We no longer need to have SG and FIP API wrapper in api.network
as we only supports a single network back-end.
Completes blueprint drop-nova-network
Change-Id: I4e59d897508b497a3cd2ae2fda93b30b786610dc
The solution is trivial - to add @memoize decorator to the following
calls:
* api.neutron.subnet_list
* api.neutron.port_list
* api.network.tenant_floating_ip_list
* api.network.security_group_list
Closes-Bug: #1592940
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Ibc0d227e07adfcc18bd2d0ed114d1da0f4ff04ad
novaclient 8.0.0 dropped python bindings for security group and
floating IP. This commit drops security group and floating IP logics
from the nova API wrapper.
The following changes are made accordingly.
* Update unit tests to consume neutron test data
* Drop API unit tests for nova security group and floating IP
Partially implement blueprint drop-nova-network
Change-Id: I946c508d7a82162fc8434213e006513867b79350
This commit drops Nova security group dependency from
the dashboard implementation.
security group support in the nova API wrapper will be dropped
in a separate patch.
Also removes api.network.security_group_backend()
as it is no longer needed.
Partially implement blueprint drop-nova-network
Change-Id: I224010eb59068a7cc4f97c2453d499adde7644b4
Now system administrators have CRUD abilities to manage floating IP.
1.floating IP list table
2.allocate floating IP to specific tenant
3.release/delete floating IP
Partially implements blueprint: manage-ips
Partially implements blueprint: syspanel-floating-ip-list
Change-Id: Ie5ec59740887d3845b933b37e6e875dbf08a4918
Adds conditional block to nova quotas to exclude them if nova is not
enabled; adds 'permission' checks to the project overview and
access_and_security panels to only enable them if compute is enabled;
adds permission checks on compute and image to the admin overview
and metadef panels; disables 'modify quota' and 'view usage' project
actions; disables 'update defaults' if there are no quotas available.
The 'access and security' panel still appears (under Compute) but
tabs other than the keystone endpoint and RC download tab are hidden.
Closes-Bug: #1580116
Change-Id: I1b2ddee0395ad9f55692111604b31618c4eaf69e
Remove the redundant port_id from parameters of FloatingIpManager
disassociate function and the related.
Change-Id: I7425d654d9fee51b6b74e1cda888e12100a9cf3d
Closes-Bug: #1396050
In Neutron deployments some VM port can be unreachable from
external network and cannot be associated with floating IP.
It is confusing if these ports are listed in Floating IP
Associate form.
Change-Id: I2d8faf0dbf4490d198b883fe1becfd950b1b4d14
Closes-Bug: #1252403
If the config option 'enable_router' is set to False,
Floating IP features are disabled when Neutron is enabled.
It does not affect when Neutron is disabled.
It also adds unit tests for api.network.servers_update_addresses
which is affected by this change.
Completes blueprint hide-router-panel-by-config
Closes-Bug: #1292022
Change-Id: Ib63c6a0e7bb5661d4a60d10a1722fdad978b50bb
Remove vim setting:
comment - # vim: tabstop=4 shiftwidth=4 softtabstop=4
at the top of source code files, except for files in
openstack/common.
Change-Id: I9a5c6b17c6ef7ecec601f4503dfc7b31fc72e90a
Close-bug: #1229324
In the class FloatingIpManager, the function filters the
resulting list of ports with all available floating ips.
The function now returns the target ID of a port with a
floating IP associated to it. Added a new function to get
this to pass. In the next phase is to refactor the
floating ip api to allow a finer granularity. This will
be useful later for managing floating ips.
Change-Id: I02286dbbb60318b0157992622ffdeeae45a71bc1
Closes-Bug: 1265872
project/instances, admin/instances and the instance details page
all get networking information from Nova. However, with Neutron
enabled, floating IP associations are done direcly with Neutron,
meaning that Nova's DB will fall out of sync and thus the GUI
won't reflect successful floating IP associations until Nova
polls Neutron again and updates its DB. The polling can take
up to several minutes to complete for consecutive floating IP
operations.
The solution is to update instances' networking information from
Neutron immediately after the call to list Nova instances.
Closes-Bug: #1265032
Change-Id: I0382fa9a4a9fff21e7b4d05cd3b76783f826735f
We have a lot of import with #noqa that is there to ignore h302,
because it's traditional to import and use a name directly, instead
of a whole module. This hides other errors and gives people the
impression that it's actually fine to import non-modules, you just
have to slap #noqa on those lines.
I went through the code and identified about a dozen names that are
most commonly imported this way. I remove the #noqa tag from them,
and added them to the list in import_exceptions.
I also removed a few unused imports that were revealed in the process.
Change-Id: I27afb8e2b1d4759ec974ded9464d8f010312ee78
This commit removes enable_security_group from local_settings.py
and determines which security group API should be used (nova or
neutron).
Closes-Bug: #1227804
As described in bug 1203413, there is a case where Nova security group
with Neutron driver causes a problem. The type of 'name' attribute in
add_security_group_to_instance and remove_security_group_from_instance
depends on the backend, integer for nova security group driver and
UUID for quantum security group driver to make it work as expected.
enable_security_group config parameter produces a situation where
Nova security group with Neutron driver. We can avoid this situation
by removing this parameter when using Horizon.
Change-Id: I713c6ad166e142929f0a708e93a8fedb0de48640
Nova add/remove_security_group takes secgroup name instead of id.
Add api test for update_instance_security_group in api.nova.
Change the parameter name "new_sgs" of server_update_security_groups
to "new_security_group_ids" to clarify it takes ID as a parameter.
Based on the initial patch in https://review.openstack.org/#/c/39940
Change-Id: I8d9b6f5c22eee5adbaea51ce352483ab74f488f6
Closes-Bug: #1207184
make it possible to edit the name and description of
common security groups, we can not rename the default.
Fixes: bug #918393
Change-Id: I62ec1edc310fd5b3ffc2ad232e64c7090c1d38e4
This patch replaces some method imports with module imports and
makes H302 test enabled.
Fixes bug 1188531
Change-Id: Ibfbddeaa19cbbb244da58ffd5c918c41f03a0c65
blueprint quantum-security-group
Rule table view
* Add direction and ethertype columns (which are specific to Neutron)
It may be better to hide "Direction" and "Ether Type" columns
unless Quantum security group is enabled.
* Merge ip_protocol/from_port/to_port into one column for better view
* Use "::/0" for IPv6 ANY instead of "0.0.0.0/0"
* Rename "Source" column to "Remote".
(The naming "source" does not fit egress rules)
* Display security group name in the title of rule detail view
Rule creation form
* New arguments 'direction' and 'ethertype' in security_group_rule_create()
* Set the default value of 'direction' to 'ingress' in forms.handle()
* Rename 'ip_protocol' to 'rule_menu' and 'source' to 'remote'
Note that rule_menu is retrieved from rule.ip_protocol in the unit tests
since they are tests for custom TCP/UDP/ICMP rules.
Network abstraction layer for security group management
* Move security group methods to api.network
* Add Neutron security group API implementation
* Move base classes for network abstraction to a separate module
(api/network_base.py) to avoid circulated import between
api.network and api.nova/api.neutron
Add a configuration parameter to control Neutron security group support
* Neutron security group support is enabled when Neutron is enabled and
enable_security_group in OPENSTACK_NEUTRON_NETWORK in settings is True.
* Not all neutron plugins support security group, so we need a way
to control neutron security group is enabled or not.
* It can be determined by supported extension list from Neutron
and it is a possible future work.
Move get_int_or_uuid to openstack_dashboard/utils/filters.
* get_int_or_uuid is now used in security_group implementation as
well as floating IP logics.
* In addition the depth of the directory tree becomes longer and
it is hard to fit the import line in 80 chars.
It is a good chance to move it to a common directory.
Add __repr__ to API**Wrapper to make it easier to debug.
Limitations:
Neutron supports per-port security group. security groups can be
associated with a port instead of an instace and each port can have
a different set of security groups. It is not a scope of this BP
and is a future work.
Change-Id: I5410e88043a364596037b9ebcc566cd50b317614
Splits rule editing and rule creation out so that
rather than being on one modal form (which is dismissed
after taking any action on the rules) they are instead
contained in their own security group detail view, with
create/delete as their own discrete forms/actions which
return to that same view.
This also reworks the form to be more explicit and
user-friendly in terms of the various options provided,
making it more responsive, and making it better documented.
Incidentally fixes some problems in the documentation.
Implements blueprint security-group-rules.
Change-Id: I866dd4fe0c74148140422aab9172be4f496689a9
blueprint quantum-floating-ip
This commit allows OpenStack dashboard users to use Quantum floating
IP feature directly using Quantum API rather than Nova Proxy.
By this users can associates a floating IP per virtual NIC.
blueprint nova-net-quantum-abstraction
This commit defines an abstract class in api/network.py.
This class provides common interfaces related to network features
duplicated in Nova and Quantum. A concrete class to handle operations
should be defined in api/nova.py or api/quantum.py.
Change-Id: I780356a9f41e72e32ce1877d390ac7f99e96899c