Ubuntu Cloud Archive

[SRU] iptables_manager can run very slowly when a large number of security group rules are present

Series icehouse
Bug #1453264

Bug #1453264 reported by Brian Haley on 2015-05-08

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Ubuntu Cloud Archive	Fix Released	Undecided	Unassigned
Icehouse	Fix Committed	Undecided	Unassigned
neutron	Fix Released	Undecided	Kevin Benton	neutron 7.0.0 "liberty"
Kilo	Fix Released	Undecided	Unassigned	neutron 2015.1.2
neutron (Ubuntu)	Fix Released	Medium	Unassigned
Trusty	Fix Released	Medium	Unassigned

Bug Description

[Impact]

We have customers that typically add a few hundred security group rules or more. We also typically run 30+ VMs per compute node. When about 10+ VMs with a large SG set all get scheduled to the same node, the L2 agent (OVS) can spend many minutes in the iptables_manager.apply() code, so much so that by the time all the rules are updated, the VM has already tried DHCP and failed, leaving it in an unusable state.

While there have been some patches that tried to address this in Juno and Kilo, they've either not helped as much as necessary, or broken SGs completely due to re-ordering the of the iptables rules.

I've been able to show some pretty bad scaling with just a handful of VMs running in devstack based on today's code (May 8th, 2015) from upstream Openstack.

[Test Case]

Here's what I tested:

1. I created a security group with 1000 TCP port rules (you could alternately have a smaller number of rules and more VMs, but it's quicker this way)

2. I booted VMs, specifying both the default and "large" SGs, and timed from the second it took Neutron to "learn" about the port until it completed it's work

3. I got a :( pretty quickly

And here's some data:

1-3 VM - didn't time, less than 20 seconds
4th VM - 0:36
5th VM - 0:53
6th VM - 1:11
7th VM - 1:25
8th VM - 1:48
9th VM - 2:14

While it's busy adding the rules, the OVS agent is consuming pretty close to 100% of a CPU for most of this time (from top):

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
25767 stack 20 0 157936 76572 4416 R 89.2 0.5 50:14.28 python

And this is with only ~10K rules at this point! When we start crossing the 20K point VM boot failures start to happen.

I'm filing this bug since we need to take a closer look at this in Liberty and fix it, it's been this way since Havana and needs some TLC.

I've attached a simple script I've used to recreate this, and will start taking a look at options here.

[Regression Potential]

Minimal since this has been running in upstream stable for several releases now (Kilo, Liberty, Mitaka).

See original description

Tags:

Related branches

lp:~ubuntu-server-dev/neutron/icehouse

Revision history for this message

Brian Haley (brian-haley) wrote on 2015-05-08:

Script to add 1000 security group rules Edit (410 bytes, text/x-sh)

Changed in neutron:
assignee:	nobody → Brian Haley (brian-haley)

OpenStack Infra (hudson-openstack) on 2015-05-19

Changed in neutron:
assignee:	Brian Haley (brian-haley) → Kevin Benton (kevinbenton)
status:	New → In Progress

Revision history for this message

Brian Haley (brian-haley) wrote on 2015-05-19:

Kevin - I also think the change you mentioned at the bar might help too - make a chain for a particular SG containing it's rules, then have jump rules from the instance-specific chain to each SG chain it belongs too. That's deeper surgery in the firewall code, but should be doable. I can work on that after the summit (call me a slacker for not doing it during the summit :)

OpenStack Infra (hudson-openstack) on 2015-05-22

Changed in neutron:
assignee:	Kevin Benton (kevinbenton) → Brian Haley (brian-haley)

OpenStack Infra (hudson-openstack) on 2015-05-26

Changed in neutron:
assignee:	Brian Haley (brian-haley) → Kevin Benton (kevinbenton)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-05-28: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/184318
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7a3934d982ef29d8851450b5586319201baa0122
Submitter: Jenkins
Branch: master

commit 7a3934d982ef29d8851450b5586319201baa0122
Author: Kevin Benton <email address hidden>
Date: Fri May 15 17:10:15 2015 -0700

Switch to dictionary for iptables find

    The code to find the matching entry was scanning through a
    list of all rules for every rule. This became extremely slow
    as the number of rules became large, leading to long delays
    waiting for firewall rules to be applied.

This patch switches to the use of a dictionary so the cost
becomes a hash lookup instead of a list scan.

    Closes-Bug: #1453264
    Closes-Bug: #1455675
    Change-Id: I1e6fe5e50b9c13066c966c252cadc8ed1d08f686

Changed in neutron:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-06-24

Changed in neutron:
milestone:	none → liberty-1
status:	Fix Committed → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-29: Fix proposed to neutron (feature/pecan)

Fix proposed to branch: feature/pecan
Review: https://review.openstack.org/196701

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-30: Change abandoned on neutron (feature/pecan)

Change abandoned by Kyle Mestery (<email address hidden>) on branch: feature/pecan
Review: https://review.openstack.org/196701
Reason: This is lacking the functional fix [1], so I'll propose a new merge commit which includes that one.

[1] https://review.openstack.org/#/c/196711/

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-30: Fix proposed to neutron (feature/pecan)

Fix proposed to branch: feature/pecan
Review: https://review.openstack.org/196920

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-30: Fix merged to neutron (feature/pecan)

Download full text (171.5 KiB)

Reviewed: https://review.openstack.org/196920
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7f759c077f8f860c13db92d2ea6b353ef6b70900
Submitter: Jenkins
Branch: feature/pecan

commit 8123144fadd7c5d5e6e56a76ea860512619a2cf6
Author: Moshe Levi <email address hidden>
Date: Sun Jun 28 14:37:14 2015 +0300

Fix Consolidate sriov agent and driver code

This patch add mising __init to mech_sriov/mech_driver/
and update the setup.cfg to the new agent entrypoint

Trivial Fix

Change-Id: I53a527081feb78472f496675bbb3c5121d38a14a

commit 8942fccf02e6e179d47582fdb2792a1ca972da21
Author: Assaf Muller <email address hidden>
Date: Mon Jun 29 11:38:51 2015 -0400

Remove failing SafeFixture tests

    The fixtures 1.3 release attempted to fix the fixtures resource
    leak issue, but failed to do so completely. Our own SafeFixture
    is still needed: The 1.3 release broke our SafeFixture tests,
    but not the usage of SafeFixture itself. This patch removes
    those failing tests for now to unbreak the gate. Jakub reported
    a bug on fixtures 1.3:
    https://bugs.launchpad.net/python-fixtures/+bug/1469759

    We will continue to use SafeFixture until that bug is fixed
    in fixtures, at which point we will be able to require
    fixtures > 1.3.

Change-Id: I59457c3bb198ff86d5ad55a1e623d008f0034b8f
Closes-Bug: #1469734

commit 71dffb0a2c1720cd8233a329d32958a0160dd6f5
Author: Kevin Benton <email address hidden>
Date: Mon Jun 29 08:27:41 2015 +0000

Revert "Removed test_lib module"

This reverts commit 9a6536de6e1a7fe9b2552adc142e254426b82b6f.

    We pulled all of the plugins out of the tree, many of which still inherit
    from neutron test classes. This change then stated that we no longer
    support testing other plugins. I think this is a bit premature and should
    have been discussed under the subject
    "Neutron plugins can't use neutron plugin unit tests" or something
    similar.

Change-Id: I68318589f010b731574ea3bfa8df98492bab31fc

commit b20fd81dbd497e058384a0af065dd0f1fdc4c728
Author: Jakub Libosvar <email address hidden>
Date: Fri Jun 5 14:32:51 2015 +0000

Refactor NetcatTester class

    Following capabilities were added:
       - used transport protocol is passed as a constant instead of bool
       - src port for testing was added
       - connection can be established explicitly
       - change constructor parameters of NetcatTester

As a part of removing bool for protocol definition
get_free_namespace_port() was also modified to match the behavior.

Change-Id: Id2ec322e7f731c05a3754a65411c9a5d8b258126

commit 83e37980dcd0b2bad6d64dd2cb23bcd2891cafca
Author: jingliuqing <email address hidden>
Date: Sat Jun 27 13:41:54 2015 +0800

Use REST rather than ReST

Change-Id: I06c9deaab58c5ec13bfeec39fb8fd4b1fe21f42d

commit 1b60df85ba3ad442c2e4e7e52538e1b9a1bf9378
Author: Kevin Benton <email address hidden>
Date: Thu Jun 25 18:34:38 2015 -0700

Add a double-mock guard to the base test case

Use mock to patch mock with a check to prevent multiple active
patches to the...

Reviewed:  https://review.openstack.org/196920
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7f759c077f8f860c13db92d2ea6b353ef6b70900
Submitter: Jenkins
Branch:    feature/pecan

commit 8123144fadd7c5d5e6e56a76ea860512619a2cf6
Author: Moshe Levi <moshele@mellanox.com>
Date:   Sun Jun 28 14:37:14 2015 +0300

Fix Consolidate sriov agent and driver code
    
    This patch add mising __init to mech_sriov/mech_driver/
    and update the setup.cfg to the new agent entrypoint
    
    Trivial Fix
    
    Change-Id: I53a527081feb78472f496675bbb3c5121d38a14a

commit 8942fccf02e6e179d47582fdb2792a1ca972da21
Author: Assaf Muller <amuller@redhat.com>
Date:   Mon Jun 29 11:38:51 2015 -0400

Remove failing SafeFixture tests
    
    The fixtures 1.3 release attempted to fix the fixtures resource
    leak issue, but failed to do so completely. Our own SafeFixture
    is still needed: The 1.3 release broke our SafeFixture tests,
    but not the usage of SafeFixture itself. This patch removes
    those failing tests for now to unbreak the gate. Jakub reported
    a bug on fixtures 1.3:
    https://bugs.launchpad.net/python-fixtures/+bug/1469759
    
    We will continue to use SafeFixture until that bug is fixed
    in fixtures, at which point we will be able to require
    fixtures > 1.3.
    
    Change-Id: I59457c3bb198ff86d5ad55a1e623d008f0034b8f
    Closes-Bug: #1469734

commit 71dffb0a2c1720cd8233a329d32958a0160dd6f5
Author: Kevin Benton <kevinbenton@buttewifi.com>
Date:   Mon Jun 29 08:27:41 2015 +0000

Revert "Removed test_lib module"
    
    This reverts commit 9a6536de6e1a7fe9b2552adc142e254426b82b6f.
    
    We pulled all of the plugins out of the tree, many of which still inherit
    from neutron test classes. This change then stated that we no longer
    support testing other plugins. I think this is a bit premature and should
    have been discussed under the subject
    "Neutron plugins can't use neutron plugin unit tests" or something
    similar.
    
    Change-Id: I68318589f010b731574ea3bfa8df98492bab31fc

commit b20fd81dbd497e058384a0af065dd0f1fdc4c728
Author: Jakub Libosvar <libosvar@redhat.com>
Date:   Fri Jun 5 14:32:51 2015 +0000

Refactor NetcatTester class
    
    Following capabilities were added:
       - used transport protocol is passed as a constant instead of bool
       - src port for testing was added
       - connection can be established explicitly
       - change constructor parameters of NetcatTester
    
    As a part of removing bool for protocol definition
    get_free_namespace_port() was also modified to match the behavior.
    
    Change-Id: Id2ec322e7f731c05a3754a65411c9a5d8b258126

commit 83e37980dcd0b2bad6d64dd2cb23bcd2891cafca
Author: jingliuqing <lawrancejing@gmail.com>
Date:   Sat Jun 27 13:41:54 2015 +0800

Use REST rather than ReST
    
    Change-Id: I06c9deaab58c5ec13bfeec39fb8fd4b1fe21f42d

commit 1b60df85ba3ad442c2e4e7e52538e1b9a1bf9378
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 18:34:38 2015 -0700

Add a double-mock guard to the base test case
    
    Use mock to patch mock with a check to prevent multiple active
    patches to the same target. Multiple patches to the same target
    result in non-deterministic behavior when stopall() tries to
    undo the patches.[1]
    
    1. http://bugs.python.org/issue21239
    
    Change-Id: I3dd3d561a0267d80f464c15d69a4258b0a5e8aba
    Closes-Bug: #1468998

commit 78700ba70620f7b53b5ae71332cca853f5afa467
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 22:08:41 2015 -0700

Remove duplicated mock patch of ip_lib
    
    The functional tests for agents were patching ip_lib in the
    function to configure an agent, so any tests that relied on
    multiple agents would patch ip_lib multiple times.
    
    Partial-Bug: #1468998
    Change-Id: Ibccf586dea870ec222369c0876f17f8eaf9a1aca

commit f242b171e910da460b8d98182dc10c5840c2c7d0
Author: Kyle Mestery <mestery@mestery.com>
Date:   Thu Jun 25 20:36:47 2015 +0000

Consolidate sriov agent and driver code
    
    In preparation for decomposing the built-in reference implementation,
    this commits consolidates the sriov agent and driver code into a
    coherent place for it's life in the new repository. I've also given
    the unit tests a new home.
    
    DocImpact
    UpgradeImpact
    
    Partially-Implements: blueprint reference-implementation-split
    Partial-Bug: #1468433
    Closes-Bug: #1427317
    
    Change-Id: Ic8b5215de76e191030228bc28773cd6535e889d8
    Signed-off-by: Kyle Mestery <mestery@mestery.com>

commit 724c78071da28bae838a4145a9d4cea42f853048
Author: Kyle Mestery <mestery@mestery.com>
Date:   Wed Jun 24 19:12:06 2015 +0000

Restructure agent code in preparation for decomp
    
    This commit moves the L2 agents (Linuxbridge and OVS) into the
    ML2 directory, while at the same time also moving the ML2 server
    bits into toplevel directories. It also moves the configuration
    files and unit tests. We also move the l2pop RPC mixin while
    here as well.
    
    DocImpact
    UpgradeImpact
    
    Partially-Implements: blueprint reference-implementation-split
    Partial-Bug: #1468433
    Closes-Bug: #1427317
    Change-Id: If6feca7b7a6bdd6c3c6feb929fa26fb4b1f72770
    Signed-off-by: Kyle Mestery <mestery@mestery.com>

commit 82fddfbb651911c7cb6818428ff7604c9745499c
Author: sridhargaddam <sridhar.gaddam@enovance.com>
Date:   Mon Jun 22 14:13:56 2015 +0000

Fix ip_lib get_gateway for default gateway on an iface
    
    Currently get_gateway() of IpRouteCommand class always assumes
    the presence of gateway_ip when default_route is seen.
    Since we can also have interface routes without the gw_ip,
    this patch fixes the issue by parsing the output accordingly.
    
    Closes-Bug: #1467531
    Change-Id: Icf988994b61cbdeb1261c5a0887f29ced41ada07

commit 3c45132f256082252ae8726b560f807686620216
Author: Waldemar Znoinski <waldemar.znoinski@intel.com>
Date:   Fri Jun 26 09:28:51 2015 +0000

fixing typo in gerrit query link in third party policies doc
    
    Change-Id: Iaef37a58f85439a1a6c5c1ae071a223865479a8e

commit bd3604277f6a550d8757aa96a3164a189ab3af6d
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 24 06:50:48 2015 -0700

Use last address in v6 allocation pool generation
    
    This reverts commit 1d61c5f736b9df7253a1939fe55f1875f988d1f4,
    which reverted ee51ef72d37a02005a7733b7f2faf7236db850a1 due
    to an issue with the allocation pools being mis-aligned with
    the last address of a v6 subnet.
    
    IPv6 does not have a subnet broadcast address so the last IP
    address can be used as a regular address. This patch tweaks the
    automatic allocation pool generation to include that last address
    on v6 networks.
    
    This was found because
    NetworksTestDHCPv6.test_dhcp_stateful_fixedips_outrange makes the
    assumption that the default generated pools cover the entire usable
    address space.
    
    Related-Bug: #1466322
    Closes-Bug: #1468163
    Change-Id: I5a2518c819757cd1fb43244901fe3e2f6c576b34

commit e120bad02841ed54ed071d82bffc47671f612137
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Thu Jun 25 16:52:08 2015 +0300

Extend SubnetRequestFactory to access subnet dict
    
    SubnetRequestFactory incorporates logic for preparing arguments and
    building right request.
    Subnet dict, context and subnetpool are used to make decision on
    what kind of reqest should be created.
    SubnetRequestFactory can be overriden on ipam driver level,
    it allows to easily extend existent Request model.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I9de120381172657a527bb35990d25525c41939ab

commit ba7d673d1ddd5bfa5aa1be5b26a59e9a8cd78a9f
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 18:31:38 2015 -0700

Remove duplicated call to setup_coreplugin
    
    The test case for vlan_transparent was calling setup_coreplugin
    before calling the super setUp method which already calls
    setup_coreplugin. This was causing duplicate core plugin fixtures
    which resulted in patching the dhcp periodic check twice.
    
    Change-Id: Ide4efad42748e799d8e9c815480c8ffa94b27b38
    Partial-Bug: #1468998

commit e64062efa3b793f7c4ce4ab9e62918af4f1bfcc9
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 18:29:37 2015 -0700

Remove double mock of dhcp agent periodic check
    
    The test case for the periodic check was patching a target
    that the core plugin fixture already patched out. This removes
    that and exposes the mock from the fixture so the test case
    can reference it.
    
    Change-Id: I3adee6a875c497e070db4198567b52aa16b81ce8
    Partial-Bug: #1468998

commit 25ae0429a713143d42f626dd59ed4514ba25820c
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 18:24:10 2015 -0700

Remove double fanout mock
    
    The test_mech_driver was duplicating a fanout mock already setup
    in the setUp routine.
    
    Change-Id: I5b88dff13113d55c72241d3d5025791a76672ac2
    Partial-Bug: #1468998

commit 993771556332d9b6bbf7eb3f0300cf9d8a2cb464
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 17:55:16 2015 -0700

Remove double callback manager mocks
    
    setup_test_registry_instance() in the base test case class gives
    each test its own registry by mocking out the get_callback_manager.
    The L3 agent test cases were duplicating this.
    
    Partial-Bug: #1468998
    Change-Id: I7356daa846524611e9f92365939e8ad15d1e1cd8

commit 0be1efad93734f11cd63fb3b7bd2983442ce1268
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Jun 25 16:57:30 2015 -0700

Remove ensure_dirs double-patch
    
    test_spawn_radvd called mock.patch on ensure_dirs after the
    setup method already patched it out. This causes issues when
    mock.patch.stopall() is called because the mocks are stored
    as a set and are unwound in a non-deterministic fashion.[1]
    So some of the time they will be undone correctly, but others
    will leave a monkey-patched in mock, causing the ensure_dir
    test to fail.
    
    1. http://bugs.python.org/issue21239
    
    Closes-Bug: #1467908
    Change-Id: I321b5fed71dc73bd19b5099311c6f43640726cd4

commit 6a1f8388d3f0ebd791aa1c466f5310efec5e83cc
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Tue Jun 23 14:01:29 2015 +0300

Decompose _save_subnet
    
    Moved allocation pool generation and validation into separate method.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: Ibe241c7b6389e444145b0600f8fcee28e478bc62

commit 0a2238e34e72c17ca8a75e36b1f56e41a3ece74e
Author: Sukhdev Kapur <sukhdev@aristanetworks.com>
Date:   Thu Jun 25 15:11:28 2015 -0700

Fix tenant-id in Arista ML2 driver to support HA router
    
    When HA router is created, the framework creates a network and does
    not specify the tenant-id. This casuse Arista ML2 driver to fail.
    This patch sets the tenant-id when it is not passed explicitly by
    by the network_create() call from the HA router framework.
    
    Even though original issue was discovered for network_create()
    it turns out the same issue applies for port_create() as well
    so all the methods are fixed in this patch
    
    Change-Id: Id03e26dac003fa589477ed78a4ed3c44cc2f708d
    Closes-Bug: 1468828

commit 334d9a33404f4c8438d105f91bff1a9fd9236513
Author: Assaf Muller <amuller@redhat.com>
Date:   Thu Jun 25 16:34:09 2015 -0400

Log OVS agent configuration mismatch
    
    Change-Id: I55aef3bdc32dcee3436cb8b987fb796a4898b20e
    Closes-Bug: #1468893

commit c48e12b781c9ffd885ebc96283ecda2849fd1e22
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed Jun 24 21:31:33 2015 +0200

Avoid env variable duplication in tox.ini
    
    Some environment variables are defined multiple times in tox.ini. This
    change defines "fake" tox jobs and refactors existing jobs to reduce
    duplicated environment variables.
    
    Change-Id: I0ccebea4fbfff8dda34d1ed348b96b3b8ebd59e2

commit 747738d36572079307f228a861a067ca0cd815c2
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 3 15:20:27 2015 -0700

Skip ARP protection if 0.0.0.0/0 in addr pairs
    
    Don't setup ARP protection on ports with allowed address pairs
    that allow them to use any IP address. This is necessary because
    OVS doesn't support the /0 prefix in rules that match on ARP headers.
    
    Related-Bug: #1461054
    Closes-Bug: #1468009
    Change-Id: I913a86f22b228aa11fa3dabd9493c3995198f7ec

commit 61909ac515c337c94f55805641b1b7c725a95191
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Thu Jun 25 15:54:34 2015 +0200

linuxbridge: clean up README file
    
    It's weird that we suggest users to copy python files around instead of
    relying on generated console_scripts.
    
    Other configuration information located here is trivial and is
    documented elsewhere, f.e. [1].
    
    [1]: http://docs.openstack.org/networking-guide/deploy_scenario1b.html
    
    Change-Id: Ie8dd37087599ff4b5e23f0ad01105f94f5b886ab

commit 0af5abdb1f608a5e84a64627adf42dd8d5526560
Author: John Davidge <jodavidg@cisco.com>
Date:   Thu Jun 25 15:12:59 2015 +0100

Fix tox errors in thirdparty-ci docs
    
    Fixes errors causing tox failures.
    
    Change-Id: I361ef791c0de1aac1304bb8ad979066400930434
    Closes-Bug: #1468765

commit 9a6536de6e1a7fe9b2552adc142e254426b82b6f
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Thu Jun 25 15:41:02 2015 +0200

Removed test_lib module
    
    It's not really needed. It was once used to allow some out-of-tox plugin
    specific testing scripts to inject configuration files into
    BaseTestCase.
    
    Now, our testing story does not have any notion of out-of-gate plugin
    specific testing, so let's just clean it up.
    
    Change-Id: If287a38e80016b1dba049a2b745bad7af40583a8

commit 2557c47668ad822810aad523643014c6a5d4a064
Author: Russell Bryant <rbryant@redhat.com>
Date:   Wed Jun 24 14:59:26 2015 -0400

Updated from global requirements
    
    This patch takes the latest global requirements update from change
    Ibcb49412a012f79be2f7fd697349ddbf43bd7b9b except takes out the update
    to setup.py which reverts the windows specific requirements.  We are
    still working on getting the custom changes out of setup.py in change
    I3c07c279d33f6aed46c3a97dd9ba81251e51429a.
    
    Change-Id: Iee7612d39b520cf04e3b2ec503ec79d23f15f949

commit 4b4cedaf853664535c05d47c99c920e74d1deb3a
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Thu Jun 11 22:12:01 2015 +0200

Define SafeFixture base fixture
    
    Currenty useFixture(myfixture)[1] ensures to call myfixture.cleanUp only
    if myfixture.setUp succeed.
    
    This change defines a workaround to ensure cleanUp call even if setUp
    fails until testtools/fixtures support it: SafeFixture[2] which ensures
    cleanUp call if setUp fails and replaces fixtures.Fixture use by
    SafeFixture. This workaround will be removed when the bug will fixed in
    testtools and fixtures[3].
    
    [1] testtools.TestCase.useFixture, fixtures.Fixture.useFixture
    [2] neutron.tests.tools
    [3] see related bugs
    
    Change-Id: I875934e8dde321a450c83fb95d175affd1f3bb83
    Closes-Bug: #1464410
    Partial-Bug: #1453888
    Related-Bug: #1456353
    Related-Bug: #1456370

commit 2ecac909ba419f258e47b456196a1af7a87661ed
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Thu Jun 25 11:59:37 2015 +0000

Remove quantum untracked files from .gitignore
    
    This change removes obsolete quantum untracked files from .gitignore.
    
    Change-Id: I1ddf0b03d29066363f155dd5af8294efde5b0ef0

commit df06a326de39a6792e2e82eafa5cf50eb325b34e
Author: Matthew Booth <mbooth@redhat.com>
Date:   Thu Jun 25 10:20:08 2015 +0100

Context class should initialise its own data
    
    This is a trivial cleanup. A superclass was initialising data which
    was only used in a subclass.
    
    Change-Id: I6930fdaef3dcb960f6baaedbd191e22b565f319e

commit 2e1b0ea4032f05afef16efd451e2eea5df901d97
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Tue Jun 23 17:33:38 2015 +0200

ovsdb: attempt to enable connection_uri for native impl on startup
    
    The port is in most cases disabled, so to use it, we should first enable
    it, and it means that we should still rely on ovs-vsctl for that initial
    call.
    
    Closes-Bug: #1468259
    Change-Id: I097b1c441df1f7f1785b8744f27809617bb21c14

commit 668b12c2c8a60ce20ecdad2193ede9371d5cc391
Author: Doug Wiegley <dougw@a10networks.com>
Date:   Mon Jun 1 20:58:41 2015 -0600

Move third-party CI policy under docs/policies
    
    Change-Id: Ib2ed587670f206283d735191b3a2580bf3d1a04f

commit 3bf62772d39d8b3b8b518ae88a6fcea7414d6884
Author: Doug Wiegley <dougw@a10networks.com>
Date:   Mon Jun 1 20:31:01 2015 -0600

Remove lbaas API tests, which are now in the lbaas repo
    
    Change-Id: I2009ca3f102d0ca0db3f12af3012989f2a036c48

commit 1a480203b2531925d7520b62c94954064a26139d
Author: Aaron Rosen <aaronorosen@gmail.com>
Date:   Wed Jun 24 10:28:18 2015 -0700

Only create one netaddr.IPNetwork object
    
    Change-Id: I8c6a08e0cf3b5b5386fe03af9f2174c663b8ac73

commit d9a23f882f0d78aaca34c3607d9ca9ad54ac063b
Author: Aaron Rosen <aaronorosen@gmail.com>
Date:   Wed Jun 3 16:19:39 2015 -0700

Provide work around for 0.0.0.0/0 ::/0 for ipset
    
    Previously, the ipset_manager would pass in 0.0.0.0/0 or ::/0 if
    these addresses were inputted as allowed address pairs. This causes
    ipset to raise an error as it does not work with zero prefix sizes.
    To solve this problem we use two ipset rules to represent this:
    
    Ipv4: 0.0.0.0/1 and 128.0.0.1/1
    IPv6: ::/1' and '8000::/1
    
    All of this logic is handled via _sanitize_addresses() in the ipset_manager
    which is called to convert the input.
    
    Change-Id: I8c6a08e0cf3b5b5386fe03af9f2174c666b8ac75
    Closes-bug: 1461054

commit 93d564223e8b76d10aa7b55f1b1d49f592d1c800
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 24 09:19:18 2015 -0700

Fix >80 char lines that pep8 failed to detect
    
    Change-Id: I602e0d484c5e00eb48b86c4c8c4eff0be195c3a5

commit 830e9114817765efc93c772dcbc735a6bb28a7ff
Author: Anthony Chow <vCloudernBeer@gmail.com>
Date:   Tue Jun 23 22:05:23 2015 -0700

Deprecate "router_delete_namespaces" and "dhcp_delete_namespaces"
    
    These 2 configuration options are no longer be necessary.
    
    They are marked as deprecated in this release and will be removed in the
    next release.
    
    Change-Id: I4e02a291738b16c7c9b7600f0bc9a47fb1318569
    Partial-Bug: #1418079

commit a84ef9ae54a7dfe6d9dee54a01b189dd40bce423
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 24 03:27:16 2015 -0700

Make DHCPv6 out of bounds API test deterministic
    
    The test_dhcp_stateful_fixedips_outrange API test was randomly
    picking an IP from last + 1 up to last + 10 in the allocation
    range. This made it fail randomly when there was an issue related
    to the subnet allocation having an off-by-one issue.
    
    This adjusts the test to just always test last +1 and +2.
    
    Related-Bug: #1468163
    Change-Id: I641ab092e0ea0aae67ec717b492118a2f8a6f4fd

commit f527f8cf426ee63b592225d5e691ac107085784d
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 24 02:15:29 2015 -0700

Don't process network_delete events on OVS agent
    
    There is no reason to reclaim the local VLAN on a network_delete
    event since it will be reclaimed when the last port is deleted anyway.
    
    This method was racey with recent port creation events and lead to
    occasional traces when it would yank the local VLAN out from underneath
    an ongoing port wiring process.
    
    Change-Id: I5eee6175c053006b35b6efe274d27931a9d5d89f
    Closes-Bug: #1468251

commit 1d61c5f736b9df7253a1939fe55f1875f988d1f4
Author: Henry Gessau <gessau@cisco.com>
Date:   Wed Jun 24 03:16:52 2015 +0000

Revert "Fix subnet creation failure on IPv6 valid gateway"
    
    Because it breaks tests.api.test_dhcp_ipv6.NetworksTestDHCPv6.test_dhcp_stateful_fixedips_outrange
    
    This reverts commit ee51ef72d37a02005a7733b7f2faf7236db850a1.
    
    Change-Id: Id02d9034ca809f194ff7551167bfda3559fb1200

commit 7eb9d9d316d35840706a767576ff083c9a04d781
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed Jun 24 00:08:22 2015 +0200

Support oslo_db 1.12
    
    oslo_db 1.12[1] decorates oslo_context.context.RequestContext with
    session management[2][3] and add a read-only attribute 'session'. Such
    feature breaks Brocade plugin and its unittests because they define
    on RequestContext the 'session' attribute which now is a read-only
    property. This change uses neutron.context instead of
    oslo_context.context in order to delegate session management to the
    neutron.context and remove read-only attribute set.
    
    A follow-up change will refactor neutron.context in order to use oslo_db
    1.12 session management instead of homemade one.
    
    [1] https://github.com/openstack/oslo.db/releases/tag/1.12.0
    [2] https://github.com/openstack/oslo.db/commit/\
        fdbd928b1fdf0334e1740e565ab8206fff54eaa6
    [3] https://github.com/openstack/oslo.db/blob/\
        fdbd928b1fdf0334e1740e565ab8206fff54eaa6/oslo_db/sqlalchemy/\
        enginefacade.py#L782
    
    Closes-Bug: #1468128
    Change-Id: I0e3331f9a383fa2562706eeadb229f55593b888c

commit ad86291408fc74827c2bd31f89a2dce34f887823
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Tue Jun 23 15:28:34 2015 +0000

Python 3: do not use itertools.izip
    
    This no longer exists in Python 3. Use the zip function instead.
    
    Blueprint: neutron-python3
    Change-Id: Id7d33ec3d27a27f17040d28bead10f2eb3b831bb

commit d23a59f1c808c50575f49f9291bd70c6b3a5797a
Author: Jeremy Stanley <fungi@yuggoth.org>
Date:   Thu Jun 18 19:09:05 2015 +0000

Override opportunistic database tests to PyMySQL
    
    Set the OS_TEST_DBAPI_ADMIN_CONNECTION override variable so that
    oslo.db opportunistic detection will know to use PyMySQL until
    I12b32dc097a121bd43991bc38dd4d289b65e86c1 makes it the default
    behavior.
    
    This change removes previous code[1] enabling PyMySQL use.
    
    [1] Ic5c1d12ab75443e1cc290a7447eeb4b452b4a9dd
    
    Change-Id: Ic39feee0248f2ffabdba26f3779ab40a8f3838e6
    Co-Authored-By: Victor Sergeyev <vsergeyev@mirantis.com>
    Co-Authored-By: Cedric Brandily <zzelle@gmail.com>

commit 04d44cee63f3fbba45956abd28f325d5ac3ca2d9
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue Jun 23 20:00:30 2015 +0200

Extend default setenv instead of replacing it in tox.ini
    
    Some tox jobs[1] define their own setenv without extending/referencing
    default setenv, it disallows to define environment variables shared by
    all jobs. This change updates previous jobs[1] in order to extend
    instead of replacing default setenv and enable global environement
    variables (used in daughter change).
    
    One remark, this change sets VIRTUAL_ENV environment variable in updated
    jobs[1] but it has no effect on them.
    
    [1] (dsvm-)functional, (dsvm-)fullstack and api jobs
    
    Closes-Bug: #1468059
    Change-Id: I99184f7375571fb8569a24ba04ae267108f5da08

commit 0a82b8ae1951073ff5f9b096485b3acf1a541428
Author: Swaminathan Vasudevan <swaminathan.vasudevan@hp.com>
Date:   Fri Apr 24 16:58:48 2015 -0700

Fix FloatingIP Namespace creation in DVR for Late Binding
    
    DVR has dependency on the portbinding host to determine
    where to start the FloatingIP Namespace when floatingip
    is configured. But when we assign a floatingip to a port
    that is not bound, even though the API will succeed, the
    FloatingIP Namespace will not be created by the Agent and
    so the FloatingIP will not be functional.
    
    This patch addresses the issue by creating the Namespace
    and configuring the rules when the late binding happens.
    
    The agent will be requesting the FIP agent gateway port,
    if required and then proceed to configure the FloatingIP
    Namespace.
    
    Change-Id: I9b9158bddb626c2bb535acd709452560546fd184
    Closes-Bug: #1447034
    Closes-Bug: #1460408

commit b7dc34ef15061577158eeafc179915e5bde73c64
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Tue Jun 23 14:28:59 2015 +0200

Cleanup get_plugin_name() from the tree
    
    It does not seem to be used since Icehouse: the patch that removed its
    last usage is: 1b36e2077141749495bb32b423f3df8cbbd0eb40
    
    I don't think we should have it as part of abstract interface for
    service plugins.
    
    Change-Id: If03f67a617efd3a7cadb96d1a86283ac14088a83

commit 277d89b67a6a8ea4f6a7bc216014d55ace5c1d2d
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Tue Jun 23 12:07:43 2015 +0300

Bulk move methods to ipam_backend_mixin.py
    
    ipam_backend_mixin contains methods common for both backends:
    pluggable and non-pluggable, so moving methods to make them accessible
    by backends.
    Next methods were moved from db_base_plugin_v2.py to
    ipam_backend_mixin.py:
    - _validate_subnet_cidr
    - _validate_network_subnetpools
    - _allocate_pools_for_subnet
    - _save_subnet
    
    This commit moves methods without any internal changes.
    All future changes and decomposition of these methods will be handled in
    next commits.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I1ec786754467fc9039d2276f084f1bceaab15635

commit c384b13ae6b83a8bad944972c60bdcbe6f4fa050
Author: Brian Haley <brian.haley@hp.com>
Date:   Thu Apr 16 16:20:01 2015 -0400

Add IPset cleanup script
    
    This will aid in removing stale IPsets when we change the prefix
    used in creating IPset names.
    
    Change-Id: Ia9ff79c34bd4c9124ec8663a8f616ded4f389f62
    Partial-Bug: #1444201

commit 7e117c13fd3fb125c857dadfa2945799b39e1634
Author: Rawlin Peters <rawlin.peters@hp.com>
Date:   Thu Jun 18 11:22:13 2015 -0600

Optimize ipset usage in IptablesFirewallDriver
    
    Currently, IptablesFirewallDriver._update_ipset_members() iterates
    through a list of security group IDs and makes a call to
    IpsetManager.set_members() for each security group ID in the list. The
    problem is that set_members() is repeatedly called with the same
    arguments over and over again because the list of security group IDs
    contains duplicates. These duplicated calls are unnecessary because they
    are idempotent.
    
    For instance, with a security group of 50 rules created in this manner:
        neutron security-group-rule-create $SECGRP --remote_group_id $SECGRP
            --protocol tcp --port_range_min $i --port_range_max $i
    
    Adding a server to that security group will cause 50 calls to
    IpsetManager.set_members() because the list of security group IDs is 50 of
    the same ID. Only one call to IpsetManager.set_members() is necessary
    per security group ID.
    
    This patch converts that list of security group IDs into a set, which
    eliminates the duplicate idempotent calls to
    IpsetManager.set_members() with the same arguments. This will affect
    performance by reducing the amount of file locking around ipset when
    adding servers to security groups.
    
    Change-Id: Id2c8c8c1093c8abcf1fd897b23b0358aeb55b526
    Closes-Bug: 1466921

commit f44800f1eb649d83a338d320020d3479fc3b6790
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Jun 22 14:59:59 2015 +0000

Python3: do not set Request.body to a text string
    
    In Python 3, Request.body must be set to a bytes object.
    
    Change-Id: I17785d1e9eb253a1c6cae300b207fb0a08873b0e
    Blueprint: neutron-python3

commit 408af3f7dab477517b1761aeda2b76384f5fffbe
Author: Assaf Muller <amuller@redhat.com>
Date:   Sun Jun 21 15:34:21 2015 -0400

Prepare for full stack CI job
    
    Related-Bug: #1467275
    
    Change-Id: I90f4794f48ae151a888f37df26c087a7fdcd9d31

commit 76b4803530c0d5f47659aa519585178cc33cba46
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Tue Jun 2 16:14:40 2015 +0300

Fix callback registry notification for security group rule
    
    Some housekeeping was done in
     - SecurityGroupDbMixin:
       - create_rule_bulk() calls to create_rule();
       - registry notification is in create_rule();
       - separate validation for a single rule and for a group of rules
     - SecurityGroupServerRpcMixin:
       - overriden methods call to corresponding super class methods;
    
    Hopefully code is now self-documented enough
    
    Closes-Bug: #1461024
    Change-Id: Ia75d7e206716bbe74aae89e4cebd0c2c40af68a8

commit 0faf4a264525ade97cd6c0ba6b3f34fceb88c210
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Jun 22 13:02:17 2015 +0000

Python3: do not use __builtin__
    
    It has been replaced with builtins in Python 3. Use six.moves.builtins, since
    it works with Python 2 and 3.
    
    Change-Id: I9e1b0060a5b18116d991cafb1de085d4d084db38
    Blueprint: neutron-python3

commit 6da2d24ff44cbc8dd0ea8d2e6f72419a46026989
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Mon Jun 22 15:43:20 2015 +0200

Ease debugging alembic by passing proper scripts path in alembic.ini
    
    Otherwise, anyone who attempts to issue an alembic command with the file
    gets:
    
      FAILED: Path doesn't exist:
      '<...>/neutron/neutron/db/migration/alembic'.  Please use the 'init'
      command to create a new scripts folder.
    
    Change-Id: I5b5f2802b478c8d8c327d24faa838f7a6859b979

commit fe6654b25044de7d7d15573c689a0f003c018e99
Author: Martin Roy <mroy@iweb.com>
Date:   Thu Jun 18 13:45:02 2015 -0400

Use string exception casting everywhere
    
    Instead of the deprecated "message" member access,
    casting to a string invokes the __str__ method of the exception
    that is wired to return the message
    
    Added a test of the failure cases of IpRouteCommand::delete_gateway
    because they were missing
    
    Running unit and functional tests locally no longer shows the warning
    reported in the bug.
    
    Change-Id: Ia79f526aa973ece1145615d65349f860aa3fd465
    Closes-Bug: #1466542

commit c3d65a0ed920110223e1b73d6982968552ca7716
Author: ChangBo Guo(gcb) <eric.guo@easystack.cn>
Date:   Tue Mar 3 17:08:48 2015 +0800

Switch to oslo_utils.uuidutils
    
    Get rid of oslo-incubator uuidutils
    
    Closes-Bug: #1467020
    Depends-On: I2df519965883b05d5d58cdc4785c850b0685dc2c
    Depends-On: I9f8e98ad9517864a9ffdacf01c0a9a5aab554edb
    Depends-On: Ied0faac809a5b72b1cd466c8babc9ca5418692c3
    Change-Id: Iebe491b981b4b7c02785412fadd27678bb5e47de

commit ee51ef72d37a02005a7733b7f2faf7236db850a1
Author: David Edery <david.edery@alcatel-lucent.com>
Date:   Sun Jun 21 15:59:49 2015 +0300

Fix subnet creation failure on IPv6 valid gateway
    
    Currently a valid IPv6 address gateway of the "*::ffff:ffff:ffff:ffff"
    pattern is failing due to netaddr.broadcast returning value for both IPv6
    and IPv4 addresses. IPv6 has no broadcast address so the fix checks if
    the gateway is the subnet broadcast address only in the case of IPv4
    subnet
    
    Change-Id: I849f95b30343d0b1c90cf91203df220bf731d8d5
    Closes-Bug: 1466322

commit b9e551936410eca647b48c48f49f2b2be5d2d4a4
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Fri Jun 19 17:58:57 2015 +0300

Decompose _create_subnet_from_pool
    
    Moved validations into separate methods:
    - _validate_pools_with_subnetpool
    Verifies that allocation pools are set only for specific subnet request.
    For any subnet request allocation pools can not be set manually
    - _validate_ip_version_with_subnetpool
    Verifies that subnet has the same ip version as subnet pool
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I63f6aa2a0c94c3437fa624ac800943976f4fc50f

commit 29bb401973af81f4a4b8a667f8b7445e19e017da
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Thu Jun 18 15:24:44 2015 +0300

Move _delete_port
    
    Pluggable ipam implementation will do additional actions on port
    deletion (deallocate ip using ipam driver).
    Existing _delete_port code will be resused.
    Moving _delete_port to ipam_backend_mixin to make this code
    accessible and extendable by both backends (pluggable and non
    pluggable).
    
    This commit is a preparation step before pluggable ipam implementation
    can be used.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: If6cd623aad9e5501a26e5fb8cdecd5f55e85cd05

commit c0ef7a8f4546cd3c081a61c742dd9ed70ec2c147
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Thu Jun 18 14:52:24 2015 +0300

Decompose create_port and save_subnet
    
    This commit is a preparation step for enabling pluggable ipam.
    Some actions in create_port and save_subnet are specific for
    non pluggable ipam implementation.
    
    - create_port
    Moved allocation ips for port and storing results into separate method
    _allocate_ips_for_port_and_store.
    Moved to ipam_non_pluggable_backend, since pluggable implementation will
    be different due to rollback on failure logic included.
    
    - save_subnet
    Moved saving allocation pools into new method _save_allocation_pools.
    Moved to ipam_non_pluggable_backend, since pluggable ipam implementation
    does not need to save IPAvailabilityRange (availability ranges are
    maintained by ipam driver for pluggable case)
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I4a3e5d7f3aa54630279d9589225a509c96ed2186

commit 3c72832c8b84af673722a34bba25eefc82154b47
Author: Kevin Benton <blak111@gmail.com>
Date:   Mon Jun 15 23:10:09 2015 -0700

Retry port status update on StaleDataError
    
    During update_port_status, a port may be concurrently updated/deleted
    by another process, which will result in a StaleDataError being
    thrown. In the event it was an update, we want to retry to make sure
    the port status is set to the desired state so third parties like Nova
    get notified.
    
    This patch uses the oslo_db wrap_db_retry decorator after converting
    the StaleDataError into a RetryRequest that the decorator can catch.
    
    Closes-Bug: #1465407
    Change-Id: I0a9230d30f435ec3d48f033136e85c40ad489ef9

commit ee14186fbb2486f9088103e9621bc366cc64c552
Author: Henry Gessau <gessau@cisco.com>
Date:   Sun Jun 21 01:30:05 2015 -0400

Allow setting Agents description to None
    
    Fix the validator for the 'description' attribute of Agents, allowing
    it to be set to None.
    
    Fix an API test that had two problems:
     1. It was not restoring the description to the agent it had updated
     2. It was retoring the description to '' instead of None.
    
    Closes-Bug: #1466642
    
    Change-Id: I50723e1346be0953d26216ba24907bac008ccfb6

commit d0d62927e661c84003845a61d2b991a54e723ed4
Author: Darragh O'Reilly <darragh.oreilly@hp.com>
Date:   Sat Jun 20 11:55:27 2015 +0000

Fix RPC version to be a string
    
    The RPC version was being passed as a float which caused an
    exception.
    
    Change-Id: I2a2888fcafcc426009fc841b81049a22e072ce75
    Closes-Bug: #1467087

commit 35654ec23ef9db6bda313ea300ab76c287a98ceb
Author: Gal Sagie <gal.sagie@huawei.com>
Date:   Mon May 25 15:20:05 2015 +0300

Decompose DVR CSNAT L3 Agent from Compute Node L3 Agent
    
    Currently the same dvr router class is used both by the L3 Agent
    in the compute nodes that is responsible for the virtual routers
    namespace and the fip namespace and also used by the centralized
    SNAT L3 Agent in the network node.
    This is the first step to decompose the two into different
    classes.
    
    The above means that we have one class of DVR router which is used
    for two jobs (the virtual router namespace wiring and the fips wiring
    in the compute node in one hand and the centralized snat wiring in the other)
    The end goal of this patch is to separate the two into different classes
    which will also help maintaining it and also help projects that want
    to use one but not the other (for example only use the centralized
    SNAT behaviour with there own DVR implementation)
    
    Change-Id: I581a097b9e7c49f20d0eb0e4ca66a25e90d9511b
    Partial-Bug: #1458541
    Partially-Implements: blueprint dvr-router-code-decompose

commit 0e48d9d203619f50adae94ddb6bbccd28f381737
Author: Davanum Srinivas <davanum@gmail.com>
Date:   Sun Jun 7 10:10:18 2015 -0400

cleanup openstack-common.conf and sync updated files
    
    Periodic update of latest files from oslo-incubator
    
    Change-Id: Ie7eb02e4e9277c18abfb438b6cf710e0aa426b15

commit 74b0c53da5d7e4305606c100becf34966d8af350
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Thu Jun 11 13:38:55 2015 +0300

Fix l3 agent to not create already deleted router
    
    In case router is deleted during l3 agent resync,
    the "deleted" event is processed with higher priority, then
    resync event for the router may be processed which will recreate
    already deleted router.
    This happens due to timestamp not being properly updated for deleted
    router in router processor.
    The fix adds timestamp update for deleted router.
    
    Functional test will be updated in a follow-up patch
    
    Logging was improved to make debugging a bit easier.
    
    Closes-Bug: #1455439
    Change-Id: I2d060064acccc10591a3d90be9011f116548cfce

commit 4f5171d2cedb32fdc5a59d241e7ae91c7284b75c
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Fri Jun 19 13:24:34 2015 +0000

Python3: do not use '+' on dict_items objects
    
    In Python 3, dict.items() returns an iterator. Iterators cannot be added.
    
    Blueprint: neutron-python3
    Change-Id: I487178ebceae9946cb53dea1e847d7715f4577f3

commit b336b7c438f3f5d4ee8d23d6bb2d2cf8fe1657f4
Author: Jakub Libosvar <libosvar@redhat.com>
Date:   Fri Jun 19 15:52:35 2015 +0200

Disable keepalived process in keepalived func test
    
    Previously, keepalived process itself was disabled that lead to
    respawning of keepalived by KeepalivedManager. This patch disables
    KeepalivedManager in cleanup thus no respawn happens.
    
    Closes-Bug: #1466873
    Change-Id: If5524116e5d4fc41600920d31481282c5b797f7b

commit a4b17cbb80b48c8e4bcd7cc005139f8e66066d68
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Thu Jun 18 11:52:28 2015 +0000

Python3: do not use im_self/im_func/func_closure
    
    One should use __self__, __func__ and __closure__ instead, as they work
    with both Python 2 and 3.
    
    Change-Id: I2b2847cfd5b4fa70e45387ff369240227ce9e526
    Blueprint: neutron-python3

commit 432567f9477eadd840e407c5c057fc664e46d731
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Wed Jun 17 15:48:09 2015 +0300

Add request factory for pluggable IPAM
    
    Pluggable IPAM implementation requires separation between requesting
    address/subnet and it's actual allocation, which can happen on
    third-party IPAM servers. Request factory stands for simplifying
    building right request from input.
    
    Added AddressRequestFactory and SubnetRequestFactory.
    
    AddressRequestFactory creates instance of AnyAddressRequest or
    SpecificAddressRequest depending on presence of ip address in input.
    SubnetRequestFactory creates instance of AnySubnetRequest or
    SpecificSubnetRequest depending on input.
    
    get_subnet_request_factory and get_address_request_factory can be
    redefined on driver level to use custom request factories.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: Iedc0cfa326d60810099148f0ef8a1edac9e8aa12

commit 870fb38b1c7ddd5ddb399e6ff13a4f7992f8f9a6
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Fri Jun 19 13:59:46 2015 +0200

Python3: use dict.keys() instead of dict.iterkeys()
    
    The "keys" method works on both Python 2 and 3, and the performance
    impact should be negligible.
    
    Change-Id: I4771797859666000921e4e38cc5de72a8c084ca0
    Blueprint: neutron-python3

commit 538a7bf3c73d968185590d81a9b3a6523190aeb4
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Tue Jun 9 03:41:07 2015 -0700

NSX QoS ext: RXTX factor can be decimal
    
    In Nova flavors it is ok to specify a decimal RXTX factor.
    For this reason when applying QoS to a port Neutron should not
    convert this factor to an integer value, but simply ensure
    it's a valid float number and positive.
    
    Partial-Bug: #1463363
    
    Change-Id: I983123ef7fd8f1b52b358aff3b579459fce63033

commit 5aaae68e5148f01e78a5e6013dce797dd42c1917
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Thu Jun 18 14:17:58 2015 +0300

Move _add_auto_addrs_on_network_ports
    
    Moved to ipam_non_pluggable_backend.py since implementation
    is specific for non pluggable ipam backend.
    Pluggable implementation will additionally include rollback on failure actions.
    
    This commit is a preparation step for using pluggable ipam.
    More changes in this methods are expected to be done by following
    patches.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I1876846526e370a7fcfa05b9a23fd9065973f111

commit 6669ee9af6bd635ae7efbc2f02e10914549ef708
Author: Lucas Alvares Gomes <lucasagomes@gmail.com>
Date:   Thu Apr 9 14:02:36 2015 +0100

DHCP agent: Set an "ipxe" tag to work with Ironic
    
    Ironic expects neutron to have an "ipxe" tag for the option 175 which is
    sent by iPXE/gPXE when booting a node. The problem is that up to now this
    tag was not created by Neutron, causing the nodes deployed with Ironic
    + iPXE to fail to boot. This patch is creating this tag when launching
    the dnsmasq process.
    
    DocImpact
    Change-Id: I45a0f51365b37e7d85848fcdcbcf7aa6a1dddfed
    Closes-Bug: #1442123

commit 735f193668d61dd7c09f710e555ab91d1d91abe6
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Wed Jun 17 18:47:11 2015 +0300

Remove _check_ip_in_allocation_pool
    
    _check_ip_in_allocation_pool is not used anywhere in neutron.
    Cleaning up unused code from db_base_plugin_v2.py.
    Caller was removed over a year ago in change
    Ib31550fa9000fc75768a327cb6cc1c419e06568f
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I41b7254835c308dda679ee2a5ebbccba528fd108

commit e3710f59481b4f9c3430228e8f074c845e93fbe7
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Mon Jun 15 14:51:16 2015 +0800

Don't delete DVR namespace if there are still ports on this node
    
    Skip deleting DVR namespaces if they contain ports in the BUILD or
    DOWN status.
    
    Change-Id: I026f2014ede800c0f4532ca15f1fccdaa59d5b61
    Closes-bug: #1464527

commit 345ffb99ef92f567562c178c57b9c110740a3767
Author: Doug Wiegley <dougw@a10networks.com>
Date:   Thu Jun 18 18:13:43 2015 -0600

Updated from global requirements
    
    Since we can't merge proposal bot at the moment, due to a conflict with
    setup.py, at least get our reqs files up to snuff.
    
    Change-Id: Ie313c81502dfe17a4afdcfdba4e207b9866e1399

commit 42826a0e64b3499cda065fd9ffdf0b5af5754c85
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Mon Jun 15 16:06:21 2015 +0200

Fixed the only sphinx warning in docs
    
    We made previous attempt to get rid of all warnings, but it turned out
    that gate does not execute tox's docs job but runs build_sphinx
    directly.
    
    The latter behaviour should be fixed, but while at it, we
    should prepare neutron job to be executed in gate by cleaning up all
    warnings.
    
    Closes-Bug: #1466554
    
    Change-Id: I8c265eae2175425568479116d1faef7d87fdcc02

commit 63e318f5f8159f108cf1e7a82c952fa5f882870f
Author: Moshe Levi <moshele@mellanox.com>
Date:   Thu Jun 11 12:24:03 2015 +0300

Fix SR-IOV mech driver to set port status to down when agent is required
    
    SR-IOV mech driver has 2 modes agent and agent-less. Currently in both
    modes port status are active. This patch update the port status to down
    when using agent mode. This will allow the SR-IOV agent to get port
    update notification and apply its additional functionality
    when launching vm.
    
    Co-Authored-By: Berezovsky Irena <irenab.dev@gmail.com>
    
    Closes-Bug: #1464186
    
    Change-Id: Ibd9b31b4f2393b8732253d5cbfd36e8b5614860d

commit cdde9a3aeb929e80aa3c251a44060b8174ab7b6c
Author: venkata anil <anil.venkata@enovance.com>
Date:   Thu Jun 18 10:03:12 2015 +0000

read_hosts_file_leases shouldn't parse stateless IPv6
    
    Error when _read_hosts_file_leases tries to parse stateless IPv6 entry
    in hosts file
    TRACE neutron.agent.dhcp.agent ip = host[2].strip('[]')
    TRACE neutron.agent.dhcp.agent IndexError: list index out of range
    
    Neutron creates entries in dhcp host file for each subnet of a port.
    Each of these entries will have same mac address as first field,
    and may have client_id, fqdn, ipv4/ipv6 address for dhcp/dhcpv6 stateful,
    or tag as other fields.
    
    For dhcpv6 stateless subnet with extra_dhcp_opts,
    host file will have only mac address and tag. So _read_hosts_file_leases
    shouldn't check for ip address for this entry in host file.
    
    Closes-bug: #1465330
    Change-Id: Iad6605ac5c7bcd6ec9204352037ed021f5007738

commit 31f846c1b9fa17d1812f78dffe1dcf883da52bab
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Fri Jan 30 09:50:52 2015 +0800

Fix 'router_gateway' port status can't be updated
    
    when it creates a ovs bridge without parameter 'bridge-id',
    it's default 'bridge-id' is None, so ovs agent should also
    deal with these ovs bridges, for example if ancillary bridge
    br-ex does not be handled, the 'router_gateway' port status
    can't be updated.
    
    Change-Id: If428eadadfd36a9b19ea75920120e48ac49659f2
    Closes-Bug: #1416181

commit 2db459f284002e45497d768a8a53c9b43d045d45
Author: Doug Hellmann <doug@doughellmann.com>
Date:   Tue Jun 16 19:49:15 2015 +0000

Update version for Liberty
    
    Update the version for Liberty, switching from date-based versioning
    to pre-versioning using SemVer. See
    http://lists.openstack.org/pipermail/openstack-dev/2015-May/065211.html
    and
    http://lists.openstack.org/pipermail/openstack-dev/2015-June/067082.html
    for details.
    
    Change-Id: I6a35fa0dda798fad93b804d00a46af80f08d475c

commit 98d0be2f82523a40e630cf08dd8479b4cbb48add
Author: armando-migliaccio <armamig@gmail.com>
Date:   Wed Jun 17 11:33:56 2015 -0700

Add networking-sfc to the list of affiliated Neutron projects
    
    The project is being bootstrapped in [1,2], this change reflects
    that in the sub_projects doc.
    
    [1] I3825a1e02713f45e2c769eaa8fd0f1ab48d14372
    [2] Iec53129d7c19620d690e71032c83907f03c66d9f
    
    Change-Id: I7c235bfe444bbb9afc7d4d8c92704c9bfc09ab49

commit 315b10dc9fa7b8d889a24e0c6cdf72f5341d92d5
Author: armando-migliaccio <armamig@gmail.com>
Date:   Wed Jun 17 11:31:01 2015 -0700

Minor improvements to sub_projects document
    
    Let's remove the empty table, to cut down the risk of inconsistency,
    and further explain what the list of affiliated project is for.
    
    Change-Id: I3c8970db8de4fc211233903e8220cda72d47e193

commit 53209ca19ac2116d293b6fbc7b31254cb27a3ecb
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Wed Jun 17 14:25:56 2015 +0000

Python 3: do not use cmp(), nor sorted(..., cmp=...)
    
    * The "cmp" function has been removed, so we must not use it any more;
    * The "cmp" keyword argument of the "sorted" function has been removed, so
      replace it with "key=functool.cmp_to_key".
    
    Change-Id: Ic39d29dc1002a68f36f04c32e53a36bc826dce78
    Blueprint: neutron-python3

commit 4a73ab99c9fcc63adbbb41d4a9b9ba8669afdc61
Author: Miguel Angel Ajo <mangelajo@redhat.com>
Date:   Tue Jun 16 13:48:26 2015 +0200

Move get_inteface_by_ip from LinuxBridge class to ip_lib
    
    get_interface_by_ip is moved fro LinuxBridgeManager to ip_lib
    as a more generic get_device_by_ip.
    
    System-faking unit tests have been switched for functional
    testing that also performs a negative test.
    
    This can be reused in the openvswitch-agent code to validate
    local_ip reusing the LinuxBridge logic.
    
    Change-Id: I9237871a6e24dd99556c71844624be510e20d289
    Related-Bug: #1464178
    Related-Bug: #1408603

commit 76dd333167920f447bdbedbbee10fdab593abe5b
Author: Vladislav Belogrudov <vladislav.belogrudov@oracle.com>
Date:   Wed Jun 17 14:02:22 2015 +0300

Fix cisco_csr_identifier_map.ipsec_site_conn_id
    
    Some database engines require exact match of sizes of foreign keys
    and referenced fields. Foreign key ipsec_site_conn_id of table
    cisco_csr_identifier_map is varchar(64) but it references field
    id varchar(36) of table ipsec_site_connections. This gives error
    while running migration scripts in such databases.
    
    This fix only applies to new installations. Existing databases will
    be corrected by migration scripts introduced in
    https://review.openstack.org/190569 - they will take care of resizing
    the field and adjusting the model.
    
    Change-Id: I6cc9625a2d96d1330b06eb727cc7fa5363c697b8
    Depends-On: I384a9bbaba05ef94174b666bdcfb276eedc74134
    Closes-Bug: #1463806

commit 7a7377681133785e12a296ff7077b039708da97d
Author: Thomas Morin <thomas.morin@orange.com>
Date:   Wed Jun 17 12:13:35 2015 +0200

fix rootwrap debug filter for ping all
    
    NeutronDebugAgent.ping_all calls ping with "-c 1 -w <number>' so
    the filter should accept this order, and not only "-w .. -c ..".
    
    Not changing the existing filter to not break other tools
    that might use -w -c in that order.
    
    Change-Id: I5b3d67dfcdc15c53ac3bf2fb39de29fd97e98a19

commit 7d704db18ec7635328bfce7dc6e936151f264f1f
Author: Aman Kumar <amank@hp.com>
Date:   Tue Jun 16 23:16:24 2015 -0700

Refactor rpc_loop() in ovs neutron agent
    
    This patch segregates the port_info recieved by
    scan_ports and scan_ancillary_ports.
    
    This refactoring is basically required for this patch set:
    https://review.openstack.org/#/c/165023/
    
    Co-Authored-By: Romil Gupta <romilg@hp.com>
    
    Change-Id: I9b43c230cda9d2659ad0e806bebe8a3dc12826ec
    Partial-Bug: #1329223

commit 4e77442d529d9803ff90de905b846af940eaf382
Author: Kevin Benton <blak111@gmail.com>
Date:   Sat Jun 13 18:45:19 2015 -0700

Add deadlock retry to API and ML2 RPC port update
    
    With the switch to the pymsql SQL driver, eventlet will now yield
    during database transactions. This greatly increased our probability
    of multiple coroutines running transactions on the same table that
    result in deadlocks.
    
    These deadlocks could result from many things including the following:
    * a coroutine holding a pessimistic "SELECT for UPDATE" lock when
      another tries to update the locked records
    * two coroutines both issue update statements using a WHERE clause
      invalidated by the other update (e.g. from a compare and swap approach)
    * two coroutines insert records that, when combined, violate a unique
      constraint on the table in a master-master Galera deployment
    * any two workers using "SELECT for UPDATE" in a master-master Galera
      deployment (write-set certification failure translates to deadlock)
    
    This problem is exacerbated by the switch to multiple API and RPC
    workers, each of which can lead to most of the errors above even
    without the switch to pymysql.
    
    This patch adds a deadlock retry decorator to the delete, create,
    and update methods at the HTTP API layer. Additionally, it adds a
    decorator to the update_port_status AMQP API in ML2 since it updates
    the port table, which is a heavily locked table by ML2 making it a
    prime candidate for deadlocks.
    
    Nova has had relied on the deadlock retry mechanism for quite some
    time now. We were limping along by not using additional workers and
    by relying on the unyielding nature of the MySQL C driver to
    serialize everything.
    
    Closes-Bug: #1464612
    Change-Id: I635cc49ca69f589f99ab145d4d51e511b24194d2

commit 95b6a74af10e2150b017647028de8454ef1cda2f
Author: Aaron Rosen <aaronorosen@gmail.com>
Date:   Tue Jun 16 17:23:09 2015 -0700

ovsdb: session.rpc never initialized
    
    Previously, if idl.Transaction.commit_block() returned a status of
    TRY_AGAIN we would check self.api.idl._session.rpc.status which would
    result in an attribute error as rpc is None.
    
    This patch fixes this attribute error by removing this unneeded check. In
    addtion, the force_reconnect() is also removed as ovs.jsonrpc handles
    reconnecting automatically for us.
    
    Change-Id: Ibf3ce5cd3432845f8938a1d83637ecf59b14b5ca
    Closes-bug: 1465889

commit fc0c3a83659a86453acd5745a5632729b99cb3de
Author: Rawlin Peters <rawlin.peters@hp.com>
Date:   Mon Jun 15 10:57:02 2015 -0600

Remove duplicated debug logging around locking
    
    Currently, iptables_manager.py does extra unnecessary logging about lock
    acquisition and release. It uses lockutils.lock() which passes
    do_log=True by default, which causes lockutils.lock() to do debug
    logging about lock acquisition/release. IptablesManager itself also writes
    debug log info about lock acquisition and release.
    
    This change will eliminate unnecessary duplicate logging in order to
    reduce log noise about locking. This change is also related to
    https://github.com/harlowja/fasteners/commit/f88f2fea7fe250b7d26cdcbc84633ccbbc68eeee
    which reduces the logging level in the underlying lock implementation
    used by oslo.concurrency. That change along with this one will remove
    the duplicate debug logging about locking in iptables_manager.py and also in
    ipset_manager.py.
    
    Change-Id: If6f4a7101f3783ad83645e28bbb5c577dd403d3b
    Closes-Bug: 1464727

commit 8f2014ea556404fb99c78add1e46b80c718cf491
Author: Aman Kumar <amank@hp.com>
Date:   Tue Jun 16 05:32:44 2015 -0700

Refactor scan_ports() and update_ancillary_ports() in OVS Neutron Agent
    
    Used a helper method which contains the common code from scan_ports()
    and update_ancillary_ports(). And also renamed the name of
    update_ancillary_ports() method to scan_ancillary_ports() to have parity
    between normal ports and ancillary ports.
    
    Added unit tests for scan_ancillary_ports.
    
    Co-Authored-By: Romil Gupta <romilg@hp.com>
    
    Partial-Bug: #1329223
    
    Change-Id: I8b3e00a9371d5a03cc8b4be24bf20eec10bef5df

commit 4f46d2ae3a089f36512fae3bf49f155927095922
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Tue Jun 16 13:38:13 2015 +0000

Python3: do not change the size of a dict while iterating over it
    
    This does not work in Python3, so we have to store the items first.
    
    Change-Id: I7d8641f980fe62d2900559433d5060a6281a97f8
    Blueprint: neutron-python3

commit 0488ac707493575e084f02273df2c4ec598541ba
Author: Elena Ezhova <eezhova@mirantis.com>
Date:   Mon Jun 1 12:34:41 2015 +0300

Refactor TestRpcWorker and TestWorkerService
    
    TestRpcWorker and TestWorkerService have a duplicate test_reset.
    This patch introduces a base class from which tests for service
    workers can inherit.
    
    Change-Id: Ic4690c3b066b03c2fbb463f1329208ad1307d83d

commit fca84f69659e4e81790de405213f31e80fd8c239
Author: Ann Kamyshnikova <akamyshnikova@mirantis.com>
Date:   Tue Jun 2 18:45:51 2015 +0300

Juno_initial migration
    
    Havana was deprecated with the kilo release, and icehouse will be
    deprecated with the liberty release, so havana_inital migration should be
    removed and replaced with juno_initial.
    
    Closes-bug: #1461103
    
    Change-Id: I2e6802c9ab64d164bd888278d555dfeeaf47257b

commit 037f3111cd3968ff00593387daf2b832761e5ef4
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Tue Jun 16 09:21:42 2015 +0200

docs: added job to well known tox envlist
    
    This is to make 'tox -l' return the job name in its output (needed to
    allow run-docs.sh script in project-config to determine whether the job
    is present, to rely on it when generating docs in gate).
    
    Change-Id: I80eb169b7b4e5a3490586722c64394dbb724928d

commit 9fc422a93a00f4126e91fa79ffcd43903ea9c8ac
Author: Sean M. Collins <sean@coreitpro.com>
Date:   Mon Jun 15 13:51:05 2015 -0400

API Extensions: inherit from the ExtensionDescriptor
    
    For consistency in the codebase, API extensions should inherit from the
    abstract base class ExtensionDescriptor.
    
    Change-Id: Id4829c265866e80c042c433bebcc01383e1e7417

commit 34aa030847ed24ad6ca7759459cbe9a6d0f43db3
Author: Henry Gessau <gessau@cisco.com>
Date:   Mon Jun 15 14:47:21 2015 -0400

Remove fossilized remains
    
    Clean up ancient stuff that hasn't been touched in over 3 years.
    
    Change-Id: I67fcd85027fb6614cafe8d92ddbf8c24aed58a4f

commit f88f3dc8d6f7240d6c0d9d5006345b3a797ae067
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Wed Jun 10 16:18:40 2015 +0300

Refactor update_port in db_base_plugin_v2
    
    This commit is a preparation step for using pluggable IPAM.
    - moved validations into _validate_port_for_update;
    - updating ip addresses for port is backend specific, so
      moved into _update_port_with_ips in ipam_non_pluggable_backend;
    - writing port changes to db is common for both backends, so
      moved into _update_db_port in ipam_backend_mixin;
    - updated to use namedtuple to track add/original/remove ips;
    - added _make_fixed_ip_dict to exclude keys other than
      ip_address and subnet_id;
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I1110e88f372b1d0cc7ec72049ba69a6d548da867

commit a89f99c6b700b1c6f918fe359c7271ac25ed4bc4
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Wed Jun 10 14:56:58 2015 +0300

Refactor _update_ips_for_port
    
    This commit is a preparation step for using pluggable IPAM.
    _update_ips_for_port was refactored and split into two methods:
    - _get_changed_ips_for_port
      This method contains calculations common for pluggable and
      non-pluggable IPAM implementation, was moved to ipam_backend_mixin.
    - _update_ips_for_port
      This method is specific for non-pluggable IPAM implementation, so it
      was moved to ipam_non_pluggable_backend_common.
    
    Other changes:
    - _update_ips_for_port now returns namedtuple with added, removed, original
      ips (previously added and original ips were returned).
      List of removed ips is required by pluggable IPAM implementaion
      to apply rollback-on-failure logic;
    - removed unused port_id argument from _update_ips_for_port argument list;
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: Id50b6227c8c2d94c35473aece080a6f106a5dfd8

commit a8619e9bd1247e8ec494c456aee9ee7163231f62
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Jun 15 15:07:28 2015 +0000

Python 3: use dict.values instead of dict.itervalues
    
    This works with both Python 2 and 3, and should not have any performance
    impact.
    
    Change-Id: I2a14945c60de513b91c6f022ff5dcc503ce2a8ad
    Blueprint: neutron-python3

commit 62faedddf2b0315484a04bd9092e96a3a828e46a
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Mon Jun 15 16:15:11 2015 +0200

Put output of docs job into doc/build/html
    
    This is the path where jenkins/scripts/run-docs.sh that is used by gate
    to generate project documentation expects to see the output.
    
    Change-Id: Id276fa59edb33f7789ab06055300b4dc2385472a

commit ad1c7a35dec614a26de0a426950fa005df5f489d
Author: Sean M. Collins <sean@coreitpro.com>
Date:   Wed Jun 10 10:23:44 2015 -0400

Remove get_namespace from API extensions
    
    Based on the conversation on the ML.
    
    http://lists.openstack.org/pipermail/openstack-dev/2015-June/066219.html
    
    APIImpact
    DocImpact
    
    Closes-Bug: #1464023
    Depends-On: 6f900fc429bf24cb31e0d2f149aa732055fd5956
    Change-Id: I3c406910991c33cf959c5345d76153eabe3ace2d

commit b370c69b75fe38cd285512f9516ce428e8a806dd
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue Jun 9 16:00:58 2015 +0000

Ensure no "db" related functional/fullstack tests are skipped in the gate
    
    Currently neutron uses MySQLTestCase[1] and
    PostgreSQLOpportunisticTestCase[2] for functional and fullstack tests
    using a real MySQL/PostgreSQL database. These classes skip tests when
    the db is unavailable (db not installed/configured, missing packages,
    etc.) which is fine when tests are runned by developers but not when
    runned by the gate jobs.
    
    This change updates MySQLTestCase[1] and defines PostgreSQLTestCase[1]
    as PostgreSQL oslo.db test class wrapper: when the db is unavailable,
    these classes ensure tests will:
    
    * fail in the gate (dsvm-functional, dsvm-fullstack jobs),
    * be skipped by default otherwise (functional, fullstack jobs).
    
    [1] neutron.tests.common.base
    [2] oslo_db.sqlalchemy.test_base
    
    Closes-Bug: #1404093
    Change-Id: I77b12e728ce9a7b0222c3df081842635f6375a3e

commit 278a5fce29504c43d669feed210f7b3627616e22
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed Jun 10 22:35:11 2015 +0200

Use PyMySQL in MySQL related functional/fullstack tests
    
    mysql-python driver has been replaced by PyMySQL driver[1] in neutron
    code but MySQL related functional/fullstack tests try to use
    mysql-python driver because of MySQLOpportunisticTestCase[2] and tests
    are skipped because mysql-python driver is no more available.
    
    This change provides a backend implementation for mysql+pymysql, a base
    base testcase MySQLTestCase[2] using mysql+pymysql implementation
    (currently oslo.db provides none of them but will in the future) and
    replaces MySQLOpportunisticTestCase with MySQLTestCase.
    
    [1] I73e0fdb6eca70e7d029a40a2f6f17a7c0797a21d
    [2] neutron.tests.common.base
    
    Closes-Bug: #1463980
    Change-Id: Ic5c1d12ab75443e1cc290a7447eeb4b452b4a9dd

commit 1318437a0caf38e695a819848832a955fef7d909
Author: Eugene Nikanorov <enikanorov@mirantis.com>
Date:   Fri Jun 5 01:46:22 2015 +0400

Skip rescheduling networks if no DHCP agents available
    
    This eliminates the problem of unscheduled networks in case
    of communication failure between agents and servers which
    can occur if messaging queue service fails.
    
    Change-Id: Ied4fa301fc3d475bee25c47f3a01c2381ae9a01e
    Closes-Bug: #1461714

commit bb846c89ee120662eabdd4b0136fac82de076777
Author: Russell Bryant <rbryant@redhat.com>
Date:   Fri Jun 12 21:26:37 2015 -0400

Reflect project moves from stackforge to openstack.
    
    Several git repos were just moved from stackforge to openstack.
    Reflect the move in various places where the URL was in docs and
    comments.  In passing, also change URLs to git.openstack.org instead
    of github, as that is the official home of all of these repos.
    
    Change-Id: I6c79a192d6604cef01e88d5b305fcc2b0f9c6b30
    Co-Authored-By: Kyle Mestery <mestery@mestery.com>
    Signed-off-by: Russell Bryant <rbryant@redhat.com>
    Signed-off-by: Kyle Mestery <mestery@mestery.com>

commit 1710f7c72f2c509d1009ee36ba4f66b298967fe9
Author: Kobi Samoray <ksamoray@vmware.com>
Date:   Thu Jun 4 15:49:13 2015 +0300

VMWare NSXv: Add distributed URL locking to ini
    
    NSXv plugin supports distributed locking using tooz library.
    This patch adds the required parameter to the ini file.
    
    DocImpact
    
    Depends-On: Icbcec938c1c5ae7a528350f2f283388b81fa66b7
    Change-Id: I8a7c36d044c4be29b0dfa3fbb8e9379723cebd61

commit 9952abaab182f3ec701aad2397d6f3fcc0bacc7f
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Mon Jun 8 14:15:30 2015 +0300

Decompose db_base_plugin_v2.py with changes
    
    This commit is a preparation step for using pluggable IPAM.
    1. Moved get_subnets functionality to db_base_plugin_common to make it
    accessible by ipam backends.
    2. Reworked update_subnet routine:
    - moved db part into update_db_subnet;
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: Idb8f54d9fccaad1137222d156590c37d86aa576b

commit a5bf502fab57453a1aedd3a53ce89eaf464e1cd9
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Fri Jun 12 21:11:02 2015 +0200

Remove duplicate tunnel id check in sync_allocations
    
    Currently, gre/vxlan sync_allocations and _parse_tunnel_ranges both
    check tunnel id values. This change removes the check in gre/vxlan
    sync_allocations as they duplicate _parse_tunnel_ranges check and is
    less fine.
    
    Change-Id: I5827468aeaec5d6c79d469132b129aeb7da171e2

commit 901e6ae6fb05d65ccfc4a6602de4160c3a34031e
Author: Akihiro Motoki <motoki@da.jp.nec.com>
Date:   Sat Jun 13 02:14:17 2015 +0900

Remove meaningless no_delete from L3 test
    
    no_delete parameter was removed in Kilo and it no longer
    has any effect.
    
    Change-Id: Idf0f3ac24b3978392222efbf465cc9e6cfd5d346

commit ba2c44ef000221f8a18274a9569838d8c26014c0
Author: armando-migliaccio <armamig@gmail.com>
Date:   Fri Jun 12 08:58:05 2015 -0700

Revert "Revert "Set default of api_workers to number of CPUs""
    
    This reverts commit 12a564cf03e612dda36df26df8d28dfc75f1af6e.
    
    We should re-enable this feature on a controlled basis so that we can
    flush out any outstanding issue we may have.
    
    Related-bug: #1432189
    
    Change-Id: I2cfd93fdb032b461022b729347390ff8636ccdeb

commit 89a83bf199e7ea75c04f3205ff77987feed13184
Author: rossella <rsblendido@suse.com>
Date:   Thu Jun 11 10:43:36 2015 +0200

OVSNeutronAgent pass the config as parameter
    
    Instead of using the global cfg.CONF, pass the config as parameter.
    This is very useful to test the agent without having to override
    the global config.
    
    Change-Id: I45534d79e044da9f2be4d596a58310fb28b7bf22

commit 7e0222409dab6223579efea34ba0d3ccf93e11d3
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Thu Jun 11 17:23:41 2015 +0300

Refactor _update_subnet_allocation_pools
    
    Moved _update_subnet_allocation_pools to ipam_backend_mixin.py.
    Call _rebuild_availability_ranges with self to make it overridable
    on upper level (from non-pluggable backend).
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: If7b1e720f88a2f0177b6772a015ae216f19ee22d

commit 5ff082bcfe12647036e5b033bfc2bac514acdb42
Author: Dane LeBlanc <leblancd@cisco.com>
Date:   Tue Feb 24 15:47:01 2015 -0500

Stop sending gratuitous arp when ip version is 6
    
    This fix prevents calls to the arping utility for IPv6
    addresses, thereby eliminating errors reported by arping
    for IPv6 addresses.
    
    The assumption is that NDP, DAD, and RAs are sufficient
    for address resolution and duplicate address detection
    for IPv6, and that unsolicited Neighbor Advertisements (NAs)
    are not required for OpenStack services. If this turns out
    not to be the case for some service/feature, then a separate
    bug should be filed to add support for unsolicited NAs for
    that service.
    
    Change-Id: I14f869b7d488d7e691f7316eafcab3064e12cda6
    Closes-Bug: 1357068

commit 1552f311532fdbd03a79ecfc1fae488b072c5a14
Author: Ann Kamyshnikova <akamyshnikova@mirantis.com>
Date:   Tue Jun 9 11:30:06 2015 +0300

Fix Enum usage in 589f9237ca0e_cisco_n1kv_ml2_driver_tables
    
    PostgreSQL is more sensitive with types than MySQL, it creates a
    separate type when a Enum is created. In migration 589f9237ca0e
    type profile_type is trying to be created, but the type with such
    name was already created in havana_initial migration.
    
    The solution for this is not to create type in 589f9237ca0e
    migration when dialect is PostgreSQL and use already created.
    
    Closes-bug: #1463301
    
    Change-Id: I66e74d50cc70673de8635616076779cc20cde113

commit cd56a657a19a5a756d191c614becfd3e386b3c80
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Thu Jun 11 06:03:07 2015 +0000

Imported Translations from Transifex
    
    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure
    
    Change-Id: If91f3ac94562cc5130dd5ea5ac5d71aec64b74e3

commit 7b51521e31f896d0095510b52644b728aaadca5a
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 10 21:45:41 2015 -0700

power grab
    
    The current core reviewers hierarchy didn't have a place for the
    parts of ML2 that weren't related to agent communication. For now
    we can put all of ML2 under the built-in control-plane until we
    decide it needs to be put somewhere else.
    
    Change-Id: Ic4924e0041c4cbb955d8fac0f96ec56406d6466e

commit 1c29fab7cb3e586be72dd7910e2022b45c809c5f
Author: Brian Haley <brian.haley@hp.com>
Date:   Thu Jun 4 23:54:31 2015 -0400

Change ensure_dir to not check directory exists first
    
    I224be69168ede8a496a5f7d59b04b722f4de7192 added an EEXIST
    check, so no need to check if the directory is already
    there, just try and create it.
    
    Change-Id: Iba51fc8263bf59326489319d0dd3f69af00a8eeb

commit 7c331be77fb6a835f1fb79c674d8d6c39c7eb357
Author: armando-migliaccio <armamig@gmail.com>
Date:   Wed Jun 10 16:53:25 2015 -0700

Document existence of br-tun and br-int in the OVS agent
    
    Question about the use of the two bridges has come up in the past
    multiple times, so let's fill the gap in the developer documentation.
    
    A user-facing documentation patch will have to follow up, if we want
    to be very thorough.
    
    Change-Id: I6dac0f9bdaf7b3b7bff8745d4103ccc71df61a0a

commit 9c8a19ba4032f98ecbffe53c4e731587550ded96
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed Jun 10 22:08:45 2015 +0200

Correct indentation in neutron.api.v2.attributes
    
    This change corrects subnetpool resource definition indentation in
    neutron.api.v2.attributes.
    
    Change-Id: I6738ff6b73bd0b943cec32f14ccb8946ba28d2e3

commit fd85b3ead32cd988e93f1d33d219ffd52cd77a51
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Wed Jun 10 10:20:58 2015 +0000

Python3: replace 'unicode' with 'six.text_type'
    
    In Python 3, 'unicode' does not exist; 'six.text_type' should be used instead.
    
    Change-Id: I71011b4beee9817a61278eb473804cfb798de74a
    Blueprint: neutron-python3

commit c34ce7c9845cc56f981e0ee8714d1f9345df5852
Author: Saksham Varma <sakvarma@cisco.com>
Date:   Tue Apr 7 18:12:02 2015 -0700

Moving out the cisco n1kv section to stackforge
    
    Since most of the n1kv plugin code resides in stackforge/networking-cisco
    repo, it's best to move the n1kv section there
    
    Change-Id: Ic1388980dea0d27dfa5e84869f1f20cc9bff78e5
    Closes-Bug: #1441400

commit 27df3e9fb98407e94bdeb9df493a9a3a0be639ca
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Mon Jun 1 22:29:39 2015 +0200

Ensure no "agent" functional tests are skipped in the gate
    
    Some "agent" functional tests[1] can be skipped if some requirements are
    not satisfied in order to allow developers to run functional tests on
    various environments. These tests should not be skipped in the gate.
    
    This change defines the decorator no_skip_on_missing_deps[2] to ensure
    no "agent" functional tests are skipped in the gate. More precisely
    no_skip_on_missing_deps transforms a skipTest into an error in:
    
    * dsvm-functional and dsvm-fullstack jobs,
    * functional and fullstack jobs when OS_FAIL_ON_MISSING_DEPS is
      evaluated as True.
    
    The change enlarges OS_FAIL_ON_MISSING_DEPS environment variable scope
    (ie: missing dependencies + system requirements).
    
    [1] in neutron.tests.functional
    [2] in neutron.tests.common.base
    
    Change-Id: Iacd4a5ef249fc1d7c75135ead9d0cf99d8a98a06
    Closes-Bug: #1459844

commit ca63dfd0f39c7d691247c146b7529937c5804c9e
Author: Romil Gupta <romilg@hp.com>
Date:   Wed Jun 10 09:43:56 2015 -0700

Remove useless pass from methods in type_tunnel.py
    
    The pass is useless because there is a docstring in the methods.
    Generally considered as uncovered by coverage tool.
    
    Change-Id: Id1275c51e9adb865a3da9f0db007f3092b55b140

commit 87fecfcc50f371d8dd593b3cd372da9db56f39c6
Author: Sean M. Collins <sean@coreitpro.com>
Date:   Wed Jun 10 10:29:33 2015 -0400

Make Vlantransparent extension inherit from ExtensionDescriptor
    
    Change-Id: Ic615578a1fe1d401b53d0b44ff5275d9518b97fd

commit eeacb95e65a749ce3a032246c36d10cad9df22b1
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Wed Jun 10 13:10:54 2015 +0200

Actually allow to pass TRACE_FAILONLY to ostestr
    
    The comment below suggests to use TRACE_FAILONLY to fail quickly when
    running unit tests, while tox 2.0 does not allow to pass envvars from
    the cli caller unless they are explicitly mentioned in passenv=
    directive.
    
    Change-Id: I6861498e7609b0c21fad844009420ea9734e2352

commit 1c124a309bc941c078b8bb622ea248a3ed3829e1
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Tue Jun 9 11:28:10 2015 +0200

Switch to os-testr to control testr
    
    It's a nice wrapper spinned out recently from tempest-lib that should
    cover all our needs that we currently fulfill with pretty_tox.sh.
    
    Change-Id: I2268ed45ab628fe5dcab657d6287594847ab587c

commit da42745c466c14e6dbe58cdbc830ae5d1c8bb114
Author: Jakub Libosvar <libosvar@redhat.com>
Date:   Tue Jun 9 16:08:50 2015 +0000

Introduce functions using arping executable
    
    The arpinger is gonna be used in the next changeset introducing
    connection testers.
    
    Change-Id: I90ae32c2f52f1debfb11ae2a08b2828ee2be04cc

commit 328b72cf8c5f514434de0b73c9137bde52b5eeea
Author: Kevin Benton <kevinbenton@buttewifi.com>
Date:   Wed Jun 10 07:04:25 2015 +0000

Revert "Defer segment lookup in NetworkContext object"
    
    This reverts commit e61865807c4c8ff959a7746fe3e17f1ae574c9d0.
    
    This patch likely violated the idea of a NetworkContext
    being a snapshot of the network at the time it was created.
    This needs a different approach.
    
    Change-Id: I20b132a0181d35b0517330fb7fbf293c3e979d0e

commit e33d92c894df4664d01d040ba4305c7cb4ef6e27
Author: Fawad Khaliq <fawad@plumgrid.com>
Date:   Tue Jun 9 22:18:18 2015 -0700

Added networking-plumgrid in plugin requirements
    
    Closes-Bug: 1463665
    Change-Id: I7152dedd83659ee51274be31ef305af9e82d695a

commit f08e9f1f53efa97e07f21ca72a940fcbeb4570e5
Author: Jeremy Stanley <fungi@yuggoth.org>
Date:   Wed May 20 01:03:59 2015 +0000

Switch from MySQL-python to PyMySQL
    
    As discussed in the Liberty Design Summit "Moving apps to Python 3"
    cross-project workshop, the way forward in the near future is to
    switch to the pure-python PyMySQL library as a default.
    
    https://etherpad.openstack.org/p/liberty-cross-project-python3
    
    Change-Id: I73e0fdb6eca70e7d029a40a2f6f17a7c0797a21d

commit 6886655b491aede40aa9f4a0bd4c6d402d5a7a78
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Tue Apr 28 04:59:35 2015 -0700

Context: Remove logic for read_deleted and deprecate it
    
    The read_deleted parameter in the Context object is simply unused.
    This patch removes associated logic, and for what is worth, adds
    deprecation warnings against explicit usage of read_deleted when
    creating a context instance, generate an admin context, and
    elevating a context instance.
    
    Change-Id: Ic69d22dc229ebe8fac1f6be0c4860d19732505b1
    Closes-Bug: #1449462

commit 303f37f4e0c84f90e40b95731a828fc6ce8a0bbf
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Jun 8 16:09:49 2015 +0000

Python 3: use next() instead of iterator.next()
    
    The latter only works in Python 2.
    
    Also define a __next__ method in the classes that define a next method.
    
    Change-Id: Iaa1a1e500facab50d8bcdffda39ccad3f2e4e9bb
    Blueprint: neutron-python3

commit 9143ce10e422bd17c4817dfe08163879e0e5a4ca
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Thu Apr 23 12:12:52 2015 +0200

Consume oslo.policy
    
    Some non intrusive changes to tests are needed, so that we don't rely on
    library symbols that are now private (f.e. parse_rule).
    
    Closes-Bug: #1458945
    Change-Id: I90326479e908042fec9ecb25fa19a8dd5b15e7d8

commit 66fece4f84e62f14fb59a721b37986784976d0c4
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Thu Apr 23 14:03:52 2015 +0200

policy: cleanup deprecation code to handle old extension:xxx rules
    
    It served and warned users for enough time (since Icehouse) to be sure
    everyone was notified about the need to update their policy file.
    
    Change-Id: I240b935741e49fbf65c0b95715af04af4b2a73e7

commit 53ec63c430d123cd1ed4acd3b94537e9cb380bcd
Author: Romil Gupta <romilg@hp.com>
Date:   Thu Jun 4 04:21:14 2015 -0700

Fix a regression in "Separate ovs-ofctl using code as a driver" change
    
    The tunnels are not getting established between Network Node and
    Compute Nodes in non DVR mode with l2pop enabled and throws
    the AttributeError: add_tunnel_port.
    
    This fixes a regression in change Ie1224f8a1c17268cd7d1c474ed82fdfb8852eaa8.
    
    Co-Authored-By: YAMAMOTO Takashi <yamamoto@midokura.com>
    Closes-Bug: #1461486
    Change-Id: I1106fd3dd32f6f827eb25dec4815ff1120af96f0

commit 753196480d9cca10c5b91dfa8221e89f658fa110
Author: Jakub Libosvar <libosvar@redhat.com>
Date:   Wed May 27 13:54:06 2015 +0000

Break Pinger class to functions
    
    As the class served only for storing parameters that can be passed as
    actual function parameters, there is no reason for class.
    
    Change-Id: I553b4d6daeb78d495cda09894582a3d885b5d1b5

commit 6d0d72973152bb45587437c80d4ffe0fe7bba761
Author: Elena Ezhova <eezhova@mirantis.com>
Date:   Tue Apr 7 14:58:13 2015 +0300

Handle SIGHUP: neutron-server (multiprocess) and metadata agent
    
    All launchers implemented in common.service require each service to
    implement reset method because it is called in case a process
    receives a SIGHUP.
    
    This change adds the reset method to neutron.service.RpcWorker and
    neutron.wsgi.WorkerService which are used to wrap rpc and api
    workers correspondingly.
    
    Now neutron-server running in multiprocess mode (api_workers > 0 and
    rpc_workers > 0) and metadata agent don't die on receiving SIGHUP and support
    reloading policy_path and logging options in config.
    
    Note that reset is called only in case a service is running in daemon mode.
    
    Other changes made in the scope of this patch that need to be mentioned:
    
    * Don't empty self._servers list in RpcWorker's stop method
    
      When a service is restarted all services are gracefully shutdowned,
      resetted and started again (see openstack.common.service code).
      As graceful shutdown implies calling service.stop() and then
      service.wait() we don't want to clean self._servers list because
      it would be impossible to wait for them to stop processing
      requests and cleaning up their resources.
      Otherwise, this would lead to problems with rpc after starting
      the rpc server again.
    
    * Create a duplicate socket each time WorkerService starts
    
      When api worker is stopped it kills the eventlet wsgi server
      which internally closes the wsgi server socket object. This server
      socket object becomes not usable which leads to "Bad file
      descriptor" errors on service restart.
    
    Added functional and unit tests.
    
    DocImpact
    Partial-Bug: #1276694
    Change-Id: I75b00946b7cae891c6eb192e853118e7d49e4a24

commit ea35b299f06050608f3e7bb6fbc880006ed31024
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 3 18:25:14 2015 -0700

Allow update_port_status to take network param
    
    Allow the update_port_status function to take a network as
    an optional parameter to skip calling get_network again if
    the caller has already done so.
    
    Closes-Bug: #1463656
    Change-Id: I994f3abdb1b0ad3b2766f409b206ad4a8b2309b6

commit d0be7bc57f573d5696108b571c731decfbde9f0b
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Tue Jun 9 12:46:54 2015 +0200

Make pep8 job succeed when /etc/neutron/neutron.conf is not installed
    
    Currently, if /etc/neutron/neutron.conf is not installed in the system,
    neutron-db-manage fails in oslo.config code when trying to determine the
    default configuration file to use.
    
    Test job should not rely on any contents inside /etc/.
    
    Instead, pass --config-file with test-only configuration explicitly into
    the utility.
    
    neutron.conf.test was renamed into neutron.conf since for some reason
    oslo.config does not support a name that does not have .conf at its
    filename end.
    
    Change-Id: I719829fc83a7b20a49c338aaf1dbef916dcc768c

commit 826428dc8aeef124c2251624ae34fdc003e69ca4
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date:   Tue Jun 9 19:00:40 2015 +0900

Add a comment on _check_update_has_security_groups
    
    Despite of its name, _check_update_has_security_groups can
    handle create requests as well.  There are plugins actually
    using it for create.  eg. ml2, vmware
    
    Change-Id: I3c26ad0ac00b12ce24096bfc27606797af2d9098

commit 6b13cc5275df53c765c450d570521c425c3345d9
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Tue Jun 9 10:57:29 2015 +0200

Enable all deprecation warnings for test runs
    
    We would like to catch all deprecation warnings during test runs to be
    notified in advance about potential problems with next library releases
    we depend on.
    
    Change-Id: I876d8c4de88618b01898ab537a44920789d8178e

commit 734e77365b0f241a3cea0f3c9dfb1d5fcf6eac8c
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Fri Apr 17 15:00:20 2015 -0700

Remove get_admin_roles and associated logic
    
    get_admin_roles was introduced so that contextes generated from
    within plugins could be used for policy checks. This was the case
    up to the Havana release as several plugins invoked the policy
    engine directly to authorize requests.
    
    This was an incorrect behaviour and has now been fixed, meaning
    that get_admin_roles is no longer need and can be safely removed.
    This will result in a leaner and more reliable codebase. Indeed the
    function being removed here was the cause of several bugs where the
    policy engine was initialized too early in the server bootstrap
    process.
    While this patch removes the feature it does not remove the
    load_admin_roles parameter from context.get_admin_context. Doing so
    will break other projects such as neutron-lbaas. The parameter is
    deprecated by this patch and an appropriate warning emitted.
    
    As a consequence neutron's will now no longer perform policy checks
    when context.is_admin=True. This flag is instead set either when
    a context is explicitly created for granting admin privileges, or
    when Neutron is operating in noauth mode. In the latter case every
    request is treated by neutron as an admin request, and get_admin_roles
    is simply ensuring the appropriate roles get pushed into the context
    so that the policy engine will grant admin rights to the request.
    This behaviour is probably just a waste of resource; also it is not
    adding anything from a security perspective.
    
    On the other hand not performing checks when context.is_admin is
    True should not pose a security threat either in noauth mode or
    with the keystone middleware. In the former case the software keeps
    operating assuming admin rights for every requests, whereas in the
    latter case the keystone middleware will always supply a context
    with the appropriate roles, and there is no way for an attacker
    to trick keystonemiddleware into generating a context for which
    is_admin=True.
    
    Finally, this patch also does some non-trivial changes in test_l3.py
    as some tests were mocking context.to_dict ignoring the is_admin flag.
    
    Closes-Bug: #1446021
    
    Change-Id: I8a5c02712a0b43f3e36a4f14620ebbd73fbfb03f

commit 89c0875178f22651109a85d3c522d80324368caf
Author: Gal Sagie <gal.sagie@huawei.com>
Date:   Mon Jun 8 14:27:47 2015 +0300

Add documentations for VXLAN Tunnels
    
    The VXLAN type driver is currently supported, this patch add
    description and links for more information to the user.
    
    Change-Id: Idb221ca4cce1a3a27bebe5ae6fc1e6ab5d030836

commit e61865807c4c8ff959a7746fe3e17f1ae574c9d0
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed Jun 3 19:03:29 2015 -0700

Defer segment lookup in NetworkContext object
    
    Avoid call to get network segments for network context objects until
    a caller actually tries to lookup the segments. This optimizes cases
    where the user of a port context never looks at the segments of the
    associated network context (e.g. update_port_status).
    
    Closes-Bug: #1463254
    Change-Id: I7e95f81d9a3ef26ccdb18c6bfdf9adc29523aa79

commit d0bbfc090bb25f1e05b98f0ad70c18209b87ed6b
Author: Zhenguo Niu <niuzhenguo@huawei.com>
Date:   Tue Jun 9 08:28:45 2015 +0800

Fix typos in docs
    
    Change-Id: I71aeb8f1e5fc5f3e330e593a463858dd65e6093b

commit b322ebae09cc59ed0a860ea6e39ed9b6fa6c5c12
Author: yuyangbj <yangyu@vmware.com>
Date:   Wed May 13 14:07:36 2015 +0800

Fixes bulk insertion of data to ml2_port_binding
    
    We should use schema definition to insert bulk of data to table.
    Closes-Bug: #1454566
    
    Change-Id: I66b3ee8c2f9fa6f04b9e89dc49d1a3d277d63191

commit 3a5a8a62c372f3a516caa59fd655dcf923a82519
Author: Kyle Mestery <mestery@mestery.com>
Date:   Mon Jun 8 15:27:23 2015 +0000

Add Neutron PTL Office Hours
    
    To ensure a weekly oppurtunity to sync between the PTL and the
    Lieutenants, officially setup Neutron PTL Office Hours.
    
    Depends-On: Ia5c8090e90939097104cb95c0aa3b883f7b4dd9b
    Change-Id: Iab3c21764937ebb3a1d0553b3a3d42b5c44bf3cc
    Signed-off-by: Kyle Mestery <mestery@mestery.com>

commit 00899b56213753d523842f29d50353a067df6064
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Jun 8 14:42:18 2015 +0000

Python3: Enable all working tests in tox.ini
    
    Thanks to the recent Python3-related changes, these tests can now be run on
    Python 3.
    
    Change-Id: I7f689e221e59128012d46da2c90e61d5206fe828
    Blueprint: neutron-python3

commit 725543684cbe0df0edc4b6924f85e63e1628fa92
Author: rossella <rsblendido@suse.com>
Date:   Thu Mar 5 09:24:10 2015 +0000

Add get_events to OVSDB monitor
    
    OVSDB monitor can generate the events that the OVS agent
    needs to process (device added or updated). Instead of
    notifying only that a change occurred and that polling
    is needed, pass the events to the agent
    
    Change-Id: I3d17bf995ad4508c4c6d089de550148da1465fa1
    Partially-Implements: blueprint restructure-l2-agent

commit b239f75644bfdfec86f8a8efdabd6b11b766e822
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Tue May 26 16:42:44 2015 +0800

Update ipset members when corresponding sg member is empty
    
    if a security group has a rule with 'remote-group-id', the ports
    in this security group should update its relevant ipset member
    when the remote-group members is empty.
    
    Change-Id: I980ebfd8f6537f803d9d5cbf21ca33f727fea3b3
    Closes-bug: #1458786

commit b17ff81ef1b18395c0b0671a487f68201d739f43
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Fri Apr 24 18:28:17 2015 +0800

Send 'security_groups_member_updated' when port changes
    
    With ml2 plugin, when a port's IP or security group changes, it
    should send 'security_groups_member_updated' message to other l2
    agents which have same security group with this changed port.
    
    Change-Id: I2e7622d2db4c173ac879a95a6e0adf92b858fe82
    Closes-bug: #1448022

commit e2cfd87ab4abab95d713fa39a576ca7e41bce5c2
Author: Assaf Muller <amuller@redhat.com>
Date:   Sat Jun 6 18:41:39 2015 -0400

Remove full stack log noise
    
    "neutron-server isn't up yet" logs are useless because if
    you time out when waiting for the server to start that information
    will be in the trace. When you don't time out, the log is just spam.
    
    Same reasoning for the "There are %d agents running!" log.
    
    Also made the agents_count parameter mandatory for the
    wait_until_env_is_up method because having a default of 0, or any
    other default makes no sense. There's no reason to ever call that
    method without specifying the agents_count. This method used
    to be used with agents_count == 0 by the server to make sure
    its up (And responding to REST calls), but the Neutron server
    fixture now uses server_is_live method (Which calls list_networks)
    instead.
    
    Change-Id: Ifd6abd04ddaacc9976cb2a75269443f870b47c5b

commit e383378507d0d144de468e579f2e2defd41540b0
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date:   Sun Jun 7 02:50:35 2015 +0900

ML2: Remove TYPE_MULTI_SEGMENT
    
    It's a leftover from the pre-multiprovider world.
    
    Change-Id: Iaf93292d698032984dfc392fae3701c49e18adc8

commit b649b9c871d0734745da5a201eca83a6b407a1c5
Author: Stephen Ma <stephen.ma@hp.com>
Date:   Thu Jun 4 20:09:23 2015 +0000

L3 agent should do report state before full sync at start
    
    Sometimes the AgentNotFoundByTypeHost exception is reported during
    L3-agent startup. The exception is generated when the first
    get_routers RPC call is made. When the neutron server gets this
    RPC call, it might not have handled the report state RPC call yet.
    So the L3-agent hasn't been registered in the API server.
    The result is a RPC Error exception.  By the time the next
    get_routers RPC call is made, the report state RPC call has already
    been done and agent registered.
    
    This patch modifies the L3 agent startup behavior to have the report
    state done before the agent do the sync routers RPC call.
    
    Closes-bug: 1456822
    Change-Id: Id40cfd8466f45e20fea0e9df6fd57bf9c9e59da7

commit 127de06c7e09e1468f2855a3033fb6193a6b9365
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed May 6 22:40:39 2015 +0200

Clean only floating-ip related connection states
    
    Currently init_l3 deletes connection states related to ALL ips deleted
    in init_l3 but it's required only when floating-ips are deleted[1].
    
    This change deletes only connection states related to floating-ips
    deleted in init_l3 ... it avoids to delete connection states in dhcp
    agents and on router internal ports!
    
    [1] look at change Ia9bd7ae243a0859dcb97e2fa939f7d16f9c2456c
    
    Closes-Bug: #1452434
    Related-Bug: #1334926
    Change-Id: Icfcfc585df6fd41de1e1345fd731e4631a6950ce

commit 713ba0e8d7ce59eaff41518360530b2e7831c322
Author: Carl Baldwin <carl.baldwin@hp.com>
Date:   Thu Jun 4 22:25:44 2015 +0000

Refactor awkward logic in setup_dhcp_port
    
    I noticed this logic as I was reviewing another patch set [1].  I
    didn't like removing subnet ids from dhcp_enabled_subnet_ids and I
    wasn't too keen on the ips_need_removal semantics that were kind of
    forced by the existing structure of the code.  I hope you find this
    alternative much clearer.  I like straight-forward code with less
    indentation that doesn't use awkward booleans like ips_needs_removal.
    
    [1] https://review.openstack.org/#/c/157697/6
    
    Change-Id: I8bd3d6924a855ea08f8096e66bd3bfbb165a4da3

commit 101ff1a81f15314cb9a07a6b65787c4324913c8a
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Tue May 19 09:42:51 2015 -0700

Add a "light" base test class for DB tests
    
    This newly added class simply extends DietTestCase
    with support for SQL operations.
    
    Related-Blueprint: better-quotas
    Change-Id: I2debc6a144ee93155c8e36f06aecb9735dbf55d4

commit 62d37f91872aaaefdee50e5cd1ed87456b8a6532
Author: rossella <rsblendido@suse.com>
Date:   Fri Jun 5 13:09:35 2015 +0200

Make _val_to_py and _py_to_val not private
    
    Move _val_to_py and _py_to_val to neutron.agent.ovsdb.api
    and remove the underscore since they will be used by other
    classes.
    
    Change-Id: I3a469ab3b1c1d83ad20dc6c77f1072fc6d546419

commit 546cab2d62a0daf88ef192dd2fb2e185b39a7fcb
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Fri Jun 5 14:01:10 2015 +0300

Decompose db_base_plugin_v2.py part 2
    
    This patch contains method moving with minor modifications like updating
    class names. IPAM specific methods were moved into ipam_backend_mixin and
    ipam_non_pluggable_backend.
    
    ipam_backend_mixin - contains code common for both backends (pluggable and
    non-pluggable).
    
    ipam_non_pluggable_backend - contains code specific for non-pluggable
    IPAM implementation.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I6d68e4066ca472107def197c5a5afccbb6886a0e

commit 45b28ddfe8ac23871e65feb4132d5f048c783222
Author: Vincent Legoll <vincent.legoll@iphc.cnrs.fr>
Date:   Fri Jun 5 13:05:48 2015 +0200

Fix typo in test class name
    
    Make "Redering" -> "Rendering"
    
    Change-Id: Ieedb446fa1e06705eb70293d83350d4dfd57d2db
    Signed-off-by: Vincent Legoll <vincent.legoll@iphc.cnrs.fr>

commit 8c5ef2cd6e1819c4f51b01cb3504da34ef377546
Author: Elena Ezhova <eezhova@mirantis.com>
Date:   Thu Jun 4 17:00:13 2015 +0300

Start linuxbridge neutron agent using a launcher
    
    This change ports linuxbridge neutron agent on common/service code
    that will allow to handle termination signals (SIGHUP, SIGTERM, SIGINT).
    
    Note that this patch allows changing only logging options.
    All other config options are not handled explicitly and changing
    them using SIGHUP can lead to unpredictable circumstances.
    So, until changing other options is handled it is highly recommended
    to use SIGHUP for changing ONLY logging options.
    
    DocImpact
    Change-Id: I1d834e0683b04111ef04c148cbd8d4acf2964065
    Closes-Bug: #1461539

commit ea5ad714cfcd336c0062ddeb13238c452117782a
Author: Elena Ezhova <eezhova@mirantis.com>
Date:   Mon Jun 1 14:55:13 2015 +0300

Handle SIGHUP in ovs neutron agent
    
    This change allows ovs neutron agent not to die on receiving SIGHUP
    and reload its logging options.
    
    Note that this patch allows changing only logging options.
    All other config options are not handled explicitly and changing
    them using SIGHUP can lead to unpredictable circumstances.
    So, until changing other options is handled it is highly recommended
    to use SIGHUP for changing ONLY logging options.
    
    Change-Id: Ic0cf8a9ca7f3a16b556a6825e2979471ae136c33
    Partial-Bug: #1276694

commit 615cac19913830e3dd15d1668d4fb2046202270f
Author: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date:   Mon Feb 23 16:25:53 2015 +0900

test_ovs_neutron_agent: Remove useless ofport=10 arguments
    
    The kwarg ofport has been removed from method signatures
    where it was never used.
    
    Change-Id: Iee671e8d870ba4ef5175a639bbaf365a5eaf5ef7

commit 839706df7c742ec4b132dc6f18857679cfd870f5
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date:   Wed Jun 3 22:35:58 2015 +0900

test_l3: Don't assume the order of subnets
    
    Fixes test_router_add_gateway_multiple_subnets_ipv6 failures
    on my environment.
    
    Change-Id: I44b4dd0cee393ea796f35b999cc111b60ef63db1

commit 38eae7acb30de6f1f8dbb36855a5c913d9370fc5
Author: Cyril Roelandt <cyril.roelandt@enovance.com>
Date:   Tue May 19 16:16:38 2015 +0000

Python 3: do not index a dict_values object
    
    In Python 3, dict.values() return a dict_values object instead of a list, as in
    Python 2. This object cannot be indexed.
    
    Change-Id: Ia4fdb4cafb1811c55dc8f14e303ab2db1b1110b3
    Blueprint: neutron-python3

commit 74dcc91aa85ab2e250fa32d6b895b2d5f7f2d5ba
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Thu Jun 4 17:58:06 2015 +0200

versionutils: switch from incubator version to oslo.log
    
    Note that we require oslo.log >= 1.2.0 since it's the first release that
    included the module.
    
    Change-Id: I2b7d587d8c4b0c885873c9c8083abb8fc35780c9

commit c0afeba0b55318e4508d59a68bc7c15e23a9a996
Author: Jakub Libosvar <libosvar@redhat.com>
Date:   Wed May 27 13:50:22 2015 +0000

Run RootHelperProcess always as root
    
    The purpose of RootHelperProcess is to spawn processes running with root
    id. Instantiating RootHelperProcess as non-root doesn't make sense. This
    also implies NetcatTester always spawns 'netcat' process as root. The
    reason why parameter existed here was due to refactor from passing
    root_helper all over the place.
    
    Change-Id: If042efcd75e46b66abf4a9e303e633749a1611b1

commit 28c95da3f500ce80258784514bfff1dc5d22bf1c
Author: Alexander Maretskiy <amaretskiy@mirantis.com>
Date:   Thu Jun 4 16:32:12 2015 +0300

Changes in rally-jobs/README.rst
    
    Changes:
      * fix broken links
      * add link to release notes
    
    Change-Id: Ie42b246aac2fd4f6de8cd8bcf28e5ff2906ffd32

commit 770859d25b9d95b28794832d673ff6127a9f936f
Author: Dmitry Ratushnyy <d.ratushnyy@gmail.com>
Date:   Mon Apr 20 16:22:27 2015 +0300

Add more API tests for port-security extension:
    
    Test create port with specific value of port_security_enabled
    Test create secure port with security_group attached
    Test update port with port_security_enabled True\False
    and with or without security groups
    Test deleting port with port_security_enabled
    
    Change-Id: Id71f5451dc17f374feff1a3bdb35fb9ec42f0fa1
    Depends-On: Ia27881a34ff99cad34c84764d2bf8a6cdf77af9c
    Depends-On: Ie0ec090e8fdce7dbdbce14ef47f38e8e57f262d4

commit 9cac5c3a9f5238fde7fd4e1c01644cdfe48785d2
Author: Henry Gessau <gessau@cisco.com>
Date:   Mon Jun 1 14:36:17 2015 -0400

Decompose the NCS ML2 Mechanism Driver
    
    The last of the Cisco drivers to decompose.
    
    Closes-bug: #1416713
    Co-Authored-By: Nikolay Fedotov <nfedotov@cisco.com>
    
    Change-Id: Icd2b358fb0db3d859ee287225ab8eeb10d7da871

commit 52ac1c30086738ad798bdafeede2172ee23897e6
Author: YAMAMOTO Takashi <yamamoto@midokura.com>
Date:   Wed Jun 3 22:21:52 2015 +0900

test_db_base_plugin_v2: Don't assume the order of fixed_ips
    
    Fixes test_ip_allocation_for_ipv6_2_subnet_slaac_mode
    failures on my environment.
    
    Change-Id: I18a9a177a60c364d79943a8d68b46fde3b9f5d74

commit d00bd978f849df6d8f6f40dbc75b5b3fbdd610ea
Author: Angus Lees <gus@inodes.org>
Date:   Thu Jun 4 12:55:02 2015 +1000

pylint: enable `duplicate-key` check
    
    This check attempts to detect dictionary literals with duplicate keys.
    
    The rest of the Neutron tree has already had the few instances of this
    cleaned[1] or moved into external vendor repos.  Enabling the pylint
    check will stop future occurrences.
    
    [1] I29cd2b843a7905986de13a1ecfba0cb5797ccaf8
    
    (Original patch I1aa221d2019853f905f2b8421dd45b0a3102baf0 by zhiyuan_cai)
    
    Change-Id: If4fed9714cd7fa586845f21f8f56dde2645cc5e0
    Co-Authored-By: zhiyuan_cai <luckyvega.g@gmail.com>

commit b0b9e8bcaf3b2b9f33f8d3cd0bcdc21e8b7a1a87
Author: Assaf Muller <amuller@redhat.com>
Date:   Wed Jun 3 13:50:57 2015 -0400

Remove reference to non-existent fullstack fixture
    
    EnvironmentFixture doesn't actually exist, and environment
    should be a mandatory parameter.
    
    Change-Id: I5598e176f297bcfa3b2cab188b4b446ce18d54ab

commit 75c3a8dee4a7f643d7654e2ea4641fd1bd18af62
Author: Carl Baldwin <carl.baldwin@hp.com>
Date:   Wed Jun 3 16:56:23 2015 +0000

Enhance utils.ensure_dir to be resilient to concurrent workers
    
    In rare cases, concurrent workers may attempt to ensure a directory
    exists.  One may successfully create the directory while the other
    gets an oserror that it already exists.  This patch detects the
    problem and returns successfully in both cases.
    
    Change-Id: I224be69168ede8a496a5f7d59b04b722f4de7192

commit 92b946e90b6cdd90deba2097196970afaaaf8dab
Author: Carl Baldwin <carl.baldwin@hp.com>
Date:   Wed May 27 20:12:27 2015 +0000

Use a single method to remove an address with its conntrack state
    
    I just noticed a pattern and I thought I'd throw this up for
    discussion.  It has occurred to me that this addition sort of breaks
    the ip_lib paradigm of wrapping ip commands without any additional
    useful abstraction.  Any better ideas?
    
    Change-Id: Ibd34bf4a721c153aca916e294e58adb4a28379e4

commit ece8cc2e9aae1610a325d0c206e38da3da9a0a1a
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Wed Jun 3 14:22:29 2015 +0300

Decompose db_base_plugin_v2.py
    
    Moved private getters and simple helpers into db_base_plugin_common.
    This change is part of bigger refactoring for supporting Pluggable IPAM.
    Main purpose is to make getters accessible by IPAM code.
    
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: I1eac61c258541bca80e14be4b7c75519a014ffae

commit ea643d9163427b75aff7053d00c97dc84680e63b
Author: Russell Bryant <rbryant@redhat.com>
Date:   Tue Jun 2 15:20:44 2015 -0400

Add sub-project lieutenants
    
    A recent patch added the concept of Lieutenants for Neutron.  This
    same concept makes a lot of sense for identifying clear points of
    contact for the various sub-projects under the Neutron tent.  This
    patch adds a table of the projects currently approved as part of
    Neutron in the governance repo.  I also made a guess on who the
    lieutenant would be based on reviews in stackalytics (except for ones
    that weren't in stackalytics).
    
    Change-Id: Ibce5d6ba5e19dec59a10c88749557509136c4e41
    Signed-off-by: Russell Bryant <rbryant@redhat.com>

commit 913298da04a52f31182c8849efe77b2310b4c2e1
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Wed Jun 3 15:38:50 2015 +0300

Fix confusing parameters names
    
    Change-Id: Ib00135e1d0b8f334d660de9a80629e084efb13ba

commit 052054133abb76ef944d17e97df3afc8bc3f1738
Author: Aman Kumar <amank@hp.com>
Date:   Wed Jun 3 05:15:25 2015 -0700

Extra indent in test_ovs_neutron_agent
    
    This patch removes extra indent errors from test_ovs_neutron_agent
    
    Change-Id: I1270cca3699b7874047f7812710f2611cc465493

commit 608c282285380704e70228ef549646a61492d2bd
Author: Aman Kumar <amank@hp.com>
Date:   Tue Jun 2 23:49:40 2015 -0700

Make MockFixedIntervalLoopingCall class as a helper class
    
    MockFixedIntervalLoopingCall class is used in both the classes
    TestOvsNeutronAgent and TestOvsDvrNeutronAgent.
    
    This patch removes the MockFixedIntervalLoopingCall from both the
    places and make it as a helper class in test_ovs_neutron_agent.py.
    So that it will be used everywhere in test_ovs_neutron_agent.py.
    
    Change-Id: I5e0803436e91b4f20ec03209e9e799a68df4eaf4

commit 6575db592c92791a51540134192bc86465940283
Author: Kevin Benton <kevinbenton@buttewifi.com>
Date:   Wed Jun 3 05:52:51 2015 +0000

Revert "Add VIF_DELETED notification event to Nova"
    
    We need to wait until the nova support is added in
    I998b6bb80cc0a81d665b61b8c4a424d7219c666f. Otherwise
    this generates a ton of error messages in the nova api
    log as well as on the neutron side.
    
    This reverts commit 0ace88fd4a75ff213dc36fd16c1f8e7080ab7d6d.
    
    Change-Id: I129c4e4c05cf07d45032fec6f57e0cc17a5a82af
    Closes-Bug: #1461391

commit 45ea2cf10033e12c63b8ce2cd78b04755d0aba64
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Wed May 6 12:50:11 2015 +0300

Wrap ML2 delete_port with db retry decorator
    
    ML2 delete_port operation currently involves locking ports
    and bindings tables which may lead to DBDeadlock errors in certain
    cases when several ports are deleted concurrently.
    That may happen due to specifics of Galera working in active-active
    mode: it may throw deadlock errors when it fails to validate
    a change with other members of the cluster.
    The fix adds retries to delete port operation to overcome such
    deadlocks
    
    Closes-Bug: #1422504
    Change-Id: I684691d59c5ac370d74314c3c91857dc709b2d9b

commit f4d72a8fdfb2c897aa0a0581ca9cb9d9da4a4167
Author: Aaron Rosen <aaronorosen@gmail.com>
Date:   Tue Jun 2 17:34:48 2015 -0700

Remove extra indent in testcases
    
    Change-Id: I42cb044d75d53eab7ba180954589c718374857ee

commit 75f3aaa4cc42c2c1280f6c578e27e64cff8f860c
Author: Kevin Benton <blak111@gmail.com>
Date:   Tue Jun 2 16:52:14 2015 -0700

Check for 'removed' in port_info before reference
    
    scan_ports can return early on no changes, in which case
    'removed' won't be present in the dict. The deleted_ports
    logic wasn't setup to handle that.
    
    This patch checks for the key before trying to reference it.
    
    Change-Id: I0e2c6d76515ad8e2a2addc8d40451ac003a150f7
    Closes-Bug: #1461325

commit ae8c1c5f80fd4fb7b4ab116677f4cff988c67cf1
Author: Eugene Nikanorov <enikanorov@mirantis.com>
Date:   Tue May 26 20:17:20 2015 +0400

Catch broad exception in methods used in FixedIntervalLoopingCall
    
    Unlike other places where it might make sense to catch specific
    exceptions, methods that are used to check L3 and DHCP agents
    liveness via FixedIntervalLoopingCall should never allow exceptions
    to leak to calling method and interrupt the loop.
    
    Further improvement of FixedIntervalLoopingCall might be needed,
    but for the sake of easy backporting it makes sense to fix the issue
    in neutron before pushing refactoring to 3rd-party library.
    
    Change-Id: I6a61e99a6f4e445e26ea4a9923b47e35559e5703
    Closes-Bug: #1458119

commit 805d4b148ae4b32657ed6a83e9a530b8b2c806ac
Author: Assaf Muller <amuller@redhat.com>
Date:   Tue Jun 2 12:21:11 2015 -0400

Add devref that explains fullstack testing and its direction
    
    The goal of this doc is to communicate what are full stack tests,
    how they benefit you and when would you write such a test.
    
    Additionally I'd like to communicate the way forward, and gather
    feedback about any areas in the code that can benefit from full
    stack tests, and any additional thoughts!
    
    Change-Id: Ifd4ff9be0ed0184a49df6566d238c31a328cd23f

commit b48bccc60e4fd552d7b127376f41810b61e0ba9d
Author: Assaf Muller <amuller@redhat.com>
Date:   Mon Jun 1 17:05:56 2015 -0400

Remove get_dhcp_port RPC method
    
    This method was last used in Icehouse.  I think we can safely
    remove all of its code and tests. Icehouse to Liberty rolling
    upgrades are in no way expected to work so I just bumped
    the RPC version and removed all traces of the code.
    
    Change-Id: Ia545c5be7da80c919ad5bae6074bc1cc3aa89fa0
    Closes-Bug: #1314534

commit 46223363bd4d41639102ae1923dd1dfb306ec808
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Sat May 30 20:41:29 2015 +0200

Refactor type_tunnel/gre/vxlan to reduce duplicate code
    
    gre and vxlan type drivers have similar implementations for multiple
    methods:
    * get_endpoint_by_host
    * get_endpoint_by_ip
    * delete_endpoint
    * get_endpoints
    * add_endpoint
    
    This change abstracts these methods and moves the abstractions to the
    new class EndpointTunnelTypeDriver.
    
    Change-Id: Iab97f8283b6bf5586334958de950664f6e74202a

commit 637b2f42560508c8b131718d9a6920d86d9a6c55
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Tue Jun 2 06:15:35 2015 +0000

Imported Translations from Transifex
    
    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure
    
    Change-Id: Iadf5c59306dd4f8ce574a2d7259bd6a03d60a72a

commit 490bdabd4c5835bac2314722c498e6dc6e85979d
Author: Gal Sagie <gal.sagie@huawei.com>
Date:   Tue Jun 2 08:49:10 2015 +0300

Update rootwrap.conf to add /usr/local/bin
    
    When working with OVN i found on Fedora 21 that
    my ovs-vsctl is installed in /usr/local/bin, since this wasnt in
    rootwrap DHCP didnt work properly.
    This change adds it to rootwrap
    
    Change-Id: Ib3646933744ca6b20ecd5ad0cedcedb4f1fa5f12

commit cda0b14112484d4776c7ccb6be78b7e23fdd5424
Author: Eugene Nikanorov <enikanorov@mirantis.com>
Date:   Tue Jun 2 06:15:39 2015 +0400

Add route to metadata IP by default
    
    Windows VMs try to resolve metadata ip 169.254.169.254 as
    local address by default, which results in very slow access
    to metadata url during boot.
    Injecting direct route to metadata ip through a subnet's default
    gateway helps Windows to avoid wasting time on mac resolution.
    
    So this patch injects host route for metadata ip for networks plugged
    into a router.
    
    Closes-Bug: #1460793
    
    Change-Id: Ic991f9d7f9a8cf942e3e29f2da03d73c0f26470a

commit 3751f9ab349ea5b4c3d9836592e7928c37211091
Author: Cyril Roelandt <cyril@redhat.com>
Date:   Mon Jun 1 20:53:46 2015 +0000

Python3: use six.iteritems() instead of dict.iteritems()
    
    This also adds a check to neutron/hacking/checks.py that should catch this
    error in the future.
    
    Blueprint: neutron-python3
    Change-Id: Ie7b833ffa173772d39b85ee3ecaddace18e1274f

commit 96e2314c8c0f06967b53828b0a771973f0031243
Author: Assaf Muller <amuller@redhat.com>
Date:   Fri May 29 19:17:34 2015 -0400

Modify ipset functional tests to pass on older machines
    
    Production code uses ipset exclusively in the root namespace,
    however functional testing uses ipset in namespace for isolation.
    This poses an issue as ipset is not supported in namespaces on
    all kernels and distributions (I'm looking at you CentOS/RHEL 7.1).
    
    This patch changes the ipset functional tests to work in the root
    namespace while taking care of cleanups.
    
    Change-Id: I08b2f59197ed76e59b2e58b5a10820653e857cda
    Closes-Bug: #1460220

commit 70e07629bf263370102350d922d62970c60d5aa4
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Tue May 19 09:27:14 2015 -0700

Add a non-mixin function for model queries
    
    This patch simply adds a version of model_query in
    neutron.db.common_db_mixin which can be invoked without
    having to declare a class which inherits the mixin.
    
    To this aim, model_query_scope has been refactored as well.
    As the model query function being introduced in this patch
    cannot use model query hooks (and does not need to), the
    method was re-implemented rather than bringing out of the
    mixin as it has been done for model_query_scope.
    
    This change will allow for developing DB APIs without
    having to use the baseDB/mixin classes models used so far.
    
    Related-Blueprint: better-quotas
    
    Change-Id: I7a79980f626e9eaf2775711c8a25f508067e5716

commit bacd69386d9df2abb41f62d1fa90f9cfaa215c62
Author: Pavel Bondar <pbondar@infoblox.com>
Date:   Thu Jan 15 15:00:02 2015 +0300

Implement IPAM Driver loader
    
    IPAM Driver is loaded based on value of 'ipam_driver'.
    Added new variable 'ipam_driver' in config.
    
    DocImpact
    Partially-Implements: blueprint neutron-ipam
    
    Change-Id: Ia52ad70ef4f0b02cf82cfefcf50b9f1e30b05b79

commit 4a234ab1a35708bf85fe57d9290056ac74227eab
Author: Elena Ezhova <eezhova@mirantis.com>
Date:   Mon Jun 1 12:58:32 2015 +0300

Remove comment about hash seed in tox.ini
    
    Enable random hash seeds change [1] has merged so the comment
    can be safely removed.
    
    [1] https://review.openstack.org/#/c/185572/
    
    Change-Id: I93f64841792f9c38f5121ca47c130ad769c11dc4

commit 9b29f62491ec0e1cb27601e6ad53cf152de5eb66
Author: Moshe Levi <moshele@mellanox.com>
Date:   Sun May 31 13:27:56 2015 +0300

Refactor mlnx mechanism driver to support infiniband only
    
    The old mlnx mechanism driver was used for SR-IOV with Ethernet
    and infiniband support but the PCI allocation wasn't done by nova.
    Juno introduced sriovnicswitch mechanism driver for SR-IOV with
    Ethernet support. Mellanox recommends on using it.
    The updated mlnx mechanism driver supports SR-IOV infiniband.
    
    * support only port vnic_type 'direct'
    * update vif_type name to ib_hostdev (the ib_hostdev is generic vif_type
      for SR-IOV infiniband see https://review.openstack.org/#/c/187052/)
    
    Closes-Bug: #1460430
    DocImpact
    
    Change-Id: Ia822b492afdfeb1aecf373d5a8cdb72174512884

commit c60c3e4f88aa28b9d2e6b6dcc7bc2a858433952d
Author: Henry Gessau <gessau@cisco.com>
Date:   Sun May 31 14:51:50 2015 -0400

Remove unused _uuid function alias from test_iptables.py
    
    Change-Id: If80de5ee6588ffd2338387e6592cf2812b106e1f

commit 193e745ac63d3a404b577ab61dd331779beb6a4b
Author: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date:   Fri May 29 15:00:45 2015 +0900

test_ovs_neutron_agent: Remove unnecessary mocking
    
    Leftover from change I90b4d2485e3e491f496dfb7bdee03d57f393be35.
    
    Change-Id: Ia2596718678d3102ad99acbdf30be7ef0f52ad27

commit b7ffbf96ff414ce615c10c83fea85d7f1fdcce70
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Sat May 30 22:04:59 2015 +0200

Refactor type_gre.vxlan tests to reduce duplicate code
    
    gre and vxlan type drivers unittests have similar tests. This change
    abstracts these tests and moves them to TunnelTypeTestMixin[1].
    
    [1] neutron.tests.unit.plugins.ml2.drivers.base_type_tunnel
    
    Change-Id: I13b0507991e840ff34de7ed7ffd31d359691b0ca

commit 9a73722992cc302127472a5a98ca05348db52a5f
Author: Alexander Ignatov <aignatov@mirantis.com>
Date:   Sat May 30 00:49:31 2015 +0300

Removed duplicate keys in dicts in test
    
    Test test_create_security_group_rule_invalid_ethertype_for_prefix
    contained dict with duplicate keys, remote ip prefixes.
    
    Test was successful because incorrect items for tests were overwitten:
    
    '192.168.1.1/24': 'ipv4'  by '192.168.1.1/24': 'IPv6'
    '2001:db8:1234::/48': 'ipv6' by '2001:db8:1234::/48': 'IPv4'
    
    This patch removes incorrect and useless items for tests.
    Also added additional item with invalid ethertype.
    
    Change-Id: I29cd2b843a7905986de13a1ecfba0cb5797ccaf8

commit c44506bfd60b2dd6036e113464f1ea682cfaeb6c
Author: Kevin Benton <blak111@gmail.com>
Date:   Fri Apr 17 04:03:38 2015 -0700

Don't update floating IP status if no change
    
    The floating IP status was going through all of the
    status update code every time the L3 agent sent in
    an update, even if the status didn't change.
    
    This patch skips sending updates to the server if the
    agent doesn't change the status.
    
    Change-Id: Ic3736bed3dc3e4ccb91f4acfabbf033949e09ce0
    Partial-Bug: #1445412

commit e007167a700aa5b80ecb48adff0ac36bb330591d
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Apr 30 17:14:44 2015 -0700

Don't delete port from bridge on delete_port event
    
    Commit d6a55c17360d1aa8ca91849199987ae71e8600ee added
    logic to the OVS agent to delete a port from the integration
    bridge when a port was deleted on the Neutron side. However,
    this led to several races where whoever created the initial
    port (e.g. Nova, L3 agent, DHCP agent) would be trying to
    remove the port from the bridge at the same time. These
    would result in ugly exceptions on one side or the other.
    
    The original commit was trying to address the problem where
    the port would maintain connectivity even though it was removed
    from the integration bridge.
    
    This patch addresses both cases by removing the iptables rules
    for the deleted port and putting it in the dead VLAN so it loses
    connectivity. However, it still leaves the port attached to the
    integration bridge so the original creator can delete it.
    
    Related-Bug: #1333365
    Closes-Bug: #1448148
    Change-Id: I7ae7750b7ac7d15325ed9f2d517ca171543b53be

commit ef5b4f52749b246d8165058ff320399c9c13f5ac
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue May 26 14:29:15 2015 +0200

Enable random hash seeds
    
    Neutron tests have been updated in order to support random hash seed. It
    allows to remove PYTHONHASHSEED=0 in tox.ini and remove hashtest tox
    environment.
    
    Closes-Bug: #1348818
    Change-Id: I1063304dda887eb82c0de8516d5a483fa8943fc1
    Depends-On: I8408365825ec1e97a83c2181f38ec1f9468df91e
    Depends-On: I1b2bd4100c19004f12822c414aefc86aae9849db
    Depends-On: I5077764045a34d1be0e85bb4b80f3655e87692cc

commit 5c7e7c0ca7229ac7bb32964378a8bbef142bcdbf
Author: Joe Gordon <joe.gordon0@gmail.com>
Date:   Fri May 29 14:28:34 2015 -0700

Fix formatting of core-reviewers doc
    
    Fix some RST formatting issues with the core-reviewers policy document.
    
    When reading the RST rendered version of that document at
    http://docs.openstack.org/developer/neutron/policies/core-reviewers.html
    I noticed a few rendering issues where were bothering me, so I fixed
    them.
    
    Change-Id: Ic6eedc2bb18f6bbb6424542dbf4a88ed52ebea1d

commit 422588e13338dab4a5ba1973c96256690ba4adf5
Author: Adrien Vergé <adrienverge@gmail.com>
Date:   Fri May 29 22:54:33 2015 +0200

Get completely rid of contextlib.nested
    
    `contextlib.nested` is deprecated since Python 2.7 and incompatible with
    Python 3. This patch removes all its occurences by using the helper
    script at [1].
    
    This is a necessary step to allow us running all unit tests with
    Python 3 (not just a small subset as it is done now).
    
    [1]: https://github.com/adrienverge/context_unnester
    
    Change-Id: I8d1de09ff38ed0af9fb56f423a2c43476408e0fb
    Blueprint: neutron-python3
    Closes-Bug: #1428424

commit 880252868b8509125f6463e2709c2d0c4f3957ea
Author: Adrien Vergé <adrienverge@gmail.com>
Date:   Mon May 25 18:46:03 2015 +0200

Fix indentation errors in tests
    
    They are some missing/extra indentations in tests source code. This
    results in variables used out their scope (which remains unnoticed as
    long as `with` contexts do not fail), and prevent refactoring scripts
    (such as the one for getting rid of `contextlib.nested` [1]) from
    performing well.
    
    This simple patch fixes these indentation errors.
    
    [1]: See change I8d1de09ff38ed0af9fb56f423a2c43476408e0fb
    
    Change-Id: Icef34c7755e0d96c4c5ee85982de86d0ccc196c7
    Related-Blueprint: neutron-python3

commit 9ff8cd524621daf6cd20da939238eee14b5a231f
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed May 27 08:53:00 2015 +0200

Improve test_set_members_deleting_less_than_5
    
    In test_set_members_deleting_less_than_5[1], 3 ips are deleted from
    ipset but test_set_members_deleting_less_than_5 checked that the
    first one was deleted because the call ordering was non-trivial.
    
    The test was successful because
    assert_has_calls(expected_calls, any_order=False) allows extra calls
    before and after expected_calls.
    
    A parent change[2] forces the call ordering, this allows to check that
    the 3 ips are deleted.
    
    [1] neutron.tests.unit.agent.linux.test_ipset_manager
    [2] I8408365825ec1e97a83c2181f38ec1f9468df91e
    
    Related-Bug: #1348818
    
    Change-Id: I773e2cd19fdec634b728d0c3a78c1d66392c743f

commit e43c037e14f0055206f16cc9549e03a3f6e43755
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue May 26 13:24:58 2015 +0000

Rename test_periodoc_resync_helper to test_periodic_resync_helper
    
    Change-Id: Iaaf57b5cdbe634af8ceda0fef4c920cdb053eed4

commit 77303fbeaa060bcee2befad65dccb457fbb6ab65
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue May 26 14:38:26 2015 +0000

Sort _get_new/deleted_set_ips responses in unittests
    
    This fixes the test_set_members_adding/deleting_less_than_5 unit test
    that breaks with a randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that the _get_new/deleted_set_ips from
    neutron.agent.linux.ipset_manager return elements in a particular order.
    Found with PYTHONHASHSEED=1.
    
    The fix refactors the test case to force sorted responses from
    _get_new/deleted_set_ips during unittests.
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: I8408365825ec1e97a83c2181f38ec1f9468df91e

commit 359b7c971a88f6dff64e8e4d558210a880f3ee0f
Author: Ian Wienand <iwienand@redhat.com>
Date:   Thu May 7 14:59:38 2015 +1000

Ensure netfilter is enabled for bridges
    
    Since security-groups use iptables rules on Linux bridges, we need to
    ensure that netfilter is enabled for bridges.  Unfortunately, there
    seems to be a long history of distributions having differing defaults
    for this, best described in [1].
    
    It seems at the moment everyone has to discover this for themselves;
    packstack found it in Ia8c86dcb31810a8d6b133a161388604fde9bead4, then
    fuel found the same thing in I8582c24706c3a7253e00569eef275f116d765bca
    and then finally someone else hit it and put it into documentation
    with I4ed3cec03a1b3a7d56dfe18394154ec1b2db6791.  I just spent a long
    time figuring it out too when deploying with devstack.
    
    Rather than having yet another fix in devstack, I don't see why
    neutron shouldn't be ensuring the setting is correct when it starts up
    -- without these settings enabled, security-groups are silently
    broken.  This does that, and modifies test-cases to check we make the
    calls.
    
    [1] http://wiki.libvirt.org/page/Net.bridge-nf-call_and_sysctl.conf
    
    Change-Id: If2d316eb8c422dc1e4f34b17a50b93dd72993a99

commit b058658780f0ccb2787c26e3e95cabcc8e2e6349
Author: Oleg Bondarev <obondarev@mirantis.com>
Date:   Thu May 14 15:09:24 2015 +0300

Cleanup stale metadata processes on l3 agent sync
    
    Currently l3 agent only cleans up stale namespaces.
    The fix adds checking and deleting stale metadata processes
    to NamespaceManager class responsible for clearing stale
    namespaces
    
    Change-Id: I2b081803e312589d3d8a7808d286a6c9827ef53f
    Closes-Bug: #1455042

commit c23619417f51f2bbd161cc5bfe314847eb20cd19
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Fri May 29 06:16:46 2015 +0000

Imported Translations from Transifex
    
    For more information about this automatic import see:
    https://wiki.openstack.org/wiki/Translations/Infrastructure
    
    Change-Id: I79fd889e390b436fd92fd07951517c50a617b961

commit c9fcbc2e7758acf08867db9a7bc89685cd916bbb
Author: shihanzhang <shihanzhang@huawei.com>
Date:   Tue May 26 09:29:58 2015 +0800

Fix ovs agent restore local_vlan_map failed
    
    when ovs agent restart, it will restore the local_vlan_map, but in
    some condition, if a device does not be set tag in ovsdb, the function
    'db_get_val("Port", port.port_name, "tag")' will return a empty list,
    it does not need 'provision_local_vlan' for this device.
    
    Change-Id: I70ed30e6ea5d13e6f14bb41c957320cc21dbca1b
    Closes-bug: #1458709

commit a0c9745e90596d4a3207e844332e078ca7ecc5fa
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu May 28 16:48:04 2015 -0700

Use correct time delta function
    
    The .seconds attribute of a timedetla object cannot be taken in
    isolation because it can overflow into days. For example, a -1 second
    difference will become -1 day and 86399 seconds.
    
    This became a problem when the agent clock was slightly ahead of
    the server clock. When calling (server_time - agent_time).seconds
    in this scenario, it would go below 0 in the daily seconds and
    wraparound to 86399 seconds and -1 day.
    
    This patch corrects the issue by using a method in timeutils that
    ends up calling total_seconds(), which was designed for this usecase.
    It also restores the formatting that was removed in patch:
    Ibfc30444b7a167fb18ae9051a775266236d4ecce
    
    Closes-Bug: #1456760
    Change-Id: Ie90249ab68bb5f8d117872d52180c7087d8fac9b

commit 36a1d14b58028d0294e67786129a2a09ce393cde
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed May 27 20:30:28 2015 +0200

Do not assume order of security group rules
    
    This fixes the unit tests[1] that breaks with a randomized
    PYTHONHASHSEED (see the bug report).
    
    The test assumed that the security_group_rules_for_devices method from
    neutron.agent.securitygroups_rpc returned security group rules in a
    particular order. Found with PYTHONHASHSEED=2.
    
    The fix refactors the test case to handle unsorted security group rules.
    
    [1] neutron.tests.unit.plugins.ml2.test_security_group.\
        TestMl2SGServerRpcCallBack.\
        test_security_group_rules_for_devices_ipv4_ingress_addr_pair
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: I1b2bd4100c19004f12822c414aefc86aae9849db

commit 818a797693d828d72083ac3b98e54df59574dbe7
Author: Rich Curran <rcurran@cisco.com>
Date:   Thu May 28 11:32:21 2015 -0400

ML2: Incorrect commented cisco mechanism driver name
    
    The ml2_conf.ini example for the cisco mechanism driver is incorrect.
    Update to remove confusion.
    
    Change-Id: I0d3aff31a3bc78ef5ee042ff1f37dbb6e1459635
    Closes-Bug: 1459723

commit 24ec6e214bb32a1bd79e1c98cecf737ed1fc5d10
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Thu May 28 14:40:25 2015 +0200

py34: don't run any tests except unit tests
    
    py34 job was intended for unit tests only. It's important to distinguish
    between different types of tests, because they all have different
    requirements to execution environment. E.g. functional tests are not
    expected to run in a restricted env designed for unit tests, and that's
    even more valid for fullstack tests.
    
    Otherwise, the job may fail or apply irrecoverable changes to test
    runner system, breaking the system.
    
    If we ever want to support py3 for other types of tests, we should add
    separate jobs just for that.
    
    Note that the neutron-python3 blueprint was not intended to introduce
    changes to support anything but unit test execution with the new Python
    version, so strictly speaking, any effort to make other test types work
    is out of scope.
    
    Change-Id: Ia96f03f05269c1938b51ee26f4b4075b69967bb8

commit 2fcbbf3031fe1d326ddb2b9bb1b06e0e39422022
Author: John Schwarz <jschwarz@redhat.com>
Date:   Thu May 7 09:02:59 2015 +0300

Move full-stack logs post-tests
    
    Currently, it's up to the developer who wants to run full-stack on his
    machine to make the directory in question (/opt/stack/logs). However,
    this also means that the files don't get compressed at the end of a gate
    run. Now, each full-stack test will have each own log directory in /tmp.
    Once the logs are there, post_test_hook.sh can run 'gzip' on all the log
    files before moving them to /opt/stack/logs on its own.
    
    Change-Id: I5c04d0af0b9858722ae0c4baf0ee478ffb078e02

commit b4363a48214f1bb21bd7934f05a6440bb5d66bb7
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Thu May 28 09:07:23 2015 +0200

Fix PYTHONHASHSEED bugs in test_security_groups_rpc
    
    This fixes the test_security_group_member/rule_updated unit tests[1]
    that breaks with a randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that several dictionaries had elements in a
    particular order. Found with PYTHONHASHSEED=2.
    
    The fix refactors the test case by injecting values using the same
    ordering[2].
    
    [1] neutron.tests.unit.agent.test_securitygroups_rpc.\
       TestSecurityGroupAgentWithOVSIptables
    
    [2] https://github.com/openstack/neutron/blob/\
       e8364a72e62d83e5a76bec1d7aa76ecfe2ed53ac/\
       neutron/tests/unit/agent/test_securitygroups_rpc.py#L1630-L1635
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: I5077764045a34d1be0e85bb4b80f3655e87692cc

commit 714c311871333c19c4d6203f79a948b184bf11cf
Author: Gal Sagie <gal.sagie@huawei.com>
Date:   Thu May 28 09:17:15 2015 +0300

Addressing follow up comments for OVS_LIB fail_mode setting API
    
    Review https://review.openstack.org/#/c/185659/ got merged before i could
    see and address the last comment.
    This is a follow up patch to address that change
    
    Change-Id: I19135a75cf25e03d6c1f89d7c18e8da3af2ec643

commit 88e499d1c10eaae59546d9f16c9c9c262766de84
Author: Gong Zhang <zhanggbj@cn.ibm.com>
Date:   Wed May 27 17:10:17 2015 +0800

Move pool dispose() before os.fork
    
    Currently pool dispose() is done after os.fork, but this will
    produce shared DB connections in child processes which may lead
    to DB errors.
    
    Move pool dispose() before os.fork. This will remove all existing
    connections in the parent process and child processes will create
    their own new ones.
    
    Change-Id: Ie36417a64f0eb39b53dad61517f834aec37bacfb
    Closes-Bug: 1458718

commit 046f4a0881aa7aea5d231de83e79af12460d9910
Author: armando-migliaccio <armamig@gmail.com>
Date:   Wed May 27 15:40:06 2015 -0700

Add RFE submission guidelines
    
    Change-Id: I864c8638a92f5f94e6f059a477ffb56de274ef1c

commit 7a3934d982ef29d8851450b5586319201baa0122
Author: Kevin Benton <blak111@gmail.com>
Date:   Fri May 15 17:10:15 2015 -0700

Switch to dictionary for iptables find
    
    The code to find the matching entry was scanning through a
    list of all rules for every rule. This became extremely slow
    as the number of rules became large, leading to long delays
    waiting for firewall rules to be applied.
    
    This patch switches to the use of a dictionary so the cost
    becomes a hash lookup instead of a list scan.
    
    Closes-Bug: #1453264
    Closes-Bug: #1455675
    Change-Id: I1e6fe5e50b9c13066c966c252cadc8ed1d08f686

commit 817b45b6406d9730859535ac54d73ec5c85451d0
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed May 27 17:38:32 2015 -0700

Process port IP requests before subnet requests
    
    When a port requests multiple fixed IPs, process the requests
    for specific IP addresses before the ones asking for a subnet.
    This prevents an error where the IP that was requested happens
    to be the next up for allocation so the subnet request takes it
    and causes a DBDuplicateEntry.
    
    Closes-Bug: #1459467
    Change-Id: I645565c7fe0c47c58d686b25020bb49a0b9089f5

commit 2b7e6552e82f899a91ce3d6973d90778440fac8c
Author: Kevin Benton <blak111@gmail.com>
Date:   Wed May 27 14:52:06 2015 -0700

Remove time formatting in agent clock error
    
    This removes time formatting that may be hiding timezone
    issues that are leading to a delta being calculated between
    the agent and the server even when it shows none. It also
    adds logging of the difference so we can see how far off it
    thinks they are.
    
    Example message:
    during the registration of Open vSwitch agent has a timestamp:
    2015-05-19T18:15:27Z. This differs from the current server
    timestamp: 2015-05-19T18:15:27Z by more than the threshold agent
    downtime: 75.
    
    Note that the timestamps are exactly the same after formatting.
    
    Change-Id: Ibfc30444b7a167fb18ae9051a775266236d4ecce
    Related-Bug: #1456760

commit 98d8ad911d07a20af18edb0cac4bcf141a83d969
Author: Kevin Benton <blak111@gmail.com>
Date:   Mon May 25 18:55:44 2015 -0700

Persist DHCP leases to a local database
    
    Due to issues caused by dnsmasq restarts sending DHCPNAKs,
    change Ieff0236670c1403b5d79ad8e50d7574c1b694e34 passed the
    'dhcp-authoritative' option to dnsmasq. While this solved the
    restart issue, it broke the multi-DHCP server scenario because
    the dnsmasq instances will NAK requests to a server ID that
    isn't their own.
    
    Problem DHCP Request Lifecycle:
    
    Client: DHCPDISCOVER(broadcast)
    Server1: DHCPOFFER
    Server2: DHCPOFFER
    Client: DHCPREQUEST(broadcast with Server-ID=Server1)
    Server1: DHCPACK
    Server2: DHCPNAK(in response to observed DHCPREQUEST with other Server-ID)
              ^---Causes issues
    
    This change removes the authoritative option so NAKs are not
    send in response to DHCPREQUEST's to other servers. To handle
    the original issue that Ieff0236670c1403b5d79ad8e50d7574c1b694e34
    was inteded to address, this patch also allows changes to be persisted
    to a local lease file.
    
    In order to handle the issue where a DHCP server may be scheduled
    to another agent, a fake lease file is generated for dnsmasq to start
    with. The contents are populated based on all of the known ports for
    a network. This should prevent dnsmasq from NAKing clients renewing
    leases issued before it was restarted/rescheduled.
    
    Closes-Bug: #1457900
    Change-Id: Idc91602bf8c474467e596cbd5cbaa8898952c841

commit 3b8113306a28eab53f0e2e30b0b58c9d8d9db452
Author: Kyle Mestery <mestery@mestery.com>
Date:   Wed May 27 17:26:00 2015 +0000

Flesh out the new RFE process and set deadlines for it's use
    
    The new RFE process is great in concept, but as was discovered in the
    first neutron-drivers meeting where we discussed these, there exist
    some rough edges. Specifically around deadlines and the conversion to
    using RFEs, the gray area was very obvious. This patch attempts to put
    a stake in the ground for when we transition fully to this new model,
    including distinct timelines.
    
    Given that we will need to work with people during the transition,
    what is proposed is a way to let us do that while not blocking existing
    specs and work.
    
    Change-Id: Ife50f65caf4b13405ad60dd4be3d347aa31ef3a7

commit e135bcea472e08347fc3dc3df01aa1fa909504fb
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed May 27 19:57:04 2015 +0200

Do not assume order of dictionary elements in init_l3
    
    This fixes the test_interface unit tests[1] that breaks with a
    randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that the init_l3 method from
    neutron.agent.linux.interface had dictionary elements in a particular
    order. Found with PYTHONHASHSEED=2.
    
    The fix refactors the test case to handle unsorted dictionaries in
    init_l3.
    
    [1] neutron.tests.unit.agent.linux.test_interface.TestABCDriver
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: I1948593b4d7a0069ef060512942b548c74a6b369

commit 4beb7426587556e0592c055552e0fd70eeb7ac19
Author: Kyle Mestery <mestery@mestery.com>
Date:   Fri Apr 24 16:24:39 2015 +0000

Introduce the Lieutenant system into Neutron
    
    As Neutron has grown, the need to continually evolve the way we land
    code has changed. As the project has grown, it's become obvious we
    need to subdivide responsibilites and merge rights across the
    repository. The advanced services split [1] was one way in which we did
    this, and it's proven effective. Plugin decomposition was another [2].
    As a next step to evolve things, this changes the core reviewer
    paradigm into a system of Lieutenants, all reporting to the PTL in the
    project. The Lieutenants will be able to maintain their own core
    review team. The idea of "super cores" will fade away. And we begin to
    see the benefits of a layered, structured approach to managing
    Neutron.
    
    This proposal makes an attempt to comment on existing core reviewers.
    While the idea of existing core reviewers being labeled as "supercores"
    has been floated, the reality is a bit more nuanced than that, and I've
    taken steps to address that with this patch. It should be noted that like
    all things in Neutron governance, the system is based on a mutual trust.
    
    [1] http://specs.openstack.org/openstack/neutron-specs/specs/kilo/services-split.html
    [2] http://specs.openstack.org/openstack/neutron-specs/specs/kilo/core-vendor-decomposition.html
    
    Change-Id: Ia4060066a300e851172c0fd7a2910ce53a6c649e

commit 1e0d201f1d71ce48a096f69700e4097e460ee53a
Author: Carl Baldwin <carl.baldwin@hp.com>
Date:   Tue May 26 20:33:56 2015 +0000

Isolate use of fixed_ips[0] to avoid confusion
    
    I was looking at the assumption around using fixed_ips[0] in a recent
    patch [1].  I thought at the least, the usage of fixed_ips[0] should
    be isolated with the comment explaining why it is okay.
    
    I thought that we could also use this patch as an opportunity to vet
    the validity of the claim made in the comment.
    
    [1] If4a310da06f9b0076a9f62926a16b574a8c109ce
    
    Change-Id: Iba5713dd7d852429997ff43d98266a9f022d5d86

commit 21f0fac3efd6aaa83494341aead1b6eaddb4d8fb
Author: Christian Berendt <berendt@b1-systems.de>
Date:   Wed May 27 15:08:30 2015 +0200

Use the correct name for the "Repository Creator's Guide"
    
    Change-Id: Iaa32ab4bfa658a079da08792a7355ad64471f0eb

commit ce957ac83a85a421f2e60cc39a3103291ba95e4a
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed May 27 14:54:35 2015 +0200

Do not assume order of convert_kvp_list_to_dict method responses
    
    This fixes the test_attributes unit tests[1] that breaks with a
    randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that the convert_kvp_list_to_dict method from
    neutron.api.v2.attributes returned elements in a particular
    order. Found with PYTHONHASHSEED=1.
    
    The fix refactors the test case to handle unsorted responses from
    convert_kvp_list_to_dict.
    
    [1] neutron.tests.unit.api.v2.test_attributes.TestConvertKvp
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: I864904db1428b88c482ad17a69b33e876a8d042c

commit e9d17b8bfff31072a3d017ce64e36ac99007a052
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue May 26 19:54:22 2015 +0200

Do not assume order of iptables_firewall method responses
    
    This fixes the iptables_firewall group unit tests[1] that breaks with
    a randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that the _get_remote_sg_ids and
    _determine_remote_sgs_to_remove methods from
    neutron.agent.linux.iptables_firewall returned elements in a particular
    order. Found with PYTHONHASHSEED=1.
    
    The fix refactors the test case to handle unsorted responses from
    _get_remote_sg_ids and _determine_remote_sgs_to_remove.
    
    [1] neutron.tests.unit.agent.linux.test_iptables_firewall:
     test_prepare_port_filter_with_new_members
     test_prepare_port_filter_with_sg_no_member
     test_remove_port_filter_with_destroy_ipset_chain
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: I19e51452a2bde0721559df746047239f68614336

commit 539738a8eeebcc9f22987fcb0a241c6b8c3d561a
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Wed May 27 00:23:09 2015 +0200

Do not assume order of get_sync_data_metering response elements
    
    This fixes the test_add_metering_label_rpc_call[1] unit tests that breaks
    with a randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that the get_sync_data_metering[2] had response
    elements in a particular order. Found with PYTHONHASHSEED=1.
    
    The fix refactors the test_add_metering_label_rpc_call test case to handle
    an unsorted get_sync_data_metering response. The fix defines the class
    UnorderedList[3] which is equal to any permutation of itself.
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    [1] neutron.tests.unit.services.metering.test_metering_plugin:
     TestMeteringPluginL3AgentScheduler
     TestMeteringPluginL3AgentSchedulerServicePlugin
    [2] neutron.services.metering.metering_plugin.MeteringPlugin
    [3] neutron.tests.tools
    
    Change-Id: I5d42b827bc72dcacd38eaa2377ce16c47a9e7dbb

commit 874fa6e02c2f91d711e8186d4e7e7e26c6dc74b9
Author: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date:   Wed May 27 05:10:33 2015 +0900

OVS-agent: Remove optional flags from br_tun.deferred() method
    
    Currently they have no users.
    They are not appropriate for this higher-level interface anyway.
    
    Change-Id: I76b8d718e714728df88685ec41262958d2e78cb9

commit 7ea278087c32235efa793c8c815aff3861410f13
Author: Gal Sagie <gal.sagie@huawei.com>
Date:   Tue May 26 19:16:34 2015 +0300

OVS_LIB support API for setting fail mode 'standalone'
    
    The current API only support setting a bridge fail mode
    to secure, this patch allow the user to set it to 'standalone'
    as well
    
    Change-Id: If7e6532dc7f8527c35834a37144ea4386fe1b861
    Closes-Bug: #1458924

commit eac9fb143cf3e6f4dd2b3413f81dab92d42354ca
Author: Jack McCann <jack.mccann@hp.com>
Date:   Wed Apr 15 22:32:51 2015 +0000

Remove hack for sending gratuitous arp from fip ns
    
    I just saw this note toward bottom of the lartc [1] page:  "On Linux
    2.4, you may need to execute 'echo 1 >
    /proc/sys/net/ipv4/ip_nonlocal_bind' before being able to send out
    unsolicited ARP messages!"  I wonder if we set that in fip ns, if it
    will let us send grat arp without adding/removing the IP.  It couldn't
    be that easy, could it?
    
    [1] http://lartc.org/howto/lartc.bridging.proxy-arp.html
    
    Change-Id: Ie55b402a6c46af00c8d4875264489fc4318544b3

commit a1d679678daa560c86bb84303aee6163296ec653
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Tue May 26 13:14:11 2015 +0000

Force order of dhcp.needs_resync_reasons dictionary elements
    
    This fixes the test_periodoc_resync_helper unit test that breaks with
    a randomized PYTHONHASHSEED (see the bug report).
    
    The test assumed that the dhcp.needs_resync_reasons dictionary from
    neutron.agent.dhcp.agent had elements in a particular order. Found with
    PYTHONHASHSEED=2.
    
    The fix refactors the test case to force a sorted dhcp.needs_resync_reasons
    dictionary.
    
    Partial-bug: #1348818
    
    Note: There are several other unrelated unit tests that also break with
    a randomized PYTHONHASHSEED, but they are not addressed here. They will
    be addressed in separate patches.
    
    Change-Id: Ia7fc2c3e605d92d8497d44e28054bdda613cebf2

commit 8ee3020c47cd7eb716216852a90c3db595e2c3c6
Author: ankitagrawal <ankit11.agrawal@nttdata.com>
Date:   Thu May 14 05:19:44 2015 -0700

Remove use of contextlib.nested (api-tests)
    
    Removed use of contextlib.nested call from codebase, as it has been
    deprecated since Python 2.7.
    
    There are also known issues with contextlib.nested that were addressed
    by the native support for multiple "with" variables. For instance, if
    the first object is created but the second one throws an exception,
    the first object's __exit__ is never called. For more information see
    https://docs.python.org/2/library/contextlib.html#contextlib.nested
    contextlib.nested is also not compatible with Python 3.
    
    Multi-patch set for easier chunks. This one addresses the tests from
    neutron/tests/unit/api directory.
    
    Line continuation markers (e.g. '\') had to be used or syntax
    errors were thrown. While using parentheses is the preferred way
    for multiple line statements, but in case of long with statements
    backslashes are acceptable.
    
    Partial-Bug: 1428424
    Change-Id: I09673f9d4c7f07d3043804676fef018905dd1239

commit f0decf6a4061be18999c87eab6ae152d9f75f99f
Author: Angus Lees <gus@inodes.org>
Date:   Fri May 15 17:54:18 2015 +1000

Use os._exit after forking
    
    As the docs point out(*), _exit should be used after a fork() to avoid
    both processes flushing filehandles, calling destructors with side
    effects, etc.  This change does just that.
    
    (*) https://docs.python.org/2/library/os.html#os._exit
    
    Change-Id: I68da6283c44ab8857baf217ac1443bd17988257d

commit 54e91b01cf7b311f48a40c14c7f9c1d8c0926ab4
Author: Angus Lees <gus@inodes.org>
Date:   Fri May 15 17:50:33 2015 +1000

test_fork_error: Fix incorrect test mock
    
    The previous os.fork mock returned a *function* that returned an OSError
    object.  Oops.
    
    Change-Id: I6e5dff930cf5614f7061efdfd8429963703cc214

commit 9fc7f56565925a53f2212706431af479752bb8d9
Author: Henry Gessau <gessau@cisco.com>
Date:   Mon May 25 18:00:58 2015 -0400

Skip external tables for neutron-db-manage --autogenerate
    
    DB tables that do not have models in the neutron tree cause
    neutron-db-manage --autogenerate to create commands to drop the
    tables. This fix hooks into alembic's environment with a include_object
    callback that ignores external tables.
    
    We already had a list of external tables for use by the migration tests,
    so re-use them for --autogenerate.
    
    Partial-bug: #1458682
    
    Change-Id: I2c0bc73f72840c401c578e87d8178a79f05aad82

commit c79d68a7ed347539026acf4c2347740adc617580
Author: Sergey Kolekonov <skolekonov@mirantis.com>
Date:   Mon May 25 18:11:35 2015 +0300

Fix a typo in _schedule_network method
    
    Fix the small typo which prevented from writing correct DHCP agent id to logs
    
    Change-Id: Id8a872815f7cb2ba68ff1c674f17777da7858562

commit 3682e3391f188845d0c7f382f0ccd4b38db3904e
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Mon May 4 23:36:19 2015 +0200

Ensure non-overlapping cidrs in subnetpools without galera
    
    _get_allocated_cidrs[1] locks only allocated subnets in a subnetpool
    (with mysql/postgresql at least). It ensures we don't allocate a cidr
    overlapping with existent cidrs but nothing disallows a concurrent
    subnet allocation to create a subnet in the same subnetpool.
    
    This change replaces the lock on subnetpool subnets by a lock on the
    subnetpool itself. It disallows to allocate concurrently 2 subnets in
    the same subnetpool and ensure non-overlapping cidrs in the same
    subnetpool.
    
    Moreover this change solves a trouble with postgresql which disallows
    to lock an empty select with an outer join: it happens on first subnet
    allocation in a subnetpool when no specific cidr is provided. Moving
    the lock ensures the lock is done on a non-empty select.
    
    But this change does not ensure non-overlapping cidrs in subnetpools
    with galera because galera doesn't support SELECT FOR UPDATE locks. A
    follow-up change will (try to?) remove locks from subnet allocation[1]
    in order to ensure non-overlapping cidrs in subnetpools also with galera.
    
    [1] in neutron.ipam.subnet_alloc.SubnetAllocator
    
    Closes-Bug: #1451558
    Partial-Bug: #1451576
    Change-Id: I73854f9863f44621ae0d89c5dc4893ccc16d07e4

commit 5f28762ae2a96b8062628d0cac81f5da94c6ed34
Author: John Schwarz <jschwarz@redhat.com>
Date:   Thu Apr 16 12:01:26 2015 +0300

Add callback prior to deleting a subnet
    
    When using LBaaS and trying to delete a subnet, neutron has no way of
    knowing if the subnet is associated to some pool. As a result, the
    subnet is deleted but the pool remains associated to the (now
    nonexistent) subnet_id.  This patch lays the ground-work for adding a
    check in LBaaS' side to prevent such cases.
    
    Related-Bug: #1413817
    Change-Id: I3d5e231b67c72ffd919c92d65b57da56c63e053c

commit eab71473c3a1d40ec3f1d8a84b839b06b140e4fe
Author: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date:   Mon Mar 2 13:14:48 2015 +0900

OVS-agent: Separate ovs-ofctl using code as a driver
    
    This is a preparation to introduce another Ryu-based implementation.
    The aim is to replace this with the new Ryu-based implementation
    eventually.
    
    Add a config option for OVS-agent which selects the implementation.
    Currently, the only available choice is 'ovs-ofctl'.
    
    Also, this commit simplifies DVR logics by reducing duplications
    and makes some of DVR UTs actually check the flows rather than just
    "add_flow is called".
    
    Partially-Implements: blueprint ovs-ofctl-to-python
    Change-Id: Ie1224f8a1c17268cd7d1c474ed82fdfb8852eaa8

commit 3425be06bf069a256dbb0fdb9528459544e9947f
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Mon May 25 06:15:25 2015 +0000

commit 514245d63fe902e4548829b9bb66fa60c86509f1
Author: Gary Kotton <gkotton@vmware.com>
Date:   Sun May 24 21:19:51 2015 -0700

Remove unnecessary brackets
    
    TrivialFix
    
    Change-Id: I9bd552110785c09b3eaa8762a8141446e51ea02a

commit 9b893767a5214177e30f596b6eed8324278d5050
Author: Anand Shanmugam <anand1712@gmail.com>
Date:   Sat May 23 01:22:23 2015 -0700

Ensure mac address added to iptables is always in unix format
    
    When a allowed address pair entry is added with a mac format
    other than unix format the ovs-vs agent keeps on restarting as
    it is not able to save the proper iptables due to the error
    "Error while processing VIF ports". This fix makes sure
    that the mac address sent to the iptables firewall is always
    in the unix format
    
    Change-Id: I86bbf3cb2adf9b998190e472691c01d068ebab9c
    Closes-Bug: #1457971

commit 032847b3030106a9e605b3088826b599789d7991
Author: ankitagrawal <ankit11.agrawal@nttdata.com>
Date:   Thu May 14 04:08:36 2015 -0700

Remove use of contextlib.nested
    
    Removed use of contextlib.nested call from codebase, as it has been
    deprecated since Python 2.7.
    
    There are also known issues with contextlib.nested that were addressed
    by the native support for multiple "with" variables. For instance, if
    the first object is created but the second one throws an exception,
    the first object's __exit__ is never called. For more information see
    https://docs.python.org/2/library/contextlib.html#contextlib.nested
    contextlib.nested is also not compatible with Python 3.
    
    Multi-patch set for easier chunks. This one addresses the
    neutron/plugins/ml2 directory.
    
    Line continuation markers (e.g. '\') had to be used or syntax
    errors were thrown. While using parentheses is the preferred way
    for multiple line statements, but in case of long with statements
    backslashes are acceptable.
    
    Partial-Bug: 1428424
    Change-Id: I7bbe4cec511125b4b2c954aa93e2d9ff6871b9e0

commit 3d2543d710c7071ffeb5c9857ac30a4d95695a7b
Author: dql <duquanglong@gmail.com>
Date:   Mon Mar 9 12:52:11 2015 +0800

fix DHCP port changed when dhcp-agent restart
    
    When DHCP server is started, the periodic task is running
    before loading cache state.The method port_update_end
    need to use the cache information, but the cache information
    has not been loaded.
    
    Change-Id: I0d1da11bb559b7f0f9d4428b82573fb26916a933
    Closes-Bug: #1420042

commit b892df11264de5737e1247862b093ede5d2f5954
Author: Salvatore Orlando <salv.orlando@gmail.com>
Date:   Fri Jan 16 10:00:42 2015 -0800

IPAM reference driver
    
    An alternate pluggable IPAM implementation from the built-in one
    in db_base_plugin_v2.
    Modifies IPAM interface to allow passing context to driver and
    introduces new interface method 'associate_neutron_subnet'.
    
    Implements blueprint reference-ipam-driver
    
    Change-Id: I2e1e9fc7994bf1157bcd34b7ea500eb30c61d9ab

commit 676db821ebaf3cce5ce89f4d5d55fcbd772c079b
Author: Darragh O'Reilly <darragh.oreilly@hp.com>
Date:   Mon May 18 20:49:05 2015 +0000

ovs-agent: prevent ARP requests with faked IP addresses
    
    This patch extends the existing ARP protection to ensure
    that ARP requests also have valid IP addresses.
    
    Closes-Bug: 1456333
    
    Change-Id: I0b2ba21611c9fd9e304bce8cfb00259db1dceaa2

commit b91c4e3f874407de07feef338aa2f9a0faafdadd
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Fri May 15 18:10:09 2015 +0200

Use namespace names in NetcatTester
    
    Currently NetcatTester requests namespace IPWrapper instances as
    client/server_namespace arguments but functional tests commonly use
    namespace names as arguments not IPWrapper instances (because IPWrapper
    is cheap to instantiate) and NetcatTester needs only namespace names.
    
    This change requests names as NetcatTester client/server_namespace
    arguments in order to simplify NetcatTester and its use.
    
    Change-Id: Ic4a297efdeaef00e70892d1c871ce1c9174055b8

commit cc1efd085524cd30d6a238a584df193133d27015
Author: John Schwarz <jschwarz@redhat.com>
Date:   Thu May 7 15:22:41 2015 +0300

Support for concurrent full-stack tests
    
    This patch introduces the last step of complete test separation for
    full-stack tests - separate rabbitmq queues - in the form of rabbitmq
    virtual hosts.
    
    * This patch also renames EnvironmentFixture to FullstackFixture, for
      clarity.
    
    Change-Id: I24776e3970a73fdd3271023da7967f2c7261621b
    Closes-bug: #1452737

commit 8dbacebf6752e7654afbf9451388b42d4d6355a9
Author: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date:   Fri May 15 11:33:51 2015 +0900

OVS-DVR: Suppress a confusing error log about csnat port
    
    Complain only when the port was seen on a different subnet.
    
    Change-Id: If4a310da06f9b0076a9f62926a16b574a8c109ce

commit dca3cdfae936ae20fcbac392cfde45c7f4d87e45
Author: YAMAMOTO Takashi <yamamoto@valinux.co.jp>
Date:   Fri Apr 24 13:49:02 2015 +0900

OVS-DVR: Improve an error log about csnat port
    
    Use a single LOG.error per message rather than per lines.
    Also, print both of old and new subnets.
    
    Change-Id: I162d3d178fec8b84b66fdfd5a037c2d858c47e30

commit 2acdbf3bac7f4a967e2ef8f98b2ac14fa0f7f861
Author: watanabe.isao <zou.yun@jp.fujitsu.com>
Date:   Fri Feb 20 17:38:16 2015 +0900

When disabling dhcp, delete fixed ip properly
    
    When setting enable_dhcp parameter of subnet to False, the fixed ip of
    dhcp port of this subnet is not been removed.
    Also a resync will be triggered.
    
    Change-Id: Iebd2c7922978bec0ef154866f24319e899e3b88e
    Closes-Bug: 1417379

commit 0ace88fd4a75ff213dc36fd16c1f8e7080ab7d6d
Author: Robert Li <baoli@cisco.com>
Date:   Fri May 8 11:08:45 2015 -0400

Add VIF_DELETED notification event to Nova
    
    It's possible to delete a neutron port that is currently associated
    with an instance. When it happens, neutron should notify nova of the
    port deletion event so that Nova can take proper actions.
    
    Refer to I998b6bb80cc0a81d665b61b8c4a424d7219c666f for the nova patch
    that handles the event.
    
    Change-Id: Iff88cd12ae18017ef3e776821bcf3ecf3b4f052f
    Related-Bug: #1333365
    Related-Bug: #1448148

commit 6d15bf48ee27ceab64e88f81ba6433058313759a
Author: Cedric Brandily <zzelle@gmail.com>
Date:   Sat May 9 00:52:29 2015 +0200

Remove from BridgeDevice homemade execute in namespace
    
    Currently BridgeDevice[1] defines homemade execute with namespace
    support but could use IPWrapper. This change replaces homemade
    implementation with IPWrapper use to respect DRY principle.
    
    [1] neutron.agent.linux.bridge_lib
    
    Change-Id: I12d4d40432e57ce8b6960276c41321c1efd98705

commit 5099c884c6b09ad0979a560648e8806eaa4642f7
Author: Gary Kotton <gkotton@vmware.com>
Date:   Wed May 6 22:49:17 2015 -0700

VMware: update supported plugins
    
    Add all of the supported plugins to the VMware plugin.py file.
    
    The supported plugins are:
     - NSX MH
     - NSXv
     - Simple DVS (this does not support security groups and any layer
                   functionality). Useful for testing of Neutron with VC.
    
    Change-Id: I9e5c779127ff44674cb60f3c19d4b5c8bdae6101

commit 8e24c7ef566fac7a41b40a12d3480fbdd0ab252b
Author: Miguel Angel Ajo <mangelajo@redhat.com>
Date:   Thu Apr 16 06:28:38 2015 +0000

Reduce prefix and suffix length in ipsets
    
    The new NET prefix introduced by I8177699b157cd3eac46e2f481f47b5d966c49b07
    increases collision chances by trimming the sg_id by 3 more chars.
    
    This patch reduces the prefix to 1 single char and also reduces the
    swap suffix to reduce the chances of collision.
    
    Change-Id: I8a1559e173a05b2297c5cd2efa9fee7627b88a4f
    Related-Bug: #1439817
    Related-Bug: #1444397

commit 5509839e0af89467eb14ee178807e2898202101b
Author: Yalei Wang <yalei.wang@intel.com>
Date:   Thu Mar 26 15:49:13 2015 +0800

Add port-security extension API test cases
    
    Netron ml2 plugin introduces a new extension port-security from Kilo cycle,
    this patch add the API test cases for it. It verifies the default value of the
    attribute, for network and port. And It also verifies the confict between
    setting port-security and sec-group/address-pairs.
    
    Change-Id: Ie0ec090e8fdce7dbdbce14ef47f38e8e57f262d4
    Partially Implements: blueprint ml2-ovs-portsecurity
    Depends-On: I3035317c83d22804855517434bd8578719ce0436

commit b85cfa96118d73ad87b150e488f295cbf9a2c140
Author: Darragh O'Reilly <darragh.oreilly@hp.com>
Date:   Fri Feb 27 08:23:24 2015 +0000

Fix dhcp _test_sync_state_helper asserting calls wrong
    
    It was using a non-existing method that did nothing and
    that masked other problems with the tests that used it.
    Changed to use assert_has_calls() and fixed the problems
    that fell out.
    
    Change-Id: I4a64c3365f9958b14c2384932a31da2ce191e2e2
    Closes-Bug: 1426265

commit a377b4fc95f58749178b881d0104ecfaa0b26714
Author: Yalei Wang <yalei.wang@intel.com>
Date:   Tue Apr 21 15:17:13 2015 +0800

Fix port creation verification of the port-security extension
    
    When port is created, we should check the content of the security-group and
    address-pairs like we do when port updated.
    This patch also updates address-pairs testing unskipping some
    port-security-related tests.
    
    Change-Id: Ia27881a34ff99cad34c84764d2bf8a6cdf77af9c
    Closes-Bug: #1446087

commit 7260e0e3fc2ea479e80e0962624aca7fd38a1f60
Author: Henry Gessau <gessau@cisco.com>
Date:   Mon Apr 27 09:59:21 2015 -0400

Run radvd as root
    
    During the refactoring of external process management radvd lost
    its root privileges.
    
    Closes-bug: 1448813
    
    Change-Id: I84883fe81684afafac9b024282a03f447c8f825a
    (cherry picked from commit a5e54338770fc074e01fa88dbf909ee1af1b66b2)

commit 4e71c48bbfd5e8b8c59f0c45ade52ba8eddc8b63
Author: rossella <rsblendido@suse.com>
Date:   Thu Jan 15 16:15:23 2015 +0100

Add devices to update in RPC call security_groups_provider_updated
    
    When a security_groups_provider_updated is received then a global
    refresh of the firewall is performed. This can be avoided if the
    plugins pass as parameter of the call the devices that belongs to
    the network updated.
    
    Partially-Implements: blueprint restructure-l2-agent
    Change-Id: I1e78f3a5ec7e5c5bcba338a0097566422411ef7e

commit d37e566dcadf8a540eb5f84b668847fa192393a1
Author: Kevin Benton <blak111@gmail.com>
Date:   Fri Apr 24 00:35:31 2015 -0700

Don't resync on DHCP agent setup failure
    
    There are various cases where the DHCP agent will try to
    create a DHCP port for a network and there will be a failure.
    This has primarily been caused by a lack of available IP addresses
    in the allocation pool. Trying to fix all availability corner cases
    on the server side will be very difficult due to race conditions between
    multiple ports being created, the dhcp_agents_per_network parameter, etc.
    
    This patch just stops the resync attempt on the agent side if a failure
    is caused by an IP address generation problem. Future updates to the subnet
    will cause another attempt so if the tenant does fix the issue they will
    get DHCP service.
    
    Change-Id: I0896730126d6dca13fe9284b4d812cfb081b6218
    Closes-Bug: #1447883
    (cherry picked from commit db9ac7e0110a0c2ef1b65213317ee8b7f1053ddc)

commit 38211ae67cb76ade85b08c028b6e88bfc867afc9
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Mon Apr 20 17:06:38 2015 +0200

tests: confirm that _output_hosts_file does not log too often
    
    I3ad7864eeb2f959549ed356a1e34fa18804395cc didn't include any regression unit
    tests to validate that the method won't ever log too often again,
    reintroducing performance drop in later patches. It didn't play well
    with stable backports of the fix, where context was lost when doing the
    backport, that left the bug unfixed in stable/juno even though the patch
    was merged there [1].
    
    The patch adds an explicit note in the code that suggests not to add new
    log messages inside the loop to avoid regression, and a unit test was
    added to capture it.
    
    Once the test is merged in master, it will be proposed for stable/juno
    inclusion, with additional changes that would fix the regression again.
    
    Related-Bug: #1414218
    Change-Id: I5d43021932d6a994638c348eda277dd8337cf041
    (cherry picked from commit 3b74095a935f6d2027e6bf04cc4aa21f8a1b46f2)

commit 53b3e751f3c7b32bed48c14742d3dd3a1178d00d
Author: Maru Newby <marun@redhat.com>
Date:   Thu Apr 9 17:00:57 2015 +0000

Double functional testing timeout to 180s
    
    The increase in ovs testing is resulting in job failure due to
    timeouts in test_killed_monitor_respawns.  Giving the test more
    time to complete should reduce the failure rate.
    
    Change-Id: I2ba9b1eb388bfbbebbd6b0f3edb6d5a5ae0bfead
    Closes-Bug: #1442272
    (cherry picked from commit 81098620c298394e1a98127ceeba7f297db2d906)

commit 0536ec113bc438265ba547bb8a8006aa96e646e3
Author: watanabe.isao <zou.yun@jp.fujitsu.com>
Date:   Wed Apr 15 15:48:08 2015 +0900

Restrict subnet create/update to avoid DHCP resync
    
    As we know, IPs in subnet CIDR are used for
    1) Broadcast port
    2) Gateway port
    3) DHCP port if enable_dhcp is True, or update to True
    4) Others go into allocation_pools
    Above 1) to 3) are created by default, which means if CIDR doesn't
    have that much of IPs, subnet create/update will cause a DHCP resync.
    
    This fix is to add some restricts to the issue:
    A) When subnet create, if enable_dhcp is True, /31 and /32
       cidrs are forbidden for IPv4 subnets while /127 and /128 cidrs are
       forbidden for IPv6 subnets.
    B) When subnet update, if enable_dhcp is changing to True and there are no
       more IPs in allocation_pools, the request should be denied.
    
    Change-Id: I2e4a4d5841b9ad908f02b7d0795cba07596c023d
    Co-authored-by: Andrew Boik <dboik@cisco.com>
    Closes-Bug: #1443798
    (cherry picked from commit 0c1f96ad5a6606c1205bd50ea944c3a383892cde)

commit cbfb3e487d97998ec49d7faa751bc26202da7d0e
Author: Kevin Benton <blak111@gmail.com>
Date:   Mon Apr 20 22:26:22 2015 -0700

Only update MTU in update code for MTU
    
    The ML2 create_network_db was re-passing in the entire network
    with extensions like vlan_transparency present that was causing
    issues in the base update function it was calling.
    
    This corrects the behavior by having it only update the MTU, which
    is the only thing it was intending to update in the first place.
    
    Change-Id: I723c5c138e0830de98f6024c7635ec65065e9346
    Closes-Bug: #1446784
    (cherry picked from commit f85de393c469d1e649a1c1e5ee1b683246442351)

commit 9bc812e92fb27b297ccfe960267dcab173aea6c9
Author: OpenStack Proposal Bot <openstack-infra@lists.openstack.org>
Date:   Thu Apr 23 02:15:06 2015 +0000

Updated from global requirements
    
    Change-Id: I514c65fac38ef0e534e7401a5f3643b1906adea7

commit aa57c364defec8519bbed06fbce5aae4b23f147f
Author: Jakub Libosvar <libosvar@redhat.com>
Date:   Wed Apr 22 16:47:33 2015 +0200

Create bridges in ovsdb monitor functional tests
    
    The test waits inside for output from 'ovsdb-client monitor Bridge'
    command but the command makes output only if there is a bridge present
    in ovsdb. This patch adds an OVSBridgeFixture to setup so every test
    case has a bridge for sure.
    
    Change-Id: I40e1c99ec956c92fa1c7763eb98f7f2ce6fcd226
    Closes-Bug: 1447191

commit d506b50badda7af30d1154561acd45caef44ca11
Author: Andy Hill <hillad@gmail.com>
Date:   Mon Apr 20 13:00:28 2015 -0400

Add use_slave DB api support
    
    The example configuration refers to slave_connection[1] but slaves aren't used
    in the codebase. This change will enable plugin authors to use
    slave_connection by passing use_slave=True to the SQLAlchemy session[2][3].
    
    [1] http://docs.openstack.org/juno/config-reference/content/section_neutron.conf.html
    [2] http://docs.openstack.org/developer/oslo.db/api/sqlalchemy/session.html#oslo_db.sqlalchemy.session.EngineFacade.get_session
    [3] https://wiki.openstack.org/wiki/Slave_usage
    
    Change-Id: I6f46c11fad5c58577654a4011cf82d19f6d3e1e3

commit 407be289360ec6dabbbe14d9b18dae7c9fa2db79
Author: Kawaguchi <ken-kawaguchi@vt.jp.nec.com>
Date:   Tue Apr 21 13:27:52 2015 +0900

Fix typo acomplished => accomplished
    
    Change-Id: I73722e9984917a5a8c4e74207cf14d4040a7cf2f
    Related-Bug: #1390035

commit b339391bcb223c0f03d30f36dea47d13adb12c71
Author: mathieu-rohon <mathieu.rohon@gmail.com>
Date:   Sat Mar 7 13:30:49 2015 +0100

ML2: Change port status only when it's bound to the host
    
    Currently, nothing prevents the port status to be changed to BUILD
    state when get_device_details() is sent by a host that doesn't own
    the port.
    In some cases the port might stay in BUILD state.
    This could happen during a live-migration, or for multi-hosted ports
    such as HA ports.
    This commit allows the port status modification only if the port
    is bound to the host that is asking for it.
    
    Closes-Bug: #1439857
    Closes-Bug: #1438040
    Closes-Bug: #1416933
    
    Change-Id: I9b3673f453abbafaaa4f78542fcfebe8dc93f2bb
    (cherry picked from commit 9b53b82ce7dad551ebc0f02ff667d5345fb7e139)

commit f7ae3a04b541767c638fc4c8ff1e0db78ab94996
Author: Andreas Jaeger <aj@suse.de>
Date:   Mon Apr 20 11:07:37 2015 +0200

Release Import of Translations from Transifex
    
    Manual import of Translations from Transifex. This change also removes
    all po files that are less than 66 per cent translated since such
    partially translated files will not help users.
    
    This updates also recreates all pot (translation source files) to
    reflect the state of the repository.
    
    This change needs to be done manually since the automatic import does
    not handle the proposed branches and we need to sync with latest
    translations.
    
    Change-Id: I1b7bd1773bcd12ab282e77ee0dc41c27846fb66b

commit 952e556e4e6b0e25ca584481ef6745fc08ace970
Author: Matt Riedemann <mriedem@us.ibm.com>
Date:   Fri Apr 17 08:47:35 2015 -0700

Register ibm-db-alembic import for DB2 migrations
    
    This patch adds the optional runtime dependency to support db2
    for alembic migration, will not break the default mysql path.
    
    This is needed for the IBM DB2 third party CI to work on this
    project.
    
    Closes-Bug: 1442524
    
    Change-Id: I9db112dbdc2d02df88ad676a6b21018f1d6f1724

commit e2f6902315de76a1020aa87ea161c8fdc6697ed7
Author: Swaminathan Vasudevan <swaminathan.vasudevan@hp.com>
Date:   Tue Apr 14 21:34:33 2015 -0700

Fixes race condition and boosts the scheduling performance
    
    This patch fixes a race-condition that occurs when the
    scheduler tries to check for dvr serviceable ports before
    it schedules a router when a subnet is associated with
    a router.
    
    Sometimes the dhcp port creation is delayed and so the
    router is not scheduled to the l3-agent.
    
    Also it boosts the scheduling performance on dvr-snat
    node for scheduling a router.
    
    This patch will provide a work around to fix this race
    condition and to boost the scheduling performance
    by scheduling a router on a dvr-snat when
    dhcp is enabled on the provided subnet, instead of checking
    all the available ports on the subnet.
    
    Closes-Bug: #1442494
    
    Change-Id: I089fefdd8535bdc9ed90b3230438ab0bfb6aab4f
    (cherry picked from commit c65d3ab6ad4589e6e4a6b488d2eb5d1e4cfee138)

commit a6b2c22dcea73754dbfd0ef39c60ad28ab2dbb73
Author: Kevin Benton <blak111@gmail.com>
Date:   Mon Mar 30 23:52:56 2015 -0700

Set IPset hash type to 'net' instead of 'ip'
    
    The previous hash type was 'ip' and this caused a major
    issue with the allowed address pairs extension since it
    results in CIDRs being passed to ipset. When the hash type
    is 'ip', a CIDR is completely enumerated into all of its
    addresses so 10.100.0.0/16 results in ~65k entries. This
    meant a single allowed_address_pairs entry could easily
    exhaust an entire set.
    
    This patch changes the hash type to 'net', which is designed
    to handle a CIDRs as a single entry.
    
    This patch also changes the names of the ipsets because
    creating an ipset with different parameters will cause an
    error and our ipset manager code isn't robust enough to handle
    that at this time. There is another ongoing patch to fix
    that but it won't be ready in time.[1]
    
    The related bug was closed by increasing the set limit, which
    did alleviate the problem. However, this change would also
    address the issue because the gate tests run an allowed address
    pairs extension test with the CIDR mentioned above.
    
    1. I59e2e1c090cb95ee1bd14dbb53b6ff2c5e2713fd
    
    Related-Bug: #1439817
    Closes-Bug: #1444397
    Change-Id: I8177699b157cd3eac46e2f481f47b5d966c49b07
    (cherry picked from commit a38b5df5cd3c47672705aad4c30e789ae11ec958)

commit 8b8095e43a143426c501669167490d7867a55749
Author: Kevin Benton <blak111@gmail.com>
Date:   Tue Mar 31 08:53:56 2015 -0700

Revert "Add ipset element and hashsize tunables"
    
    This reverts commit b5b919a7a3569ccb93c3d7d523c1edfaeddb7cb9.
    
    The current ipset manager code isn't robust enough to handle
    ipsets that already exist with different parameters. This reverts
    the ability to change the parameters so we don't break upgrades
    to Kilo.
    
    Conflicts:
    	neutron/agent/linux/ipset_manager.py
    	neutron/tests/unit/agent/linux/test_ipset_manager.py
    
    Change-Id: I538714df52424f0502cb75daea310517d1142c42
    Closes-Bug: #1444201
    (cherry picked from commit 03be14a569d240865dabff8b4c30385abf1dbe62)

commit 2add4e5ad4d12c817737d04ddb973b3aeeb25af3
Author: Kevin Benton <blak111@gmail.com>
Date:   Thu Apr 16 16:27:38 2015 -0700

Update .gitreview to point to stable/kilo
    
    This is the stable/kilo branch. When people make changes
    here it's highly likely that they want to propose them
    to stable/kilo on gerrit.
    
    Change-Id: Ie61a9f0c0b0b4896da33a201e42b1c4bc4bae49b

commit ffc48f286e1756302d9259dc514dd562d3c251ba
Author: Henry Gessau <gessau@cisco.com>
Date:   Thu Apr 16 13:38:46 2015 -0400

Add Kilo release milestone
    
    Change-Id: Id7d969c92b7c757b766760681357ac13c8079ca3

commit 1dc98e414f200a78a6b1dc78f222c588646e6935
Author: Dane LeBlanc <leblancd@cisco.com>
Date:   Thu Apr 9 10:32:33 2015 -0400

IPv6 SLAAC subnet create should update ports on net
    
    If ports are first created on a network, and then an IPv6 SLAAC
    or DHCPv6-stateless subnet is created on that network, then the
    ports created prior to the subnet create are not getting
    automatically updated (associated) with addresses for the
    SLAAC/DHCPv6-stateless subnet, as required.
    
    Change-Id: I88d04a13ce5b8ed4c88eac734e589e8a90e986a0
    Closes-Bug: 1427474
    Closes-Bug: 1441382
    Closes-Bug: 1440183
    (cherry picked from commit bd1044ba0e9d7d0f4752c891ac340b115f0019c4)

commit 55536a4ecb6c71e5451b8a9664d87e32146f071d
Author: Ihar Hrachyshka <ihrachys@redhat.com>
Date:   Fri Apr 10 15:07:33 2015 +0200

Removed ml2_conf_odl.ini config file
    
    The file is already packaged into decomposed networking-odl repo [1].
    
    [1]: https://git.openstack.org/cgit/stackforge/networking-odl/tree/etc/neutron/plugins/ml2/ml2_conf_odl.ini
    
    Closes-Bug: #1442615
    Change-Id: Ic280454190aab4e3b881cde15a882808b652861e
    (cherry picked from commit b3334eca0ae9f9c64ccd646035e69081f669e3e4)

commit 857322c30ecfed11e770f0aea7b234f8ffdc0db1
Author: Ann Kamyshnikova <akamyshnikova@mirantis.com>
Date:   Wed Mar 4 15:50:07 2015 +0300

Use accessors instead of private attributes for Ml2 plugin
    
    Start using accessors instead of private attributes of PortContext
    and NetworkContext where it is possible.
    
    Closes-bug: #1424587
    
    Change-Id: Ie3d963ae6cee9782d65ba683936072602c78ebaa

commit 40783cee5e520173a4cc37c23dd97be2d37b65fd
Author: Angus Lees <gus@inodes.org>
Date:   Mon Mar 2 17:06:54 2015 +1100

Ensure tests run under python2.7
    
    tox uses whatever python version that tox ran with as the default python
    version for environments (py27,py3x, etc are given a more specific
    default).
    
    Debian's python-tox (for example) uses python3, but we require python2.7
    - and a naive `apt-get install python-tox; tox -epep8` fails with
    py3-related errors on Debian.
    
    This change explicitly sets `basepython = python2.7` in several testing
    environments that would otherwise have used the default basepython.
    
    Change-Id: I377ac6d72dec5b85c105d8a1a74f6974efb84dcf

tags:

added: in-feature-pecan

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-17: Fix proposed to neutron (stable/kilo)

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/224900

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-09-19: Fix merged to neutron (stable/kilo)

Reviewed: https://review.openstack.org/224900
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e6a0e7d27054d5d179c513b3c826a5eaef2077dd
Submitter: Jenkins
Branch: stable/kilo

commit e6a0e7d27054d5d179c513b3c826a5eaef2077dd
Author: Kevin Benton <email address hidden>
Date: Fri May 15 17:10:15 2015 -0700

Switch to dictionary for iptables find

This patch switches to the use of a dictionary so the cost
becomes a hash lookup instead of a list scan.

    Closes-Bug: #1453264
    Closes-Bug: #1455675
    (cherry picked from commit 7a3934d982ef29d8851450b5586319201baa0122)

Conflicts:

neutron/agent/linux/iptables_manager.py

Change-Id: I1e6fe5e50b9c13066c966c252cadc8ed1d08f686

tags:

added: in-stable-kilo

Thierry Carrez (ttx) on 2015-10-15

Changed in neutron:
milestone:	liberty-1 → 7.0.0

Revision history for this message

Billy Olsen (billy-olsen) wrote on 2016-08-29: Re: iptables_manager can run very slowly when a large number of security group rules are present

#10

trusty patch based on -proposed Edit (8.2 KiB, text/plain)

Uploading debdiff based on what is currently available in trusty-proposed since that has been verified and pending release.

description:

updated

Mathew Hodson (mhodson) on 2016-08-30

tags:	added: trusty
Changed in neutron (Ubuntu):
importance:	Undecided → Medium

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2016-08-31:

#11

Billy, Thanks for the patch! I've pushed it to lp:~ubuntu-server-dev/neutron/icehouse. Once 1:2014.1.5-0ubuntu5 gets promoted from trusty-proposed we can upload 1:2014.1.5-0ubuntu6.

Changed in neutron (Ubuntu):
status:	New → Invalid
Changed in neutron (Ubuntu Trusty):
status:	New → Fix Committed
Changed in cloud-archive:
status:	New → Invalid
summary:	- iptables_manager can run very slowly when a large number of security - group rules are present + [SRU] iptables_manager can run very slowly when a large number of + security group rules are present

Mathew Hodson (mhodson) on 2016-08-31

Changed in neutron (Ubuntu Trusty):
importance:	Undecided → Medium
Changed in neutron (Ubuntu):
status:	Invalid → Fix Released
Changed in cloud-archive:
status:	Invalid → Fix Released

Mathew Hodson (mhodson) on 2016-08-31

Changed in neutron (Ubuntu Trusty):
status:	Fix Committed → In Progress

Revision history for this message

Billy Olsen (billy-olsen) wrote on 2016-09-02:

#12

Great thanks Matt & Corey

Revision history for this message

Martin Pitt (pitti) wrote on 2016-09-06: Please test proposed package

#13

Hello Brian, or anyone else affected,

Accepted neutron into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/neutron/1:2014.1.5-0ubuntu6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in neutron (Ubuntu Trusty):
status:	In Progress → Fix Committed
tags:	added: verification-needed

Revision history for this message

Billy Olsen (billy-olsen) wrote on 2016-09-07:

#14

I have received direct feedback from a user in production that the proposed package (1:2014.1.5-0ubuntu6) improves the performance and resolves this bug. Marking as verified.

tags:	added: verification-done removed: verification-needed
tags:	removed: trusty

Revision history for this message

Martin Pitt (pitti) wrote on 2016-09-14: Update Released

#15

The verification of the Stable Release Update for neutron has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-09-14:

#16

This bug was fixed in the package neutron - 1:2014.1.5-0ubuntu6

---------------
neutron (1:2014.1.5-0ubuntu6) trusty; urgency=medium

  * iptables_manager can run very slowly when a large number of security group
    rules are present (LP: #1453264)
    - d/p/use-dictionary-for-iptables-find.patch: Use a dictionary for looking
      up iptables rules rather than an iterator.

-- Billy Olsen <email address hidden> Mon, 29 Aug 2016 15:06:06 -0700