During cloud-init there are several calls that asks neutron API for the
same data which will not be most likely changed. Specifically router's
networks are cached.
(cherry picked from commit 3faea81c60)
If one runs the lbaas agent from packages and does not have the l3-agent
installed on the same box as the lbaas agent it will fail to add the
default gw route. This is because it's missing the rootwrap filter for
route which is only present in l3.filters.
(cherry picked from commit c9a0eaacaa)
The default nova_url for neutron is missing an API
version number. This can cause requests to fail
because the Nova /versions API cannot respond
to Neutron notification requests.
It seems reasonable for the default value to
at least have a chance at being correct so
this patch upgrades the default Nova API url to
use the Nova 'v2' API.
(cherry picked from commit c09a14089a)
The section name [security_group] in Sample config files of
ML2 and Big Switch plugins was wrong and it should be
(cherry picked from commit ec24d2cb3a)
Replace HTTPSConnection in NEC plugin PFC driver with Requests.
SSL Verification is from now on enabled by default.
This changes the default behaviour and is the primary intention of this
change: verify SSL certificates.
This might break existing configuration/setups where the SSL certificate
used by the NEC PFC driver would not pass the verification.
(cherry picked from commit 264b4a2523)
Using noop driver to disable security group is confusing.
In this commit, we introduce enable_security_group in server side.
Implements bp: security-group-config-cleanup
A backend OpenFlow controller nec plugin talks to can return
503 response with retry-after header when it is busy.
It is better to honor retry-after header to avoid unnecessary
user-visible errors due to temporary busy condition.
Add temporary solution in order to support multiple physical networks
by mlnx ML2 MechanismDriver.
Due to non merged patches in nova that should support propagating
physical_network retrieved from port binding:profile attribute
to VIF/Network object.
The code will be removed once relevant nova patches are merged.
The code is disabled by default and should be enabled via
ml2_conf_mlnx.ini config file.
Multiple plugins under metaplugin become 'q-plugin' topic
consumers and a request from an agent is handled by one of
them randomly. Fortunatly most of RPC callbacks are common
for plugins but a problem occurs if an RPC is not supported
by the received plugin.
This is one of risks when using metaplugin. Fundamental fix
of this problem (such as RPC delegation handling of metaplugin)
is difficult since each plugin needs to modify.
But when only one plugin has plugin specific RPCs and other
RPCs are independet of plugins, if the plugin can be selected
for RPC handling, the problem does not happen. Typical use
case of metaplugin such as combination of an agent-based
plugin and a controller-based plugin often applies to this
This patch adds 'rpc_flavor' configuration parameter to
select an RPC handling plugin. If 'rpc_flavor' is specified,
only the specified plugin becomes 'q-plugin' topic consumer.
If 'rpc_flavor' is not specified, the behavior is same as
report_interval is how often an agent sends out a heartbeat to the
service. The Neutron service responds to these 'report_state' RPC
messages by updating the agent's heartbeat DB record.
The last heartbeat is then compared to the configured
agent_down_time to determine if the agent is up or down.
The agent's status is used when scheduling networks on DHCP
and L3 agents.
In the spirit of sane defaults suited for production, these values
should be bumped to reduce the load on the Neutron service
dramatically, freeing up CPU time to perform intensive operations.
This patch notifies nova whenever a floatingip or fixed_ip is updated.
Implements blueprint: nova-event-callback
DocImpact - This notifications are off by default.
The following patch adds a callback from neutron to nova that notifies nova
when a port for an instance is *ready to be used*. After nova receives this
event it will then start the instance in a hope that when it comes up
its networking should be in working order.
NOTE: *ready to be used* currently means that a plugin changes the status
in the db associated with a port from:
NO_VALUE/PORT_STATUS_DOWN/PORT_STATUS_ACTIVE to ACTIVE/ERROR.
Neutron will then signal nova: network_vif_plugged:<status> where status
will either be 'completed' or 'failed' given the neutron port status.
Neutron also notifies nova when a port goes from status:
PORT_STATUS_ACTIVE to PORT_STATUS_DOWN and sends nova a network_vif_unplugged
Currently this patch breaks multiregion support (i.e previously you could
back multiple nova regions by one neutron server) though now since neutron
needs to notify nova we'll need to add a way to determine which region a
given port is in.
For now the work around for this would be to set: notify_nova_port_active=False
in neutron to prevent neutron from sending the notification and setting:
vif_plugging_is_fatal=False in nova.conf. Doing this will keep the current
interaction where an instance will be booted without waiting for the network
to be ready.
implements blueprint: nova-event-callback
Implements blueprint embrane-lbaas-driver
This commit implements Embrane's driver for LBaaS,
which uses Embrane's heleos(tm) appliances to provide Load Balancing.
This is the device driver for the vendor specific VPNaaS plugin. This
change relies on the service driver code (review 74144), which is also
out for review.
Note: Support for sharing of IKE/IPSec policies (which is currently
prevented by the service driver code), will be done as a later
Note: Needs Tempest tests updated/created to test this.
Note: To run, this needs an out-of-band Cisco CSR installed and
Note: This uses a newer version of requests library and a new httmock
library. Until these are approved (75296), the UT will be
renamed to prevent testing the REST client API to the CSR.
Paritally-Implements: blueprint vpnaas-cisco-driver
The replication mode on switches and routers should have been configurable
to use source replication if one did not want to deploy service node(s).
This patch fixes that by making this option configurable.
One Convergence Neutron Plugin implements Neutron API to provide a network
virtualization solution. The plugin works with One Convergence NVSD controller
to provide the functionality. This checkin implements the Neutron core APIs
and the plugin will be extended to support the L3 and service plugin extension
Implements: blueprint oc-nvsd-neutron-plugin
This patch adds the option to use SSL certificate
validation on the backend controller using SSH-style
sticky authentication, individual trusted
certificates, and/or certificate authorities.
Also adds caching of connections to deal with
increased overhead of TLS/SSL handshake.
Default is now sticky-style enforcement.
Implements: blueprint bsn-certificate-enforcement
If the controller supports it, pass a hash to the
controller indicating the expected state that a
REST transaction is updating. If the state is
inconsistent, the controller will return an error
indicating a conflict and the plugin/driver will
trigger a full synchronization.
For controllers that don't support the consistency
hash, trigger a full background synchronization
if the plugin tries to create a port and receives
a 404 error due to the parent network not existing.
Implements: blueprint bsn-auto-resync
This has the service driver part of the vendor specific VPNaaS plugin.
This version DOES NOT rely on the Service Type Framework code, which is
presently under review (client 53602, server 41827) and on hold due to
discussion over flavors. As a result, this changeset has modifications
so that the service driver is not hard-coded in the VPN plugin.
The device driver will be under a separate review and has the REST
client that talks to the Cisco CSR (running out-of-band).
Note: See review 74156 for more details on device driver portion of
Partially-implements: blueprint vpnaas-cisco-driver
This commit adds support for OpenDaylight as an ML2 MechanismDriver. The
ODL MechanismDriver does not need an agent since ODL itself handles
programming bridges, tunnels, and ports on the host.
Implements bp ml2-opendaylight-mechanism-driver
This patch bumps the state_sync_interval from 120 seconds to 10 seconds
so that resource's operation status are synced to the db quicker. This cuts
the amount of time that tempest takes to run by half.
Co-Authored-By: Salvatore Orlando <email@example.com>
This commit adds support for currently provided Mellanox Plugin
embedded switch functionality as part of the VPI (Ethernet/InfiniBand)
HCA as an ML2 MechanismDriver.
MechanismDriver adds support for VNIC_DIRECT and VNIC_MACVTAP vnic types.
MechanismDriver provides configurable default vif_type for neutron port created
with default VNIC_NORMAL vnic type till nova api support for vnic_type is available.
Implements blueprint mlnx-ml2-support
This adds ML2 mechanism driver controlling OpenFlow switches
and an agent using Ryu as OpenFlow Python library.
- An agent acts as an OpenFlow controller on each compute nodes.
- OpenFlow 1.3 (vendor agnostic unlike OVS extensions).
Implements: blueprint ryu-ml2-driver
Makes rest calls for port creation an async
operation so create_port calls immediately
return in a BUILD state.
Implements: blueprint bsn-port-async
Adds a BigSwitch Agent responsible for supporting
neutron security groups on the compute node. Adds
the mixin classes to the plugin to support the
security group calls.
Implements: blueprint bsn-neutron-sec-groups
It adds a new plugin for SDN-VE, the IBM SDN
controller. The plugin supports the core API
and the port binding and L3 extensions.
Implements: blueprint ibm-sdn-ve-plugin