1d0dd6
2017-04-03 21:22:38 -07:00
Jenkins
e3ffe24b2c Merge "Update metering agent to use stevedore alias for driver" 2017-04-02 03:50:09 +00:00
Jenkins
39cc2ca5fd Merge "Apply QoS policy on network:router_gateway" 2017-04-01 12:57:08 +00:00
Huan Xie
bc23e29423 Use os-xenapi for neutron when XenServer as hypervisor
We have made os-xenapi repository to deal with XenServer Dom0
specific functions, this patch is to change neutron to use
os-xenapi when XenServer is hypervisor and move the building
RPM scripts into os-xenapi repo

Depends-On: I8a31c81d9475387fe4ed7030b70b26098e588771

Change-Id: Ia958c366189386b1b5abbadbb4d74950aaa23bb2
2017-03-30 18:33:37 +00:00
Hirofumi Ichihara
2f8b4e06fe Remove a release note for reverted patch
The release note was missed remove in revert patch[1]. Now it shows
non-existent feature in the release note[2]. This patch removes it.

[1]: https://review.openstack.org/#/c/431506/
[2]: https://docs.openstack.org/releasenotes/neutron/ocata.html#new-features

Closes-Bug: #1676787
Change-Id: I377de0c8491424f3ae9d56ed8ba2526e6137fc2e
2017-03-28 18:02:01 +09:00
Jean-Philippe Evrard
c9d4698409 Update metering agent to use stevedore alias for driver
Currently the metering agent is using the old import method,
use stevedore instead.

DocImpact

Two places in the networking guide should change to
'driver = iptables' from current format.

Partial-Bug: #1504536
Change-Id: I1e6d196a3ada8fbfc2b70d6a983984d8db09bbd0
2017-03-27 16:28:15 -04:00
Jenkins
5276a46a80 Merge "Bump default quotas for ports, subnets, and networks" 2017-03-23 11:19:26 +00:00
Ihar Hrachyshka
95f621f717 Bump default quotas for ports, subnets, and networks
It's probably not very realistic to expect power users to be happy with
the default quotas (10 networks, 50 ports, 10 subnets). I believe that
larger defaults would be more realistic. This patch bumps existing
quotas for the aforementioned neutron resources x10 times.

DocImpact change default quotas in documentation if used in examples
          anywhere.
UpgradeImpact operators may need to revisit quotas they use.
Closes-Bug: #1674787
Change-Id: I04993934627d2d663a1bfccd7467ac4fbfbf1434
2017-03-21 18:35:28 +00:00
Maxime Guyot
2d1ee7add7 Apply QoS policy on network:router_gateway
All router ports (internal and external) used to be excluded from QoS
policies applied on network. This patch excludes only internal router
ports from network QoS policies.
This allows cloud administrators to set an egress QoS policy to a
public/external network and have the QoS policy applied on all external
router ports (DVR or not). To the tenant this is also egress traffic so
no confusion compared to QoS policies applied to VM ports.

DocImpact

Update networking-guide/config-qos, User workflow section:
- Replace "Network owned ports" with "Internal network owned ports"

Change-Id: I2428c2466f41a022196576f4b14526752543da7a
Closes-Bug: #1659265
Related-Bug: #1486039
2017-03-21 11:24:57 +01:00
Jenkins
26b8848a9e Merge "Switch ns-metadata-proxy to haproxy" 2017-03-14 17:32:13 +00:00
Daniel Alvarez
3b22541a2a Switch ns-metadata-proxy to haproxy
Due to the high memory footprint of current Python ns-metadata-proxy,
it has to be replaced with a lighter process to avoid OOM conditions in
large environments.

This patch spawns haproxy through a process monitor using a pidfile.
This allows tracking the process and respawn it if necessary as it was
done before. Also, it implements an upgrade path which consists of
detecting any running Python instance of ns-metadata-proxy and
replacing them by haproxy. Therefore, upgrades will take place by
simply restarting neutron-l3-agent and neutron-dhcp-agent.

According to /proc/<pid>/smaps, memory footprint goes down from ~50MB
to ~1.5MB.

Also, haproxy is added to bindep in order to ensure that it's installed.

UpgradeImpact

Depends-On: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
Depends-On: Ia37368a7ff38ea48c683a7bad76f87697e194b04

Closes-Bug: #1524916
Change-Id: I5a75cc582dca48defafb440207d10e2f7b4f218b
2017-03-08 15:20:50 +00:00
Jenkins
b34f705536 Merge "Deprecate nova_metadata_ip in favor of nova_metadata_host option" 2017-03-04 03:55:40 +00:00
Cedric Brandily
366dd7cc37 Deprecate nova_metadata_ip in favor of nova_metadata_host option
nova_metadata_ip option name is a bit confusing as it accepts an ip but
also a dns name (which is required when https protocol is used).

This change deprecates nova_metadata_ip option in favor of
nova_metadata_host option and updates option help to highlight that we
can use an ip or a dns name.

DocImpact
Closes-Bug: #1585699
Change-Id: Ia6c2471c7b4f3e924941222133edbb90151757a5
2017-03-02 21:01:37 +01:00
Jenkins
cb94b52930 Merge "Deprecate gateway_external_network_id option" 2017-03-02 00:28:53 +00:00
Jenkins
edeb1f0bcc Merge "Mark of_interface option deprecated" 2017-02-27 13:53:17 +00:00
IWAMOTO Toshihiro
367d354021 Mark of_interface option deprecated
Per Ocata Design Summit discussion, ovs-ofctl of_interface driver
will be deprecated and removed.

Change-Id: I0d94036e25919db1197819f5fe429205b01eee33
Related-blueprint: ovs-ofctl-to-python
2017-02-25 05:46:14 +00:00
Ihar Hrachyshka
391ac43bf3 Deprecate gateway_external_network_id option
This option is used only when external_network_bridge is set to
non-empty value, and that other option is already marked for removal.

DocImpact The gateway_external_network_id option is deprecated and will
          be removed in next releases.

Change-Id: Ie6ea9b8977a0e06d69d735532082e9e094c26534
Related-Bug: #1511578
2017-02-23 10:25:11 +00:00
yuhui_inspur
c38b206f73 [TrivialFix]Remove the file encoding which is unnecessary
Basically, the commit removes the file encoding - since jenkins is fine
with it, means it was really unnecessary and the change makes sense.

Change-Id: Id0821c9b11b9efad1836596c407566c9eb4dc11a
2017-02-11 01:07:17 +00:00
Jenkins
f8e942c5bd Merge "Terminate macvtap agent when physical_interface_mapping config not present" 2017-02-06 11:17:03 +00:00
Jenkins
df7de345fc Merge "Enhance tag mechanism" 2017-02-06 08:56:38 +00:00
Hirofumi Ichihara
b56f008f3a Enhance tag mechanism
This patch enhances the tag mechanism for subnet, port, subnetpool,
router resources. The tag-ext as new extension is added so that
tag supports their resources.

APIImpact: Adds tag support to subnet, port, subnetpool, router
DocImpact: allow users to set tags on some resources

Change-Id: I3ab8c2f47f283bee7219f39f20b07361b8e0c5f1
Closes-Bug: #1661608
2017-02-04 11:07:04 +09:00