* Switch the release note theme to openstackdocstheme.
* Use the new style of setting of openstackdocstheme
of the in-tree documentation.
Change-Id: I0424f097c0f5d78a539bc997e2cd61119d606524
Add support for QoS ingress bandwidth limiting in
linuxbridge agent.
It uses traffic shaping done by tc with tbf qdisc.
DocImpact: Ingress bandwidth limit in QoS supported by
Linuxbridge agent
Change-Id: Id495b302d31f5527db3e45b51517bc53153e7fc2
Partial-Bug: #1560961
Add support for QoS ingress bandwidth limiting in
openvswitch agent.
It uses default ovs QoS policies on bandwidth limiting
mechanism.
DocImpact: Ingress bandwidth limit in QoS supported by
Openvswitch agent
Change-Id: I9d94e27db5d574b61061689dc99f12f095625ca0
Partial-Bug: #1560961
This reverts commit 1b987be2b55558dcc276fcfc8af6e39f8b6bac16.
This probably triggered a race between nova and l2 agent when
hot-detaching VIFs.
Change-Id: I2fc20666d43942446878da358ccf4472e04ad94c
Related-Bug: #1696125
This reverts commit 3299cdffae5cd7196a1676da103da5e2e413ec21.
At least, there's a user which relies on the previous
semantics. (Our tempest plugin)
We should not change API semantics lightly
in an incompatible way.
Closes-Bug: #1694396
Related-Bug: #1694190
Change-Id: I88a216951d8996ac8bc90078b4239f0d25392e58
Enable creation of VXLANs with different multicast addresses allocated
by VNI-address mappings. Dictionary of multicast addresses and
corresponding VXLAN VNI IDs should be loaded from settings. Usable to
not flood whole network when managing routers between more datacenters
and can not use L2population because VXLAN points to external device.
Co-Authored-By: Kevin Benton <kevin@benton.pub>
DocImpact: VXLAN addresses used by linux bridge can be specified per VNI
Closes-Bug: #1579068
Change-Id: I24f272ccd6d61d9fa7ea3b6f256fabd381f5434a
This patch implements the "default" behaviour for QoS policies.
If this flag is enabled for a QoS policy in a project, all
new networks created will have this QoS policy assigned by default.
If a new QoS policy is created or updated with this flag and another
QoS policy in the same project is set as the default policy, the new
one won't be created or updated. To set another QoS policy as default,
the current one must be unset.
DocImpact: A "default" flag is introduced for QoS policies. If this flag
is enabled in a QoS policy (attached to a project), then all
networks created in this project would have this QoS policy
assigned, unless an explicit policy is specified.
APIImpact
Closes-Bug: #1639220
Change-Id: If5ff2b00fa828f93aa089e275ddbd1ff542b79d4
This adjusts the Linux Bridge mechanism driver to return
the 'tap' VIF type to Nova so the Linux Bridge agent is
responsible for plugging all ports into bridges.
This completely eliminates all of the work Nova was doing with
regard to bridges so we now have one consistent path how ports
(both compute and dhcp/l3) are connected into Linux Bridge
networks. Both Nova and the DHCP/L3 agents will now just create
a device and leave wiring to bridges to be completely the
responsibility of the L2 agent.
In order to preserve backwards compatibiliy with Ocata agents
that won't touch compute ports, we only report back vif_type='tap'
if the agent has a report_state value showing that it wires compute
ports.
This will also solve a longstanding bug (bug #1105488) that
is preventing Nova instances from using custom bridge mappings
since the agent will be guaranteed to be responsible for the
connection to the bridge.
Depends-On: I075595158d8f3b5a6811c4794aa7b91912940db5
Related-Bug: #1617447
Closes-Bug: #1673910
Closes-Bug: #1105488
Change-Id: I23c5faaeab69aede1fd038a36f4a0b8f928498ce
This patch changes way how neutron calculates which QoS rules
are available to use. It now returns all rule types which are
supported by at least one loaded QoS driver.
If user will want to apply policy with rule unsupported by driver
used by port then it will be catched on port/network update event.
This validation mechanism was introduced in
I75bd18b3a1875daa5639dd141fb7bbd6e1c54118
DocImpact: list of returned available QoS rule types is changed
Change-Id: Ia00d349625db358ab486802fc0ff2e69eaa3895e
Closes-Bug: #1686898
This patch introduces the new parameter "direction" to
the QoS bandwidth limit rule. It will allow the creation
of bandwidth limit rules for either ingress or egress
traffic. For backwards compatibility the default direction
will be egress.
DocImpact: Ingress bandwidth limit available for QoS
APIImpact: New type of parameter for QoS rule in neutron API
Change-Id: Ia13568879c2b6f80fb190ccafe7e19ca05b0c6a8
Partial-Bug: #1560961
Currently we use WebOb.request.application_url to return a link to the
neutron api. This may not be the correct link in the case where
'X-Forwarded-Proto' is used. Nova provides the osapi_compute_link_prefix
variable for providing custom links to the api. This does the same
for Neutron.
Co-Authored-By: Kevin Benton <kevin@benton.pub>
Change-Id: I92227803b1bc2fec10ee168a0285f2f6f09f55b0
This can then be loaded into a wsgi compatible web server like
apache2/httpd or nginx.
DocImpact A new neutron-api script is installed, and can be used to
start either a standalone wsgi server (calling the script directly),
or as a wsgi script loaded by a web server (e.g. by httpd/mod_wsgi).
Change-Id: Ie9bb8b33f6e1335219e574d832ac264b043d90e6
Partial-Bug: #1666779
Co-Authored-By: Brandon Logan <brandon.logan@rackspace.com>
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
A lot of clouds using the router service plugin don't configure for DVR,
but the service plugin still loads the extension, and exposes it via
API. Which will break if api consumers (admins with default policy.json)
attempt to create new style routers based on the information passed
through /extensions/ api.
This change introduces a new config option that allows to avoid loading
the extension. For complatibility sake, it requires an opt-in from ops
side to disable it, otherwise the extension is still loaded as before.
This is helpful for automation matters. It may also be useful when
preparing tempest.conf api_extensions=, when you could actually pass the
result of /extensions/ request into tempest and expect the test suite to
pass without yanking dvr off the list for non-dvr setups.
We could go further and try to check if the controller is configured
properly. That is complicated by the fact that f.e. such validation may
require talking to ml2 drivers, or even agents, which is not feasible
during api startup.
Change-Id: I84be9be93862fe71a2d5b5322d7ebd476c784163
Related-Bug: #1450067
This change will make neutron-server use default values from oslo.db if
any of them are not overridden in config files, instead of applying its
own unique values that may be unexpected to users and operators.
It also makes our config files correct since now we don't claim wrong
values being default. (Remember the config generator was never aware of
our snowflake behaviour.)
If you wonder why we were overriding it in the first place, it was
needed back in the times when we were using db module from
oslo-incubator that has not provided proper defaults. Those times are
long gone.
Of course the change is not impact free, and operators who for some
reason want to keep the old values may need to adjust their
configuration files. Still, I believe using default values from oslo.db
is the correct thing to do long term.
We still need to set connection string for unit tests to sqlite:// since
oslo.db doesn't provide any default value for the option. It should be
fine to effectively unset default value for the option for
neutron-server since no one in production can use sqlite anyway.
This change also drops set_db_defaults function from
neutron.common.config. I have checked that there are no consumers for
the function outside the tree.
NeutronLibImpact
UpgradeImpact
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
Change-Id: Ia97d6cf24e554f7b3878dd301ae4e7e10a1c9998
Closes-Bug: #1682307
In order to route traffic between the internal subnets and the
external subnet that belong to the same address_scopes we need
to create the gateway port and the fip namespace irrespective of
the configured floatingips for the internal subnet.
This will consume an additional IP from the external subnet on
all nodes, but with the introduction of service_type networks,
this will not be an issue any more.
This patch is the first in series that creates the agent gateway
port and the fip namespace on every node when the gateway is set
for the router. For every router created it will connect the
router namespace to the fip namespace.
Partial-Bug: #1577488
DocImpact: Document the change in behavior for fip-agent-gw create
Change-Id: I30c4f7fc250e486fe9a71b68540e783e90a6cf15
Implements the port data plane status extension. Third parties
can report via Neutron API issues in the underlying data plane
affecting connectivity from/to Neutron ports.
Supported statuses:
- None: no status being reported; default value
- ACTIVE: all is up and running
- DOWN: no traffic can flow from/to the Neutron port
Setting attribute available to admin or any user with specific role
(default role: data_plane_integrator).
ML2 extension driver loaded on request via configuration:
[ml2]
extension_drivers = data_plane_status
Related-Bug: #1598081
Related-Bug: #1575146
DocImpact: users can get status of the underlying port data plane;
attribute writable by admin users and users granted the
'data-plane-integrator' role.
APIImpact: port now has data_plane_status attr, set on port update
Implements: blueprint port-data-plane-status
Depends-On: I04eef902b3310f799b1ce7ea44ed7cf77c74da04
Change-Id: Ic9e1e3ed9e3d4b88a4292114f4cb4192ac4b3502
This patch introduces support for requests where the user does
not know the segmentation details of a subport and by specifying
segmentation_type=inherit will let the trunk plugin infer these
details from the network to which the subport is connected to, thus
ignoring the segmentation_id in case it were to be specified.
This type of request is currently expected to have correct results
when the network segmentation type is 'vlan', and the network has
only one segment (provider-net extension use case).
DocImpact: Extend trunk documentation to include Ironic use case.
Closes-bug: #1648129
Depends-on: Ib510aade1716e6ca92940b85245eda7d0c84a070
Change-Id: I3be2638fddf3a9723dd852a3f9ea9f64eb1d0dd6
We have made os-xenapi repository to deal with XenServer Dom0
specific functions, this patch is to change neutron to use
os-xenapi when XenServer is hypervisor and move the building
RPM scripts into os-xenapi repo
Depends-On: I8a31c81d9475387fe4ed7030b70b26098e588771
Change-Id: Ia958c366189386b1b5abbadbb4d74950aaa23bb2
Currently the metering agent is using the old import method,
use stevedore instead.
DocImpact
Two places in the networking guide should change to
'driver = iptables' from current format.
Partial-Bug: #1504536
Change-Id: I1e6d196a3ada8fbfc2b70d6a983984d8db09bbd0
It's probably not very realistic to expect power users to be happy with
the default quotas (10 networks, 50 ports, 10 subnets). I believe that
larger defaults would be more realistic. This patch bumps existing
quotas for the aforementioned neutron resources x10 times.
DocImpact change default quotas in documentation if used in examples
anywhere.
UpgradeImpact operators may need to revisit quotas they use.
Closes-Bug: #1674787
Change-Id: I04993934627d2d663a1bfccd7467ac4fbfbf1434
All router ports (internal and external) used to be excluded from QoS
policies applied on network. This patch excludes only internal router
ports from network QoS policies.
This allows cloud administrators to set an egress QoS policy to a
public/external network and have the QoS policy applied on all external
router ports (DVR or not). To the tenant this is also egress traffic so
no confusion compared to QoS policies applied to VM ports.
DocImpact
Update networking-guide/config-qos, User workflow section:
- Replace "Network owned ports" with "Internal network owned ports"
Change-Id: I2428c2466f41a022196576f4b14526752543da7a
Closes-Bug: #1659265
Related-Bug: #1486039
Due to the high memory footprint of current Python ns-metadata-proxy,
it has to be replaced with a lighter process to avoid OOM conditions in
large environments.
This patch spawns haproxy through a process monitor using a pidfile.
This allows tracking the process and respawn it if necessary as it was
done before. Also, it implements an upgrade path which consists of
detecting any running Python instance of ns-metadata-proxy and
replacing them by haproxy. Therefore, upgrades will take place by
simply restarting neutron-l3-agent and neutron-dhcp-agent.
According to /proc/<pid>/smaps, memory footprint goes down from ~50MB
to ~1.5MB.
Also, haproxy is added to bindep in order to ensure that it's installed.
UpgradeImpact
Depends-On: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
Depends-On: Ia37368a7ff38ea48c683a7bad76f87697e194b04
Closes-Bug: #1524916
Change-Id: I5a75cc582dca48defafb440207d10e2f7b4f218b
nova_metadata_ip option name is a bit confusing as it accepts an ip but
also a dns name (which is required when https protocol is used).
This change deprecates nova_metadata_ip option in favor of
nova_metadata_host option and updates option help to highlight that we
can use an ip or a dns name.
DocImpact
Closes-Bug: #1585699
Change-Id: Ia6c2471c7b4f3e924941222133edbb90151757a5
Per Ocata Design Summit discussion, ovs-ofctl of_interface driver
will be deprecated and removed.
Change-Id: I0d94036e25919db1197819f5fe429205b01eee33
Related-blueprint: ovs-ofctl-to-python
This option is used only when external_network_bridge is set to
non-empty value, and that other option is already marked for removal.
DocImpact The gateway_external_network_id option is deprecated and will
be removed in next releases.
Change-Id: Ie6ea9b8977a0e06d69d735532082e9e094c26534
Related-Bug: #1511578
Basically, the commit removes the file encoding - since jenkins is fine
with it, means it was really unnecessary and the change makes sense.
Change-Id: Id0821c9b11b9efad1836596c407566c9eb4dc11a
This patch enhances the tag mechanism for subnet, port, subnetpool,
router resources. The tag-ext as new extension is added so that
tag supports their resources.
APIImpact: Adds tag support to subnet, port, subnetpool, router
DocImpact: allow users to set tags on some resources
Change-Id: I3ab8c2f47f283bee7219f39f20b07361b8e0c5f1
Closes-Bug: #1661608