| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This improves the performance of the database when fetching a list of ports
for a project user. This change creates an inner join with the networks
belonging to the ports.
Previous SQL query:
SELECT ports ...
FROM network, ports ...
WHERE ports.project_id = <project>
OR ports.network_id = networks.id
AND networks.project_id = <project>
Current SQL query:
SELECT ports ...
FROM ports
INNER JOIN networks ON networks.id = ports.network_id
WHERE ports.project_id = <project>
OR networks.project_id = <project>
Closes-Bug: #2016704
Change-Id: I9c49a307956ecfbf8bd2e866cefb21a212c38bd6
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Fixed bug when config option use_random_fully is
set to False all routers accept one configured
by l3 agent with iptables "--random-fully" option.
Also added storing of use iptables --random-fully
config option to "_random_fully" class variable
of IptablesManager to reduce checks of iptables
version by instances of this class.
Closes-Bug: #2018599
Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
PostgreSQL requires to add the table keys selected in the SELECT clause
in the later GROUP BY clause. This patch is adding
"SubnetPool.address_scope_id" to this GROUP BY clause. Because the
subnet pool (for IPv4) is unique for the FIP subnet, the returned
elements in this query will be the same.
Closes-Bug: #2019186
Change-Id: Ia446e17a44b1a260971ae237841451edb97ce39f
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
API call "get_rule_types" should be available in new policies for
all users with READER role as this is kind of the same what was in the
old policies (ANY).
Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/882818
Closes-Bug: #2018585
Change-Id: I8281bd8a902bcaba1187565e9610d598e4ebc254
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html
Change-Id: I6c338033fc56aeb829a35373cef7df9eaaf0a03a
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Host haproxy configurations will be rendered by jinja2
template. And a process monitor will be used to manage
the host metadata haproxy, which takes care of the
lifecycle of the host metadata haproxy.
Partially-Implements: blueprint distributed-metadata-datapath
Change-Id: Ie7be84d503f5d60d3c50d3ac3aaaf55c13adf7af
|
| |\ \ \ \ \ \
| |_|_|_|/ /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If openvswitch is restarted, try to notify neutron-server
that to refresh tunnel flows for every ports.
Closes-Bug: #2004041
Change-Id: Iba0ae947e3595674e63b998826daae2582bb7668
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
With removal of the neutron client shell code this tool is
no longer usable. It had been marked for deprecation since
the Newton (9.0) cycle and unmaintained.
This code is also breaking the neutron gate pep8 job.
Change-Id: I3c0c93de0b860d9287019b7834cb8337d9668cc0
|
| |\ \ \ \ \ \
| |_|_|/ / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We had a number of code blocks that were being incorrectly rendered
inside block quotes, which messed with formatting somewhat. Correct
them. This was done using the following script:
sphinx-build -W -b xml doc/source doc/build/xml
files=$(find doc/build/xml -name '*.xml' -print)
for file in $files; do
if xmllint -xpath "//block_quote/literal_block" "$file" &>/dev/null; then
echo "$file"
fi
done
Note that this also highlighted a file using DOS line endings. This is
corrected.
Change-Id: If63f31bf13c76a185e2c6eebc9b85f9a1f3bbde8
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
api extension
db model
db migration
ovo (including changes affecting push rpc)
extension driver
policies
To enable this:
* neutron-db-manage upgrade 6f1145bff34c
* ml2_conf.ini:
[ml2]
extension_drivers += port_hints
This patch also bumps neutron-lib requirement to 3.5.0.
Change-Id: I80816618285d742775bc0534510c0f874f84ed2e
Partial-Bug: #1990842
Related-Change (spec): https://review.opendev.org/c/openstack/neutron-specs/+/862133
Related-Change (n-lib api-def): https://review.opendev.org/c/openstack/neutron-lib/+/870080
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
During transition to the new secure RBAC API policies, we made mistake
with policies for FIP PFs by defining them to be available for
ADMIN_OR_PROJECT_MEMBER/READER or FIP owner.
First, rule PROJECT_MEMBER/READER is not appropriate in this case as FIP PFs
don't have tenant_id attribute at all and belongs to the owner of FIP always.
Second issue was that any FIP owner, even with just READER role could possibly
e.g. create port forwarding.
To fix that, this patch changes those API policies to new rules:
ADMIN_OR_PARENT_OWNER_READER
ADMIN_OR_PARENT_OWNER_MEMBER
Closes-Bug: #2018989
Change-Id: Ibff4c4f5b6d020fd598831a8a6e8ec0e2f559005
|
| |\ \ \ \ \ \ \ \
| |/ / / / / / /
| | | / / / / /
| |_|/ / / / /
|/| | | | | | |
|
| | | |_|_|/ /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
During transition to the new secure RBAC API policies, we made mistake
with policies for QoS rules by defining them to be available for
ADMIN_OR_PROJECT_READER. This can't be like that as QoS rules don't have
tenant_id attribute and belongs always to the owner of the QoS policy.
To fix that, this patch introduces new rules:
ADMIN_OR_PARENT_OWNER_READER
ADMIN_OR_PARENT_OWNER_MEMBER
and uses those in the QoS rules APIs.
Closes-Bug: #2018727
Change-Id: I522aeab5094b3f4854303d5e18f3abf6130fb33c
|
| |\ \ \ \ \ \
| |/ / / / /
|/| | | | | |
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This functionality will be kept in the code as experimental as long
as no bugs are reported againts this feature.
This patch also marks the config option "ipv6_pd_enabled" as
experimental. In order to enable this flag, it is needed to configure
the "experimental.ipv6_pd_enabled" flag too.
Related-Bug: #1916428
Change-Id: I27aeed74f308d5bdf0210e76d9557f95b66c71bf
|
| |\ \ \ \ \ |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Some files are using strings access_as_shared or access_as_external
instead of using defined constants ACCESS_SHARED and ACCESS_EXTERNAL.
This commit is doing the cleaning it does not bring any functional
change.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ib75326c762776c5259740cb2f0abc1163842f95d
|
| |\ \ \ \ \ \ |
|
| | |/ / / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Up until now, we needed to remove all logging objects to see the
meter-band properties being changed after a server restart. Now we check
for inconsistencies between the neutron configuration and the OVN
meter-band object after a restart. The function create_ovn_fair_meter is
now located in the ovn_driver instead of the log_driver so as to be able
to call it from the maintenance task.
Closes-bug: #2017145
Signed-off-by: Elvira GarcĂa <egarciar@redhat.com>
Change-Id: I24cef85ed68c893a740445707f88296d763c8de8
|
| |\ \ \ \ \ \
| |_|/ / / /
|/| | | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
As was discussed in Neutron team meeting [1], we are going to deprecated
support for running Neutron on Windows OS in 2023.2 cycle and remove it
in 2024.2.
This decision was made due to the fact that the only company who was
behind Winstackers project and was maintaining this Windows support in
Neutron is no longer interested in maintaining it [2].
Closes-Bug: #2015844
[1] https://meetings.opendev.org/meetings/networking/2023/networking.2023-04-18-14.01.log.html#l-66
[2] https://lists.openstack.org/pipermail/openstack-discuss/2022-November/031044.html
Change-Id: I687204d83c6b2e404785bcdec42e80f2b0e8ac2b
|
| |\ \ \ \ \ \
| | |_|_|/ /
| |/| | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
The metadata agent extension needs the patch ports informations
between br-int and br-meta to add direct flows.
Partially-Implements: blueprint distributed-metadata-datapath
Change-Id: I58f3813ed9a4c4006ebb62e613ef4dc07a17a23b
|
| |\ \ \ \ \ \ |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
It was originally added due to [1] which is
already reverted[2] as pyroute2>=0.5.5 included
the fix, so the retries hack can also be removed.
[1] https://review.opendev.org/c/openstack/neutron/+/631275
[2] https://review.opendev.org/c/openstack/neutron/+/698854
Related-Bug: #1811515
Change-Id: I6d7b1c82c19d93c4a24f253bdc4c5b6164cfbaaa
|
| |\ \ \ \ \ \ \
| |_|_|_|/ / /
|/| | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
in [1] a lock was introduced with the goal of preventing subnets from
being deleted while ports are being created in them in parallel.
This was acheived by aquiring an exclusive lock on the row of the
subnet in the Subnet table when adding/modifying a port or deleting
the subnet.
However as this was a exclusive lock it also prevented concurrent port
modifications on the same subnet from happening. This can cause
performance issues on environment with large shared subnets (e.g. a
large external subnet).
To reduce the lock contention for this case we split the lock in two
parts:
* For normal port operations we will aquire a shared lock on the
row of the subnet. This allows multiple such operations to happen in
parallel.
* For deleting a subnet we will aquire an exclusive lock on the row of
the subnet. This lock can not be aquired when there is any shared
lock currently on the row.
With this we maintain the same locking level as before, but reduce the
amount of lock contention happening and thereby improve throughput.
The performance improvement can be measured using rally test [2].
(improving from 21 to 18 seconds).
Alternatively it can be tested using 250 parallel curl calls to create a
port in the same network. This improves from 113s to 42s.
[1]: https://review.opendev.org/c/openstack/neutron/+/713045
[2]: https://github.com/openstack/rally-openstack/blob/master/samples/tasks/scenarios/neutron/create-and-delete-ports.json
Closes-Bug: #2009055
Change-Id: I31b1a9c2f986f59fee0da265acebbd88d2f8e4f8
|
| |\ \ \ \ \ \ \
| |_|/ / / / /
|/| | | | | | |
|
| | | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
As part of the Secure RBAC community goal, we should switch options
"enforce_new_defaults" and "enforce_scope" to be True by default.
It will be still possible to fallback to old policy rules by configuring
those config options to False in Neutron config.
Change-Id: I09c0026ccf87e6c0bb1fa59165c03dc508fba6fa
|
| |\ \ \ \ \ \ \ |
|
| | | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
A network's MTU is now only valid if it is the minimum value
allowed based on the IP version of the associated subnets,
68 for IPv4 and 1280 for IPv6.
This minimum is now enforced in the following ways:
1) When a subnet is associated with a network, validate
the MTU is large enough for the IP version. Not only
would the subnet be unusable if it was allowed, but the
Linux kernel can fail adding addresses and configuring
network settings like the MTU.
2) When a network MTU is changed, validate the MTU is large
enough for any currently associated subnets. Allowing a
smaller MTU would render any existing subnets unusable.
Closes-bug: #1988069
Change-Id: Ia4017a8737f9a7c63945df546c8a7243b2673ceb
|
| |\ \ \ \ \ \ \ \ |
|
| | |/ / / / / / /
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
This patch fixes the issues reported in the
"neutron-ovn-tempest-with-uwsgi-loki" job:
* The missing retry decorators in some ``TapPlugin`` methods.
* Added a session flush in
``OVNL3RouterPlugin.create_router_precommit``. In case the router
creation fails before the creation of the initial
``OVNRevisionNumbers`` register, the transaction is retried.
That will prevent from trying to retrieve a router standard
attribute that doesn't exist, due to a previous error.
Closes-Bug: #2017131
Change-Id: Idbf7ea6018146b67387f2ff99e281e32170ba039
|
| |\ \ \ \ \ \ \ \ |
|
| | | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
``DBConnection`` class does not retrieve the URL string
correctly and cannot connect to the database. This patch
replaces it with default writer context that any database
operation transaction uses in Neutron.
Closes-Bug: #2015847
Change-Id: I60523690bc170ec4ba81312ada0f2d83542cae67
|
| |\ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
In fullstack and functional tests where OVSPortFixture is used to create
port in OVS bridge, just after port was created by ovs interface driver,
DEAD_VLAN tag was removed from the port as it's not needed in tests.
But this could cause race condition and instead of removing DEAD_VLAN
tag, actually correct tag configured by e.g. neutron_openvswitch_agent
was removed and traffic to such port wasn't working at all.
To avoid that race, now method which adds setting DEAD_VLAN tag to the
port_replace transaction is now mocked so there will be no DEAD VLAN tag
set on such port at all.
This patch also removes unstable test decorator from the
TestDhcpAgentHA.test_multiple_agents_for_network fullstack test as it
seems for me that this was the reason why this test was failing pretty
often.
Closes-Bug: #2000150
Change-Id: I3938c94bbd531fac461e80e791c128821a4f837f
|
| | | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | |
| | | | | | | | | | |
Wrong links were introduced long time ago, this is setting the good
links.
Change-Id: Ib3dbe570f3aecb9533fa4623726db5551fd87100
Signed-off-by: Arnaud Morin <arnaud.morin@ovhcloud.com>
|
| |\ \ \ \ \ \ \ \ \ \ |
|
| | | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | |
| | | | | | | | | | | |
A method is added as opposed to having a synthetic field on a router for
performance reasons: gateways will only be queried when needed to use
the external gateways feature API calls.
Partial-Bug: #2002687
Change-Id: Iddde9d986b024109bdb7c2aa777a1b017b6a35ab
|
| |\ \ \ \ \ \ \ \ \ \ \ |
|
