During cloud-init there are several calls that asks neutron API for the
same data which will not be most likely changed. Specifically router's
networks are cached.
Closes-bug: #1276440
Conflicts:
neutron/tests/unit/test_metadata_agent.py
Change-Id: Ic5eedb8057c7f4934eed08869ebf55c91e6edfc9
(cherry picked from commit 3faea81c60)
If one runs the lbaas agent from packages and does not have the l3-agent
installed on the same box as the lbaas agent it will fail to add the
default gw route. This is because it's missing the rootwrap filter for
route which is only present in l3.filters.
Conflicts:
etc/neutron/rootwrap.d/lbaas-haproxy.filters
Change-Id: I59cd0a549a1f1d1564d139d42daf55d02898bf76
Closes-bug: 1325406
(cherry picked from commit c9a0eaacaa)
The default nova_url for neutron is missing an API
version number. This can cause requests to fail
because the Nova /versions API cannot respond
to Neutron notification requests.
It seems reasonable for the default value to
at least have a chance at being correct so
this patch upgrades the default Nova API url to
use the Nova 'v2' API.
Related-bug: #1298640
Change-Id: Ib1449de84fbc01fb704ebfe4a016ac8f4932be96
(cherry picked from commit c09a14089a)
The section name [security_group] in Sample config files of
ML2 and Big Switch plugins was wrong and it should be
[securitygroup].
Change-Id: I8204b2f37f96a5e46038e117853ac8637a9705fd
Closes-Bug: #1304105
(cherry picked from commit ec24d2cb3a)
Replace HTTPSConnection in NEC plugin PFC driver with Requests.
SSL Verification is from now on enabled by default.
This changes the default behaviour and is the primary intention of this
change: verify SSL certificates.
This might break existing configuration/setups where the SSL certificate
used by the NEC PFC driver would not pass the verification.
SecurityImpact
DocImpact
Partial-Bug: 1188189
Change-Id: I1e5fdc9c2ed5b812aa6509d1639bd499acc5c337
(cherry picked from commit 264b4a2523)
Using noop driver to disable security group is confusing.
In this commit, we introduce enable_security_group in server side.
DocImpact
UpgradeImpact
Implements bp: security-group-config-cleanup
Related-Bug: 1112912
Change-Id: Ice44a4e2a519c64e613eeb24372de46726473339
A backend OpenFlow controller nec plugin talks to can return
503 response with retry-after header when it is busy.
It is better to honor retry-after header to avoid unnecessary
user-visible errors due to temporary busy condition.
Change-Id: I2ff1c3ac8402a2207bd955e9a9bb61e147950c5c
Closes-Bug: #1294527
Add temporary solution in order to support multiple physical networks
by mlnx ML2 MechanismDriver.
Due to non merged patches in nova that should support propagating
physical_network retrieved from port binding:profile attribute
to VIF/Network object.
The code will be removed once relevant nova patches are merged.
The code is disabled by default and should be enabled via
ml2_conf_mlnx.ini config file.
Change-Id: I815f9e28774efd47bccd1c57481e6ba89075792b
Closes-bug: #1291209
Multiple plugins under metaplugin become 'q-plugin' topic
consumers and a request from an agent is handled by one of
them randomly. Fortunatly most of RPC callbacks are common
for plugins but a problem occurs if an RPC is not supported
by the received plugin.
This is one of risks when using metaplugin. Fundamental fix
of this problem (such as RPC delegation handling of metaplugin)
is difficult since each plugin needs to modify.
But when only one plugin has plugin specific RPCs and other
RPCs are independet of plugins, if the plugin can be selected
for RPC handling, the problem does not happen. Typical use
case of metaplugin such as combination of an agent-based
plugin and a controller-based plugin often applies to this
condition.
This patch adds 'rpc_flavor' configuration parameter to
select an RPC handling plugin. If 'rpc_flavor' is specified,
only the specified plugin becomes 'q-plugin' topic consumer.
If 'rpc_flavor' is not specified, the behavior is same as
previous one.
Change-Id: If133b054bba53829cebe63c1e0ebe6099eb1fd95
Closes-bug: #1267330
DocImpact
report_interval is how often an agent sends out a heartbeat to the
service. The Neutron service responds to these 'report_state' RPC
messages by updating the agent's heartbeat DB record.
The last heartbeat is then compared to the configured
agent_down_time to determine if the agent is up or down.
The agent's status is used when scheduling networks on DHCP
and L3 agents.
In the spirit of sane defaults suited for production, these values
should be bumped to reduce the load on the Neutron service
dramatically, freeing up CPU time to perform intensive operations.
DocImpact
Closes-Bug: #1293083
Change-Id: I77bcf8f66f74ba55513c989caead1f96c92b9832
This patch notifies nova whenever a floatingip or fixed_ip is updated.
Implements blueprint: nova-event-callback
DocImpact - This notifications are off by default.
Change-Id: Ifbe9d856e80e512d5595fd72ea2d7c047ce0de9d
The following patch adds a callback from neutron to nova that notifies nova
when a port for an instance is *ready to be used*. After nova receives this
event it will then start the instance in a hope that when it comes up
its networking should be in working order.
NOTE: *ready to be used* currently means that a plugin changes the status
in the db associated with a port from:
NO_VALUE/PORT_STATUS_DOWN/PORT_STATUS_ACTIVE to ACTIVE/ERROR.
Neutron will then signal nova: network_vif_plugged:<status> where status
will either be 'completed' or 'failed' given the neutron port status.
Neutron also notifies nova when a port goes from status:
PORT_STATUS_ACTIVE to PORT_STATUS_DOWN and sends nova a network_vif_unplugged
event.
Currently this patch breaks multiregion support (i.e previously you could
back multiple nova regions by one neutron server) though now since neutron
needs to notify nova we'll need to add a way to determine which region a
given port is in.
For now the work around for this would be to set: notify_nova_port_active=False
in neutron to prevent neutron from sending the notification and setting:
vif_plugging_is_fatal=False in nova.conf. Doing this will keep the current
interaction where an instance will be booted without waiting for the network
to be ready.
DocImpact
implements blueprint: nova-event-callback
Change-Id: I4177124485b986706fcf8e73b928024b5d82b822
Implements blueprint embrane-lbaas-driver
This commit implements Embrane's driver for LBaaS,
which uses Embrane's heleos(tm) appliances to provide Load Balancing.
Change-Id: Ia76fbc8881d178cfe6df11a2cfe8e77d3f36094f
This is the device driver for the vendor specific VPNaaS plugin. This
change relies on the service driver code (review 74144), which is also
out for review.
Note: Support for sharing of IKE/IPSec policies (which is currently
prevented by the service driver code), will be done as a later
enhancement.
Note: Needs Tempest tests updated/created to test this.
Note: To run, this needs an out-of-band Cisco CSR installed and
configured.
Note: This uses a newer version of requests library and a new httmock
library. Until these are approved (75296), the UT will be
renamed to prevent testing the REST client API to the CSR.
Change-Id: I4f73f7fa1bfcdc89a35ffe63dd253f8eede98485
Paritally-Implements: blueprint vpnaas-cisco-driver
The replication mode on switches and routers should have been configurable
to use source replication if one did not want to deploy service node(s).
This patch fixes that by making this option configurable.
Change-Id: Id9e8043c602b5e9349c10247eab993e59db5a52c
Closes-bug: #1285383
Adding support for l3 extensions and security-groups.
Change-Id: I7007dba1cc8f73496a2a40099581d07ae697520a
Implements: blueprint oc-nvsd-neutron-plugin
One Convergence Neutron Plugin implements Neutron API to provide a network
virtualization solution. The plugin works with One Convergence NVSD controller
to provide the functionality. This checkin implements the Neutron core APIs
and the plugin will be extended to support the L3 and service plugin extension
APIs.
Change-Id: Ic8a0dc0f5950d41b9b253c0d61b6812dbfd161c7
Implements: blueprint oc-nvsd-neutron-plugin
This patch adds the option to use SSL certificate
validation on the backend controller using SSH-style
sticky authentication, individual trusted
certificates, and/or certificate authorities.
Also adds caching of connections to deal with
increased overhead of TLS/SSL handshake.
Default is now sticky-style enforcement.
Partial-Bug: 1188189
Implements: blueprint bsn-certificate-enforcement
Change-Id: If0bab196495c4944a53e0e394c956cca36269883
If the controller supports it, pass a hash to the
controller indicating the expected state that a
REST transaction is updating. If the state is
inconsistent, the controller will return an error
indicating a conflict and the plugin/driver will
trigger a full synchronization.
For controllers that don't support the consistency
hash, trigger a full background synchronization
if the plugin tries to create a port and receives
a 404 error due to the parent network not existing.
Implements: blueprint bsn-auto-resync
Change-Id: I07c92b011453f6bf81b8ee12661170817287cdd7
This has the service driver part of the vendor specific VPNaaS plugin.
This version DOES NOT rely on the Service Type Framework code, which is
presently under review (client 53602, server 41827) and on hold due to
discussion over flavors. As a result, this changeset has modifications
so that the service driver is not hard-coded in the VPN plugin.
The device driver will be under a separate review and has the REST
client that talks to the Cisco CSR (running out-of-band).
Note: See review 74156 for more details on device driver portion of
this blueprint.
Change-Id: I39b1475c992b594256f5a28be0caa1ee9398050e
Partially-implements: blueprint vpnaas-cisco-driver
This commit adds support for OpenDaylight as an ML2 MechanismDriver. The
ODL MechanismDriver does not need an agent since ODL itself handles
programming bridges, tunnels, and ports on the host.
Implements bp ml2-opendaylight-mechanism-driver
Change-Id: Ic1612cd3e8efd39e74a7ed8cff28e91b1f388971
This patch bumps the state_sync_interval from 120 seconds to 10 seconds
so that resource's operation status are synced to the db quicker. This cuts
the amount of time that tempest takes to run by half.
Closes-bug: 1285338
Co-Authored-By: Salvatore Orlando <salv.orlando@gmail.com>
Change-Id: I494a6f95c2321befc3c0bfedc719e18a1826d9d5
This commit adds support for currently provided Mellanox Plugin
embedded switch functionality as part of the VPI (Ethernet/InfiniBand)
HCA as an ML2 MechanismDriver.
MechanismDriver adds support for VNIC_DIRECT and VNIC_MACVTAP vnic types.
MechanismDriver provides configurable default vif_type for neutron port created
with default VNIC_NORMAL vnic type till nova api support for vnic_type is available.
Implements blueprint mlnx-ml2-support
Change-Id: I16ad318f095b7af879e1b99dcc7f5f9e92facd2b
This adds ML2 mechanism driver controlling OpenFlow switches
and an agent using Ryu as OpenFlow Python library.
- An agent acts as an OpenFlow controller on each compute nodes.
- OpenFlow 1.3 (vendor agnostic unlike OVS extensions).
Implements: blueprint ryu-ml2-driver
Change-Id: I6a8168d24f911996639179d91c4da49151751057
Makes rest calls for port creation an async
operation so create_port calls immediately
return in a BUILD state.
Implements: blueprint bsn-port-async
Change-Id: Ib512a846fa878ec33205df08a3b2464b7ea0941a
Adds a BigSwitch Agent responsible for supporting
neutron security groups on the compute node. Adds
the mixin classes to the plugin to support the
security group calls.
Implements: blueprint bsn-neutron-sec-groups
Change-Id: I3a09888a3ba7d565c2dce8293821919c1e5d0d15
It adds a new plugin for SDN-VE, the IBM SDN
controller. The plugin supports the core API
and the port binding and L3 extensions.
Implements: blueprint ibm-sdn-ve-plugin
DocImpact
Change-Id: I92619a95bca2ae0c37e7fdd39da30119b43d1ad6
Jenkins