Commit Graph

1535 Commits

Author SHA1 Message Date
Thomas Bachman b076090cf7 Avoid flake8 package
The latest flake8 breaks the upstream build.

Change-Id: Idab49e9a59e94898d0072e5604e78d11d8c91f9c
2023-12-10 16:58:47 +00:00
Thomas Bachman 1ca7f0219e Remove explicit ep_move_detect_mode config
The AIM BridgeDomain resource was being configured with an
explicit value of the ep_move_detect_mode parameter. This was
done to address a workaround needed for older hardware. Now
that the older hardware is no longer supported, AIM has been
changed to disable this value by default, which means that the
AIM mechanism driver no longer needs to set this value explicilty.

Change-Id: I41036952c46bfd72e0c9ed2416fcf3af6294c9ad
2023-12-07 22:57:48 +00:00
sonianuj287 e36be69316 Address Group Update
Change-Id: I45604ffa2dee32bec3b82bc5859ed771b7a3ff34
2023-11-21 04:50:15 +00:00
sayalinaval 16c06b7655 Normalization of Remote IPs
Change-Id: Ib955b7f27fc4ac6b48c81ff29f1dd4ffbd2560f0
2023-11-17 13:07:20 -08:00
Christopher Collins 2710049aa5 Fixed Multi Ext Network Issues
Fixed various resource naming  when using multi_ext_net extension.

Change-Id: I72f9705691e98f7f0d4abff835d2904a857c3407
2023-11-07 16:53:27 -08:00
Zuul 40514ac534 Merge "address group with security group rule" 2023-10-16 13:30:56 +00:00
Zuul 2195e9b42e Merge "Revert "Fix Log.warn"" 2023-10-15 21:14:31 +00:00
Zuul aac6fa7031 Merge "Add subnet scope extension support" 2023-10-14 17:50:43 +00:00
Christopher Collins 717ab3b5f4 Add subnet scope extension support
Add support for setting the scope of a subnet by configuring
'apic:advertised_externally' and 'apic:shared_between_vrfs'.

Change-Id: Ieedaec28098c4f6d4e6b3c3c97f0c8f86cf072a4
2023-10-13 12:11:36 -07:00
Thomas Bachman 1fc842a2dd Revert "Fix Log.warn"
This reverts commit 953997a9a8.
The patch reverts the change of warn to warning in alembic_mgrations.
The alembic utils library only has warn, and not warning, so this
patch isn't needed.

Change-Id: Ibd16c88ea33ae668316506c58348ce2b5c1a53d6
2023-10-13 02:43:01 +00:00
sonianuj287 ef166d7c67 address group with security group rule
Change-Id: I0ecdc4f5731192f791a9123ddc2cd4cbd3f361ab
2023-10-05 06:03:11 +00:00
Pulkit vajpayee 1a825ef921 Add_zed_support
Change-Id: I48b96bfd44330f9e75fa27c5b9ecc63ab95f4ffd
2023-10-03 05:57:54 +00:00
Pulkit vajpayee d0d6094bee use context manager from neutron-lib
Change-Id: Iee1dc60862b12d48104325d2798fb881c5edcc9d
2023-09-21 09:36:16 +00:00
Zuul 1dc38b63a5 Merge "Multi External Network Coexisting" 2023-09-13 01:48:18 +00:00
sayalinaval 8f6da2c57e Fix ip version check bug in create security group rule
Fix the bug where remote ip's version is not being checked against
the ethertype before adding it to security group rule's remote_ips
in security_group_rule_create_procommit.

Change-Id: I10df6ed562e1af66b89c14c0769b670b2f61d9a0
2023-09-07 21:39:14 +00:00
Thomas Bachman 9577735242 Fix policy.json
The order of the admin_owner_or_network_owner alias in the
policy.json file can trigger DB queries for the network
resource in order to complete the policy checks, even in
cases where those checw aren't needed. This changes the
order of the policy rule to ensure that checks for the
tenant ID owner are made before looking at the tenant ID
of the network.

Change-Id: Ic3a7c99ff69c652bd1df4d43a98f298da876b4ba
2023-08-30 22:25:53 +00:00
christides11 4f5f8aa66f Multi External Network Coexisting
Support for having networks with and without the multi_ext_nets extension
to share the same L3Outside.

Change-Id: Ia2daff31059437ed83813d93d98865131f2919b5
2023-07-31 17:42:15 -07:00
Zuul ceb0c8c0bb Merge "Support for multi external networks extention" 2023-07-08 01:01:55 +00:00
christides11 2edc1ab5c5 Support for multi external networks extention
The multi external networks extention allows multiple external networks
to be associated with a single L3Outside.

Change-Id: Ib872d8661fae321270130b4986d7d21249919ae6
2023-07-07 15:56:24 -07:00
Zuul 7a30dd1c59 Merge "Fix Log.warn" 2023-06-30 11:52:12 +00:00
Zuul e598277979 Merge "Changed /usr/bin/python2 to /usr/bin/python3" 2023-06-30 02:13:50 +00:00
Iftikhar Rathore 778b011ee1 Changed /usr/bin/python2 to /usr/bin/python3
Change-Id: I63fc5f64c4c6a8c9b1cea9ee03730042fc28229c
2023-06-28 16:36:15 -07:00
Pulkit vajpayee 751d1ca08b Remove Monkey patch
Change-Id: Ic89dc4ccc174effe923e4e4db1d484990afb8141
2023-06-22 05:14:07 +00:00
Nisar Khan 953997a9a8 Fix Log.warn
Change-Id: I68ff97d1caf2163bbc224c8310ce2420be82a36d
2023-05-22 08:58:49 +00:00
Thomas Bachman f9c7a63f7a Fix port notifications when extension is updated
The patch in [0] added support for the no-NAT CIDRs extension. This
covered the case where the agents would get extension details when a
network was created, as well as when a network was connected or
disconnected from a neutron router. However, it missed the case where
the extension on the ntwork itself was updated. This patch addresses
that gap.

The patch also adds UT coverage of the extension for AIM validation
(there is no mapping to an AIM resource, but the extension was added
to the UT for completeness).

[0]: https://review.opendev.org/c/x/group-based-policy/+/875317

Change-Id: Ibf3df8a0d48b9ba9a68c17ad70251a611aa40cab
2023-03-22 12:05:53 +00:00
Thomas Bachman b7a5445e7b Fix VRF subnets DB query
The patch in [0] created a DB query to support a new no-NAT CIDRs
extension. This DB query was incorrect, as it used unrelated joins.
This patch fixes the DB query to ensure related joins are used.

There also was an issue with the _query_vrf_subnets method before
the extension was added. It was possible that a single subnetpool
with multiple prefixes could have been used to allocate multiple
subnets. The current query would have returned the same subnetpool
ID for each prefix, leading to duplicates in the returned list. This
patch fixes that issue by ensuring that the returned values from
the query are distinct.

[0]: https://review.opendev.org/c/x/group-based-policy/+/875317

Change-Id: I7870ad58bc4d9098b4aa12a0cefbfe027d982564
2023-03-08 18:48:36 +00:00
Thomas Bachman 7d722bae8e Add no nat cidrs network extension
The no-NAT CIDRs extension is applied to the network resource
in neutron. When applied, it affects the list of subnets that
should be reachable without NAT that are delivered in the RPC
calls to agents. The agents can then use this information to
ensure that specific destination CIDRs will never use NAT.

The extension can be applied to both tenant and external/public
networks. The extension should be used judiciously, as placing
it on a network will cause those CIDRs to be added to all RPC
calls requesting subnets within that VRF (e.g. the extension
could be added to a shared network or to a network that uses
a subnetpool relating to a shared address scope, which would
be seen by all other networks that report to that same address
scope or shared network).

Change-Id: Idb39b75ff6d611a1dd413f26055622310cdf0df7
2023-02-27 17:06:13 +00:00
Thomas Bachman d7ceb5a57c Cleanup stable branches
This patch is a vehicle for cleaning up the stable branches. The
patch to master addresses a fix that was missed when [1] was merged.
That patch was created to enable the stable/ussuri branch, but it
included a PEP8 fix which should have been a separate patch that could
have been backported through the stable branches. This patch adds the
missing fix (addresses an alias with import namespace). The backports
of this patch will include the portion of the original PEP8 fix in [1]
starting from before stable/ussuri (i.e. train through newton).

Backports of this patch will add fixes to address other issues recently
found with stable branches due to end-of-life in other projects, such
as neutron.

[1]: https://review.opendev.org/c/x/group-based-policy/+/752338

Change-Id: Idfd8ccc60ed6cd0fffe63064faa3e7eb46cf8cbe
2023-02-26 12:49:53 +00:00
Thomas Bachman 3c8e327665 Revert "Add no nat cidrs network extension"
This reverts commit d1ff11cb8e.

Reason for revert: Patch fails on downstream branches due to SQL query.

Change-Id: I36245cfea6398314b540e6d0b80ece2ee9ad9074
2023-02-24 12:59:35 +00:00
mdsufair d1ff11cb8e Add no nat cidrs network extension
The no-NAT CIDRs extension is applied to the network resource
in neutron. When applied, it affects the list of subnets that
should be reachable without NAT that are delivered in the RPC
calls to agents. The agents can then use this information to
ensure that specific destination CIDRs will never use NAT.

The extension can be applied to both tenant and external/public
networks. The extension should be used judiciously, as placing
it on a network will cause those CIDRs to be added to all RPC
calls requesting subnets within that VRF (e.g. the extension
could be added to a shared network or to a network that uses
a subnetpool relating to a shared address scope, which would
be seen by all other networks that report to that same address
scope or shared network).

Change-Id: Ic2cdd501933cc21c286ca36218361aadef1878b8
2023-02-16 19:34:06 +00:00
mdsufair cb3efe4afa Add python39 gate support
Change-Id: Ia1dc763b18a4e05ac28c6f7590ec8645edd320b6
2023-01-31 11:47:15 +00:00
mdsufair e0934c9026 Fixes for tox4
Change-Id: Ibd890b0c781ad3e29a9a62a83c5497e81ab3dfe9
2023-01-17 19:37:04 +05:30
Thomas Bachman 957ee2252d Fix keystone notification listener
The notification listener for Keystone was subscribing using a pool
value other than "None". The semantics for oslo.messaging notification
listeners is that there has to be at least one listener whose pool value
is set to "None" in order to ensure that the notifications are consumed.
In order to support both environments (i.e. installations where there
are other listeners whose value is already set to "None", and
installations where there are no listeners whose value is set to
"None"), the pool value is configurable, with a default value of "None".
This ensures that the default behavior is that the notification
messages are consumed, but allows for other consumers, while still
ensuring that our notification listener will receive the messages.

Change-Id: I706ee3c4e88cb8d6ad492c1b97fe48b0392b8033
2022-11-17 22:05:35 +00:00
Sayali Naval 635400c6a6 Support for epg subnet
Change-Id: Ie398a3b72df47d1bbdf2a6491c25d010ab053896
2022-11-14 15:44:20 -08:00
Zuul 496f134366 Merge "Use top-level contract references" 2022-10-06 18:10:24 +00:00
Thomas Bachman 2e5ec528b6 Use top-level contract references
Contract references in aci-integration-module (AIM) were previously
created or destroyed by modifying list members of the ExternalNetwork
resource.  This caused problems when the ExternalNetwork was monitored
state but the contract references were meant to be configured state,
as the view of the monitored universe/state could be inconsistent from
time to time, causing the contract references to inadvertently get
deleted.

A recent commit (9076bd8738e27052e75ec53052e509c54c4b91ea) in AIM made
the contract references top-level resources, so that their creation or
removal can only be made directly. The aim_lib module was changed to
support passing lists of provided and consumed contracts expclicitly,
in order to adopt these changes.

Change-Id: I14b01bea751823c3e3b70df3e7f41ea5babd9522
2022-10-05 01:27:35 +00:00
Thomas Bachman 00bd9462b6 Remove py37 jobs from gate
The py37 job is removed, as it's not used in recent releases.

Change-Id: I4cd1f045ea42fe10defd7adf00d63e3440736cf7
2022-10-04 01:37:58 +00:00
Thomas Bachman d1f32d9958 Remove python39 from voting
A recent change upstream has broken the python39 job.
Remove voting rights for this gate temporarily, as
python39 currently isn't being deployed.

Change-Id: Ib664e576f306d16afc20a1a4d62c8105cece2877
2022-09-29 02:25:43 +00:00
Pulkit vajpayee a55c32d7e3 Remove logs
Change-Id: I1f19c6757b3668941867c79723a30ca4398c2295
2022-08-16 18:48:18 +05:30
Zuul 5fe3af996c Merge "FIP Status active after dissociate." 2022-08-16 01:17:19 +00:00
Zuul 03b36dc19b Merge "fixed apic synchronization state for multiple erspan session" 2022-08-14 12:53:54 +00:00
Pulkit vajpayee 7fe026d9fc FIP Status active after dissociate.
The error happens when the FIP is dissociated from the port
and ports get deleted, which are using the VIP port's fixed
IP address as an allowed-address-pairs. The expected behavior
is that dissociation succeeds, and the final status of the
dissociated FIP is “DOWN”. Instead, they are seeing the
dissociation fail with an HTTP 404, and the final FIP status
is “ACTIVE”.
fix here is to catch and ignore "port not found" exceptions.

Change-Id: I7769371b41f390adf668f976fad9ec209b5acf69
2022-08-09 12:22:11 +00:00
snehal tembhurne 3ce1d76a39 fixed apic synchronization state for multiple erspan session
Change-Id: Ifa41902518944702aeeb7f0b9e690f851199cdb1
2022-07-26 06:33:47 +00:00
Zuul 09ecfe00b9 Merge "Remove_legacy_service_chain_code(2)" 2022-07-19 14:43:34 +00:00
Christopher Collins 86c8506a0b data-migrations spelling fixes
Fixed spelling errors in the comment pertaining to HAIPAddressToPortAssociation in data_migrations.py.

Change-Id: Ie51fabeec357206dff4abc51b3b8434dbc4e067e
2022-07-15 16:24:38 -07:00
Zuul ebffb0af89 Merge "Adding support for address group feature in upstream" 2022-07-01 14:52:08 +00:00
pulkitvajpayee07 1e44b3991f Remove_legacy_service_chain_code(2)
Change-Id: I27b9839b41408e94333e4aa5d5e14c6dd45c1643
2022-06-27 04:54:47 +00:00
pulkitvajpayee07 549f0f3688 Add support for yoga
Change-Id: I010a02cc9e4128c92f4bfed1b62844c57961df08
2022-05-26 16:01:17 +00:00
Zuul e9f13c36c9 Merge "Removed_legacy_service_chain_code" 2022-05-16 10:40:39 +00:00
snehal tembhurne f26eed9182 Populate network mtu for erspan
Change-Id: Ic4753ba768080149b54f391c44185ec27e006044
2022-04-21 19:10:25 -07:00