The register_model_query_hook and _apply_dict_extend_functions methods
from CommonDbMixin is not being used by consumers today. This patch
removes them and updates any doc references as well.
Changed QoS backend/rule support table in devref documentation to show
that Minimum Bandwidth rule can support both Egress and Ingress
directions in case of placement based enforcement.
Added a new table to show which directions are supported for Minimum
Bandwidth rule by the network backends, and how that depends on the
enforcement type (dataplane or placement).
See-Also: https://review.openstack.org/502306 (nova spec)
See-Also: https://review.openstack.org/508149 (neutron spec)
As agreed during the Stein PTG, this patch proposes an update to the
code review policies, aimed at minimizing the impact of code changes in
Neutron on the Stadium and other networking related projects.
* explain 'ingress' and 'egress'
* reword a few explanations
* provide table numbers as well as table names
* capitalize protocol names: IP, ARP, TPC, etc.
* reword explanations for tables acting as integration
points with L2 other extensions
This change also includes a newline removal in the related portion
of the code; this newline separates constants that are in fact related,
and its removal had been agreed upon to be handle as a follow-up
change to I60d299275effd9ef35c8007773d3c9fcabfa50fa.
This change is a follow-up to Ib6ced838a7ec6d5c459a8475318556001c31bdf,
reintroducing a single place for applying the NORMAL action to
egress traffic, which is necessary to fix a regression introduced
The last two items are already done.
- fullstack tests implemented in commit ff9c6e21
- updates using bundle operation implemented in commit b3b2df14
Currently, we cannot get ACCEPT packet log because there are some
changed related to ovs firewall code since ovs firewall logging has
Regarding to performance perspective, we only log first accepted packet.
So we only need to forward first accepted packet of each connection
session to table 91 and table 92.
So this patch fixes these issues.
Add common parent owner check for the resources which introduced by
Then port forwarding resource will share the same tenant_id with
floatingip. That means only the fip owner can create/update/get/delete
the associated port forwarding resource.
Partially-Implements: blueprint port-forwarding
I always keep forgetting what to do and it's
a little time consuming to re-read the previous
sections at the beginning of every my weeks.
Hopefully, this can be useful for others too.
It is not necessary to use 2 "central" bridges, one for "data" and
one for "external" network simulation.
Also using 2 bridge will cause problems when "external_network_bridge"
option will be removed from L3 agent and it will use integration bridge
as it should be done.
The neutron.object.utils module was rehomed into neutron-lib with
This patch consumes it by removing the neutron.objects.utils module
and corresponding test module, updating the contributor internals for
objects and using lib's version of the module.
The agent extensions code is migrating to neutron-lib. This change
reflects that migration in neutron.
- Consumers using the agents extension should now use
the Agent extension API from neutron-lib instead of neutron.
In case of service_provider, selection according to service type is
necessary. Currently there was no filtering logic, so if there are two
or more service plugins using service_provider, there is a duplicate
New argument 'svc_type' is added to ProviderConfiguration so that only
the service_provider matching the service type is shown.
From caller side of ProviderConfiguration, one should specify
'svc_type' since ProviderConfiguration class have new 'svc_type'
argument to find service provider. Although netron code base using
ProviderConfiguration changed, existed code out of newtron tree should
be also modified following the change becuase if not, there would be
duplicated entries problem currently appeared. But there is no
difference without 'svc_type' argument because matching is effective
only when the argument is specified.
A new test case added in test_get_service_providers() in
neutron/tests/unit/extensions/test_servicetype.py which does not
have any filter options. Without this patch, this test case would be
failed having duplicated results.
While we added new_facade object attribute to framework and it has its
niche and used in some stadium subprojects, it's not ideal because it's
global to an object. Meaning that if you mark an object for new_facade =
True, *all* business logic using the object must also switch to new
facade in the same step, which is a pain and sometimes close to
impossible to do without changing thousands loosely related lines of
code in multiple modules. It would be nice to instead use objects as
usual in different contexts - some using engine facade and some still
using session.begin(...) - and allow the OVO framework to pick the right
way to nest subtransactions.
This patch does exactly that. We call an internal function from oslo.db
and check whether it raises an exception. If it does, it means that the
engine facade is not used; otherwise, we use the new style of nested
By default, if session is not active when OVO action is called, we stick
to the old facade. Once we are done with switching the rest of the
plugin code / OVO objects to the new facade, we will rip off the
Partially-Implements: blueprint enginefacade-switch
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
In internal QoS document there is path to QoS API tests which are now
moved to neutron-tempest-plugin repo.
This commit fixes patch to this tests module.
The tag and tag_ext extensions are deprecated for removal, but are not
used widely today . Rather than rehoming these extensions to
neutron-lib and carrying out their deprecation life-cycle for no
apparent reason, this patch proposes we just remove them now.
While  initially removed these extensions, we had to revert
them with .
In case where Neutron logical port is placed directly to hypervisor,
hypervisor does a conntrack lookup before packets reach OVS integration
bridge. This patch introduces a rule with high priority that is placed
at the beginning of the egress pipeline. This rule removes conntrack
information from all packets if conntrack information is present. Then
packets continue in the egress pipeline.
That means all packets in egress pipeline are not tracked and ovs
firewall can do a lookup in correct zone. As for ingress pipeline, it
distinguishes between tracked - which are packets coming from egress
pipeline, and not tracked, which are inbound packets coming not from a
Today we shim the RESOURCE_ATTRIBUTE_MAP in neutron; it references the
equivelant in neutron-lib named RESOURCES.
This patch removes neutron's RESOURCE_ATTRIBUTE_MAP and cleans up
neutron.api.v2.attributes in prep to delete it.
To do so:
- CORE_RESOURCES and RESOURCE_FOREIGN_KEYS are moved to the single
module that references them respectively and the are made private (no
consumers use them).
- get_collection_info is removed and instead the 2 uses in neutron
just use the get() method of the RESOURCES map. There are no external
uses of get_collection_info.
- References using RESOURCE_ATTRIBUTE_MAP are switched over to
- The neutron.api.v2.attributes module is removed as it's empty now.
- A few api attribute UTs are removed; there's nothing to test as per
It looks this patch breaks Zun's gate. The reason might be
that Zun depends on Kuryr-libnetwork which still use the
legacy tag extension. I propose to revert this for now and
give the kuryr team some time to migrate to the new extension.
This reverts commit 38148d1752.
New facade is enabled by setting new_facade = True for the object of
interest. With new_facade on, all OVO actions will use the new reader /
writer decorator to activate sessions.
There are two new facade decorators added to OVO: db_context_reader and
db_context_write that should be used instead of explicit
autonested_transaction / reader.using / writer.using in OVO context.
All neutron.objects.db.api helpers now receive OVO classes / objects
instead of model classes, since they need to know which type of engine
facade to use for which object. While it means we change signatures for
those helper functions, they are not used anywhere outside neutron tree
except vmware-nsx unit tests, and the latter pass anyway because the
tests completely mock out them disregarding their signatures.
This patch also adds several new OVO objects to be able to continue
using neutron.objects.db.api helpers to persist models that previously
didn't have corresponding OVO classes.
Finally, the patch adds registration for missing options in
neutron/tests/unit/extensions/test_qos_fip.py to be able to debug
failures in those unit tests. Strictly speaking, this change doesn't
belong to the patch, but I include it nevertheless to speed up merge in
time close to release.
There are several non-obvious changes included, specifically:
- in neutron.objects.base, decorator() that refreshes / expunges models
from the active session now opens a subtransaction for the whole span of
call / refresh / expunge, so that we can safely refresh model regardless
of whether caller opened another parent subtransaction (it was not the
case for create_subnetpool in base db plugin code).
- in neutron.db.l3_fip_qos, removed code that updates obj.db_model
relationship directly after corresponding insertions for child policy
binding model. This code is not needed because the only caller to the
_process_extra_fip_qos_update method refetches latest state of floating
ip OVO object anyway, and this code triggers several unit test failures.
- unit tests checking that a single commit happens for get_object and
get_objects are no longer valid for new facade objects that use reader
decorator that doesn't commit but close. This change is as intended, so
unit tests were tweaked to check close for new facade objects.