Function "configure_auth_token_middleware" was deprecated in devstack
in [1].
Patch [1] also introduced regression which cause failures in neutron's
neutron-tempest-plugin-designate-scenario job.
New function configure_keystone_authtoken_middleware should be used
instead.
This patch switches to use this new function to solve problem
caused by patch [1] when old function is used.
[1] https://review.opendev.org/#/c/628651/
Change-Id: I96d69bc7a1489377b5e95965e95dc3d3f2f3a933
Closes-Bug: #1834849
The OVS Firewall blocks traffic that does not have either the IPv4 or
IPv6 ethertypes at present. This is a behavior change compared to the
iptables_hybrid firewall, which only operates on IP packets and thus
does not address other ethertypes.
This is a lightweight change that sets a configuration option in the
neutron openvswitch agent configuration file for permitted ethertypes
and then ensures that the requested ethertypes are permitted on
initialization. This addresses the security and usability concerns on
both master and stable branches while a full-fledged extension to the
security groups API is considered.
Change-Id: Ide78b0b90cf6d6069ce3787fc60766be52062da0
Related-Bug: #1832758
This change updates the documentation for neutron-dynamic-routing
to reflect recent enhancements in DVR compatibility and use of the
openstack CLI instead of the neutron CLI.
Change-Id: I5af8b5e76ca8fd2fba58d0dd987be37530836480
Closes-Bug: #1832603
In patch [1] handle of networks with "shared" flag set to True was
fixed and it is now possible to use "rule:shared" in API policy in
actions related e.g. to ports or subnets.
But network can be shared with some specific tenant only by doing it
with RBAC mechanism and in such case it didn't work with [1] only.
It was like that because context.get_admin_context() was used to get
network so this returned network had got shared=False set even if
request comes from tenant for which network was shared through RBAC.
Now network will be always get with context which have got set proper
tenant_id so "shared" flag will be set properly even in case if it's
shared through RBAC.
[1] https://review.opendev.org/#/c/652636/
Change-Id: I38615c0d18bb5a1f22f3e7865ce24615a540aa9a
Closes-Bug: #1833455
In patch [1] of_interface config option was removed and now
there is only "native" driver available.
So there is no need to mention in description of of_* config
options that option is used only for 'native' driver. It is
used always now.
TrivialFix
[1] https://review.opendev.org/#/c/599496/
Change-Id: Ia3c261b4fccd637691ad442038fb301b0eeb8258
This patch switches over to neutron-lib's version of the the
_AuthenticBase, AuthenticEUI and AuthenticIPNetwork classes by
deleting them from neutron and using lib's version instead.
Depends-On: https://review.opendev.org/#/c/659881/
NeutronLibImpact
Change-Id: Ia3d3db401d6abcb9c9965b945bcd4c199f8e812b
Commit Ifc88dfb3041aa07b197f395172b69399796ba46a recently added a
new agent_timestamp parameter to create_or_update_agent.
As some other projects use this api, the change should have been
backwards compatible.
Adding default to None will solve this issue.
Closes-Bug: #1833589
Change-Id: I2d17f8eaf4d74ae2081f82e3c1a09bdc80b1d701
This copies the guide from openstack-manuals [1] which should
have been done with the manuals docs migration in Pike. The
only content change is a todo is added to migrate the guide
from using the deprecated neutron CLIs to the openstack CLIs.
[1] https://docs.openstack.org/ocata/admin-guide/cli-networking-advanced-quotas.html
Change-Id: Ia0cad1ea0c27067bc257c1fc8e05299052e35e1b
Closes-Bug: #1834068
Disable the inactivity probe during the fullstack tests. This probe
is not tracked nor controller during these tests and usually make
them more unstable. As seen in the bug report, in loaded CI nodes,
sometimes the probe raises an error, stopping the current test:
reconnect|ERR|tcp:127.0.0.1:56401: no response to inactivity probe
after 5 seconds, disconnecting
Change-Id: Id27326d5deae78ebfad1012efb507fde9e6c1453
Closes-Bug: #1833386
Check HA router binding state before restart the agent
for test case:
test_ha_router_restart_agents_no_packet_lost
And move the ping check more nearly to the restart action.
This reverts commit bc073849b6aba62a39846b8be98b0da744caab84.
Change-Id: Ia2eba8d19fcc4d744b7b93623c0f1faf0457bd91
If a network has several segments, the provider network segmentation ID
cannot be changed. This is defined in the feature spec [1].
In the case of having a multisegment network, the OVS agent RPC call
"get_network_details" will return the following value:
{
"network": {
"updated_at": "2019-02-19T13:25:15Z",
"revision_number": 5,
"id": "ba973781-065b-4c69-9f07-a5c4f9a3b754",
...
"segments": [{
"provider:network_type": "vxlan",
"provider:physical_network": null,
"provider:segmentation_id": 10041
},
{
"provider:network_type": "vxlan",
"provider:physical_network": null,
"provider:segmentation_id": 10066
}],
...
}
The provider network information will be contained inside the "segments"
list, instead of being container in the parent "network" dictionary.
Closes-Bug: #1832745
[1]https://opendev.org/openstack/neutron-specs/src/branch/master/specs/stein/change-segmentation-id-vlan-provider-network.rst
Change-Id: I4fa37519bbf91e93ebd2f0e46e4d14edd40728fd
Removed the synchronization from the following ip_lib functions:
* create_netns
* remove_netns
* list_netns
The mentioned bug #1811515 and the corresponding patch [1], explain
the problem of Pyroute2 NetNS class and the file descriptors used
in a multithread environment. This is why, until a fix is applied to
this library, a synchronization decorator was applied to all Pyroute2
commands.
However, the listed functions do not instantiate this class. These three
methods only handle the filesystem in order to create, remove or list
the system namespaces. That means those methods are not affected by the
mentioned bug in Pyroute2 and it is safe to execute them without any
synchronization.
[1] https://review.opendev.org/#/c/631275/
Change-Id: I71521efbdaf9bb6d7cd9650f77c52bf6e02c9ced
Closes-Bug: #1833717
Related-Bug: #1811515
As part of the fix for bug 1826419, a prior release note was
deleted and no new release note was added to document the
change in behaviour as a result of upgrading.
Add new release note to detail the behaviour of
{network,conf}.dns_domain with respect to the DHCP agent
post upgrade.
The deleted release note will be restored in the stable
branches where it was removed.
Change-Id: Ic668d64c28cdc1068cb2413b09839a127bad46d3
Related-Bug: 1826419
The test cases implemented calling "_test_restart_service_on_sighup",
mock the service "start" function. This function appends a temporary
file and this file is read by the main to check the correctness of
the service and workers executing.
In case of failure waiting for the file to be created and populated,
the main function will report now:
- If the file was not created.
- The current size of the file, compared to the expected one (the number
of times the "start" function was called)
The polling time to check the status of the file was increased to 1
second.
Change-Id: I68452408920ad9a1ee7252dd9012f898ddfa7e09
Related-Bug: #1833279
In case when ovs-dpdk is used together with ``ovs_use_veth`` config
option set to True, it cause invalid checksum on all packets send from
qdhcp namespace.
This commit adds short info about this limitation to ovs-dpdk config
guide.
Change-Id: I6237abab3d9e625440e95e75f5091d09a1ec44f0
Related-Bug: #1832021
This patch consumes the OVO event_types from neutron-lib by removing
the module from neutron and using it from lib instead.
NeutronLibImpact
Change-Id: I3bc3ceb0c47766b0984b67081c4c7d243b8609c2
This patch switches over to use the subnet_service_types extension
from neutron-lib's API definitions by removing the extension and
test module and using the lib API definition instead.
NeutronLibImpact
Change-Id: Ibba7af42aef7403472a11abe7b0e2e9239c4958e