Commit Graph

19065 Commits

Author SHA1 Message Date
Ihar Hrachyshka
a521bf0393 Make use of -w argument for iptables calls
Upstream iptables added support for -w ('wait') argument to
iptables-restore. It makes the command grab a 'xlock' that guarantees
that no two iptables calls will mess a table if called in parallel.
[This somewhat resembles what we try to achieve with a file lock we
grab in iptables manager's _apply_synchronized.]

If two processes call to iptables-restore or iptables in parallel, the
second call risks failing, returning error code = 4, and also printing
the following error:

    Another app is currently holding the xtables lock. Perhaps you want
    to use the -w option?

If we call to iptables / iptables-restore with -w though, it will wait
for the xlock release before proceeding, and won't fail.

Though the feature was added in iptables/master only and is not part of
an official iptables release, it was already backported to RHEL 7.x
iptables package, and so we need to adopt to it. At the same time, we
can't expect any underlying platform to support the argument.

A solution here is to call iptables-restore with -w when a regular call
failed. Also, the patch adds -w to all iptables calls, in the iptables
manager as well as in ipset-cleanup.

Since we don't want to lock agent in case current xlock owner doesn't
release it in reasonable time, we limit the time we wait to ~1/3 of
report_interval, to give the agent some time to recover without
triggering expensive fullsync.

In the future, we may be able to get rid of our custom synchronization
lock that we use in iptables manager. But this will require all
supported platforms to get the feature in and will take some time.

Closes-Bug: #1712185
Change-Id: I94e54935df7c6caa2480eca19e851cb4882c0f8b
2017-08-31 20:28:53 +00:00
Ihar Hrachyshka
7319c84455 Revert "DVR: _get_floatingips_bound_to_host throws KeyError"
This reverts commit 47fbc6157a.

Change-Id: I207b391fa9252e5639606b72d66234acb0ff9a4a
2017-08-30 20:34:14 +00:00
Swaminathan Vasudevan
47fbc6157a DVR: _get_floatingips_bound_to_host throws KeyError
_get_floatingips_bound_to_host function was introduced
recently in dvr_local_router to retrieve the external
interface name for centralizing the floatingip.

This function was throwing a 'KeyError' on fip['host'] and
not required for centralized floatingips anymore.

The get_external_device_interface_name in dvr_local_router
will try to get the 'fg' interface that is required for
the bound floating-ips to clear up some of the rules.
In the case of the centralized unbound floating-ips, the
'qg' external interface is retreived from
get_snat_external_device_interface_name that is defined
in 'dvr_edge_router' and based on the namespace.

So _get_floatingips_bound_to_host can be removed from
get_external_device_inteface_name.

Closes-Bug: 1712412

Change-Id: I94c0a071df32f572745a2c29942956c3da9f309b
2017-08-24 16:03:27 -07:00
Armando Migliaccio
941cb677dc Open Queens DB branch
Change-Id: Ie9462853da6ddfe5bc434072f1d3094d0fae9dac
2017-08-24 14:46:01 +00:00
Jenkins
989532a7ac Merge "Fix default qos policy when creating network" 2017-08-24 14:11:00 +00:00
Jenkins
f0e4809ca8 Merge "Fix test_keepalived_ipv6_support for Keepalived v1.2.20" 2017-08-24 09:00:19 +00:00
Jenkins
5d2017efc3 Merge "Hook bandit security linter to pep8 target" 2017-08-24 06:10:40 +00:00
OpenStack Proposal Bot
2ab7c23b45 Updated from global requirements
Change-Id: I7fe9d059016edbb26a8fb6f27a1a6e8b41494edd
2017-08-23 23:28:50 +00:00
Jakub Libosvar
594d8b8b3a functional: Fix reference to ovsdb connection
Change I379448fd135a3bb2ac99709812b9f476c73923a7 replaced connection
attribute of IDL to ovsdb_connection. After updating upper constraints
to newer ovsdbapp version, we no longer have connection attribute.

Change-Id: I6f060fff4df7323a3877f56cb1fa586a22d16670
Closes-bug: #1712594
2017-08-23 14:44:16 +00:00
Hirofumi Ichihara
95bbb7385b Fix default qos policy when creating network
In _create_network_policy(), policy object is passed into _get_policy_obj()
although it expects to be passed policy id. This patch passes policy id
instead of policy object and adds a unit test and API tests.

Change-Id: Ic4c755c54d93d7ca3312b432b7c1e6770f25c359
Closes-bug: #1712278
2017-08-23 13:03:18 +00:00
Jenkins
4bf5b9d5da Merge "Log policy filters in one line" 2017-08-23 11:09:37 +00:00
venkata anil
334a1ed7d5 Fix test_keepalived_ipv6_support for Keepalived v1.2.20
In commit [1] (some explanation in [2] ) VRRP initialisation is enhanced
to read source IP address(to use when sending VRRP packets) from the
HA interface or from keepalived config("unicast_src_ip" parameter).
If it is unable to find IP address, VRRP initialisation will fail with
error "Cannot find an IP address to use for interface".

In the test, we set vrrp->family to AF_INET by setting vip to
169.254.0.1/24 through config, but not providing source IPv4 address(i.e
no 'unicast_src_ip' option or no IP on HA interface), making the test
to fail with [1]. To fix that, we set the IP address on HA interface.

Note: Commit [1] is added in Keepalived version 1.2.20.
Tested the fix on both Keepalived v1.2.19 and Keepalived v1.2.20.

[1] https://github.com/acassen/keepalived/commit/37488e57
[2] https://github.com/acassen/keepalived/issues/445

Closes-bug: #1712388
Change-Id: I260c0e6810ed54c93f93621afa6ab13855ef2428
2017-08-23 14:03:39 +03:00
Jenkins
08bf4706f1 Merge "Fixes input for netlink-lib functional tests" 2017-08-22 17:46:51 +00:00
Jenkins
37804b5127 Merge "add doc section for ml2 extension drivers" 2017-08-21 23:07:34 +00:00
Jenkins
90b3586176 Merge "tests: Log spawned processes by RootHelperProcess" 2017-08-21 22:19:25 +00:00
Boden R
d5a3b24bde add doc section for ml2 extension drivers
Today the ML2 config reference doesn't mention anything about ML2
extension drivers. While it likely doesn't make sense to clutter the
primary ML2 driver types (type/mech) with extension drivers, this patch
proposes we add a small section about them to link the concept to the
config reference.

Change-Id: Id964e6e4d13d400ea4cd8a1707ad0f08c52ef0b1
Partial-Bug: #1683102
2017-08-21 11:57:43 -06:00
Jenkins
f311b42d28 Merge "Treat Filter as Dict in get_policies" 2017-08-21 01:51:04 +00:00
Jenkins
5b3c713384 Merge "DB migration checklist task for Pike" 2017-08-19 20:45:18 +00:00
Jenkins
90b4a7c511 Merge "Fix DefaultSubnetPool API test" 2017-08-18 23:54:42 +00:00
Reedip
23ef48ad55 Treat Filter as Dict in get_policies
Currently QoS plugin's get_policies doesnt check if the filter
is a dict or not, though similar checks exist in get_rule_types()
and get_policy_rules().
This patch adds the check so that if any consumer passes filters=None
then it is converted to a dict.

TrivialFix
Partial-Bug: #1711165

Change-Id: Id50674c44cd3720dcd8fd6d66361d937599f5992
2017-08-18 05:45:47 +00:00
Jenkins
03c3f7e707 Merge "Stop using v2 identity API" 2017-08-18 00:21:10 +00:00
Jenkins
a6d4773e55 Merge "Add stubs for new ovsdbapp API functions" 2017-08-17 21:43:49 +00:00
Cuong Nguyen
b19fb20336 Fixes input for netlink-lib functional tests
Netlink-lib creates some conntrack entries to verify list_entries()
method. Each entry contains a zone_id, which might be duplicated with
some already existed entries in OS.

This patch proposes a simple verification to make sure entries created by
netlink-lib do not contain existed zone_id.

Change-Id: I4bce5041f82782cf9e51d99c605593afb2cf4fc8
Closes-Bug: #1708030
2017-08-17 15:42:02 +07:00
Jenkins
f9838f40ab Merge "Revert "functional: disable netlink tests"" 2017-08-17 06:32:03 +00:00
Jakub Libosvar
5b51cd8dcb Stop using v2 identity API
v2 identity API was deprecated in Mitaka. There is only a one test
remaining that still relies on the v2 identity API. This patch replaces
v2 with v3.

Change-Id: Iaeb9153084c6864b0982902bbb2ae9c0233266a6
2017-08-16 19:56:22 +00:00
Jenkins
a2686541e8 Merge "releasenotes: Move Pike ignore-notes to a proper file" 2017-08-16 19:20:04 +00:00
Terry Wilson
3103a11f95 Add stubs for new ovsdbapp API functions
Neutron doesn't use these methods, but they will be added to
ovsdbapp 1.0, and being abstractmethods, would cause an error. The
methods are added in I664add660ce0ec3b0da23325ad38580d850e1f29 and
I9352ffe0f245c579fd766ecd00e8ca512f806798.

Change-Id: Ibfdea4890f7d01ddd38872db40a9829d6b6bdf90
2017-08-16 11:56:45 -05:00
Jakub Libosvar
a41ce8d6bb tests: Log spawned processes by RootHelperProcess
This patch logs the command spawned by RootHelperProcess, it is
handy when debugging failed functional tests on upstream gate.

Change-Id: I743a223c4ff4882fdd760a20823150558d5e5f4a
2017-08-16 14:01:04 +02:00
Cao Xuan Hoang
59adf8bf0d Revert "functional: disable netlink tests"
This reverts commit 75ddc9c34e.

The bug mentioned in original patch has been fixed in
kernel 4.4.0-92.115. And current gate runs with the kernel.
This patch reverts the change to re-enable the netlink tests.

Change-Id: I580e76557e026f45c114b0f4ef6bac5253e3add7
2017-08-16 03:33:26 +00:00
Jenkins
24f02d6a72 Merge "Add documentation for Linux Bridge and OVS ingress QoS" 2017-08-16 03:04:53 +00:00
Jenkins
ba9a308c3f Merge "tests: don't set description in test_blank_update_clears_association" 2017-08-16 01:43:51 +00:00
Jenkins
137b682273 Merge "Fixing test_convert_default_subnetpool_to_non_default" 2017-08-15 22:16:02 +00:00
Jenkins
abb55d6e85 Merge "Add a target to Sinkhole so it's compatible" 2017-08-15 21:15:42 +00:00
Armando Migliaccio
7e1472888e DB migration checklist task for Pike
Change-Id: I4a51e96800bfac31f7d4e0879f32e81e78afbd85
2017-08-15 12:19:32 -07:00
Jenkins
01e46790c6 Merge "Stop logging full object in RPC push code" 2017-08-15 15:18:03 +00:00
Jenkins
bc782c8248 Merge "fullstack: Actually run ovsfw tests" 2017-08-15 03:57:17 +00:00
Jenkins
7c1e21a3f3 Merge "Make code follow log translation guideline" 2017-08-14 17:42:09 +00:00
Jenkins
d725e8c11d Merge "Remove 'persisted dirty' log message" 2017-08-14 12:38:46 +00:00
Jakub Libosvar
637734c1b6 Fix DefaultSubnetPool API test
As default subnetpool is a unique resource in the cloud, it needs to be
cleaned after each test is done. This patch adds a cleanup call to
DefaultSubnetPool tests in order to delete created default subnet pool.

Change-Id: I4c963d0d0e9910f7047061b51feb36c8a19de65c
Closes-bug: #1709938
2017-08-14 09:46:41 +00:00
Inessa Vasilevskaya
7322bd6efb Make code follow log translation guideline
Since Pike log messages should not be translated.
This patch removes calls to i18n _LC, _LI, _LE, _LW from
logging logic throughout the code. Translators definition
from neutron._i18n is removed as well.
This patch also removes log translation verification from
ignore directive in tox.ini.

Change-Id: If9aa76fcf121c0e61a7c08088006c5873faee56e
2017-08-14 02:01:48 +00:00
Jenkins
c65e541b6e Merge "Remove code to debug auto address allocation error" 2017-08-14 01:44:29 +00:00
Jenkins
f7e799a4a8 Merge "Apply network MTU changes to dhcp ports" 2017-08-12 22:57:34 +00:00
Jenkins
b503b32624 Merge "DVR: Provide options for DVR North/South routing centralized" 2017-08-12 13:08:29 +00:00
Jenkins
559f83a6c1 Merge "Apply network MTU changes to l3 ports" 2017-08-12 06:16:30 +00:00
Jenkins
21a7ad29bf Merge "Drop port_delete and port_update debug msgs" 2017-08-12 06:04:06 +00:00
Kevin Benton
2d8ffe2a08 Stop logging full object in RPC push code
We already log the full object on the agent side
and other server methods log important parts of
the object so there isn't much to gain logging the full
OVO components passed to this function's args.

This adds a specific debug statement that just indicates
the types, IDs, and revision_numbers being pushed out so
they can still be correlated with received objects on the
agent side.

Partial-Bug: #1707307
Change-Id: I4499bb328f0aeb58fe583b83fb42cd2d26c1c4c1
2017-08-11 20:37:16 -07:00
Jenkins
4f581d2168 Merge "Add API test for port dns_domain" 2017-08-11 20:30:25 +00:00
YAMAMOTO Takashi
daa1c85a3b releasenotes: Move Pike ignore-notes to a proper file
Now unreleased.rst is for Queen.

Related-Bug: #1708560
Change-Id: Iaf6642c8955d68a1f6b6572d3ae2a3dabc1244df
2017-08-12 01:43:47 +09:00
Jenkins
e53bb591ec Merge "Update reno for stable/pike" 2017-08-11 15:49:20 +00:00
Jenkins
76e1af8188 Merge "Allow unprivileged users to get their quota usage" 2017-08-11 15:24:15 +00:00