This has now been removed and even prior to removal defaulted to True.
Change-Id: I847a873d833a4dbee96afa1d2726fea2b8045eeb
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.
Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Use the PUBLIC_NETWORK_NAME variable instead of hardcoding
it when setting the [ml2_type_flat]/flat_networks option.
Change-Id: I8bfc37089ec90eb06ee41d85744dad0f3f734c16
In lib/neutron-legacy, the Nova metadata host address is
un-quoted if it is IPv6, i.e. 2001:db8::1, not [2001:db8::1].
We should be doing the same in lib/neutron.
Change-Id: I80c96603a41ef9d289712ef15b464859aa9257be
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
Ironic's CI makes extensive use of VLAN based networking
and the newer neutron plugin hardcodes the tenant networking
type to vxlan which is naturally problematic. It also lacks the
ability to set the necessary constraints for vlan networking
which are added for vxlan networking.
This patch enables the type of tenant networking to be defined
as vlan, and enables for a physical network vlan range mapping
setting to be configured which is required for a vlan to be
allocated upon network creation.
Change-Id: I55874c1ce82898e9dfb81505d8f3b14abde33579
This patch enables ARP Responder with DVR routers along with
l2pop in devstack.
Related-Bug: #1774459
Change-Id: I82f628c32f6e38c2419b6ffe90d9f9adf96777b1
This function will now first filter out all "neutron-" strings from
DISABLED_SERVICES list before looking for "neutron" string in it.
Change-Id: I5cab6a3be553713e1257599fb72042c6001f2672
Close-Bug: #1824884
Current code assumes the variable is being set to either "True" or
"False", which will lead to weird errors if it is being set to something
like "true" instead.
Change-Id: I88983c9150efad882cd867c2d14d86ba6b2522c9
Neutron is in a process to migrate to policy-in-code.
DevStack needs to be able to handle both cases with and
without policy.json in the neutron repo.
Note that nova assumes neutron API access with admin
so user_name:neutron needs to be included in context_is_admin
to make DevStack work properly. Hopefully this can be cleanup
but this is a separate topic from policy-in-code.
Needed-By: https://review.openstack.org/#/c/585037/
Change-Id: Id1b0600d92e839ade1790a15c372e82e8e16ee9f
This reverts commit faaf96bfb15c5f4c45a72b149dc6fe1e1f907a71.
Ironic jobs were still using this option, it needs to be
switched to an alternative first.
Change-Id: I1683d7cfa81f5fe2497cc7045e87f8b20fed4968
The external_network_bridge option is deprecated/legacy and being
removed from neutron (see I07474713206c218710544ad98c08caaa37dbf53a).
This patch removes the external_network_bridge option iniset from
devstack scripts.
Change-Id: I4d9641cc9bb83719c9af1edabb89a63c4c2b1d96
This patch provides a new mechanism to deploy Neutron using
WSGI script. This also starts a Neutron RPC server process
when the Neutron API is loaded via a WSGI entry point to
serve the agents.
Co-Authored-By: Victor Morales <victor.morales@intel.com>
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Change-Id: I16a199b04858bfc03ef50d9883154dba8b0d66ea
Depends-On: https://review.openstack.org/#/c/580049/
Partially-implements: blueprint run-in-wsgi-server
The commit e95f2a36645b58b172855213cb8311a3486bfcd9 broke
networking-ovn (and potentially other ml2 drivers) by making the config
parameter mandatory. It doesn't need to be.
Change-Id: I0d5738ac3a6d27ddb7655835d77689409a6ff6f4
The nova-conductor service running in the cell
needs to be configured to talk to neutron for
things like deallocating networks during server
build failure. This changes the configure_neutron_nova
flows such that the top-level nova.conf is configured
as before, but we also configure each nova_cell*.conf
cell conductor config files to also be able to talk
to neutron.
Change-Id: Ic5e17298996b5fb085272425bb3b68583247aa34
Closes-Bug: #1777505
openvswitch firewall has been in Neutron tree since Newton and has gone
through lots of improvements since including simple upgrade path from
the iptables hybrid driver.
We have a tempest job running in Neutron tree with openvswitch firewall
that's been voting and stable for a while. For neutron_tempest_plugin,
we have had the openvswitch firewall in use since the beginning.
This patch proposes openvswitch firewall driver to become a default
driver for openvswitch agent deployments.
Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4
Since[1], "url" in the [neutron] section in nova.conf should no
longer be set.
[1]
6cde77ebba
Depends-On: https://review.openstack.org/548572
Related-Bug: #1752289
Change-Id: Ied6c155da9d51a25ba7a524e69d018d39ed3442c
Somehow this feature was lost in the transition
from q-svc to neutron-api. This patch does not
modify the default behavior but allows specifying
the flag to false to prevent devstack from creating
the public and private networks.
Change-Id: I952672496d007552c0c4d83db0d0df9be50326fc
Signed-off-by: Josh <jhershbe@redhat.com>
Added NEUTRON_DISTRIBUTED_ROUTING to more easily control DVR
configuration. If set to True, DVR will be enabled and the
default agent mode will be set to 'dvr_snat' since that works
with all types of routers by default. Advanced users can
override that by setting NEUTRON_DVR_MODE, for example in
multi-node configurations where different agent modes are
desired.
This should bring lib/neutron inline with lib/neutron-legacy
in supporting all the different DVR modes.
Change-Id: I9f25921eefc5b935aad3bb1edc5e41ee0ce43a84
This reverts commit ef5ebed6c9ca3d9d47fd2a732a1542555a0f65ba.
The problem here is a backwards-incompatible change to
configure_auth_token_middleware. Plugins are still passing a
"signing_dir" which is interpreted now as the "section" argument
... this leads to an interesting red-herring issue; because "v" is a
gnu sed command for checking the version, a signing_dir of "/var/..."
(as done in most plugins) gives the weird error:
sed: -e expression #1, char 32: expected newer version of sed
I think we'll either need a new function, or dummy arguments to get
this back in.
Change-Id: I2098d4eb2747282622cf486fa7dbf216f932f58b
PKI tokens have been actively deprecated from keystone and there are
deprecations being emitted from keystonemiddleware. Because of this we
no longer need an auth cache directory in the services where the PKI
certifcates used to be stored.
Remove the creation and use of all these AUTH_CACHE directories.
Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7
Otherwise neutron will fail to bind external ports because of missing
entries for external physical network in the mapping.
Configure it only when l3 agent is also installed on the node (otherwise
the l2 agent is not exposed to external network and hence doesn't have
the bridge).
Change-Id: I561b74538acb0dc39f1af3e832108ce6a99441b0
Various services are returning broken links when running behind
tls-proxy. These issues can be fixed by setting the X-Forwarded-Proto
header in the apache config and letting oslo_middleware parse it.
Change-Id: Ibe5dbdc4644ec812f0435f59319666fc336c195a
Partial-Bug: 1713731
We are trying to keep better track of what pieces of devstack consume
the most time. Add the db sync commands to the time tracking as they run
the database migrations which can take more time than expected.
Change-Id: Ib92f2b8304ccf703712d45fd7207444de3599e2d
The old implementation for is_$service_enabled simply checked if any of
the subservices were enabled and if so the service was considered to be
enabled. This makes disabling services complicated as it means you have
to list every single subservice which can and do change over time.
Instead also check if the generic service name is in the disabled
services list and if so don't treat the service as enabled.
Change-Id: I7fe4dfca2cd9c15069d50a04161a29c5638291cb
Both keystone and neutron didn't yet have systemd awareness for
setting up logging (i.e. drop the extra date / time stamps)
Change-Id: Ib442c603c9afb679676976c37c2c6122201ae846
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
When variables use the 'declare' directive, it is by default a local
variable. While other variables have global scope.
For example:
declare -A AN_ARRAY # local in scope
foo=1 # global in scope
This causes errors to occur as some of the variables will be local only
and others will be global.
Update the code, as appropriate, so that variables using the 'declare'
directive also include the '-g' flag to have them also be global. Not
every instance of a declared variable has been updated.
Closes-Bug: #1669509
Co-Authored-By: John L. Villalovos <john.l.villalovos@intel.com>
Change-Id: I2180b68fe861ad19c6d4ec0df0f9f8a528347862
