204 Commits

Author SHA1 Message Date
Juan Antonio Osorio Robles
19c354aacd Add http_proxy_to_wsgi to api-paste
This sets up the HTTPProxyToWSGI middleware in front of Neutron-API. The
purpose of this middleware is to set up the request URL correctly in
case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Neutron.

So, for instance, when TLS connections are being terminated in the
proxy, and one tries to get the versions from the / resource of
Neutron, one will notice that the protocol is incorrect; It will show
'http' instead of 'https'. So this middleware handles such cases.
Thus helping Keystone discovery work correctly.

The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.

Change-Id: Ice9ee8f4e04050271d59858f92034c230325718b
Closes-Bug: #1590608
2016-10-14 11:24:03 +03:00
Jenkins
571999037f Merge "New option for num_threads for state change server" 2016-09-28 14:59:55 +00:00
venkata anil
70ea188f5d New option for num_threads for state change server
Currently max number of client connections(i.e greenlets spawned at
a time) opened at any time by the WSGI server is set to 100 with
wsgi_default_pool_size[1].

This configuration may be fine for neutron api server. But with
wsgi_default_pool_size(=100) requests, state change server
is creating heavy cpu load on agent.
So this server(which run on agents) need lesser value i.e
can be configured to half the number of cpu on agent

We use "ha_keepalived_state_change_server_threads" config option
to configure number of threads in state change server instead of
wsgi_default_pool_size.

[1] https://review.openstack.org/#/c/278007/

DocImpact: Add new config option -
ha_keepalived_state_change_server_threads, to configure number
of threads in state change server.

Closes-Bug: #1581580
Change-Id: I822ea3844792a7731fd24419b7e90e5aef141993
2016-09-23 17:07:12 +00:00
YAMAMOTO Takashi
e80112ca62 Fix a release note typo for implicit provider loading deprecation
Don't repeat --config-dir option twice.

Related-Bug: #1492069
Related-Bug: #1599936
Change-Id: I002b80ba8e5496c164d08357e4cce9e0b4abf5cf
2016-09-21 16:44:08 +09:00
Jenkins
52d4ed22ea Merge "DHCP: enhance DHCP release log" 2016-09-20 00:24:18 +00:00
Gary Kotton
d9cc6deac6 DHCP: enhance DHCP release log
Commit 2aa23de58f55f7b1001508326c5ac2627ba3a429 added in a warning
in the event that a release failed. This would have no information
that can help anyone deal with it.

Also updated the release note to include a recommendation to use
a version of dnsmasq including dhcp_release6 on an upgrade, so
that the warning we are logging here will not happen.

Closes-bug: #1619535
Change-Id: Ia73dcf5170aaf3f874a6abe83fefb8e85b6e67e3
2016-09-16 19:49:51 +00:00
Jenkins
c0d379f047 Merge "Include timezone in timestamp fields" 2016-09-16 16:35:34 +00:00
Jenkins
1a51051836 Merge "Add release note for blueprint vlan-aware-vms" 2016-09-15 08:49:47 +00:00
Kevin Benton
424a633fd9 Include timezone in timestamp fields
The Neutron 'created_at'/'updated_at' fields on API resources
were inconsistent with other OpenStack projects because we did
not include timezone information. This patch addressed that
problem by adding the zulu time indicator onto the end of the
fields.

Because this could break clients expecting no timezone, this patch
also eliminates the 'timestamp_core' and 'timestamp_ext' extensions
and consolidates them into a new 'timestamp' extension. This makes
the change discoverable via the API.

This is assuming the current API development paradigm where
extensions can come and go depending on the deployment and the client
is expected to handle this by checking the loaded extensions.
Once we decide extensions are permanent, this type of change will
no longer be possible.

Even though this is being proposed late in the cycle, it is better
to get this change in before the release where we expose even more
resources with incorrectly formatted timestamps.

APIImpact
Closes-Bug: #1561200
Change-Id: I2ee2ed4c713d88345adc55b022feb95653eec663
2016-09-14 12:04:15 -07:00
Dariusz Smigiel
dd5976b7ab Accept and return project_id for API calls
Update the API to accept project_id in requests and return
project_id in responses.

For now, the API treats tenant_id and project_id equivalently.
It accepts either or both in requests.
It returns both in responses, depending on filters.

We include an extension to indicate that support for project_id
is enabled in the API.

Completes: blueprint keystone-v3

APIImpact: Describe how the Networking API supports Keystone V3.

Co-Authored-By: Henry Gessau <HenryG@gessau.net>
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>

Change-Id: I8775aa8a477191ef21e7c3c6da31d098befefc3c
2016-09-12 19:23:53 +00:00
Armando Migliaccio
e1b2ac1e9e Add release note for blueprint vlan-aware-vms
Now that the bulk of the code is in place, and we are about
to see the finish line, it is time to prepare the release
notes for this feature.

This patch refines docstrings that recently went in and
makes sure the code is in sync with the agent's devref.

Implements: blueprint vlan-aware-vms

Change-Id: Idb9379046aeb07354a170a361da777140a2a028e
2016-09-09 13:30:22 -07:00
Carl Baldwin
b6a90df2ac Mark unaddressed ports with none in ip_allocation field
This is the Neutron side of the unaddressed ports blueprint. In order
to allow unaddressed ports, Nova wants the port to explicitly say it
is okay that it doesn't have any IP addresses.

In Neutron, an unaddressed port is one that was created by explicitly
passing [] in fixed_ips to create the port.  A new DB field is added
to the port to distinguish the unaddressed port case from the deferred
IP allocation case where routed networks is involved.

Change-Id: Ia61af4c14e955697a7d3fcc0bf4826a6d9475c98
Implements: blueprint vm-without-l3-address
APIImpact: port now has ip_allocation attribute, set on port create
2016-09-09 12:43:35 -06:00
Gary Kotton
6b32033370 DHCP: remove deprecated config dhcp_lease_time
This was marked as deprecated in commit 95dbd03a0bc4867bf8520539ed08f4068adf2f33.
That was in Havana. We have given enough time for admins
to upgrade to the new variable - dhcp_lease_duration.

UpgradeImpact
TrivialFix

Change-Id: Ie08c8f66b84cc577a99355f6977f946398b0a94a
2016-09-08 04:18:09 -07:00
Jenkins
1d0dd8be92 Merge "Replaced this with "get-me-a-network"" 2016-09-01 23:02:06 +00:00
Jenkins
3ce2450d98 Merge "Adding support of releasing DHCPv6 leases" 2016-09-01 07:33:35 +00:00
Sergey Nechaev
2aa23de58f Adding support of releasing DHCPv6 leases
Original problem is that dhcp_release does not work with IPv6, but IPv6
leases still should be released. For example:

1. Start VM in dhcpv6-stateful network, make it acquire IPv6 address.
2. Delete VM.
3. Start another VM in same network before lease expires.

There's a very high chance that the same IPv6 address will be allocated
for both of these VMs (same address will be reused after first VM was
deleted).

On DHCP agent, hosts file would be changed, but not lease file, so
dnsmasq will not give second VM address until lease expires. Reducing
lease time is not a good solution here.

Solution is adding invocation of dhcp_release6 utility when
releasing IPv6 address. dhcp_release6 utility appears in dnsmasq 2.76.
It crafts DHCP6_Release packet, sends it from passed network
interface to IPv6 multicast address and waits for DHCP6_Reply.

Closes-Bug: 1521666
Change-Id: I5efab81cdaf0676503b6c7da0d4b4f400d859286
2016-08-31 17:33:54 -04:00
Jenkins
3938655af9 Merge "Add L3 agent extension API object" 2016-08-31 20:17:50 +00:00
Nate Johnston
23f7da3021 Add L3 agent extension API object
In L2 agent extensions, when the agent extension needed access to a
datastructure within the L2 agent, an agent extension API object was created.
This API object would be the interface permitting agent extensions to have
access to those objects internal to the L2 agent.

This change implements a similar agent extension API object for the L3 agent
extensions.  This is necessary to allow L3 agent extensions to have access to
the RouterInfo class, so that they can do lookups on it, for example
determining the namespace for a specific router.  Without this API object, the
L3 agent extension would not have access to this structure.

Co-Authored-By: Margaret Frances <margaret_frances@cable.comcast.com>

Partially-Implements: blueprint l3-agent-extensions

Change-Id: I85f89accbeefd820130335674fd56cb54f1449de
2016-08-31 11:15:51 -04:00
Jenkins
6bcbcb3695 Merge "SR-IOV: add agent QoS driver to support egress minimum bandwidth" 2016-08-31 08:34:47 +00:00
Jenkins
4ef8ea66a5 Merge "Add QoS minimum bandwidth rule for instance egress traffic" 2016-08-31 08:27:06 +00:00
Jenkins
12103af6be Merge "Allow SR-IOV agent to start when number of vf is 0" 2016-08-29 20:55:17 +00:00
Jenkins
5a30c0f858 Merge "Remove deprecated default subnetpools" 2016-08-29 07:29:01 +00:00
Edan David
f2b33b6727 Allow SR-IOV agent to start when number of vf is 0
Remove number of vf validation from scan_vf_devices method
in the eswitch manager module, to allow the SR-IOV agent
to load when using PF passthrough.

Closes-Bug: #1614086

Change-Id: Iff5bf3a5542d5b19f45637e954a72a14402a30ae
2016-08-28 03:59:35 -04:00
Rodolfo Alonso Hernandez
46de63c42e SR-IOV: add agent QoS driver to support egress minimum bandwidth
This patch adds SR-IOV agent driver, which uses eswitch manager, to set
VF min_tx_rate parameter. This parameter defines the guaranteed minimum
bandwidth for egress traffic.

DocImpact
Partial-Bug: #1560963

Change-Id: Iefe5e698e99d186202d6ef170f84e93bfbba46dd
2016-08-27 17:36:21 +00:00
Rodolfo Alonso Hernandez
60325f4ae9 Add QoS minimum bandwidth rule for instance egress traffic
This patch introduces the front end implementation for QoS
minimum bandwidth rule.

APIImpact: New type of parameter for QoS rule in neutron API
DocImpact

Change-Id: I6b619a96a2bfde164646c71409b671352bc6ce7d
Partial-Bug: #1560963
2016-08-27 17:08:18 +00:00
Jenkins
9414826fd5 Merge "Deprecate allow_sorting and allow_pagination options" 2016-08-26 22:09:20 +00:00
Ihar Hrachyshka
fdf66024d3 Deprecate allow_sorting and allow_pagination options
There is no technical reason to disable sorting and pagination, except
maybe performance concerns. But there are other ways to DoS-attack
neutron-server services, like... any other type of request. So the
concern is moot.

Keeping those options available for configuration reduces compatibility
between Neutron installations. It's better to do the right thing, and do
it right, implementing the feature for the benefit of API users.

DocImpact Update configuration documentation to reflect deprecation.

Change-Id: Iad26221a58589b10381f1a0d69a88c92fb5adeee
Related-Bug: #1566514
2016-08-26 18:10:28 +00:00
John Davidge
de3a3cda74 IP allocation with Service Subnets
This changes the way that IPAM decides which subnets to use when
assigning IPs to newly created ports. If the port has a defined
device_owner, this is used to filter available subnets to choose
from only those with a matching service_type or no service_type
at all.

If the given network has no service subnets, then the existing
behaviour is used.

A new IPAM exception is introduced to handle the following scenarios:
1. A port is created with a device_owner and only non-matching service
   subnets exist.
2. A port is created without a device owner, and no subnets exist
   without a service_type.

With this patch, service subnets are now usable.

Implements: blueprint service-subnets
APIImpact: subnet-create and subnet-update with service_types
DocImpact: IPs assigned to new ports will now come from a service subnet
matching the port device_owner, if one exists.

Closes-Bug: 1544768
Change-Id: If3dd94a46bdee24c13d1f17c4f2e69af0cb8af63
2016-08-24 20:03:22 +01:00
Jenkins
92cbd83ee5 Merge "SR-IOV: deprecate supported_pci_vendor_devs" 2016-08-20 00:52:34 +00:00
Jenkins
ab1b3f9bed Merge "Deprecate implicit loading of service_providers from neutron_*.conf" 2016-08-18 10:51:20 +00:00
Jenkins
703486dbd0 Merge "Switch to pluggable IPAM implementation" 2016-08-18 04:51:56 +00:00
Jenkins
a915f2b690 Merge "Implement L3 Agent Extension Manager" 2016-08-17 10:05:29 +00:00
Pavel Bondar
625de54de3 Switch to pluggable IPAM implementation
This patch does unconditional switch from non-pluggable IPAM to
pluggable IPAM for all deployments during upgrade to Neutron.

Pluggable IPAM is enabled by pointing ipam_driver default to reference
driver. User who manually set ipam_driver in neutron.conf will continue
to use ipam_driver of their choice.

During upgrade data is migrated from non-pluggable IPAM tables to
pluggable IPAM tables using alembic_migration. Availability ranges
(IPAvailabilityRange) is no longer used to calculate next available ip
address, so migration for this table is not included.

Migration is covered with functional tests. Dataset with subnets,
allocation pools and ip allocations is loaded prior to migration.
Once migration is completed ipam related tables are checked
if data is migrated properly.

Built-in IPAM implementation becomes obsolete and is planned to be
removed in upcoming commits.

UpgradeImpact
Closes-Bug: #1516156
Change-Id: I1d633810bd16f1bec7bbca57522e9ad3f7745ea2
2016-08-17 03:12:32 -06:00
Moshe Levi
de31df4211 SR-IOV: deprecate supported_pci_vendor_devs
Deprecate the supported_pci_vendor_devs option in order to reduce
complexity for configuring SR-IOV. Currently, neutron validates the pci
vendor and product id. However this check is already done by the
nova-scheduler when it selects a suitable hypervisor. More precisely,
the compute node validates this through the pci_passthrough_whitelist
option in nova.conf. Therefore this check in neutron is redundant.

This patch deprecates the supported_pci_vendor_devs in Newton release
and updates the supported_pci_vendor_devs default to None.
In case of None value the SR-IOV mechanism driver won't do
any pci vendor validation. In case this option is set
the SR-IOV mechanism driver will do the validaiton as it was
before.

DocImpact
Closes-bug: #1611302

Change-Id: Id5e2cef44da871965583abbae3e1140fd4f5786c
2016-08-16 08:29:57 +03:00
Nate Johnston
93a8dc3dbe Implement L3 Agent Extension Manager
Using the generalized agent extension mechanism, create an agent extension
manager in the L3 agent, so that the L3 agent can load agent extensions.

Co-Authored-By: Margaret Frances <margaret_frances@cable.comcast.com>
Implements: blueprint l3-agent-extensions
Needed-By: Iff506bd11b83d396305e631f3dd95d44cf38fd63

Change-Id: I6da92cb8b9fcbb603e120eababcf4ce711da3e30
2016-08-15 09:36:54 -04:00
Jenkins
4e276c3b47 Merge "Change external_network_bridge default to ''" 2016-08-11 01:14:59 +00:00
Jenkins
c2b220ee3d Merge "Enable sorting and pagination by default" 2016-08-04 19:25:36 +00:00
Jenkins
04ace419ba Merge "Added API extensions to detect sorting/pagination features" 2016-08-04 19:20:56 +00:00
Dariusz Smigiel
df9411dc11 Rename DB columns: tenant -> project
All occurences of ``tenant_id`` across the database are renamed
to ``project_id``. Both options are equally valid, but ``project_id``
is preferred.
To inform external users about the change, HasTenant class was
deprecated.

UpgradeImpact
Partially-Implements: blueprint keystone-v3

Change-Id: I87a8ef342ccea004731ba0192b23a8e79bc382dc
2016-08-03 14:34:37 +00:00
Jenkins
d1ce56eb70 Merge "L2-Adjacency support" 2016-08-02 22:22:12 +00:00
Kevin Benton
3f71a49e0f Change external_network_bridge default to ''
This changes the default for external_network_bridge to '' to
encourage operators to deploy L3 agents in the correct manner.

This patch also adds a functional test to ensure that namespaces
with an existing external gateway interface are not torn down and
rewired on change.

Closes-Bug: #1563070
Change-Id: If533cf7c4c379be78f5a15073accaff7f65973ab
2016-08-02 11:35:47 -07:00
John Davidge
f7cc6a0107 Remove deprecated default subnetpools
These config options were deprecated in Mitaka.
They can now be removed in Newton.

Closes-Bug: #1594810
Related-Bug: #1501328
Change-Id: I6eea7d4465cf23df1d8dae26336633052dfab871
2016-08-02 11:25:12 +01:00
Ihar Hrachyshka
9733cc2552 Enable sorting and pagination by default
Now that we have a decent api test coverage for those features, as well
as a way to detect the features via REST API, we should be safe and
thrilled to enable them by default in all installations.

Depends-On: I0aaaa037a8ad52060a68dd75c0a1accc6add238e
Depends-On: I5e68f471a641a34100aba31cb2c4a815c7220014
Depends-On: I648851b48d0481c97054e1280b60a119b42dfd38
Depends-On: Ic04cd125dd715ae0694fbf24d8193abe3151ffd1
Depends-On: Ib3709d15fd87b93285dadf78cce73ee37e8898e2
Depends-On: Ie3a66d2a7c05143df3da1c56c8e8a5308d4bae91

DocImpact Update configuration documentation to cover new defaults.
UpgradeImpact To retain the original default behaviour, set
              allow_sorting and allow_pagination to False.

Closes-Bug: #1566514
Change-Id: I3820bec029b3895913b034b718116c95b4942ed0
2016-08-01 20:59:33 +00:00
Ihar Hrachyshka
5e0878f476 Added API extensions to detect sorting/pagination features
Those features are available only when allow_sorting and
allow_pagination options are enabled (the current default is False).

They don't depend on plugin support, because when plugins don't
implement them natively, emulated mode is applied by API router itself.
So to make it plugin agnostic, we introduce a way to register custom
per-extension checks to override support detection for cases like that
one.

Now that we have a way to detect support for those features via API,
there is little reason to keep tempest configuration options to enable
those features. Instead, just inspect [network-feature-enabled]
api_extensions option in tempest.conf.

Now that DEFAULT_ALLOW_SORTING/DEFAULT_ALLOW_PAGINATION constants are
used in a single place only (in allow_sorting/allow_pagination
definitions), removed them and replaced with a literal.

Added first in-tree API tests for /extensions entry point.

DocImpact Update API documentation to cover new extensions.
APIImpact Document the new extensions.
Related-Bug: #1566514
Change-Id: I0aaaa037a8ad52060a68dd75c0a1accc6add238e
2016-08-01 22:57:15 +02:00
reedip
6cb0c49857 L2-Adjacency support
The following patch adds the support for L2-Adjacency to indicate if
there is L2 adjacency between the ports on a network.

Partially-Implements: blueprint routed-networks

Change-Id: Id2d4331568886bee52e78e1c138f1475cc89342b
2016-08-01 13:43:45 -06:00
Jenkins
0419da5ea2 Merge "Remove deprecated network_device_mtu option" 2016-07-29 16:09:16 +00:00
Ihar Hrachyshka
49d1def762 Deprecate implicit loading of service_providers from neutron_*.conf
This feature is redundant, since it duplicates oslo.config functionality. If
neutron-server needs to load the configuration option from multiple files, it
should be achieved by passing multiple --config-dir/--config-file CLI
arguments, not by relying on implicit loading for files with names matching the
neutron_*.conf pattern.

The plan is to stop implicit loading in Ocata.

More details:
http://lists.openstack.org/pipermail/openstack-dev/2016-May/096033.html

Related-Bug: #1492069
Related-Bug: #1599936
Change-Id: I743e181532d285303c8d5c2a73f4fd674626b478
2016-07-25 19:58:50 +00:00
Ihar Hrachyshka
a9133b7255 Remove deprecated network_device_mtu option
The right way to configure Neutron to work with infrastructure MTU is by
using plugin agnostic global_physnet_mtu and ml2 specific
path_mtu/physical_network_mtus options. The deprecated option is error
prone and does not allow to use different MTUs per network.

Closes-Bug: #1603493
Related-Bug: #1549470
Related-Bug: #1542108
Related-Bug: #1542475

DocImpact Remove all references to network_device_mtu option from
          Neutron documentation. Note that Nova has a deprecated option
          with the same name that will need a separate patch to be removed.

Depends-On: I8e6cc99fe70d0c41a705431fb3160e8fccacff10
Depends-On: I337b284076a794027fbd63796119d56bd1923cf2
Change-Id: I7287db9df25a78a59b2dfa28acfde7fe69d17f40
2016-07-25 19:51:00 +00:00
Jenkins
41438c90f4 Merge "Calculate MTU on every network fetch instead of on create" 2016-07-22 22:37:21 +00:00
Jenkins
e43ac3b27b Merge "Release note: fix a typo in add-time-stamp-fields" 2016-07-21 08:26:58 +00:00