Fixes bug #1185174
This reverts commit b8b2c4e, 2f13345, 362bd7f, 8da2fb7 and 956b873.
We don't yet have the infrastructure in place to use latest oslo.config
in the gate or even get the correct metadata for it in our packaging.
The gory details are here:
http://lists.openstack.org/pipermail/openstack-dev/2013-May/009586.html
Change-Id: Idf89ca418df158e6f94279c9c5fa44f23073a9d7
This patch exposes the sqlalchemy_pool_size option to config files of
plugins that already expose sql_ options besides sql_connection.
Fixes bug 1185260
Change-Id: Ifaff02fae5e5349efb992c071adc0b02f10d61a7
Bug 1179745
This patch introduces a new type of check whose aim is to fetch
the parent resource's owner only when a rule that explicitly needs
it needs to be checked.
Change-Id: I1ff429eb3f92b35bcb9b4c4e01b65f8c0a595f48
Avoid depending on platform specific paths for rootwrap
by using exec_dirs in rootwrap. Fixes rootwrap configuration
for SUSE.
Fixes bug #1156044
Change-Id: I54d082c543fd84b40db0caa3571300ac0bb07b57
To have consistent option group name format across projects,
oslo.config now normalizes all non lowercase group names to lowercase
when loading conf files.
Thus conf files are backwards compatible but option group references
in the code must now use lowercase before we update oslo.config.
This patch replaces all 'OVS' references to 'ovs'
Change-Id: Id8697138d822e331a6776f847915c61b40f8dd6a
To have consistent option group name format across projects,
oslo.config now normalizes all non lowercase group names to lowercase
when loading conf files.
Thus conf files are backwards compatible but option group references
in the code must now use lowercase before we update oslo.config.
This patch replaces all 'DEFAULT_SERVICETYPE' references to
'default_servicetype'
Change-Id: Iccab055c4664e11c9618706e594416194065048b
To have consistent option group name format across projects,
oslo.config now normalizes all non lowercase group names to lowercase
when loading conf files.
Thus conf files are backwards compatible but option group references
in the code must now use lowercase before we update oslo.config.
This patch replaces all 'QUOTA' references to 'quota'
Change-Id: I74c2a35aea7a52f9586eb598fe52d2cecb1851ef
The linuxbridge, openvswitch, and hyperv plugins all use the same
basic RPC interface between their plugins and L2 agents. But the
attributes describing a virtual network passed from the plugin to the
agent over this interface differed for historical reasons. The
openvswitch and hyperv plugins each pass network_type,
physical_network, and segmentation_id attributes, whereas the
linuxbridge plugin previously passed vlan_id and physical_network
attributes, using special vlan_id values to indicate flat or local
network types.
This patch changes the linuxbridge plugin to pass network_type and
segmentation_id attributes instead of the vlan_id attribute, bringing
its message formats into sync with the other plugins. RPC
compatibility is required for blueprint modular-l2 so that the ml2
plugin can work with all three existing types of L2 agent. This RPC
message format change is also required for blueprint
vxlan-linuxbridge.
Unlike the vxlan-linuxbridge patch on which it is based (see
https://review.openstack.org/#/c/26516/), this patch does not bump the
linuxbridge RPC version number, as the ml2 plugin will require all
three L2 agents to use the same RPC version. Instead, the updated
linuxbridge agent maintains compatibility with old linuxbridge plugins
by accepting either the old or new attributes. There is also a
configuration option, currently turned on by default, to enable the
updated linuxbridge plugin to pass the vlan_id attribute expected by
old linuxbridge agents along with the new attributes. These message
format compatibility mechanisms are intended to aid during upgrades,
and can eventually be removed.
Change-Id: I7cc1c9f96b09db6bab2c7d9f2b30b79fa4dab919
Blueprint make-authz-orthogonal
This patch implements part #3 of this blueprint, according to its
specification.
It does so by allowing the view generator in the API layer to strip
off fields which do not satify authorization policies.
Also, some checks in unit tests for plugins relied on the
capability of the plugin to invoke directly the policy engine.
This checks have been removed and replaced by equivalent unit tests.
Finally, this patch required changes to most test cases for API
extensions in order to ensure the resource attribute map was
updated with the extension's attributes
Change-Id: I1ef94a8a628d34697254b68d7a539bd1c636876e
blueprint portbinding-ex-db
related patch in nova:
https://review.openstack.org/#/c/21141/
Only OVS and linux bridge plugins now support this feature.
Change-Id: I42d9bc59130e2758dd6a221d8953d63ec10e1f3c
Implements Mellanox Quantum plugin.
This plugin implements Quantum v2 APIs with support for Mellanox embedded
switch functionality as part of the VPI (Ethernet/InfiniBand) HCA.
Change-Id: I22907dfec5b6cb8f6ad8c3b6e390abc4f8e0ac10
The dnsmasq version check does not need root privileges
to run as with low privs it works just fine. As a side
effect, the use of the rootwrapper was causing unit tests
to hung because the execute call in check_version was not
being stubbed out. Weirdly enough this wasn't caught in
a previous Gerrit run; there must be a passwordless sudo
lurking around somewhere in the Gerrit infrastructure.
Fixes bug #1178800
Change-Id: I4d0bd218768eec2439d3907587682ff35884a262
It has been noted that older versions of dnsmasq may have unexpected
behavior, so this patch introduces a check on dnsmasq version; if
the minimum version is not met, a warning is logged. This is less
invasive than raising an Exception and abort the dhcp agent, even
though this also seems like a perfectly acceptable behavior.
Fixes bug 1170793
Change-Id: Idd91c3753fb05f223ed0e3c53ad692ee65ea4905
* Config doc: http://wiki.openstack.org/QuantumDevstackOvsXcp
* The Open vSwitch agent needs to be deployed on domU but
interact with a dom0 bridge.
* Add a root wrapper and associated XenAPI plugin to allow the
agent to execute networking commands against dom0 from domU.
* Update ovs_lib mac address discovery to use ip_lib to
ensure that discovery works even for bridges not local to
the agent (i.e. dom0 bridges). A bridge configured with
a dom0 root wrapper will execute ip link on dom0.
* Update ip_lib to use a root helper by default to ensure that
the 'ip' command will execute on dom0.
* Remove obselete rpm spec and installer for dom0 agent.
* Credit where credit is due - the XenAPI plugin and its
packaging were largely copied from nova.
* Supports blueprint xenapi-ovs
Change-Id: I7795446ee1267712c896f5cb3401f84fb1763ce7
Blueprint make-authz-orthogonal
This patch implementes item #2 of the blueprint
Remove calls to policy.enforce when the policy check can be performed
safely at the API level, and modify policy.json to this aim.
This patch does not address enforce calls in the agent scheduler
extension, as that extension is currently not defined as a quantum.v2.api
resource class.
This patch also adds an API-level test case for the provider networks
extension, which was missing in Quantum and was necessary to validate
the API behaviour with the default policy settings.
Change-Id: I1c20a5870279bc5fce4470c90a210eae59675b0c
Fixes bug #1121605
This patch replacest the nvp_controller_connection configuration option
with a set of options more intutitive to user which also avoid
repetitions in ini files.
In order to simplify the configuration of the plugin, this patch also
removes named clusters. As the plugin supports a single cluster at
the moment, this can be simply specified in the [DEFAULT] configuration
section.
Also, this patch restrucures nvp_cluster.NvpCluster so that per-cluster
configuration options are not store anymore multiple times.
Change-Id: Id5f84220122d7c5f3239e3333cb772247d1ed05e
Bug 1158434
This patch adds a new policy named 'context_is_admin' which defines
an admin user as a collection of roles or else. The quantum context
has been updated to check for this policy when setting the is_admin
flag.
This patch also adds a method for gathering 'admin' roles from policy
rules as current logic requires the context to be always populate with
the correct roles for admin rules, even when the context is implicitly
generated with get_admin_context or context.elevated.
Backward compatibility is ensuring by preserving the old behavior if
the 'context_is_admin' policy is not found in policy.json
Change-Id: I9acea75cca0c47e083a9149e358328ea3ca12d68
Since Quantum supports HA queues with RabbitMQ (https://review.openstack.org/#/c/13760/),
quantum.conf should provide new flags for explain how to configure multiple RabbitMQ servers and enable HA.
New flags :
rabbit_hosts=$rabbit_host:$rabbit_port
rabbit_ha_queues=false
qpid_hosts = localhost:5672
Fix Bug #1160369
Change-Id: I35903b1b7b66fde8d70ac7e8076e0def2a1f2d04
Scope: Unification of all the various plugin files for the Cisco plugin into a single file.
Use Cases: Quantum with the Cisco plugin.
Implementation Overview: All the config values contained in the various files in
etc/quantum/plugins/cisco will be unified into a single file
etc/quantum/plugins/cisco/cisco_plugin.ini. The plugins needs to be modified to
read from a single file instead of multiple.
Added quantum.openstack.common.cfg support.
Change-Id: I9ef356eccfe330c3733f441b96400d03c3d7d1df
Blueprint make-authz-orthogonal
This implements work item #1 of the blueprint.
This patch enables authZ checks for 'member actions' in the base
controller and removes explicit checks from l3_db.
This patch also addresses a small glitch in the policy engine which
was assuming the request always had a body.
Change-Id: I7e0f386eedcfff24ea1fee7294bbadd6c5ec781c
SSL are entirely optional. Support for SSL as well using code from glance. We
have some new options for configuring the SSL support. There are tests for
accessing a sample app w/o ipv6 or ssl, one with just ssl and one with
ipv6 and ssl
Fixes LP# 1101342
DocImpact
Change-Id: I824acef4130d27828dcf199736b3ca668d6202d7
If using a host that does not support namespaces the nvp plugin did not have
a way to leverage metadata unless using enable_isolated_metadata which
requires a subnet to not have a gateway. This patch changes the metadata
configuration for the NVP plugin by adding a flag metadata which can be
set to access_network (which was previously enable_metadata_access_network)
or dhcp_host_route. When set to dhcp_host_route when the dhcp agent creates
it's port a host_route is added towards the dhcp server's ip for the
destination 169.254.169.254/32 only if the subnet has as gatway_ip.
In order for a host to leverage metadata via dhcp_route_route it requires
the host's dhcp client to support host routes (code 121).
Fixes bug 1155786
Change-Id: I2ff52adc3dfebcdd6d9c05d5dc79aa65ae100c74
Bug 1155379
This patch removes extra colons from policy.json.
Also, it fixes some checks in the nicira plugin which were not
passing correctly the target resource for the policy engine.
Change-Id: I89a1d170818173eaa90b50158289a06455febadc
bug 1150628
now that dhcp-agent also uses ns-metadata-proxy, we need to make sure
those rootwrap filters are installed in scenarios where dhcp-agent is
installed by l3-agent is not.
Change-Id: I141b2291aceb93d650258ff1df1ef0122ce8da90
This is a l3-agent version of 349aa3ef3563c019f4d0a98fc30117ae0a6cade3.
The combination of the plugin without agent extension support
and L3NATAgentWithStateReport results in an error:
"AttributeError: No such RPC function 'report_state'".
This patch changes l3_agent_manager to be L3NATAgent instead of
L3NATAgentWithStateReport since all plugins do not support
L3NATAgentWithStateReport and having this as the default breaks
all current deployments that upgrade source without changing
their config files.
Fixes bug 1139726
Change-Id: Ibb5c04c89bfad741ec43a372cbf97445f7b3d76c
implements blueprint lbaas-namespace-agent
This a reference implemention of the Quantum load balancing service
using HAProxy. The implemention is designed for vendors, developers,
and deployers to become familiar with the API and service workflow.
This change also adds some constraint checks for data integrity.
Change-Id: I10a67da11840477ccf063b98149f4f77248802a1
3rd part of blueprint quantum-scheduler
1. Allow networks to be hosted by certain dhcp agents.
Network to dhcp agent is a
many to many relationship. Provide a simple
scheduler to schedule a network randomly
to an active dhcp agent when a network or port is created.
2. Allow admin user to (de)schedule network to a
certain dhcp agent manually.
3. Allow routers to be hosted by a certain l3 agent.
Router to l3 agent is a many to one relationship.
Provide a simple scheduler to
schedule a router to l3 agent if the router is not
scheduled when the router is updated.
4. Auto schedule networks and routers to agents when agents
start.
5. Only support ovs plugin at this point
Change-Id: Iddec3ea9d4c0fe2d51a59f7db47145722fc5a1cd
Fixes bug 1100476
The patch also updates the quantum configuration file to
contain the following:
- max number of host routes
- max number of dns servers
Change-Id: Ic5d90034b0231687dfbde8fc65780ab52222c0fd