Commit Graph

1465 Commits

Author SHA1 Message Date
Thomas Bachman b4959e865a Remove explicit ep_move_detect_mode config
The AIM BridgeDomain resource was being configured with an
explicit value of the ep_move_detect_mode parameter. This was
done to address a workaround needed for older hardware. Now
that the older hardware is no longer supported, AIM has been
changed to disable this value by default, which means that the
AIM mechanism driver no longer needs to set this value explicilty.

Change-Id: I41036952c46bfd72e0c9ed2416fcf3af6294c9ad
2023-12-08 01:01:12 +00:00
sayalinaval 89fd3400d0 Normalization of Remote IPs
Change-Id: Ib955b7f27fc4ac6b48c81ff29f1dd4ffbd2560f0
2023-11-23 00:04:19 +00:00
Christopher Collins 1866d635d9 Fixed Multi Ext Network Issues
Fixed various resource naming  when using multi_ext_net extension.

Change-Id: I72f9705691e98f7f0d4abff835d2904a857c3407
(cherry picked from commit 2710049aa5)
2023-11-14 21:05:44 +00:00
Christopher Collins 434c9c58a8 Add subnet scope extension support
Add support for setting the scope of a subnet by configuring
'apic:advertised_externally' and 'apic:shared_between_vrfs'.

Change-Id: Ieedaec28098c4f6d4e6b3c3c97f0c8f86cf072a4
(cherry picked from commit 717ab3b5f4)
2023-10-19 22:20:07 +00:00
Thomas Bachman 1dd4744a1f Revert "Fix Log.warn"
This reverts commit 953997a9a8.
The patch reverts the change of warn to warning in alembic_mgrations.
The alembic utils library only has warn, and not warning, so this
patch isn't needed.

Change-Id: Ibd16c88ea33ae668316506c58348ce2b5c1a53d6
2023-10-13 02:47:08 +00:00
christides11 14299b08dd Multi External Network Coexisting
Support for having networks with and without the multi_ext_nets extension
to share the same L3Outside.

Change-Id: Ia2daff31059437ed83813d93d98865131f2919b5
(cherry picked from commit 4f5f8aa66f)
2023-09-25 19:19:05 +00:00
Zuul 807b8fb07e Merge "Fix ip version check bug in create security group rule" into stable/queens 2023-09-12 23:28:13 +00:00
sayalinaval c1e14db8dc Fix ip version check bug in create security group rule
Fix the bug where remote ip's version is not being checked against
the ethertype before adding it to security group rule's remote_ips
in security_group_rule_create_procommit.

Change-Id: I10df6ed562e1af66b89c14c0769b670b2f61d9a0
(cherry picked from commit 8f6da2c57e)
2023-09-11 19:38:02 +00:00
Thomas Bachman f91ae6df95 Fix policy.json
The order of the admin_owner_or_network_owner alias in the
policy.json file can trigger DB queries for the network
resource in order to complete the policy checks, even in
cases where those checw aren't needed. This changes the
order of the policy rule to ensure that checks for the
tenant ID owner are made before looking at the tenant ID
of the network.

Change-Id: Ic3a7c99ff69c652bd1df4d43a98f298da876b4ba
2023-08-31 22:58:01 +00:00
Zuul 680566d763 Merge "Fix Log.warn" into stable/queens 2023-07-11 21:42:55 +00:00
christides11 00387cc510 Support for multi external networks extention
The multi external networks extention allows multiple external networks
to be associated with a single L3Outside.

Change-Id: Ib872d8661fae321270130b4986d7d21249919ae6
(cherry picked from commit 2edc1ab5c5)
2023-07-10 16:55:54 +00:00
Nisar Khan 8fbc0eef64 Fix Log.warn
Change-Id: I68ff97d1caf2163bbc224c8310ce2420be82a36d
(cherry picked from commit 953997a9a8)
2023-07-06 04:54:16 +00:00
Thomas Bachman a8dc7b97bb Remove baked query with "in_" clause
Change Idb39b75ff6d611a1dd413f26055622310cdf0df7 introduced a baked
query to the DB using the "in_" clause. That clause is only supported
starting with SQL Alchemy version 1.2, which isn't yet used by the
stable/queens branch. This patch converts that query to a non-baked
one.

Change-Id: Iaffac4835da396028d6b13c0f67cb968f38da5e0
2023-06-21 17:59:37 +00:00
Thomas Bachman 2b0322bfe8 Fix queens DB query
Fix #2.

The backport of [0] to stable/queens had a syntax error, which
wasn't caught by the upstream gate since queens for upstream neutron
has now gone EOL. This patch fixes that syntax error.

[0]: https://review.opendev.org/c/x/group-based-policy/+/876812

Change-Id: I0e159b8e747ec21732e962668fe0e1e4c5dbc7fa
2023-03-26 14:01:34 +00:00
Thomas Bachman a33e236860 Fix RPC DB query
The backport of [0] to stable/queens had a syntax error, which
wasn't caught by the upstream gate since queens for upstream neutron
has now gone EOL. This patch fixes that syntax error.

[0]: https://review.opendev.org/c/x/group-based-policy/+/876812

Change-Id: I1fb97dc7459faa85831c448f5594adb02864a03d
2023-03-23 00:48:14 +00:00
Thomas Bachman 2be7e95a17 Fix port notifications when extension is updated
The patch in [0] added support for the no-NAT CIDRs extension. This
covered the case where the agents would get extension details when a
network was created, as well as when a network was connected or
disconnected from a neutron router. However, it missed the case where
the extension on the ntwork itself was updated. This patch addresses
that gap.

The patch also adds UT coverage of the extension for AIM validation
(there is no mapping to an AIM resource, but the extension was added
to the UT for completeness).

[0]: https://review.opendev.org/c/x/group-based-policy/+/875317

Change-Id: Ibf3df8a0d48b9ba9a68c17ad70251a611aa40cab
2023-03-22 14:17:25 +00:00
Thomas Bachman 8e15f2ac3e Fix VRF subnets DB query
The patch in [0] created a DB query to support a new no-NAT CIDRs
extension. This DB query was incorrect, as it used unrelated joins.
This patch fixes the DB query to ensure related joins are used.

There also was an issue with the _query_vrf_subnets method before
the extension was added. It was possible that a single subnetpool
with multiple prefixes could have been used to allocate multiple
subnets. The current query would have returned the same subnetpool
ID for each prefix, leading to duplicates in the returned list. This
patch fixes that issue by ensuring that the returned values from
the query are distinct.

[0]: https://review.opendev.org/c/x/group-based-policy/+/875317

Change-Id: I7870ad58bc4d9098b4aa12a0cefbfe027d982564
2023-03-08 19:25:19 +00:00
Thomas Bachman f4609c4fab Add no nat cidrs network extension
The no-NAT CIDRs extension is applied to the network resource
in neutron. When applied, it affects the list of subnets that
should be reachable without NAT that are delivered in the RPC
calls to agents. The agents can then use this information to
ensure that specific destination CIDRs will never use NAT.

The extension can be applied to both tenant and external/public
networks. The extension should be used judiciously, as placing
it on a network will cause those CIDRs to be added to all RPC
calls requesting subnets within that VRF (e.g. the extension
could be added to a shared network or to a network that uses
a subnetpool relating to a shared address scope, which would
be seen by all other networks that report to that same address
scope or shared network).

Change-Id: Idb39b75ff6d611a1dd413f26055622310cdf0df7
2023-03-02 03:36:14 +00:00
Thomas Bachman 04e608ae09 Cleanup stable branches
This patch is a vehicle for cleaning up the stable branches. The
patch to master addresses a fix that was missed when [1] was merged.
That patch was created to enable the stable/ussuri branch, but it
included a PEP8 fix which should have been a separate patch that could
have been backported through the stable branches. This patch adds the
missing fix (addresses an alias with import namespace). The backports
of this patch will include the portion of the original PEP8 fix in [1]
starting from before stable/ussuri (i.e. train through newton).

Backports of this patch will add fixes to address other issues recently
found with stable branches due to end-of-life in other projects, such
as neutron.

Drop the use of basepython = 2.7 for PEP8 jobs, as that causes the
PEP8 gate to fail.

Switch to use the upper-constraints for installing neutron, and move
upper-constraints based installations earlier in test-requirements.

Mark the openstack-tox-py27 job as non-voting. The upstream gate is
missing the pre-installation of python2.7 for stable/rocky (see [2]).
This can be reverted if the job gets fixed (although given that rocky
has already been EOL'd, that seems unlikely).

Mark all jobs as non-voting, in preparation of stable/queens branch
deprecation. This is in response to upstream branches and gate jobs
already being deprecated or removed for stable/queens (see [3], [4]).

[1]: https://review.opendev.org/c/x/group-based-policy/+/752338
[2]: https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/873020
[3]: https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/871596
[4]: https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/871594

Change-Id: Idfd8ccc60ed6cd0fffe63064faa3e7eb46cf8cbe
(cherry picked from commit 2341cce7ca)
2023-02-26 15:03:37 +00:00
Zuul 730553d76e Merge "Support for epg subnet" into stable/queens 2022-11-23 20:11:25 +00:00
Sayali Naval a9fbe154cf Support for epg subnet
Change-Id: Ie398a3b72df47d1bbdf2a6491c25d010ab053896
(cherry picked from commit 635400c6a6)
2022-11-23 14:11:55 +00:00
Thomas Bachman 98d66f3fbd Fix keystone notification listener
The notification listener for Keystone was subscribing using a pool
value other than "None". The semantics for oslo.messaging notification
listeners is that there has to be at least one listener whose pool value
is set to "None" in order to ensure that the notifications are consumed.
In order to support both environments (i.e. installations where there
are other listeners whose value is already set to "None", and
installations where there are no listeners whose value is set to
"None"), the pool value is configurable, with a default value of "None".
This ensures that the default behavior is that the notification
messages are consumed, but allows for other consumers, while still
ensuring that our notification listener will receive the messages.

Change-Id: I706ee3c4e88cb8d6ad492c1b97fe48b0392b8033
2022-11-17 22:36:47 +00:00
Thomas Bachman c9b9e34665 Use archived branch for LBaaS
Change-Id: I9b0fd8979c5b8b0f4be7bd22e9264c12f9afdf7d
2022-11-17 12:47:00 +00:00
Thomas Bachman 15181c62cd Use top-level contract references
Contract references in aci-integration-module (AIM) were previously
created or destroyed by modifying list members of the ExternalNetwork
resource.  This caused problems when the ExternalNetwork was monitored
state but the contract references were meant to be configured state,
as the view of the monitored universe/state could be inconsistent from
time to time, causing the contract references to inadvertently get
deleted.

A recent commit (9076bd8738e27052e75ec53052e509c54c4b91ea) in AIM made
the contract references top-level resources, so that their creation or
removal can only be made directly. The aim_lib module was changed to
support passing lists of provided and consumed contracts expclicitly,
in order to adopt these changes.

Change-Id: I14b01bea751823c3e3b70df3e7f41ea5babd9522
2022-10-05 01:55:08 +00:00
Pulkit vajpayee 4297cc7958 Remove logs
Change-Id: I1f19c6757b3668941867c79723a30ca4398c2295
(cherry picked from commit a55c32d7e3)
2022-08-19 03:19:40 +00:00
Zuul 3964abd88f Merge "FIP Status active after dissociate." into stable/queens 2022-08-17 22:50:29 +00:00
Zuul b86e1bb93b Merge "fixed apic synchronization state for multiple erspan session" into stable/queens 2022-08-17 22:48:18 +00:00
Zuul f620fb8d15 Merge "data-migrations spelling fixes" into stable/queens 2022-08-17 21:12:42 +00:00
snehal tembhurne 1813b8026b fixed apic synchronization state for multiple erspan session
Change-Id: Ifa41902518944702aeeb7f0b9e690f851199cdb1
(cherry picked from commit 3ce1d76a39)
2022-08-16 06:34:07 +00:00
Pulkit vajpayee a18a79ec30 FIP Status active after dissociate.
The error happens when the FIP is dissociated from the port
and ports get deleted, which are using the VIP port's fixed
IP address as an allowed-address-pairs. The expected behavior
is that dissociation succeeds, and the final status of the
dissociated FIP is “DOWN”. Instead, they are seeing the
dissociation fail with an HTTP 404, and the final FIP status
is “ACTIVE”.
fix here is to catch and ignore "port not found" exceptions.

Change-Id: I7769371b41f390adf668f976fad9ec209b5acf69
(cherry picked from commit 7fe026d9fc)
2022-08-16 04:00:59 +00:00
Thomas Bachman 4f2808d987 Use EOL branches
Some of the services have end-of-life'd their older stable branches.
This patch uses the new EOL links.

Change-Id: I1ca2935b560d589411b2f2ddd0ce5437b4c53f90
2022-08-16 01:22:03 +00:00
Christopher Collins fb36c4c16a data-migrations spelling fixes
Fixed spelling errors in the comment pertaining to HAIPAddressToPortAssociation in data_migrations.py.

Change-Id: Ie51fabeec357206dff4abc51b3b8434dbc4e067e
(cherry picked from commit 86c8506a0b)
2022-07-19 18:19:42 +00:00
snehal tembhurne 4635b00590 Populate network mtu for erspan
Change-Id: Ic4753ba768080149b54f391c44185ec27e006044
(cherry picked from commit f26eed9182)
2022-04-27 15:58:16 +00:00
pulkit vajpyee 440d226b09 ERSPAN config error when Openstack port is created in a different project than network it belongs to.
Change-Id: I701dc0c7f5d4c6dd6f591ee5f7157dce2260f3cf
(cherry picked from commit ceeeb71a0a)
2022-04-05 09:01:43 +00:00
Zuul 8668f69719 Merge "update_floatingip_status_while_deleting_the_vm" into stable/queens 2022-02-20 05:00:38 +00:00
Zuul a5586c5a86 Merge "Updating host id by appending pid in existing host id" into stable/queens 2022-02-19 22:37:14 +00:00
Zuul f98d075a36 Merge "Python2/3 compatibility fixes" into stable/queens 2022-02-19 22:27:01 +00:00
Thomas Bachman 979aa991f1 Python2/3 compatibility fixes
Changes resulting from running the 2to3 tooling.

Change-Id: I59f52f43ae64c2dbf4c04b45f6acd8f5d5f8281d
(cherry picked from commit adf52b9448)
2022-02-18 17:07:18 +00:00
pulkit vajpyee 952af6bad3 update_floatingip_status_while_deleting_the_vm
Change-Id: Id9aae96d8113a5219fa7124f4058e380f39262d9
(cherry picked from commit d3bf50eebd)
(cherry picked from commit a2203367df)
2022-02-18 15:51:46 +00:00
mdsufair b8fda9b2be Update mechanism_driver cache
Update mechanism_driver cache to select neutron_client or gbp_client
based on group_policy enabled/disabled.

Change-Id: I2b787bb8576175f1e38beac1199a27c609eeb486
(cherry picked from commit de548128ce)
2022-02-18 15:48:07 +00:00
Snehal Tembhurne b63ddf0f14 Updating host id by appending pid in existing host id
Change-Id: I8db7553f219033eda69c64ab971b3111644c7c4d
(cherry picked from commit 3af8525e23)
(cherry picked from commit 88d26d1dda)
2022-02-18 15:39:30 +00:00
pulkit vajpyee bd020b02ae Fix oslo_i18n usage
The use of log translations were removed in upstream
neutron in this patch:

https://review.opendev.org/c/openstack/neutron/+/453355

The same was applied to GBP. However, some files we missing
imports of the oslo_i18n translator, as this is still needed
for other printing (e.g. exceptions, configuration file options, etc.).

Change-Id: Ie8d3d312dcb1b811e76879ec8df2a0cd892ce6d3
(cherry picked from commit 832ba2760c)
2022-02-17 18:53:26 +00:00
Thomas Bachman 3566dbaf1c Fix update router API
The semantics for the update router API call were affected by the
introduction of the SNAT subnet only extension patch series. This
patch modifies the API to support the upstream semantics, while
still supporting the new extension.

Change-Id: Ia1244876b19b364295cf4198a809d820810a16c5
2021-10-13 03:10:41 +00:00
Thomas Bachman 9c0d8b55c2 Fix HA IP DB migration
Commit 6ddc59aedc created a fix for
the HA IP address schema, and updated the DB migraiton. That fix
missed the case where the same IP address was used as a valid HA IP
entry in different networks (the DB migration would fail because
multiple entries had the same AAP and network ID). This patch defers
updating the primary keys during the migration until after the data
has been migrated.

Change-Id: I8f071fcc20f4afb61a0f0333dd8e599154c45387
2021-10-06 20:28:12 +00:00
Thomas Bachman 8ba74fbc96 Remove VPNaaS
The gate for stein stopped supporting this project so we need to
remove it.

Change-Id: I76cb0325636e6e754aaadc6a0bade50dc31ca896
(cherry picked from commit 8720a937a7)
(cherry picked from commit fda3bab3b5)
2021-10-05 11:02:40 +00:00
Zuul dcf3746d1b Merge "Use custom converter for extra attributes" into stable/queens 2021-10-02 01:39:44 +00:00
Ümit Seren 4eb2d6ac34 Use custom converter for extra attributes
Instead of using the default convert_none_to_empty_list converter
from the neutron_lib, use a custom one
that can handle string attributes imilar to convert_nested_domain_allowed_vlans.
This allows us to pass in those additional attributes from terraform/pulumi
which only supports string values for
extra attributes

Change-Id: Idba3ded81f72128bb712660443458e24148ef188
2021-10-01 13:44:24 +00:00
Sayali Naval e484c2fdb5 Add network_id column to apic_ml2_ha_ipaddress_to_port_owner table
Add network_id column to apic_ml2_ha_ipaddress_to_port_owner table
to guard against multiple rows of same VIP address.

Change-Id: I2d5a2cfdb4242450140689adc50df2197d4a04b3
2021-10-01 00:20:06 +00:00
Zuul 3bd81524d0 Merge "Validate network before creating or updating router" into stable/queens 2021-09-27 10:26:45 +00:00
ansao-aci 18b0c8a5c0 System security grp:Add system sg in port sg list
Change-Id: Ib0e07aeb1f967b7d3f5035f1b5e0404eece81b73
(cherry picked from commit 7eaa0829f5)
2021-09-23 06:18:32 +00:00