The os-resource-classes lib is the official source of the standard
placement resource classes. Currently, the neutron-lib contains a copy
of those constants. However, they are already marked as deprecated and
are going to be removed with next major release.
Related-Bug: #1934256
Change-Id: I33ecd6f32410f9b7ab1e87a6640201ea157bc383
This is to make sure stateless-security-groups API extension works
for OVN. (The new ovsdbapp version contains support for
allow-stateless ACL verb.)
Change-Id: I812b7e8669bf1ef7b30a3670612d14bc65a93190
That will avoid problems with eventlet 0.31.0 version, as seen during
the requirements upgrade.
Change-Id: I9a6798a6b0438149af8190dc90c70f79735bb01d
Closes-Bug: #1930195
Since pyroute 0.6.2, this dependency is not needed anymore. The
pyroute version is bumped both in requirements and doc/requirements.
This patch bumps the pyroute2 version to 0.6.4 (newest version
provided in upper-requirements).
Change-Id: I627e902e32fe59c6829c3bc92af19abff4b70f9a
Related-Bug: #1928913
This version fixes the problem reported in LP#1929518 as described
in [1].
[1]acc82bff39
Change-Id: I894eb3524681a3abaca5eeca0aa47028e7f1ff44
Closes-Bug: #1929518
In order to broadly cover the issue described in the referred bug,
this patch sets a default timeout of 2 seconds in the
``ovs_idl.Backend.lookup`` method.
This timeout should cover most of the situations where the IDL local
cache update is delayed. This patch does not change the default
behavior, except it will not fail if the DB cache is synchronized
within 2 seconds.
If we don't pass the notify handler or the backend does not implement
one, in case of not finding the requested register, the method will
raise like before.
ovsdbapp library is bumped to version 1.10.0 to receive the change
that introduces the active wait in ``Backend.lookup`` and adds the
timeout parameter to the method signature.
Change-Id: Ib40eabd6a8e9d59896e0e20383d8061eb4b5c710
Related-Bug: #1922934
Two improvements are implemented in this method:
- Add a query limit number parameter. This parameter is used by
"NeutronDbObject.objects_exist" to limit the number of registers
retrieved to 1.
- Add a query field parameter. This is the name (string) of the
"obj_cls.fields" list. That will reduce the columns to be
retrieved to only one. To check the existence of a DB register,
there is not need to retrieve the full DB model including the back
references.
In case of not passing any value, the first "obj_cls.primary_keys"
value will be used instead.
Closes-Bug: #1925528
Change-Id: I9fd5e306e293102c366d89c01bbe8b13721d59b0
Fixed backref warning for two view only relationship defined in the
ORM, "QosNetworkPolicyBinding.port" and "Tag.standard_attr".
Change-Id: I7fcb1268f4fc637e7f39eae4fcde33f82cb9772c
Closes-Bug: #1925841
Oslo policy moved those parameters to the DeprecatedRule object in [1]
and deprecated it in DocumentedRule object.
To avoid many deprecation warnings e.g. in our tests, this patch moves
"deprecated_since" and "deprecated_reason" parameters to the
DeprecatedRule object.
That change requires also bump of the oslo_policy to the 3.7.0 version
as change [1] isn't available in oslo_policy 3.6.2.
Additionally this patch also changes simple string "Wallaby" to
oslo_log.versionutils constant.
[1] https://review.opendev.org/c/openstack/oslo.policy/+/766628
Change-Id: I3234e04f417171db0d90e3e70661cc69bff8a4b1
Since [1], the physical network VLAN ranges parser populates the
ranges for those entries without a defined range, allowing all
valid VLAN ranges ([1, 4094]).
Some VLAN driver tests, relying on the previous implementation,
considered that the physical network without a defined VLAN
range does not have segments to allocated (those segments
are created on the fly by
"SegmentTypeDriverallocate_fully_specified_segment).
Since [1], all physical network segments are stored in the
"ml2_vlan_allocations" table and set as non allocated.
This patch also reverts [2]. When the physical networks are defined
in "network_vlan_ranges", there is no distinction between tenant
and provided networks; the physical network segments are assigned
by the user. It is possible to create a provider network without
defining the segmentation ID, it will be provided by the Neutron
VLAN driver, if there are free segments for the required physical
network.
[1]https://review.opendev.org/c/openstack/neutron-lib/+/779515
[2]1376df7873c2ac77c256ab2fed928de41a2c1d58
Closes-Bug: #1919280
Related-Bug: #1918274
Related-Bug: #1649750
Change-Id: I191e020ddb97dcf8fb41139d35bfd699e125379b
Prior to oslo.policy version 3.6.2, the Enforcer() object would load and
update the deprecated rules for a check regardless of it already being
done.
A recent change to oslo.policy updated the Enforcer() to be smarter
about this case and it was released in oslo.policy version 3.6.2:
https://review.opendev.org/c/openstack/oslo.policy/+/773414
This became prevalent in neutron's usage of deprecated rules to update
their policies for secure RBAC personas since the Enforcer() object is
used extensively for APIs, resource, and attribute protection.
This should restore neutron's API performance to what it was prior to
the mass deprecation default policy rules.
Depends-On: https://review.opendev.org/c/openstack/requirements/+/774290
Closes-Bug: 1913718
Change-Id: Ia0e283f09c80605d6920843450b88cbc061996d5
The patch determines a table that should be used for the agent API
in the runtime, based on the current available schema. It means OVN
database can be updated or downgraded while neutron-server is running
and agents will always report its liveness based on currently available
tables.
Change-Id: I679945b68acf391901c8602fb1828c46cd1eec55
Closes-bug: #1901527
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Added a new port extension: device profile (``port_device_profile``).
This extension adds the "device_profile" parameter to the "port" API
and specifies the device profile per port. This parameter is a
string.
This parameter is passed to Nova and Nova retrieves the requested
device profile from Cyborg. Reference:
https://docs.openstack.org/api-ref/accelerator/v2/index.html#
device-profiles
For backwards compatibility, this parameter will be "None" by
default.
Closes-Bug: #1906602
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/767586
Change-Id: I1202a8388e64ae4270ef4ca118993504ae7c1731
In https://review.opendev.org/#/c/753824/ ovsdbapp adds the ability
to pass a "frozen" object to the RowEventHandler so that if a
transaction is started from the main thread that changes the row,
it won't step on the values that the Event is trying to process.
This patch switches to using the ovs_idl backend-specific
RowEventHandler which converts the row to a frozen_row.
Change-Id: I87489596e2ff224431f7e83f43a1725172ee0953
Related-Bug: #1896816
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc and tests.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I0dbb8484e749e645627756e88ec79c1b26a6414a
Bump astroid test requirement to 2.4.0
Older versions trigger an error on wrapt dependency:
https://github.com/PyCQA/astroid/issues/755
Bump pylint accordingly to new astroid
Fix some new PEP8 warnings appearing with new versions, and filter out
the larget I202 "Additional newline in a group of imports" one for now
Drop psutil from functional requirements, it indicated an old version
and we have it in common requirements now
Bump a series of lower-constraints and requirements to work with new pip
resolver, testing with steps outlined at:
http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019285.html
This includes eventlet 0.22.1, previous versions triggered a hard to
track error on enum34
Cap cryptography in lower-constraints to prevent discovery failure in
relevant job (other jobs have it capped via upper-constraints)
Change-Id: Ie74ea517a403e6e2a7a4e0a245dd20e5281339e8
Closes-Bug: #1907242
To implement proper scope checking, we need some updated libraries that
properly handle tokens and relay that information to the underlying
service. This commit updates the oslo.policy, oslo.context, oslo.log,
and keystonemiddleware requirements to versions that understand all the
various scopes so that we can update the default policies.
Partially-Implements blueprint: secure-bac-roles
Change-Id: I567c11152d27155ab4297cf7e6851965fb9f8516
"packaging.version" should be imported explicitly to avoid the
following error:
>>> import packaging
>>> packaging.version
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: module 'packaging' has no attribute 'version'
This patch also inclues "packaging" in the requirements file.
Change-Id: Ibd277e2fcc152fcf7c81ef7470e3beb0c668575c
Closes-Bug: #1904854
This reverts commit e92193d246c8ea30d42a064297bb7a1955c62a98.
With pecan 1.4.0 aodh and ceilometer has issues, so for now better to
revert this change.
Closes-Bug: #1894864
Change-Id: I32b667b9fcc8bd6909d58c8fb60797f961ab9b44
With older versions, lower-constraints job fails on Focal as seen in DNM
patch https://review.opendev.org/#/c/738163/
Change-Id: I05e0f3a3ad0abc02f97a89d63af9f58d5fa00549
Closes-Bug: #1894857
This patch implements in the OVN backend the existing floating
IP QoS extension.
The OVN client, using the existing QoS extension, will retrieve
the QoS rules attached to each floating IP, the router where the
floating IP lives and the router gateway port. The QoS rules
will be applied on the router gateway port.
The OVN NB QoS rules for floating IP addresses have a "match"
field containing a tuple of parameters:
- The direction of the flow:
'inport == "src"' or
'outport == "dst"'
- The IP address to match:
'ip4.src == 1.2.3.4' or
'ip4.dst == 1.2.3.4'
- The chassis where the port is located:
'is_chassis_resident("chassis")'
Closes-Bug: #1877408
Related-Bug: #1596611
Depends-On: https://review.opendev.org/#/c/727847/
Change-Id: Ib65d8edcb0a415f6d698c952334d3b4bb0d9fff6
In the spec we said:
"""
When the metadata proxy processes a request, it gathers the L2 addresses
of a VM, and the source interface, and passes it to the metadata service.
The Metadata service, instead of using the VM IP, uses the "VM MAC" and
"Gateway MAC" to identify the instance.
"""
But since we switched from the home-grown metadata-ns-proxy to haproxy
we no longer control some of the headers included, like X-Forwarded-For.
haproxy allows us to turn X-Forwarded-For on or off, but it cannot
give us an X-Forwarded-For-MAC header.
Instead it seems we have to rely on the source address being the IPv6
link local address generated from the NIC's MAC address as specified
in RFC 4291:
https://tools.ietf.org/html/rfc4291#section-2.5.6https://tools.ietf.org/html/rfc4291#appendix-A
Note that means you cannot use IPv6 Privacy Extensions:
https://tools.ietf.org/html/rfc4941
Change-Id: Ife592fcfc69e26f61ec1f45c06821cb025cc7cf2
Closes-Bug: #1460177
As seen in focal testing failure [1], lower constraints fail on
some packages (fixing one, another may appear). This bumps a series of
packages after local testing to pass on Focal.
Also sync requirements on these new versions
[1] https://review.opendev.org/#/c/734304/
Change-Id: I3abf86d90ed5cb1c4434746860b53c676eecbfd3
There's a fix in pecan 1.4 to handle accept headers that have
extra parameters included.
Closes-Bug: #1829042
Change-Id: Id7d78d77da8dfd1620936e437d862c1d60e8eb25
This new version contains [1]. The aim of this patch is to remove
any eventlet patch in the root daemon, trying to avoid the recurrent
evenlet timeout we detect in the CI jobs (mainly functional and
fullstack ones).
[1]https://review.opendev.org/#/c/740970/
Change-Id: Ide2081e8de032752c3aae940ed7d2a8380dd4b3d
Since [1], it's possible to specify the shared library to be used
when creating a Pyroute2 namespace context.
As commented in [2], "privsep" library makes use of eventlet to
implement multitasking. If the method executed returns the GIL,
nothing guarantees that the "eventlet" executor will return it
again to this task. This could lead to timeouts during the
execution of those methods.
From https://docs.python.org/3.6/library/ctypes.html#ctypes.PyDLL:
"Instances of this class behave like CDLL instances, except that
the Python GIL is not released during the function call, and
after the function execution the Python error flag is checked."
[1]https://github.com/svinota/pyroute2/issues/702
[2]https://review.opendev.org/#/c/717017/
Change-Id: I6c9f9adba8b4433cc96704bb69dd4e0d4b154ebd
Related-Bug: #1870352