374 Commits

Author SHA1 Message Date
Przemyslaw Szczerbik
2356f0eb87 Bump oslo.log to version 4.5.0
In this version versionutils were updated for Xena release.

Related-bug: #1922237
Change-Id: I89f52929cec067bbe55b183f5dcdbc64a92805de
2021-08-02 10:59:32 +02:00
Przemyslaw Szczerbik
26b06d246a Use os-resource-classes lib for resource classes names
The os-resource-classes lib is the official source of the standard
placement resource classes. Currently, the neutron-lib contains a copy
of those constants. However, they are already marked as deprecated and
are going to be removed with next major release.

Related-Bug: #1934256
Change-Id: I33ecd6f32410f9b7ab1e87a6640201ea157bc383
2021-07-07 09:33:54 +02:00
Zuul
8a1fdddc5c Merge "Bump minimal ovsdbapp version to 1.11.0" 2021-06-25 14:34:28 +00:00
LIU Yulong
2ea7d66216 Bump neutron-lib to 2.12.0
Related-bug: #1912460
Change-Id: If86e42c7c56bb0fc571d68818febf54a29a31aa2
2021-06-22 09:43:04 +08:00
Ihar Hrachyshka
8954b33576 Bump minimal ovsdbapp version to 1.11.0
This is to make sure stateless-security-groups API extension works
for OVN. (The new ovsdbapp version contains support for
allow-stateless ACL verb.)

Change-Id: I812b7e8669bf1ef7b30a3670612d14bc65a93190
2021-06-17 21:32:47 -04:00
Zuul
87fd945119 Merge "Bump os-ken to 2.0.0" 2021-06-11 01:15:48 +00:00
Zuul
fd80100437 Merge "Remove "mitogen" library installation from "docs" job" 2021-06-10 18:13:50 +00:00
Rodolfo Alonso Hernandez
e3bb98c7e7 Bump os-ken to 2.0.0
That will avoid problems with eventlet 0.31.0 version, as seen during
the requirements upgrade.

Change-Id: I9a6798a6b0438149af8190dc90c70f79735bb01d
Closes-Bug: #1930195
2021-06-10 14:45:58 +00:00
Zuul
b7299c1571 Merge "Bump alembic to 1.6.5" 2021-06-09 15:06:09 +00:00
Rodolfo Alonso Hernandez
a660f77d38 Remove "mitogen" library installation from "docs" job
Since pyroute 0.6.2, this dependency is not needed anymore. The
pyroute version is bumped both in requirements and doc/requirements.

This patch bumps the pyroute2 version to 0.6.4 (newest version
provided in upper-requirements).

Change-Id: I627e902e32fe59c6829c3bc92af19abff4b70f9a
Related-Bug: #1928913
2021-06-07 12:39:28 +00:00
Rodolfo Alonso Hernandez
6afdff8494 Bump lower version of evenlet to 0.25.1
That fixes the lower-constraints job with pyroute >=0.6.2.

Change-Id: I849d777903b10a809947f0564205deb73e668c3c
Closes-Bug: #1931098
2021-06-07 12:38:27 +00:00
Rodolfo Alonso Hernandez
c915b93e76 Bump alembic to 1.6.5
This version fixes the problem reported in LP#1929518 as described
in [1].

[1]acc82bff39

Change-Id: I894eb3524681a3abaca5eeca0aa47028e7f1ff44
Closes-Bug: #1929518
2021-06-07 08:23:18 +00:00
Rodolfo Alonso Hernandez
f9bda4b1e4 Set the default `Backend.lookup` timeout to 2 seconds
In order to broadly cover the issue described in the referred bug,
this patch sets a default timeout of 2 seconds in the
``ovs_idl.Backend.lookup`` method.

This timeout should cover most of the situations where the IDL local
cache update is delayed. This patch does not change the default
behavior, except it will not fail if the DB cache is synchronized
within 2 seconds.

If we don't pass the notify handler or the backend does not implement
one, in case of not finding the requested register, the method will
raise like before.

ovsdbapp library is bumped to version 1.10.0 to receive the change
that introduces the active wait in ``Backend.lookup`` and adds the
timeout parameter to the method signature.

Change-Id: Ib40eabd6a8e9d59896e0e20383d8061eb4b5c710
Related-Bug: #1922934
2021-05-17 07:46:02 +00:00
Zuul
b4812af4ee Merge "Improve "objects.db.api.count" method" 2021-04-29 17:31:15 +00:00
Rodolfo Alonso Hernandez
9911d414c6 Improve "objects.db.api.count" method
Two improvements are implemented in this method:
- Add a query limit number parameter. This parameter is used by
  "NeutronDbObject.objects_exist" to limit the number of registers
  retrieved to 1.
- Add a query field parameter. This is the name (string) of the
  "obj_cls.fields" list. That will reduce the columns to be
  retrieved to only one. To check the existence of a DB register,
  there is not need to retrieve the full DB model including the back
  references.
  In case of not passing any value, the first "obj_cls.primary_keys"
  value will be used instead.

Closes-Bug: #1925528

Change-Id: I9fd5e306e293102c366d89c01bbe8b13721d59b0
2021-04-28 07:50:56 +00:00
Rodolfo Alonso Hernandez
8b39060ddf Fix SQLAlchemy backref warnings for viewonly columns
Fixed backref warning for two view only relationship defined in the
ORM, "QosNetworkPolicyBinding.port" and "Tag.standard_attr".

Change-Id: I7fcb1268f4fc637e7f39eae4fcde33f82cb9772c
Closes-Bug: #1925841
2021-04-26 16:06:16 +00:00
Zuul
79452ab892 Merge "Bump neutron-lib to 2.10.1" 2021-03-24 01:23:40 +00:00
Zuul
793f147291 Merge "Move policy rules "deprecated_*" params to the DeprecatedRule" 2021-03-22 17:48:52 +00:00
Slawek Kaplonski
67a9f46d80 Move policy rules "deprecated_*" params to the DeprecatedRule
Oslo policy moved those parameters to the DeprecatedRule object in [1]
and deprecated it in DocumentedRule object.
To avoid many deprecation warnings e.g. in our tests, this patch moves
"deprecated_since" and "deprecated_reason" parameters to the
DeprecatedRule object.

That change requires also bump of the oslo_policy to the 3.7.0 version
as change [1] isn't available in oslo_policy 3.6.2.

Additionally this patch also changes simple string "Wallaby" to
oslo_log.versionutils constant.

[1] https://review.opendev.org/c/openstack/oslo.policy/+/766628

Change-Id: I3234e04f417171db0d90e3e70661cc69bff8a4b1
2021-03-18 21:31:56 +01:00
Slawek Kaplonski
c3427ca292 Bump neutron-lib to 2.10.1
Change-Id: I48a66b434bea7f7551f9631982eef70a2df369b3
2021-03-18 10:09:23 +01:00
Rodolfo Alonso Hernandez
f628905279 Fix VLAN driver tests
Since [1], the physical network VLAN ranges parser populates the
ranges for those entries without a defined range, allowing all
valid VLAN ranges ([1, 4094]).

Some VLAN driver tests, relying on the previous implementation,
considered that the physical network without a defined VLAN
range does not have segments to allocated (those segments
are created on the fly by
"SegmentTypeDriverallocate_fully_specified_segment).

Since [1], all physical network segments are stored in the
"ml2_vlan_allocations" table and set as non allocated.

This patch also reverts [2]. When the physical networks are defined
in "network_vlan_ranges", there is no distinction between tenant
and provided networks; the physical network segments are assigned
by the user. It is possible to create a provider network without
defining the segmentation ID, it will be provided by the Neutron
VLAN driver, if there are free segments for the required physical
network.

[1]https://review.opendev.org/c/openstack/neutron-lib/+/779515
[2]1376df7873c2ac77c256ab2fed928de41a2c1d58

Closes-Bug: #1919280
Related-Bug: #1918274
Related-Bug: #1649750

Change-Id: I191e020ddb97dcf8fb41139d35bfd699e125379b
2021-03-16 15:43:33 +00:00
Zuul
47eecd9b67 Merge "Use agent chassis table based on schema" 2021-02-21 14:31:31 +00:00
Slawek Kaplonski
86c03faa23 Bump neutron-lib to 2.9.0
Change-Id: Ifbb368d4e4c497079a3c3d7a8b9ca0df43bee65d
2021-02-16 12:21:35 +01:00
Lance Bragstad
924c40975a Bump oslo.policy to 3.6.2
Prior to oslo.policy version 3.6.2, the Enforcer() object would load and
update the deprecated rules for a check regardless of it already being
done.

A recent change to oslo.policy updated the Enforcer() to be smarter
about this case and it was released in oslo.policy version 3.6.2:

  https://review.opendev.org/c/openstack/oslo.policy/+/773414

This became prevalent in neutron's usage of deprecated rules to update
their policies for secure RBAC personas since the Enforcer() object is
used extensively for APIs, resource, and attribute protection.

This should restore neutron's API performance to what it was prior to
the mass deprecation default policy rules.

Depends-On: https://review.opendev.org/c/openstack/requirements/+/774290
Closes-Bug: 1913718
Change-Id: Ia0e283f09c80605d6920843450b88cbc061996d5
2021-02-15 11:08:56 +00:00
Jakub Libosvar
da8e655963 Use agent chassis table based on schema
The patch determines a table that should be used for the agent API
in the runtime, based on the current available schema. It means OVN
database can be updated or downgraded while neutron-server is running
and agents will always report its liveness based on currently available
tables.

Change-Id: I679945b68acf391901c8602fb1828c46cd1eec55
Closes-bug: #1901527
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2021-02-09 12:38:33 +00:00
Rodolfo Alonso Hernandez
8912ea5575 Add port device profile extension
Added a new port extension: device profile (``port_device_profile``).
This extension adds the "device_profile" parameter to the "port" API
and specifies the device profile per port. This parameter is a
string.

This parameter is passed to Nova and Nova retrieves the requested
device profile from Cyborg. Reference:
  https://docs.openstack.org/api-ref/accelerator/v2/index.html#
    device-profiles

For backwards compatibility, this parameter will be "None" by
default.

Closes-Bug: #1906602
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/767586

Change-Id: I1202a8388e64ae4270ef4ca118993504ae7c1731
2021-01-22 16:17:30 +00:00
Zuul
fe61e29fd1 Merge "[goal] Deprecate the JSON formatted policy file" 2021-01-19 16:31:51 +00:00
Terry Wilson
ab6d4afd95 Avoid race condition when processing RowEvents
In https://review.opendev.org/#/c/753824/ ovsdbapp adds the ability
to pass a "frozen" object to the RowEventHandler so that if a
transaction is started from the main thread that changes the row,
it won't step on the values that the Event is trying to process.

This patch switches to using the ovs_idl backend-specific
RowEventHandler which converts the row to a frozen_row.

Change-Id: I87489596e2ff224431f7e83f43a1725172ee0953
Related-Bug: #1896816
2021-01-10 05:13:34 +00:00
Ghanshyam Mann
fe413fe01d [goal] Deprecate the JSON formatted policy file
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:

1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.

2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.

Also replace policy.json to policy.yaml ref from doc and tests.

[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html

Change-Id: I0dbb8484e749e645627756e88ec79c1b26a6414a
2021-01-08 09:10:49 +00:00
Rodolfo Alonso Hernandez
a6dbf97242 Deprecate XenAPI support
The configuration options are now marked as deprecated for
removal in X release.

Any related code is deleted. Neutron does not support XenAPI,
same as Nova [1][2].

[1]https://review.opendev.org/#/c/749304/
[2]https://review.opendev.org/#/c/749309/

Change-Id: Ifdb2200a5dac3508fdf8907bdd1f4547dff35341
Story: #2007686
Task: #41269
2020-12-09 20:15:39 +00:00
Bernard Cafarelli
8d6c301301
Update requirements for recent pip failures
Bump astroid test requirement to 2.4.0
Older versions trigger an error on wrapt dependency:
https://github.com/PyCQA/astroid/issues/755

Bump pylint accordingly to new astroid

Fix some new PEP8 warnings appearing with new versions, and filter out
the larget I202 "Additional newline in a group of imports" one for now

Drop psutil from functional requirements, it indicated an old version
and we have it in common requirements now

Bump a series of lower-constraints and requirements to work with new pip
resolver, testing with steps outlined at:
http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019285.html
This includes eventlet 0.22.1, previous versions triggered a hard to
track error on enum34
Cap cryptography in lower-constraints to prevent discovery failure in
relevant job (other jobs have it capped via upper-constraints)

Change-Id: Ie74ea517a403e6e2a7a4e0a245dd20e5281339e8
Closes-Bug: #1907242
2020-12-09 13:17:51 +01:00
Slawek Kaplonski
e55f5e136b Bump requirements to perpare for secure RBAC
To implement proper scope checking, we need some updated libraries that
properly handle tokens and relay that information to the underlying
service. This commit updates the oslo.policy, oslo.context, oslo.log,
and keystonemiddleware requirements to versions that understand all the
various scopes so that we can update the default policies.

Partially-Implements blueprint: secure-bac-roles

Change-Id: I567c11152d27155ab4297cf7e6851965fb9f8516
2020-12-03 21:21:47 +00:00
Rodolfo Alonso Hernandez
fd335b4037 Import packaging.version explicitly
"packaging.version" should be imported explicitly to avoid the
following error:
  >>> import packaging
  >>> packaging.version
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
  AttributeError: module 'packaging' has no attribute 'version'

This patch also inclues "packaging" in the requirements file.

Change-Id: Ibd277e2fcc152fcf7c81ef7470e3beb0c668575c
Closes-Bug: #1904854
2020-11-19 10:17:24 +00:00
Rodolfo Alonso Hernandez
aa2f058701 Implement "get_process_count_by_name" natively
Use Python native libraries instead of shell calls.

Closes-Bug: #1900269

Change-Id: If6eafb7f5f26ab127ab5432ce85096d052a20b0c
2020-10-19 10:21:54 +00:00
Slawek Kaplonski
b965b1ec4c Bump neutron-lib to 2.6.1
Change-Id: I367dbcc4e6ca1f14a6c304686326f8c24914c048
2020-10-05 15:42:43 +02:00
Zuul
a9fc746249 Merge "[OVN] Implement floating IP QoS in OVN backend" 2020-10-05 11:02:29 +00:00
Lajos Katona
7e116fe70e Revert "Updating the pecan version requirement"
This reverts commit e92193d246c8ea30d42a064297bb7a1955c62a98.

With pecan 1.4.0 aodh and ceilometer has issues, so for now better to
revert this change.
Closes-Bug: #1894864

Change-Id: I32b667b9fcc8bd6909d58c8fb60797f961ab9b44
2020-09-15 16:40:17 +02:00
elajkat
53625d0bcc Bump neutron-lib version to 2.6.0
Change-Id: I8103a4f352c8be225d352082b6f59ae9e4a244b7
2020-09-11 06:18:31 +02:00
Bernard Cafarelli
db4ff00175
Bump eventlet/oslo.messaging requirements
With older versions, lower-constraints job fails on Focal as seen in DNM
patch https://review.opendev.org/#/c/738163/

Change-Id: I05e0f3a3ad0abc02f97a89d63af9f58d5fa00549
Closes-Bug: #1894857
2020-09-08 17:41:01 +02:00
Zuul
d3c939e88a Merge "Bump some lower constraints for Focal migration" 2020-09-06 12:55:32 +00:00
Rodolfo Alonso Hernandez
e7e71b2ca6 [OVN] Implement floating IP QoS in OVN backend
This patch implements in the OVN backend the existing floating
IP QoS extension.

The OVN client, using the existing QoS extension, will retrieve
the QoS rules attached to each floating IP, the router where the
floating IP lives and the router gateway port. The QoS rules
will be applied on the router gateway port.

The OVN NB QoS rules for floating IP addresses have a "match"
field containing a tuple of parameters:
- The direction of the flow:
    'inport == "src"' or
    'outport == "dst"'
- The IP address to match:
    'ip4.src == 1.2.3.4' or
    'ip4.dst == 1.2.3.4'
- The chassis where the port is located:
    'is_chassis_resident("chassis")'

Closes-Bug: #1877408
Related-Bug: #1596611
Depends-On: https://review.opendev.org/#/c/727847/

Change-Id: Ib65d8edcb0a415f6d698c952334d3b4bb0d9fff6
2020-09-01 07:27:48 +00:00
Bence Romsics
a818c41c25 metadata-ipv6: Accept link local address in X-Forwarded-For
In the spec we said:
"""
When the metadata proxy processes a request, it gathers the L2 addresses
of a VM, and the source interface, and passes it to the metadata service.

The Metadata service, instead of using the VM IP, uses the "VM MAC" and
"Gateway MAC" to identify the instance.
"""

But since we switched from the home-grown metadata-ns-proxy to haproxy
we no longer control some of the headers included, like X-Forwarded-For.
haproxy allows us to turn X-Forwarded-For on or off, but it cannot
give us an X-Forwarded-For-MAC header.

Instead it seems we have to rely on the source address being the IPv6
link local address generated from the NIC's MAC address as specified
in RFC 4291:
https://tools.ietf.org/html/rfc4291#section-2.5.6
https://tools.ietf.org/html/rfc4291#appendix-A

Note that means you cannot use IPv6 Privacy Extensions:
https://tools.ietf.org/html/rfc4941

Change-Id: Ife592fcfc69e26f61ec1f45c06821cb025cc7cf2
Closes-Bug: #1460177
2020-08-31 13:02:49 +02:00
Bernard Cafarelli
671c3978a1
Bump some lower constraints for Focal migration
As seen in focal testing failure [1], lower constraints fail on
some packages (fixing one, another may appear). This bumps a series of
packages after local testing to pass on Focal.

Also sync requirements on these new versions

[1] https://review.opendev.org/#/c/734304/

Change-Id: I3abf86d90ed5cb1c4434746860b53c676eecbfd3
2020-08-27 09:27:45 +02:00
Zuul
bf23b9c4bf Merge "Updating the pecan version requirement" 2020-08-21 02:35:09 +00:00
Slawek Kaplonski
95247da614 Bump neutron-lib version to 2.5.0
Change-Id: I29136a58472e3156fc0a0407976d1a03b51aeb85
2020-08-11 21:20:18 +00:00
Dan Radez
e92193d246 Updating the pecan version requirement
There's a fix in pecan 1.4 to handle accept headers that have
extra parameters included.

Closes-Bug: #1829042
Change-Id: Id7d78d77da8dfd1620936e437d862c1d60e8eb25
2020-08-11 14:45:07 +00:00
Zuul
77e9a52e52 Merge "Specify C shared library in Pyroute2 namespace context" 2020-08-07 06:26:22 +00:00
Rodolfo Alonso Hernandez
ce1eebbf57 Bump oslo.privsep to 2.3.0
This new version contains [1]. The aim of this patch is to remove
any eventlet patch in the root daemon, trying to avoid the recurrent
evenlet timeout we detect in the CI jobs (mainly functional and
fullstack ones).

[1]https://review.opendev.org/#/c/740970/

Change-Id: Ide2081e8de032752c3aae940ed7d2a8380dd4b3d
2020-08-04 10:45:19 +00:00
Zuul
08863de754 Merge "Remove "six" library" 2020-07-30 00:35:59 +00:00
Rodolfo Alonso Hernandez
68e5e1b8fe Specify C shared library in Pyroute2 namespace context
Since [1], it's possible to specify the shared library to be used
when creating a Pyroute2 namespace context.

As commented in [2], "privsep" library makes use of eventlet to
implement multitasking. If the method executed returns the GIL,
nothing guarantees that the "eventlet" executor will return it
again to this task. This could lead to timeouts during the
execution of those methods.

From https://docs.python.org/3.6/library/ctypes.html#ctypes.PyDLL:
  "Instances of this class behave like CDLL instances, except that
   the Python GIL is not released during the function call, and
   after the function execution the Python error flag is checked."

[1]https://github.com/svinota/pyroute2/issues/702
[2]https://review.opendev.org/#/c/717017/

Change-Id: I6c9f9adba8b4433cc96704bb69dd4e0d4b154ebd
Related-Bug: #1870352
2020-07-29 12:28:46 +00:00