Commit Graph

12015 Commits

Author SHA1 Message Date
Dr. Jens Harbott a6fa1f7091 Fix zuul config errors
Drop required-projects that no longer exist:

- openstack/neutron-lbaas
- x/tap-as-a-service

Change-Id: I50176fa303e7099f848cca2c6e363e41dd1626fa
(cherry picked from commit 404ff31334)
(cherry picked from commit eb6390a183)
2023-08-12 20:25:23 +00:00
Clark Boylan c900c5102a Fix Zuul shared queue config.
The current queue config is deprecated and will be removed in the next
major zuul release. Update to ensure windmill uses correct config.

More info can be found on the zuul mailing list:
  https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html

Change-Id: I6d059710911fadc80b86bf2ebbad9527c372c5fa
(cherry picked from commit 715cb5fc11)
2023-08-12 19:46:11 +00:00
asarfaty ae43afa98c NSX|V3: Use any instead of ::/x for IPv6 SG rules
Change-Id: I937fca45ec3d0209e00d9044cca76971f85771f6
2021-01-12 17:18:57 +02:00
Salvatore Orlando ef6cb79f46 Move raise_if_updates_provider_attributes in plugin
Do not leverage anymore the code from neutron extensions package.

Change-Id: Ifc5e19e8eb7276f4b24d26c30b0c5300c59c7463
2020-12-13 11:30:29 +02:00
Salvatore Orlando a064a02fba Fix requirements for Queens branch
Change-Id: Ifff24bcf1c8fffbb37fb6efbaea0d8316fe5934c
2020-12-13 09:21:43 +02:00
Kobi Samoray ef2e1aaa60 NSXv: Handle pool listeners list
Listeners can exist in either .listener property or .listeners

Change-Id: Ic9e8f9f02764bf97593e7683a01fc8ad367add8c
2020-10-22 08:23:04 +00:00
asarfaty dbd0f29488 Use the networking-l2gw project new location
networking-l2gw and networking-l2gw-tempest-plugin are
imported to new location now and supposed to be retired from
openstack/namespace.

Cherry picked from: I902ea79cdd3a8e56540ab44a7bd2f986f5d18bca

Change-Id: I912ae6d8bcc6c5350485bb80eeca3f3e29b7672c
2020-09-24 15:58:07 +00:00
asarfaty f219aae98e Fix queens vmware-nsxlib requirements
The api get_tier0_uplink_cidrs used by the pligin was only introduced in
vmware-nsxlib 13.1.0

Change-Id: I348030501108def1af644d3139fa8ce3889a8352
Closes-bug: 1819003
2020-07-29 09:02:05 +00:00
asarfaty 429b40fa3e NSX|V3: support LBaaS X-Forwarded-For headers
Addeing a new configuration option to the v3 plugin: lbaas_inject_xff_header
When set to True, the L7 listener application profile will have
x_forwarded_for = INSERT, and the X-Forwarded-For header will be added
to requests.

Change-Id: I27e8df4a17a1c0cb533019a5e0f617c5a563693b
2020-07-06 12:09:22 +02:00
Kobi Samoray a492351970 NSXT LB: handle listener deletion failures
When deleting a listener which doesn't exist in the backend, the call
shouldn't fail but delete from OpenStack DB and issue an error to the
log file.

Change-Id: I1ee816d82986a651ea2889b1a4a74889e8724dbb
2020-06-02 11:41:21 +03:00
Adit Sarfaty c52138c62e NSX|V3: Ignore 0.0.0.0 ips in FWaaS (and not just 0.0.0.0/x cidrs)
This affects FWaaS  drivers, as the backend does not support this ip.

(Cherry-picked from I4aec5f2718581fc867d9bae1722770b448ccdfd5)

Change-Id: I44119802567aeb950fca95b03f76e3825668ef01
2019-07-23 06:49:48 +00:00
Zuul 0e56475ef4 Merge "NSX|V: Bug fixing for allowed address_pairs" into stable/queens 2019-07-15 13:09:59 +00:00
Salvatore Orlando 6bdba91a82 [NSX-v] Improve handling of port security transition
- When network port security is set to True, ensure the same IP
  is not used for multiple ports
- Extend checks for netork port security to all ports, not only
  ports with a nova compute device_id
- When creating or updating a port, perform checks if port security
  is enabled for the network or the flag for allowing multiple
  addresses is unset.

Change-Id: I5d81257b55730d4544537bb269030ec7f1a277c1
2019-07-15 09:26:40 +03:00
Michal Kelner Mishali 1c8cb6b3be NSX|V: Add condition for port update when using dup ip_address
Adding verification for port_update, when using same ip_address
for different ports in the same network.

Cherry-picked from: 1829355094
Change-Id: I0bba347e165147d42d71e1247feb76006fa4fdd1
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-07-12 03:26:39 -07:00
Michal Kelner Mishali d96b6c6bf0 NSX|V: Bug fixing for allowed address_pairs
Remove spoofguard mappings along with spoofguard on backend
when network is set without port security.

Change-Id: I03eac35ae0dfae1c716c54d972a2441c1d98f50a
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 8f852c60f3)
2019-07-04 11:23:23 +00:00
Salvatore Orlando 32de032928 Add bindep.txt for vmware-nsx
Ensure proper dependencies are installed when running zuul jobs

Change-Id: I629a79625956b452e9c24fea47c996b38c6b47af
(cherry picked from commit 33c7ae15a6)
2019-07-04 05:51:46 +00:00
Adit Sarfaty 838912ea85 Fix broken unit tests
Commit I3f2905c2c4fca02406dfa3c801c166c14389ba41 added some IPv6 unit tests
which the vmware plugins do not support.
This patch skips the new tests.

Change-Id: I89fa1838ed6eed149e04e3e259b9480f1f700c49
(cherry picked from commit a5fa0f8a74)
2019-05-29 05:38:52 +00:00
Michal Kelner Mishali 18d35f4b81 NSX|V3+P: Change max allowed host routes
Change number of max allowed host routes to 26.
option121 is set as 27, but there's 1 host route set by default.
Fixing test.

Change-Id: I660ee1f710dd84fe3e91122a009d520d0341f261
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 5454b916fb)
2019-05-17 16:49:39 +00:00
Adit Sarfaty 0360d70d4c NSX|V: FWaaS V1 handle errors during delete
Issuing a driver error during delete causes the FW to stay in pending_delete
for ever, and the routers cannot be attached to a different firewall.
This fix will issue a log error, and allow the firewall to be deleted anyway.

Change-Id: I8318a332b7424bbb2a9129c6e0643ea176456a79
2019-05-12 13:41:29 +03:00
Zuul 16080ab76f Merge "Fix bulk subnets unittests" into stable/queens 2019-05-05 08:40:06 +00:00
Adit Sarfaty c4b3279504 Fix bulk subnets unittests
Commit Ia32ec4c11c0793e7df07dcce19c122b3c7f865e1 broke bulk sunbets
creation unittests.
This patch fixes some tests, and skips other.

Change-Id: I25cad6447a2a2ccf3b9c7689904455c9468e01c5
2019-04-28 11:14:53 +00:00
Adit Sarfaty eb4efe6129 NSX|V adminUtils: detect and clean orphaned section rules
nsxadmin -r orphaned-rules -o list/nsx-clean will detect/delete orphaned
rules inside nsx sections that belong to neutron security groups.

Change-Id: I18ee55e70b8e3a97d7d5d2453b7994bc07d2c97c
2019-04-25 04:17:35 +00:00
Zuul dd4a0c39af Merge "Delete SG rules when deleting their remote group" into stable/queens 2019-04-22 14:05:43 +00:00
Adit Sarfaty c998ca8784 Delete SG rules when deleting their remote group
Subscribe to a callback that will be called upon security group deletion,
and will look for rules with this SG as their remote-group-id and
delete them explicitly.
Else, those rules will only be deleted from the neutron DB, without
the NSX backend being aware of this.

This code was added in the common plugin, and will affect the V & V3plugins.

Change-Id: Ie01dc29efaa3bf30ac314f45542d83f5a4cf238f
(cherry picked from commit 1ca92978ab)
2019-04-21 09:59:36 +00:00
OpenDev Sysadmins 232a9d47af OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:51:50 +00:00
Zuul be2a6208b0 Merge "NSX|V3: Limit number of subnet static routes per backend" into stable/queens 2019-04-16 10:01:34 +00:00
Michal Kelner Mishali f5c8992494 NSX|V3: Limit number of subnet static routes per backend
Adding a parameter that sets the allowed static routes per
subnet, according to backend limitations.

cherry-picked from: https://review.openstack.org/#/c/642264/

Change-Id: I968fdef53bb9dab41a54561ca36b2e6880505d05
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-04-15 14:21:39 +03:00
Zuul 0788fd435d Merge "NSX|V: Restrict creating conflicting address_pair in the same network" into stable/queens 2019-04-14 13:46:05 +00:00
Michal Kelner Mishali 27fc351ca5 NSX|V3+P: Add verification of num defined address pairs
This patch is adding a verification that the requested
number of requested address_pairs does not cross the backend
limit.

Change-Id: Id3ffe07c2e02c1ec3558031989da10aeafeabcd6
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-04-11 14:25:05 +03:00
Michal Kelner Mishali edd64bef8b NSX|V: Restrict creating conflicting address_pair in the same network
Restrincting the user of creating an address_pair with an IP address
that might already exist in the network, either as another pair
or fixed_ip

Change-Id: I49924b3d769e87d6e80157b723a4b26fa2c957a3
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 1a4fe2dca3)
2019-04-10 09:07:12 +00:00
Adit Sarfaty 6f44fc8e6e Handle multiple default SG creation in all plugins
Creating the default security group for the same tenant simultaniously
may result in a DB error.
This patch adds try/catch in the common plugin code to handle it.

Change-Id: Ie756ee721627395de026085e40833b45522864c6
(cherry picked from commit d4549e14cc)
2019-04-04 09:29:35 +03:00
Michal Kelner Mishali 9be505e65d NSX|V: enable allow_address_pairs upon request
Create configuration parameter that the customer can
set to True when it is required to allow multiple addresses
(cidr/subnet) on a port, and disabling spoofguard in order
to support it. This is done on a network level.

Change-Id: I52cc1f2b84bc8d8a6b9667a3c3263978aa7e2985
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-03-28 11:53:31 +02:00
Adit Sarfaty e54a627a65 NSX|V: Init FWaaS callbacks only if enabled
Change-Id: I616a3afabbd6add1a877ac18e945dc26cbc18e8a
2019-03-10 09:17:45 +00:00
Kobi Samoray d29a75b678 Complete the init of the Neutron main process
Neutron doesn't trigger AFTER_INIT event for the main neutron context
but only for the workers.
As AFTER_SPAWN is called only on the main context, completing the
initialization from this event will resolve that problem.

Change-Id: I6a0cf73f3a433363e83f9b5bc17ac984266356d5
2019-03-06 14:04:13 +00:00
Zuul 518cbb1168 Merge "NSX|V admin utils: Find and fix spoofguard policies mismatches" into stable/queens 2019-03-06 13:19:13 +00:00
Anna Khmelnitsky 52b29462a0 NSX|V3: Respect default keyword for physical_net
When user (or heat stack) specifies 'default' in physical_net for vlan
provider network, default vlan tz should be used.

Change-Id: Ib977c7a65ad93cb9636c767ed001b1b0682480cb
2019-03-05 14:37:09 -08:00
Adit Sarfaty 7f5d6fc373 NSX|V admin utils: Find and fix spoofguard policies mismatches
1. List spoofguard policies with mismatching ips or mac, globally or for a specific network
    nsxadmin -r spoofguard-policy -o list-mismatches (--property network=<neutron net id>)
2. Fix the spoofguard ips of a neutron port
    nsxadmin -r spoofguard-policy -o fix-mismatch --property port=<neutron port id>

Change-Id: I18723007fff89ffd4a250106fed1b7ea615eb648
2019-03-05 11:43:41 +02:00
Adit Sarfaty 6d5422f714 TVD: Add start_rpc_listeners to the plugin
The TVD plugin must implement start_rpc_listeners for hte FWaaS to
work properly.
This was already added in the master branch in a different patch

Change-Id: I0103a6ceb2b2eaceb3349fba78344d0b64da58cd
2019-02-28 12:39:15 +02:00
Adit Sarfaty a533f05e3b Upgrade appdirs lower constraints
Change-Id: Ic1cd79a9e2335a3db99939b43a2c226152524bd1
(cherry picked from commit 56db730573)
2019-02-28 07:58:47 +00:00
Zuul b8588c1708 Merge "Revert "NSX|V3: Init FWaaS before spawn"" into stable/queens 2019-02-24 09:45:34 +00:00
Adit Sarfaty 9dbc5741c3 Revert "NSX|V3: Init FWaaS before spawn"
This reverts commit da4826e65f.

Change-Id: I211be328b768753d9eafe98cc7d629dd795b2e20
2019-02-24 05:56:21 +00:00
Zuul 5eb000179b Merge "NSX|V3: prevent user from changing the NSX internal SG" into stable/queens 2019-02-20 11:15:12 +00:00
Zuul 100366edca Merge "Fix provider security group exception call" into stable/queens 2019-02-20 07:00:24 +00:00
Adit Sarfaty 21c7a0a9fd NSX|V3: prevent user from changing the NSX internal SG
Change-Id: I57f122741807c19f131c9a22312c073f1676f716
2019-02-20 06:12:08 +00:00
Adit Sarfaty 8beee409b7 Fix provider security group exception call
Change-Id: I02de68b4b457757ccd1c25535e8d2dd4d732ee36
2019-02-19 11:33:01 +00:00
Adit Sarfaty 642ec60add NSX|V3+V: Handle fwaas policy removal
Make sure the edge firewall will be updated when removing a policy from
a firewall group

Change-Id: I6623367e9b8af6433c914f5b3864695fa886d332
2019-02-19 08:58:25 +00:00
Adit Sarfaty 5912044548 NSX|V3: Create port bindings for dhcp ports
QoS tries to get the bindings of all ports, and DHCP ports make it crash

(Cherry picked from: I0a5b5f9e3f98f41732a065e1273df66d8eade7e0)

Change-Id: I9a564609c557caca9feba3bd378300e05eaecbaa
2019-02-14 07:07:24 +00:00
Adit Sarfaty 0889148411 Fix security group broken code & tests
Commit I34e41a128f28211f2e7ab814a2611ce22620fcf3 broke the MH plugin
security groups + some other SG tests.
This patches fixes those.

Change-Id: I9634583ce22f4c1be53283495426905979c9ea81
(cherry picked from commit baafb2a16a)
2019-02-10 13:20:43 +00:00
Zuul 11488da404 Merge "[NSX-V] Ensure binding exists before assigning lswitch_id" into stable/queens 2019-02-07 12:53:48 +00:00
Adit Sarfaty d81e6600c2 NSX|V: Fix update section header
the etag field sometimes has extra "" which should be removed before
using it in the headers.

Change-Id: I3e252367fb03a2afdc8bb1128f3c7ce648902694
2019-02-06 11:56:00 +02:00