| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: Ieded1c4bdc6fd977fcb3131707028616ee184bd9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes the hostname validation to align with the RFC's demands[1].
This was done by replacing the full regex with a function that
broke the FQDN into individual components that were easier to
reason about with regular expressions.
Also added several test cases for domains so if someone wants
to convert it back to pure regex there will be better test vectors.
1. RFC 1123 says an all-digit hostname is allowed in section 2.1. It
says that this more liberal syntax MUST be supported.
Conflicts:
neutron/tests/unit/test_attributes.py
Closes-Bug: #1396932
Change-Id: I003cf14d95070707e43e40d55da62e11a28dfa4e
(cherry picked from commit 35662d07628452d14306f5197871ad64f6396ff3)
|
|\ |
|
| |
| |
| |
| | |
Change-Id: I4959b7d76e9a6e33e1ac6eab88675b8218e5a353
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Alembic 0.7.1 is adding new diff directives add_fk and remove_fk.
The logic in execute_alembic_command() appears to assume all potential
commands are present in METHODS. This patch adjusts it so that
it checks METHODS first, allowing the tests in neutron.tests.unit.db.test_migration
to pass. However, if the design here requires that all potential
Alembic commands are handled, then this would not be the fix,
though I recommend that the potential list of Alembic directives
not be hardcoded.
Change-Id: Ib08685be252e1fdb0f10853f8fc9a7e19ac54a94
Closes-Bug: #1397796
(cherry picked from commit 6a9d1121472028f3583e577b62a7e576fff5806f)
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A CIDR in allowed address pairs would screw up
the calculation of remote security group member
IP addresses due to a call that assumed each entry
was an IP. This patch fixes that an adds a remote
security group reference to the address pairs SG
test case to exercise this code-path.
Closes-Bug: #1382562
Change-Id: I2676f4b56bce7449579d67fb221b3edb7b885103
(cherry picked from commit a1e78b2e8836053d8ffb29bce0f862e8a5f19c2f)
|
| |
| |
| |
| | |
Change-Id: I72045d8a7b5abbd6ad6b9a01f9a5fa653c37b464
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A recent change[1] allowed subnets to be deleted even if they
had active IPv6 SLAAC allocations on them. The updated check
was inefficient because it would check every port in the subnet
even if the subnet was a SLAAC subnet. This patch just shortcuts
out that check.
1. I281f5a1553248e09174dc49d0a42aef4b5c44bee
Change-Id: I2c35495b3642c644e4758f28ccddcc076139ec3b
(cherry picked from commit b3a44c2d5d8ca85bcc5ccffc76d2a959e373e5d4)
|
|\ \ \
| |/ /
| | |
| | | |
into stable/juno
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With the current Neutron implementation, a subnet cannot be deleted
until all associated IP addresses have been remove from ports (via
port update) or the associated ports/VMs have been deleted.
In the case of SLAAC-enabled subnets, however, it's not feasible to
require removal of SLAAC-generated addresses individually from each
associated port before deleting a subnet because of the multicast
nature of RA messages. For SLAAC-enabled subnets, the processing of
subnet delete requests needs to be changed so that these subnets will
be allowed to be deleted, and all ports get disassociated from their
corresponding SLAAC IP address, when there are ports existing on
the SLAAC subnet.
Change-Id: I281f5a1553248e09174dc49d0a42aef4b5c44bee
Closes-Bug: 1393435
(cherry picked from commit ce5e95723925b0d7750bb3daa5be54765985cc30)
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 1b66e11b5d8c0b3de0610ca02c3e10b6f64ae375 introduces
a new problem that metadata proxy will not be started when
an isolated network contains ipv6 subnet with dhcp enabled
and a ipv4 subnet.
This fix separates the checks to enable dhcp and enable metadata
so metadata proxy can be started if there is ipv4 subnet exists
in the network with metadata enabled.
Change-Id: If26806083db225e9ab30d75fa6c728ce99a7cafe
Closes-Bug: 1392564
(cherry picked from commit 4c128c351589ef9f2fc1e084c655a97bdbbda7ce)
|
|\ \ \
| | | |
| | | |
| | | | |
stable/juno
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since MySQL 5.6 FK columns cannot be altered. As a workaround we can
drop the FK before ALTER COLUMN and then recreate it.
Change-Id: Icd1b3075cf29a6b0c477a4ddea2e6ebee91baef8
Closes-Bug: 1384555
(cherry picked from commit b5f1cc48b877caaebc944154d56a8bb4060aa9b0)
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The current version of elevated method sets for the original context
the admin role too. This change fix this.
Added unittest.
Closes-bug: #1386932
Change-Id: Ife881112efa151e53bfa4b7af35643dcf2d1114f
(cherry picked from commit 98fae47ad1b9b72e41d444ce6f96cf5f2a3b6f0c)
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
stable/juno
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
A list with the full range of vxlan VNIs (1 to 2**24) was using
over 300MB of memory. This patch uses xrange instead of range.
Closes-Bug: #1393362
Change-Id: I21ccab758e7911712690fd5e732f64361e809264
(cherry picked from commit 0bf69ad80fb77773e767e116357cf6e1666b3f5d)
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
PostgreSQL is more sensitive for types than MySQL when it selects
something from columns in database. So it fails when it tries to
select from string field comparing with integer value.
Added unit test to verify conversion of protocol numbers to
strings.
Closes-bug:#1381379
(cherry picked from commit bc34f26302faea116be7e61051c32f8787530836)
Conflicts:
neutron/tests/unit/test_extension_security_group.py
Change-Id: I0a29595403a07c66888871088d5549705a097f68
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch makes sure that while updating network profile to add new
tenants, it does not delete the older profile bindings and maintains
them, while adds only the new tenant ids to the bindings.
Change-Id: I862eb1c400e022334a2f6a4078425448bb144843
Closes-bug: #1379609
(cherry picked from commit c97069dc9a73344ebdc7b686133269850a81b3b2)
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Includes some missing floating IP data in an optimized
floating IP API that was previously unused.
Closes-Bug: #1394030
Change-Id: Icba2f837dbc3838f86d125d261b5e2325000c618
(cherry picked from commit 55a031e624f347d346d1909afec75482950d123c)
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Set a bad value in the consistency DB on a delete
failure so a sync is triggered the next time the backend
servers become available.
This fixes the issue where the backend servers are unavailable
when an object is deleted from ML2 but not deleted from the
backend.
Conflicts:
neutron/tests/unit/bigswitch/test_servermanager.py
Closes-Bug: #1377350
Change-Id: I24713a03af4d3499645241f900de1f572689c235
(cherry picked from commit e9f001a63a555f067c4567a88613d14853442524)
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Current hostname_pattern regex complexity grows exponentially
when given a string of just digits, which can be exploited to
cause neutron-server to freeze.
Change-Id: I886c6d883a9cb0acd9908495eec50bf0411d8ba8
Closes-bug: #1378450
|
|\ \ \
| |/ /
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit stops ignoring 400 (Bad Request) HTTP codes returned by ODL
in create and update operations. It also modifies sendjson() because it
doesn't ignore any HTTP error code now.
Change-Id: Id0db2c0c1d8fddfbd16b3ce9476a2358e2ef1e49
Closes-Bug: #1369239
(cherry picked from commit f1507d080d9840e4cb6c1d5cfe5a4b6c1443bd8f)
|
|\ \ \ |
|
| | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Change a query to only retrieve the port_id instead of
every column from the row of security group binding info.
Partial-Bug: #1373851
Change-Id: I0fba9c9623898ee52590207ebbb728503bb59a5b
(cherry picked from commit 6acadab5eb8b7b627e097a638d8486bef59a7f30)
|
|\ \ \ |
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Only query the DB for relevant columns instead of
all of the port columns.
Partial-Bug: #1373851
Change-Id: I32cd4a0bc6799ce77cea13188676308e3e641d19
(cherry picked from commit 8d430a7f2e903dda06d8d75d6abcd63423c4c0a1)
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The security groups RPC handler calls get_port_from_device
individually for each device in a list it receives. Each
one of these results in a separate SQL query for the security
groups and port details. This becomes very inefficient as the
number of devices on a single node increases.
This patch adds logic to the RPC handler to see if the core
plugin has a method to lookup all of the device IDs at once.
If so, it uses that method, otherwise it continues as normal.
The ML2 plugin is modified to include the batch function, which
uses one SQL query regardless of the number of devices.
Closes-Bug: #1374556
Change-Id: I15d19c22e8c44577db190309b6636a3251a9c66a
(cherry picked from commit abc16ebfcf8fd1fbdb4ef68590140d4d355b0a7c)
|
|\ \ \ \ |
|
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Within ovs agent daemon loop, prepare_devices_filter will impose heavy workloads
to neutron server in order to retrieve the security groups message to apply
firewall rules. If agent is configured to use Noopfirewall driver or security
groups are disabled, there is no need for loading the rules from server and
refreshing the firewalls. This will reduce the number of db calls and improve
performance for neutron server in this case.
Change-Id: Id244aab3cac37fc6ed3dc05cbee91cdf9e34d9cc
Closes-Bug: #1365806
(cherry picked from commit 524981cce05a9b365036c0a1e9810036936d3d5b)
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The _select_ips_for_remote_group method was joining the
IP allocation, port, allowed address pair, and security group tables
together in a single query. Additionally, it was loading all of
the port columns and using none of them. This resulted in a
very expensive query with no benefit.
This patch eliminates the unnecessary use of the port table by joining
the IP allocation table directly to the security groups and allowed
address pairs tables. In local testing of the method, this sped it up
by an order of magnitude.
Closes-Bug: #1373851
Change-Id: I12899413004838d2d22b691f1e2f3b18f7ec2c27
(cherry picked from commit 04df85b6e5a098f8f55bb82f04d9769763beb487)
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This patch prevents the L3 _update_router_db method from
starting a transaction before calling the gateway interface
removal functions. With these port changes now occuring
outside of the L3 DB transaction, a failure to update the
router DB information will not rollback the port deletion
operation.
The 'VPN in use' check had to be moved inside of the DB deletion
transaction now that there isn't an enclosing transaction to undo
the delete when an 'in use' error is raised.
===Details===
The router update db method starts a transaction and calls
the gateway update method with the transaction held open.
This becomes a problem when the update results in an
interface removal which uses a port table lock.
Because the delete_port caller is still holding open a
transaction, other sessions are blocked from getting an
SQL lock on the same tables when delete_port starts
performing RPC notifications, external controller calls,
etc. During those external calls, eventlet will
yield and another thread may try to get a lock on the
port table, causing the infamous mysql/eventlet deadlock.
This separation of L2/L3 transactions is similiar to change
I3ae7bb269df9b9dcef94f48f13f1bde1e4106a80 in nature. Even
though there is a loss in the atomic behavior of the interface
removal operation, it was arguably incorrect to begin with.
The restoration of port DB records during a rollback after some
other failure doesn't undo the backend operations (e.g. REST calls)
that happened during the original deletion. So, having a delete
rollback without corresponding 'create_port' calls to the backend
causes a loss in consistency.
Conflicts:
neutron/db/l3_db.py
Closes-Bug: #1377241
Change-Id: I5fdb6b24bf2fb80ac5e36a742aa7056db72c8c7d
(cherry picked from commit f23f2ecee68ba4abd12139bbb91b77ba9410f581)
|
|\ \ \ \ \ |
|
| | |_|_|/
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Neutron can associate a floating ip to a new port
without disassociate from original instance port.
This situation will send network changed event only
for new instance port, and that event object contains
the new instance's id.
In this case nova will update new instance's info
but not original one's in nova's database table
instance_info_caches. For nova can get new instance's
id from the above event. So in table instance_info_caches,
both original instance and new instance will have the
same floating ip in their records. And this make it
possible that, in most situation, after your re-assign
floating ip, run "nova list" will return incorrect info,
multiple instances have a same floating ip, and this may
confuse users.
Nova will sync data in table instance_info_caches, but it
may take dozens of seconds.
The new added code will send network changed event for the
original instance, and this will make nova update instance_
_info_caches table in a few seconds.
Change-Id: If3ee11535f649fc51bf1a52806008c1c5c0e73b6
Closes-Bug: 1381886
(cherry picked from commit add8944d4dba2a69e8f7da47f120d5dc63952f77)
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
into stable/juno
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
KeyError exception is seen because of following reasons
* DhcpRpcCallback._port_action() is called by two functions
- DhcpRpcCallback.create_dchp_port()
- DhcpRpcCallback.update_dhcp_port()
* When create_dhcp_port() function calls _port_action(), the
function argument 'port' will have the body as
{'port': {'network_id': foo_network_id, 'fixed_ips': [..] ...}
* When update_dhcp_port() function calls _port_action(), the
function argument 'port' will have the body as
{'id': port_id, 'port': {{'port': {'network_id': foo_network_id,
'fixed_ips': [..] ...}}
* If an exception occurs when _port_action() calls plugin.create_port(),
network id is accessed as
net_id = port['port']['network_id']
* If an exception occurs when _port_action() calls plugin.update_port(),
network id is accessed as
net_id = port['port']['network_id']
which is causing the KeyError. network_id should have been accessed as
net_id = port['port']['port']['network_id']
This patch fixes the issue by making the _port_action() take the
same port body. update_dhcp_port() insteading of passing the port_id
and port information in a single argument, it now adds port_id
in the port body itself.
Change-Id: I70b92fa20b421b05ca2053a9a57f62db726f7625
Closes-bug: #1378508
(cherry picked from commit 7ea605df3ac71dc568194bcd5eaf1c115008e1ee)
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
stable/juno
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
dhcp and l3 rootwrap filter files contain reference to the deleted
binary quantum-ns-metadata-proxy. This change removes these obsolete
filters.
Change-Id: Iad4772752d74a1c0535144b5faf9a1f8ae89f6a3
Closes-Bug: #1391256
(cherry picked from commit 226c4f6d809de3d6ed622a1f90b06e34506696d6)
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | | |
stable/juno
|