22079 Commits

Author SHA1 Message Date
Rodolfo Alonso Hernandez
872dd7f484 Use created subnet in port generator in "test_port_ip_update_revises"
We are hitting sometimes a problem in "test_port_ip_update_revises" [1].
This happens because the port created doesn't belong to the previously
created subnet. We need to enforce that the port is created in the
subnet specifically created in this test.

[1]http://logs.openstack.org/69/650269/12/check/openstack-tox-lower-constraints/7adf36e/testr_results.html.gz

Change-Id: I399f100fe30b6a03248cef5e6026204d4d1ffb2e
Closes-Bug: #1828865
2019-05-14 10:05:17 +00:00
Brian Haley
09ee934786 Use --bind-dynamic with dnsmasq instead of --bind-interfaces
Dnsmasq emits a warning when started in most neutron deployments:

dnsmasq[27287]: LOUD WARNING: use --bind-dynamic rather than
    --bind-interfaces to avoid DNS amplification attacks via
    these interface(s)

Since option --bind-dynamic is available since dnsmasq 2.63
(https://github.com/liquidm/dnsmasq/blob/master/FAQ#L239) and
we require 2.67, change to use this option instead.

Change-Id: Id7971bd99b04aca38180ff109f542422b1a925d5
Closes-bug: #1828473
2019-05-13 21:43:07 +00:00
Lajos Katona
8f6939b4f3 Change curl to osc for listing resource provider inventories
Change-Id: I4ffca16ebd1998335132747482e85dbb18be70e7
Closes-Bug: #1827418
2019-05-13 12:04:25 +02:00
Zuul
17fa84613e Merge "Add skip_if_timeout to additional MySQL migration test" 2019-05-12 15:28:58 +00:00
Zuul
76de5ada47 Merge "Fix bandit warning" 2019-05-12 12:32:21 +00:00
Zuul
71e1cb6cb9 Merge "Add info about nf_conntrack_proto_gre when ovs fw is used" 2019-05-12 01:56:27 +00:00
Zuul
8ffa02bbdb Merge "Bump Pyroute2 version to 0.5.5" 2019-05-11 12:15:09 +00:00
Zuul
77fa7114f9 Merge "Async notify neutron-server for HA states" 2019-05-10 23:13:03 +00:00
LIU Yulong
0f471a47c0 Async notify neutron-server for HA states
RPC notifier method can sometimes be time-consuming,
this will cause other parallel processing resources
fail to send notifications in time. This patch changes
the notify to asynchronous.

Closes-Bug: #1824911
Change-Id: I3f555a0c78fbc02d8214f12b62c37d140bc71da1
2019-05-10 15:37:27 +00:00
Slawek Kaplonski
b8a18dc22a Add info about nf_conntrack_proto_gre when ovs fw is used
When openvswitch firewall driver is used, it is required to load
nf_conntrack_proto_gre kernel module to make GRE tunnels from VM to VM
working properly.
This patch adds such info in ovs firewall documentation as it should be
deployer decision to load or not load this module.

This patch also adds sanity check which checks if nf_conntrack_proto_gre
module is loaded or not, and can warn user when this module is not
loaded.
It also adds loading of this kernel module in neutron devstack plugin.

Change-Id: Ic97ca00c804f0a540ee0dc53d9e4e07bf8410869
Closes-Bug: #1828053
2019-05-10 15:41:29 +02:00
Slawek Kaplonski
d83bb4f160 Add skip_if_timeout to additional MySQL migration test
Test test_forbid_offline_migrations_starting_newton from
neutron.tests.functional.db.test_migrations.TestModelsMigrationsMysql
module can also fail because of db timeouts when are running on
overloaded test node.
To not fail job because of that, this patch adds skip_if_timeout
decorator to this additional test.

Change-Id: Ia255d331cbb24e1fdd12212580e85423da242eae
Related-Bug: #1687027
2019-05-10 13:32:49 +00:00
Enyinna Ochulor
dcdb6e1c8a Fixes agent gw port creation
This prevents agent gw ports created in cases where the fip is not
serviced by a dvr enable router. Also, when the router is not DVR
enabled, deleting the gw port becomes a problem even after the router
attachments to the external network are deleted. This fix creates the
agent gw port only if the router associated with the fip is distributed.

Closes-Bug: #1810349
Co-Authored-By: Allain Legacy <allain.legacy@windriver.com>
Co-Authored-By: Matt Peters <Matt.Peters@windriver.com>
Co-Authored-By: Matt Welch <matt.welch@intel.com>

Change-Id: Ibcf087136e30535678c7600bac6ce4d621afe830
Signed-off-by: Enyinna Ochulor <enyinna.ochulor@intel.com>
2019-05-10 13:20:29 +00:00
Slawek Kaplonski
5c433a027d [DHCP] Don't resync network if same port is alredy in cache
Sometimes when port is created on dhcp agent's side, it may happend
that same port is already in network cache.
Before this patch if port with same IP address was already in cache,
resync was rescheduled because of duplicate IPs found in cache.

Now resync will be scheduled only if duplicate IP address belongs to
port with different MAC address or different id.

Change-Id: I23afbc10725f5dc78e3c63e6e505ef89ba8dc4a5
Closes-Bug: #1824802
2019-05-10 13:14:01 +00:00
Yang Li
82782d3763 Make sure the port still in port map when prepare_port_filter
The current code will remove the port from sg_port_map, but then it
won't be added into the map, when we resize/migrate this instance,
the related openflow won't be deleted, this will cause vm connectivity
problem.

Closes-Bug: #1825295
Change-Id: I94ddddda3c1960d43893c7a367a81279d429e469
2019-05-10 13:00:38 +00:00
Brian Haley
1510ab8615 Fix bandit warning
Ignore a bandit B105 warning (hardcoded_password_string)
as there is a false positive in the xenapi_root_helper code.

Change-Id: Icb97ae49df0e138d30d8baf2da1b61165adac107
2019-05-10 08:38:34 -04:00
Rodolfo Alonso Hernandez
ce1623f6be Limit monotonic to python < 3.3
Reflect the changes to openstack/requirements introduced in change
Ib8c1bf08f5fa7463911602b0df19315907c81e04.

Change-Id: I89e5370ddcd4447d2e008626256d8a465a1fa710
2019-05-10 11:25:01 +00:00
Rodolfo Alonso Hernandez
8db230ab08 FdbInterfaceTestCase interface names should be randomly generated
Change-Id: Ic97f9563ef02326780574b39395911d23d94dfcc
Closes-Bug: #1828363
2019-05-10 11:24:56 +00:00
Rodolfo Alonso Hernandez
9bc45d70c6 Error in "tc_lib._handle_from_hex_to_string" formatting
"tc_lib._handle_from_hex_to_string" should print major and minor values
in hex format, not in decimal format:
  0xMMMMmmmm -> "M:m"
  0x123A456B -> "123A:456B"

Change-Id: I91eb5d9fc58e8233c48b6aabba772cd6ff65a156
Closes-Bug: #1826570
2019-05-10 11:24:44 +00:00
Rodolfo Alonso Hernandez
d2d57371dc Bump Pyroute2 version to 0.5.5
Pyroute2 is modifying the default logger, adding NullHandler to it. If
the logger is not properly configured, like in any service or agent
spawn in Neutron, the only handler will be NullHandler. This prevents
from rendering the message passed, as when StreamHandler is used.

This issue is present only in version 0.5.4 and 0.5.5. Current Pyroute2
master version implements a new logger which removes this problem.

[1]https://github.com/svinota/pyroute2/blob/0.5.5/pyroute2/__init__.py#L78-L79

Change-Id: Ic89d8503e9d1a7f622f0c3a148bf78766b92ed08
Related-Bug: #1811515
2019-05-10 11:24:18 +00:00
Brian Haley
bd3d85807c Blacklist bandit 1.6.0 due to directory exclusion bug
Bandit 1.6.0 introduces a regression[0] with the -x option,
a fix is expected to be included in 1.6.1 soon.

[0] https://github.com/PyCQA/bandit/issues/488
[1] https://github.com/PyCQA/bandit/pull/489

Change-Id: Id944054deedd545c34fc28ccf043dd72e5f31220
2019-05-09 21:00:54 -04:00
Zuul
d0e64c6183 Merge "Fix handling of network:shared field in policy module" 2019-05-09 00:09:33 +00:00
Zuul
6381fda2b2 Merge "Fix creating policy rules from subattributes." 2019-05-08 22:49:16 +00:00
Zuul
ab8de4fee6 Merge "[Trivial fix]Remove unnecessary slash" 2019-05-08 11:06:41 +00:00
Zuul
bab0190744 Merge "Ensure dvr ha router gateway port binding host" 2019-05-08 10:10:17 +00:00
Zuul
88a0a75080 Merge "use payloads for RBAC_POLICY events" 2019-05-08 10:10:14 +00:00
Zuul
92215d40cb Merge "use publish for SEGMENT_HOST_MAPPING callback events" 2019-05-07 21:45:43 +00:00
Zuul
35f97f5b1f Merge ""add_tc_policy_class" must always assign a default value to "min_kbps"" 2019-05-07 18:08:31 +00:00
Boden R
ce0764286d use payloads for RBAC_POLICY events
This patch switches over to the payload style kwargs for RBAC_POLICY
callback events.

NeutronLibImpact

Change-Id: Ibf39013bfec7f03f76be7decf63000df3f0f6ad3
2019-05-07 08:31:54 -06:00
Zuul
1c048e30ed Merge "List ha router count should not include dvr local router" 2019-05-07 14:28:15 +00:00
Zuul
d239f06c3f Merge "Keep HA ports info for HA router during entire lifecycle" 2019-05-07 14:28:11 +00:00
Slawek Kaplonski
0396912208 Fix handling of network:shared field in policy module
Some policy rules e.g. for create_port are using rule "network:shared"
in which "shared" field is related to network resource instead of
port directly.
Because of that, "shared" was missing from "target" in policy
enforce module thus validation wasn't working properly for such rule.

This patch fixes it by adding to FieldCheck checker possibility to
get network object and use its "shared" field to validate policy.

Change-Id: I56c99883fce40c37a5ee26e6e661c0cc0783c42f
Closes-Bug: #1808112
2019-05-07 11:31:25 +02:00
LIU Yulong
3d99147e73 Ensure dvr ha router gateway port binding host
There are some extreme conditions which will result the unbound
router gateway port. Then all the centralized floating IPs will
not be reachable since the gateway port was set to 4095 tag.

This patch adds the HA status to the router related port
processing code path. If it is HA router, the gateway port
will go to the right HA router processing code branch.

Closes-Bug: #1827754
Change-Id: Ida1c9f3a38171ea82adc2f11cb17945d6e2434be
2019-05-07 16:33:44 +08:00
Zuul
2879cbc0f6 Merge "Don't count ports with inactive bindings as serviceable dvr ports" 2019-05-07 06:08:59 +00:00
Zuul
5f8bb9afc9 Merge "Use segment range exceptions from neutron-lib" 2019-05-06 17:43:39 +00:00
Boden R
99e3999975 use publish for SEGMENT_HOST_MAPPING callback events
This patch switches over to payload style callbacks for all
SEGMENT_HOST_MAPPING events.

NeutronLibImpact

Change-Id: I71888b2b72b486c32991d651cdc608adb2149500
2019-05-06 10:40:03 -06:00
zhufl
18dd598696 [Trivial fix]Remove unnecessary slash
This is to remove the unncessary slash when the line doesn't
exceed the length of 79, to make the code more readable.

Change-Id: I5e7c8d5fc6d4b3917b6e8e196f9cbcacb8807e6c
2019-05-06 17:40:55 +08:00
Zuul
a78962be63 Merge "Populate binding levels when concurrent ops fail" 2019-05-06 02:45:51 +00:00
Zuul
35031323f9 Merge "Removing unused "configure_ml2" function leftover." 2019-05-05 23:07:20 +00:00
Zuul
e1d807bbc7 Merge "Update guest IPv6 information in docs" 2019-05-05 09:10:16 +00:00
Lenny Verkhovsky
d007f2757a Removing unused "configure_ml2" function leftover.
The function "configure_ml2" [1] was removed in [2] commit.

[1]https://opendev.org/openstack/neutron/src/branch/stable/stein/devstack/lib/ml2#L9
[2]https://review.opendev.org/#/q/I835a30244c505876c1b686ceb8c32b340c12b460

Change-Id: I00fc2d2609070a8ab27cbd0892e0b1f871f782d0
2019-05-05 10:50:51 +03:00
LIU Yulong
45957f12c8 Keep HA ports info for HA router during entire lifecycle
Once HA port is set, it must remain this value no matter
what the server return. Because there is race condition
between l3-agent side sync router info for processing
and server side router deleting.

This patch adds a helper function for every ha_port set
action. If the ha_port is not None, it will always stay
with original value.

Closes-Bug: #1826726
Change-Id: I96a088d25048be02a9c5b12c1d087df075b36fc4
2019-05-05 10:34:09 +08:00
Zuul
a3a1ce4c10 Merge "Remove deprecated SR-IOV devstack file" 2019-05-04 17:49:12 +00:00
Slawek Kaplonski
9318fb8bb9 Fix creating policy rules from subattributes.
In case of policy rule checks for rules like e.g.
"create_port:fixed_ips:subnet" couldn't be created to be
passed to policy enforcer because policy module could only
create rule checks for subattributes which are dict types.

With this patch checks for such rules can be created also for
attributes which are list of dicts, like e.g. fixed_ips in port
resource.

Change-Id: I02fffe77f57a513d2362df78885d327042bb8095
Closes-Bug: #1822105
2019-05-04 19:19:53 +02:00
Brian Haley
252acc0694 Update guest IPv6 information in docs
Based on some recent questions on IPv6 address generation in
guests, update the relevant section in the docs to make it
more up-to-date.

Partial-bug: #1827489

Change-Id: Ibbf4d5458293c9c0269f6a80f5519caa175994ec
2019-05-03 12:50:16 -04:00
Zuul
4c4dc08c52 Merge "Switch neutron-tempest-dvr-ha-multinode-full job to Python 3" 2019-05-03 05:14:22 +00:00
Zuul
f386d84ae6 Merge "Switch neutron-tempest-with-uwsgi job to python 3" 2019-05-03 00:57:16 +00:00
Rodolfo Alonso Hernandez
c6db2a0e40 Remove deprecated SR-IOV devstack file
File [1] functionality is deprecated and not used anymore in
devstack.

Along with this file, the function "configure_ml2" [2] should be
removed. This function is not used anymore [3].

[1]https://opendev.org/openstack/neutron/src/branch/stable/stein/devstack/lib/ml2_drivers/sriovnicswitch
[2]https://opendev.org/openstack/neutron/src/branch/stable/stein/devstack/lib/ml2#L9
[3]http://codesearch.openstack.org/?q=configure_ml2&i=nope&files=&repos=

Change-Id: I835a30244c505876c1b686ceb8c32b340c12b460
Closes-Bug: #1827089
2019-05-02 17:17:27 +00:00
Zuul
c8047fb747 Merge "Reorder classless static route (RFC3442) records" 2019-05-02 00:46:46 +00:00
Kailun Qin
7dee6e4ec0 Use segment range exceptions from neutron-lib
There are a few places in network_segment_range service plugin in
Neutron that are not yet using the exceptions from neutron-lib.
After the merge of [1], this patch addresses these TODOs by switching
all uses of segment range exceptions to use neutron-lib.

[1] https://review.openstack.org/640777

Partially-implements: blueprint network-segment-range-management
Change-Id: I5b254de25c2781422437ab7d94b6f19dfc747efd
2019-05-02 07:03:30 +08:00
Zuul
cd6809e143 Merge "Trivalfix: set the right function to fip qos test" 2019-05-01 20:22:34 +00:00