As a part of the vendor decomposition effort, the
apic ML2 driver code is removed and replaced by
its version in the openstack/networking-cisco
Partial-implements: blueprint core-vendor-decomposition
This patch introduces two new RPC calls:
update_device_up and update_device_down are the RPC calls
used by the L2 agent to notify the plugin that
a device is up or down. These calls accept only one device.
update_device_list accepts a list of devices that will
be put up or down and returns a list of devices for which
the operation failed.
get_devices_details_list_and_failed_devices is a new RPC
call that returns a list of devices details and a list of
devices for which it was not possible to retrieve the
Thanks to these new calls, the agent will be able to update
the status of several devices using one RPC call
and to retry the operation only for the devices that failed
instead of performing a full resync.
This will be implemented in another patch.
This patch introduces the new calls only for the OVS agent.
A following patch will take care of the other L2 agents.
Partially-Implements: blueprint restructure-l2-agent
Metaplugin is removed in Liberty.
Remove all metaplugin related codes.
Co-Authored-By: Itsuro Oda <firstname.lastname@example.org>
Now that the openvswitch and linuxbridge monolithic plugins have been
deprecated and replaced by ML2 mechanism drivers, we can remove their
Also remove the migrate_to_ml2.py script which is no longer supported.
Partially-Implements: blueprint reference-implementation-split
BridgeDevice class provides methods to manage linuxbridges through
brctl. This change adds some methods to BridgeDevice in order to
always use BridgeDevice to manage linuxbridges and respect DRY
In Python 2:
>>> None > 0
In Python 3:
>>> None > 0
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: unorderable types: NoneType() > int()
This commit does not change the behaviour of the affected code, but fixes the
TypeError that is raised in Python 3.
Some tests have been added to the py34 section of tox.ini, but are currently
commented out: these are tests that work with this patch and a fixed version of
log decorator is deprecated, this change replaces it with oslo_log
This patch introduces API and DB plugin for flavor framework.
API adds Flavors and Service Profiles which are resources
available only for admins to operate.
This framework then should be leveraged by advanced services.
Included tempest API tests in neutron tree
Implements: blueprint neutron-flavor-framework
Co-Authored-By: Doug Wiegley <email@example.com>
Co-Authored-By: Madhusudhan Kandadai <firstname.lastname@example.org>
This patch implements the database model required for the network
RBAC work. In addition it migrates the current network and subnet
'shared' attributes to leverage the new table.
'shared' is no longer a property of the DB model because its status
is based on the tenant ID of the API caller. From an API perspective
this is the same (tenants will see networks as 'shared=True' if the
network is shared with them). However, internal callers (e.g. plugins,
drivers, services) will not be able to check for the 'shared' attribute
on network and subnet db objects any more.
This patch just achieves parity with the current shared behavior so it
doesn't add the ability to manipulate the RBAC entries directly. The
RBAC API is in the following patch.
Partially-Implements: blueprint rbac-networks
In some cases, logging can grab locks and thusly attempt to reschedule,
which will fail in signal handlers. this patch removes the actions
from the signal handers, just set a flat if it got a signal, then in
rpc_loop, check the flag and perform appropriate actions.
Currently sync_allocations uses with_lockmode('update) which implies
possible deadlocks with Galera multi-writers. This change decorates the
method in order to catch and retry sync_allocations.
Updating DVR Router interface ports was throwing
errors in the l2pop mechanism drivers function
PortContext's portbinding information does not show
the status of the ports. For DVR Router interface
ports the DVRPortbinding table contains the status
information for the ports.
In the case of the update_port method, there was
no code related to DVR that retreives the port
binding information from the DVRPortBinding table.
This was working before, since in the driver_context,
the PortContext was just returning the port status for
all router interfaces.
With the recent refactor to the driver_context, this
behavior changed and the PortContext was returning the
_binding.status for the DVR router interface ports and
the _port.status for the non DVR ports.
When the update_port function calls update_port_postcommit
with PortContext for DVR router interface ports, l2pop
was throwing an error saying that Portbinding does not
have the attribute 'status'.
This was causing addition of any second subnet to the
same network with respect to IPv6 to fail.
Because in the case of IPv6, when you add additional
subnets to the existing network, it just updates the port
with the IPv6 prefix instead of creating additional port.
In the case of IPv4 still we could see that there are
two different ports created for each subnet we try to
This patch fixes the above issue in l2pop and allows the
DVR router interface ports to be successfull.
Also the _find_ipv6_router_port_by_network was returning
all the ports for DVR including the DVR CSNAT internal
ports which are not part of the router interface ports.
This patch also fixes this problem by returning false,
when it finds a DVR SNAT port.
With the addition of the deadlock retry decorator in
I635cc49ca69f589f99ab145d4d51e511b24194d2 and the change
to instantaneous deadlock feedback under the pymysql driver,
this semaphore should no longer be necessary. Removing it
will allow us to benefit from processing multiple requests
Arista ML2 Mech driver for VLANs presently does
not filter out non-vlan type networks (e.g vxlan).
This fix will simply ignore the request if a
non-vlan based network request is seen.
Whenever a VM moves from one compute node to the other, the VLAN on the old
switch interface was not removed and the VLAN was not being provisioned on the
new switch interface. With this patch, the VLANs are provisioned correctly.
This patch adds ARP spoofing protection for the Linux Bridge
agent based on ebtables. This code was written to be minimally
invasive with the intent of back-porting to Kilo.
The protection is enabled and disabled with the same
'prevent_arp_spoofing' agent config flag added for the OVS agent
The protection works by setting up an ebtables chain for each port
and jumping all ARP traffic to that chain. The port-specific chains
have a default DROP policy and then have allow rules installed that
only allow ARP traffic with a source CIDR that matches one of the
port's fixed IPs or an allowed address pair.
Get rid of COMMON_PREFIXES, as now the prefix is a service's declaritive property.
The new get_vifs_by_id function retrieves all of the VIFs
for a port iteration at once to eliminate unnecessary multiple
calls to OVSDB.
This dictionary does not belong to the plugins directory as it captures
API business, but practically speaking it does not even deserve to exist
and can be removed altogether.
This is patch one in a series that aims at addressing this monkey business.