Drop required-projects that no longer exist:
- openstack/neutron-lbaas
- x/tap-as-a-service
Change-Id: I50176fa303e7099f848cca2c6e363e41dd1626fa
(cherry picked from commit 404ff31334)
(cherry picked from commit eb6390a183)
The current queue config is deprecated and will be removed in the next
major zuul release. Update to ensure windmill uses correct config.
More info can be found on the zuul mailing list:
https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html
Change-Id: I6d059710911fadc80b86bf2ebbad9527c372c5fa
(cherry picked from commit 715cb5fc11)
networking-l2gw and networking-l2gw-tempest-plugin are
imported to new location now and supposed to be retired from
openstack/namespace.
Cherry picked from: I902ea79cdd3a8e56540ab44a7bd2f986f5d18bca
Change-Id: I912ae6d8bcc6c5350485bb80eeca3f3e29b7672c
The api get_tier0_uplink_cidrs used by the pligin was only introduced in
vmware-nsxlib 13.1.0
Change-Id: I348030501108def1af644d3139fa8ce3889a8352
Closes-bug: 1819003
Addeing a new configuration option to the v3 plugin: lbaas_inject_xff_header
When set to True, the L7 listener application profile will have
x_forwarded_for = INSERT, and the X-Forwarded-For header will be added
to requests.
Change-Id: I27e8df4a17a1c0cb533019a5e0f617c5a563693b
When deleting a listener which doesn't exist in the backend, the call
shouldn't fail but delete from OpenStack DB and issue an error to the
log file.
Change-Id: I1ee816d82986a651ea2889b1a4a74889e8724dbb
This affects FWaaS drivers, as the backend does not support this ip.
(Cherry-picked from I4aec5f2718581fc867d9bae1722770b448ccdfd5)
Change-Id: I44119802567aeb950fca95b03f76e3825668ef01
- When network port security is set to True, ensure the same IP
is not used for multiple ports
- Extend checks for netork port security to all ports, not only
ports with a nova compute device_id
- When creating or updating a port, perform checks if port security
is enabled for the network or the flag for allowing multiple
addresses is unset.
Change-Id: I5d81257b55730d4544537bb269030ec7f1a277c1
Adding verification for port_update, when using same ip_address
for different ports in the same network.
Cherry-picked from: 1829355094
Change-Id: I0bba347e165147d42d71e1247feb76006fa4fdd1
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Remove spoofguard mappings along with spoofguard on backend
when network is set without port security.
Change-Id: I03eac35ae0dfae1c716c54d972a2441c1d98f50a
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 8f852c60f3)
Ensure proper dependencies are installed when running zuul jobs
Change-Id: I629a79625956b452e9c24fea47c996b38c6b47af
(cherry picked from commit 33c7ae15a6)
Commit I3f2905c2c4fca02406dfa3c801c166c14389ba41 added some IPv6 unit tests
which the vmware plugins do not support.
This patch skips the new tests.
Change-Id: I89fa1838ed6eed149e04e3e259b9480f1f700c49
(cherry picked from commit a5fa0f8a74)
Change number of max allowed host routes to 26.
option121 is set as 27, but there's 1 host route set by default.
Fixing test.
Change-Id: I660ee1f710dd84fe3e91122a009d520d0341f261
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 5454b916fb)
Issuing a driver error during delete causes the FW to stay in pending_delete
for ever, and the routers cannot be attached to a different firewall.
This fix will issue a log error, and allow the firewall to be deleted anyway.
Change-Id: I8318a332b7424bbb2a9129c6e0643ea176456a79
Subscribe to a callback that will be called upon security group deletion,
and will look for rules with this SG as their remote-group-id and
delete them explicitly.
Else, those rules will only be deleted from the neutron DB, without
the NSX backend being aware of this.
This code was added in the common plugin, and will affect the V & V3plugins.
Change-Id: Ie01dc29efaa3bf30ac314f45542d83f5a4cf238f
(cherry picked from commit 1ca92978ab)
Adding a parameter that sets the allowed static routes per
subnet, according to backend limitations.
cherry-picked from: https://review.openstack.org/#/c/642264/
Change-Id: I968fdef53bb9dab41a54561ca36b2e6880505d05
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
This patch is adding a verification that the requested
number of requested address_pairs does not cross the backend
limit.
Change-Id: Id3ffe07c2e02c1ec3558031989da10aeafeabcd6
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Restrincting the user of creating an address_pair with an IP address
that might already exist in the network, either as another pair
or fixed_ip
Change-Id: I49924b3d769e87d6e80157b723a4b26fa2c957a3
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 1a4fe2dca3)
Creating the default security group for the same tenant simultaniously
may result in a DB error.
This patch adds try/catch in the common plugin code to handle it.
Change-Id: Ie756ee721627395de026085e40833b45522864c6
(cherry picked from commit d4549e14cc)
Create configuration parameter that the customer can
set to True when it is required to allow multiple addresses
(cidr/subnet) on a port, and disabling spoofguard in order
to support it. This is done on a network level.
Change-Id: I52cc1f2b84bc8d8a6b9667a3c3263978aa7e2985
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Neutron doesn't trigger AFTER_INIT event for the main neutron context
but only for the workers.
As AFTER_SPAWN is called only on the main context, completing the
initialization from this event will resolve that problem.
Change-Id: I6a0cf73f3a433363e83f9b5bc17ac984266356d5
When user (or heat stack) specifies 'default' in physical_net for vlan
provider network, default vlan tz should be used.
Change-Id: Ib977c7a65ad93cb9636c767ed001b1b0682480cb
1. List spoofguard policies with mismatching ips or mac, globally or for a specific network
nsxadmin -r spoofguard-policy -o list-mismatches (--property network=<neutron net id>)
2. Fix the spoofguard ips of a neutron port
nsxadmin -r spoofguard-policy -o fix-mismatch --property port=<neutron port id>
Change-Id: I18723007fff89ffd4a250106fed1b7ea615eb648
The TVD plugin must implement start_rpc_listeners for hte FWaaS to
work properly.
This was already added in the master branch in a different patch
Change-Id: I0103a6ceb2b2eaceb3349fba78344d0b64da58cd
QoS tries to get the bindings of all ports, and DHCP ports make it crash
(Cherry picked from: I0a5b5f9e3f98f41732a065e1273df66d8eade7e0)
Change-Id: I9a564609c557caca9feba3bd378300e05eaecbaa
Commit I34e41a128f28211f2e7ab814a2611ce22620fcf3 broke the MH plugin
security groups + some other SG tests.
This patches fixes those.
Change-Id: I9634583ce22f4c1be53283495426905979c9ea81
(cherry picked from commit baafb2a16a)