Seems that is_enabled_and_bind_by_default() from
neutron.common.ipv6_utils was copied directly into
oslo_utils.netutils, so start using it instead.
Trivialfix
Change-Id: I00fa441e7a20fcd1115485bb8ab75750e6a8cf07
Current logic didn't check if the nova_metadata_host is an IPv6 address
causing the proxy request to fail with an exception because the url is
not valid.
This patchs check if the nova_metadata_host is an IPv6 address and
create a valid url enclosing the IPv6 address with brackets
Closes-Bug: #1796593
Change-Id: Ibfebffcec2c8860237a1f151084de978a7863bd8
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Fix W503 (line break before binary operator) pep8 warnings
and no longer ignore new failures.
Trivialfix
Change-Id: I7539f3b7187f2ad40681781f74b6e05a01bac474
Since Pike log messages should not be translated.
This patch removes calls to i18n _LC, _LI, _LE, _LW from
logging logic throughout the code. Translators definition
from neutron._i18n is removed as well.
This patch also removes log translation verification from
ignore directive in tox.ini.
Change-Id: If9aa76fcf121c0e61a7c08088006c5873faee56e
net.ipv6.conf.default.disable_ipv6 = 1 means disable ipv6.
We should correct it in the same with code logic.
Change-Id: I6be6a9759878667d145cdd49de6cc10b7822957f
IPv6 utils is_enabled() doesn't actually determine if IPv6 is enabled on
the host. It checks if /proc/sys/net/ipv6/conf/default/disable_ipv6 is
present and is set to 0. This kernel configuration option controls if
the kernel will automatically assign IPv6 link-local addresses to newly
created network interfaces when their link state changes to up. The
existence of this /proc files does indicate that the Linux kernel has
the ipv6 module loaded or ipv6 was compiled in. Having this /proc file
set to zero does not indicate IPv6 is not available on the system, just
that newly created interfaces will inherit this configuration and will
not have IPv6 addresses bound to them unless the administrator changes
the interfaces specific /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
configuration.
This check was added to Neutron so it could operate with distributions
which didn't load the ipv6 kernel module, preventing errors when
attempting to make IPv6 specific configurations in the iptables firewall
driver and the L3 agent. Removing it would break existing deployments.
Renaming this function to provide clarity for complex conditions tested
by this function. In fact it is a good security practice to set this
default disable_ipv6 option to 1, and explicitly enable IPv6 by setting
disable_ipv6=0 on individual interfaces which the administrator intends
to bind IPv6 addresses on. This establishes parity with IPv4 behavior
where interfaces are not active in an address family until the
administrator explicitly configures them to be active in that address
family. This practice does not currently work as expected with the
Neutron, since setting /proc/sys/net/ipv6/conf/default/disable_ipv6 to 1
unexpectedly disables creating IPv6 security group rules leaving
instances completely exposed via IPv6 regardless of security group
rules.
Change-Id: I844b992240a5db642766ec9c04e3b5fcab8e2e23
This is a partial revert of d1fb423830.
That patch attempted to allow the DHCP agent to manage IPv6 interfaces
to avoid a KeyError in the subnet_interface_map. However, this led
to races with router advertisements and static configuration
(see bug 1627902).
The correct fix was actually a very simple conditional that was broken
because this map shouldn't have been referenced for IPv6 subnets in
the first place. The force metadata option was shortcutting the whole
evaluation so the agent was trying to add a metadata route to a v6
subnet.
This patch undoes the v6 changes from
d1fb423830, corrects the conditional,
and adds a simple unit test that ensures the branch doesn't throw
and error.
Closes-Bug: #1624079
Change-Id: Ide494b6333a4f1e279ab58aa27c0aa719e79545d
There is a race condition server-side where a port request containing
a subnet_id is processed at the same time the subnet is being deleted,
the port operation may be successful without having a fixed IP on the
requested subnet. This patch makes the DHCP agent resillient to this
bug by checking the port response and raising a SubnetMismatchForPort
to trigger a resync if it doesn't have all of the requested subnet IDs.
Additionally, it avoids skipping assignment of IPv6 addresses to the
interface if they are stateless. The original logic to skip assignment
was only meant to be for SLAAC addresses.
Both of these issues were resulting in the KeyError observed in the
bug report.
Related-Bug: #1627480
Closes-Bug: #1624079
Change-Id: I85ef1f4d60efd0309d6a0706e29fdbcc16f0b59d
Oslo.utils provides same method get_ipv6_addr_by_EUI64, let's use
it and deprecate method get_ipv6_addr_by_EUI64 in neutron.
Closes-Bug: #1597213
Change-Id: If1eda1283b4405e13ccb60dab530ce4cc1b22948
Removes:
neutron/common/ipv6_utils.py:70: DeprecationWarning: IPV6_SLAAC in version
'mitaka' and will be removed in version 'newton': moved to neutron_lib.constants
Same for DHCPV6_STATELESS
TrivialFix
This also bumps the neutron-lib version following the commit above.
Depends-On: 06d11930aded9c73ab9539d1730e3eb8655730a9
Change-Id: I174a99c9e2c126ac910b017342010d988ac2abdc
Closes-bug: #1608224
- This does NOT break other projects that rely on neutron.i18n,
as this change includes a debtcollector shim to maintain those
older entry points, until they can migrate.
- Also updates _i18n.py to the latest pattern defined by oslo_i18n
- Guidance and template are from the reference:
http://docs.openstack.org/developer/oslo.i18n/usage.html
Partially-Closes-Bug: #1519493
Change-Id: I1aa3a5fd837d9156da4643a367013c869ed8bf9d
This patch includes the DB, IPAM & RPC changes needed for the IPv6 Prefix
Delegation feature.
To enable this feature, the subnetpool_id attribute of subnets has been
modified to allow for a special subnetpool identifier - "prefix_delegation".
WORKFLOW:
1. Admin sets default_ipv6_subnet_pool in neutron.conf to "prefix_delegation"
2. User creates a new IPv6 subnet without a CIDR or subnetpool ID
3. User creates an interface between this subnet and a router with an existing
external interface
The agent-side changes will follow in separate patches.
A documentation patch is up for review here:
https://review.openstack.org/#/c/178739
Video guides for configuring and using this feature are available on
YouTube:
https://www.youtube.com/watch?v=wI830s881HQhttps://www.youtube.com/watch?v=zfsFyS01Fn0
Change-Id: Ic0c6ed4dba74da94a75838178a1837f93d2d0885
Co-Authored-By: Baodong (Robert) Li <baoli@cisco.com>
Partially-Implements: blueprint ipv6-prefix-delegation
An alternate pluggable IPAM implementation from the built-in one
in db_base_plugin_v2.
Modifies IPAM interface to allow passing context to driver and
introduces new interface method 'associate_neutron_subnet'.
Implements blueprint reference-ipam-driver
Change-Id: I2e1e9fc7994bf1157bcd34b7ea500eb30c61d9ab
It's mostly a matter of changing imports to a new location.
Non-obvious changes needed:
* pass overwrite= argument to oslo_context since oslo.log reads context
from its thread local store and not local.store from incubator
* don't store context at local.store now that there is no code that
would consume it
* LOG.deprecated() -> versionutils.report_deprecated_feature()
* dropped LOG.audit check from hacking rule since now the method does
not exist
* WritableLogger is now located in oslo_log.loggers
Dropped log module from the tree. Also dropped local module that is now
of no use (and obsolete, as per oslo team).
Added versionutils back to openstack-common.conf since now we use the
module directly from neutron code and not just as a dependency of some
other oslo-incubator module.
Note: tempest tests are expected to be broken now, so instead of fixing
all the oslo.log related issues for the subtree in this patch, I only
added TODOs with directions for later fix.
Closes-Bug: #1425013
Change-Id: I310e059a815377579de6bb2aa204de168e72571e
Currently, "is_slaac_subnet" method only checks "ipv6_address_mode".
This will let neutron allocate a stateful IPv6 address for instance
when ipv6_ra_mode set to "stateless" or "slaac", and "ipv6_address_mode"
unset. But actually, instance get IPv6 address prefix from radvd, and
auto configure IPv6 address by itself. This change will let "is_slaac_
subnet" also check ipv6_ra_mode attribute, which will no longer allow
fixed IPs on auto-address subnets and delete subnet will correctly delete
auto-address ports.
Change-Id: Ic99193a0a2669fb281759d9b47c7aae6a4f6ecce
Closes-Bug: 1406436
Mostly trivial import changes.
- oslo.i18n no longer provide install() method to inject _() into
globals(), so removed all calls to it;
- removed Babel from dependencies (it will now be grabbed by oslo.i18n);
- updated tox.ini to ignore import violations for oslo.i18n.
Change-Id: I6623d551f512fb7fe9bf35ee734ed6d4c6cbc287
This patch will allow an IPv6 subnet configured with SLAAC
(or dhcpv6-stateless) to be attached to a router interface.
Closes-Bug: #1382076
Change-Id: If0c48a7287a828eef4a0f0b0859d4f898d2937bd
Check to see if the IPv6 disabled flag file exists
before trying to read it. This file doesn't exist
on systems with the IPv6 module blacklisted.
Closes-Bug: #1361542
Change-Id: I4064b4189cc9d8f0f0e0e7025cf6f83d5b6ec276
On systems where ipv6 module is not loaded in kernel we need to avoid
usage of ip6tables. This patch reads
/proc/sys/net/ipv6/conf/default/disable_ipv6 file and if ipv6 is
disabled then ip6tables are not used in IptablesManager
Closes-Bug: #1352893
Change-Id: I07e5851aa25eb98b7a97dff86b9850475df85f64
This patch is based on Aarons work for the Bug#1308675.
It ensures that ValueError is also caught in addition to
AddrFormatError as in netaddr>=0.7.11 AddrFormatError is raised and
in netaddr<=0.7.10 ValueError is raised.
Change-Id: I71cfe82e57290552fb22637ad929747a6fa22460
Closes-bug: #1308675
In order to support stateless IPv6, neutron should calculate IPv6 address base
on IPv6 prefix and MAC address via EUI-64 specification. This change adds
common library to calculate IPv6 address.
Partially-implements bp ipv6-two-attributes
Co-Authored-By: Xu Han Peng <xuhanp@cn.ibm.com>
Change-Id: I68ccbc42388ec760d6fead242e080822ca753913