| Commit message (Collapse) | Author | Age | Files | Lines |
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixed bug when config option use_random_fully is
set to False all routers accept one configured
by l3 agent with iptables "--random-fully" option.
Also added storing of use iptables --random-fully
config option to "_random_fully" class variable
of IptablesManager to reduce checks of iptables
version by instances of this class.
Closes-Bug: #2018599
Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
PostgreSQL requires to add the table keys selected in the SELECT clause
in the later GROUP BY clause. This patch is adding
"SubnetPool.address_scope_id" to this GROUP BY clause. Because the
subnet pool (for IPv4) is unique for the FIP subnet, the returned
elements in this query will be the same.
Closes-Bug: #2019186
Change-Id: Ia446e17a44b1a260971ae237841451edb97ce39f
|
|\ \ \ |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
API call "get_rule_types" should be available in new policies for
all users with READER role as this is kind of the same what was in the
old policies (ANY).
Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/882818
Closes-Bug: #2018585
Change-Id: I8281bd8a902bcaba1187565e9610d598e4ebc254
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Host haproxy configurations will be rendered by jinja2
template. And a process monitor will be used to manage
the host metadata haproxy, which takes care of the
lifecycle of the host metadata haproxy.
Partially-Implements: blueprint distributed-metadata-datapath
Change-Id: Ie7be84d503f5d60d3c50d3ac3aaaf55c13adf7af
|
|\ \ \ \ \
| |_|_|_|/
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
If openvswitch is restarted, try to notify neutron-server
that to refresh tunnel flows for every ports.
Closes-Bug: #2004041
Change-Id: Iba0ae947e3595674e63b998826daae2582bb7668
|
| |_|/ /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
With removal of the neutron client shell code this tool is
no longer usable. It had been marked for deprecation since
the Newton (9.0) cycle and unmaintained.
This code is also breaking the neutron gate pep8 job.
Change-Id: I3c0c93de0b860d9287019b7834cb8337d9668cc0
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
api extension
db model
db migration
ovo (including changes affecting push rpc)
extension driver
policies
To enable this:
* neutron-db-manage upgrade 6f1145bff34c
* ml2_conf.ini:
[ml2]
extension_drivers += port_hints
This patch also bumps neutron-lib requirement to 3.5.0.
Change-Id: I80816618285d742775bc0534510c0f874f84ed2e
Partial-Bug: #1990842
Related-Change (spec): https://review.opendev.org/c/openstack/neutron-specs/+/862133
Related-Change (n-lib api-def): https://review.opendev.org/c/openstack/neutron-lib/+/870080
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
During transition to the new secure RBAC API policies, we made mistake
with policies for FIP PFs by defining them to be available for
ADMIN_OR_PROJECT_MEMBER/READER or FIP owner.
First, rule PROJECT_MEMBER/READER is not appropriate in this case as FIP PFs
don't have tenant_id attribute at all and belongs to the owner of FIP always.
Second issue was that any FIP owner, even with just READER role could possibly
e.g. create port forwarding.
To fix that, this patch changes those API policies to new rules:
ADMIN_OR_PARENT_OWNER_READER
ADMIN_OR_PARENT_OWNER_MEMBER
Closes-Bug: #2018989
Change-Id: Ibff4c4f5b6d020fd598831a8a6e8ec0e2f559005
|
| |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
During transition to the new secure RBAC API policies, we made mistake
with policies for QoS rules by defining them to be available for
ADMIN_OR_PROJECT_READER. This can't be like that as QoS rules don't have
tenant_id attribute and belongs always to the owner of the QoS policy.
To fix that, this patch introduces new rules:
ADMIN_OR_PARENT_OWNER_READER
ADMIN_OR_PARENT_OWNER_MEMBER
and uses those in the QoS rules APIs.
Closes-Bug: #2018727
Change-Id: I522aeab5094b3f4854303d5e18f3abf6130fb33c
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Some files are using strings access_as_shared or access_as_external
instead of using defined constants ACCESS_SHARED and ACCESS_EXTERNAL.
This commit is doing the cleaning it does not bring any functional
change.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ib75326c762776c5259740cb2f0abc1163842f95d
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Up until now, we needed to remove all logging objects to see the
meter-band properties being changed after a server restart. Now we check
for inconsistencies between the neutron configuration and the OVN
meter-band object after a restart. The function create_ovn_fair_meter is
now located in the ovn_driver instead of the log_driver so as to be able
to call it from the maintenance task.
Closes-bug: #2017145
Signed-off-by: Elvira García <egarciar@redhat.com>
Change-Id: I24cef85ed68c893a740445707f88296d763c8de8
|
|\ \ \ \
| | |_|/
| |/| | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The metadata agent extension needs the patch ports informations
between br-int and br-meta to add direct flows.
Partially-Implements: blueprint distributed-metadata-datapath
Change-Id: I58f3813ed9a4c4006ebb62e613ef4dc07a17a23b
|
|\ \ \ \
| |_|/ /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
It was originally added due to [1] which is
already reverted[2] as pyroute2>=0.5.5 included
the fix, so the retries hack can also be removed.
[1] https://review.opendev.org/c/openstack/neutron/+/631275
[2] https://review.opendev.org/c/openstack/neutron/+/698854
Related-Bug: #1811515
Change-Id: I6d7b1c82c19d93c4a24f253bdc4c5b6164cfbaaa
|
|\ \ \ \
| |/ / /
|/| | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
As part of the Secure RBAC community goal, we should switch options
"enforce_new_defaults" and "enforce_scope" to be True by default.
It will be still possible to fallback to old policy rules by configuring
those config options to False in Neutron config.
Change-Id: I09c0026ccf87e6c0bb1fa59165c03dc508fba6fa
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
A network's MTU is now only valid if it is the minimum value
allowed based on the IP version of the associated subnets,
68 for IPv4 and 1280 for IPv6.
This minimum is now enforced in the following ways:
1) When a subnet is associated with a network, validate
the MTU is large enough for the IP version. Not only
would the subnet be unusable if it was allowed, but the
Linux kernel can fail adding addresses and configuring
network settings like the MTU.
2) When a network MTU is changed, validate the MTU is large
enough for any currently associated subnets. Allowing a
smaller MTU would render any existing subnets unusable.
Closes-bug: #1988069
Change-Id: Ia4017a8737f9a7c63945df546c8a7243b2673ceb
|
|\ \ \ \ \ |
|
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
In fullstack and functional tests where OVSPortFixture is used to create
port in OVS bridge, just after port was created by ovs interface driver,
DEAD_VLAN tag was removed from the port as it's not needed in tests.
But this could cause race condition and instead of removing DEAD_VLAN
tag, actually correct tag configured by e.g. neutron_openvswitch_agent
was removed and traffic to such port wasn't working at all.
To avoid that race, now method which adds setting DEAD_VLAN tag to the
port_replace transaction is now mocked so there will be no DEAD VLAN tag
set on such port at all.
This patch also removes unstable test decorator from the
TestDhcpAgentHA.test_multiple_agents_for_network fullstack test as it
seems for me that this was the reason why this test was failing pretty
often.
Closes-Bug: #2000150
Change-Id: I3938c94bbd531fac461e80e791c128821a4f837f
|
|\ \ \ \ \ |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
A method is added as opposed to having a synthetic field on a router for
performance reasons: gateways will only be queried when needed to use
the external gateways feature API calls.
Partial-Bug: #2002687
Change-Id: Iddde9d986b024109bdb7c2aa777a1b017b6a35ab
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Based on bug #2008712 if we have a security-group which
is the remote group of a 2nd security-group, the backend
never deletes the rule of the 2nd group which
remote_group_id is the original security-group.
By AFTER_DELETE event for each rule that has the
security_group_id as remote_group_id, we can make the
mech drivers do their work and delete these rules in the
backend.
Change-Id: I207ecf7954b06507e03cb16b502ceb6e2807e0e7
Closes-Bug: #2008712
|
|\ \ \ \ \ \
| | |_|/ / /
| |/| | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It's not needed to create such port manually as it will be always
created by neutron when subnet is created.
Co-Authored-By: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Trivial-Fix
Change-Id: I9499678fe244187977576cece101e28aa359a0d7
|
|\ \ \ \ \ \
| |/ / / / / |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This module needs to ensure that common config options
(core_plugin option especially) is registered.
Otherwise this test module can't be successfully run
without other tests as it was then failing due to
unregistered config option.
Trivial-fix
Change-Id: Ibd3e35955bd9030fb52b8f4700f115bbf20cc999
|
|\ \ \ \ \ \
| |/ / / / / |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This module needs to ensure that common config options (service_plugins
option especially) is registered. Otherwise this test module can't be
successfully run without other tests as it was then failing due to
unregistered config option.
Trivial-fix
Change-Id: I0031bb4dd16976b699bbd4b6b211acf8255a6ef1
|
|\ \ \ \ \ \
| |/ / / / / |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
API call get_availability_zone should be available in new policies for
all users with READER role as this is kind of the same what was in the
old policies (ANY).
Closes-bug: #2016266
Change-Id: I8a99bc52bd815fb3395e902fc8f85cf5f187e288
|
|\ \ \ \ \ \ |
|
| |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Those modules needs to ensure that common config options
are registered.
Otherwise it can't be successfully run without other tests as it was
then failing due to unregistered config option.
Trivial-fix
Change-Id: I49b1ba8e7e455c701f983a80ca6ca1451e4bbd27
|
|\ \ \ \ \ \ |
|
| | |_|/ / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | | |
Related-Bug: #2006603
Change-Id: Icbd0bb46a8a8c169279301b26ac92e0f459e1d87
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
With ovsdbapp-2.3.0 release 'db_set' method excepts
if_exists(defaults to True) option.
The default behavior made the test to fail
as it was expecting transaction to fail.
Adding if_exists=False so it persists the
old behavior.
Closes-Bug: #2018130
Change-Id: I3dfdb0cce89cb860991a731b9a03313402956ddf
|
|\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In OVN 22.09, the option "localnet_learn_fdb" was added so that
localnet ports can learn MAC addresses and store them in the FDB
table. This avoids flooding issues for VMs on provider networks
when port security is disabled
Closes-Bug: #2012069
Change-Id: I93574b4fe9a79b649bfe755cf7e0697ccc7eb83a
|
|\ \ \ \ \ \ |
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
First, the _stop_keepalived_manager() was doing redundant work of
the KeepalivedManager.disable() method. I.e. SIGTERM pid
wait for 5s and then SIGKILL. Therefore I removed that code from the
test file.
Next, I wrapped the self.manager.disable() to handle for the non atomic
operation of the disable() function where SIGTERM can sometimes stop
the process right before the SIGKILL is called. We dont want this to
fail the test as shown in the linked bug.
Closes-Bug: #2017037
Change-Id: Ide244c079094f60779ce446283e5d51ae15e9af3
|