Firewall drivers check if port security is enabled. After ovo is sent
over the wire, the port_security_enabled is part of 'security' field.
The patch translates the RPC call from agent to server so the payload
containing port_security_enabled is at the same place.
We may consider implementing change of OVO field to contain boolean
directly.
Change-Id: I647343e84b41da63d7ffcc5a87f3dfa2036adc56
Closes-bug: #1605654
This patch is the agent side patch that takes care of configuring
the centralized floatingips for the unbound ports in the snat_namespace.
Change-Id: I595ce4d6520adfd57bacbdf20ed03ffefd0b190a
Closes-Bug: #1583694
Plugins may add attributes to subnets, in which case simple equality
check will fail. Instead of comparing bodies, compare just IDs. It
should be enough to achieve the goal of the test case.
Change-Id: Iebc22f99285777df7de499c713b2bc1e38e0bd62
Closes-Bug: #1706986
This patch added a validator to logging api for checking resource bound
(sg or port is exist or not, ...) and validating whether or not supporting
logging type on each port when we create a log object by specific port_id.
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Change-Id: I10f2441fc2c7bdbda51b05002549b235743a7deb
Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
Before walking through migration scripts that belong to the release
under development, we should first execute all scripts for the latest
official release because it serves a convergence point. Without it, we
can't guarantee that calling --expand will succeed because some of new
scripts may depend on schema state that is defined by contract scripts.
Change-Id: I501b38900fb2f4409839ecd09be4d937cf20c6a9
Related-Bug: #1671634
prelude section is prepared for general comments about a release [1].
At now neutron release notes use prelude section randomly.
Some rel notes use it and some do not.
This commit drop or move prelude section in Pike release notes.
In addition, some guideline on writing a release note
to the release notes howto page.
Change-Id: I53fefcc3eed30700d095c77d9e000319668097e8
reno includes release notes touched in a target release
even if they are added from past releases.
The recent release note cleanup I made as part of doc8 adoption
and some other cleanup touched release notes from past releases.
As a result, we see several number of release notes from past
release in the Pike release notes unexpectedly.
Also adds a warning note to the release notes howto page
Change-Id: I127f96896488e9992d9309d76055b4883f6a62f3
Closes-Bug: #1708560
'description' attribute of floating IPs is part of
standard-attr-description API extension, so using it in the test case
without requiring the extension is incorrect. But instead of adding the
new requirement, this patch removes 'description' from the floating IP
payload because it's not needed to prove the point of the test case
(that an empty update body will disassociate the floating IP).
Change-Id: I9ab5b0ba5f32f73818f8eac8a0001eeb13248423
Similarly to filtered ports this patch caches so called trusted ports to
avoid processing in case of unknown port is passed down to firewall
driver. The cached ofport is used for removal as the cache reflects
currently installed flows.
The patch also catches exception caused by inconsistency coming from
ovsdb.
Closes-bug: #1707339
Change-Id: I15cdb28072835fcb8c37ae4b56fc8754375a807c
This patch introduces a workaround on the Neutron side
for bug 1705351 that results in the Neutron server blocking
trying to send to topics the agents no longer subscribe to.
The workaround is to just subscribe to those topics and do
nothing with the messages that come in until oslo.messaging
can properly recover from loss of listeners.
Change-Id: I946a33dfd0c0da26bb47b524f75f53bf59d3fbd5
Closes-Bug: #1705351
Change If1eb4046865f43b15ba97c52e2d0b9343dc72c19 fixed bugs 1666493 and 1655567
that reported exception IpAddressAlreadyAllocated being raised during the
creation of IPv6 auto-address subnets. This patchset removes code that was
added by change I22b8f1f537f905f4b82ce9e50d6fcc5bf2210f9f to root-cause these
bugs.
By removing log statements, this patchset contributes to reduce the
'Neutron log obesity epidemic'
Change-Id: I28c58dc4a957df833d277f0d08ce831c7ee07c68
Partial-Bug: #1707307
In upgrade scenario, this is a regular case (no agents created the
exchange, so fanout is ineffective), so logging it using ERROR level is
misleading and against guidelines.
Change-Id: If098071c9c19490af7eb0863dbab83e488019bd7
Related-Bug: #1705351
Increment the revision number when RBAC policies are
changed since it impacts the calculation of the 'shared'
field.
Closes-Bug: #1708079
Change-Id: I4c7eeff8745eff3761d54ef6d3665cf3dc6e6222
This patch I3d0981fbe30f2436f00c200919b50aeb97491252
resolved custom kernel version, but introduced a bug
for the 3.x series. This patch avoids the replacement
in the case of the 3.x series.
Closes-Bug: #1704077
Co-Authored-By: Moshe Levi <moshele@mellanox.com>
Change-Id: Iff1c5a39fe4b0d9320910d0cfafdd36873825d03
This test has been disabled since [1].
But it seems the failure ratio is not so high with
the current code. Let's re-enable it now and see how it goes.
Note: This same test has been enabled on the gate jobs for
other implementation for a while. It doesn't fail much there
either. (networking-midonet)
[1] I37f1488db258f6a4d383fb472cb5433c65371ac5
Related-Bug: #1662109
Change-Id: Ia39c73189ad8a3331c1911989fe69428f064f7a6
Current ovsfw implementation does not take care of the different
MACs in allowed_address_pairs with the VM's MAC.
This patch use the following method to fix this issue:
1. Do not check dl_src in table=72 because table=71 has checked
dl_src for Egress.
2. Add all allowed MACs in table=0 and table=73 for Ingress.
3. Do not check dl_dst in table=82 because this check has done
in table=0 and table=73.
4. Delete allowed MACs in table=0 and table=73 when needed.
Change-Id: Iad59096f0c9855ebfd4a0d5b447e73b443d66c1d
Closes-Bug: #1697593
This is to eliminate the following messages that fill the
OVS agent logs:
ovsdbapp.backend.ovs_idl.vlog [-] [POLLIN]
Change-Id: I00010ef600a4185b7628318bb88971d978b9fe67
Partial-bug: #1707307
The push notification resource cache will already give us
the port update and delete notifications so there is no need
to log here now.
Change-Id: I6000691dfd61facf47d70360d4050cfdefc3e7e2
Partial-Bug: #1707307
A regular gate run shows this was logged ~2500 times.
It doesn't provide any useful information since the
command executed successfully and we can see the
issued command in the debug statement before it.
Partial-Bug: #1707307
Change-Id: I431d6a59ce36deb9a5fb9deef39655d28d71f24d
We need to check if the results from a bulk_pull are stale because
the resource might have been updated and concurrently pushed from
the server while the bulk_pull query was being fulfilled.
Change-Id: I755a1cb2e0037ec2316161a09ad462bc4b09f397
Closes-Bug: #1707699
There are several places where base class setUp() method call was
called unnecessary. In this patchset, they are removed.
TrivialFix
Change-Id: I2961fa4a0216f7f1223ab87a249151f0feb91518
