The constrains where T0 uplinks must not overlap anymore
with external subnets does not apply anymore.
Therefore this change removes the validation check upon subnet
creation, thus saving a round trip to the NSX backend.
Unit tests for validating this specific constraint are removed as
well.
Change-Id: I65cb6ae7822e9a03f05fba5d4fd4d4dc5202526a
When allowed address pairs are specified they can overlap with
fixed IPs, especially when they specify CIDRs.
The plugin should not fail to create/update neutron ports in this
case, but should instead properly handle NSX address bindings.
Change-Id: I145950ebe5769490f1c05729d94869dfa2e7d856
Allow for setting multiple IPs from the same subnet, only if
the subnet is v4 and DHCP is disabled for the subnet.
Still make sure at most 1 IPv4 and 1 IPv6 subnet can be
configured.
Change-Id: I1113a24fa8cc09892bc89917d50c64f6a72c0dab
Commit I054296c790b697198550acbeae29546758b422c2 added IPv6 related
test which is not supported by the v/v3 plugins
Change-Id: Ia30bd8aca47397c2ea2fb3c55f6a559ef2f22a91
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
Also see commit: Ifcaf1c21bea0ec3c35278e49cecc90a101a82113
Change-Id: I58da980351fe14357c210c02eb167a6c0af9d09e
This config is only relevant for NSX version before 2.4.0, which
are no longer supported in this branch
Change-Id: I01c920230b537f20e3c3306c5653361ef7f1ac8c
Commit Ibad52cca60131e970447536fd22c4f4440c66d34 groke the unit tests
by removing a mock that is needed by the plugin tests.
Adding back the mock in the plugin tests context.
Change-Id: I85c191c3c15aedc0740cb3c23990c0ea0b646fe7
IPv4 support for Policy DHCP depending on the NSX version & on config.
Including devstack support for configuration & cleanup, and admin utilility
for migration from MP implementation to Policy one.
IPv6 support will follow in a future patch.
Change-Id: I01bfb5bd530c63ca8b635bbebcac47659187077e
This patch switches the code over to the payload style of callbacks [1]
for PORT ROUTER_GATEWAY events for those that are not using them yet.
The unit tests are also updated where needed to account for the
payload style callbacks and publish() method. Finally the patch
normalizes the passing of gateway IPs which are currently referred to
as 'gw_ips' and 'gateway_ips' depending on the event; now all events use
'gateway_ips'.
[1] https://docs.openstack.org/neutron-lib/latest/contributor/callbacks.html
Change-Id: Ibc255de79443e908cc3615a8e1cb108757f80011
This patch bumps the hacking, bandit and flake8 requirements to match
suit with similar work (ex [1]). It also updates the code to fix a few
new pep8 errors as well as adds a local tox target for
requirements-check-dev.
[1] https://review.opendev.org/#/c/658245/
Change-Id: I6caeb52dc1a5842338ec989a742ae5989608e0da
When DHCP relay is configured, a compute port cannot be created
without a router attached to its subnet.
Due to an error in the validation, all compute ports creation
was blocked.
Change-Id: I6016d7015376c280a36b716f3e478d488988b237
Commit Ia4f4b335295c0e6add79fe0db5dd31b4327fdb54 removed all the
neutron-lbaas code from the master (Train) branch
Change-Id: I9035f6238773aad0591436c856550b7a5e01e687
Change number of max allowed host routes to 26.
option121 is set as 27, but there's 1 host route set by default.
Fixing test.
Change-Id: I660ee1f710dd84fe3e91122a009d520d0341f261
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
This change removes ManagerError from fault translation. ManagerError
is too generic and would pull in all child classes to be translated
as bad request, which is not correct for temporary errors such as
ClusterUnavailable. Explicit child classes should be added to the map
instead.
Change-Id: I5fb4bbcabd6540f30f4d30732bfb704680b5ffa9
In neutron, slaac is enabled per subnet. However on policy
slaac is router configuration.
In order to avoid another passthrough API, router will be
configured with slaac profile if at least one of its subnet
has slaac enabled.
Change-Id: I7a055aa4d73425011c22248c8d7d9d2e0a383dc8
The NSX backend will fail to add NAT rules in case the GW network
and the interface networks overlap.
This patch will ensure that the GW and interfaces do not overlap
Change-Id: I6a6c6be865dc05a1f73f17f47e182c7087cb8a21
This patch is adding a verification that the requested
number of requested address_pairs does not cross the backend
limit.
Change-Id: Id3ffe07c2e02c1ec3558031989da10aeafeabcd6
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
In get_port and get ports the plugins used _get_port to get each of the
ports, and run the apply_funcs.
Since this cost a lot of time, and the super call to neutron already run
those, it can be removed.
Change-Id: I729b3e18d52df4c458f7ea8d2180deb534a375f1
Replace NSX bridge cluster with bridge endpoint profiles as the
backend resource used to implement L2 gateways.
The logic for creating a gateway connection is not changed,
with the only exception that bridge endpoints now have a reference
to a bridge endpoint profile.
Connections created using bridge clusters can be safely removed,
while creation of new connection on gateways leveraging bridge
clusters will fail.
Change-Id: I29cd9a2501ab4b7dd226729f33ab962bbba2dfff
Till now, only single fixed ip could be configured on port.
This patch will allow maximum one fixed ip per ip version to enable
dual stack ports.
Change-Id: Ia3e06c10c7f420f7f89f805650214645eec02ee8
Adding a parameter that sets the allowed static routes per
subnet, according to backend limitations.
Change-Id: I968fdef53bb9dab41a54561ca36b2e6880505d05
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
When adding FWaaS v2 policy to a router interface, but the router has no
GW (and no service router), the rules should not be created on the backend.
Only when adding a GW, will all the rules be applied.
Since the FWaaS if for N-S traffic only, it shouldn't be applied without a
GW anyway.
This change required a little change in the service-rotuer creation logic
for NSX-V3 & NSX-P.
Since the logic got too complicated (FW rule can exist withour SR), the
new code will also check the current status on the backend.
Change-Id: I2a5d69e9443e8a468ce0d934ff1c846dc837bc89
The NSX backend does not support this flag without a service router
any more, so setting this flag will be done when creating the service
router, and it will be unset when removing the service router.
Change-Id: Iea4ea637359783c0d1de9b89b96135b63900ae26
Policy does not support dhcp for infra segments yet, so support is
done on manager via passthough API. Same appliance is assumed.
Not covered here (will come as follow up):
- subnet update
- nsx cleanup
Change-Id: I9a64524edd80b1830c5b3dba2c63c087fe46a169
Depends-on: I47a1ec1994808f9ed8ebb00bbcc2bbe0a497a146
Allowing the user to define a different edge cluster UUID than
the one defined by default, allowing the ability to define another
cluster for the T1 logical router.
Change-Id: I7976a90b2134a53c3ff80e5f0785f999c05137d3
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Ensure that if a neutron router does not provide any service
which requires an edge appliance - no SR is created.
If a service is being removed - the SR will also be removed.
Change-Id: Ia1b24900acc5526e732c414682fa906c34860653
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Salvatore Orlando