26 Commits

Author SHA1 Message Date
Akihiro Motoki
9067ae8b0f Move SG and FIP API wrapper to api.neutron
We no longer need to have SG and FIP API wrapper in api.network
as we only supports a single network back-end.

Completes blueprint drop-nova-network

Change-Id: I4e59d897508b497a3cd2ae2fda93b30b786610dc
2017-06-04 17:51:25 +00:00
Timur Sufiev
6f982b3ead Fix duplicating <network_entity>_list() calls in api.network
The solution is trivial - to add @memoize decorator to the following
calls:
* api.neutron.subnet_list
* api.neutron.port_list
* api.network.tenant_floating_ip_list
* api.network.security_group_list

Closes-Bug: #1592940
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Change-Id: Ibc0d227e07adfcc18bd2d0ed114d1da0f4ff04ad
2017-05-24 11:28:27 +03:00
Akihiro Motoki
acd3f2a240 Drop novalclient security group and floating IP dependency
novaclient 8.0.0 dropped python bindings for security group and
floating IP. This commit drops security group and floating IP logics
from the nova API wrapper.

The following changes are made accordingly.

* Update unit tests to consume neutron test data
* Drop API unit tests for nova security group and floating IP

Partially implement blueprint drop-nova-network
Change-Id: I946c508d7a82162fc8434213e006513867b79350
2017-04-28 08:38:28 +00:00
Akihiro Motoki
07f964c42e Drop Nova security group dependency from dashboard
This commit drops Nova security group dependency from
the dashboard implementation.

security group support in the nova API wrapper will be dropped
in a separate patch.

Also removes api.network.security_group_backend()
as it is no longer needed.

Partially implement blueprint drop-nova-network

Change-Id: I224010eb59068a7cc4f97c2453d499adde7644b4
2017-04-28 08:28:41 +00:00
LIU Yulong
5c238e9117 Add floating IP panel to admin dashboard
Now system administrators have CRUD abilities to manage floating IP.
1.floating IP list table
2.allocate floating IP to specific tenant
3.release/delete floating IP

Partially implements blueprint: manage-ips
Partially implements blueprint: syspanel-floating-ip-list

Change-Id: Ie5ec59740887d3845b933b37e6e875dbf08a4918
2016-08-19 12:15:55 +08:00
Steve McLellan
018e99d20e Allow horizon to function without nova
Adds conditional block to nova quotas to exclude them if nova is not
enabled; adds 'permission' checks to the project overview and
access_and_security panels to only enable them if compute is enabled;
adds permission checks on compute and image to the admin overview
and metadef panels; disables 'modify quota' and 'view usage' project
actions; disables 'update defaults' if there are no quotas available.

The 'access and security' panel still appears (under Compute) but
tabs other than the keystone endpoint and RC download tab are hidden.

Closes-Bug: #1580116
Change-Id: I1b2ddee0395ad9f55692111604b31618c4eaf69e
2016-07-26 09:15:48 -05:00
LIU-Yulong
ec93149311 Remove port_id from floating ip disassociate
Remove the redundant port_id from parameters of FloatingIpManager
disassociate function and the related.

Change-Id: I7425d654d9fee51b6b74e1cda888e12100a9cf3d
Closes-Bug: #1396050
2014-12-01 17:26:51 +08:00
Akihiro Motoki
277c7bc737 Display only reachable IP as Floating IP association target
In Neutron deployments some VM port can be unreachable from
external network and cannot be associated with floating IP.
It is confusing if these ports are listed in Floating IP
Associate form.

Change-Id: I2d8faf0dbf4490d198b883fe1becfd950b1b4d14
Closes-Bug: #1252403
2014-10-01 05:55:06 +00:00
Akihiro Motoki
198c7dcd5f Show floating IPs from other projects of admin instance table
Change-Id: I36e1c7a3808994d1481463ed6b595506e579ae28
Closes-Bug: #1319669
2014-09-10 14:55:46 +09:00
Akihiro Motoki
936fc59aa8 Disable Floating IP features if Neutron router is disabled
If the config option 'enable_router' is set to False,
Floating IP features are disabled when Neutron is enabled.
It does not affect when Neutron is disabled.

It also adds unit tests for api.network.servers_update_addresses
which is affected by this change.

Completes blueprint hide-router-panel-by-config
Closes-Bug: #1292022
Change-Id: Ib63c6a0e7bb5661d4a60d10a1722fdad978b50bb
2014-08-30 05:12:27 +09:00
Akihiro Motoki
cc25bd6026 Remove per-feature extension check method in api/neutron
Change-Id: Ie1309d5a51e86a37c640e169d66c73724fc1c9ff
Closes-Bug: #1348075
2014-07-25 01:45:55 +09:00
He Yongli
e790ac070e Remove extraneous vim configuration comments
Remove vim setting:
comment - # vim: tabstop=4 shiftwidth=4 softtabstop=4

at the top of source code files, except for files in
openstack/common.

Change-Id: I9a5c6b17c6ef7ecec601f4503dfc7b31fc72e90a
Close-bug: #1229324
2014-05-06 15:30:10 +08:00
Jenkins
b41c1db812 Merge "Bug fix on neutron's API to return the correct target ID" 2014-02-23 23:19:03 +00:00
Jenkins
16a22952c5 Merge "Get instance networking information from Neutron" 2014-02-17 16:33:55 +00:00
George Peristerakis
86f8794490 Bug fix on neutron's API to return the correct target ID
In the class FloatingIpManager, the function filters the
resulting list of ports with all available floating ips.
The function now returns the target ID of a port with a
floating IP associated to it. Added a new function to get
this to pass. In the next phase is to refactor the
floating ip api to allow a finer granularity. This will
be useful later for managing floating ips.

Change-Id: I02286dbbb60318b0157992622ffdeeae45a71bc1
Closes-Bug: 1265872
2014-02-12 17:23:10 -05:00
Assaf Muller
715d6b8228 Get instance networking information from Neutron
project/instances, admin/instances and the instance details page
all get networking information from Nova. However, with Neutron
enabled, floating IP associations are done direcly with Neutron,
meaning that Nova's DB will fall out of sync and thus the GUI
won't reflect successful floating IP associations until Nova
polls Neutron again and updates its DB. The polling can take
up to several minutes to complete for consecutive floating IP
operations.

The solution is to update instances' networking information from
Neutron immediately after the call to list Nova instances.

Closes-Bug: #1265032
Change-Id: I0382fa9a4a9fff21e7b4d05cd3b76783f826735f
2014-01-26 11:46:18 +02:00
Radomir Dopieralski
028332da4a Remove #noqa from most common imports and add them to import_exceptions
We have a lot of import with #noqa that is there to ignore h302,
because it's traditional to import and use a name directly, instead
of a whole module. This hides other errors and gives people the
impression that it's actually fine to import non-modules, you just
have to slap #noqa on those lines.

I went through the code and identified about a dozen names that are
most commonly imported this way. I remove the #noqa tag from them,
and added them to the list in import_exceptions.

I also removed a few unused imports that were revealed in the process.

Change-Id: I27afb8e2b1d4759ec974ded9464d8f010312ee78
2014-01-07 12:26:35 +01:00
Jenkins
f443f5ddc7 Merge "Determine security group API dynamically" 2013-09-25 23:06:48 +00:00
Akihiro MOTOKI
6f1307e472 Determine security group API dynamically
This commit removes enable_security_group from local_settings.py
and determines which security group API should be used (nova or
neutron).

Closes-Bug: #1227804

As described in bug 1203413, there is a case where Nova security group
with Neutron driver causes a problem. The type of 'name' attribute in
add_security_group_to_instance and remove_security_group_from_instance
depends on the backend, integer for nova security group driver and
UUID for quantum security group driver to make it work as expected.

enable_security_group config parameter produces a situation where
Nova security group with Neutron driver. We can avoid this situation
by removing this parameter when using Horizon.

Change-Id: I713c6ad166e142929f0a708e93a8fedb0de48640
2013-09-23 13:49:02 +09:00
Akihiro MOTOKI
d1d0e465eb Fix Instance secgroup update error with Nova secgroup
Nova add/remove_security_group takes secgroup name instead of id.
Add api test for update_instance_security_group in api.nova.

Change the parameter name "new_sgs" of server_update_security_groups
to "new_security_group_ids" to clarify it takes ID as a parameter.

Based on the initial patch in https://review.openstack.org/#/c/39940

Change-Id: I8d9b6f5c22eee5adbaea51ce352483ab74f488f6
Closes-Bug: #1207184
2013-09-21 01:41:09 +09:00
Zhenguo Niu
e6606c192f Add update method of security group name and description
make it possible to edit the name and description of
common security groups, we can not rename the default.

Fixes: bug #918393

Change-Id: I62ec1edc310fd5b3ffc2ad232e64c7090c1d38e4
2013-08-28 10:34:06 +08:00
Tatiana Mazur
953d1b9793 Enable H302 check
This patch replaces some method imports with module imports and
makes H302 test enabled.

Fixes bug 1188531

Change-Id: Ibfbddeaa19cbbb244da58ffd5c918c41f03a0c65
2013-08-22 17:39:09 +04:00
Akihiro MOTOKI
695bf560c0 Neutron Security Group native support
blueprint quantum-security-group

Rule table view
* Add direction and ethertype columns (which are specific to Neutron)
  It may be better to hide "Direction" and "Ether Type" columns
  unless Quantum security group is enabled.
* Merge ip_protocol/from_port/to_port into one column for better view
* Use "::/0" for IPv6 ANY instead of "0.0.0.0/0"
* Rename "Source" column to "Remote".
  (The naming "source" does not fit egress rules)
* Display security group name in the title of rule detail view

Rule creation form
* New arguments 'direction' and 'ethertype' in security_group_rule_create()
* Set the default value of 'direction' to 'ingress' in forms.handle()
* Rename 'ip_protocol' to 'rule_menu' and 'source' to 'remote'
  Note that rule_menu is retrieved from rule.ip_protocol in the unit tests
  since they are tests for custom TCP/UDP/ICMP rules.

Network abstraction layer for security group management
* Move security group methods to api.network
* Add Neutron security group API implementation
* Move base classes for network abstraction to a separate module
  (api/network_base.py) to avoid circulated import between
  api.network and api.nova/api.neutron

Add a configuration parameter to control Neutron security group support
* Neutron security group support is enabled when Neutron is enabled and
  enable_security_group in OPENSTACK_NEUTRON_NETWORK in settings is True.
* Not all neutron plugins support security group, so we need a way
  to control neutron security group is enabled or not.
* It can be determined by supported extension list from Neutron
  and it is a possible future work.

Move get_int_or_uuid to openstack_dashboard/utils/filters.
* get_int_or_uuid is now used in security_group implementation as
  well as floating IP logics.
* In addition the depth of the directory tree becomes longer and
  it is hard to fit the import line in 80 chars.
  It is a good chance to move it to a common directory.

Add __repr__ to API**Wrapper to make it easier to debug.

Limitations:
Neutron supports per-port security group. security groups can be
associated with a port instead of an instace and each port can have
a different set of security groups. It is not a scope of this BP
and is a future work.

Change-Id: I5410e88043a364596037b9ebcc566cd50b317614
2013-07-12 21:03:40 +09:00
Mark McClain
84e054b200 update Quantum references to Neutron
implements bug: 1197208

Change-Id: I14de163ca3cf498f5cb738a4c09088bba1759488
2013-07-09 17:51:54 -04:00
Gabriel Hurley
cf09dd860f Improved security group rule editing.
Splits rule editing and rule creation out so that
rather than being on one modal form (which is dismissed
after taking any action on the rules) they are instead
contained in their own security group detail view, with
create/delete as their own discrete forms/actions which
return to that same view.

This also reworks the form to be more explicit and
user-friendly in terms of the various options provided,
making it more responsive, and making it better documented.

Incidentally fixes some problems in the documentation.

Implements blueprint security-group-rules.

Change-Id: I866dd4fe0c74148140422aab9172be4f496689a9
2013-02-16 21:20:21 -08:00
Akihiro MOTOKI
dbfcc97e89 Quantum Floating IP support
blueprint quantum-floating-ip

This commit allows OpenStack dashboard users to use Quantum floating
IP feature directly using Quantum API rather than Nova Proxy.
By this users can associates a floating IP per virtual NIC.

blueprint nova-net-quantum-abstraction

This commit defines an abstract class in api/network.py.
This class provides common interfaces related to network features
duplicated in Nova and Quantum. A concrete class to handle operations
should be defined in api/nova.py or api/quantum.py.

Change-Id: I780356a9f41e72e32ce1877d390ac7f99e96899c
2013-01-30 20:38:35 +09:00