This change replaces a usage of the deprecated root_helper option
by the usage of get_root_helper result.
Change-Id: Icfc698243784557cbf987a817c13d0b80969e5d3
Closes-Bug: #1297145
Set reraise=False for the cases where the purpose of exception
handler is to reraise proper type of exception
Change-Id: Id6595ba1e160b9033d519ded16e0fbd2f91ccb5d
Closes-Bug: #1288188
Plugging a device usually involves checking for the existence of the
device twice, once before calling plug and once after. It turns out
that these calls are expensive, often taking a half second or more
each. For that reason, it is worth the effort to make sure we check
only once.
The device driver is now responsible for cleanly plugging/unplugging
the device without knowing whether it exists or not. Pushing this
responsibility to the device driver allows implementing it more
efficiently in terms of calls made out to the operating system.
This is targetted at the neutron-tempest-parallel bp because it shaves
time off the time to set up a router, something that hinders parallel
performance.
Change-Id: I391fafe68b76e1c620d2b25e8613ba507fd25dfd
Partial-Bug: #1287824
I saw some code in a couple of reviews today that check whether a
namespace is set and run it under "ip netns exec ..." if it is.
Otherwise, it runs the command without it in the default namespace.
Change-Id: I55e8f4f3523ec7a7c5a6f082addf918952a05741
Closes-Bug: #1287524
Add a new 'status' attribute to the floating IP resource.
Extend the plugin RPC interface for allowing status updates from agents,
and implement support for operational status in the L3 agent.
The default behaviour for all the plugins different from
neutron.services.l3_router.l3_router_plugin is to set the status of
a floating IP to ACTIVE upon creation.
Implements blueprint fip-op-status
Change-Id: Ib0176fbcde95b0db5dfdabd4fc297d1d29c0d604
In the process __init__.py involved have been emptied;
vim modelines and author lines have been dropped from
the license headers affected by the change as well.
Partial-implements blueprint nicira-plugin-renaming
Change-Id: I9c535b59bb2e83f275816472e0e32b41444d3bbe
Some config options(interface_driver, use_namespaces) are defined
multiple times in ad-hoc way. It causes DuplicateOptError exception
when using those module at the same time. Right now the exception is
avoided in ad-hoc way by each executable. Those duplicated
definitions should be consolidated and treated in uniformed way.
This is the blocker for blueprint: l3-agent-consolidation
neutron.services.loadbalancer.drivers.haproxy.agent periodic_interval
conflicts with neutron.service one. Since there is no way to fix it
without changing existing behavior/default value, it is untouched for now.
Closes-bug: #1279769
Change-Id: Ifed79b7ee0033644854499416f8a2b22a20416fe
When neutron router-interface-delete <router> <subnet> is ran
during L3-agent restart, the agent may fail to delete the old
internal device. After the restart, when the command "neutron
router-interface-add <router> <subnet>" is ran again, the
router ends up having two internal devices configured with the
same IP address.
Closes-Bug: #1244853
Change-Id: I0d7e2db6aa7dae26d0fc3fe1b1527762cb1e3b23
Rather than fetching the id of the external network each time that
_process_routers is called, get it once and remember it. If the agent
is ever requested to connect to a different ext-net then it will fetch
the current ext-net to double check for the unlikely event that the
ext-net has changed. If it has then it will remember the new ext-net.
This is only applicable in the case where there is only one ext-net
that has not been configured explicitly in the config file. That was
the only case that would cause an RPC message in the first place.
Change-Id: I40bbbf6233131ea5d40122ef9495fd3cb7dc823a
Closes-Bug: #1269567
Change the behaviour of the L3 agent in order to set the IP addresses
for the floating IPs on the external gateway interface after the
relevant NAT rules have been applied.
This will avoid a transitory period in which the floating IP exists
and is reachable but it not yet wired to the actual target.
Partial-Bug: #1265505
Change-Id: Ib382fde021868bab2185f2fa5bdee86559148ba7
When a L3 agent controlling multiple qrouter namespaces
restarts, it destroys all qrouter namespaces even if
some of them are still in use. As a result, network
traffic could be stopped on the VMs that use the
networks associated with these namespaces.
So what is needed is for the L3 agent to preserve those
qrouter namespaces a L3 agent instance recognizes and to
destroy those it does not know about.
Closes-Bug: #1175695
Change-Id: Idae77886bd195d773878c3d212ccfd56269216fb
This patch adds a new configuration variable for the timeout on
ovs-vsctl commands, and sets the default timeout to 10 seconds.
This is aimed at allowing users to tune the agents in order to avoid
timeout errors on their deployments.
Change-Id: I73ea0d0de49a4b4a118bc2d68ad9c093ea122717
Closes-Bug: #1254520
With this patch a l3 agent can handle
any networks by setting the neutron
parameter external_network_bridge
and gateway_external_network_id to
empty.
Related-Bug: #1234750
Related-Bug: #1194350
Change-Id: Id260a239df23951da730513f40cda490002effc3
If internal_network_added/removed fails, _sync_routers_task will call
process_router to do fault recovery. Because the port is already
added/removed to/from ri.internal_ports, internal_network_added or
internal_network_removed will not be called again.
The patch fix this issue by calling ri.internal_ports.append/removed
only if internal_network_added/removed succeed. Without the patch,
the added testcases would fail.
Change-Id: I2d2e004caa670c1624257c1d7ccc900438b42d08
Co-Authored-By: Hirofumi Ichihara <ichihara.hirofumi@lab.ntt.co.jp>
Closes-Bug: #1255871
Adds a configuration option to tell the network agents to delete
namespaces when they are no longer in use. The option defaults to
False so that the agent will not attempt to delete namespaces in
environments where this is not safe.
This has been working well in deployments where iproute2 has been
patched with commit 58a3e8270fe72f8ed92687d3a3132c2a708582dd or it is
new enough to include it without being patched.
Change-Id: Ice5242c6f0446d16aaaa7ee353d674310297ef72
Closes-Bug: #1250596
Related-Bug: #1052535
Refactor _spawn/destroy_metadata_proxy so that it can be called
with only the namespace and the router_id.
Change-Id: Id1c33b22c7c3bd35c54a7c9ad419831bfed8746b
Closes-Bug: #1252856
This approach to configuring floating ips is stateless and idempotent.
This allows it to handle corner cases, such as reusing a floating ip
address with a different floating ip id in a way that is easier to
understand.
The concept is to wipe the floating ips clean and rebuild them each
time with the following optimizations. To avoid bad performance in
manipulating iptables, it is called in the context of a call to
defer_apply_on. To avoid a disruption in network flow a set
difference is use to determine the set of addresses that no longer
belong on the inteface rather than removing them all blindly.
Change-Id: I98aacbbb52b35688036990961d02e0b273504a77
Fixes: Bug #1209011
Change _send_gratuitous_arp_packet() to spawn a thread to call
arping after a floating IP is assigned. This way it doesn't
stall _process_routers() from returning quickly due to calling
pool.waitall().
Fixes Bug: 1233391
Change-Id: Id1f5eb75c222ba6a0935a294e3973292f50d0559
This patch adopts several measures to prevent _sync_routers_task
and _rpc_loop from hanging because of subprocess.Popen.communicate
not returning.
1) Perform a sleep everytime a command is completed, similarly to
what is done in openstack.common.processutils.execute
2) Disable by default GARP, as kernel crashes caused by arping
have been observed
3) Prevent a non-critical keyerror in _router_removed from triggering
again a full sync, which might put the system under significant load.
This patch also adds debug log statements aimed at improving the
ability of debugging similar failures.
Change-Id: I003316bce0f38b7d2ea7d563b5a0a58676834398
Partial-Bug: 1224001
The metadata filter rules should not be added into iptables if Neutron
metadata proxy is disabled.
This patchset fixes this issue by adding a condition when adding metadata
filter rules to iptables.
Closes-Bug #1224290
Change-Id: I7f14d281c31c1828a90abac8821635773238b2d0
The SystemExit exception should be logged in l3-agent, the
operator may miss the useful exception messages to debug.
* Add error log for SystemExit in l3-agent.
* Add unit test for None and Wrong interface_driver.
Closes-Bug #1229105
Change-Id: I9ac60a528c1e88827078d552a30c8d571066d21c
IF both service neutron-l3-agent and neutron-server are up,
but no router id configured in /etc/neutron/l3_agent.ini, an
exception will be raised on DB as "DBError: IntegrityError",
because the variable router_ids has a default '' value that
doesn't match the DB grammar.
* Check router id is specified in _init_() of l3 when
not using namespace.
* Move part of checking config params actions to new function
_check_config_params()
* Add corresponding unit tests.
Closes-Bug: #1226366
Change-Id: I905f8a4061c5b250782e025681dfefcc41c8c03c
This patchset fixes this issue by adding a condition when adding nat
rules of neutron metadata proxy.
fixes bug #1212168
Change-Id: I99775aad73c49a8df3043690440d214614279a2b
Implements blueprint ipsec-vpn-reference
This patch implements reference driver implementation for VPNaaS.
The driver uses openswan to manage vpn connections.
Future work: Support ikepolicy and ipsec update
Support service type framework
Intelligent updating of resources
This commit adds jinja2 for requirements.txt for
generating cofig file.
Change-Id: I8c5ed800a71ca014dc7bdbb6a57c4f8d18fa82e0
Clearing the chain in this code eliminates the rule to jump to the
floating-snat chain. This is the simplest way to get it working
again.
Change-Id: Ic1818e10bd64170b6f0a2f52af8dc0814d7e04e0
Fixes: Bug #1218040
If ext-gw-mode extension isn't supported by plugin, it won't
return enable_snat param in router info. Agent will currently
default to enable_snat = false, which changes from expected
default behaviour prior to ext-gw-mode introduction.
This patch changes L3 agent to enable SNAT by default if plugin
doesn't support ext-gw-mode extension.
Change-Id: I35e8f8c20392bff9ac2f875f2c9a1038ab06ad7b
Closes-Bug: #1212868
This patch breaks gating job.
Because nat rule for metadata will be only added on the
router_add.
Revert it for now.
Fixes bug 1211829
This reverts commit 9382ee6592.
Change-Id: I05925798cddc7a706e922025ef6ce27b6638ffb6
This approach to configuring floating ips is stateless and idempotent.
This allows it to handle corner cases, such as reusing a floating ip
address with a different floating ip id in a way that is easier to
understand.
The concept is to wipe the floating ips clean and rebuild them each
time with the following optimizations. To avoid bad performance in
manipulating iptables, it is called in the context of a call to
defer_apply_on. To avoid a disruption in network flow a set
difference is use to determine the set of addresses that no longer
belong on the inteface rather than removing them all blindly.
Change-Id: I0cfb58d487b1925e0a0db2a701c5ea3c56a0b2b5
Fixes: Bug #1209011
blueprint: quantum-fwaas-agent
This is the first iteration of the FWaaS Agent with some basic
functionality to enable integration of Plugin - Agent - Driver.
An inheritance approach is taken with the L3 Agent to enable the
agent side messaging.
Unit tests, included, coverage being increased
Change-Id: Ib0970fdc4ad1ac53df66fba172a5a7f7d7ee3f1b
Introduced a new configuration parameter for DHCP and L3 agent
to be able to set the path of the metadata socket to be used
by neutron-ns-metadata-proxy when started inside the DHCP or L3
agent. Also moved the configuration parameter of the
neutron-ns-metadata-proxy to the CLI parameters.
fixes bug #1202628
Change-Id: I3b1aa72b4e06c00f7fed152f0ee03d52b6bbc279
In sync_routers L3-RPC method l3-agent sends router_ids but the
server side expected router_id. This commit fixes the server side
to accept router_ids, and drops "fullsync" arg from the agent side
(fullsync is not used anywhere and it does not affect RPC signature).
This change allows l3-agent to sync only the specified routers
instead of all routers.
Fixes bug #1201553
As a result of the above change, auto_schedule_routers() and
list_active_sync_routers_on_active_l3_agent() in L3 scheduler
needs to handle a list of router IDs. This commit changes L3 scheduler
to accept a list of router IDs in the above two methods.
Also fixes the argument order of fullsync and router_ids in get_routers
in L3PluginApi. L3-agent main code expects router_ids as the second arg.
Change-Id: I22e8d11b9676cbcfe9e72449031bb63071be8314
Fixes bug 1194026
Fixes bug 1200749
Introduce a looping call for performing synchronization with
neutron server.
The sync will be performed only if router changes are notified
via rpc. Only affected routers will be synchronized.
Changes will be implemented by the l3 agent spawning a
distinct greenthread for each router - iptables will
be executed only once using iptables_manager.defer_apply_on.
This patch will prevent the occurence of the following issues:
- Out-of-order rpc message processing
- Long processing time for router changes due to serial execution
- Occasional and expected RPC blocks for long periods
- Unnecessary processing of multiple requests
Change-Id: I0978d1c38ac5c38c4548e5b1877857bb5cac3b81
Cedric Brandily