| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
osprofiler was integrated to Neutron a while ago[1] but the options
for this library have not been added to neutron.conf properly.
This ensures the options are rendered by oslo-config-generator.
[1] 9a43f58f4df85adc2029c33ba000ca17b746a6eb
Change-Id: Ice1b3f701ac244e17d855484263199f8a0b8310b
|
| |
|
|
|
|
|
|
| |
The "ovn_agent.ini" file should be in "/etc/neutron/plugins/ml2",
same as any other ML2 mechanism driver agent configuration.
Related-Bug: #1998608
Change-Id: I3f0e948202b522df162ed67fe669a6ff8e90ab41
|
| |
|
|
|
|
|
|
|
| |
This patch implements the OVN Neutron Agent executable, the extension
manager engine, the agent extension abstract class and the configuration
section.
Related-Bug: #1998608
Change-Id: I94bb98217e03f9ac314cb9723da277a23368649c
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added a new environment variable "PROCESS_TAG" in ``ProcessManager``.
This environment variable could be read by the process executed and
is unique per process. This environment variable can be used to tag
the running process; for example, a container manager can use this
tag to mark the a container.
This feature will be used by TripleO to identify the running containers
with a unique tag. This will make the "kill" process easier; it will
be needed just to find the container running with this tag.
Closes-Bug: #1991000
Change-Id: I234c661720a8b1ceadb5333181890806f79dc21a
|
| |
|
|
|
|
|
|
| |
This change ensures the [designate] options, which is used by
the designate external DNS driver, are rendered into neutron.conf
generated by oslo-config-generator.
Change-Id: I56a1079fbfc044532aee64f4fbdec50d9524a580
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the Zed PTG it was decided to handle unsupported features in
Neutron as experimental. See section titled "When we say something is
not supported?", day 2 in [1]. The agreement was:
"We keep existing jobs for linuxbridge driver for example, but when the
tests start to fail we skip them and finally we stop the job also.
To make it clear for operators we add warning logs highlighting that the
given feature/driver is experimental, and introduce cfg option to enable
such features explicitly."
This commit implements this agreement, initially with Linuxbridge
Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/845646
[1] https://lists.openstack.org/pipermail/openstack-discuss/2022-April/028164.html
Change-Id: Ib18efa3f472736b58c8967847b1061da0e3897d7
|
| |
|
|
|
|
|
|
| |
The current rootwrap.conf file is outdated and doesn't include some
parameters. This change updates the content to make it consistent with
the latest example file in oslo.rootwrap.
Change-Id: I0b40b0bea4bbcbc78490dbfa3877cdd3a26ac298
|
| |
|
|
|
|
|
|
|
|
|
| |
Neutorn uses oslo.cache library for caching. This change ensures that
options of the library are included in neutron.conf generated by
oslo-config-generator.
This change also removes cache_utils module from neutron.opts because
the module is not used in that file.
Closes-Bug: #1940790
Change-Id: I9ccd145d5ea1a1e0033eb43b609cc6428ea95f23
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds missing oslo.config.opts endpoints to the config file
to generated neutron.conf, so that the following options are included
in the neutron.conf generated by the oslo-config-generator command.
1) Some options of the oslo.service library, related to periodic tasks
and base service implementation
2) Options of the oslo.reports library
3) Options of the healthcheck middleware from oslo.middleware
Closes-Bug: #1940009
Change-Id: I9f4763efc02e5cacca3a00e9f101f83d3f3fb1e7
|
| |
|
|
|
|
|
|
|
| |
This adds a middleware for noauth that would inject a fake
project_id for create requests. This would ensure that api
consumers don't have to provide a fake project_id in requests.
Closes-Bug: #1934039
Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369
|
| |
|
|
|
|
|
| |
To assist with automated configuration validation, we need entry points
for oslo.config.opts for placement auth options.
Change-Id: Ibaaa1600e6a14f3308024c4e22e3489ee21e7244
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch moves all remaining filters to a single file. Since [1],
the number of processes executed using rootwrap have been reduced to
a small set.
[1]https://storyboard.openstack.org/#!/story/2007686
Story: #2007686
Task: #41284
Change-Id: Ic7eb717b9ee18068d7a6d7acb11302dd1fde60c6
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch migrates the "kill_process" method to privsep and
removes the unneeded rootwrap filters.
Change-Id: I48461be8b08cbc21c8af371f551b944343ba37bf
Story: #2007686
Task: #41558
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch migrates some missing execution methods present in
the code and removes unneeded rootwrap filters.
Story: #2007686
Task: #41558
Change-Id: I1542dc4cf98658fc9a40018192498c7a5cd1c3fe
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch migrates any "iptables" and "ipset" command related
to privsep.
Change-Id: I4a1e137b2b414067504ad7c799d68f482bf3d36c
Story: #2007686
Task: #41558
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch migrates the execution of "ebtables" command to
privsep.
Story: #2007686
Task: #41558
Change-Id: I05deec2f021e1b146fa3f6f7f9b37084df06d59d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Options for XenAPI support are supposed to have been deprecated, but
actually they were removed by the deprecation patch[1]. This change is
a partial revert of that patch[1], and ensures that these options are
loaded, so that warning messages about these deprecated options appear
in logs.
This change also removes these deprecated options from the example
rootwrap conf file.
[1] a6dbf97242caa3be646e8eb6b1502b5e59e123fd
Change-Id: Id024dabf276e492268e723e526d7a787156eb9c1
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The configuration options are now marked as deprecated for
removal in X release.
Any related code is deleted. Neutron does not support XenAPI,
same as Nova [1][2].
[1]https://review.opendev.org/#/c/749304/
[2]https://review.opendev.org/#/c/749309/
Change-Id: Ifdb2200a5dac3508fdf8907bdd1f4547dff35341
Story: #2007686
Task: #41269
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
It isn't used anymore by Neutron.
Change-Id: I6f28077e1df8ab65cca834044e47383f38bbb443
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When project_id/tenant_id is present in an API call, Neutron
checks first if this project exists. If not, a HTTPNotFound
will be thrown.
This patch is tested in neutron-tempest-plugin:
https://review.opendev.org/#/c/754390/
Closes-Bug: #1896588
Change-Id: I6276490d4df69ec0f2c9a1492b9b03d1130c7c05
|
| |/
|
|
|
|
|
|
|
| |
This command is executed from scripts and in sanity checks, but not
from any Neutron service.
Change-Id: If82e89bf7b233559513ab44eadebb445648f0684
Story: #2007686
Task: #41282
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Story: #2007686
Task: #40290
Change-Id: I78cc06c635e806b50ca2cc631732d55e430dd2f1
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| | |
Story: #2007686
Task: #39976
Change-Id: I3414d06b9c6dfe549e79aab5fbe52c8f3ffd63f7
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| | |
Change-Id: If9e4c1513553c4bd10fd3b91c28c4d3f806ed816
Story: #2007686
Task: #40047
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[1] added healthcheck url to neutron API, but in review it was noted
that the used filter_factory is deprecated and app_factory is the
suggested instead, as Akihiro commented in [1], in [2] filter is marked
for removal.
[1]: https://review.opendev.org/724676
[2]: https://opendev.org/openstack/oslo.middleware/src/branch/master/oslo_middleware/healthcheck/__init__.py#L409
Change-Id: I28c26d3357c21483b7642958564d675cd5feaa31
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
This command is not used anymore.
Trivial-Fix
Change-Id: I684c58996154d14c79f5a065470ce9e34ce08670
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The need for this change stems from following issues:
1) When ovs_use_veth = False with ovs-dpdk issue with ovs
was observed - after vswitch restart interface is not comming up.
Meaning ovs-dpdk uses ovs internal ports and it is not able to bring
them up on restart.
2) When ovs_use_veth = True and ovs-dpkd is used, packets sent with
incorrect checksum due to the fact that ovs-dpdk does not do checksum
calculations for veth interface.
This commit allows to use second option and resolve checksum issue by
disabling checksum offload.
Closes-Bug: #1832021
Related-Bug: #1831935
Change-Id: Iecce8d2c6c2c46718cc1020c6e8f914cd4560e4b
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The /healthcheck is helpful for operators to setup neutron-api
behind haproxy, or for doing monitoring.
Change-Id: I83b8c2afdd74b57184200daab54255e8cae9c27b
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With the move to the Victoria job template in
https://review.opendev.org/#/c/722681/, the py37 jobs no
longer get run, so the check and gate job entries can
be removed.
Added a keepalived py38 KillFilter line to match the py36
and py37 ones.
Also updated TESTING.rst to use py38 in all examples.
Change-Id: Ief793b54d53c3239cfb24278e88e4f4189bbc2c2
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
| |
In patch [1] support for custom kill scripts was added.
We also added rootwrap filter rules for such scripts to
kill dnsmasq, haproxy, dibbler and keepalived processes.
But we missed to add rule for radvd-kill so this patch
adds it (better late than never ;))
[1] https://review.opendev.org/#/c/661760/
Closes-Bug: #1873240
Change-Id: I8fa7176d1d9667c6b5cc95af0e31210d0f1c3662
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A recent change introduced a couple of rootwrap filters that are
supposed to allow running ping within a network namespace.
Those filters will actually replace the "ip" command with "ping",
which leads to an invalid command.
Since those two filters are now superfluous, we're going to drop
them.
Change-Id: I57869c68e858503ed8d6b86506c79c289f2820e1
Closes-Bug: #1864186
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
To have correct support in rootwrap, "ping"/"ping6" command should
have the correct filters in rootwrap.
Because "ping" command is harmless, "CommandFilter" is used to allow
any binary call, regardless of the parameters used and the order.
Nevertheless, this patch also proposes to use "ping"/"ping6" with
the same parameters and a specific order, to help in the debug
process:
- ping[6] -W <timeout> <address>
- ping[6] -W <timeout> -c <count> <address>
- ping[6] -W <timeout> -c <count> -i <interval> <address>
Those commands could be called from inside a namespace. The needed
filter is also added in this patch.
Change-Id: Ie5cbc0dcc76672b26cd2605f08cfd17a30b4c905
Closes-Bug: #1863006
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0ef4233d891f8fa42a073901051bf0310f61eebb.
This patch is introducing a redundant filter already present in
"testing.filters". The problem described in the related bug should
be solved in https://review.opendev.org/#/c/707697/.
Related-Bug: #1862927
Related-Bug: #1863213
Change-Id: I4de37364a6fb0184230a9742daced40e4edbfb30
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In [1], new tests to check "ncat" tool were added. The missing piece
of this patch was to add a new rootwrap filter to allow to execute
"ncat" binary as root and inside a namespace.
Closes-Bug: #1862927
[1]https://review.opendev.org/#/q/If8cf47a01dc353734ad07ca6cd4db7bec6c90fb6
Change-Id: I8e8e5cd8c4027cce58c7073002120d14f251463d
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In L3 agent's rootwrap filters there are KillFilters
to allow killing of python processes (used to kill
neutron-keepalived-state-change-monitor script). There
was also filter for python3.5 but now Neutron supports
python3.6 and newer so python3.5 isn't needed there
anymore and this patch removes it from there.
Change-Id: I57fcc6b1c506dce9113b56ffee7d29a96fa7f251
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Usually Neutron stops neutron-keepalived-state-change-monitor process
gracefully with SIGTERM.
But in case if this will not stop process for some time, Neutron will
try to kill this process with SIGKILL (-9).
That was causing problem with rootwrap as kill filters for this process
allowed to send only "-15" to it.
Now it is possible to kill this process with "-9" too.
Change-Id: Id019fa7649bd1158f9d56e63f8dad108d0ca8c1f
Closes-bug: #1860326
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is changing DevStack to deploy with the local OVN driver
(instead of the networking-ovn old repo).
A few tweaks were needed in the code in order to get it to work, more
precisely:
* OVN metadata configuration was pointing to some module variables that
didn't exist.
* OVN metadata configuration generation was missing
Below is the following configuration needed in the local.conf to deploy
OVN:
[[local|localrc]]
enable_plugin neutron https://opendev.org/openstack/neutron
Q_AGENT=ovn
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ovn,logger
Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,geneve
Q_ML2_TENANT_NETWORK_TYPE="geneve"
enable_service ovn-northd
enable_service ovn-controller
enable_service neutron-ovn-metadata-agent
disable_service n-net
enable_service q-svc
disable_service q-agt
disable_service q-l3
disable_service q-dhcp
disable_service q-meta
Change-Id: I0b899a33943550a53822d1d057cdee525cbbc6ec
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move OVN related commons to neutron tree.
Previous paths in networking-ovn tree:
./networking_ovn/common/constants.py -> ./neutron/common/ovn/constants.py
./networking_ovn/common/exceptions.py -> ./neutron/common/ovn/exceptions.py
./networking_ovn/common/utils.py -> ./neutron/common/ovn/utils.py
./networking_ovn/common/hash_ring_manager.py -> neutron/common/ovn/hash_ring_manager.py
./networking_ovn/common/config.py -> ./neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py
Co-Authored-By: Gal Sagie <gal.sagie@huawei.com>
Co-Authored-By: Boden R <bodenvmw@gmail.com>
Co-Authored-By: Daniel Alvarez <dalvarez@redhat.com>
Co-Authored-By: Amitabha Biswas <abiswas@us.ibm.com>
Co-Authored-By: Chandra S Vejendla <csvejend@us.ibm.com>
Co-Authored-By: Babu Shanmugam <bschanmu@redhat.com>
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Co-Authored-By: Terry Wilson <twilson@redhat.com>
Co-Authored-By: Ramu Ramamurthy <ramu.ramamurthy@us.ibm.com>
Co-Authored-By: Maciej Józefczyk <mjozefcz@redhat.com>
Co-Authored-By: Gary Kotton <gkotton@vmware.com>
Co-Authored-By: Andrew Austin <aaustin@redhat.com>
Co-Authored-By: Miguel Angel Ajo <majopela@redhat.com>
Co-Authored-By: Brian Haley <bhaley@redhat.com>
Co-Authored-By: Dong Jun <dongj@dtdream.com>
Co-Authored-By: xurong00037997 <xu.rong@zte.com.cn>
Co-Authored-By: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Change-Id: Ib46bfdd14a150a324dbf28c6a50c839c5c824e35
Related-Blueprint: neutron-ovn-merge
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set a big timeout for rootwrap daemon in functional and fullstack
tests. The value defined in 7800, the same as the Zuul jobs
timeout.
This timeout increase will prevent the daemon to close when
executing a test root command, as described in the bug. An
unexpected rootwrap daemon closure is not considered as a normal
event during the test execution.
The default value set in the configuration file is 600 seconds, the
same as daemon default value. This timeout is increased only when
OS_SUDO_TESTING=1, that means functional and fullstack tests, when
using the script "tools/deploy_rootwrap.sh".
Change-Id: I691300a4e9a7cccd8887bc8f95ba9cea32988bac
Closes-Bug: #1850558
|
