Upstream iptables added support for -w ('wait') argument to
iptables-restore. It makes the command grab a 'xlock' that guarantees
that no two iptables calls will mess a table if called in parallel.
[This somewhat resembles what we try to achieve with a file lock we
grab in iptables manager's _apply_synchronized.]
If two processes call to iptables-restore or iptables in parallel, the
second call risks failing, returning error code = 4, and also printing
the following error:
Another app is currently holding the xtables lock. Perhaps you want
to use the -w option?
If we call to iptables / iptables-restore with -w though, it will wait
for the xlock release before proceeding, and won't fail.
Though the feature was added in iptables/master only and is not part of
an official iptables release, it was already backported to RHEL 7.x
iptables package, and so we need to adopt to it. At the same time, we
can't expect any underlying platform to support the argument.
A solution here is to call iptables-restore with -w when a regular call
failed. Also, the patch adds -w to all iptables calls, in the iptables
manager as well as in ipset-cleanup.
Since we don't want to lock agent in case current xlock owner doesn't
release it in reasonable time, we limit the time we wait to ~1/3 of
report_interval, to give the agent some time to recover without
triggering expensive fullsync.
In the future, we may be able to get rid of our custom synchronization
lock that we use in iptables manager. But this will require all
supported platforms to get the feature in and will take some time.
Closes-Bug: #1712185
Change-Id: I94e54935df7c6caa2480eca19e851cb4882c0f8b
_get_floatingips_bound_to_host function was introduced
recently in dvr_local_router to retrieve the external
interface name for centralizing the floatingip.
This function was throwing a 'KeyError' on fip['host'] and
not required for centralized floatingips anymore.
The get_external_device_interface_name in dvr_local_router
will try to get the 'fg' interface that is required for
the bound floating-ips to clear up some of the rules.
In the case of the centralized unbound floating-ips, the
'qg' external interface is retreived from
get_snat_external_device_interface_name that is defined
in 'dvr_edge_router' and based on the namespace.
So _get_floatingips_bound_to_host can be removed from
get_external_device_inteface_name.
Closes-Bug: 1712412
Change-Id: I94c0a071df32f572745a2c29942956c3da9f309b
Change I379448fd135a3bb2ac99709812b9f476c73923a7 replaced connection
attribute of IDL to ovsdb_connection. After updating upper constraints
to newer ovsdbapp version, we no longer have connection attribute.
Change-Id: I6f060fff4df7323a3877f56cb1fa586a22d16670
Closes-bug: #1712594
In _create_network_policy(), policy object is passed into _get_policy_obj()
although it expects to be passed policy id. This patch passes policy id
instead of policy object and adds a unit test and API tests.
Change-Id: Ic4c755c54d93d7ca3312b432b7c1e6770f25c359
Closes-bug: #1712278
In commit [1] (some explanation in [2] ) VRRP initialisation is enhanced
to read source IP address(to use when sending VRRP packets) from the
HA interface or from keepalived config("unicast_src_ip" parameter).
If it is unable to find IP address, VRRP initialisation will fail with
error "Cannot find an IP address to use for interface".
In the test, we set vrrp->family to AF_INET by setting vip to
169.254.0.1/24 through config, but not providing source IPv4 address(i.e
no 'unicast_src_ip' option or no IP on HA interface), making the test
to fail with [1]. To fix that, we set the IP address on HA interface.
Note: Commit [1] is added in Keepalived version 1.2.20.
Tested the fix on both Keepalived v1.2.19 and Keepalived v1.2.20.
[1] https://github.com/acassen/keepalived/commit/37488e57
[2] https://github.com/acassen/keepalived/issues/445
Closes-bug: #1712388
Change-Id: I260c0e6810ed54c93f93621afa6ab13855ef2428
Today the ML2 config reference doesn't mention anything about ML2
extension drivers. While it likely doesn't make sense to clutter the
primary ML2 driver types (type/mech) with extension drivers, this patch
proposes we add a small section about them to link the concept to the
config reference.
Change-Id: Id964e6e4d13d400ea4cd8a1707ad0f08c52ef0b1
Partial-Bug: #1683102
Currently QoS plugin's get_policies doesnt check if the filter
is a dict or not, though similar checks exist in get_rule_types()
and get_policy_rules().
This patch adds the check so that if any consumer passes filters=None
then it is converted to a dict.
TrivialFix
Partial-Bug: #1711165
Change-Id: Id50674c44cd3720dcd8fd6d66361d937599f5992
Netlink-lib creates some conntrack entries to verify list_entries()
method. Each entry contains a zone_id, which might be duplicated with
some already existed entries in OS.
This patch proposes a simple verification to make sure entries created by
netlink-lib do not contain existed zone_id.
Change-Id: I4bce5041f82782cf9e51d99c605593afb2cf4fc8
Closes-Bug: #1708030
v2 identity API was deprecated in Mitaka. There is only a one test
remaining that still relies on the v2 identity API. This patch replaces
v2 with v3.
Change-Id: Iaeb9153084c6864b0982902bbb2ae9c0233266a6
Neutron doesn't use these methods, but they will be added to
ovsdbapp 1.0, and being abstractmethods, would cause an error. The
methods are added in I664add660ce0ec3b0da23325ad38580d850e1f29 and
I9352ffe0f245c579fd766ecd00e8ca512f806798.
Change-Id: Ibfdea4890f7d01ddd38872db40a9829d6b6bdf90
This patch logs the command spawned by RootHelperProcess, it is
handy when debugging failed functional tests on upstream gate.
Change-Id: I743a223c4ff4882fdd760a20823150558d5e5f4a
This reverts commit 75ddc9c34e.
The bug mentioned in original patch has been fixed in
kernel 4.4.0-92.115. And current gate runs with the kernel.
This patch reverts the change to re-enable the netlink tests.
Change-Id: I580e76557e026f45c114b0f4ef6bac5253e3add7
As default subnetpool is a unique resource in the cloud, it needs to be
cleaned after each test is done. This patch adds a cleanup call to
DefaultSubnetPool tests in order to delete created default subnet pool.
Change-Id: I4c963d0d0e9910f7047061b51feb36c8a19de65c
Closes-bug: #1709938
Since Pike log messages should not be translated.
This patch removes calls to i18n _LC, _LI, _LE, _LW from
logging logic throughout the code. Translators definition
from neutron._i18n is removed as well.
This patch also removes log translation verification from
ignore directive in tox.ini.
Change-Id: If9aa76fcf121c0e61a7c08088006c5873faee56e
We already log the full object on the agent side
and other server methods log important parts of
the object so there isn't much to gain logging the full
OVO components passed to this function's args.
This adds a specific debug statement that just indicates
the types, IDs, and revision_numbers being pushed out so
they can still be correlated with received objects on the
agent side.
Partial-Bug: #1707307
Change-Id: I4499bb328f0aeb58fe583b83fb42cd2d26c1c4c1