This change is adding required configuration in neutron.conf
to set the lock_path parameter, which was missing in
compute-install-ubuntu.rst
Change-Id: If090bdf060dfe21d11b1a5dfd010dc8167d9e45e
Closes-Bug: #1796976
(cherry picked from commit f4d438019e)
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I90b6bdb240f2c5b8ec6a23e6facaf40013adfd3d
Oslo_concurrency needs lock_path option, make it consistent in
documentation for Suse, Redhat and Ubuntu installation guides.
Change-Id: Ib675d7bf399f2aa7eba9d343fa0f06281d33089a
Related-Bug: #1796976
Closes-Bug: #1812497
(cherry picked from commit 534e850392)
(cherry picked from commit 573b0be3e8)
The functionality allowing to disable DNS server announcement from the
DHCP agent for certain subnets was introduced in [0]. We should mention
this feature in the corresponding documentation.
[0] https://review.openstack.org/495781
Change-Id: I4adfa7ba789a59f967297ebb6c571deb0652c7ca
Related-Bug: 1311040
(cherry picked from commit 698e6d475c)
There was missing step about adding underlying interface to the
provider bridge in ovs deployment guides.
This patch adds this missing step.
Change-Id: I2ef5f12c469647d7f197cb5db71692e68d23f718
Closes-Bug: #1801361
(cherry picked from commit f4089680b5)
Nova does not currently support attaching SR-IOV ports to
existing instances, you can only create a server with an
SR-IOV port at this time. This adds an item about that
limitation to the SR-IOV admin docs.
Change-Id: I0a954de724384a81cb45446da20fa6b17d4bd63a
Related-Bug: #1708433
(cherry picked from commit 60a9248b17)
(cherry picked from commit 7859941647)
This change is a follow-up to Ib6ced838a7ec6d5c459a8475318556001c31bdf,
reintroducing a single place for applying the NORMAL action to
egress traffic, which is necessary to fix a regression introduced
by Ib6ced838a7ec6d5c459a8475318556001c31bdf.
Change-Id: I60d299275effd9ef35c8007773d3c9fcabfa50fa
Partial-Bug: 1789878
(cherry picked from commit 9feb5db61c)
Currently, we cannot get ACCEPT packet log because there are some
changed related to ovs firewall code since ovs firewall logging has
been merged.
Regarding to performance perspective, we only log first accepted packet.
So we only need to forward first accepted packet of each connection
session to table 91 and table 92.
So this patch fixes these issues.
Closes-Bug: #1782576
Change-Id: Ib6ced838a7ec6d5c459a8475318556001c31bdf0
(cherry picked from commit ced78395a7)
This change updates the auth_url value to match what has changed
in the keystone install guide:
https://review.openstack.org/#/c/541857/
Change-Id: I97356b31af35ef19d02b9f0c0a57cbde16752c65
(cherry picked from commit e1761d2e29)
Closes-bug: #1783306
There is no place in the documentation that explicitly lists the valid
DSCP marks, except for an incomplete hint in the DSCP spec in
neutron-specs. This provides an explicit list.
Change-Id: Ic350c88e59c33d98b54086707c9add05cf137dc2
Closes-Bug: #1781915
(cherry picked from commit b935f9d9a7)
In case where Neutron logical port is placed directly to hypervisor,
hypervisor does a conntrack lookup before packets reach OVS integration
bridge. This patch introduces a rule with high priority that is placed
at the beginning of the egress pipeline. This rule removes conntrack
information from all packets if conntrack information is present. Then
packets continue in the egress pipeline.
That means all packets in egress pipeline are not tracked and ovs
firewall can do a lookup in correct zone. As for ingress pipeline, it
distinguishes between tracked - which are packets coming from egress
pipeline, and not tracked, which are inbound packets coming not from a
local port.
Change-Id: Ia4f524adce2b5ee6d98d3921cfb03d56ad6d0813
Closes-bug: #1747082
(cherry picked from commit 3327db80be)
- Split documentation for external DNS integration into a new document
- Update configs to current standards
- Remove use of old designate client
Change-Id: I7a50ad72e35e2c01f874b872ddeff1aa8bfe3424
Closes-Bug: 1722367
Related-Bug: 1725630
(cherry picked from commit f305559292)
New facade is enabled by setting new_facade = True for the object of
interest. With new_facade on, all OVO actions will use the new reader /
writer decorator to activate sessions.
There are two new facade decorators added to OVO: db_context_reader and
db_context_write that should be used instead of explicit
autonested_transaction / reader.using / writer.using in OVO context.
All neutron.objects.db.api helpers now receive OVO classes / objects
instead of model classes, since they need to know which type of engine
facade to use for which object. While it means we change signatures for
those helper functions, they are not used anywhere outside neutron tree
except vmware-nsx unit tests, and the latter pass anyway because the
tests completely mock out them disregarding their signatures.
This patch also adds several new OVO objects to be able to continue
using neutron.objects.db.api helpers to persist models that previously
didn't have corresponding OVO classes.
Finally, the patch adds registration for missing options in
neutron/tests/unit/extensions/test_qos_fip.py to be able to debug
failures in those unit tests. Strictly speaking, this change doesn't
belong to the patch, but I include it nevertheless to speed up merge in
time close to release.
There are several non-obvious changes included, specifically:
- in neutron.objects.base, decorator() that refreshes / expunges models
from the active session now opens a subtransaction for the whole span of
call / refresh / expunge, so that we can safely refresh model regardless
of whether caller opened another parent subtransaction (it was not the
case for create_subnetpool in base db plugin code).
- in neutron.db.l3_fip_qos, removed code that updates obj.db_model
relationship directly after corresponding insertions for child policy
binding model. This code is not needed because the only caller to the
_process_extra_fip_qos_update method refetches latest state of floating
ip OVO object anyway, and this code triggers several unit test failures.
- unit tests checking that a single commit happens for get_object and
get_objects are no longer valid for new facade objects that use reader
decorator that doesn't commit but close. This change is as intended, so
unit tests were tweaked to check close for new facade objects.
Change-Id: I15ec238c18a464f977f7d1079605b82965052311
Related-Bug: #1746996
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.
Change-Id: Ia59753ded73cd23019605668e60cfbc8841e803d
Closes-Bug: #1692951
This patch adds documents for floating IP qos feature.
Both neutron server side and L3 agent side settings
will be introduced in this patch.
Partially-Implements blueprint: floating-ip-rate-limit
Change-Id: Ia1f84a5d436220fd22ee1e739242db707d75cf85
This commit adds common_agent_extension class which is agent API
for L2 extension drivers used e.g. by Linuxbridge agent.
This is necessary to be able to use instance of iptables_manager
used in firewall driver also in L2 extension drivers (like qos).
This patch refactors little bit iptables_manager code to make possible
to initialize e.g. mangle or nat table on demand, even if iptables
is created as "state_less"
Change-Id: I3b66e49b7f176124e8aea3eb96d0d465f1ab1ea0
Closes-Bug: #1736674
This is from [1] as networking guide content has been imported from
openstack-manual [2].
[1] I101a15872ad999bef1a8afed7762eb88f1c68c3a
[2] Ibcedc9389dbea4a5810f2cecf890f6ba9887a07b
Change-Id: I929c4640485423180b7ba8d5f54319dbaf3350d9
Closes-Bug: #1682021
Sync with today's master + vpnaas patch [1] of the following files
in gerrit-dash-creator:
neutron.dash
neutron-subprojects.dash
neutron-subprojects-stable.dash
neutron-infra.dash
[1] Iaf2545c054cd9466528c3397c21595fb1f4796ac
Change-Id: Ie6dc9da4d68ee07f0949a98d4233920ad82051fe
The patch creates tables where other services using openflow can
implement rules for further packet processing. 3 new tables were created
for packets accepted by egress, ingress pipeline and packets dropped by
firewall.
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
Change-Id: I7900126de235ee9df902bef9556879f586d33ae8
Right now we use Launchpad State "Confirmed" and "Triaged" for
the query to generate the agenda of neutron-drivers meetings.
Unfortunately it's often interfered by the gerrit integration.
E.g. A submission of Closed-Bug patch changes the state to "In Progess".
This patch avoids the issue by tweaking the procedure to use a set of
tags instead.
An altenative would be to teach the gerrit integration about our usage.
Or, move to some other systems like storyboard.
But they would require more efforts than this change.
Change-Id: I9becc8052b80a284a4cb336e2da115d28d501720
The last link in the 'Further Reading' section of the SR-IOV internals
document is not rendered properly. It gets a '/' at the end, that
makes the link useless. It seems to be a problem with Sphinx. To
work around it, the bullets are removed from the list of recommended
documents for further reading
Closes-Bug: #1737833
Change-Id: I2116e82d60bc361583eab8e3809ec5f9eab6d11c
The documentation links which start with "admin-guide" and
"networking-guide" are outdated. Fix them to be friendly
to new contributors.
Change-Id: I656ba3b82df6acd2555735093127ca59f7042d44
Burst value for TCP traffic should be set as 80% of desired bandwidth
limit value. For example, if the bandwidth limit is set to 1000kbps
then enough burst value will be 800kbit. If the configured burst value
is too low, achieved bandwidth limit will be lower than expected.
If the configured burst value is too high, too few packets could
be limited and achieved bandwidth limit would be higher than expected.
So we should recommend a correct example in case that user ignores
the note.
Change-Id: Iefea3ce699c39e217e89dec93a8fe8ea1a90ac82
Qos policy with bandwidth limit rules can be applied on router's
gateway ports to limit only if veth are used to connect it to
namespaces.
This commit updates "ovs_use_veth" config option help message and
qos docs to add such info there.
Change-Id: I69e78bc125d430c933f7576d05308030789cee0a
Related-Bug: #1732852
OpenStack client doesn't display "Created" after
create operation.
Also this patch corrects an erroneous ingress rule update command by
changing "--max-burst-kbps" to "--max-burst-kbits".
Finally, the output of several commands is corrected.
Change-Id: I93aac4a5f293919b3fd8acf1c0310f6864004ee0
Closes-Bug: #1730896
This patch adds a note to clarify the need for nova to be installed
prior to configuring the compute service for neutron.
Change-Id: If7f16c1bd01843c244b87a48a024d17e57cb775e
Closes-Bug: #1732669
The OpenFlow spec says packets shouldn't match against multiple flows
at the same priority or the result is undefined. In ovsfw, 8 priority
levels are needed to comply with this rule.
Note: unlike overlapping TCP port ranges cases, the current version
of OVS seems to handle this case magically.
Change-Id: I6deaee8dbe81453285b1fc685282952bc9456949
Closes-bug: #1708092
The ovsfw code generated multiple flows with the same or overlapping
match fields and different actions=conjunction(nnn,2/2) flows.
Merge such flows and generate only one flow with
actions=conjunction(mmm,2/2),conjunction(nnn,2/2) so that filtering
are correctly performed.
Change-Id: I0cd325b02f35e103606595b8b124010fff8dc397
Partial-bug: #1708092
As discussed at Denver PTG, DocImpact tag will be retired.
Feature patch must now include relevant documentation changes.
Change-Id: I6aa3753772321733920481ac57549a648f92c6de
In this section there were only links to 3 stale branches.
Now it describes how link to Launchpad's page with
links to current stable branches can be build.
Change-Id: I721dfbb7e907eb1f4bac0fdb4f6fe35dc447dee1
On docs bugs policies page link to page which
describes OpenStack stable branch policy is updated to
correct page.
Change-Id: I4eb4a53c52155da4abcf724885339df2afecdfaf
In order to support LIKE statement filter in OVO objects,
StringMatchingFilterObj class is introduced. However, this class
does not provide initial attributes of "starts", "contains" and
"ends".
In real usage, if these attributes are not initialized, we will
hit failures in method apply_filters() in db/_model_query.py.
This patch adds the initialization back.
Secondly, a typo of "obj_utils.StringMatchingContains" is revised
in this patch too.
Change-Id: If828068d8d08ff09dff6c63d53320bc397d32448
Closes-Bug: #1724446
Since 1b8664f8e1 moves qos
constants to neutron-lib, here we updates the link.
Also this patch adds short description for
supported QoS rule types.
Change-Id: Id6ebadc1dc9f6a4ea390f8c47dcdf72992494526
The example of "detach a port from the QoS policy" is
wrong in config qos doc.
OpenStack client don't display info about "Updated" after
set or unset operation. Egg, associate the created policy
with an existing neutron port, or detach a port from the
QoS policy. It is the same as network.
Also, OpenStack client don't display info about "Updated
or Deleted" when we modify or delete rules from Qos policy.
Change-Id: Idbc1877e85a13faca150307b3e773c1ea5333b77
Closes-Bug: #1727132
As [1] shows, the controller node hosts the Neutron server but
also agents like L3 and DHCP which require also OVS or LinuxBridge
agent to be running on it.
To enable QoS is required to enable the 'service_plugins' and
the 'extension_drivers', along with the agent section in the plugin
config if the agent is running on this host.
In the network node and the compute node only the agent
'extensions' configuration is needed to enable QoS
on the agent.
[1] https://docs.openstack.org/security-guide/networking/architecture.html
Closes-Bug: #1720077
Change-Id: I14128aabe0a9209c31a1bd4c76eed1182364ccdf
Co-Authored-By: Slawek Kaplonski <slawek@kaplonski.pl>
Tweak the wording so that it's a bit more clear on how to
handle rfe-approved RFEs and why certain RFEs are marked
as 'rfe-postponed'.
Change-Id: Iad66a1322918338ab51035de8fdb6b6ca23ddd8c
SapanaJadhav
Ian Wienand
Lajos Katona
Jens Harbott
Slawek Kaplonski
Matt Riedemann
Thomas Morin
Nguyen Phuong An
Hidekazu Nakamura
miaoyuliang
Nate Johnston
Robin Naundorf
Jakub Libosvar
Ihar Hrachyshka
gaofei
Ali Sanhaji
YAMAMOTO Takashi
LIU Yulong
Cao Xuan Hoang
Brian Haley
Sławek Kapłoński
Hunt Xu
Bernhard M. Wiedemann
Miguel Lavalle
Guoqiang Ding
Zachary
Boden R
IWAMOTO Toshihiro
Lujin
wanghongtaozz
Lenny Verkhovsky
Dongcan Ye
David Rabel
Rodolfo Alonso Hernandez
Armando Migliaccio