* Update the URLs affected by the doc-migration
(/developer/<project>/ to <project>/latest/)
* Follow content rearrangement
* Convert links to local documents into :doc: or :ref:
* Use https instead of http for the updated links on docs.openstack.org.
Part of the doc-migration work.
Change-Id: I62e317d9198f175a43d73bbfd419b6878de90d5a
A default security group will be assigned to a port if
and only if the security group attribute is not set on
the port being created. If the attribute is set then we
do not need all of the extra logic of ensuring that the
default security group exists.
This change save a few cycles, more specifically we do not need to
read from the DB or create a default security group if the
default will not be used.
TrivialFix
Change-Id: Ib072c2753862ce0709a67942527e9c6241130042
This adjusts the record_resource_delete method to ignore duplicate
calls to the same resource ID so we don't generate multiple
AFTER_DELETE callbacks for the same thing.
This can happen in security groups if a security group is deleted
and the local handler starts deleting SG rules and then we receive
an explicit rule deletion from the server triggered by the user.
Change-Id: I8ff58e178641328fe8fed526399e9aa9bef82a6f
Partially-Implements: blueprint push-notifications
This removes the network_id from the network_map dict when
a network is deleted on the Linux Bridge agent.
Change-Id: I0bd3be91626fd7c4e258c35041bb92130ee23182
Closes-Bug: #1705185
If network_deletes are received before port creates
are processed, the agent might not have the network in
it's map even though it has a bridge to delete.
This adjusts the logic to always try to delete the bridge
corresponding to a network_id even if it's not in the
network_map yet.
Change-Id: I5e72bff2ffd9568f272ed48187ad543ab5a3d1ec
Closes-Bug: #1698271
This was deprecated over a year ago in [1] so let's
get rid of it to clean up some code.
1. Ib63ba8ae7050465a0786ea3d50c65f413f4ebe38
Change-Id: I6039fb7e743c5d9a1a313e3c174ada36c9874c70
A few plugins that have API defs in neutron-lib still inherit from
ExtensionDescriptor and thus return their def's values. This patch
changes them to inherit from APIExtensionDescriptor which handles
returning these values for you.
In addition neutron-lib's APIDefinitionFixture is used in the
AttributeMapMemento to ensure API def maps are handled accordingly.
Change-Id: Ibf2e8367be65b7bb15359d81286883540b566e92
In Kernel 4.8 we introduced Traffic Control (TC see [1]) hardware offloads
framework for SR-IOV VFs which allows us to configure the NIC [2].
Subsequent OVS patches [3] allow us to use the TC framework
to offload OVS datapath rules.
This patch allow OVS mech driver to bind direct (SR-IOV) port.
This will allow to offload the OVS flows using tc to the SR-IOV NIC
and gain accelerate OVS.
[1] https://linux.die.net/man/8/tc
[2] http://netdevconf.org/1.2/papers/efraim-gerlitz-sriov-ovs-final.pdf
[3] https://mail.openvswitch.org/pipermail/ovs-dev/2017-April/330606.html
DocImpact: Add SR-IOV offload support for OVS mech driver
Partial-Bug: #1627987
Depends-On: I6bc2539a1ddbf7990164abeb8bb951ddcb45c993
Change-Id: I77650be5f04775a72e2bdf694f93988825a84b72
This patch introduces and integrates Oslo-Versioned Objects for the
DistributedVirtualRouter mac address model class.
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Co-Authored-By: Victor Morales<victor.morales@intel.com>
Change-Id: I3b8a213a7daf95d2492b48ae59d3ad534911e1bb
The patch relies on the fact that traffic not going from instance
(and thus port not managed by firewall) is tagged. Traffic coming from
the instance is not tagged and thus net register is used for marking
such traffic. These two approaches make matching rules unique even if
two ports from different networks share its' mac addressess.
Traffic coming from trusted ports is marked with network in registry
so firewall can decide later to which network traffic belongs.
Closes-bug: #1626010
Change-Id: Ia05d75a01b0469a0eaa82ada67b16a9481c50f1c
Unbound ports that are associated with a Floating IP and connected to
DVR Routers will not be serviced by the DVR Routers, unless we bind it
to a valid host.
This server side patch allows the neutron server to schedule the
unbound port Floating IP on the network node or the node with dvr_snat
agent where the SNAT functionality resides.
The DNAT rules for the unbound ports will be configured in the SNAT
namespace on the network node.
Related-Bug: #1583694
Change-Id: I05d0bfb3fa275b1e4e479928000cf8494da858f6
After an upgrade we can get NotFound exceptions from AMQP after there
are no longer any agents interested in listening to that exchange.
These should be ignored and not propagated up since they don't indicate
any kind of issue.
However, oslo messaging is not translating the exceptions into an
oslo.messaging exception so there is no way to catch them without
importing amqp directly.
As a workround to unblock Ironic, this patch just proposes a generic
catch of all exceptions during a cast. These casts occur after work
has been done so raising them back to the user doesn't do anything
useful anyway.
Once we have an oslo.messaging exception to catch we can narrow it to
that.
Change-Id: I15cc2d6ae48e505c2da121880e27481dedf36d3b
Partial-Bug: #1705351
This change moves the strip_vlan action from RULES_INGRESS/82 to
TRANSIENT_TABLE after the point where the traffic from local VM ports
has been moved to BASE_EGRESS. A reason for this move is that strip_vlan
is only needed for traffic *not* coming from VM ports and coming on a
patch port from br-*, and that it is hence simpler do do the strip_vlan
in TRANSIENT_TABLE rather than in mutliple places that also happen to be
common with traffic from local VMs.
This change also addresses another need:
I16a35b5d6c54901899d24fc94bd3438c1f1be05e results in add_flow being
possibly done with an Openflow version higher than OF1.0. The
strip_action as currently done is not compatible with OF>1.0, because
later versions require matching on dl_vlan first (the "strip vlan if
there is one" behavior of OF1.0 is not supported anymore). For this
reason this change adds a match on dl_vlan for the strip_vlan rule.
Change-Id: I76ee34a614237bbc99989ce9c1b96a30456be282
This will help us debug why flows are unexpectedly being
cleaned up if the related bug ever resurfaces.
Related-Bug: #1697243
Change-Id: I517b16c550037f41a5f4915b98963c2232daa78c
Use the new constraint interface on the context rather than
setting an ugly attribute.
Depends-On: I6bc2539a1ddbf7990164abeb8bb951ddcb45c993
Related-Bug: #1493714
Change-Id: I9142ca96a40092b2a4c94920c4ded9bbc3a0b35b
Neutron repository has the networking guide in admin/,
so we cannot just import the admin guide contents into admin/
as it potentially breaks the existing document structure of
the networking guide. This commit imports the admin guide
into admin/archives directory so that the team can migrate them
into the networking guide after careful reviews.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I1f99f225a6f58654911ed827f51d3d4de67f405d
Enable a callback to be bound for deletion of routers.
A use case for this is in the NSX plugins, here a load
balancer needs to be connected to an existing router.
If one tries to delete the router then we would like to
prevent that if a load balancer is attached.
Change-Id: Ie0c422578acaa94e8e34c15beca9f18691a3abc6
Extend existing quota api to report a quota set. The quota set
will contain a set of resources and its corresponding reservation,
limits and in_use count for each tenant.
DocImpact:Documentation describing the new API as well as the new
information that it exposes.
APIImpact
Co-Authored-By: Prince Boateng<prince.a.owusu.boateng@intel.com>
Change-Id: Ief2a6a4d2d7085e2a9dcd901123bc4fe6ac7ca22
Related-bug: #1599488
Drops unit tests related to fwaas policies.
Tests related to get_firewall_policy/rule are also unnecessary.
They have been migrated to neutron-fwaas already.
Closes-Bug: #1703347
Depends-On: I6dc6b2295a605444c918e44949f4b1485177e82e
Change-Id: Ie866f140fd4e5537ff0d757304ab5279f0cf0a79
The following Read-only property has moved in Pike [1].
os_adm -> os_admin
os -> os_primary
[1] I9f7c13da05a8c4a63529c11aa6213a7269abee6d
Ie4cf457d0a521910a82e41e7dad775df75d56587
Change-Id: I512048211888c3db40f95a084164e3add47e3588
Adding mtu parameter to check_remote_connectivity function.
When given, send packets of that size.
If fragmentation flag is False, then don't fragment the packets.
Change-Id: I5f2742b6e8fd894fcfe4c0e2a7eb4a14d2594dd4
