This change:
1. Adds credmanager service which handles credentials for AWS drivers.
2. Adds support for managing multiple AWS accounts through use of credmanager. Each account is mapped to a single project in keystone.
3. Adds support for multiple AZs by running one nova-compute and cinder-volume process per AZ.
4. Improves support for AWS networking in neutron.
5. Also, made few stability fixes in GCP and Azure drivers.
Change-Id: I0f87005a924423397db659ab754caaa6cde90274
- Issue: When trying to delete network immediately after deleting VM,
throws "DependencyViolation" error. This is due to security group was
not getting deleted before deleting VPC
Change-Id: I8f1e642819188c56fddcfbb1337b2459c939e7f4
Description:
- Added unit test cases
- Fixed a bug which was throwing exception while creating resource group
in mech_azure.py
Change-Id: I4c96d96f96a0ac640407df5ff0d49937f2690fa3
Patch 1:
[General] Removed unused parameters from InstanceInfo
Many of unused parameters were removed from nova.virt.hardware.InstanceInfo in Pike.
Same was notified to OOT(Out of tree) drivers.
References:
[1] https://review.openstack.org/#/c/471146/6/nova/virt/hardware.py
[2] http://lists.openstack.org/pipermail/openstack-dev/2017-June/117962.html
Closes-Bug: #1717907
Patch 2:
[General] Remove l3_db.subscribe calls from router plugins
l3_db.subscribe has been deprecated from newton. Removing it
was recently disabled from pike release.
Refer bug description for more details.
Closes-Bug: #1718180
Change-Id: Ied1868736c4edb9da839d6d4b49aa1d98cbef251
Consolidating all python requirements required to run unit tests
in test-requirements.txt. Removed rest of all files.
Change-Id: Ifed7288e2b1d92fb180cb8c722578e9887f6f844
Operations Supported:
1. Operations of network, subnetworks, router
2. Fixed IP allocation to VM from tenant network
3. Assign, delete, remove floating ip
4. Security groups and security group rules
Change-Id: Ia38f37356852c50da5b65cb5c55d1e73ef4a8041
Implements: blueprint azure-support
Files modified:
- gce_mock.py: Changed line endings to 'unix'
- test_gce_router.py: Changed line endings to 'unix'
- test_ec2.py: Updated mocking for deleting and updating router
- aws_router_plugin.py: Added a fix when trying to remove router interface
Closes-Bug: #1715814
Change-Id: I8981e2e2207370d40bf786c7077ffc512755cc69
Files modified:
- aws_router_plugin.py: Fixed bugs encountered while running test cases
- run_tests.sh: Added support for running AWS test cases for Neutron
- omni-requirements.txt: Changed version of moto and added boto3 package
- test_ec2.py in Cinder and Nova: With latest moto version, '@mock_ec2'
is deprecated. Hence Cinder and Nova test cases were unable to mock
EC2 credentials. Hence used '@mock_ec2_deprecated' instead of '@mock_ec2'
Closes-Bug: #1708585
Change-Id: I51d2bb99ef7d13b75940df6bbb33475de4a4630d
The router plugin failed to create a valid nova
client and failed the floating IP associate API.
Change-Id: I8333deb06fc8d0358c0ddc41e768f390ea6be656
Closes-Bug: #1713820
Neutron by default adds two egress rules to security group creation
API calls. If we block egress rules, any type of security
group creation fails. So we just log warning in case of neutron egress
security group rules being not supported on GCE.
Switched to gce beta APIs as firewall group creation calls are deprecated
on v1 APIs. Firewall related call report error "feature not supported yet"
Change-Id: I7baded2df5b34239e2cf99ca49c9d6c8eba46294
Closes-bug: #1709002
Issues:
1. Security Group created using Openstack API, creates 2 outbound rules
(1 for IPv4 and 1 for IPv6) and no inbound rules. Hence the rule_dict
that was getting created contained same data for both outbound rules.
Hence while authorization of egress direction, it was throwing error
"ClientError: The same permission must not appear multiple times"
2. Since there are no inbound rules in security group, empty list was
passed to AuthorizeSecurityGroupIngress operation. Hence it was raising
"ClientError: Missing source specification: include source security group
or CIDR information".
3. While updating the security group which was created using API, I was
seeing error: "ClientError: Missing source specification: include source
security group or CIDR information" as there were no inbound rules.
Fixes:
1. Added a check for IPv4 ether type in "_convert_openstack_rules_to_vpc()"
2. Moved authorization for ingress inside if block
3. Added checks in "_update_sec_group()"
Closes-Bug: #1709545
Change-Id: I4e4acad4da3b095e7a8951abbfb94f1b0d9c7e41
Openstack Security Group should be validated if they are compatible
with GCE firewall rules. If not we should raise approriate error.
This fix processes security group info in BEFORE_RESPONSE event
of security group and rollbacks earlier created security group if
not compatible.
We can not use BEFORE_CREATE/PRECOMMIT_CREATE as they do not contain
required security group rules info.
Change-Id: I5f1fc67208085ef399f3dcfe5fdec63d4f2ffc51
Closes-bug: #1709002
Description:
Deleting network was raising an Exception
"AWS Error: 'NeutronError' - 'Required parameter id not set'"
Issue:
When VPC and Subnet are deleted, neutron core code notifies the change.
But since VPC is already deleted, "create_tags_for_vpc()" doesn't get
VPC ID. Hence it raises AWS Exception when it tries to create tags.
Neutron core code calls "update_network_precommit()" when notifying the
change which eventually calls "create_tags_for_vpc()"
Fix:
Added a check for VPC ID in "create_tags_for_vpc()"
Closes-Bug: #1709046
Change-Id: I6a94911e41bc194b98ddaf51cf9585ac3f4ed07e
1. Handle deprecated imports for Router Plugin
2. Define AwsException at one place
Change-Id: I2986934ef4a89fcc914ca3aebd33428565632810
Closes-Bug: #1708573
Creating gce client inside Neutron service start causes neutron-server
crash if service_key is not there at mentioned path. Neutron service
should not crash at start if service key is not there.
Change-Id: I8e0f8b150c60d55d71846face217d5213b5df9b7
Closes-Bug: #1707872
Issue:
- Classes used in gce_router_plugin.py are different on master and
stable/newton branch.
Example:
- In newton branch, we are importing "from neutron.db import l3_db"
and we are using this import as l3_db.Router. But on master branch,
l3_db doesn't have attribute "Router". Hence to solve this, we need
to import "from neutron.db.models import l3".
File Modified:
- neutron/neutron/services/l3_router/gce_router_plugin.py
Closes-Bug: #1702881
Change-Id: I4d872ee0034417cdf38e774d69d1acec7924cc17
Replaced "," with "%" in logs statement for files:
- cinder/volume/drivers/aws/ebs.py
- cinder/volume/drivers/gce/gceutils.py
- glance/glance_store/_drivers/aws.py
- neutron/neutron/common/gceutils.py
- neutron/neutron/plugins/ml2/drivers/gce/mech_gce.py
- neutron/neutron/plugins/ml2/managers.py
- neutron/neutron/services/l3_router/gce_router_plugin.py
- nova/virt/ec2/ec2driver.py
- nova/virt/gce/driver.py
- nova/virt/gce/gceutils.py
Added import fix in nova/tests/unit/virt/ec2/test_ec2.py
Modified run_tests.sh to get total number of passed and failed tests
Closes-Bug: #1704147
Change-Id: I4b144b8095cf9ff4807c4b9f4ca21577a43de27f
1.As mentioned in [1], we should avoid using six.iteritems to
achieve iterators. We can use dict.items instead, as it will
return iterators in PY3 as well. And dict.items/keys will more
readable.
2.In py2, the performance about list should be negligible, see
the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June
/066391.html
Change-Id: Ie875158b01666ac0b307492519146a8f005090bc
The i18n team has decided not to translate the logs because it
seems like it not very useful; operators prefer to have them in
English so that they can search for those strings on the internet.
cinder, nova, neutron and glance are removing i18n log translation
functions, once it release, it will cause omni build failed.
Related-Bug: #1701139
Change-Id: I090fde16602945035cbda66f0633371d3dfebd3c
Description:
1. Fixed file paths in Nova, Neutron according to actual Openstack repository.
2. tox.ini: init file to run to tox command
3. run_tests.sh: actual script to run unit tests
4. omni-requirements.txt: Contains Python packages from Nova, Glance, Neutron and Cinder
Usage:
To run unit tests, execute 'tox -epy27' command in Omni project directory.
Change-Id: Ife3a5d4c009198fb46faff7a21525dd739a87e9c
+ FIP error handling.
+++ Openstack will not error when deleting a non-present elastic ip.
+++ Error in fip creation on openstack side cleares elastic ip
+++ Remove FIP even when in use if elastic IP not found
+ Waiters for EC2 network object creation
+++ Waiter for VPC and subnets
+ Adding security group functionality
+++ Can create/modify and delete security groups for VPCs
+ Detach VPC from IG stability fixes
+++ Clear VPC routing table entires on VPC interface removal