Commit Graph

12258 Commits

Author SHA1 Message Date
Dr. Jens Harbott eb6390a183 Fix zuul config errors
Drop required-projects that no longer exist:

- openstack/neutron-lbaas
- x/tap-as-a-service

Change-Id: I50176fa303e7099f848cca2c6e363e41dd1626fa
(cherry picked from commit 404ff31334)
2023-08-12 20:21:06 +00:00
Clark Boylan ba46abe027 Fix Zuul shared queue config.
The current queue config is deprecated and will be removed in the next
major zuul release. Update to ensure windmill uses correct config.

More info can be found on the zuul mailing list:
  https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html

Change-Id: I6d059710911fadc80b86bf2ebbad9527c372c5fa
(cherry picked from commit 715cb5fc11)
2023-08-12 19:45:33 +00:00
asarfaty 926fd073cb Use the networking-l2gw project new location
networking-l2gw and networking-l2gw-tempest-plugin are
imported to new location now and supposed to be retired from
openstack/namespace.

Cherry picked from: I902ea79cdd3a8e56540ab44a7bd2f986f5d18bca

Change-Id: I912ae6d8bcc6c5350485bb80eeca3f3e29b7672c
2020-09-24 09:11:54 +02:00
Zuul a46489fcb9 Merge "NSX|V: Support LB HM expected codes" into stable/rocky 2019-08-07 05:42:06 +00:00
Kobi Samoray f56e9134b9 NSXv: Use HTTPS protocol for OpenStack HTTPS HM
Health monitor protocol was mistakenly set to TCP

Change-Id: I1271288edcedd60143f71c060a026abcf1268237
2019-08-06 11:58:02 +00:00
Adit Sarfaty 29b8383e0d NSX|V: Support LB HM expected codes
Change-Id: I991d1900ac3b78a61129e9755fe1521600e70983
2019-08-06 11:57:27 +00:00
Zuul 528861c0b6 Merge "Devstack: install_neutron_projects bugs" into stable/rocky 2019-07-03 06:36:48 +00:00
Kobi Samoray 57b4b3d84e Devstack: install_neutron_projects bugs
- pip warns as the ownership of the cache dir is incorrect and advises
using -H flag

- Fix neutron install
- Replace openstack.org with opendev.org

Change-Id: Ia186c17a61303eda024bd1f71f079e6391088d3d
(cherry picked from commit 08ea8cc6b1)
2019-07-02 05:58:33 +00:00
Adit Sarfaty 63aa1f4570 NSX|V3 migration: Fix _fixup_res_dict for api_replay
The path of _fixup_res_dict changed to neutron_lib
In additon, router gateway should not be skipped.

Change-Id: I0317da8689d7c798f1cf0da70e8f6ed3e0567e2d
2019-07-02 05:25:18 +00:00
Kobi Samoray d716cb7220 Devstack - use Neutron branch for related projects
Use Neutron's branch while fetching neutron-related projects

Change-Id: I672b18d1dd852a1d616ca5af74e9bf6773d2bb71
(cherry picked from commit 2a6ccc98c5)
2019-07-01 11:03:34 +00:00
Salvatore Orlando 5d0165b641 Add bindep.txt for vmware-nsx
Ensure proper dependencies are installed when running zuul jobs

Cheery-picked from commit: 1deb4f6ec1
Change-Id: I629a79625956b452e9c24fea47c996b38c6b47af
(cherry picked from commit 293c50d50c)
2019-07-01 08:47:55 +03:00
Adit Sarfaty fbd0640aa2 Fix broken unit tests
Commit I3f2905c2c4fca02406dfa3c801c166c14389ba41 added some IPv6 unit tests
which the vmware plugins do not support.
This patch skips the new tests.

Change-Id: I89fa1838ed6eed149e04e3e259b9480f1f700c49
(cherry picked from commit a5fa0f8a74)
2019-05-29 07:57:41 +00:00
Michal Kelner Mishali 7e4f3f9922 NSX|V3+P: Change max allowed host routes
Change number of max allowed host routes to 26.
option121 is set as 27, but there's 1 host route set by default.
Fixing test.

Change-Id: I660ee1f710dd84fe3e91122a009d520d0341f261
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 5454b916fb)
2019-05-19 11:06:11 +00:00
Adit Sarfaty cc1f6c72c7 NSX|V: FWaaS V1 handle errors during delete
Issuing a driver error during delete causes the FW to stay in pending_delete
for ever, and the routers cannot be attached to a different firewall.
This fix will issue a log error, and allow the firewall to be deleted anyway.

Change-Id: I8318a332b7424bbb2a9129c6e0643ea176456a79
2019-05-12 12:06:21 +00:00
Zuul df5960e58d Merge "Fix bulk subnets unittests" into stable/rocky 2019-05-05 08:44:39 +00:00
Adit Sarfaty cda53d7639 Fix bulk subnets unittests
Commit Ia32ec4c11c0793e7df07dcce19c122b3c7f865e1 broke bulk sunbets
creation unittests.
This patch fixes some tests, and skips other.

Change-Id: I25cad6447a2a2ccf3b9c7689904455c9468e01c5
2019-04-28 13:01:09 +03:00
Adit Sarfaty 57d92278d5 NSX|V adminUtils: detect and clean orphaned section rules
nsxadmin -r orphaned-rules -o list/nsx-clean will detect/delete orphaned
rules inside nsx sections that belong to neutron security groups.

Change-Id: I18ee55e70b8e3a97d7d5d2453b7994bc07d2c97c
2019-04-25 04:18:00 +00:00
Adit Sarfaty 9fa412f7d4 Fix deletion of SG rules when deleting their remote group
Commit Ie01dc29efaa3bf30ac314f45542d83f5a4cf238f deleted SG rules
when their remote group ID was deleted.
This commit skipps rules in that SG, to avoid DB errors.
This code was added in the common plugin, and will affect the V, V3 plugins.

Change-Id: Ib3b9193223c50591dda49165911728717f7da7a0
2019-04-22 08:39:48 +00:00
Adit Sarfaty d307746a5d NSX|V3 adminUtils: detect and clean orphaned section rules
nsxadmin -r orphaned-firewall-sections -o nsx-list/clean will now
also detect/delete orphaned rules inside nsx sections that belong to
neutron security groups.

Change-Id: I7f733676e29f6a2b1177b4155e5b36aee3670438
2019-04-21 04:20:50 +00:00
OpenDev Sysadmins 6e29af0659 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:51:51 +00:00
Adit Sarfaty 9c3357b4d3 Delete SG rules when deleting their remote group
Subscribe to a callback that will be called upon security group deletion,
and will look for rules with this SG as their remote-group-id and
delete them explicitly.
Else, those rules will only be deleted from the neutron DB, without
the NSX backend being aware of this.

This code was added in the common plugin, and will affect the V, V3 & P plugins.

Change-Id: Ie01dc29efaa3bf30ac314f45542d83f5a4cf238f
(cherry picked from commit 1ca92978ab)
2019-04-16 08:11:37 +03:00
Zuul 306f4216a2 Merge "NSX|V3: Limit number of subnet static routes per backend" into stable/rocky 2019-04-15 17:33:38 +00:00
Michal Kelner Mishali 9471a2f753 NSX|V3: Limit number of subnet static routes per backend
Adding a parameter that sets the allowed static routes per
subnet, according to backend limitations.

cherry-picked from: https://review.openstack.org/#/c/642264/

Change-Id: I968fdef53bb9dab41a54561ca36b2e6880505d05
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-04-15 14:24:44 +03:00
Zuul 0352c4d712 Merge "NSX|V: Restrict creating conflicting address_pair in the same network" into stable/rocky 2019-04-14 13:43:19 +00:00
Michal Kelner Mishali 9d895d7859 NSX|V: Restrict creating conflicting address_pair in the same network
Restrincting the user of creating an address_pair with an IP address
that might already exist in the network, either as another pair
or fixed_ip.

Change-Id: I49924b3d769e87d6e80157b723a4b26fa2c957a3
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 1a4fe2dca3)
2019-04-14 06:06:22 +00:00
Michal Kelner Mishali 9f96d8b22d NSX|V3: Add verification of num defined address pairs
This patch is adding a verification that the requested
number of requested address_pairs does not cross the backend
limit.

Change-Id: Id3ffe07c2e02c1ec3558031989da10aeafeabcd6
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-04-14 06:04:36 +00:00
Boden R 1035520745 constrain rocky dependencies
We need to cap our dependencies otherwise we'll pickup stein based
releases or newer.

Change-Id: Ia1ff8f1be26e8379df5de5073876e11dfc3d8049
2019-04-11 15:20:34 -06:00
Adit Sarfaty d809bed56e Update rocky .gitreview branch
Change-Id: I0e7e6da3360d317a249adcc68a5b9f25a91a2fd6
2019-04-07 07:41:58 +00:00
Zuul 0f817cf8ee Merge "Handle multiple default SG creation in all plugins" into stable/rocky 2019-04-04 11:31:12 +00:00
Zuul 9b4362097c Merge "NSX|V3: remove redundent code in get_port/s" into stable/rocky 2019-04-04 08:16:29 +00:00
Adit Sarfaty 6e916060c5 Handle multiple default SG creation in all plugins
Creating the default security group for the same tenant simultaniously
may result in a DB error.
This patch adds try/catch in the common plugin code to handle it.

Change-Id: Ie756ee721627395de026085e40833b45522864c6
(cherry picked from commit d4549e14cc)
2019-04-04 06:27:51 +00:00
Boden R aa1d2c89e3 update tox for stable branch
Today the dev target in tox doesn't account for stable
branches. This patch updates it to ensure required
depedencies are coming from the stable branch and not
master.

Change-Id: Ie9d58a89579630e4213f79f07e748ec4c957cdf6
2019-04-03 11:44:45 -06:00
Adit Sarfaty b6745677f3 NSX|V3: remove redundent code in get_port/s
In get_port and get ports the plugins used _get_port to get each of the
ports, and run the apply_funcs.
Since this cost a lot of time, and the super call to neutron already run
those, it can be removed.

Change-Id: I729b3e18d52df4c458f7ea8d2180deb534a375f1
2019-04-03 15:15:47 +03:00
Anna Khmelnitsky 2b492ee78d NSX|V3: Change status code of SG failure
With multi-cluster, reboot of one backend manager can cause a
race condition on which FW section will 404 during SG realization.
This is temporary outage, so we should return 500 status code to the
user, rather than 404.

Change-Id: I7354703cd21b824d7e8a7b44b813c6799bf7f304
2019-04-01 10:54:55 -07:00
Michal Kelner Mishali 0822854c1b NSX|V: enable allow_address_pairs upon request
Create configuration parameter that the customer can
set to True when it is required to allow multiple addresses
(cidr/subnet) on a port, and disabling spoofguard in order
to support it. This is done on a network level.

Change-Id: I52cc1f2b84bc8d8a6b9667a3c3263978aa7e2985
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit c77f4dfb22)
2019-03-28 11:34:56 +00:00
Adit Sarfaty 01951c3804 Revert "NSX|V3: Simplify LBaaS implementation"
This reverts commit 6a2c0a1b33.

Change-Id: I9deb3c5c23e7c97b46937460d2638838d2d7fac2
2019-03-19 09:51:41 +02:00
Adit Sarfaty 8259393595 NSX|V3: Fix LBaaS loadbalancer creation
Previous commit I2d1b9046a262fb43fd4b05e378dcf00f7f80adc0 added
an irrelevant code to this branch.

Change-Id: I201342a66264c427c75075809036ed400845c79b
2019-03-12 15:36:00 +02:00
Zuul 5b0eca33b3 Merge "NSX|V: Init FWaaS callbacks only if enabled" into stable/rocky 2019-03-12 08:42:00 +00:00
Adit Sarfaty caadf2ec23 NSX|V: Init FWaaS callbacks only if enabled
Change-Id: I616a3afabbd6add1a877ac18e945dc26cbc18e8a
2019-03-10 11:17:27 +02:00
Adit Sarfaty 6a2c0a1b33 NSX|V3: Simplify LBaaS implementation
Until know, for scale issues, the creation of some NSX backend resources
for loadbalancing was postpone until the first member creation.
This complicates the code unnecessarily, since the scale issues were already resolved.

The new code will create the matching backend objects for each LBaaS/Octavia object upon creation.
Old loadbalancers without members, will get ERROR status upon any action.

Change-Id: I2d1b9046a262fb43fd4b05e378dcf00f7f80adc0
2019-03-10 07:54:01 +02:00
Zuul eff1215cd3 Merge "Complete the init of the Neutron main process" into stable/rocky 2019-03-06 17:36:38 +00:00
Zuul 387805dd8b Merge "NSX|V admin utils: Find and fix spoofguard policies mismatches" into stable/rocky 2019-03-06 13:19:12 +00:00
Kobi Samoray 53e2753d26 Complete the init of the Neutron main process
Neutron doesn't trigger AFTER_INIT event for the main neutron context
but only for the workers.
As AFTER_SPAWN is called only on the main context, completing the
initialization from this event will resolve that problem.

Change-Id: I6a0cf73f3a433363e83f9b5bc17ac984266356d5
2019-03-06 14:39:51 +02:00
Anna Khmelnitsky a413a7220a NSX|V3: Respect default keyword for physical_net
When user (or heat stack) specifies 'default' in physical_net for vlan
provider network, default vlan tz should be used.

Change-Id: Ib977c7a65ad93cb9636c767ed001b1b0682480cb
2019-03-06 00:06:33 +00:00
Adit Sarfaty 2a3050f18e NSX|V admin utils: Find and fix spoofguard policies mismatches
1. List spoofguard policies with mismatching ips or mac, globally or for a specific network
    nsxadmin -r spoofguard-policy -o list-mismatches (--property network=<neutron net id>)
2. Fix the spoofguard ips of a neutron port
    nsxadmin -r spoofguard-policy -o fix-mismatch --property port=<neutron port id>

Change-Id: I18723007fff89ffd4a250106fed1b7ea615eb648
2019-03-05 09:38:59 +00:00
Adit Sarfaty 42c4360323 TVD: Add start_rpc_listeners to the plugin
The TVD plugin must implement start_rpc_listeners for hte FWaaS to
work properly.
This was already added in the master branch in a different patch

Change-Id: I0103a6ceb2b2eaceb3349fba78344d0b64da58cd
2019-02-28 12:21:58 +02:00
Adit Sarfaty bd18260c15 Upgrade appdirs lower constraints
Change-Id: Ic1cd79a9e2335a3db99939b43a2c226152524bd1
(cherry picked from commit 56db730573)
2019-02-28 07:58:11 +00:00
Zuul 0adb973fff Merge "NSX|V+V3: relax FWaaS validation" into stable/rocky 2019-02-24 13:13:49 +00:00
Zuul bb8023b031 Merge "Revert "NSX|V3: Init FWaaS before spawn"" into stable/rocky 2019-02-24 09:22:35 +00:00
Adit Sarfaty b81ef83014 NSX|V+V3: relax FWaaS validation
Allow source IPs in egress FWaaS V2 rules, and destination IPs in
ingress rules.
In those cases do not add the logical switch ID to the NSX rule source/destination
since the IPs are likely to define the interface as well.

Cherry-picked from commit: 8ccef1b738
Change-Id: I1ae3952f7fcc47d72629b7397dff0f9a7cb80358
2019-02-24 08:30:48 +02:00