18919 Commits

Author SHA1 Message Date
Kevin Benton
3c1a25d968 Make HA deletion attempt on RouterNotFound race
The L3 HA RPC code that creates HA interfaces can race
with an HA router deletion on the server side. The L3 HA
code ends up creating a port on the HA network while the
server side is deleting the router and the HA network.

This stops the L3 HA network from being deleted because
it has a new port without a bound segment, which leaves the
HA network in a segmentless condition and no ports after
the L3 RPC code cleans up its port.

This adjusts the L3 RPC logic to attempt an HA network cleanup
whenever it encounters the concurrent router deletion case
to ensure that the HA network gets cleaned up.

To make this more robust in the future, we may need the L3
HA code to recognize when an HA network has no segments and
automatically create a new one.

Change-Id: Idd301f6df92e9bc37187e8ed8ec00004e67da928
Closes-Bug: #1696537
2017-06-20 12:18:09 -04:00
Jenkins
ef1e24e05d Merge "tempest: Make _create_router_with_client obey enable_snat=False" 2017-06-20 16:18:01 +00:00
Jenkins
9f3a4c9de2 Merge "Clean up test cases in test_iptables_firewall.py" 2017-06-20 14:52:41 +00:00
Jakub Libosvar
ce8a0b2b7d dvr: Move normal/output br-int flows to table TRANSIENT
DVR flows are not compatible with OVS firewall flows as firewall flows
have higher priority. As a consequence, rules for DVR were never match
as firewall uses output directly.

This patch replaces flows using normal or output actions and resends
packets to TRANSIENT table instead. This transient table then uses
either those normal or output action rules. With this split, we will be
able to match egress/ingress flows in TRANSIENT table instead of
LOCAL_SWITCHING putting DVR pipeline in front of OVS firewall pipeline.

Change-Id: I9f738047f131b42d11a90f539435006d16ea7883
Closes-bug: #1696983
2017-06-20 14:23:49 +00:00
lioplhp
5d9bc554a8 Fix html_last_updated_fmt for Python3.
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.

Change-Id: I82de8ad2a254843434e960f8b093ac8bba2ba89b
2017-06-20 21:45:31 +08:00
Jenkins
92f9c21d03 Merge "Fix linuxbridge ebtables locking" 2017-06-20 12:23:35 +00:00
OpenStack Proposal Bot
8856a761a2 Updated from global requirements
Change-Id: I218dbc85d829e96fb94cf840c910980c764ed454
2017-06-20 11:47:04 +00:00
Kevin Benton
88fea4efdd Add support for list querying in resource cache
This adjusts get_resources filters to take a tuple of values
instead of a single value. This gets translated into an OR query
on the server side.

This is used in the dependent patch to query for all ports in a
set of security groups.

Change-Id: I10ce263d3eb89cfec3bae4f66d3ef59365a18e15
Partially-Implements: blueprint push-notifications
2017-06-20 01:34:40 -07:00
Kevin Benton
43eb75fd1d Add revises_on_change to Binding DB models
All of the ML2 binding models were missing the revises_on_change
attribute to bump the revision of the port whenever they are
created/updated/deleted.

These are important because port binding happens in a separate
transaction so without them the revision number before and after
port binding was exactly the same. This opened up the L2 agent
to a race condition dependent on the order of processed push
notifications.

Closes-Bug: #1699034
Change-Id: I75f3c63941130ce845574e60214ac34e99111693
2017-06-20 01:34:17 -07:00
Kevin Benton
0f536d5a25 Use objects instead of SQLA deep copies in PortContext
The workaround of using deepcopy calls on the PortBinding
and PortBindingLevel objects prevents the port relationship
from being loaded to bump its revision because it then fails
to merge.

So in order to allow port bindings to bump the revision we
need to stop using sqlalchemy objects in the PortContext. This
patch adds a new snapshot object that just copies the column
values and provides a method to reconcile them back into the
session.

This workaround can go away after we switch to using OVOs, but
this needs to be backportable so we can't just wait for OVO
adoption.

Partial-Bug: #1699034
Change-Id: Ib85ec8182117fa3c4844dabfffe881e38e68b556
2017-06-20 01:34:10 -07:00
Kevin Benton
1db5ace55e OVO: Allow port queries based on security_group_ids
This is needed to retrieve all ports in a given set of
security groups.

Partially-Implements: blueprint push-notifications
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Change-Id: Iffa1bd341d9d20277ec153aa1dac6f61f05ec5bd
2017-06-20 08:33:22 +00:00
Jenkins
8c8ae29082 Merge "DHCP Agent: Separate local from non-local subnets" 2017-06-20 06:52:27 +00:00
Jenkins
97b97739fe Merge "DHCP RPC: Separate local from non-local subnets" 2017-06-20 06:37:12 +00:00
Cao Xuan Hoang
ee20757720 Clean up test cases in test_iptables_firewall.py
The protocol arg is called but never used.

Change-Id: Idff3ff67ed21c9bf36b0b01b098ad4411e12fdd7
2017-06-20 11:53:07 +07:00
YAMAMOTO Takashi
bd998d111e tempest: Make _create_router_with_client obey enable_snat=False
Found while working on I4452d61ee6e9d21add3d37ec39301efcbd3bd66d

Closes-Bug: #1699006
Change-Id: Ideb3e57b068dce150e333fde66f7ad488c2b515d
2017-06-20 12:50:27 +09:00
YAMAMOTO Takashi
05293965f1 Fix SG callbacks notification
Fix a regression from the recent change. [1]

[1] I6f49f25eb2ad16221357024f45a6bb6175d5cd55

Closes-Bug: #1698812
Change-Id: Ifef2561ef4ff2a44068fc008475b216fdabe7095
2017-06-20 11:39:52 +09:00
Jenkins
c4fd0317a3 Merge "Linuxbridge agent: detect existing IP on bridge" 2017-06-19 21:54:56 +00:00
Jenkins
6af12de193 Merge "Store segmentation_id during segment create" 2017-06-19 21:53:32 +00:00
Jenkins
e54b2e4a3e Merge "Stop binding attempts when network has no segments" 2017-06-19 21:42:57 +00:00
Miguel Lavalle
802cf11942 Fix race between create subnet and port requests
When creating an IPv6 auto-address subnet for a network, ports can be
created or updated concurrently in the same network, before the subnet
creation concludes. In such a situation, an IpAddressAlreadyAllocated
exception may be raised, because the subnet create request attempts to
allocate auto addresses to the concurrently created or updated ports,
which have been already allocated by the port requests.

This patchset adds code to the IPAM to skip the attempt to assign the
auto address to ports if they already have received them.

Change-Id: If1eb4046865f43b15ba97c52e2d0b9343dc72c19
Closes-Bug: #1655567
2017-06-19 14:03:48 -05:00
Boden R
01aab63fc3 use six.u rather than unicode for py3 compat
In Python 3 str is unicode by default and hence there is no unicode
global function. This switches our use of it to to six.u() which handles
the py2/py3 difference under the covers.

Change-Id: I3cfff2fe8e07e2a9ed8b89c93d24351b1f440b00
2017-06-19 11:24:18 -06:00
Harald Jensas
d2b82168cd DHCP Agent: Separate local from non-local subnets
In order to allow the DHCP agent to service other subnets on the
network in other segments via DHCP relay, we need to use the
'non_local_subnets' network attribute returned by rpc to set up dhcp
for off-link subnets.

Change-Id: I88e1c574bc429dc599ad7c956c03fa0688338186
Closes-Bug: 1692486
2017-06-19 16:11:48 +00:00
Kevin Benton
4dc81f0a53 DHCP RPC: Separate local from non-local subnets
In order to allow the DHCP agent to service other subnets
on the network in other segments via DHCP relay, we need to
return all subnets regardless of segment association.

However, this behavior will break older DHCP agents that
then try to get IPs on the subnets belonging to other segments.
This patch adds a new subnet attribute, 'non_local_subnets'
that will be returned in the DHCP RPC calls, so that agents
that can deal with off-link subnets can handle them
accordingly.

Change-Id: I9cce7b8a19c1201435df0c6baac7be57c57847e6
Partial-Bug: #1692486
2017-06-19 12:06:58 -04:00
Jenkins
c9a9b5d41a Merge "Fixes import_modules_recursively for Windows" 2017-06-19 13:56:28 +00:00
Jenkins
7cb56a1628 Merge "Pass the complete info in sg/rules db into PRECOMMIT_XXX callback" 2017-06-19 08:24:09 +00:00
Miguel Lavalle
323c29fd05 Store segmentation_id during segment create
The segmentation_id of a new segment is assigned by the
_handle_segment_change callback in the ML2 plugin, which is executed
after the segment was created, before commiting it to the DB. This
patchset adds code to update the newly created segment with the
segmentation_id assigned by the callback.

Change-Id: I493278a0bf5a3a0aadad10e5bee546d83b949fdc
Closes-Bug: #1698596
2017-06-18 17:47:00 -05:00
Jenkins
ab0dba40d1 Merge "docs: Fix indent level" 2017-06-17 10:11:01 +00:00
Jenkins
baa4ac9151 Merge "docs: reorganize developer reference for new theme" 2017-06-17 10:10:45 +00:00
Jenkins
f89a2467d8 Merge "docs: switch to openstackdocstheme" 2017-06-17 10:10:30 +00:00
Jenkins
2cdb1fc1fd Merge "Add a missing _LW()" 2017-06-17 09:22:53 +00:00
Jenkins
37e9999c8f Merge "Remove unreachable code in OVS mech driver" 2017-06-17 09:17:50 +00:00
Jenkins
1f27539c04 Merge "Add "default" behaviour to QoS policies documentation" 2017-06-17 08:03:53 +00:00
Kevin Benton
781b8f4149 Stop binding attempts when network has no segments
There is no point in retrying binding if the network has no
segments to bind to. This occurs during normal operations when
a network is being quickly created/deleted and the DHCP port
gets created during the network deletion.

By skipping binding we avoid misleading error messages and
wasted CPU cycles.

Closes-Bug: #1696010
Change-Id: I0b987ab7c3f65c1d860064a1b437b92a1dc1cb81
2017-06-17 00:15:22 -07:00
Reedip
89abce3efe Pass the complete info in sg/rules db into PRECOMMIT_XXX callback
PRECOMMIT_XXX events callback need completed sg info, like the sg id
and its related rules for registered driver.

Change-Id: I6f49f25eb2ad16221357024f45a6bb6175d5cd55
Co-Authored-By: Rui Wang <starwangrui@gmail.com>
Co-Authored-By: Manjeet Singh Bhatia <manjeet.s.bhatia@intel.com>
Co-Authored-By: Yalei Wang <yalei.wang@intel.com>
Closes-bug: #1546910
2017-06-16 16:32:46 -07:00
Jenkins
607c1810db Merge "Don't log ipam driver on every IP allocation" 2017-06-16 23:04:17 +00:00
Jenkins
0cdddcd7b6 Merge "OVO: ensure decomposed plugin do not break with OVO" 2017-06-16 22:33:01 +00:00
Jenkins
da0c0be9d9 Merge "use neutron-lib's callback fixture" 2017-06-16 20:34:38 +00:00
Boden R
98b9177c3e OVO: ensure decomposed plugin do not break with OVO
Commit af52d499a53f9dddacd8c9116d1bb0570e8f579c broke decomposed
plugins.

This was for a number of reasons:
1. _make_security_group_dict should always get the object as
   as parameter. There were some cases where it received the
   database object
2. The returned port security groups needed to be a list
3. A rule create needed to fetch from the DB

In addition to this the methods resource_extend.apply_funcs
should receive the database object.

Change-Id: I740da1ea65a0af9451701e3a40fd673fa82f0f5b
2017-06-16 13:42:34 -06:00
Jenkins
5a1de1be7d Merge "replace WorkerSupportServiceMixin with neutron-lib's WorkerBase" 2017-06-16 15:36:08 +00:00
Jenkins
243c742f4e Merge "Split allowed ICMPv6 types into two constants" 2017-06-16 06:14:01 +00:00
Jenkins
8829d90204 Merge "python3: Do not pass MagicMock as ConfigOpts" 2017-06-16 05:29:14 +00:00
Jenkins
e17e58ee5a Merge "Updated from global requirements" 2017-06-16 05:13:25 +00:00
Jenkins
211fb55fab Merge "net_helpers: Set process streams to text mode" 2017-06-16 04:33:10 +00:00
Jenkins
40d2df0094 Merge "Removed Mitaka times compatibility code from RPC callbacks" 2017-06-16 04:14:15 +00:00
wlfightup
ba5e846859 Linuxbridge agent: detect existing IP on bridge
If bridge IP address already exists, when we try and add
it an error will be raised.  Check for the existence of
the IP to avoid the error.

Closes-Bug: #1697926
Change-Id: I9aae3b4f0fab053e8c215887f58b983d9549582d
2017-06-15 22:01:51 -04:00
Jenkins
934641e59e Merge "Lazy load of resources in resource cache" 2017-06-16 00:15:54 +00:00
Jenkins
6509f92e4f Merge "functional: Add support for python35 flavor" 2017-06-15 23:33:35 +00:00
Jenkins
fa5babc9a5 Merge "python3: use a list of IPDevice objects in tests" 2017-06-15 23:33:15 +00:00
Akihiro Motoki
eee9d2ca80 docs: Fix indent level
Leading spaces before item lists leads to vertical line
on the left side. They are completely unnecessary.

Change-Id: I08c3f077e470aa593076a525de1445bc5d0bdb9a
2017-06-16 08:21:56 +09:00
Akihiro Motoki
a23cd43abe docs: reorganize developer reference for new theme
openstackdocstheme generates the toc tree in the left sidebar
based on the page hierarchy from the top page.
The previous developer guide hirarchy is a bit deep, and
this commit reorganizes the devref pages for better navigation
with openstackdocstheme.

Change-Id: I1412b047efc1c268b34ef97e78073da7bcbb6d7e
2017-06-16 08:21:56 +09:00