Commit Graph

610 Commits

Author SHA1 Message Date
OpenDev Sysadmins 8d5bc293b8 OpenDev Migration Patch
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:

http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html

Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
2019-04-19 19:50:55 +00:00
Igor Duarte Cardoso 21c8c3b5c4 Quality of Service support via NSPs
QoS support for PTs inside PTG, as 2 new NSP param types.

The new NSP param types, qos_maxrate and qos_burstrate, map to the
Neutron QoS Policy resource, which then gets associated to a QoS
bandwith limit rule with a certain maximum rate and/or burst rate (in
Kbps and Kb respectively) set.

Change-Id: I3950a13c482d7a7e1fa03667a543628aaa36ee6e
Implements: blueprint initial-support-qos
2016-11-17 21:21:52 +00:00
Ivar Lazzaro ca0429730a [apic-mapping] guard against null port-id on master PTs
Change-Id: Ic6919f1a211e25742d6eab31c5aae84f8c8e68d2
2016-10-19 21:29:20 +00:00
Jenkins 0c8d2583cb Merge "[apic_aim] Complete mapping to AIM Subnet" 2016-10-18 18:53:56 +00:00
Sumit Naiksatam f17ecf35f7 AIM Policy Driver - Part 7 - L3 Policies (explicit)
Support l3_policy workflows by providing different combinations
of explicitly created Neutron address_scopes and subnetpools.

Though this patch supports associating multiple explicit subnetpools,
only the first one is used for subnet allocation. A follow-up patch
will extend this to leveraging multiple subnetpools, if configured.

Fixes UT setup for address_scopes.

Fixes v6 implicit address_scope and subnetpool creation.

Implements blueprint: address-scope-mapping

Change-Id: If830dacb2ac52bb067ca7fb58c2422cedb6b10bd
2016-10-15 05:03:20 +00:00
Sumit Naiksatam 0dd42fbaed Sort multiple macs in port lookup
Sorting makes the usage more predictable.

Change-Id: Id88a0f8b5a6c5d0f411803d8618b8aac32165c99
2016-10-14 01:53:17 -07:00
Robert Kukura 3707a62887 [apic_aim] Complete mapping to AIM Subnet
Expose each AIM Subnet's distinguished name and synchronization state
on the Neutron router, in addition to on the Neutron subnet.

Build the AIM Subnet's display name using both the Neutron router and
subnet names, handling updates to either name. If the Neutron subnet's
name is empty, use its CIDR instead in the display name.

Change-Id: I697d490b76dea0f099d62aa153fc29c12b2e3c70
2016-10-13 18:04:19 -04:00
Jenkins 2d5067aeb7 Merge "[apic] fix proxy_group migration default" 2016-10-13 20:41:42 +00:00
Ivar Lazzaro 447d7c2489 [apic] fix proxy_group migration default
Change-Id: Ic940effc07d3273334c83be6c1469cea61420ef9
2016-10-13 19:11:58 +00:00
Jenkins 74472b8b1e Merge "[apic-mapping] Allowed VM Name extension for L3 Policy" 2016-10-13 02:28:17 +00:00
Jenkins 09f887e4dc Merge "[apic] make get_apic_manager compatible with both config options" 2016-10-13 01:35:00 +00:00
Kent Wu 29cd855015 [apic-mapping] Allowed VM Name extension for L3 Policy
This patch defines a new extension: cisco_apic_gbp_allowed_vm_name,
for the apic policy drivers. An extension attribute:
allowed_vm_names, that extends the L3 Policy definition, is
being introduced in this extension.

A corresponding extension driver: apic_allowed_vm_name, that processes
this extension, is also being added. This extension driver should be
configured for this extension to be available. The driver name should be
added to the existing list of extension drivers under:
[group_policy]
extension_drivers=<existing_ext_drivers>,apic_allowed_vm_name

The allowed_vm_names attribute is a list of regexes. Each regex can
be up to 255 characters long.

While during the port-binding phase, we will also enforce the regex
checking against the VM name from Nova. Only those VM names matching
one of those regexes will be allowed.

A CLI option: --allowed_vm_names will be provided for the
L3 Policy create and update operations. This CLI option will accept
a comma separated string as the option value.

Change-Id: I4602919df9a0458eb255b93399c70f64dfeeb863
2016-10-12 17:58:34 -07:00
Sumit Naiksatam 45458220dd [apic-mapping] Fix table name for segmentation table
Change-Id: Id0e043f7cf4f2c90e2d9dea45580b3c99f2baef7
2016-10-11 14:39:34 -07:00
Robert Kukura 7dc9e64c94 [apic-aim] Fix unit tests for AIM update
Now that AIM keeps resources in PENDING state until AID actually
synchronizes them, as it should, the TestSyncState.test_*_synced tests
need to mock get_status to return the SYNCED state.

Also, a new attribute added to the AIM resources was breaking UTs for
the aim-mapping driver.  This new attribute does not need to be
validated and is fixed here.

Change-Id: I84f3181ba769c58773137b34f858888d939f3fcc
2016-10-10 23:14:02 -04:00
Robert Kukura 5c22a9fdc0 [apic_aim] Fixes and tests for apic:synchronization_state
Fix SYNC_* constants, log exceptions from extend_*_dict methods, and
add unit tests for apic:synchronization_state attribute.

Change-Id: I71af9da7ac4ec34a7ec0ebc41f6dc52fdca5248e
2016-10-09 18:28:05 -04:00
Sumit Naiksatam 77bc49a420 [aim-mapping] Preserve BD reference on PTG update
When updating the AIM EPG (on account of update to the corresponding PTG),
the attributes that are not being updated also need to be populated in the
AIM EPG resource before its passed to the AIM manager to perform the update
(since we perform update as a create operation with override option).

Change-Id: I9bbcfecea44a953204f8f4d2449fc7b96cd4d197
Closes-bug: 1631307
2016-10-07 03:11:51 -07:00
Sumit Naiksatam 0a9192f568 [aim-mapping] Fix PT create error in auto-ptg
The commit 6d56931196 introduced a
variation in the UUID of the "auto" PTGs implicitly created by the
apic_mapping policy driver. The API layer however was not made aware
of this variation and hence rejected this new UUID format when used
to create a policy target. This is fixed in this patch by allowing
the validation for this new UUID format with the regex:
auto[0-9a-f]{32}\Z

The auto PTG was also missing an implicit subnet for IP address allocation
to any PTs that are created in that PTG. This is also being fixed.

UTs have been added/updated to validate the above changes.

Change-Id: Idda35feb5c61587f3f014491768daecf03660ad9
Closes-bug: 1630923
2016-10-06 18:30:32 +00:00
Jenkins 1214bf325d Merge "[aim] Send default route for Neutron ports' RPC" 2016-10-06 06:48:09 +00:00
Ivar Lazzaro d45d31cad6
[aim] Send default route for Neutron ports' RPC
Change-Id: Ifb678a232ef0f07f4f74c88181d9aa04ecdcb578
2016-10-05 20:36:31 -07:00
Jenkins 703eeee752 Merge "[NFP] - Fixed nfp-proxy startup" 2016-10-05 00:57:44 +00:00
Ivar Lazzaro 8b983b4c06
[apic] make get_apic_manager compatible with both config options
Change-Id: I15a8ec8689ad64ab07cdbac215af84ebe99bbd32
2016-10-04 17:27:58 -07:00
dpaks 662fa280f2 [NFP] - Fixed nfp-proxy startup
Moved code where function arguments were getting wrongly
modified into a new function in proxy namespace-create script.

Change-Id: I9daeca42269b581ee20ac1831ba9236e9434b59c
2016-10-04 17:38:40 +05:30
Ivar Lazzaro 702a83e8dc
[aim] Set APIC domains on EPG creation
Change-Id: I45fa45c37e83502df21a877d2ceab8fb3f6c5836
2016-09-30 17:17:36 -07:00
Ivar Lazzaro 682504575a
[aim] GBP based RPC
Change-Id: I6e2ae06abe24f617bd6964d8d43d2d14b503c7e1
2016-09-30 11:33:49 -07:00
Robert Kukura 18a0972197 [apic_aim] Map neutron resources to AIM, part 5
Complete basic east/west routing. Enables routing on BDs of routed
networks and associates those BDs with the address scope's VRF if
applicable, or else with a per-tenant default routed VRF. The selected
VRF is exposed via the extended attributes of the Neutron network and
router resources.

Validation of routing topologies will be implemented in a follow-on
patch.

Change-Id: Ic7396e5ebbc466ea5be0028931b31bdbab9833e6
2016-09-30 06:14:23 -04:00
Rajendra Machani d5a7488e5f [NFP] - Fixed service management network interface netmask in nfp-proxy namespace
Netmask for service management network interface in the nfp-proxy namespace is set
with reference to service management network subnet CIDR.

Change-Id: I6e574f27acd12d0005c28405f96d474800c06982
2016-09-29 17:40:19 +00:00
Sumit Naiksatam 17227f5559 AIM Policy Driver - Part 6 - Add Router Interfaces
This patch adds interface for the PTG subnets to the default Router.
Corresponding UTs are added which check that the correct port is created for
the router interface.

A bug due to which the apic_aim_l3 was not getting set for the GBP aim_mapping
tests is also being fixed.

Change-Id: Ia8e96da15b2571491412c649af5a99261ceb8a84
2016-09-28 01:01:11 -07:00
Amit Bose 843566f9e7 [APIC-mapping] Fix device_id of port when using VLAN network
When VLAN networks are used instead of OpFlex,
additional networks and ports are created that mirror
the usual networks and ports. The device_id of the
VM's port is set to VM's UUID whereas the port that
mirrors had its device_id set to the PT UUID. This
latter value resulted in failure to lookup metadata
information for the VM.

This change ensures that the device_id for both the
VM port and its mirror stay in sync.

Closes-Bug: 1627915

Change-Id: Ibea325fbfa344acd9626d5e651297dd5e24297b6
Signed-off-by: Amit Bose <amitbose@gmail.com>
2016-09-26 20:39:56 -07:00
Ashutosh Mishra 81976cbb28 Fixes Unauthorized failure
As part of cross tenancy relaxation for nfp getting
services tenant id is failing in liberty with
Unauthorized failure. Added exception handling for
the failure and silently ignoring, moving in default path.

Change-Id: I7c3baa8a82a587a82ac86b416521ce4d62aac433
Closes-Bug: 1608616
2016-09-26 17:30:40 +00:00
Rajendra Machani 1a88760d5d NFP - Fixes to support openstack installation on stable/mitaka
This changeset,
(1) fixes the install configuration script and
(2) has a change to the NFP firewall plugin
to support stable/mitaka installation.

Change-Id: Ibaf5c997f5e80dbb1c7414c3841c2d9338501c74
2016-09-25 20:12:53 +00:00
Jenkins 7cde0d37ea Merge "[apic-mapping] Segmentation Label extension for PT" 2016-09-24 01:40:09 +00:00
Sumit Naiksatam 2cb02e2ea1 [apic-mapping] Segmentation Label extension for PT
This patch defines a new extension: cisco_apic_gbp_segmentation_label,
for the apic policy drivers. An extension attribute:
segmentation_labels, that extends the Policy Target definition, is
being introduced in this extension.

A corresponding extension driver: apic_segmentation_label, that processes
this extension, is also being added. This extension driver should be
configured for this extension to be available. The driver name should be
added to the existing list of extension drivers under:
[group_policy]
extension_drivers=<existing_ext_drivers>,apic_segmentation_label

The segementation_labels attribute is a list of strings. Each string can
be upto 255 characters long. These labels are not interpreted by GBP
but are instead passed downstream by the apic policy driver. It is
assumed that these are defined outside of OpenStack and the backend
system can appropriately interpret them.

The get_gbp_details() RPC call implemented by the apic policy driver
will return the segmentation_labels in its body if the
'segmentation_labels' attribute is populated for the policy_target.

A CLI option: --segmentation-labels will be provided for the
policy_target create and update operations. This CLI option will accept
a comma separated string as the option value.

Change-Id: I360bf9f7f1d4bdca76d4f16b7535a6416f430830
2016-09-23 16:04:43 -07:00
Ivar Lazzaro 8784548bce [apic_mapping] cast nat_epg_tenant to string before RPC answer
Closes-Bug #1626770

Change-Id: If0e0077f1e23c1cb2dd8a3ff444d2f7c61e16946
2016-09-22 17:48:06 -07:00
Robert Kukura a3ddd689bd [apic_aim] Map neutron resources to AIM, part 4
The apic_aim mechanism driver and L3 plugin map router interfaces to
AIM Subnets. The DNs and status of these subnets are exposed via
extended Neutron subnet attributes. If any subnets of a network are
attached as interfaces to a router, the network's default EPG provides
and consumes the router's Contract.

A seperate patch will manage the VRFs of routed networks, and will
reject invalid routing topologies, completing the basic east/west
routing functionality.

Another follow-on patch will additionally expose the AIM Subnets via
extended attributes of the router to with the corresponding Neutron
subnet is attached, and will likely include both the Neutron subnet
and router names in the AIM display name of the Subnet.

Change-Id: Id8aa749c2a590bf6d0548162483553edb8a3589d
2016-09-21 13:52:57 -04:00
Sumit Naiksatam 12ecb8458c [apic_mapping] APIC name usage error in Auto PTG
The apic_name of the shadow EPG was being added as is to the DB. The shadow EPG
object was actually a Apic_name class, and needed to be converted to a string
before adding to the apic mapping DB.

Change-Id: Id6299fbd0dd83b5295ccb27d4e287ac31c70c5f6
Closes-bug: 1624184
2016-09-15 19:44:51 -07:00
Jenkins c0c1d95aef Merge "Allow gate jobs to run on xenial" 2016-09-15 22:44:15 +00:00
Robert Kukura e382e7611f [apic_aim] Map neutron resources to AIM, part 3
Implements an L3 service plugin, apic_aim_l3, that, in conjunction
with the apic_aim mechanism driver, maps each Neutron router to an AIM
Contract and ContractSubject whose DNs and status are exposed via
extended attributes similar to those on the core Neutron resources. An
"any" Filter and FilterEntry are created per-tenant, and referenced in
this contract, allowing all traffic from EPGs providing and consuming
this contract to be routed.

The add_router_interface and remove_router_interface methods are stubs
that will be implemented in the next patch set. They will manage the
mapping of router interfaces to AIM Subnets, along with having the
default EPGs associated with those interfaces provide and consume the
router's Contract.

The corresponding GBP policy driver's extension is renamed
apic_aim_gbp for consistency with the apic_aim and apic_aim_l3
extensions at the Neutron level, and all extensions are now in the
gbpservice.neutron.extensions module.

The GBP policy driver's unit tests are updated to account for the
Filter and FilterEntry resources created by the mechanism driver.

The apic_aim unit tests wipe the AIM DB in tearDown, and use the
aci_integration_manager branch of the apicapi repo.

The GBP devstack plugin, when ENABLE_APIC_AIM=True, configures neutron
to use the apic_aim_l3 service plugin, and installs the
aci_integration_manager branch of the apicapi repo.

Change-Id: I1b7f0c80e66d55d58c27fe9e4cb461f62aec3c42
2016-09-15 14:56:52 -04:00
Jenkins ceebaff57d Merge "TrivialFix: Remove logging import unused" 2016-09-15 18:23:52 +00:00
Sumit Naiksatam 6d56931196 [apic-mapping] Automatic PTG per L2P
This change automatically creates a PTG per L2P. This PTG is created as a
reverse map of the "shadow" EPG that was already being created per L2P by
the apic_mapping policy driver.. We will henceforth refer to this PTG as
"auto" PTG.

The ID of the auto PTG is derived from the ID of the L2P as a MD5 hash
calculation (for uniqueness) and persisted in the format:
"auto<hash_of_l2p_id>". It is thus always possible to determine the ID of the
auto PTG from the ID of the L2P and no additional state needs to be maintained.

In order to maintain the reverse-mapping integrity between the shadow EPG and
the auto PTG, an entry is created in the apic name-mapping DB that maps the ID
of the auto PTG to the "apic-name" of the "shadow" EPG.

The initial name of the auto PTG is derived from the ID of the L2P to ease
debugging and troubleshooting, and takes the form: "auto-ptg-<l2p_id>". This
name is mutable (just like any other PTG). The apic_mapping driver does not
have any specical meaning for this name, and does not care about after it
implicitly sets it at the time of the auto PTG creation.

The auto PTG cannot be deleted by the end user and doing so will result in
an error.

The user can update the name, description, provided and consumed PRS for the
auto PTG, but cannot update any other attributes and doing so will result in
an error.

The shared status of the auto PTG is made consistent with the shared status
of the L2P (once set, it cannot be changed).

The auto PTG is deleted when the corresponding L2P is deleted (attempted in
the pre-commit phase).

To prevent forward mapping of the auto PTG to a new EPG, all above
operations are invoked on the GBP DB mixin (parent of the GBP plugin). This
ensures that the apic_mapping policy driver is not invoked for the create and
delete auto PTG operations during L2P creation and deletion.

The creation of the auto PTG is controlled by a configuration and is disabled
by default thus allowing this new feature to be turned ON only where needed.
All existing deployments should not see any change in behavior as long
as they choose not to turn ON this feature. This configuration is as follows:

[apic_mapping]
create_auto_ptg=<True or False>

As the commit title suggests, this is currently only a apic_mapping driver
specific feature. It may evolve to a GBP feature with a well defined auto PTG
attribute definition for the L2P (and/or accessor APIs). The convention used
for the Auto PTG name and the ID format could change as a part of this
evolution.

Change-Id: Ie132ace0fc9f78baa0034a6f30f2ee758bb271c0
2016-09-14 12:19:02 -07:00
Sumit Naiksatam 1f66fab248 Allow gate jobs to run on xenial
Currently platform check is preventing the gate job to run on Xenial.

Change-Id: I6be82caa25ed587561f234d52467832515e2226b
2016-09-12 11:52:16 -07:00
Nguyen Hung Phuong 7192cf36bd TrivialFix: Remove logging import unused
This patch removes logging import unused in
gbpservice/neutron/db/grouppolicy/group_policy_db.py
gbpservice/neutron/db/grouppolicy/group_policy_mapping_db.py
gbpservice/neutron/services/grouppolicy/drivers/extensions/proxy_group_driver.py
gbpservice/neutron/services/grouppolicy/drivers/neutron_resources.py
gbpservice/neutron/services/grouppolicy/group_policy_driver_api.py

Change-Id: I89db78a1fec1d710ff42c7f211ff79a788c629ab
2016-09-12 11:13:01 +07:00
Ashutosh Mishra adc1a2fe9f NFP -Added Cluster ID fix
Added cluster id in vip_pt, provider pt for
LB service.

Change-Id: I3388b482d3a5fe96aa64ebde2837130092351338
2016-09-11 23:10:41 +05:30
Jenkins 7f41e94f71 Merge "AIM Policy Driver - Part 5 - L3 Policies (implicit)" 2016-09-09 20:34:03 +00:00
Jenkins fb7251d8c9 Merge "NFP - Fixed stale resources issue" 2016-09-09 19:55:04 +00:00
Ashutosh Mishra d8eb90442d NFP - Fixed stale resources issue
Increased timeout for stack polling, to check for stack
status

Change-Id: Ice80c68c391023b12b8f34fe8883e9d18b6ee798
2016-09-09 23:50:39 +05:30
Jagadish Nadimpalli e9302b2148 NFP - Added APIC support and other fixes for V0 release installation.
- Added APIC support for installation
  - Added error handling while parsing plugin entries
  
  
Change-Id: I869aa289f78df2177a37a88c3b3ca2f8e4381ac1
2016-09-09 17:39:09 +00:00
Sumit Naiksatam bfbce56ef5 Add a gate job hooks for AIM job
This uses the devstack GBP plugin with ENABLE_APIC_AIM configuration
set to true.

These hooks will start getting invoked once a new gate job in enabled
in infra. This patch needs to be merged before the infra patch can be
posted.

Change-Id: Ib9c3cb287a357fbb2974e8a086f5d6edd19b5915
2016-09-08 11:58:13 -07:00
Sumit Naiksatam dd5eb2f3aa AIM Policy Driver - Part 5 - L3 Policies (implicit)
L3 Policy is mapped to Address Scope and Subnetpool. This patch implements
the implicit workflow to create these mapped resources.

Implements blueprint: address-scope-mapping

Change-Id: I4309ada6f26c23a11232a858ff4e36bd5d03e25a
2016-09-06 14:31:19 -07:00
Jenkins 7b00c95f56 Merge "Remove unused tools/tox_install.sh" 2016-09-01 19:39:39 +00:00
Ivar Lazzaro 4d1158e0c8 ptg attribute for sc enforcement
Add enforce_service_chains attribute to PTGs as part of the
proxy-group driver extension. When set to False, PTGs won't trigger
service chain creation even when providing a PRS with a redirect
rule.

Change-Id: I78fb098ec4092f2c2b43f0eb41f35ab2fd5e01d9
2016-09-01 01:26:59 +00:00