These translation sections are not needed anymore, Babel can generate
translation files without them.
Change-Id: I7eb99b96ea1e9a1a96e28c53760d9d747670d6e4
Setuptools v54.1.0 introduces a warning that the use of
dash-separated options in 'setup.cfg' will not be supported
in a future version [1].
Get ahead of the issue by replacing the dashes with underscores.
Without this, we see 'UserWarning' messages
like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: If3a6ae3ae3d8d4e87fcb864ba2edf4d1aba6b25e
In Zed cycle, we have dropped the python 3.6/3.7[1] testing
and its support. Add release notes and update the python
classifier for the same.
[1] https://governance.openstack.org/tc/reference/runtimes/zed.html
Change-Id: Ib04b560408ccf22c86e899e15fbcbe86b53f636e
This reverts commit caae7b6a6f.
Reason for revert:
Many users still need L3 firewalls and Inspur team wants to maintain
this project.
Neutron drivers team discussed the topic of the maintenance of
neutron-fwaas, and agreed to include neutron-fwaas again to Neutron
stadium[1].
Some updates have been made:
Remove use "autonested_transaction" method, see more [2]
Replace "neutron_lib.callbacks.registry.notify" with "registry.publish"
Replace rootwrap execution with privsep context execution.
Ensure db Models and migration scripts are sync, set table
firewall_group_port_associations_v2's two columns nullable=False
[1] https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.log.html#l-14
[2] https://review.opendev.org/c/openstack/neutron-lib/+/761728
Change-Id: I14f551c199d9badcf25b9e65c954c012326d27cd
1. It's Ussuri. We can *finally* stop testing Python 2 [1]. Time to party.
We don't attempt any cleanup but simply stop testing with Python 2,
indicate that we only support Python 3 via 'setup.cfg' and remove any
Python 2 only dependencies.
This should free up a significant amount of resources from the gate and
let us start using Python 3 idioms in our code. Win-win.
2. Cleanup basepython from individual testenv sections
3. From this point on the codebase will be incompatible with python2
[1] https://governance.openstack.org/tc/resolutions/20180529-python2-deprecation-timeline.html#python2-deprecation-timeline
Change-Id: Ia08c363263aaa406d0bf55e10ce8258695387578
- pbr hasn't need the hook configuration since forever [1]
- Remove the 'wheel' group
[1] c84876dc0f
Change-Id: Ic448d7d0f4fb906a4ded14aadaf119dce7ab43d7
This patch adds upgrade check which will test if fwaas v1 service
plugin is still enabled in configuration and will then return error
as this plugin is now removed already.
Depends-On: https://review.openstack.org/637204
Change-Id: Idcb60128295fd26da5adb348b59f51a1c2c227a6
FWaaS V1 is expected to be deleted on the Stein cycle.
This patch introduces a new tool the DB migration from FWaaS v1 to FWaaS V2.
Run this tool using: neutron-fwaas-migrate-v1-to-v2 --neutron-db-connection=<neutron database connection string>
Change-Id: I663c173a594137056c96ad4c4b60e810059fb6fa
As German Eichberger's email at
https://markmail.org/message/2kva4b3lwgddyeau. So This patch intend to
removes source code related FWaaS V1.
Change-Id: I4e440c854e5aa11193d38946e659481f4fefded2
This commit converts the existing neutron-fwaas policy.json
into policy-in-code.
policy.json for testing is also removed. As a result, setup_config()
in neutron_fwaas.tests.base.NeutronDbPluginV2TestCase is no longer
required now (as the content of setup_config() is now same as that
in neutron).
Partially Implements: blueprint neutron-policy-in-code
Change-Id: I67be3a21f19e3f793312d64d358452ee4531c080
This patch implements logging driver in L3 for firewall group
base discussed on the patch [1]
[1] https://review.openstack.org/#/c/509725/
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Co-Authored-By: Kim Bao Long <longkb@vn.fujitsu.com>
Partial-Bug: #1720727
Change-Id: I1194a622c546068991f44559e3f9e343430fd6f9
This patch introduces L3 logging agent extension for firewall group.
It also configures the extension for devstack when log plugin is
enabled.
Co-Authored-By: Kim Bao Long <longkb@vn.fujitsu.com>
Partial-Bug: #1720727
Change-Id: I4d9af5325f157fbb35ea6fdb25723268856a0db4
This patch removes all related DB code from the FWaaS service plugin v2
and creates service driver interfaces that can be used by different
backend drivers.
The default backend driver still based on the Neutron DB model
and agent RPC interface (for l3 and l2 agents) and was moved
to 'service_drivers.agents.agents.FwaasAgentDriver'. It inherits from the
firewall backend driver DB interface
'service_drivers.driver_api.FwaasDriverDB' to maintain the DB. It
is in charge to implement all RPC API and messages.
If we need to implement a backend driver which depends on the Neutron DB
but not on the agent RPC service, we just have to inherit from the DB
interface and if we like to develop a backend driver which not depends
on the Neutron DB model, we can inherit from the base driver interface
'service_driver.driver_api.FwaasDriver'.
That patch only modifies the service plugin 'firewall_v2', it does not
modify the Firewall v1 service plugin.
The backend DB driver provides an interface composed to a pre and post
commit hooks for each FWaaSv2 API actions which permits to the driver to
be warn anytimes. All that commit hooks methods does not do anything by
default and the backend driver needs to overide needed hooks.
The driver does not needs to implements all of them,
Closes-Bug: #1702312
Change-Id: I4ebd24f1b13eb823c4d63452fd37cace5bcf5481
This driver is based on neutron ovsfw driver.
Current implementation forks neutron code from commit
917063a0ce3638dafb80f29da2b0c1f0c4165306
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Co-Authored-By: Inessa Vasilevskaya <ivasilevskaya@mirantis.com>
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Partial-Implements: blueprint fwaas-api-2.0
Change-Id: If89e29bac3bc4167c7caf602fb5e3133cc93255f
This patch adds L2 agent extension for FWaaS v2 to handle
create/update/delete firewall groups on ports. It also
handles applying firewall group on port, when a port is
added/created/deleted.
DocImpact
Depends-On: Ifd6758617ab8fd49e69ad1a0483fefa479d7b8e7
Co-Authored-By: Paddu Krishnan <kprad1@yahoo.com>
Co-Authored-By: Chandan Dutta Chowdhury <chandanc@juniper.net>
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>¬
Co-Authored-By: Inessa Vasilevskaya <ivasilevskaya@mirantis.com>
Partial-Implements: blueprint fwaas-api-2.0
Change-Id: I9f172be46ee590b99313106fa262019a2583774a
This patch introduces firewall l2 driver base class and also
implements noop driver.
Some unit tests added to make sure all methods are there and
a driver class can be loaded.
Change-Id: Ifd6758617ab8fd49e69ad1a0483fefa479d7b8e7
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Co-Authored-By: Inessa Vasilevskaya <ivasilevskaya@mirantis.com>
Previously namespace neutron.fwaas was defined in
etc/oslo-config-generator, but there is no corresponding
definition in the code.
This commit adds appropriate entries.
Change-Id: I8f50ee3f25a52a78792154905d0ecc21974b3287
This patch proposes ConntrackNetlink driver to delete conntrack
entries.
Using Netlink will save about 90 percent of time that used by conntrack-tools.
For detail information, visit: https://goo.gl/3tm9Fx
Partial-Bug: #1664294
Change-Id: Id9a3b7c3f8fedbd91ced1a5b359dbf568cd26653
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
This patch enables to configure conntrack driver.
Initially, "conntrack-tools" is being used to manage connection,
however, it's costly and down performance[1]. The alternative can be
found here[2] with need to improve reliability and stability.
[1] https://bugs.launchpad.net/neutron/+bug/1630832
[2] https://review.openstack.org/#/c/389654/
Partial-Bug: #1664294
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Change-Id: Id0597f74bef67b85776445e7bc591eb085f55acc
The gating on python 3.4 is restricted to <= Mitaka. This is due to
the change from Ubuntu Trusty to Xenial, where only python3.5 is
available. There is no need to continue to keep these settings.
Change-Id: I483587d1a53696ff406cdb59081e1274ff8c5dc0
The documentation build does not generate any module index, therefore
modified setup.cfg to create module index.
Change-Id: I140cb219a8524e25a7735e0e0f5f9914afcfb962
This patch adds fwaas-privsep.filters to FWaaS repository to be
easier to maintain. It also helps avoid making Neutron be inversely
depended on FWaaS when perform privsep configuration as in
https://review.openstack.org/#/c/392014/.
Change-Id: I71308130fbcc861a167371339c89a47410b8d09a
Now that there is a passing gate job, we can claim
support for Python 3.5 in the classifier.
This patch also adds the convenience py35 venv.
Change-Id: I58187d7e1e8a2d2118ac5f824a7f67c88c9103da
This updates the FWaaS v2 L3 code to move away from an inheritance-based
model and use the new L3 agent extension framework.
This change rolls back [1] which is the inheritance-based model.
[1] https://review.openstack.org/315826
Partial-Implements: blueprint fwaas-api-2.0
Co-Authored-By: Nate Johnston <nate_johnston@cable.comcast.com>
Co-Authored-By: Chandan Dutta Chowdhury <chandanc@juniper.net>
Depends-On: I85f89accbeefd820130335674fd56cb54f1449de
Change-Id: Ib29b96e73d09530cbf627a98180fb1a591e42e3f
This migrates the FWaaS entrypoints from neutron's setup.cfg file to the
FWaaS one. See [1] for the removal from neutron's setup/cfg.
[1] https://review.openstack.org/361774
Depends-On: I94b224813c85b7e611e9681323a2f0d2806e0d41
Change-Id: I6eb3a39bf2cfb8b11b692f4dcaea6c0144b4c782
Vendor drivers are being removed from the community repo and
they can continue to be hosted in respective vendor repos. This
has been discussed and communicated during the Mitaka release
and time given until the Newton release.
Change-Id: Id60a2cdb225a2acfa28efcf54f5bcae8cf9cf55a
This is step two to recover from Tempest failures. Fork is
deplorable, but this is a temporary fix until the extension
framework for L3 is put in place.
The fix is predicated on the fact that we can get to override
the l3 agent entry point reliably; alternatively the Tempest
job must explicitly call a 'new' forked L3 agent as stop-gap.
Change-Id: I8ec7a9361d42525bd2f7c2c634c89d6aabc95c3f
Follow new infra setup for translations, see spec
http://specs.openstack.org/openstack-infra/infra-specs/specs/translation_setup.html
for full details.
This basically renames
neutron-fwaas/locale/neutron-fwaas.pot to
neutron_fwaas/locale/neutron_fwaas.pot. For this we need to update
setup.cfg.
Prepare _i18n.py to have proper domain name.
The project has no translations currently, let's remove the outdated
pot file, the updated scripts work without them. So, we can just
delete the file and once there are translations, an updated pot file
together with translations can be imported automatically.
Change-Id: I836f7a11943a3d76fb0a119b401ead112680d7a7
Oslo config generator was introduced in patch [1] to
automatically generate the sample Neutron FWaaS configuration
files.
This patch removes the static example configuration files from
the repository as they are now redundant.
[1] https://review.openstack.org/#/c/251974/
DocImpact: Update the docs that FWaaS no longer includes static example
configuration files. Instead, use tools/generate_config_file_samples.sh
to generate them and the files generated now end with .sample extension.
Change-Id: I31be3295606ba25929e9af9f40a035ff2b615234
Partially-Implements: blueprint autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: Ic8208850a27408c8fbeed80ecdb43345aa7dfaa4
This adds a new tox environment, genconfig, which generates sample
neutron FWaaS configuration file using oslo-config-generator.
Partially-Implements: blueprint autogen-neutron-conf-file
Change-Id: I8e9113dfb88e5290f6eedd012d1a52fc35c3c88c
Partial-bug: #1199963
Per email from the release team [1], we are moving to using only
tags and removing verisons from setup.cfg.
[1] http://lists.openstack.org/pipermail/openstack-dev/2015-November/080692.html
Change-Id: I51afc4900877e2eae975b60bc5312430cbc8c429
Depends-On: I19e888fc403aa2d95b769ed1730721eba29e68ea
Signed-off-by: Kyle Mestery <mestery@mestery.com>
Bump preversion to mark the start of the Mitaka development branch.
The liberty release branch will be cut from the previous commit.
Change-Id: Ib6c5e4bd2a3c00bc10c208f9b6836f4a28be0526
Signed-off-by: Kyle Mestery <mestery@mestery.com>