Drop required-projects that no longer exist:
- openstack/neutron-lbaas
- x/tap-as-a-service
Change-Id: I50176fa303e7099f848cca2c6e363e41dd1626fa
(cherry picked from commit 404ff31334)
The current queue config is deprecated and will be removed in the next
major zuul release. Update to ensure windmill uses correct config.
More info can be found on the zuul mailing list:
https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html
Change-Id: I6d059710911fadc80b86bf2ebbad9527c372c5fa
(cherry picked from commit 715cb5fc11)
networking-l2gw and networking-l2gw-tempest-plugin are
imported to new location now and supposed to be retired from
openstack/namespace.
Cherry picked from: I902ea79cdd3a8e56540ab44a7bd2f986f5d18bca
Change-Id: I912ae6d8bcc6c5350485bb80eeca3f3e29b7672c
- pip warns as the ownership of the cache dir is incorrect and advises
using -H flag
- Fix neutron install
- Replace openstack.org with opendev.org
Change-Id: Ia186c17a61303eda024bd1f71f079e6391088d3d
(cherry picked from commit 08ea8cc6b1)
The path of _fixup_res_dict changed to neutron_lib
In additon, router gateway should not be skipped.
Change-Id: I0317da8689d7c798f1cf0da70e8f6ed3e0567e2d
Use Neutron's branch while fetching neutron-related projects
Change-Id: I672b18d1dd852a1d616ca5af74e9bf6773d2bb71
(cherry picked from commit 2a6ccc98c5)
Ensure proper dependencies are installed when running zuul jobs
Cheery-picked from commit: 1deb4f6ec1
Change-Id: I629a79625956b452e9c24fea47c996b38c6b47af
(cherry picked from commit 293c50d50c)
Commit I3f2905c2c4fca02406dfa3c801c166c14389ba41 added some IPv6 unit tests
which the vmware plugins do not support.
This patch skips the new tests.
Change-Id: I89fa1838ed6eed149e04e3e259b9480f1f700c49
(cherry picked from commit a5fa0f8a74)
Change number of max allowed host routes to 26.
option121 is set as 27, but there's 1 host route set by default.
Fixing test.
Change-Id: I660ee1f710dd84fe3e91122a009d520d0341f261
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 5454b916fb)
Issuing a driver error during delete causes the FW to stay in pending_delete
for ever, and the routers cannot be attached to a different firewall.
This fix will issue a log error, and allow the firewall to be deleted anyway.
Change-Id: I8318a332b7424bbb2a9129c6e0643ea176456a79
Commit Ie01dc29efaa3bf30ac314f45542d83f5a4cf238f deleted SG rules
when their remote group ID was deleted.
This commit skipps rules in that SG, to avoid DB errors.
This code was added in the common plugin, and will affect the V, V3 plugins.
Change-Id: Ib3b9193223c50591dda49165911728717f7da7a0
nsxadmin -r orphaned-firewall-sections -o nsx-list/clean will now
also detect/delete orphaned rules inside nsx sections that belong to
neutron security groups.
Change-Id: I7f733676e29f6a2b1177b4155e5b36aee3670438
Subscribe to a callback that will be called upon security group deletion,
and will look for rules with this SG as their remote-group-id and
delete them explicitly.
Else, those rules will only be deleted from the neutron DB, without
the NSX backend being aware of this.
This code was added in the common plugin, and will affect the V, V3 & P plugins.
Change-Id: Ie01dc29efaa3bf30ac314f45542d83f5a4cf238f
(cherry picked from commit 1ca92978ab)
Adding a parameter that sets the allowed static routes per
subnet, according to backend limitations.
cherry-picked from: https://review.openstack.org/#/c/642264/
Change-Id: I968fdef53bb9dab41a54561ca36b2e6880505d05
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Restrincting the user of creating an address_pair with an IP address
that might already exist in the network, either as another pair
or fixed_ip.
Change-Id: I49924b3d769e87d6e80157b723a4b26fa2c957a3
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit 1a4fe2dca3)
This patch is adding a verification that the requested
number of requested address_pairs does not cross the backend
limit.
Change-Id: Id3ffe07c2e02c1ec3558031989da10aeafeabcd6
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Creating the default security group for the same tenant simultaniously
may result in a DB error.
This patch adds try/catch in the common plugin code to handle it.
Change-Id: Ie756ee721627395de026085e40833b45522864c6
(cherry picked from commit d4549e14cc)
Today the dev target in tox doesn't account for stable
branches. This patch updates it to ensure required
depedencies are coming from the stable branch and not
master.
Change-Id: Ie9d58a89579630e4213f79f07e748ec4c957cdf6
In get_port and get ports the plugins used _get_port to get each of the
ports, and run the apply_funcs.
Since this cost a lot of time, and the super call to neutron already run
those, it can be removed.
Change-Id: I729b3e18d52df4c458f7ea8d2180deb534a375f1
With multi-cluster, reboot of one backend manager can cause a
race condition on which FW section will 404 during SG realization.
This is temporary outage, so we should return 500 status code to the
user, rather than 404.
Change-Id: I7354703cd21b824d7e8a7b44b813c6799bf7f304
Create configuration parameter that the customer can
set to True when it is required to allow multiple addresses
(cidr/subnet) on a port, and disabling spoofguard in order
to support it. This is done on a network level.
Change-Id: I52cc1f2b84bc8d8a6b9667a3c3263978aa7e2985
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
(cherry picked from commit c77f4dfb22)
Previous commit I2d1b9046a262fb43fd4b05e378dcf00f7f80adc0 added
an irrelevant code to this branch.
Change-Id: I201342a66264c427c75075809036ed400845c79b
Until know, for scale issues, the creation of some NSX backend resources
for loadbalancing was postpone until the first member creation.
This complicates the code unnecessarily, since the scale issues were already resolved.
The new code will create the matching backend objects for each LBaaS/Octavia object upon creation.
Old loadbalancers without members, will get ERROR status upon any action.
Change-Id: I2d1b9046a262fb43fd4b05e378dcf00f7f80adc0
Neutron doesn't trigger AFTER_INIT event for the main neutron context
but only for the workers.
As AFTER_SPAWN is called only on the main context, completing the
initialization from this event will resolve that problem.
Change-Id: I6a0cf73f3a433363e83f9b5bc17ac984266356d5
When user (or heat stack) specifies 'default' in physical_net for vlan
provider network, default vlan tz should be used.
Change-Id: Ib977c7a65ad93cb9636c767ed001b1b0682480cb
1. List spoofguard policies with mismatching ips or mac, globally or for a specific network
nsxadmin -r spoofguard-policy -o list-mismatches (--property network=<neutron net id>)
2. Fix the spoofguard ips of a neutron port
nsxadmin -r spoofguard-policy -o fix-mismatch --property port=<neutron port id>
Change-Id: I18723007fff89ffd4a250106fed1b7ea615eb648
The TVD plugin must implement start_rpc_listeners for hte FWaaS to
work properly.
This was already added in the master branch in a different patch
Change-Id: I0103a6ceb2b2eaceb3349fba78344d0b64da58cd
Allow source IPs in egress FWaaS V2 rules, and destination IPs in
ingress rules.
In those cases do not add the logical switch ID to the NSX rule source/destination
since the IPs are likely to define the interface as well.
Cherry-picked from commit: 8ccef1b738
Change-Id: I1ae3952f7fcc47d72629b7397dff0f9a7cb80358