This patch also removes config of osprofiler middleware in api-paste.ini
file in neutron-tempest-iptables_hybrid job as this middleware is
currently enabled by default.
Some L3 ports can directly modify the IP address now,
but there are some types of device_owner, for instance
network:router_centralized_snat, should not allow to
change the IP address, otherwise it will increase L3
agent code complexity.
Since router public gateway port is related to the
external network, and this port can be used for some
service, like VPN. So after this patch we will only
allow the gateway port to update the IP address
directly, aka device_owner network:router_gateway.
The following l3 router ports will not be allowed to
directly update the IP address:
Remove one unit test case since it will not occur in
This patch enables to bind a QoS policy to the router gateway,
then in L3 agent side SNAT traffic for the VMs without floating
IPs can be limited under the policy bandwidth rules. This is
suit for all kinds of L3 routers: DVR, DVR with SNAT HA, L3 HA
API update router gateway json:
Partially-Implements blueprint: router-gateway-ip-qos
In the Neutron CI meeting on 2018-10-02  we decided on the proper
approach for fullstack testing of Neutron in Zuul. The approach is:
1. There should be only one fullstack CI job, named "neutron-fullstack"
2. The neutron-fullstack job should invoke python3 in tox.ini
This change implements the agreed-upon approach.
Switching the nodeset to newer OS will be handled in a separate step
Co-Authored-By: Nate Johnston <email@example.com>
Add support for listing floating ip pools (subnets).
A new API resource ``floatingip-pools`` is introduced.
This API endpoint can return a list floating ip pools
which are essentially mappings between network UUIDs and
subnet CIDRs. Users can use this API to find out the pool
to create the floating IPs.
* neutron-lib: https://review.openstack.org/#/c/556674/
* tempest-plugin: https://review.openstack.org/#/c/562038/
APIImpact add floatingip pools api
The gate_hook.sh file uses `tempfile`, which does not exist in Fedora
28. In Ubuntu it is marked as deprecated in favor of `mktemp`, which
does exist in Fedora 28. Since we would like to add a set of tests
running on Fedora 28 it makes sense to replace references to `tempfile`
virt_type option in nova-compute will be now set to "kvm" instead
of "qemu" if test job will be running on node which supports
In case of nodes where it's not supported, devstack will
automatically switch it to "qemu" again. It's in .
This should improve time of booting vms so tests should be finished
faster and there should be less errors with ssh to instance timeouts.
Enforce validation on filter parameters on list requests.
If an API request contains an unknown or unsupported parameter,
the server will return a 400 response instead of silently ignoring
the invalid input.
In resource attributes map, all filter parameters are annotated by
the ``is_filter`` keyword. Attributes with is_filter set to True
are candidates for validation.
Enabling filter validation requires support from core plugin and
all service plugins so each plugin need to indicate if it supports
the validation by setting ``__filter_validation_support`` to True.
If this field is not set, the default is False and validation is
turned off. Right now, the ML2 plugin and all the in-tree service
plugin support filter validation. Out-of-tree plugins will have
filter validation disabled by default.
An API extension is introduced to allow API users to discover this
new API behavior. This feature can be disabled by cloud operators
if they choose to do that. If it is disabled, the extension won't
Functionality is added to the ML2 plugin to handle multiple port
Co-Authored-By: Anindita Das <firstname.lastname@example.org>
Co-Authored-By: Miguel Lavalle <email@example.com>
In before, filtering of AZs is using the filter implementation of
agents. To filter the AZs, users need to find the AZ fields to filter,
locate their corresponding fields in agent, and compile the filters
based on the mapping between AZ and agent. This is undesirable.
This patch improve the filtering of AZ by converting the AZ filters
to agent filters. The supporting AZ filters are:
* name: the name of the availability zone
* state: the value is either 'available' or 'unavailable'
* resource: the value is either 'network' or 'router'
NOTE: For backward-compatibility, the old filters still works but
its usage is discourage.
APIImpact: Add filters to specify attributes of availability zones
Ensure that host routes are maintained for each subnet within
a network. Subnets associated with different segments on the
same network get host_routes entries added/removed as subnets
are created, deleted or updated.
This change handle the host_routes for the peer subnets on the
same network when a subnet is created or deleted.
Also adds a shim api extension.
APIImpact: Host routes are now calculated for routed networks.
Passing 'null' (None) as the mac address in a port update
request causes the port's mac address to be re-generated
using the base MAC address Neutron uses for VIFs.
This change implementes a temporary lib api definition
with a new converter that will generate valid mac if the
data provided is None.
APIImpact: Port mac_addr regenerated if None passed on update.
In commit  openvswitch firewall driver is switched to be
default one used in devstack.
So various tempest jobs will use this driver and it will be
We now need separate job to test non-default firewall driver
which currently is iptables-hybrid driver.
In some test jobs, like fullstack and ovsfw-scenario job
openvswitch kernel module is compiled from source before tests.
This compilation was failing because of new kernel 4.4.0-127 provided
Kernel module will be compiled from source which contains
fix for this change in kernel.
See related openvswitch commit message for details:
As current Ubuntu uses ovs 2.9.0 we don't need to compile ovs for
ovsfw-scenario-job anymore because fix we needed is already contained
in ovs 2.9.0.
This will enable users to filter list of results with attributes
with empty value. For example, the request below will list
all unbound ports (unbound ports have blank device_id).
The tag and tag_ext extensions are deprecated for removal, but are not
used widely today . Rather than rehoming these extensions to
neutron-lib and carrying out their deprecation life-cycle for no
apparent reason, this patch proposes we just remove them now.
While  initially removed these extensions, we had to revert
them with .
It looks that many scenario tests are failing because of too long
instance booting time and reached ssh timeout during checking
So longer timeout should solve this problem and tests should
not fail with this reason.
It looks this patch breaks Zun's gate. The reason might be
that Zun depends on Kuryr-libnetwork which still use the
legacy tag extension. I propose to revert this for now and
give the kuryr team some time to migrate to the new extension.
This reverts commit 38148d1752.
This patch allows users to filter ports depending on security groups.
In addition to that I added a unit test to verify this change.
TODO: move security_groups_port_filtering_lib.py into neutron-lib.
We still run API tests agains logging API and the job has OVS enabled.
As all linuxbridge flavors contain same string, this patch changes when
logging service plugin is configured which is always but in linuxbridge
Current implementation of the agent l2 extension is not compatible with
linuxbridge. More work should happen before it's possible to enable it
Neutron currently supports filtering ports by matching the exact
IP address. This patch adds support for substring matching using
"LIKE" SQL operator.
This patch also added a new API extension to show whether or not
the substring matching capability is available.
APIImpact add IP address substring filtering on listing ports
Co-Authored-By: Zhenyu Zheng <firstname.lastname@example.org>