This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.
Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Some distros no longer ship brctl, iproute2 should be used
in its place. The linuxbridge agent plugin script was still
using it, as was worlddump, which generates this warning on
a failure:
Running devstack worlddump.py
/bin/sh: 1: brctl: not found
Conditionalizing worlddump based on whether brctl is installed
to make this go away.
Change-Id: Iafbf4038bab08c261d45d117b12d4629ba32d65e
We need to enable accept_ra before we enable forwarding, otherwise
existing addresses and routes may get dropped until the next RA is
received, possibly causing connection errors in the meantime.
Change-Id: I1fdeede59547de896ed89222ecf121fd9e6b810d
This patch enables ARP Responder with DVR routers along with
l2pop in devstack.
Related-Bug: #1774459
Change-Id: I82f628c32f6e38c2419b6ffe90d9f9adf96777b1
The bridge-utils package has been deprecated for some time now [1] and
'brctl' does not exist on some more recent distros like Fedora 28.
Replace references to brctl with the proper ip commands.
Calls to "brctl show" are not being replaced with calls to "bridge link"
because the output format is very different and in testing some bridges
were not listed. So the simpler method of consulting /sys/class/net is
used.
In worlddump.py we try running both because failures are handled
gracefully by _dump_cmd(), as well as "ip link show type bridge" for
additional info.
[1] https://lwn.net/Articles/703776/ for example
Change-Id: Ie4c8ad6ce4a09c38023c9e4ec7834c249403145f
Partial-Bug: #1801919
The version comparison introduced in
I5152f2585c3d4d18853988d6290039d6b1713b99 was broken, because it tried
to use bash's -lt operator for floating point comparison, but bash
only supports integer arithmetic.
So instead use devstack's vercmp() function.
Change-Id: I8aac71c5bb6c2e82479d62831ea0672ba6a9a534
This reverts commit faaf96bfb15c5f4c45a72b149dc6fe1e1f907a71.
Ironic jobs were still using this option, it needs to be
switched to an alternative first.
Change-Id: I1683d7cfa81f5fe2497cc7045e87f8b20fed4968
It turns out that a host can have multiple valid default gateways,
something that's not common in ipv4.
This patches add supports for multiple default gateways in ipv6
environments.
Closes-Bug: #1786259
Change-Id: I30bf655f7160dd19c427ee79acdf145671a3e520
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
The external_network_bridge option is deprecated/legacy and being
removed from neutron (see I07474713206c218710544ad98c08caaa37dbf53a).
This patch removes the external_network_bridge option iniset from
devstack scripts.
Change-Id: I4d9641cc9bb83719c9af1edabb89a63c4c2b1d96
The nova-conductor service running in the cell
needs to be configured to talk to neutron for
things like deallocating networks during server
build failure. This changes the configure_neutron_nova
flows such that the top-level nova.conf is configured
as before, but we also configure each nova_cell*.conf
cell conductor config files to also be able to talk
to neutron.
Change-Id: Ic5e17298996b5fb085272425bb3b68583247aa34
Closes-Bug: #1777505
openvswitch firewall has been in Neutron tree since Newton and has gone
through lots of improvements since including simple upgrade path from
the iptables hybrid driver.
We have a tempest job running in Neutron tree with openvswitch firewall
that's been voting and stable for a while. For neutron_tempest_plugin,
we have had the openvswitch firewall in use since the beginning.
This patch proposes openvswitch firewall driver to become a default
driver for openvswitch agent deployments.
Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4
There is currently a OVS 2.9.0 update in Tumbleweed that
fails to start as it is having a race with systemd on creating
the home directory. Workaround is to run it as root for now.
Change-Id: Ief610c6473834b02a1d644d8f50d11138a48e6e6
Allow users to auto-create a neutron non-flat providernet public network
and use it for external router interfaces. By default, keep the existing
flat network type behavior.
Change-Id: I64f71b0c9fcac97b9b84b7d30ee61659b2a690f1
The subnet-range parameter is only sent now if a valid value exists so
the command will not fail
Change-Id: I5296f5b59bc6d3d3db90a685a8678db9a156eece
Closes-Bug: #1718111
With XenServer we have two neutron-openvswitch-agent(q-agt, q-domua)
For the q-domua it is specific for XenServer, this patch is to move
the specific configurations to os-xenapi which we have devstack plugin
in that repo
Depends-On: Ic816404c84f6a8899d01a77cb67fbfb421653e6b
Change-Id: I8a31c81d9475387fe4ed7030b70b26098e588771
Add a missing --subnet-range argument when creating an ipv6 provider
network. Also changed SUBNET_V6_ID to IPV6_SUBNET_ID. And remove the
--ipv6-address-mode arg because it doesn't apply to subnets on routers.
Change-Id: I82796804a06e758e458606dc9eb400bcd08ad6e4
Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.
Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
Using the same name for two different subnet pools means that one needs
to reference them by their UUID. Choosing unique names will allow us to
use the name to reference the pool later on.
At the same time simplify the command used for pool creation by
instructing OSC to only output the value that we are interested in.
Change-Id: Idedcb6328925d44cdd0f415450ec4ebbc272401d
Since the empty value is the default for the option, and when explcitly
set in config file, it triggers a deprecation warning for the option,
avoid setting it unless we actually need to override the new default
value.
Change-Id: If423114d7a52da29b97d1fb473a955d9d69a1a3e
Those are not called by devstack anymore. This cleanup also gets rid of
code that attempts to set external_network_bridge to an empty value,
which triggers a deprecation warning for the option since it's going to
be removed in a next Neutron release.
Change-Id: I5adcbab877b4e8742522de81b1a85acfc33160d7
When cleanup devstack with linuxbridge, PUBLIC_BRIDGE should be
DOWN before trying to delete it.
Change-Id: I2d205cbe4d92a03ee5c376a23282d9880dd9a1df
Closes-Bug: #1662543
While configuring the external network as the default
router gateway for IPV6 in lib/neutron_plugins/services/l3,
"router" keyword is missing in the command.
Corrected the command.
Change-Id: I055bea5137a841f709d4865ec9a43d6b53f8f4c9
Closes-Bug: 1660712
The daemon mode of root helper for XenAPI has been implemented by
this change which has been merged to neutron:
https://review.openstack.org/#/c/390931/
It will help to import the performance. Let's enable this mode
by default in devstack.
Change-Id: I52246bef3e4434dfc49446535b122580bc475ac3
$ipv6_modes should always be passed when creating the
default IPv6 subnet, not just when fixed_range_v6 is
set. Without it the default was DHCPv6, which cirros
doesn't support out of the box. Was broken in
change-over from neutron to openstack cli.
Change-Id: Iadd39b1ce02fe0b3781bd3ae04adfd20d7e12d9f
Closes-bug: #1656098
Currently if PHYSICAL_NETWORK and PUBLIC_PHYSICAL_NETWORK are
same then duplicate entry is created in ml2_conf.ini like below:
flat_networks = public,public,
With this patch, if PHYSICAL_NETWORK and PUBLIC_PHYSICAL_NETWORK
are same then add only PHYSICAL_NETWORK to flat_networks in
ml2_conf.ini
Change-Id: Iae4d1ee3882f6d96b4e4abd52ecc673a620563b5
Closes-Bug: #1654148
Starting with SLE12 SP2 and with openSUSE Leap the distro-shipped
openvswitch is the normal systemd openvswitch.service service file
and no longer the older openvswitch-switch Sysv5 init script. Add
a special case for that.
Change-Id: I5152f2585c3d4d18853988d6290039d6b1713b99
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).
This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail. To avoid the issue, skip the bridge mappings setup unless L3 is
configured. This is done in a backward compatible fashion: if localrc
uses the old q-l3 tags, the is_service_enabled neutron-l3 would not be
able to succeed.
Closes-Bug: #1643562
Change-Id: I292ff0dc080fb84b5f879ba2f00f03eff295b55b
