The python-neutronclient has been deprecated for the CLI since Ocata and
the python bindings "neutronclient" has been deprecated for removal as
of the 2023.1 (Antelope) release[1] in favor of using openstacksdk.
This patch migrates Designate from using the neutronclient to using the
openstacksdk for communicating with neutron.
[1] https://docs.openstack.org/releasenotes/python-neutronclient/2023.1.html
Co-Authored-By: Michael Johnson <johnsomor@gmail.com>
Change-Id: I0198f38afe3d5c32ea06d9e674ab0ff849f360e6
Related-Bug: #1999774
The Werkzeug package was included in the designate requirements.txt, but it is
not used by designate.
This patch removes this requirement.
Change-Id: I29b1aba0e8aa455eed7977a5efe887f201963a3c
It appears we need to bump some minimum versions for changes made in Zed.
This patch sets:
alembic>=1.8.0
Change-Id: I3e3e1a4701c52003e4adf2738b1ca8598d4cae47
The current rootwrap.conf file is outdated and doesn't include some
parameters. This change updates the content to make it consistent with
the latest example file in oslo.rootwrap.
Change-Id: I5fe06cf99bb9787ec3afc67ab60a7330fe281513
Currently Designate is using sqlalchemy-migrate for database schema
migrations. sqlalchemy-migrate/migrate have been deprecated for some
time. This patch moves switches Designate to use Alembic for database
migrations.
Change-Id: I90ecb4d409b8b609b384997fa4cc9c65755409b3
This patch removes the 'netaddr' module from the Designate requirements list.
It replaces the use of netaddr in Designate with the python standard library 'ipaddress' module.
Change-Id: I2fb1549e1d6cbccf58c03810c7d74c8c378682d5
This patch moved the remaining RPC calls away from the
MDNS service to the Worker and re-worked them to better
match the patterns used in the Worker. This means that
the MDNS service now only handles incoming DNS queries.
In addition the metrics backend has been removed as it was
only used by the MDNS RPC implementation and the monascastatsd
implementation no longer serves a purpose.
Closes-Bug: #1978742
Closes-Bug: #1978743
Change-Id: I5ef106717546a201fd62a51adacd43495c148cd4
Oslo context has made some changes we rely on for changing "tenant" to "project_id". Bump the minimum version of oslo.context required.
Change-Id: I0afa1f94edbb493041ec7cd49c5d235cc2ea71d2
*) Add osprofiler wsgi middleware
This middleware is used for 2 things:
1) It checks that person who want to trace is trusted and knows
secret HMAC key.
2) It start tracing in case of proper trace headers and add
first wsgi trace point, with info about HTTP request
*) Add initialization of osprofiler at start of serivce.
You should use python-designateclient with this patch:
https://review.opendev.org/#/c/773575
Run any command with --os-profile SECRET_KEY
$ openstack zone create --email <email_id> <zone_name> \
--os-profile SECRET_KEY
# it will print <Trace ID>
Get pretty HTML with traces:
$ osprofiler trace show --html <Trace ID> --connection-string \
<connection_string> --out <output.html>
e.g. --connection-string can be redis://localhost:6379
Note that osprofiler should be run from admin user name & tenant.
Implements: blueprint designate-os-profiler
Change-Id: I2a3787b6428d679555a9add3a57ffe8c2112b6d3
Since 3.7.0, oslo policy started the DeprecationWarning[1] if
deprecated_reason and deprecated_since param are not passed
in DeprecatedRule or they are passed in RuleDefault object.
These warnings are logged for every test which increase the
log size and sometime can full the log buffer and fail the
job.
[1] https://github.com/openstack/oslo.policy/blob/3.7.0/oslo_policy/policy.py#L1538
Change-Id: I7034a70950b787f1cdbc510e88ab777957339ba7
md5 is not an approved algorithm in FIPS mode, and trying to
instantiate a hashlib.md5() will fail when the system is running in
FIPS mode.
md5 is allowed when in a non-security context. There is a plan to
add a keyword parameter (usedforsecurity) to hashlib.md5() to annotate
whether or not the instance is being used in a security context.
In the case where it is not, the instantiation of md5 will be allowed.
See https://bugs.python.org/issue9216 for more details.
Some downstream python versions already support this parameter. To
support these versions, a new encapsulation of md5() has been added to
oslo_utils. See https://review.opendev.org/#/c/750031/
In this case, md5 is used to calculate the hash of a database record
to ensure record uniqueness.
Change-Id: Ic2571caa71dc99c417ea0933d5d4947287cbe312
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I81e7ee3243af11ebb3589f530533731b87178a96
An updated pip version has shown multiple inconsistencies within
our lower constraints, so bump the affected versions.
Change-Id: I558e77dbba6abf64e6857d7f880104f0237dca1b
The changes following this one require `scope_types` which was added
in oslo.policy-1.32.0. Since version oslo.policy-1.30.0 was released
in late 2017 we should bump to at least oslo.policy-2.1.0 which was
released in late January 2019 bringing us a little closer to the
present time.
Change-Id: I02a2c42c0e1fceebbe6c81f8d674f62f90ee1670
Signed-off-by: Nicolas Bock <nicolas.bock@canonical.com>
In the event of a backend BIND server being unreachable for any reason,
rndc commands will persist for a very long time and can consume
significant resources. This can be seen when running devstack with
a pool configured to point at a bind server that doesn't exist - the
rndc process count can climb into the thousands.
An optional timeout has been added to rndc to alleviate this.
Change-Id: Idd61e79715b21fdd3249136cf68a7b9d3069c3f9
Related-Bug: 1896783
These translation sections are not needed anymore, Babel can
generate translation files without them.
Change-Id: Id54c22f820b1aa6315d721e354ce150c657bd4fd
The dnspython3 package is no longer needed as py3 support has been added
to dnspython, and dnspython3 just installs dnspython now as a
dependency.
Depends-on: https://review.opendev.org/#/c/726353/
Change-Id: Ic488ccebee6d3206d6b38eededbb27fcb46694a4
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Tox should be smart enough to figure out the correct python version on
its own, avoid having to follow-up for every new python release.
Change-Id: If515467fd4c9e678d54d4e8551b52611fec786ff
Make a few cleanups:
- Remove python 2.7 stanza from setup.py
- Add requires on python >= 3.6 to setup.cfg so that pypi and pip
know about the requirement
- Remove obsolete sections from setup.cfg:
* Wheel is not needed for python 3 only repo
* Some other sections are obsolete
- Update classifiers
- Update requirements, no need for python_version anymore
Change-Id: Ia739f33b3db2c15a8c2eb6143134587f31591cfd
- Ignore duplicate Zone error
- Handle error when contractId or gid is missed
- Ignore port for masters servers, because Akamai uses only 53 port and
does not allow to specify any port in list of masters servers.
- Added timeout and retries for soft Zone Delete
- Added handling errors on the delete zone action
- Added Log info message with RequestId on soft zone delete
- Added processing for TsigKey during creation zone
- Added devsatck_plugin for akamai_v2 backend
Depends-On: https://review.opendev.org/#/c/692819/4
Change-Id: Ib221f4cf0371e70fc6900582d826ffc1bdfc12b9
There is a regression bug in Bandit 1.6.0 that causes
the exclusions to get ignored.
Also allow jsonschema higher than 3, as this is no longer
allowed and causes the requirement check to fail.
Change-Id: I464b35f045aec6d22bfee9b35e229b02ee676280
This checks for duplicate entries in the service_statuses table
which will be an error after change
I307a8f7dd8b8a83effa447a846db3288efa32dba.
Related-Bug: 1768824
Story: 2003657
Task: 26127
Change-Id: Ie0350b034f0eb03749138aadd0951d30073214c0
Co-authored-by: Doug Hellmann <doug@doughellmann.com>
python3.7 and eventlet cause the `future.ThreadPoolExecutor` to hang
indefinitely. Moving to `futurist.GreenThreadPoolExecutor` allows the
`designate-worker` process to use native eventlet greenthreads, which bypasses
the hanging issue.
Closes-Bug: #1782647
Related-Bug: https://bugs.python.org/issue34173
Related-Bug: eventlet/eventlet#508
Change-Id: I36c79ca72635d81cfcc8d3cc87b1bc5e0657d9e8
Signed-off-by: Graham Hayes <gr@ham.ie>
Since keystone bumped the version of Flask in openstack/requirements,
the upper constraint is now equal to 1.0.2 that is not allowed by
the requirements.txt of designate.
If we change the designate requirements, we could use the same
version of Flask for both Keystone and Designate, helping
deployers.
Change-Id: Ic54ceebc1af5a9d74e415f7369e1d5bb19c6e915
We will manage the eventlet version using constraints now. See the
thread starting at
http://lists.openstack.org/pipermail/openstack-dev/2018-April/129096.html
for more details.
Amend lower constraints according to tools/fix-lower-constraints.py and
remove setuptools from requirements.txt to fix requirements job.
Change-Id: I4f336ce65904b5fde9b088a2624fb9196623e295
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This commit will migrate Zone and ZoneMaster objects
Co-authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Co-authored-By: Nguyen Van Trung <trungnv@vn.fujitsu.com>
Change-Id: I8a0b0868d25dacd3dabeb7e0436cfcf93b1e4cc7
Implements: blueprint designate-rolling-upgrade