This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I784e8df1324f3905c811c869fd689780c361965b
The GBP L3 plugin is using the old quotas driver. This prevents
per-project quotas for L3 resources. The L3 plugin should be
changed to support the new qutoas driver.
Change-Id: Idbc651a905ca5c567527ba2094a83b2d0486ca9a
Closes-Bug: 1709456
(cherry picked from commit 194dd33947)
(cherry picked from commit 41152b4fde)
(cherry picked from commit c5a45bd3ce)
The router interface port status shows as down after connecting the
router to a subnet on a tenant network. This patch fixes the behavior
by calling update_port to bind the port, which changes its status to ACTIVE.
Change-Id: I4bee2cca0eb5b5d40fb802c31307c2608e5b8d8f
Closes-Bug: 1709453
(cherry picked from commit 632d82eef9)
(cherry picked from commit cb0497c537)
(cherry picked from commit f74281b3e9)
Deleting a router or just clearing the gateway in a non-admin project
fails when the external network has SNAT subnets. This patch fixes
that issue.
Change-Id: Ic75b2acc975ab9ba529d539a0abad189430ed737
Closes-Bug: 1709615
The change:
I04fb4b323029772bf417a8548ae43e2c93647b65
introduced conditional patching of the delete_subnet
method of the ML2 plugin. On account of this conditional
logic, the delete_subnet method is not patched with RH OSP9,
and consequently the transaction guard decorated version
of the delete_subnet method gets used and prevents
calling the method from within a GBP method's transaction.
This patch enhances the conditional logic by removing
the transaction guard when the delete_subnet method is not
patched.
Change-Id: Ib44f432623a06220ffee8e6bf47568c56f952be9
Recent versions of Red Hat OpenStack Director's stable/mitaka
release -- as of neutron 8.3.0-9 -- include a patch that was
abandoned upstream (see stable/mitaka version of patch with the
Change ID of Ie29acfbe323b60205ade9d660f7497f5bf4a35ca). While
this patch addresses a bug found in some configurations, it removes
code used by a similar monkey-patch applied in the GBP plugin. Since
the abandoned patch provides the same protection as the GBP monkey-patch,
we should only apply the GBP monkey-patch if the one from Red Hat hasn't
been applied already.
Change-Id: I04fb4b323029772bf417a8548ae43e2c93647b65
The stable/mitaka branch for neutron has been end-of-life'd.
This patch fixes GBP to use the EOL package version.
Change-Id: Ie9674f787755ebb17b5f98b6d317410595a5ffef
The standard-attr-description extension isn't being honored during
floatingip update operations, due to the fact that the upstream neutron
code has been monkey-patched by GBP. This change set fixes the GBP
monkey-patch to properly support the standard-attr-description extension.
Change-Id: I874052879d3a51545a5b47cc362071d3f3e031d0
Closes-Bug: 1702073
To limit the UTs that are being run. The following paths
are being excluded to speed up py27 job excution and avoid
timeouts in the gate.
gbpservice/neutron/contrib
gbpservice/neutron/tests/unit/services/nfp
gbpservice/neutron/tests/unit/test_extension_group_policy.py
gbpservice/neutron/tests/unit/test_extension_group_policy_mapping.py
gbpservice/neutron/tests/unit/test_extension_servicechain.py
Change-Id: Id08dfba864fa95833cba564c4543aedf2581b136
Both the ml2plus core plugin and grouppolicy service plugin use the
retry_if_session_inactive decorator from newton.
Change-Id: I3047446068bd6be449d830018b5a1ef31233fdf9
In concurrent execution cases a failure can occur in the Neutron
IPAM component due to failure to obtaining a lock. In such cases
the IPAM component raises a retry exception which should be not
be eaten, but relayed as is so that the operation can be retried.
This patch checks if the exception raised during a subnet allocation
from a subnetpool fails due to a retry exception, and if so, raises
it as is to facilitate a retry.
Change-Id: I381cdf533b27d710f68903f0cfb516043b4607d6
Pass create_if_absent=False to AIM's get_status() to hopefully reduce
transaction retries due to DBDuplicateEntry exceptions. This required
unpinning the version of AIM used, as well as a couple of fixes in the
AIM repo.
Change the RPC handlers to use Neutron's retry_db_errors decorator
rather than its own, so that DBDuplicateEntry exceptions are retried.
Avoid logging at error level when processing retriable exceptions.
(cherry picked from commit 953e5d6ae5)
Conflicts:
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/extension_driver.py
gbpservice/neutron/plugins/ml2plus/patch_neutron.py
gbpservice/neutron/services/grouppolicy/drivers/cisco/apic/aim_mapping_rpc.py
test-requirements.txt
Change-Id: I53740eea3cb7cacafceae589deec3b573ef6a68a
The implicit policy created for the auto-PTG does not allow traffic
for IPv6. This prevents IPv6 traffic from flowing between PTs in the
auto-PTG and user-created PTGs, which includes things like ICMPv6,
DHCPv6, and IPv6 DNS and HTTP traffic between the DHCP server and PTs.
Change-Id: I28fe713e24744e36e2912d7f5d830b64a658f8bd
Closes-Bug: 1696438
(cherry picked from commit 5dc13b75a6)
The stable/mitaka version of the retry decorator does not account
for all the DB exceptions (which were later added in the Newton
release). This patch defines a new retry decorator which adds
these exceptions and replaces the older decorator. This new
decorator is used in the GBP plugin.
Change-Id: If27786f24aa9f6e0425a25338289b0734d7a571a
In certain cases of concurrent operations we are seeing an error
which suggests that a rolled back transaction is be reused. On debugging
it has been observed that the error manifests when the code path
executes the queries that are using with_lockmode in a couple of
places in the ml2 plugin component. Removing the with_lockmode usage
seems to prevent this issue and does not seem to be affecting the
correctness of behavior even in concurrent execution situations.
This patch removes the use of the with_lockmode in the identified place
when the ml2plus plugin configured.
Change-Id: If65c238cbf49a9cfd2546ca26d37ee721f6f986c
(cherry picked from commit 9d16f2cfa3)
This adds dual-stack support for L3 Policy. It leverages
the existing parameters for subnetpools and address scopes,
and adds behaviors to support the implicit workflow.
Change-Id: Idedbb3d08b09e76abdba6d1aba0f62ba53a19a99
partially-implements: blueprint address-scope-mapping
(cherry picked from commit 3ca5037402)
A previous commit (https://review.openstack.org/#/c/450309/) added DB
tables mapping Neutron resource identities to APIC resource
identities, but did not include a data migration. This patch populates
the new tables during the DB migration with the APIC resource
identities for existing Neutron resources, using information from both
the Neutron and AIM DB tables.
Mechanism driver code that had been kept around in case it was needed
for the migration is also cleaned up.
(cherry picked from commit 20b25083f4)
Conflicts:
gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py
Change-Id: Ia8a74b9c2289060234716ce89fb4b7b3d1c29596
Manage external connectivity for all VRFs associated with a router.
Change-Id: I6016d85b433093bee960010b57a19ceb4b78b67d
(cherry picked from commit b8e7d2afd4)
Add DB tables mapping Neutron resource identities to APIC resource
identities. This reduces the amount of DB querying, and helps unify
the handling of pre-existing APIC resources with those fully
orchestrated by the apic_aim drivers.
Currently, the mappings of address scopes and networks are
persisted. Persisting the relationship between routers and VRFs will
be considered later.
Note that since this patch will be back-ported to stable/newton and
the QoS feature will not, this patch's DB migration is sequenced
before the QoS DB migration.
(cherry picked from commit 1ad0f7ae1b)
Conflicts:
gbpservice/neutron/db/migration/alembic_migrations/versions/HEAD
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/extension_db.py
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/extension_driver.py
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
Change-Id: Ie06281dde965d349d7fa1035f14124b35d60d85c
Allow subnets with different address scopes, as well as unscoped
subnets, to be attached as interfaces to the same router. Note that no
East/West routing is provided between differently scoped interfaces of
a router, but East/West routing is provided within each scope and
North/South routing is provided between each scope and the router's
gateway.
Routed IPv4 and IPv6 subnets on the same network currently either must
both be unscoped or each must be associated with isomorphic address
scopes (referencing the same VRF). Adding a subnet to a router results
in a NonIsomorphicNetworkRoutingUnsupported exception if this
constraint would be violated. Eventually, use of identity NAT to move
IPv6 traffic from the network's IPv4 VRF to its IPv6 VRF will allow
this constraint to be removed or relaxed.
A flag in interface_info is added for GBP to override network routing
topology validation when adding router interfaces. This should not be
used for any other purpose, and will eventually be removed without
warning.
External connectivity for routers associated with multiple VRFs will
require some follow-on work to correctly handle all cases.
(cherry picked from commit 824d897f37)
Conflicts:
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/mechanism_driver.py
gbpservice/neutron/tests/unit/plugins/ml2plus/test_apic_aim.py
Change-Id: Idbbd4400e570654937c2bee4577422a91224430e
Since hacking check N537 has recently been enabled on the master and
stable/newton branches, translation hints are no longer allowed on log
messages in neutron-lib and in repositories like GBP that inherit
thier hacking configuration from neutron-lib. A recent GBP patch
disabled the N537 check because we have not yet removed the
translation hints from existng GBP log messages.
This patch disables N320 and N531 for the GBP stable/mitaka branch as
well, so that translation hints will neither be required nor forbidden
for GBP log message. This allows translation hints to be incrementally
removed from existing GBP log messages, and new code to be merged and
back-ported without them.
Eventually, once all translation hints have been removed from GBP log
messages, N537 should be re-enabled in the master branch, forbidding
any new translation hints for log messages.
(cherry picked from commit e3968b97ba)
Conflicts:
tox.ini
Change-Id: Ie676b10d16c3fa32e3b72e165a1f35b72f0cc472
Allow a single IPv4 address scope and a single IPv6 address scope to
reference the same VRF, which may be pre-existing or mapped from one
of the address scopes.
(cherry picked from commit 71b3b2df67)
Conflicts:
gbpservice/neutron/plugins/ml2plus/drivers/apic_aim/extension_db.py
Change-Id: Ibe5288a3a6d5032e4c0ac509a0857ce5defafa9c
We were eating up all exceptions thrown during the ensure_tenant phase
and throwing a generic exception. In cases where the operation failed
due to concurrent operations, we would like ensure_tenant to be retried.
This adds more conditional logic to the exception handling to facilitate
retries for retriable exceptions.
Change-Id: Idbf6d82ae512b46f35f5c2b9e13b45a4ff8f1d7d
(cherry picked from commit 7c098c65e9)
This follows the same design pattern and uses the same decorator
used by Neutron. The plugin operations will be retried when
the following exceptions occur:
sqlalchemy.orm.exc.StaleDataError
oslo_db.exception.DBDeadlock
oslo_db.exception.DBConnectionError
oslo_db.exception.DBDuplicateEntry
oslo_db.exception.RetryRequest
oslo_db.exception.DBError (with 1035 code for SAVEPOINT errors)
Each operation will be tried 10 times before the actual exception
is raised. At that point the exception will be replaced by a
GroupPolicyDriverException and returned to the client. Retry logic
and decorator is implemented in Neutron and used as is.
Change-Id: I42e5a62e81f423bbc3a131953245b789cdb1c1c8
(cherry picked from commit ead7821d06)
The FlushError happens when create PTG operations happen
concurrently within the same tenant. In the context
of the create PTG post-commit implementation for
apic-mapping policy driver this error is not catastrophic.
In fact, it implies that another concurrent operation has
already succeeded in creating a subnet for this tenant. Hence
we just revert the creation of the subnet, and move on.
Change-Id: If8ab52a884d6fa33ff582f2d6e24c523203d894e
(cherry picked from commit ecf58b648c)
This patch facilitates migrating a deployment which had l3_policies prior to the
aim_mapping policy driver moving to per-l3p implicit AIM contracts (see commit:
f50db6f1ce)
The following configuration:
[aim_mapping]
create_per_l3p_implicit_contracts=True
controls if the migration step is perform. This configuration is set to True by default
and hence the migration step is always performed at the time of the initialization of the
aim_mapping driver. For l3_policies which already have associated implicit contracts,
this step is a no-op.
The migration step can be turned off by setting the above configuration to False.
A Neutron server restart is required for the config change to take effect.
Since this mogration option is only for migrating newton or prior deployments, it
will be removed in the O release.
Change-Id: I7e5f793bdf3618655600898feba64aac7c099239
(cherry picked from commit 36a8c13a2c)
The simple_chain driver is not used and not supported. Since this
is a stable branch we dont want to remove the driver. We are also not
deleting the test module, but just renaming it so that does not get
discovered in a tox run.
We are specifically targeting this test module since it has tests that
invoke the simple_chain_driver code that uses the Heat client to
connect to the Heat server. These connection attempts obviously
fail but they are retried several times, and after timing out on
each occasion. By not running these tests the hope is the py27 UT
job will speed up.
We are also patching a number of modules to reduce the logging
level from warning to info (only for UTs) to reduce the noise in
the UT logs.
Change-Id: I0170eca7b0248b390beda93e8dbd882daa676e80
Currently the py27 UT job is consistently running longer than
the gate job definition allows. One of the possible reasons
is the use of the "advanced" mode in the NFP tests initialization
which in turn causes use of RMQ server and which fails with timeouts
and multiple retries. Ideally this RMQ server use should be mocked
for UTs. This patch switches the NFP mode to "base" which does not
use the RMQ server and the timeouts are not being seen anymore.
In addition, this patch also temporarily disables the UTs in the
contrib directory to keep it consistent with the newton and master
branches where we don't see the timeout issues.
Change-Id: I2df99f1b94f5574b15c348df69300692f4e14da3
1. only associate the domain with the EPG when a port is created on
a host that belongs to this domain.
2. also dis-associate the domain when the last port among all the hosts
under this domain is deleted.
3. User has to use:
'aimctl manager host-domain-mapping-create <host_name>
--vmm_domain_name=<vmm_dom> --physical_domain_name=<phys_dom>'
to create the host -> domain mapping.
Change-Id: Ie0882117b75ada3c2f32770adc7bc147a61dfd14
(cherry picked from commit 91d7ea20a4)
(cherry picked from commit 23dd19d3f6)
The implicit AIM contracts were being earlier created
per tenant (lazily created when the first l2p is created)
and used by the default_epg and all other epgs created by
a consequence of the user actions. As we move towards a model
of supporting multiple l3ps in the same AIM VRF, we will
need per-l3p contracts to enforce isolation between l3ps. This
patch is the first step in that direction where the per-tenant
implicit contracts are now created per-l3p. Contracts are created
when l3p is created and deleted when l3p is deleted.
This patch also fixes the problem of implicit contracts being
not cleaned up when the last two l2ps in a tenant were being
deleted concurrently.
Existing AIM deployments might need to be migrated to this new model.
Migration strategies would differ per deployment but might at least
require running a script that creates the implicit contracts per
existing l3ps.
Change-Id: I7f18c672db5ffcec9ce445bc1a32d508a685c9c6
(cherry picked from commit 476e7c6506)
The current ML2plus driver throws an IPv6RoutingNotSupported
exception if a v6 subnet is attached to a neutron router. This
patch relaxes that constraint.
Change-Id: Iaebcba643eb9ad394a665521afaf4c4d7c0b1c72
partially-implements: blueprint address-scope-mapping
(cherry picked from commit 53c215d760)
(cherry picked from commit 73180e1189)
Commit 3565d7496f added the
implicit subnetpool extension. That commit limited the semantics
to only cover a single address family. This patch extends that
commit to scope the semantics by address family. This means that
there can be an implicit subnetpool per project per address family,
and there can be a shared implicit subnetpool per address family.
Change-Id: I30b3bd5ac92bd4c51927225af0b21ea5fc570d5b
Vyos service day0 configuration installation. Vyos password is
by default 'vyos' after installation. User can still customize
the password in the day0 file before service launch.
Change-Id: I5041f8b8fcfe1e70c3c2b54076d586ca87b54925
Closes-Bug: 1681471
1) Added support to utilize NFP context supported
by nfp/core. Initializes context with default
values in all external functions which are invoked
via rpcs.
2) Fixed the issue with bulk firewall rules (>250)
and which gets multipled by number of consumers.
Change-Id: I38b3cc6c3c0d5d293df709ede4065899f2f646a4
Closes-Bug: 1668198
Added support to utilize NFP context supported
by nfp/core. Initializes context with default
values in all external functions which are invoked
by rpcs.
Uses the same context to store meta info used by
logger class.
Change-Id: Ib1616e817d2675e5efdc47359c6feaa5148bf8a2
Partial-Bug: 1668198
Added support to utilize NFP context supported
by nfp/core. Initializes context with default
values in all external functions which are invoked
by rpcs.
Change-Id: Iac0c02bc229e2127f170e952782017eb4ac34f79
Partial-Bug: 1668198
Added following support :
1) Context managers,
1.1) To be used with python 'with' statement.
1.2) support 'retry', 'ignore' and 'lock' functions.
-> retry : retry a func for n counts
-> ignore: Ignore certain expected exceptions.
-> lock: Lock a db transaction
1.3) NFP module need not handle all possible exceptions
as try-except branches.
2) Single class Exception Handling :
All the exceptions from module will be caught by nfp/core
and the registered exception handler will be invoked with
all the relevant details (event, data, context, exception..)
3) Used 'context manager' retry function with client methods,
Neutronclient, Novaclient etc.. especially for GET methods.
E.x, GET_TOKEN is retried 'n' times to overcome any
temporary failures with keystone.
Change-Id: I4dd520e1dc83db20b757e875c84782ca2ab5430e
Partial-Bug: 1668198