This new extension adds a new parameter to the NUMA affinity policy
list: "socket". The "socket" NUMA affinity policy has been supported
in Nova since [1].
[1]https://review.opendev.org/c/openstack/nova/+/773792
Closes-Bug: #2052786
Change-Id: Iad2d4c461a2aceef6ed2d5e622cce38362d79687
This table has a 1:1 relationship with the "port" table, providing
the "hardware_offload_type" field (string).
The "neutron-lib" library minimum version is 3.8.0, that contains
[1].
NOTE: once the OSC patch is merged [2], the documentation will be
updated to reflect how to create a hardware offloaded port without
manually defining the port binding profile,
[1]https://review.opendev.org/c/openstack/neutron-lib/+/882726
[2]https://review.opendev.org/c/openstack/python-openstackclient/+/892792
Partial-Bug: #2013228
Change-Id: I04f232d6c43e39f254c4559caf041dcf05acec21
The following resources have been updated with new policies for
tags:
* Port
* Subnet
* Network
* Router
* FloatingIP
* NetworkSegmentRange
* NetworkSegment
* SecurityGroup
* Trunk
* Subnetpool
The admin can now enforce specific policies for the resource tags
for the creation, update and deletion actions.
NOTE: a follow-up patch, with a new Launchpad bug reference, will
be created to move the ``Tagging`` class from
``ExtensionDescriptor`` to ``APIExtensionDescriptor``, and
refactor the ``TaggingController`` to be a standard
``neutron.api.v2.base.Controller``. Any API resource using
the second controller will use the path used by the wsgi
hooks, in particular the policy hook. That will make unnecessary
to manually call the ``policy.enforce`` method from the
extension class methods.
Closes-Bug: #2037002
Change-Id: I9f3e032739824f268db74c5a1b4f04d353742dbd
The policy rule ``shared_security_group`` allows to create new policy
rules checking if a security group rule belongs or not to the project
default security group.
By default the behaviour has not changed. If an administrator wants
to prevent a non-privileged user from creating or deleting rules in the
default security group, the ``create_security_group_rule`` and
``delete_security_group_rule`` can be overriden. An example is provided
in the unit tests.
Closes-Bug: #2019960
Change-Id: I6c90b61df0e726ef07f177801069baf30c49de67
This new extension adds a new synthetic field, "belongs_to_default_sg",
to the security group rule OVO. This read only boolean field determines
if the security group rule belongs to a default security group or not.
This new field will be used in a new set of policy rules. By default,
these new rules will allow to create and delete security group rules
into the default security group of a project only to the admin user
NOTE: the follow-up patch will introduce the policy rules check,
during the creation/deletion operations, of the
"belongs_to_default_sg" field and the user executing this action.
Partial-Bug: #2019960
Change-Id: I0b3ded52e1ff8160c5804c59635c0fd34ce9995b
Default SG rules created as template in the Neutron DB are now used to
create security group rules for each new default and non-default SG
created in Neutron.
Closes-bug: #1983053
Change-Id: Iaf27deb955c3844409fcd36239511478e9607a82
The 'enable_default_route_bfd' and 'enable_default_route_ecmp'
extra attributes was added in neutron-lib change
I2618475636b2bb9bfd743a62f5d4859d4f68a547.
During review it was requested to make the default for these
values configurable. This is not possible with the apidef
currently committed to neutron-lib.
In the interest of time before feature freze, patch the apidef in
Neutron to allow for determining the default value at runtime.
As soon as an updated neutron-lib is available we can drop this
commit.
Change-Id: I2ab6b275a4867e488462c390fa16420ce8552850
Change I3fcd0458d20f20ce40378f90f073f37c41400865 added the
implementation for router BFD/ECMP extra attributes, but omitted
the APIExtensionDescriptor classes that are required for loading
the extension.
Partial-Bug: #2002687
Change-Id: I5f59087a1ff8d37f136ac88e50e0246de68455a8
This patch implements the new network HA boolean field API extension.
This field is an input only parameter for POST operations (creation).
By default is "False". When enabled, the Neutron server will create
a ``ha_router_networks`` register in the same transaction of the
network creation.
If by any circumstance (a race condition, for example), another
``ha_router_networks`` exists in the same project, a
``DBDuplicateEntry`` exception will be raised and the transaction
will be rolled back.
Partial-Bug: #2016198
Change-Id: Ie42c13ecbe4abcad9229b71f6942e393fd0f2e4e
After updating pylint, it started emitting additional "R"
warnings in some cases, fix some of them.
use-a-generator,
unnecessary-lambda-assignment,
consider-using-max-builtin,
consider-using-generator,
consider-using-in,
use-list-literal,
consider-using-from-import
Trivialfix
Change-Id: Ife6565cefcc30b4e8a0df9121c9454cf744225df
This patch adds DB model, OVO class and DB migration script for
SG rules template used for every new SG created.
It also implements Create/Get/Delete actions for that new resource and
adds API policies for those APIs
Related-Bug: #1983053
Change-Id: Ib3cde1710edd400b972f493b13666d0679a7753c
This new resource has standard attributes and should expose description
field in the API.
Related-bug: #1983053
Change-Id: Ie2940e6c705e6692eaaf53f11d11b4b62cd0a51e
* Add a new API for adding/updating/removing multiple gateway ports
on routers;
* Implement the necessary backend changes.
Partial-Bug: #2002687
Depends-On: I2618475636b2bb9bfd743a62f5d4859d4f68a547
Change-Id: Id885565e88f6f1898ca5cfac709a24dd62605d1a
This patch adds API definition and API extension class for
security group rules templates API described in the spec [1].
API definition in this case is very similar to the securitygroup API
definition and uses same converters and validators which are still in
Neutron instead of neutron-lib repo. Because of that this new API
definition is proposed to the neutron repo first and will be rehomed to
neutron-lib together with security groups API definition later.
[1] https://specs.openstack.org/openstack/neutron-specs/specs/2023.1/configurable-default-sg-rules.html
Related-bug: #1983053
Change-Id: I3aafe1aba406a52bc2b57be5133dee15b8848796
if we list floating ip and want to operate a port forwarding, we cannot
call the update 'port forwarding' api, because we don't know the port
forwarding id.
this patch adds the port forwarding returned contents: 'id' and
'internal_port_id' when list floatingip.
Closes-bug: #1971646
Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/840584
Change-Id: Ie1d9169cd07547491144776311d77d49b483d5ae
This patch implements a new method specific for each quota driver
class. This method, "get_resource_count", returns the current number
of resources created in a project of a tracked resource. A tracked
resource is an instance of ``neutron.quota.resource.TrackedResource``.
This method does not count the current reservations, just the actual
resources created.
This new method, "get_resource_count", will be added to the abstract
class ``neutron_lib.db.quota_api.QuotaDriverAPI``.
This patch also fixes ``TestDbQuotaDriverNoLock``, that was using a
plugin inheriting from ``DbQuotaDriver`` instead of
``DbQuotaNoLockDriver``.
Closes-Bug: #1982962
Change-Id: I2707506468cb60d93a4459ea364f1e79faa83838
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
some of them, about 10%.
Feel free to reject if we think it will cause too much
trouble with cherry-picks, else I'll slowly work my way
through the rest of the tree.
Trivialfix
Change-Id: I3d484d11e273cb8ee617f9445a069887e7b2b89f
The port-mac-address-override shim extension proposed in
I54b4c85ffc4856fba7ad5e9e29f77f74815e1275 in neutron-lib has merged
and the neutron-lib has being released. So this patch updates the
API extension and replaces the import with the new neutron_lib api
definitions.
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/831935
Change-Id: Ic332769af532003a9a5b2d2cee38b6210b5aac91
Related-Bug: #1942329
Remove security_groups_shared_filtering_lib extension and
use security-groups-shared-filtering from neutron-lib as
it is available since version 2.17.0 [0].
[0] https://review.opendev.org/c/openstack/neutron-lib/+/812617
Change-Id: Ife9b1ae47f5b447898bce0d8b44500f91f6dfbfb
Related-Bug: #1942615
Today Nova updates the mac_address of a direct-physical port to reflect
the MAC address of the physical device the port is bound to. But this
can only be done before the port is bound. However during migration Nova
is not able to update the MAC when the port is bound to a different
physical device on the destination host.
This patch extends port binding logic for direct-physical ports to allow
providing the MAC address of the physical device via the binding profile.
If it is provided then Neutron overwrites the value of the mac_address
field of the port with the value from the active binding profile.
Also when the port is being unbound or the MAC address is removed from
the active binding porfile then neutron resets the mac_address field of
port to a generated MAC to avoid duplicated MAC issues when another port
is being bound to the same physical device.
The shim API extension for this change is being proposed in
I54b4c85ffc4856fba7ad5e9e29f77f74815e1275 in neutron-lib.
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/831935
Closes-Bug: #1942329
Change-Id: Ib0638f5db69cb92daf6932890cb89e83cf84f295
security_groups_db._check_security_group is supposed to check the
security_group_id of the _create_security_group_rule payload.
When using an integer e.g. 0, as security_group_id, the check
succededs because mysql accepts following query:
SELECT * FROM securitygroups WHERE id in (0)
Forcing validation of security_group_id as uuid fixes the problem
Closes-Bug: #1968343
Change-Id: I7c36b09309c1ef66608afacfb281b6f4b06ea5b8
It is available in Neutron lib since version 1.16 so pretty long time
now.
Also use segment api definition from neutron-lib, it's available
since version 1.19.0. The api definition from neutron-lib also
avoids circulary dependency b/w standard-attr-segment and segment
extension[1].
[1] https://review.opendev.org/c/openstack/neutron-lib/+/577866
Change-Id: I13699f8c494a15d8bb9e13f767f2725f7cab9f4f
Related-Bug: #1765008
Added support for filtering the QoS rule type list command.
Two new filter flags are added:
- all_supported: if True, the listing call will print all QoS rule
types supported by at least one loaded mechanism driver.
- all_rules: if True, the listing call will print all QoS rule types
supported by the Neutron server.
Both filter flags are exclusive and not required.
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/827533
Closes-Bug: #1959749
Change-Id: I41eaab177e121316c3daec34b309c266e2f81979
Introduce a new API extension to enable GET, PUT and DELETE
operations on QoS minimum packet rate rule without specifying
policy ID.
Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: Ia083b5ac98c9e18ddbcdd2e0fc46f2f8432a628c
Neutron quota engine now accepts "--force" parameter in quota limit
update command. This is currently the default behaviour: the quota
engine does not check the resource usage before updating the quota
limit.
However, this is an intermediate step before changing the quota engine
behaviour. In Z+ (the exact release is not defined yet), the quota
engine will requiere "--force" parameter to set a quota limit regarless
of the resource usage. By default, the engine will check it.
Partial-Bug: #1953170
Change-Id: Ic1132a731f02109233fb80937791cbe7bc3ca0c5
Added information of the floating IP network QoS policy to the
``FloatingIP`` OVO. The view-only parameter added allows to check
the network QoS policy in the floating IP object.
This patch does not implement any change in the L3 code (OVS or
OVN). This patch does not change any existing behaviour.
NOTE: bump neutron-lib version
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/817936
Partial-Bug: #1950454
Change-Id: I9d7bb54b14fb983161fdf51c96b6fda107db4fe6
This adds Local IP API extension, DB and OVO models, DB mixin,
migration and service plugin.
Partial-Bug: #1930200
Change-Id: I0ab7c5e9bc918f7fad282673ac6e32e1b01985c5
Add the shared field to security group API responses and support
using shared as a query filter.
A follow-up patch will remove the temporary api def once it is merged
and released in neutron-lib.
Related-Bug: #1942615
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/812617
Change-Id: Ic04be8f0b7097c8aed19365f06089aa7af333eb9