Commit Graph

125 Commits (d568fee34be36ca17a9124fe6539f62d702d6359)

Author SHA1 Message Date
Aaron Rosen 066760ea76 LBaaS add missing rootwrap filter for route
If one runs the lbaas agent from packages and does not have the l3-agent
installed on the same box as the lbaas agent it will fail to add the
default gw route. This is because it's missing the rootwrap filter for
route which is only present in l3.filters.


Change-Id: I59cd0a549a1f1d1564d139d42daf55d02898bf76
Closes-bug: 1325406
(cherry picked from commit c9a0eaacaa)
9 years ago
Akihiro Motoki 82eff37629 Fix wrong section name "security_group" in sample config files
The section name [security_group] in Sample config files of
ML2 and Big Switch plugins was wrong and it should be

Change-Id: I8204b2f37f96a5e46038e117853ac8637a9705fd
Closes-Bug: #1304105
(cherry picked from commit ec24d2cb3a)
9 years ago
Daniel Gollub 8fd5124098 Replace HTTPSConnection in NEC plugin
Replace HTTPSConnection in NEC plugin PFC driver with Requests.

SSL Verification is from now on enabled by default.

This changes the default behaviour and is the primary intention of this
change: verify SSL certificates.

This might break existing configuration/setups where the SSL certificate
used by the NEC PFC driver would not pass the verification.

Partial-Bug: 1188189

Change-Id: I1e5fdc9c2ed5b812aa6509d1639bd499acc5c337
(cherry picked from commit 264b4a2523)
9 years ago
Akihiro Motoki 6537c3a5c6 Add enable_security_group to BigSwitch and OneConvergence ini files
It is a follow up patch for

Change-Id: I38463b3879ab2d7469a85ef00426b2b602fa825a
Closes-Bug: #1296000
9 years ago
Jenkins e892f85d06 Merge "Add enable_security_group option" 9 years ago
Akihiro Motoki 3d2f3cbde7 NEC plugin: Allow to add prefix to OFC REST URL
Closes-Bug: #1295802
Change-Id: Ieaa3bb7c601fad98506168de1f8ac191849c6569
9 years ago
Jenkins 55b464909b Merge "NSX: Make replication mode configurable" 9 years ago
Jenkins 80d0eebe67 Merge "Enable to select an RPC handling plugin under Metaplugin" 9 years ago
Jenkins db465db5f4 Merge "Add update binding:profile with physical_network" 9 years ago
Nachi Ueno f87e7d964c Add enable_security_group option
Using noop driver to disable security group is confusing.
In this commit, we introduce enable_security_group in server side.


Implements bp: security-group-config-cleanup
Related-Bug: 1112912
Change-Id: Ice44a4e2a519c64e613eeb24372de46726473339
9 years ago
Akihiro Motoki a79aa79b2a NEC plugin: Honor Retry-After response from OFC
A backend OpenFlow controller nec plugin talks to can return
503 response with retry-after header when it is busy.
It is better to honor retry-after header to avoid unnecessary
user-visible errors due to temporary busy condition.

Change-Id: I2ff1c3ac8402a2207bd955e9a9bb61e147950c5c
Closes-Bug: #1294527
9 years ago
Irena Berezovsky 218d51e087 Add update binding:profile with physical_network
Add temporary solution in order to support multiple physical networks
by mlnx ML2 MechanismDriver.
Due to non merged patches in nova that should support propagating
physical_network retrieved from port binding:profile attribute
to VIF/Network object.
The code will be removed once relevant nova patches are merged.
The code is disabled by default and should be enabled via
ml2_conf_mlnx.ini config file.

Change-Id: I815f9e28774efd47bccd1c57481e6ba89075792b
Closes-bug: #1291209
9 years ago
Itsuro Oda b98704e80b Enable to select an RPC handling plugin under Metaplugin
Multiple plugins under metaplugin become 'q-plugin' topic
consumers and a request from an agent is handled by one of
them randomly. Fortunatly most of RPC callbacks are common
for plugins but a problem occurs if an RPC is not supported
by the received plugin.

This is one of risks when using metaplugin. Fundamental fix
of this problem (such as RPC delegation handling of metaplugin)
is difficult since each plugin needs to modify.
But when only one plugin has plugin specific RPCs and other
RPCs are independet of plugins, if the plugin can be selected
for RPC handling, the problem does not happen. Typical use
case of metaplugin such as combination of an agent-based
plugin and a controller-based plugin often applies to this

This patch adds 'rpc_flavor' configuration parameter to
select an RPC handling plugin. If 'rpc_flavor' is specified,
only the specified plugin becomes 'q-plugin' topic consumer.
If 'rpc_flavor' is not specified, the behavior is same as
previous one.

Change-Id: If133b054bba53829cebe63c1e0ebe6099eb1fd95
Closes-bug: #1267330
9 years ago
Paul Michali ac4e5f446c VPNaaS Device Driver for Cisco CSR
This is the device driver for the vendor specific VPNaaS plugin. This
change relies on the service driver code (review 74144), which is also
out for review.

Note: Support for sharing of IKE/IPSec policies (which is currently
      prevented by the service driver code), will be done as a later
Note: Needs Tempest tests updated/created to test this.
Note: To run, this needs an out-of-band Cisco CSR installed and
Note: This uses a newer version of requests library and a new httmock
      library. Until these are approved (75296), the UT will be
      renamed to prevent testing the REST client API to the CSR.

Change-Id: I4f73f7fa1bfcdc89a35ffe63dd253f8eede98485
Paritally-Implements: blueprint vpnaas-cisco-driver
9 years ago
Aaron Rosen 42c882b9e9 NSX: Make replication mode configurable
The replication mode on switches and routers should have been configurable
to use source replication if one did not want to deploy service node(s).
This patch fixes that by making this option configurable.

Change-Id: Id9e8043c602b5e9349c10247eab993e59db5a52c
Closes-bug: #1285383
9 years ago
Hemanth Ravi 6bcd940253 One Convergence Neutron Plugin l3 ext support
Adding support for l3 extensions and security-groups.

Change-Id: I7007dba1cc8f73496a2a40099581d07ae697520a
Implements: blueprint oc-nvsd-neutron-plugin
9 years ago
Jenkins 005fec677c Merge "One Convergence Neutron Plugin Implementation" 9 years ago
Jenkins 576e3057e0 Merge "Add OpenDaylight ML2 MechanismDriver" 9 years ago
Hemanth Ravi 683323f359 One Convergence Neutron Plugin Implementation
One Convergence Neutron Plugin implements Neutron API to provide a network
virtualization solution. The plugin works with One Convergence NVSD controller
to provide the functionality. This checkin implements the Neutron core APIs
and the plugin will be extended to support the L3 and service plugin extension

Change-Id: Ic8a0dc0f5950d41b9b253c0d61b6812dbfd161c7
Implements: blueprint oc-nvsd-neutron-plugin
9 years ago
Kevin Benton 7255e05609 BigSwitch: Add SSL Certificate Validation
This patch adds the option to use SSL certificate
validation on the backend controller using SSH-style
sticky authentication, individual trusted
certificates, and/or certificate authorities.
Also adds caching of connections to deal with
increased overhead of TLS/SSL handshake.

Default is now sticky-style enforcement.

Partial-Bug: 1188189
Implements: blueprint bsn-certificate-enforcement
Change-Id: If0bab196495c4944a53e0e394c956cca36269883
9 years ago
Kevin Benton eb7de12def BigSwitch: Auto re-sync on backend inconsistencies
If the controller supports it, pass a hash to the
controller indicating the expected state that a
REST transaction is updating. If the state is
inconsistent, the controller will return an error
indicating a conflict and the plugin/driver will
trigger a full synchronization.

For controllers that don't support the consistency
hash, trigger a full background synchronization
if the plugin tries to create a port and receives
a 404 error due to the parent network not existing.

Implements: blueprint bsn-auto-resync
Change-Id: I07c92b011453f6bf81b8ee12661170817287cdd7
9 years ago
Jenkins b3dff4692e Merge "Implementaion of Mechanism driver for Brocade VDX cluster of switches" 9 years ago
Jenkins 0f3658d9af Merge "NSX: make sync backend run more often" 9 years ago
Kyle Mestery 791256cb67 Add OpenDaylight ML2 MechanismDriver
This commit adds support for OpenDaylight as an ML2 MechanismDriver. The
ODL MechanismDriver does not need an agent since ODL itself handles
programming bridges, tunnels, and ports on the host.

Implements bp ml2-opendaylight-mechanism-driver

Change-Id: Ic1612cd3e8efd39e74a7ed8cff28e91b1f388971
9 years ago
Shiv Haris 0b5a2fac5d Implementaion of Mechanism driver for
Brocade VDX cluster of switches

Change-Id: Ic1649f7cee73a41f286e12d8ba6ca30be6261cfe
Implements: blueprint brocade-ml2-mechanism-driver
9 years ago
Aaron Rosen eef7efb5c8 NSX: make sync backend run more often
This patch bumps the state_sync_interval from 120 seconds to 10 seconds
so that resource's operation status are synced to the db quicker. This cuts
the amount of time that tempest takes to run by half.

Closes-bug: 1285338
Co-Authored-By: Salvatore Orlando <>
Change-Id: I494a6f95c2321befc3c0bfedc719e18a1826d9d5
9 years ago
Irena Berezovsky 029057a870 Implement Mellanox ML2 MechanismDriver
This commit adds support for currently provided Mellanox Plugin
embedded switch functionality as part of the VPI (Ethernet/InfiniBand)
HCA as an ML2 MechanismDriver.
MechanismDriver adds support for VNIC_DIRECT and VNIC_MACVTAP vnic types.
MechanismDriver provides configurable default vif_type for neutron port created
with default VNIC_NORMAL vnic type till nova api support for vnic_type is available.

Implements blueprint mlnx-ml2-support

Change-Id: I16ad318f095b7af879e1b99dcc7f5f9e92facd2b
9 years ago
Jenkins f7ba97d057 Merge "Implement OpenFlow Agent mechanism driver" 9 years ago
Jenkins 45491a6364 Merge "Change tenant network type usage for IB Fabric" 9 years ago
fumihiko kakuma f8e49358da Implement OpenFlow Agent mechanism driver
This adds ML2 mechanism driver controlling OpenFlow switches
and an agent using Ryu as OpenFlow Python library.
- An agent acts as an OpenFlow controller on each compute nodes.
- OpenFlow 1.3 (vendor agnostic unlike OVS extensions).

Implements: blueprint ryu-ml2-driver
Change-Id: I6a8168d24f911996639179d91c4da49151751057
9 years ago
Kevin Benton b85e907e72 BigSwitch: Asynchronous rest calls for port create
Makes rest calls for port creation an async
operation so create_port calls immediately
return in a BUILD state.

Implements: blueprint bsn-port-async
Change-Id: Ib512a846fa878ec33205df08a3b2464b7ea0941a
9 years ago
Jenkins ba3e990714 Merge "BigSwitch: Add agent to support neutron sec groups" 9 years ago
Jenkins a0a76db4de Merge "Adds the new IBM SDN-VE plugin" 9 years ago
Kevin Benton 901b303f1e BigSwitch: Add agent to support neutron sec groups
Adds a BigSwitch Agent responsible for supporting
neutron security groups on the compute node. Adds
the mixin classes to the plugin to support the
security group calls.

Implements: blueprint bsn-neutron-sec-groups
Change-Id: I3a09888a3ba7d565c2dce8293821919c1e5d0d15
9 years ago
Mohammad Banikazemi 3c9ed23f79 Adds the new IBM SDN-VE plugin
It adds a new plugin for SDN-VE, the IBM SDN
controller. The plugin supports the core API
and the port binding and L3 extensions.

Implements: blueprint ibm-sdn-ve-plugin

Change-Id: I92619a95bca2ae0c37e7fdd39da30119b43d1ad6
9 years ago
ronak e2bab25f54 Nuage Networks Plugin
Nuage networks’ openstack networking plugin enables integration
of openstack with Nuage Networks’ Virtual Service Platform (VSP)

Change-Id: If20b385b78a350cb9aae2c70b6a44888e74c23bc
Implements: blueprint nuage-networks-plugin
9 years ago
Irena Berezovsky 989246779d Change tenant network type usage for IB Fabric
This patch changes tenant network type usage for InfiniBand Fabric
to vlan type. Add the indication of Fabric Type (Ethernet/InfiniBand)
to the provider_network via the plugin configuration file.
If physical network type is not specified for some provider network
listed in the network_vlan_ranges, use default physical network type.

Co-authored-by: Roey Chen <>
Change-Id: Id45acfb8234359a43303c2eee2205a44998c039a
Closes-Bug: 1263638
9 years ago
Itsuro Oda c04785e0ce Make metaplugin be used with a router service plugin
"l3_plugin_list" configuration parameter of the metaplugin is permitted
blank now.
If "l3_plugin_list" is blank, router extension and extensions which extend
the router extension don't be included in "supported-extension-aliases" of
the metaplugin.
This makes the metaplugin be able to be used with a router service plugin.
Note that if "l3_plugin_list" is not blank, a router service plugin must
not be specified, otherwise the error of the bug report still occurs.

This patch removes some router extension related meaningless codes also.
(e.g.  external-net extension belongs to L2 functionality and be handled
 by core plugins properly.)

Closes-bug: 1266347

Change-Id: I0454bc0a4bd7eda5dad18b0538fb7baebe0b9f91
9 years ago
Kevin Benton 749b5b9885 BigSwitch: Move config and REST to diff modules
No functionality change. Separates the config,
rest call, and backend server management from
the main file. Necessary to make
downstream patches more managable and easier
to review.

Implements: blueprint bigswitch-separate-server-module
Change-Id: Ie1fd18a9d8cde24945513c06f7b62239202258a3
9 years ago
Mark T. Voelker 0048b2e83f Lowercase OVS sample config section headers
The "Sample Configurations" section of ovs_neutron_plugin.ini
has uppercased section headers.  In Havana the section headers
were normalized to lowercase, but the sample configs were never

Change-Id: Ic33392788317adcd6eb86caeef4f25aa4a3d10c8
Closes-Bug: #1279418
9 years ago
armando-migliaccio deef3471cb Add migration support from agent to NSX dhcp/metadata services
This is feature patch (3 of 3) that introduces support for
transitioning existing NSX-based deployments from the agent
based model of providing dhcp and metadata proxy services
to the new agentless based mode. In 'combined' mode, existing
networks will still be served by the existing infrastructure,
whereas new networks will be served by the new infrastructure.

Networks may be migrated to the model using a new CLI tool
provided, called 'neutron-nsx-manage'. Currently the tool
provides two admin-only commands:

  neutron-nsx-manage net-report <net-id-or-name>

This will check that the network can be migrated and returns
the resources currently in use. And:

  neutron-nsx-manage net-migrate <net-id-or-name>

This will move the network over the new model and deallocate
resources from the agent. Once a network has been migrated
there is no turning back.

Completes-blueprint nsx-integrated-services

Change-Id: I37c9aa0e76124e1023899106406de7be6714c24d
9 years ago
Robert Collins 9f1c150064 Fix typo in rootwrap files: neuton -> neutron
The l3 filters one in particular breaks /usr/local installs because
its spelt wrongly.

Change-Id: I609e3f448256cb8c9211c4d67ae48cb2ee5b6094
9 years ago
armando-migliaccio ab1f474ace Fix pip install failure due to missing nvp.ini file
It looks like sdist does not support symlinks, therefore
letting nvp.ini point to nsx.ini is not a good solution.
Since nvp.ini is going away, leave a copy for now, but
add a warning so that users are aware of the switch,
whilst preserving full backward-compatibility.

Closes-bug: #1266555

Change-Id: Id98c41145712583072a8e63a5de31ecc1074e420
10 years ago
Jenkins 429d3475de Merge "Add VXLAN example to ovs_neutron_plugin.ini" 10 years ago
armando-migliaccio 79fbeb7ebe Rename nicira configuration elements to match new naming structure
- Every config item prefixed with nvp is prefixed with nsx
- deprecation qualifiers are added to preserve bw compatibility
- nicira/nvp.ini is renamed to vmware/nsx.ini
- symlink nicira/nvp.ini is created to point to vmware/nsx.ini
- UT added to verify that nvp.ini and old config items can still
  parsed correctly; bw-compat will be dropped in Juno

Partial-implements blueprint nicira-plugin-renaming

Change-Id: I676b868e61064cc5ff17e2246e83ba5c5e4a3449
10 years ago
armando-migliaccio 8f3a54f047 Add support for NSX/NVP Metadata services
This is a feature patch (2 of 3) that adds support for
Metadata services provided by the NSX (aka NVP) platform.

It also implements the handling of port events so that
dhcp and metadata configuration in NSX/NVP is updated
if port attributes such as fixed_ips and device_id are

Partial-implements blueprint nsx-integrated-services

Change-Id: Id2b9125b49c0e15e717605ec6ba3dea5d32ee755
10 years ago
Assaf Muller 381e05f0d7 Add VXLAN example to ovs_neutron_plugin.ini
Change-Id: I512bc206f051b58ed346e1fc5247d692ba9bdba3
10 years ago
Akihiro Motoki 834cec0021 Remove root_helper config from plugin ini
As root_helper is defined in neutron.conf, root_helper in plugin ini
is unnecessary and brings confusion when configuring the parameter.
This patch updates plugin ini of NEC plugin and Brocade plugin.

Change-Id: I5b1c36d8d6ffc20ae0b4191a73aaa51f2b3d9a1b
Closes-Bug: #1259242
10 years ago
Jenkins e35403879b Merge "Add request timeout handling for Mellanox Neutron Agent" 10 years ago
Nachi Ueno 88148584f2 Fix misspells
Change-Id: I8be38727ca55ebbead9032cf69f10a1006fd004b
10 years ago