Allow to disable DVR api extension loading

A lot of clouds using the router service plugin don't configure for DVR,
but the service plugin still loads the extension, and exposes it via
API. Which will break if api consumers (admins with default policy.json)
attempt to create new style routers based on the information passed
through /extensions/ api.

This change introduces a new config option that allows to avoid loading
the extension. For complatibility sake, it requires an opt-in from ops
side to disable it, otherwise the extension is still loaded as before.

This is helpful for automation matters. It may also be useful when
preparing tempest.conf api_extensions=, when you could actually pass the
result of /extensions/ request into tempest and expect the test suite to
pass without yanking dvr off the list for non-dvr setups.

We could go further and try to check if the controller is configured
properly. That is complicated by the fact that f.e. such validation may
require talking to ml2 drivers, or even agents, which is not feasible
during api startup.

Change-Id: I84be9be93862fe71a2d5b5322d7ebd476c784163
Related-Bug: #1450067
This commit is contained in:
Ihar Hrachyshka 2017-04-06 14:03:15 +00:00
parent 143a6e8546
commit da8d5b4770
6 changed files with 81 additions and 4 deletions

View File

@ -49,6 +49,10 @@ router_distributed_opts = [
default=False, default=False,
help=_("System-wide flag to determine the type of router " help=_("System-wide flag to determine the type of router "
"that tenants can create. Only admin can override.")), "that tenants can create. Only admin can override.")),
cfg.BoolOpt('enable_dvr',
default=True,
help=_("Determine if setup is configured for DVR. If False, "
"DVR API extension will be disabled.")),
] ]
cfg.CONF.register_opts(router_distributed_opts) cfg.CONF.register_opts(router_distributed_opts)

View File

@ -17,8 +17,10 @@ from neutron_lib import constants as n_const
from neutron_lib.services import base as service_base from neutron_lib.services import base as service_base
from oslo_config import cfg from oslo_config import cfg
from oslo_log import helpers as log_helpers from oslo_log import helpers as log_helpers
from oslo_log import log as logging
from oslo_utils import importutils from oslo_utils import importutils
from neutron._i18n import _LI
from neutron.api.rpc.agentnotifiers import l3_rpc_agent_api from neutron.api.rpc.agentnotifiers import l3_rpc_agent_api
from neutron.api.rpc.handlers import l3_rpc from neutron.api.rpc.handlers import l3_rpc
from neutron.common import rpc as n_rpc from neutron.common import rpc as n_rpc
@ -39,6 +41,16 @@ from neutron import service
from neutron.services.l3_router.service_providers import driver_controller from neutron.services.l3_router.service_providers import driver_controller
LOG = logging.getLogger(__name__)
def disable_dvr_extension_by_config(aliases):
if not cfg.CONF.enable_dvr:
LOG.info(_LI('Disabled DVR extension.'))
if 'dvr' in aliases:
aliases.remove('dvr')
class L3RouterPlugin(service_base.ServicePluginBase, class L3RouterPlugin(service_base.ServicePluginBase,
common_db_mixin.CommonDbMixin, common_db_mixin.CommonDbMixin,
extraroute_db.ExtraRoute_db_mixin, extraroute_db.ExtraRoute_db_mixin,
@ -56,10 +68,10 @@ class L3RouterPlugin(service_base.ServicePluginBase,
l3_db.L3_NAT_db_mixin, l3_hamode_db.L3_HA_NAT_db_mixin, l3_db.L3_NAT_db_mixin, l3_hamode_db.L3_HA_NAT_db_mixin,
l3_dvr_db.L3_NAT_with_dvr_db_mixin, and extraroute_db.ExtraRoute_db_mixin. l3_dvr_db.L3_NAT_with_dvr_db_mixin, and extraroute_db.ExtraRoute_db_mixin.
""" """
supported_extension_aliases = ["dvr", "router", "ext-gw-mode", _supported_extension_aliases = ["dvr", "router", "ext-gw-mode",
"extraroute", "l3_agent_scheduler", "extraroute", "l3_agent_scheduler",
"l3-ha", "router_availability_zone", "l3-ha", "router_availability_zone",
"l3-flavors"] "l3-flavors"]
__native_pagination_support = True __native_pagination_support = True
__native_sorting_support = True __native_sorting_support = True
@ -83,6 +95,14 @@ class L3RouterPlugin(service_base.ServicePluginBase,
self.add_worker(rpc_worker) self.add_worker(rpc_worker)
self.l3_driver_controller = driver_controller.DriverController(self) self.l3_driver_controller = driver_controller.DriverController(self)
@property
def supported_extension_aliases(self):
if not hasattr(self, '_aliases'):
aliases = self._supported_extension_aliases[:]
disable_dvr_extension_by_config(aliases)
self._aliases = aliases
return self._aliases
@log_helpers.log_method_call @log_helpers.log_method_call
def start_rpc_listeners(self): def start_rpc_listeners(self):
# RPC support # RPC support

View File

@ -85,6 +85,7 @@ case $VENV in
;; ;;
"api"|"api-pecan"|"full-ovsfw"|"full-pecan"|"dsvm-scenario-ovs"|"dsvm-scenario-linuxbridge") "api"|"api-pecan"|"full-ovsfw"|"full-pecan"|"dsvm-scenario-ovs"|"dsvm-scenario-linuxbridge")
# TODO(ihrachys) consider feeding result of ext-list into tempest.conf
load_rc_hook api_all_extensions load_rc_hook api_all_extensions
if [ "${FLAVOR}" = "dvrskip" ]; then if [ "${FLAVOR}" = "dvrskip" ]; then
load_rc_hook disable_dvr_tests load_rc_hook disable_dvr_tests
@ -108,6 +109,9 @@ case $VENV in
if [[ "$VENV" =~ "ovs" ]]; then if [[ "$VENV" =~ "ovs" ]]; then
load_conf_hook ovsfw load_conf_hook ovsfw
fi fi
if [[ "$FLAVOR" = "dvrskip" ]]; then
load_conf_hook disable_dvr
fi
export DEVSTACK_LOCALCONF=$(cat $LOCAL_CONF) export DEVSTACK_LOCALCONF=$(cat $LOCAL_CONF)
$BASE/new/devstack-gate/devstack-vm-gate.sh $BASE/new/devstack-gate/devstack-vm-gate.sh

View File

@ -0,0 +1,4 @@
[[post-config|/$NEUTRON_CONF]]
[DEFAULT]
enable_dvr=False

View File

@ -0,0 +1,33 @@
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from oslo_config import cfg
from neutron.services.l3_router import l3_router_plugin as lrp
from neutron.tests import base
class TestL3PluginDvrConditional(base.BaseTestCase):
def _test_dvr_alias_exposed(self, enabled):
cfg.CONF.set_override('enable_dvr', enabled)
plugin = lrp.L3RouterPlugin()
exposed = 'dvr' in plugin.supported_extension_aliases
self.assertEqual(enabled, exposed)
def test_dvr_alias_exposed_enabled(self):
self._test_dvr_alias_exposed(enabled=True)
def test_dvr_alias_exposed_disabled(self):
self._test_dvr_alias_exposed(enabled=False)

View File

@ -0,0 +1,12 @@
---
features:
- |
Allow to configure ``router`` service plugin without ``dvr`` API extension
loaded and exposed. To achieve that, set the new ``enable_dvr`` option to
``False`` in ``neutron.conf`` file.
upgrade:
- |
Consider setting ``enable_dvr`` to ``False`` in ``neutron.conf`` file if
your setup doesn't support DVR. This will make Neutron stop advertising
support for the ``dvr`` API extension via its ``/v2.0/extensions`` API
endpoint.