Neutron API accepts also protocol numbers as protocols for security
groups. This patch makes support for it in OVS firewall driver. iptables
driver already supports it.
Fullstack test covering SCTP connection was added and it requires
ip_conntrack_proto_sctp kernel module in order to make conntrack work
with SCTP.
Change-Id: I6c5665a994c4a50ddbb95cd1360be0de0a6c7e40
Closes-bug: 1625516
When we run devstack with USE_PYTHON3, the existing KillFilter
definitions are not enough. Let's add one specific to python 3.5
as well.
Change-Id: I2472e4e39315225d6c9ea1651c8e3b20edc59b49
Register all sqlalchemy events through a new function in
neutron.db.api so we can keep track of active events and
ensure all are removed at the end of each test run.
Without this, an instance of a plugin may be left around
with the only reference to it existing in SQLAlchemy, where
it will receive events for tests unrelated to it and potentially
interfere.
Change-Id: I8e93eb4e8ef5a13f015db9cd20e44941cdcb72ef
ML2 server-side push notifications for subnets, networks,
ports, security groups, and security group rules.
This adds a registry callback listener for each of the objects
above for the AFTER_CREATE and AFTER_UPDATE events. Whenever
one of these is triggered, it will parse the ID out of the event
and use it to retrieve an OVO object from the DB and dispatch
it to the RPC callback notifier.
This is only the logic to push changes to the agents. It does not
include an interface for the agents to query the server or the agent
side code to receive the notifications.
Partially-Implements: blueprint push-notifications
Change-Id: I5efc625c5e8565693e795d70e0f85810552d38cd
We allow 0 in port_range_min and port_range_max for the
non TCP/UDP use cases (e.g. ICMP). This adjusts the securitygrouprule
OVO object to use a new PortRangeWith0Field to allow 0.
Change-Id: I00f7a91202ccfcad1b8edb8759983332c6e79791
Since commit a388f78c8c, we fetch
routers' existing floating ip address from the fip namespace's
route table instead of qrouter namespace's qg device for the
dvr_local and dvr_edge router. But for dvr_edge_ha router, it
still fetch the existing floating ip like legacy router, causing
it can’t know which existent floating ip rules need to be removed.
After removing the get_router_cidrs method, the dvr_edge_ha router
inherit the get_router_cidrs method from dvr_local router and it
will remove the existent floating ip rules successfully if we
disassociate the floating ip.
Co-Authored-By: Swaminathan Vasudevan <swaminathan.vasudevan@hpe.com>
Change-Id: Ic471189773298b353db7629c827c8787703c0069
Related-Bug: #1644415
Introduce get_reader_session() and get_writer_session()
and replace get_session() with them.
Mark get_session as depricated.
Stop using get_engine from legacy facade. Use writer engine for
places where it is required.
Partially-Implements blueprint: enginefacade-switch
Change-Id: I28b741bfa27bf04cbe273586e6e3e00e14fbe683
For Neutron's compute agent in a XenServer's compute node, the commands
actually need run in Dom0. Currently XenServer only supports rootwrap
for that purpose by invoking a script which invokes XenAPI to execute
commands in dom0. There are much performance overhead due to it requires
parsing on the script and the configuration file every time running
commands.
This change is to support daemon mode with which each agent service will
call XenAPI directly to execute commands in dom0. And it will keep the
single XenAPI session.
DocImpact: Need update the following configuration.
file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
root_helper_daemon = xenapi_root_helper
[xenapi]
connection_url = http://169.254.0.1
connection_username = root
connection_password = xenroot
Closes-Bug: #1585510
Change-Id: I684034359fe0571bc92dbcf342a9821553b1da35
The network_ip_availability plugin uses old path for exceptions.
This patch fixes the path and adds negative test for the exception.
Change-Id: I9021f76e21b386f371ff73b926553611ab87fb66
Closes-bug: #1657137
Tempest scenarios in Neutron tree contain tests from trunk plugin. These
tests require instances with 802.1q capabilities in order to test VLAN
traffic through subports.
The patch adds hook to fetch Ubuntu image for tests running from Neutron
tree. There are only few other tests in the tree so using bigger image
won't make the job running that much longer in the gate. As ubuntu boot
time takes longer, it's expected that it will take longer time until
instance becomes available over SSH.
Change-Id: I867595b0e90d23f56101835f9a524a2b0d00bb5a
_validate_subnet_service_types function does not consider the
data type of service_type on creatation or update. For example,
if an integer type is passed, the neutron-server will hit
internal error.
This patch adds a check to make sure the data type is unicode.
Change-Id: I5e6d15def3e23f51172b69e1287ff18ab5d3f6aa
Closes-Bug: #1633066
This patch adds fullstack test for LinuxBridge L2
agent with iptables firewall driver.
As LinuxBridge L2 agent tests are spawning each agent
in separate namespace it is possible to test security
groups functionality.
Change-Id: I755c2f1cf68acc0df110902f3a587040ed0a4bab