This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I05fbfc5df08e7c861a8f7a0d677a39d43d06cb15
Using session context for the port creation caused conflict with IP
allocation for the metadata port.
Use of a new admin context resolves this issue.
Change-Id: Ic65b70ffd80be07aae4b668b4b8af09a915ab747
Co-Authored-By: Salvatore Orlando <sorlando@vmware.com>
Commit I32e76a83443dd8e7d79b396499747f29b4762e92 added new unittests which
requires multiple fixed ip per port, which the nsx plugins do not support.
This patch will skip the new tests.
Conflicts:
vmware_nsx/tests/unit/nsx_v3/test_plugin.py
„קפקמגד-םמ: I32e76a83443dd8e7d79b396499747f29b4762e92
Change-Id: I22a799d25c15ec087f6d1cdd7981dd7b3b608cc7
(cherry picked from commit 5fda6ccd31)
(cherry picked from commit 4ce29e7d87)
Backend doesn't produce NotFound exception when deleting a virtual server
or an application profile which doesn't exist.
Instead it produces RequestBad exception which should be caught and handled.
Change-Id: I9f3e7e55ddfea470c69c46b95dd0ac64136ecf97
Commit I24adc9da9f52d17621117b46d8a535ccedf93227 handled ips of
0.0.0.0/0 in security group rules.
This commit extends the fix to any ip starting with 0.0.0.0, since
those are also not supported by the nSX.
Change-Id: I08d89b070b08e5e100e9e1c6cf7a4d509968152c
(cherry picked from commit 7804ad22de)
ANY should not be used and we should remove the value of
0.0.0.0/0.
Change-Id: Ie4c8d334ae73b8b40f8be8ca6b540b0fa2370a2c
(cherry picked from commit 22dc5454f3)
The NSX will not accept 0.0.0.0/0 for remote and local IP
prefixes. This is changed internally to 'ANY'
The 'ANY' will only be internal. The API for the user will not
change, they will stell see the 0.0.0.0/0
Change-Id: I24adc9da9f52d17621117b46d8a535ccedf93227
LBaaS forreign key migration adds several foreign keys, to enforce the
cleanup of stale NSXv DB objects when the LBaaS object is being deleted.
However, garbage rows may exist - and must be cleaned up prior to the
creation of the foreign key.
Change-Id: Ie6a0348df8b19a49525a1f2bad89f12370a3cd46
(cherry picked from commit 78e8080c06)
In the event that there is a LAG only configure the LAG
and no standby.
Change-Id: Ieacf386ce9a8ca02d795e53c7ddab9d1356ecf88
(cherry picked from commit 41e61b9ae8)
It is not allowed to delete metadata network / subnet / port or router.
(Cherry picked from: I7d99c9c1f51ffa076bda63ec3e59aea2a977f2d6)
Change-Id: I6a29f52b2c8d7877b4d025cd6e1338a73cfe3e3f
The 121 support required that we add a route for the metadata
to be via the interface. There are some operting systems that
do not support this. This needs to be '0.0.0.0'. we pass both
options and the OS will decide which one to use.
Change-Id: Id5d43c7b5eb7c7b7a12c47dc31f7f52af804494c
(cherry picked from commit 520758a1c2)
When the QoS is enabled, the port object should have the qos policy
attribute, even if empty.
We should add it to get _port as well.
Change-Id: I8df740c4a883b188764fe291e9baf282c051e576
There is a edge case when when a subnet deletion fails due to it
being attached to a router. If the subnet did not have an attached
instance ports then the DHCP server was deleted.
Subsequent instance ports will not get IP addresses.
Change-Id: I12ffcda503f3647d481d574a09104e837c7af5d6
When migrating a security from to the nsx-v3 cloud,
if it is named 'default' try to mark it as the default SG in the DB
Change-Id: Ibcd1932c18491e9f1a2d4bb54cae6d830dd3108f
If under lolad a network deletion fails for the internal metadata
then swallow the DB exception and continue. No need to fail the
neutron opertaion here.
If there are orphan metadata networks afterwards then they can be
cleaned manually.
Change-Id: Ib4f657bed84a2c84363597f861c39cb7fbde7b18
(cherry picked from commit 2af1cf3451)
1. 'X-NSX-EREQID' - pass the neutron request id
1. 'X-NSX-EUSER' - from 2.2 use pass the 'user_identity'
Change-Id: Ie58d2c78b88cd5ec869dd9dfe16c89f060a5e6b0
This patch updates our tox_install_project.sh script to account for zuul
v3 changes. The changes are made to be backwards compatible so the
script should also still work with zuul v2 jobs. Also see the depends on
patch for the project-config changes needed for our zuul v3 support.
It also includes some updates to the UTs to skip tests that were
introduced in neutron causing our ocata UTs to fail.
Depends-On: I9ac364dc27dc091cce56179707d21527f166229f
Change-Id: I104335376fe9161e2b649979e75571a847195d53
When adding/removing a port to the exclude list, we check if there
are other ports of the same device there.
this test was done is a wrong way expecting the device owner to be
'compute:none', instead of starting with 'compute'
Change-Id: I5c6ed8f3c5cf0d4ebb63e1a9ec36614fa4c4f15b
When something fails during the init_complete process, the plugins
md_proxy data is not fully initialized, so it is possible that even the default
handler was not set yet.
This patch ensures that the relevant md-proxy handler exists before using it.
Change-Id: I1db84c0abc30d8ea3d601f26b5b852a254a6036c
The provider was designed under assumption of thread per session.
However, different sessions can simultaneously occupy same thread.
To prevent filename collisions, each request will create its own
provider object with random filename.
Since this creates significant overhead, this is hopefully a short
term solution. For long term, we'll seek a way to pass certificate
data in memory to the ssl library (requires changes in python libs)
In addition, remove certificate generation/removal printout to avoid
spamming thde debug log.
Change-Id: Ib11b8ae38d663c53107e02e6febb676c6e9572a0
Refactor the devstack cleanup script to use nsxlib instead of accessing
the nsxmanager directly.
This patch is needed for the XSRF support.
(cherry picked from commit 9ac5edd12e)
Change-Id: I6bc4f68412331fb4b1de1f5da1c6660fb608e86e
Avoid initializing cluster (including xsrf token acquisition) on
process init. Connection parameters may change as a result of admin
command, in which case connections will need to be reinitialized.
(cherry picked from commit 3c51978d6b)
Change-Id: I9a26f4662a3e4200ce3745377f51e8187cca21bd
New utilities to list/delete orphaned router binding entries,
meaning entries that the object behind them (router, loadbalancer
or network) does not exist on neutron.
(Cherry picked from: I8a239b9d33a4900e2e90035111899015d68d30bb)
Change-Id: I552daefa96942b922e48bdcec66c36ad6d11d4e5
There are 2 types of "resource not found" errors returned from the nsx
backed.
Status 404 with error code 202, and status 404 with error code 600.
The admin utils should excpect both.
Cherry picked from: I1091dfe4a13610f223229b0b9f63d65956af7cbe
Change-Id: Ib14240e0faecf68543fbedff2f05dc1f01a00d40
There was a missing lock when removing a distributed router interface.
when the interface is removed, and this is the last one, the dedicated dhcp edge
will be added to the pool, and this should be under lock.
In addition, avoid freeing the edge if it has more router-binding entries
since it can indicate the lock issue, and other network can be using this edge.
Change-Id: I2c23fabe0e8c7c3d11e1bbd1b39560573b649708
When migrating a router from shared to exclusive, we need to keep the
configured availability zone
Change-Id: Ibf13804da79e6abad6f8077d7a95ebcc99cbadba
A external network subnet should not have DHCP enabled. When
creating the external network we ensure that the binding will be
created. This ensures that the subnet validations are done
correctly.
Change-Id: I036740736445550d9e08580a90a97ca147619222
(cherry picked from commit 305d75d8fb)
getting the internal network per availability zone has a fallback to the
default az which should not always be used.
This patch creates a version of this db api without a fallback and uses
it when we shouldn't use the default az.
Change-Id: I2ec37e431fa08c80c19c32a50ed4e5a71222b0c2
There are cases where MAC learning on a port may have a a DHCP
server. Here we do not want to disacrd traffic. So we set a default
switch profile that enables all traffic to pass.
Change-Id: I7914bd01681c7ae6351ff5e900da028009bead2c
(cherry picked from commit 02c28ee5ea)
When pool binding is missing, LBaaS call shouldn't fail, but
exit gracefully.
(Cherry picked from: I59dfad729f31ce79eb83a278d994adce50c05bc9)
Change-Id: Ie04bab4318820715d0d34a84d1b2998510992058
Make sure that router updates are atomic. This could prevent edge
cases for example of updating a router and then updating a router
type.
The lock with be of the format router-<UUID of router>
Change-Id: I95e78d420d57b514837cf2bfd300f0a6f235c2f6
(cherry picked from commit c4298cd368)
OpenDev Sysadmins