Commit Graph

327 Commits

Author SHA1 Message Date
Kevin Benton
e2ea0b4652 Drop the web_framework option
This option is no longer needed as we have switched to pecan
and will be deleting the legacy API layer.

Implements: blueprint wsgi-pecan-switch
Change-Id: Ib153d75bb10375e048a8417139873bdf9dca8769
2017-09-13 15:11:38 -07:00
Jenkins
e6dc39518c Merge "Allow to disable DNS server announcement per subnet" 2017-09-09 03:04:59 +00:00
Jens Harbott
584b7561c1 Allow to disable DNS server announcement per subnet
Currently there is no way to have DHCP agents not announce DNS servers
for a subnet. The current behaviour when the dns_nameservers option is
set to '0.0.0.0' is that each agent will only announce itself instead of
announcing the list of all dhcp agents for that subnet, which seems not
too useful. So we redefine the meaning of this option to instruct the
DHCP agent to not announce any DNS server in that case.

Actually, going back to square one, it would be more natural to swap the
meaning of "option unset" and "option 0.0.0.0", but that would change
the default behaviour for all existing installation and thus does not
seem feasible.

Change-Id: I32d943360162c483ac1364100a21ab56b13517fb
Closes-Bug: 1311040
2017-09-07 19:20:18 +00:00
IWAMOTO Toshihiro
f711ad78c5 Validate security group rules for port ranges
Port ranges validation has been done only for TCP and UDP.
Use the same validation logic for DCCP, SCTP and UDP-Lite, too.

APIImpact
DocImpact

Change-Id: Ife90be597d1a59a634d5474dad543dc1803e8242
2017-09-07 16:12:05 +09:00
Jenkins
b503b32624 Merge "DVR: Provide options for DVR North/South routing centralized" 2017-08-12 13:08:29 +00:00
Jenkins
eb0eb01029 Merge "Add port dns_domain processing logic" 2017-08-11 13:53:52 +00:00
Jenkins
d225b86738 Merge "Deprecate web_framework option" 2017-08-11 07:06:29 +00:00
Kevin Benton
a6a2d4d134 Deprecate web_framework option
We didn't quite get around to pulling out all of the old API
code before the end of the cycle so we should deprecate this
option to make sure people don't use it.

Change-Id: Idf9d497bbccdb89c6e5898611d1cad9a18b1bcbb
Implements: blueprint wsgi-pecan-switch
2017-08-11 01:11:19 +00:00
Ihar Hrachyshka
f21c7e2851 Allow to set/modify network mtu
This patch adds ``net-mtu-writable`` API extension that allows to write
to network ``mtu`` attribute.

The patch also adds support for the extension to ml2, as well as covers
the feature with unit and tempest tests. Agent side implementation of
the feature is moved into a separate patch to ease review.

DocImpact: neutron controller now supports ``net-mtu-writable`` API
           extension.
APIImpact: new ``net-mtu-writable`` API extension was added.

Related-Bug: #1671634
Change-Id: Ib232796562edd8fa69ec06b0cc5cb752c1467add
2017-08-11 00:57:34 +00:00
Swaminathan Vasudevan
9515c771e7 DVR: Provide options for DVR North/South routing centralized
DVR supports both East/West and North/South routing. While the
SNAT is centralized the DNAT is mostly distributed. There are
certain circumstances where the DNAT might be centralized when
the ports are unbound.

In order to have a well defined behavior and when there are
no external network connectivity available in the compute host,
the DNAT functionality is centralized.
In order to achieve this we are introducing a new agent type
option 'dvr_no_external' to centralize the DNAT.

This new L3 agent type ('dvr_no_external') would only allow the East/West
routing to occur in the compute host and the DNAT or Floating IP will be
configured in the centralized network node.

Change-Id: Ia5d7336e478e0fa5ba62b7ae5ed0c56656116d94
Partial-Bug: #1667877
2017-08-10 23:40:31 +00:00
Miguel Lavalle
4a77533259 Add port dns_domain processing logic
This patchset adds logic to the ML2 DNS integration extension to process
a new dns_domain attribute associated to ports.

This patchset belongs to a series that adds dns_domain attribute
functionality to ports.

DocImpact: Ports have a new dns_domain attribute, that takes precedence
           over networks dns_domain when published to an external DNS
           service.

APIImpact: Users can now specify a dns_domain attribute in port POST and
           PUT operations.

Change-Id: I02d8587d3a1f9f3f6b8cbc79dbe8df4b4b99a893
Partial-Bug: #1650678
2017-08-08 18:42:43 -05:00
Swaminathan Vasudevan
8b4bb9c0b0 DVR: Configure centralized floatingips to snat_namespace.
This patch is the agent side patch that takes care of configuring
the centralized floatingips for the unbound ports in the snat_namespace.

Change-Id: I595ce4d6520adfd57bacbdf20ed03ffefd0b190a
Closes-Bug: #1583694
2017-08-08 10:44:45 -07:00
Jenkins
d224effd26 Merge "Do not use prelude section for individual release notes" 2017-08-08 11:25:46 +00:00
Akihiro Motoki
010b133938 Do not use prelude section for individual release notes
prelude section is prepared for general comments about a release [1].
At now neutron release notes use prelude section randomly.
Some rel notes use it and some do not.

This commit drop or move prelude section in Pike release notes.

In addition, some guideline on writing a release note
to the release notes howto page.

Change-Id: I53fefcc3eed30700d095c77d9e000319668097e8
2017-08-04 07:17:52 +00:00
Gary Kotton
49a0555129 Remove configuration options max_fixed_ips_per_port
This was marked as deprecated in Newton.

Related-bug: #1502356

Change-Id: Iafaa340a9291e1ee84e776ddfffc5f870f7e67e2
2017-08-02 22:09:56 -07:00
Jenkins
ef4119f83a Merge "[Tempest] Running Trunk test with advanced image only" 2017-07-28 11:17:09 +00:00
Genadi Chereshnya
314277286d [Tempest] Running Trunk test with advanced image only
1)Adding 'image_is_advanced' option to tempest config, so you can
run specific tests with images that are not cirros.
2)Adding decorator to run 'subport_connectivity' test with such
image for VLAN aware VM feature.
3)Configuring gate to run trunk test with ubuntu image only
4) Updating release notes and TESTING.rst with the change

Change-Id: Ie15b0e79c6ea320322b2815fb8afbc8ec95f853a
2017-07-25 10:21:58 -07:00
Jenkins
8718d5c2b6 Merge "Tag mechanism supports resources with standard attribute" 2017-07-25 10:31:40 +00:00
Hirofumi Ichihara
96f0142b80 Tag mechanism supports resources with standard attribute
Tag mechanism supports network, subnet, port, subnetpool
router resources only. This patch allow tag mechanism to support
 resources with standard attribute.

Two old extenions are kept because of backward compatibility.
They will be removed in Queens release.

APIImpact: Tag is supported by resources with standard attribute
DocImpact: allow users to set tags on resources with standard attribute

Change-Id: Id7bb13b5beb58c313eea94ca03835d3daf5c94bc
Closes-Bug: #1682775
2017-07-25 08:14:04 +09:00
Jenkins
b293b59b81 Merge "Update the documentation link for doc migration" 2017-07-24 20:18:26 +00:00
Akihiro Motoki
d3c393ff6b Update the documentation link for doc migration
* Update the URLs affected by the doc-migration
  (/developer/<project>/ to <project>/latest/)
* Follow content rearrangement
* Convert links to local documents into :doc: or :ref:
* Use https instead of http for the updated links on docs.openstack.org.

Part of the doc-migration work.

Change-Id: I62e317d9198f175a43d73bbfd419b6878de90d5a
2017-07-22 18:46:13 +09:00
Jenkins
d83ef90d7d Merge "Remove deprecated prevent_arp_spoofing option" 2017-07-22 02:50:08 +00:00
Jenkins
9cb907cfb1 Merge "hardware offload support for openvswitch" 2017-07-21 20:01:29 +00:00
Kevin Benton
01a97d926c Remove deprecated prevent_arp_spoofing option
This was deprecated over a year ago in [1] so let's
get rid of it to clean up some code.

1. Ib63ba8ae7050465a0786ea3d50c65f413f4ebe38

Change-Id: I6039fb7e743c5d9a1a313e3c174ada36c9874c70
2017-07-20 13:57:14 -07:00
Moshe Levi
8ff25e725e hardware offload support for openvswitch
In Kernel 4.8 we introduced Traffic Control (TC see [1]) hardware offloads
framework for SR-IOV VFs which allows us to configure the NIC [2].
Subsequent OVS patches [3] allow us to use the TC framework
to offload OVS datapath rules.

This patch allow OVS mech driver to bind direct (SR-IOV) port.
This will allow to offload the OVS flows using tc to the SR-IOV NIC
and gain accelerate OVS.

[1] https://linux.die.net/man/8/tc
[2] http://netdevconf.org/1.2/papers/efraim-gerlitz-sriov-ovs-final.pdf
[3] https://mail.openvswitch.org/pipermail/ovs-dev/2017-April/330606.html

DocImpact: Add SR-IOV offload support for OVS mech driver
Partial-Bug: #1627987
Depends-On: I6bc2539a1ddbf7990164abeb8bb951ddcb45c993

Change-Id: I77650be5f04775a72e2bdf694f93988825a84b72
2017-07-20 23:03:47 +03:00
Sergey Belous
a8109af65f Extend Quota API to report usage statistics
Extend existing quota api to report a quota set. The quota set
will contain a set of resources and its corresponding reservation,
limits and in_use count for each tenant.

DocImpact:Documentation describing the new API as well as the new
information that it exposes.
APIImpact

Co-Authored-By: Prince Boateng<prince.a.owusu.boateng@intel.com>
Change-Id: Ief2a6a4d2d7085e2a9dcd901123bc4fe6ac7ca22
Related-bug: #1599488
2017-07-17 20:51:48 +00:00
Jenkins
bea5cd24a9 Merge "New API call to get details of supported QoS rule type" 2017-07-12 20:21:59 +00:00
Sławek Kapłoński
2cc547241c New API call to get details of supported QoS rule type
This commit adds new API call that allows to discover
details about supported QoS rule type and its parameters
by each of loaded backend drivers.

DocImpact: New call to get details about supported
           rule_type for each loaded backend driver
ApiImpact

Change-Id: I2008e9d3e400dd717434fbdd2e693c9c5e34c3a4
Closes-Bug: #1686035
2017-07-11 14:24:17 +00:00
Jenkins
d7513cff4a Merge "Allow to set UDP ports for VXLAN in Linuxbridge agent" 2017-07-10 17:18:33 +00:00
Jenkins
59006183e1 Merge "API compare-and-swap updates based on revision_number" 2017-07-09 18:17:59 +00:00
Gyorgy Szombathelyi
d7c4428525 Allow to set UDP ports for VXLAN in Linuxbridge agent
Introduce vxlan.{udp_srcport_min, udp_srcport_max and udp_dstport}
for setting the port range used for VXLAN communication.

Change-Id: I97999988090eee7aee9b533ac1dad2de95b29cbe
Closes-Bug: #1483853
DocImpact:  vxlan.{udp_srcport_min, udp_srcport_max and udp_dstport}
can be used to set UDP port numbers used for VXLAN in LinuxBridge
agent.
2017-07-07 10:53:44 +02:00
Kevin Benton
7f17b4759e API compare-and-swap updates based on revision_number
Allows posting revision number matching in the If-Match header
so updates/deletes will only be satisfied if the current revision
number of the object matches.

DocImpact: The Neutron API now supports conditional updates to resources
           that contain the standard 'revision_number' attribute by
           setting the revision_number in an HTTP If-Match header.
APIImpact

Partial-Bug: #1493714
Partially-Implements: blueprint push-notifications
Change-Id: I7d97d6044378eb59cb2c7bdc788dc6c174783299
2017-06-29 22:50:12 +00:00
Jenkins
2ce4f19afd Merge "Ingress bandwidth limit rule in Linuxbridge agent" 2017-06-22 13:59:07 +00:00
Sławek Kapłoński
da646496e3 Ingress bandwidth limit rule in Linuxbridge agent
Add support for QoS ingress bandwidth limiting in
linuxbridge agent.
It uses traffic shaping done by tc with tbf qdisc.

DocImpact: Ingress bandwidth limit in QoS supported by
           Linuxbridge agent

Change-Id: Id495b302d31f5527db3e45b51517bc53153e7fc2
Partial-Bug: #1560961
2017-06-22 08:20:48 +00:00
Jenkins
dd52e9fbb8 Merge "Revert "Change list of available qos rules"" 2017-06-22 00:21:04 +00:00
Jenkins
817ca843fa Merge "Add support for ingress bandwidth limit rules in ovs agent" 2017-06-15 03:19:53 +00:00
Sławek Kapłoński
2d0d1a2d76 Add support for ingress bandwidth limit rules in ovs agent
Add support for QoS ingress bandwidth limiting in
openvswitch agent.
It uses default ovs QoS policies on bandwidth limiting
mechanism.

DocImpact: Ingress bandwidth limit in QoS supported by
           Openvswitch agent

Change-Id: I9d94e27db5d574b61061689dc99f12f095625ca0
Partial-Bug: #1560961
2017-06-14 11:11:43 +00:00
Ihar Hrachyshka
6ad51779f3 Revert "Use vif_type='tap' for LinuxBridge for consistency"
This reverts commit 1b987be2b5.

This probably triggered a race between nova and l2 agent when
hot-detaching VIFs.

Change-Id: I2fc20666d43942446878da358ccf4472e04ad94c
Related-Bug: #1696125
2017-06-08 11:27:59 -07:00
YAMAMOTO Takashi
55d810c7e6 Revert "Change list of available qos rules"
This reverts commit 3299cdffae.

At least, there's a user which relies on the previous
semantics. (Our tempest plugin)
We should not change API semantics lightly
in an incompatible way.

Closes-Bug: #1694396
Related-Bug: #1694190
Change-Id: I88a216951d8996ac8bc90078b4239f0d25392e58
2017-05-30 08:12:28 +00:00
Jenkins
3c2ce67efe Merge "VXLAN multicast groups in linuxbridge" 2017-05-30 00:55:21 +00:00
Jiri Kotlin
8a596f35bb VXLAN multicast groups in linuxbridge
Enable creation of VXLANs with different multicast addresses allocated
by VNI-address mappings. Dictionary of multicast addresses and
corresponding VXLAN VNI IDs should be loaded from settings. Usable to
not flood whole network when managing routers between more datacenters
and can not use L2population because VXLAN points to external device.

Co-Authored-By: Kevin Benton <kevin@benton.pub>
DocImpact: VXLAN addresses used by linux bridge can be specified per VNI
Closes-Bug: #1579068
Change-Id: I24f272ccd6d61d9fa7ea3b6f256fabd381f5434a
2017-05-29 14:08:19 -07:00
Rodolfo Alonso Hernandez
9d69822e43 Add "default" behaviour to QoS policies
This patch implements the "default" behaviour for QoS policies.
If this flag is enabled for a QoS policy in a project, all
new networks created will have this QoS policy assigned by default.

If a new QoS policy is created or updated with this flag and another
QoS policy in the same project is set as the default policy, the new
one won't be created or updated. To set another QoS policy as default,
the current one must be unset.

DocImpact: A "default" flag is introduced for QoS policies. If this flag
           is enabled in a QoS policy (attached to a project), then all
           networks created in this project would have this QoS policy
           assigned, unless an explicit policy is specified.
APIImpact

Closes-Bug: #1639220
Change-Id: If5ff2b00fa828f93aa089e275ddbd1ff542b79d4
2017-05-26 23:31:36 +00:00
Kevin Benton
1b987be2b5 Use vif_type='tap' for LinuxBridge for consistency
This adjusts the Linux Bridge mechanism driver to return
the 'tap' VIF type to Nova so the Linux Bridge agent is
responsible for plugging all ports into bridges.

This completely eliminates all of the work Nova was doing with
regard to bridges so we now have one consistent path how ports
(both compute and dhcp/l3) are connected into Linux Bridge
networks. Both Nova and the DHCP/L3 agents will now just create
a device and leave wiring to bridges to be completely the
responsibility of the L2 agent.

In order to preserve backwards compatibiliy with Ocata agents
that won't touch compute ports, we only report back vif_type='tap'
if the agent has a report_state value showing that it wires compute
ports.

This will also solve a longstanding bug (bug #1105488) that
is preventing Nova instances from using custom bridge mappings
since the agent will be guaranteed to be responsible for the
connection to the bridge.

Depends-On: I075595158d8f3b5a6811c4794aa7b91912940db5

Related-Bug: #1617447
Closes-Bug: #1673910
Closes-Bug: #1105488
Change-Id: I23c5faaeab69aede1fd038a36f4a0b8f928498ce
2017-05-18 02:55:45 +00:00
Jenkins
65ce6d6f49 Merge "Change list of available qos rules" 2017-05-04 09:34:39 +00:00
Sławek Kapłoński
3299cdffae Change list of available qos rules
This patch changes way how neutron calculates which QoS rules
are available to use. It now returns all rule types which are
supported by at least one loaded QoS driver.
If user will want to apply policy with rule unsupported by driver
used by port then it will be catched on port/network update event.
This validation mechanism was introduced in
I75bd18b3a1875daa5639dd141fb7bbd6e1c54118

DocImpact: list of returned available QoS rule types is changed

Change-Id: Ia00d349625db358ab486802fc0ff2e69eaa3895e
Closes-Bug: #1686898
2017-05-03 17:14:29 +00:00
Sławek Kapłoński
c29f3aaa7c Add QoS bandwidth limit for instance ingress traffic
This patch introduces the new parameter "direction" to
the QoS bandwidth limit rule. It will allow the creation
of bandwidth limit rules for either ingress or egress
traffic. For backwards compatibility the default direction
will be egress.

DocImpact: Ingress bandwidth limit available for QoS
APIImpact: New type of parameter for QoS rule in neutron API

Change-Id: Ia13568879c2b6f80fb190ccafe7e19ca05b0c6a8
Partial-Bug: #1560961
2017-04-27 12:51:50 +00:00
Jenkins
916bc96ee2 Merge "Expose neutron api application as a wsgi script" 2017-04-20 05:53:18 +00:00
Jenkins
e7937d149c Merge "Remove deprecated send_arp_for_ha option" 2017-04-19 05:32:41 +00:00
Jenkins
5e2fa751e8 Merge "Add a new configuration variable for api links." 2017-04-19 04:15:17 +00:00
Ihar Hrachyshka
8bb94820bd Remove deprecated send_arp_for_ha option
Now Neutron always sends three gARPs after address assigned to an
interface.

Change-Id: I0d44f4cc59e1675b20d0da329faf7fd3ab91acbf
Closes-Bug: #1639879
2017-04-18 13:38:35 -04:00