34 Commits

Author SHA1 Message Date
Ian Wienand
1147300b9c Remove bridge-utils/brctl usage
This package isn't available on some distributions hasn't been
required in Neutron for several years
If679e79fa3242ee1cd8610b5525deca35b41c87e.  Remove it.

Change-Id: I7308a885c1d084efe2f0b9f542443d35966140ed
2020-04-30 10:09:47 +10:00
Brian Haley
da18895162 Fix brctl calls
Some distros no longer ship brctl, iproute2 should be used
in its place. The linuxbridge agent plugin script was still
using it, as was worlddump, which generates this warning on
a failure:

    Running devstack worlddump.py
    /bin/sh: 1: brctl: not found

Conditionalizing worlddump based on whether brctl is installed
to make this go away.

Change-Id: Iafbf4038bab08c261d45d117b12d4629ba32d65e
2019-11-06 09:55:47 +08:00
Nate Johnston
56946cfc5f Replace deprecated brctl with ip commands
The bridge-utils package has been deprecated for some time now [1] and
'brctl' does not exist on some more recent distros like Fedora 28.
Replace references to brctl with the proper ip commands.

Calls to "brctl show" are not being replaced with calls to "bridge link"
because the output format is very different and in testing some bridges
were not listed.  So the simpler method of consulting /sys/class/net is
used.

In worlddump.py we try running both because failures are handled
gracefully by _dump_cmd(), as well as "ip link show type bridge" for
additional info.

[1] https://lwn.net/Articles/703776/ for example

Change-Id: Ie4c8ad6ce4a09c38023c9e4ec7834c249403145f
Partial-Bug: #1801919
2019-03-01 14:36:38 -05:00
Jenkins
073c225257 Merge "Skips enabling kernel bridge firewall in container" 2017-03-03 16:20:20 +00:00
Denis Buliga
0bf75a471e Skips enabling kernel bridge firewall in container
Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.

Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
2017-02-27 10:31:58 +02:00
Gary Kotton
79b55f51e4 Fix file permissions for lib/neutron_plugins/linuxbridge_agent
The permissions changed with commit
40aae6adbfce1bd896d5f7b0e281e798b56d1ca8

TrivialFix

Change-Id: I100cb9589309f9289b4581265a5e4206464ddc0e
2017-02-24 13:40:19 +00:00
Ihar Hrachyshka
952ecb6fec Don't set external_network_bridge by default
Since the empty value is the default for the option, and when explcitly
set in config file, it triggers a deprecation warning for the option,
avoid setting it unless we actually need to override the new default
value.

Change-Id: If423114d7a52da29b97d1fb473a955d9d69a1a3e
2017-02-10 06:39:04 +00:00
Ihar Hrachyshka
47bcf4fbcb Removed neutron_plugin_configure_debug_command functions
Those are not called by devstack anymore. This cleanup also gets rid of
code that attempts to set external_network_bridge to an empty value,
which triggers a deprecation warning for the option since it's going to
be removed in a next Neutron release.

Change-Id: I5adcbab877b4e8742522de81b1a85acfc33160d7
2017-02-10 06:39:04 +00:00
Hirofumi Ichihara
40aae6adbf Down PUBLIC_BRIDGE before trying to delete it
When cleanup devstack with linuxbridge, PUBLIC_BRIDGE should be
DOWN before trying to delete it.

Change-Id: I2d205cbe4d92a03ee5c376a23282d9880dd9a1df
Closes-Bug: #1662543
2017-02-08 00:12:04 +09:00
Armando Migliaccio
1c08b191fd Fix devstack with linuxbridge without l3 agent
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).

This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail. To avoid the issue, skip the bridge mappings setup unless L3 is
configured. This is done in a backward compatible fashion: if localrc
uses the old q-l3 tags, the is_service_enabled neutron-l3 would not be
able to succeed.

Closes-Bug: #1643562

Change-Id: I292ff0dc080fb84b5f879ba2f00f03eff295b55b
2016-12-02 02:21:42 +00:00
Armando Migliaccio
6653d74fc4 Revert "Fix devstack with linuxbridge without l3 agent"
I am seeing red all over the linuxbridge gate.

This reverts commit 7f95baa5706980a0910741693abee73abea98b89.

Change-Id: I179f761f991db4b63c0e3445a9a13e43ffe68992
2016-11-29 23:30:18 +00:00
John Schwarz
7f95baa570 Fix devstack with linuxbridge without l3 agent
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).

This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail.

Closes-Bug: #1643562
Change-Id: I6f441c6febb5070ad885569d9c798634d0272b6c
2016-11-23 12:27:10 +02:00
Ihar Hrachyshka
b3a210f643 Enable bridge firewalling if iptables are used
With the plan [1] to stop enabling it by Neutron iptables firewall
driver itself, deployment tools should catch up and enable the firewall
themselves.

This is needed for distributions that decided to disable the kernel
firewall by default (upstream kernel has it enabled). This is also
needed for distributions that ship newer kernels but don't load the
br_netfilter module before starting nova-network or Neutron iptables
firewall driver. In the latter case, firewall may not work, depending on
the order of operations executed by the driver.

To isolate devstack setups from the difference in distribution
kernel configuration and version, the following steps are done:

- we load bridge kernel module, and br_netfilter if present, to get
  access to sysctl knobs controlling the firewall;
- once knobs are available, we unconditionally set them to 1, to make
  sure the firewall is in effect.

More details at:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

[1] I9137ea017624ac92a05f73863b77f9ee4681bbe7

Change-Id: Id6bfd9595f0772a63d1096ef83ebbb6cd630fafd
Related-Bug: #1622914
2016-09-29 04:26:56 +00:00
Jenkins
e8b9257c7c Merge "Fixes for linux bridge and Q_USE_PROVIDER_NET" 2016-08-18 12:30:28 +00:00
Jenkins
f1d8278356 Merge "Remove stale config l3|dhcp_agent_manager options" 2016-08-17 14:02:44 +00:00
Armando Migliaccio
14b12a74f6 Remove stale config l3|dhcp_agent_manager options
There is no longer a trace of these options anywhere in the
Neutron codebase. These can be safely removed.

Change-Id: Ibf00e158248e2a20248917c8cfc0011d30da6a82
2016-08-12 19:07:12 -07:00
Kevin Benton
6a42a85b56 Fixes for linux bridge and Q_USE_PROVIDER_NET
===Set bridge_mappings for linux bridge===
The external network physnet needs a bridge_mapping to the public
bridge when the L2 agent is responsible for wiring.

===Add PUBLIC_PHYSICAL_NETWORK to flat_networks===
This network must be present in the ML2 flat_networks config if
flat_networks is specified.

===Set ext_gw_interface to PUBLIC_BRIDGE in provider net case===
ext_gw_interface must be a bridge in a bridge_mapping when
Q_USE_PROVIDERNET_FOR_PUBLIC is used.

Closes-Bug: #1605423
Change-Id: I95d63f8dfd21499c599d425678bf5327b599efcc
2016-08-05 20:15:39 -07:00
Ihar Hrachyshka
7b5c7dce53 Introduce PUBLIC_BRIDGE_MTU variable to set br-ex MTU
This variable can be used to accommodate for underlying infrastructure
that does not provide full 1500-sized traffic, or maybe instead gives
access to Jumbo frames.

Change-Id: I38a80bac18673a30842a7b997d0669fed5aff976
Related-Bug: #1603268
2016-07-17 00:14:43 +02:00
Sean M. Collins
2a242519f7 Begin new lib/neutron
Background for this work can be read on the mailing list:

http://lists.openstack.org/pipermail/openstack-dev/2016-May/094063.html

Usage of the new Neutron is by setting the following in
ENABLED_SERVICES:

* neutron-api
* neutron-l3
* neutron-agent
* neutron-dhcp
* neutron-metadata-agent

For now, the new neutron library supports just the ML2 plugin, with the
Open vSwitch and Linux Bridge agents supported. All other Neutron
plugins should be creating their own DevStack plugin if they wish for
DevStack to support them. Many of them already do.

Other notable changes compared to neutron-legacy:

* Rely on the Neutron defaults, and force Neutron to make
  sane defaults instead of all kinds of knobs in DevStack.

* Default to rootwrap daemon support

* Use the security group driver by default

* interface_driver can now use NEUTRON_AGENT (linuxbridge, openvswitch), since
  they are entrypoints in neutron's setup.cfg

* Use NEUTRON_AGENT variable to determine which agent to run
  Works with NEUTRON_AGENT set to either "linuxbridge" or "openvswitch"
  Default is openvswitch for the time being.

* Set ML2 configuration for VXLAN support

* Remove Xen hypervisor stuff - it should be a plugin

* Move L3 crud into separate service file:

  There's a lot of L3 configuration that was in the main neutron file, but
  a lot of it is self contained and can be moved into its own file.

  The new l3 service file will contain all the previous L3 plumbing and
  configuration that the OpenStack Gate expects, while also eventually
  moving the whole l3 network creation step into a single hook that can be
  overridden by plugins.

* Introduce a check for a function "neutron_plugin_create_initial_networks" which
  will become the mechanism through which different topologies, and
  networking plugins can create and wire the initial networks that are
  created during a stack.sh run.

The new lib/neutron is considered experimental, and followup patches
will build upon this one. Existing users of lib/neutron-legacy should
remain unharmed.

Co-Authored-By: Hirofumi Ichihara <ichihara.hirofumi@lab.ntt.co.jp>
Co-Authored-By: Dean Troyer <dtroyer@gmail.com>
Change-Id: I31b6362c6d9992f425f2dedbbeff2568390a93da
2016-05-09 14:26:08 -04:00
Ian Wienand
523f488036 Namespace XTRACE commands
I noticed this when debugging some grenade issues failures.

An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.

We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.

When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).

The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.

The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.

Some files had already discovered this.  In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste.  This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.

Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
2015-11-27 15:36:04 +11:00
Martin Hickey
dca49de22f Use stevedore aliases for interface_driver configuration
interface_driver configuration was updated to use stevedore aliases.
This patch is to change devstack scripts to now use the aliases
instead of the previous class imports.

Closes-Bug: #1504536

Change-Id: Ic56bfcc1f9da05a999e6fd328e4dd6617e9470ff
2015-11-02 20:33:20 +00:00
Aaron Rosen
bd5e6b1659 Remove unnecessary execute permissions
These files have acquired execute permissions that
are not strictly necessary because they are being 
sourced, and not intended to be run separately.

Restore to 644

Change-Id: I0b8654123416a07521502b61610ca45c94494a07
2015-10-01 21:01:35 +00:00
Nick
c295bca61f Fix tunneling support for linuxbridge-agent
When I deploy linuxbridge-agent and enable tunneling,
the configuration of neutron isn't right. It lacks
the whole section [vxlan] to be properly configured.

Change-Id: Ib3bfe0f3445f466f4dbb36f7f0cb0d940114e7f6
Closes-Bug: #1481126
2015-09-30 10:33:43 +10:00
Hirofumi Ichihara
5c0546e427 Add cleanup for Linuxbridge-agent
Change-Id: I53f445e7f8efd950823f79aca95b9e65d1544ee9
Closes-Bug: #1469609
2015-06-29 17:07:40 +09:00
Sean M. Collins
64d5ecf3bf Define PUBLIC_BRIDGE in the main Neutron lib
This way, it can be used by both OVS and Linux Bridge

Change-Id: Iea5a8bb720d327b69f64791a23d414d4cde2e3ea
Closes-Bug: #1460758
2015-06-01 14:13:41 -04:00
Dean Troyer
311f487644 Remove deprecated vars
These have been emitting deprecated warnings for over a full release cycle:
Q_AGENT_EXTRA_AGENT_OPTS, Q_AGENT_EXTRA_SRV_OPTS, CINDER_MULTI_LVM_BACKEND

Change-Id: I3aa5cabd6ce3a0072cba08bbca1ad23d4a831219
2015-02-11 10:56:47 -06:00
Sean Dague
e263c82e48 add shebang lines to all lib files
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.

Change-Id: Id238748417ffab53e02d59413dba66f61e724383
2014-12-10 11:28:05 -05:00
mathieu-rohon
50187eec28 Restore linuxbridge-agent compatibility
This patch partially reverts commit
15130cd5fd1688b8984d78136b97bb8de7c32b64.

This commit was desupporting ovs and linuxbridge plugins.
But the ML2 plugin can be deployed with the linuxbridge agent.

The current patch restores the linuxbridge agent configuration
file.

Closes-Bug: #1393429

Change-Id: If824185b22e22a1de6498f1f0f2742a279235675
2014-11-21 22:31:52 +01:00
YAMAMOTO Takashi
15130cd5fd Desupport neutron openvswitch and linuxbridge monolithic plugins
These plugins were removed in Juno.
Note: this doesn't affect the corresponding ML2 mechanism drivers.

Partial-Bug: #1323729
Change-Id: Ia8da1e20a03fef5657ba1584bf83ddd224b5d5f2
2014-10-28 11:55:19 +09:00
Akihiro Motoki
2307f9de75 Avoid using deprecated Q_AGENT_EXTRA_AGENT_OPTS in ML2 setup
Q_AGENT_EXTRA_AGENT_OPTS is deprecated now and stack.sh displays
the warning that it will be removed early in "K" cycle.
Neutron ML2 devstack uses Q_AGENT_EXTRA_AGENT_OPTS to pass tunnel
configurations to Neutron plugin agents.

This commit removes the usage of Q_AGENT_EXTRA_AGENT_OPTS and
configures these config options directly.

Change-Id: I7fc1613ff78c0a8b1e80cc041b06f5d4680c34f2
Closes-Bug: #1354670
2014-08-14 08:11:56 +09:00
Kyle Mestery
bd0855056b Fix incorrect comparisions
The files changed in this commit had incorrect bash syntax in that they were
assigning variables (=) instead of checking if they were equal (==). The
incorrect checks were preventing the configuration of VLANs with the Neutron
ML2 plugin.

Change-Id: I4b54bb5c69cc836c22900bd7a966197e9c616076
2014-05-08 10:29:34 +00:00
Ian Wienand
aee18c749b Enforce function declaration format in bash8
Check that function calls look like ^function foo {$ in bash8, and fix
all existing failures of that check.  Add a note to HACKING.rst

Change-Id: Ic19eecb39e0b20273d1bcd551a42fe400d54e938
2014-02-28 07:59:03 +11:00
Aaron Rosen
4540d00ebd All neutron plugins should now use LibvirtGenericVIFDriver
Change-Id: I70015ae55fe6db9c6c4663a8d021fe9cfe2eddcf
2013-10-24 23:01:16 -07:00
Mark McClain
b05c876994 update for name change to Neutron
Note: Nova and Horizon are not updated until those projects have
migrated.

Change-Id: I256ef20e7caadd9c96e6dd908c5d8b69ca5c4aeb
2013-07-07 00:15:11 -04:00