This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I7cd7c387d1c33b5c2dbec2e416ee3cc58525d4f1
Neutron doesn't trigger AFTER_INIT event for the main neutron context
but only for the workers.
As AFTER_SPAWN is called only on the main context, completing the
initialization from this event will resolve that problem.
Change-Id: I6a0cf73f3a433363e83f9b5bc17ac984266356d5
Commit I34e41a128f28211f2e7ab814a2611ce22620fcf3 broke the MH plugin
security groups + some other SG tests.
This patches fixes those.
Change-Id: I9634583ce22f4c1be53283495426905979c9ea81
(cherry picked from commit baafb2a16a)
Commit I8982523dbb94a7c5b8a4db88a196fabc4dd2873f added the need for
agent_config values for the routerInfo structure creation.
The NSX FWaaS does not use the agent at all, so this patch only adds
a dummy implementation to allow to code to continue working
(Cherry picked from: I6fd4c1f94d8deebfc457451ee7eb12536c37ba65)
Change-Id: I772eb697978da309684cf1ff58309465f07f76a8
In LBaaS legacy mode we use the exclusive router edge as platform for
neutron LBaaS.
The following patch addresses two issues in this mode:
- In the legacy code, LBaaS driver maintained a DFW section which allows
traffic between the LB and its members. This code wasn't added when we
added the legacy mode.
- The original code had a bug which failed to cleanup these DFW rules when
a pool or members were deleted. The patch adds an admin utility which
cleans up such stale DFW rules.
Change-Id: I1c95ec6292e6cf50641581a65cbb4bdf8942aa8f
Using session context for the port creation caused conflict with IP
allocation for the metadata port.
Use of a new admin context resolves this issue.
Change-Id: Ic65b70ffd80be07aae4b668b4b8af09a915ab747
Co-Authored-By: Salvatore Orlando <sorlando@vmware.com>
When the network or port has qos-poliy-id, the plugin needs to
validate this ID is real and accessable for this project.
Until now this was done only when setting the policy id in teh network/port
mapping table, which just ignored errors.
This patch adds the validation early in the create/update process.
Change-Id: If8ad0ce844cbf4706793a45f8698031b5eaf7e3d
Commit I32e76a83443dd8e7d79b396499747f29b4762e92 added new unittests which
requires multiple fixed ip per port, which the nsx plugins do not support.
This patch will skip the new tests.
„קפקמגד-םמ: I32e76a83443dd8e7d79b396499747f29b4762e92
Change-Id: I22a799d25c15ec087f6d1cdd7981dd7b3b608cc7
(cherry picked from commit 5fda6ccd31)
Under stress, a port might be deleted while geting ports list.
This patch prevent this port from being at the results, or crashing
the api.
Change-Id: Ib6d298a7990556da73277f549580d9c04512518e
When certificate is generated with nsxadmin, alert the user to
restart neutron service, but only in case no previous certificate
existed.
If previous certificate was functional, neutron server will pick
up certificate change on next request automatically.
Change-Id: I79b390b32b570afdcf40b3cdd522566bca76027e
server-ip-address is another neutron supported name for
tftp-server-address.
Change-Id: I9b2850c8f162dd5d15ae7c13c430729d10b8f40b
(cherry picked from commit bee0962b2b)
In commit I0775e284f21012a01298168d5ca3dd1c74b95f05 we mocked the
db retry in order to prevent duplications in global SG creation
causeing the plugin to fail.
The mocked api was not enough, and should be replaces by teh oslo_db
api to cover all cases.
Change-Id: I31dfc519fc52c31d861352763b5b4d62adcbccea
Commit I123ae390bec489a931180a2e33f4bf7b1d51edb2 broke the extended
security group code, by removing the 'is_default' attribute from the
list of fields that should have been updated in the DB.
Not sure exactly why it broke us.
Change-Id: I891bc792e62ac90683ce8745f98a3139c9ffd3d9
(cherry picked from commit f9071f3f9f)
Add a lock around operations that read LB pools from the backend
and adjust members to add/update/remove items.
This ensures that in case of concurrent operations no stale items
could be added back to the pool accidentally.
Cherry-picked from commit 50aba50eef
Change-Id: I91b5c1d9eb4493c0d19dadaca0af271d0a2afe5c
Commit I0775e284f21012a01298168d5ca3dd1c74b95f05 added an import of
the mock package, so it should be added to the requirements
(Cherry picked from commit I444ab50d5bdb20c528c3a1581dc7e9301ab06dad)
Change-Id: I561e66c199e050d50f4df822274b282e89300b5e
When initialzing the default NSX section and NS group, the plugin
create a default global security group, in order to make sure no
other server is doing it at the same time.
In case anotehr server does, we get a DP duplicated entry error,
but after retry it somehow works, causing the 2 process to handle
the backend at the same time.
This patch avoids the retry in case of DB errors for this case.
Change-Id: I0775e284f21012a01298168d5ca3dd1c74b95f05
Backend doesn't produce NotFound exception when deleting a virtual server
or an application profile which doesn't exist.
Instead it produces RequestBad exception which should be caught and handled.
Change-Id: I9f3e7e55ddfea470c69c46b95dd0ac64136ecf97
When creating the global SG for the default section & NS group,
if it already exists, but the section and NS group are not in the
DB, it means that anotehr neutron server is creating them,
and we should wait for it.
Also add Logging to default NS group and section creation
This may help debugging cases of 2 processes creating/deleting
those at the same time
Change-Id: Ib68090c1b5b335c81080a5d0eccc82b69c640390
Commit I5867f77fc5aedc169b42f50def0424ff209c164c broke the MH unittests
by adding new unsupported tests.
This patch will skip those.
Depends-on: I5867f77fc5aedc169b42f50def0424ff209c164c
Change-Id: Iaf30e5f60e7403b73dc08d54bf442d4657bccca6
There may be an edge case where duplicate rules are not cleaned
up at boot time. This will deal with that case by validating that
the contents of the database matches what is defined on the NSX.
In this case the database is the source of truth.
Change-Id: I8249b946ffeeaf8bd682716a87fca0681ab29e37
Commit I24adc9da9f52d17621117b46d8a535ccedf93227 handled ips of
0.0.0.0/0 in security group rules.
This commit extends the fix to any ip starting with 0.0.0.0, since
those are also not supported by the nSX.
Change-Id: I08d89b070b08e5e100e9e1c6cf7a4d509968152c
In case subnet_delete and subnet_create run concurrently for
overlapping subnets, the lock for dhcp edges on the delete case should
be taken before deleting the sunbet from the neutron DB, since looking
for available edges (for the created subnet) uses the neutron DB and might
select an edge with a conficting subnet on it, which was deleted from
neutrn but not uet from the edge.
Change-Id: Ic44cc0b70f565a87e5a39e4051e90f68673ca066
The NSX backend does not support 0.0.0.0/cidrs in the edge firewall
rules.
This patch will issue a driver error in case a similar cidr is in the
rule for the FWaaS V1 & V2 drivers
(Cherry picked from: Iebc3642a58bd2e737a6ac2b87dfd99206603a37d)
Change-Id: I50f6af5e2530083a1b94d2164d8b9c79083fe5e4
build-openstack-sphinx-docs is failing on non-master branches
This patch temporarily ignore it, untill it is fixed upstream.
Change-Id: I78b7d2cc0412061a29724cc0ccbb472e410a0f95
Admin utility overwrote the IPs of the metadata proxy members while
attempting an update of the DHCP/router edge members.
Change-Id: Ie82cd57bf42584976dc4d7874bdddcf2592c15bc
A recent change in pep/pycodingchecks introduced new warnings as part of
the pep8 target that causes pep8 to fail now.
This patch adds W503,E731,E266,E402 to our ignore hacking checks,
and also fix other small pep8 warnings.
Also see: https://review.openstack.org/#/c/560065/
Change-Id: Ibb76343eb7b2c10fa693432dedd3670fcf150905
The NSX will not accept 0.0.0.0/0 for remote and local IP
prefixes. This is changed internally to 'ANY'
The 'ANY' will only be internal. The API for the user will not
change, they will stell see the 0.0.0.0/0
Change-Id: I24adc9da9f52d17621117b46d8a535ccedf93227
LBaaS forreign key migration adds several foreign keys, to enforce the
cleanup of stale NSXv DB objects when the LBaaS object is being deleted.
However, garbage rows may exist - and must be cleaned up prior to the
creation of the foreign key.
Change-Id: Ie6a0348df8b19a49525a1f2bad89f12370a3cd46
(cherry picked from commit 78e8080c06)
Adds missing methods. Something changed witht he way in which
the callbacks were invoked which showed that we did not support
the correct methods.
(cherry picked from commit abb8dbb3ff)
Change-Id: I253ceee343d829923b874057603a32ccd8c662f6
Commit a96d83ece6 set the internal
security group description to be None. This should be a string.
(cherry picked from commit c04fcdaf41)
Change-Id: Ia4b1e0cea3f4e1493e41bf1e97bcf3016e389bf9
When the plugin starts it will check if the global NS group and
OS DFW section are created on the NSX. If not it will create these.
There is a edge case where two servers are started in parallel and
they both create the default section. This will lead to traffic
being dropped.
This is dealt with in the following way:
1. We store the default OS section and NS group in the database
2. If the entries do not exist then we create them, the DB will
indicate if there is a duplicate and then the plugin will do a
cleanup of the incorrect resources.
In order to do this we need asecurity group. A default global one
with ID 00000000-def0-0000-0fed-000000000000 is created.
If the admin wishes to delete the global section then she/he should:
1. delete the NSX section
2. delete the security group
3. restart the neutron service
Change-Id: Ide7a7c75efac3e49d51e522a11c77e754f3d1447
(cherry picked from commit a96d83ece6)
When getting the AZ of a network for its DHCP profile, we need to
use the az-by-id api, so that the hints data is initialized correctly
Change-Id: I47525564af3622899b4f9ea1284207ec5c007679