| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Update HA Network creation to use an admin context to allow Neutron
to create the tenant-less network required for the HA router when
it does not yet exist and is being created by a non-admin user.
Neutron creates these resources without a tenant so users cannot see
or modify the HA network, ports, etc. Port creation and association
already use elivated admin contexts to allow their function when
an user attempts to create a HA L3 router.
Conflicts:
neutron/tests/unit/db/test_l3_ha_db.py
Change-Id: I36166158a0970b8d08d6702054b11a43fb684281
Closes-Bug: #1388716
(cherry picked from commit cc9bc24229f1d79dc99303db1affc03c030c011e)
|
|/ / / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The openvswitch core plugin has been removed but not its associated
"neutron.core_plugins" entry point. This change removes it from
setup.cfg.
Change-Id: I79f7c334cdeb0f4d0d68743734f69c0ec8523467
Related-Bug: #1323729
Closes-Bug: #1391326
(cherry picked from commit f36c29903afb713670f9e7c3f9530e117dfc6bcb)
|
|\ \ \ \ |
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
While plugging vif, VIFDriver in Nova follows "ovs_hybrid_plug" and
"port_filter" in "binding:vif_detail" which is passed from Neutron, but
those are always true. This patch make ML2 OVS mech driver set those
param depends on enable_security_group flag. It enables users to avoid
ovs_hybrid plugging.
This patch also fixes the same issue in the following plugins/drivers:
* NEC Plugin
* BigSwitch Plugin
* Ryu Plugin
* ML2 Plugin - OFAgent Mech Driver
Closes-Bug: #1336624
Change-Id: I2b7fb526a6f1b730ad65289307b24fd28b996e1b
(cherry picked from commit e73f8da072cb41559ecee7f29f864a10db475444)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This patch will allow an IPv6 subnet configured with SLAAC
(or dhcpv6-stateless) to be attached to a router interface.
Closes-Bug: #1382076
Change-Id: If0c48a7287a828eef4a0f0b0859d4f898d2937bd
(cherry picked from commit 95accb535017f1384b38b12eb78f0e58287d8e08)
|
|\ \ \ \ |
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The ssl.get_server_certificate method uses SSLv3 by default.
Support for SSLv3 was dropped on the backend controller in
response to the POODLE vulnerability. This patch fixes it
to use TLSv1 like the wrap_socket method.
Closes-Bug: #1384487
Change-Id: I9cb5f219d327d62168bef2d7dbee22534b2e454e
(cherry picked from commit 77e283c94f51e21dcf126a316098c54a7cdfca0f)
|
|\ \ \ \ |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
There is a bug in dhcp agent code that when first port is created
in an IPv6 subnet, DHCP port is not automatically created.
This fix resolves this problem by removing the IP version check
in configure_dhcp_for_network method.
Change-Id: If3f405d367a7099d9f33d72d11ffcb7a393abe23
Closes-Bug: #1367500
(cherry picked from commit 1b66e11b5d8c0b3de0610ca02c3e10b6f64ae375)
|
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Remove time.sleep method reference in class and use time.sleep directly.
Change-Id: Ib4c02061b29c0d584d603746a78ab50922f781c3
Closes-Bug: 1375698
(cherry picked from commit 8e36ba8d24c198cb5e6c0e4ddc29a08904e3e10c)
|
|\ \ \ \
| | | | |
| | | | |
| | | | | |
into stable/juno
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Remove the vm network delete call to the VSM on final port call and
ensure that vm network is deleted from the database when the port count
becomes 0.
Change-Id: I6c08a099adfce2fdba8eefec6aadeb68a780ac37
Closes-Bug: 1373547
(cherry picked from commit 4e1c4cbcd71833095534bea9ff7617c582c300d2)
|
|\ \ \ \ \
| |_|/ / /
|/| | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
With l2pop enabled, race exists in delete_port_postcommit
when both create/update_port and delete_port deal with
different ports on the same host, where such ports are
either the first (or) last on same network for that host.
This race happens outside the DB locking zones in
the respective methods of ML2 plugin.
To fix this, we have moved determination of
fdb_entries back to delete_port_postcommit and removed
delete_port_precommit altogether from l2pop mechanism
driver. In order to accomodate dvr interfaces, we
are storing and re-using the mechanism-driver context
which hold dvr-port-binding information while
invoking delete_port_postcommit. We loop through
dvr interface bindings invoking delete_port_postcommit
similar to delete_port_precommit.
Closes-Bug: #1372438
Change-Id: If0502f57382441fdb4510c81a89794f57a38e696
(cherry picked from commit 3cd2163d5105faad389bee5175ef446f0bb90289)
|
|\ \ \ \ \
| |_|_|/ /
|/| | | |
| | | | | |
into stable/juno
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Previously, the NSX plugin prevented one from creating multiple networks on
the same vlan even if they were being created on different physical_networks.
This patch corrects this issue and allows this to now occur.
Closes-bug: 1367034
Change-Id: I343449648304328dffdd5ba070491e05686ee22d
(cherry picked from commit 6d1f864531d169a54bc239561840176012629316)
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Switch to TLSv1 for the connections to the backend
controllers. The default SSLv3 is no longer considered
secure.
TLSv1 was chosen over .1 or .2 because the .1 and .2 weren't
added until python 2.7.9 so TLSv1 is the only compatible option
for py26.
Closes-Bug: #1384487
Change-Id: I68bd72fc4d90a102003d9ce48c47a4a6a3dd6e03
(cherry picked from commit 62588957fbeccfb4f80eaa72bef2b86b6f08dcf8)
|
|\ \ \
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch removes the step of clearing the consistency
hash from the DB before a topology sync. This will ensure
that inconsistency will be detected if the topology sync
fails.
This logic was originally there to make sure the hash header
was not present on the topology sync call to the backend.
However, the hash header is ignored by the backend in a sync
call so it wasn't necessary.
Closes-Bug: #1379510
Change-Id: I2d58fa2aea3b692834d64192d06ace727c7df8a0
(cherry picked from commit 24e4110eb284078775496501ff81630eb1619c11)
|
|\ \ \
| |/ /
|/| | |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit uses EUI64 for SLAAC and stateless IPv6 address
when subnet id in fixed_ip is specified.
After this patch, all the ports created on a subnet which has
ipv6_address_mod=slaac or ipv6_address_mod=dhcpv6-stateless
will use EUI64 as the address.
This patch also checks if fixed IP address is specified
for a IPv6 subnet with address mode slaac or dhcpv6-stateless
during creating or updating a port. If yes, raise InvalidInput
error to stop the port creation or update.
Remove unit test test_generated_duplicate_ip_ipv6 because
fixed_ip should not be specified for a slaac subnet.
Change-Id: Ie481cfb2f4313baf44bf1a838ebda374a5c74c6a
Closes-Bug: 1330826
(cherry picked from commit 3ba06618f79fed899188aac87a8694b3344ee995)
|
|/
|
|
|
|
|
| |
Bump version to next stable release on juno branch, and set
defaultbranch in .gitreview for convenience.
Change-Id: Ib6bd6b400ae15d5ae1bcb99b11221d58b9acae70
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The code no longer references the updated_routers and removed_routers
sets. This should have been cleaned up before but was missed.
Closes-bug: #1232525
Change-Id: I0396e13d2f7c3789928e0c6a4c0a071b02d5ff17
(cherry picked from commit edb26bfcddf9d9a0e95955a6590d11fa7245ea2b)
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
While the HA property is update-able, and resulting router-get
invocations suggest that the router is HA, the migration
itself fails on the agent. This is deceiving and confusing
and should be blocked until the migration itself is fixed
in a future patch.
Change-Id: I4171ab481e3943e0110bd9a300d965bbebe44871
Related-Bug: #1365426
Closes-Bug: #1378525
(cherry picked from commit 1fd7dd99ca7e5e9736200360aa354cada7fb43ff)
|
| |
| |
| |
| |
| |
| | |
Change-Id: Iea584b00329d9474c14847db958f8743d4058525
Closes-Bug: #1378855
(cherry picked from commit 4e8a5b7de71ba6f8c050c424613c025310498940)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add an explicit schema relationship between a router and its ports. This
change ensures referential integrity among the entities and prevents orphaned
ports.
Change-Id: I09e8a694cdff7f64a642a39b45cbd12422132806
Closes-Bug: #1378866
(cherry picked from commit 93012915a3445a8ac8a0b30b702df30febbbb728)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In Juno we are not ready for allowing the IPv6 attributes on a subnet
to be updated after the subnet is created, because:
- The implementation for supporting updates is incomplete.
- Perceived lack of usefulness, no good use cases known yet.
- Allowing updates causes more complexity in the code.
- Have not tested that radvd, dhcp, etc. behave OK after update.
Therefore, for now, we set 'allow_put' to False for the two IPv6
attributes, ipv6_ra_mode and ipv6_address_mode. This prevents the
modes from being updated via the PUT:subnets API.
Closes-bug: #1378952
Change-Id: Id6ce894d223c91421b62f82d266cfc15fa63ed0e
(cherry picked from commit 8a08a3cb47d0dd69d4aa2e8fa661d04054fe95ae)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Similar to the way we are skipping tests in the OneConvergence plugin,
introduced by Kevin Benton in 9294de441e684a81f6e802ba0564083f1ad319d6.
Partial-Bug: #1378952
Change-Id: I1650b0708af73ce63e92c55bc842607bb69efe60
(cherry picked from commit 67962943969bc737a3f680a0defc2fc9df03c429)
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Since we've replaced oslo-incubator RPC layer with oslo.messaging, we
don't ship any code that uses kombu.
Change-Id: Ia8a74f1326ecd98c47cbe447f04d475bf61e19d3
(cherry picked from commit 424c7faa75d96950d80f49f20f5414d1a297af72)
|
|\ \ \
| |/ / |
|
| |/
| |
| |
| | |
Change-Id: Ifb5cac5b1529fef7862f5a63a0d1592f5bcc01d0
|
| |
| |
| |
| | |
Change-Id: I67a0eec64c0e0513df3f3e9f1f3489086f6316f9
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On systems that start both neutron-server and neutron-l3-agent together,
there is a chance that the first call to neutron will timeout. Retry upto
4 more times to avoid the l3 agent exiting on startup.
This should make the l3 agent a little more robust on startup but still
not ideal, ideally it wouldn't exit and retry periodically.
Change-Id: I2171a164f3f77bccd89895d73c1c8d67f7190488
Closes-Bug: #1353953
Closes-Bug: #1368152
Closes-Bug: #1368795
(cherry picked from commit e7f0b56d74fbfbb08a3b7a0d2da4cefb6fe2aa67)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Adds an external IPs field to the external gateway information
for a router so the external IP address of the router can be
read by the tenant.
DocImpact
Closes-Bug: #1255142
Change-Id: If4e77c445e9b855ff77deea6c8df4a0b3cf249d4
(cherry picked from commit c7baaa068ed1d3c8b02717232edef60ba1b655f6)
|
|\ \
| | |
| | |
| | | |
into proposed/juno
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Address prefix to use with slaac and stateless ipv6 address modes
should be equal to 64 in order to work properly.
The patch adds corresponding validation and fixes unit tests
accordingly.
Change-Id: I6c344b21a69f85f2885a72377171f70309b26775
Closes-Bug: #1357084
(cherry picked from commit 0d8911115e1b722da2f1e92f444e53b22223ee32)
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The fix adds missing methods into generic Firewall class
and in NoopFirewall driver class.
Change-Id: I6402448075ed414434dc007f5c403fc85b6b1456
Closes-Bug: #1369685
Related-Bug: #1365806
(cherry picked from commit 9a6c073656a7e0b1a26b2bca0ba381489d04e322)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a router is already unbound from an l3 agent, don't fail. Log
the condition and go on. This is harmless since it can happen
due to a delete race condition between multiple neutron-server
processes. One delete request can determine that it needs to
unbind the router. A second process may also determine that it
needs to unbind the router. The exception thrown will result
in a port delete failure and cause nova to mark a deleted instance
as ERROR.
Change-Id: Ia667ea77a0a483deff8acfdcf90ca84cd3adf44f
Closes-Bug: 1367892
|
|
|
|
|
|
|
|
|
| |
This changeset removes the openvswitch plugin, but retains the agent for ML2
The database models were not removed since operators will need to migrate the
data.
Change-Id: I8b519cb2bbebcbec2c78bb0ec9325716970736cf
Closes-Bug: 1323729
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Changes in commit 7f8ae630b87392193974dd9cb198c1165cdec93b moved
pid files handled by agent/linux/external_process.py from
$state_path/external/<uuid>.pid to $state_path/external/<uuid>/pid
that breaks the neutron-ns-metadata-proxy respawn after upgrades
becase the l3 or dhcp agent can't find the old pid file so
they try to start a new neutron-ns-metadata-proxy which won't
succeed, because the old one is holding the port already.
Closes-Bug: #1376128
Change-Id: Id166ec8e508aaab8eea35d89d010a5a0b7fdba1f
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Three of the migration scripts are causing failures with DB2.
- DB2 doesn't support nullable column in primary key
- Hard coded SQL statements which use False/True as Boolean arguments
are not compatible with DB2. In DB2, Boolean columns are created as
small integer with a constraint to allow only 0 & 1.
- Hardcoded update rows from other table sql is not compatible with DB2
- Foreign key constraints require additional handling
Co-authored-by: Rahul Priyadarshi <rahul.priyadarshi@in.ibm.com>
Change-Id: I82e2d1c522b81fed90a1e5cc6f2321f80797cf7b
Closes-Bug: #1328019
|
|\ \ \ |
|