When number of fixed ips per dhcp port exceeds max_fixed_ips_per_port,
a dhcp resync will be triggered.
The bug report stated how simply this issue can be triggered.
Moreover, "max_fixed_ips_per_port" value should be used for non-DHCP
port only and DHCP port is not affected by this parameter.
Change-Id: Iaa9ed6949383ba6a7ce0b3ffd9dcced663126317
Co-authored-by: NGUYEN TUONG THANH <thanhnt@vn.fujitsu.com>
Closes-Bug: #1179713
It's pointless to not include default DNS resolution for Neutron.
This adds a new config option (dnsmasq_local_resolv) which defaults
to 'True' and will allow for DNS name resolution to work out of
the box. The caveat is that if the 'dnsmasq_dns_servers' is set it
will override the 'dnsmasq_local_resolv' setting, thus allowing
operators to explicitly set their own DNS servers.
DocImpact: Default to using local DNS resolution with the DHCP agent.
Change-Id: I17a884f467d307432a06f67a9dd93ed2fa6081a3
Closes-Bug: #1466117
Signed-off-by: Kyle Mestery <mestery@mestery.com>
os.popen() is deprecated since version 2.6. Resolved with use of
subprocess module.
Change-Id: I2ff32c4dc37c543696125ac755dc4adb69ddacdf
Partial-Bug: #1529836
The patch Id28248f4f75821fbacf46e2c44e40f27f59172a9 makes agent
always reporting its state with RPC call() method, so the variable
self.use_call was unused, this patch removes it.
Change-Id: I2e15d9ea2f35dce710858db8c8c6efd8c8304a23
Wrong usage of "an" in the messages:
"Gets called when an port gets added to or removed"
"Create an command to add an OVS bridge"
Should be:
"Gets called when a port gets added to or removed"
"Create a command to add an OVS bridge"
Totally 2 occurrences in Neutron base code.
Change-Id: I40756ed3eff7d2f672b2e0203b59ea5b8ff224c3
Wrong usage of "a" in the messages:
"'%s' is not a integer"
"Create a address scope"
"Return True if port has as a allowed address pair"
"But if a agent does not report its status"
"a ipv4 link-local address"
"Retrieve and return a extended information about a network"
"It could be a eui-64 address, a random IPv6 address"
"push a elastic-recheck query for it (see below)"
"is not a enforced requirement"
"a ovs_lib.VifPort object"
Should be:
"'%s' is not an integer"
"Create an address scope"
"Return True if port has as an allowed address pair"
"But if an agent does not report its status"
"an ipv4 link-local address"
"Retrieve and return extended information about a network"
"It could be an eui-64 address, a random IPv6 address"
"push an elastic-recheck query for it (see below)"
"is not an enforced requirement"
"an ovs_lib.VifPort object"
Totally 9 occurrences in Neutron base code.
Change-Id: I0f980fc8c98524db3d194ecb779f76abb37eb31c
VPNaaS functional tests now use dsvm-functional instead of
*-constraints. Always assuming *-constraints breaks the functional
jobs which is not run in a constrainted environment yet.
Paritial-Bug: #1529027
Change-Id: I3a4f1d61d13f1e444f7624d68d121d04d81eb724
Currently the function gets all ports on the subnet and iterates
through them to find dvr serviceable ports on a particular host.
This patch makes it a single DB query to see if any port exists
matching criterias.
Partial-Bug: #1513678
Change-Id: Ie17885497aacb8fda4a2c4a05f19d08991038557
Co-Authored-By: Oleg Bondarev <obondarev@mirantis.com>
Calling add_ha_port inside a transaction will break the delete_port
error recovery logic. This patch prevents the scheduler from doing
that. It also adds a note to add_ha_port and a runtime check to
prevent the function from working with an active transaction.
Change-Id: I39e2bb70527a8ff4a47668f44abb81d0fede3786
Closes-Bug: #1529037
_allocate_vr_id is called from _set_vr_id, which was starting a
transaction before calling it. This caused an error when the retry
logic was triggered inside of _allocate_vr_id since it would
encounter a DB exception and put the transaction into a bad state
that couldn't be used on the retry.
This patch just stops _set_vr_id from starting a transaction because
it didn't serve a purpose. It also stops _allocate_vr_id from allowing
subtransactions when it starts a transaction, since it's retry logic
isn't compatible with them.
Co-Authored-By: Ann Kamyshnikova <akamyshnikova@mirantis.com>
Closes-Bug: #1528201
Change-Id: If7bcae39098f40f5ee9db78d3190bf9fdaf6438b
The service respawning action of ProcessMonitor is normal handling. So
the log level in external_process.py should not be error.
Closes-Bug: #1528850
Change-Id: Ie335f521b09310a577eb4fb03946dfba484eef61
security rule port can be set value 0 when protocol is TCP/UDP
This patch add port check in def_validate_port_range(self, rule),when
protocol is TCP or UDP,port value 0 should not accepted
APIImpact
Change-Id: I57836d730db602de2a6704fd11a13c74ac38a716
Closes-Bug: #1527016
Add a constant string to the L3 extension to access floating ips in request and
response dictionaries
Change-Id: I161ab583f4eca3a8f0ddda1dd533780591e3423d
The commit 4b329c345c7820ff12bf25a91228cdfbf99500df added the file
and the imports did not adhere to the existing conventions.
Third party imports should be grouped together.
In addition to this it removes an unncesary new line.
TrivialFix
Change-Id: Ieeb4d20887ba8e90ea4f7850101b97ccd6e86658
The L3 agent needs to know the address scope of the fixed ip of each
floating ip because floating ips are a way to cross scope boundaries.
Without the scope information, there could be ambiguity and no way to
know which scope to send it to.
[1] https://review.openstack.org/#/c/189741/
Change-Id: Id9f8c12954a6efbf4d9b99c011652eefbe5f5145
Partially-Implements: blueprint address-scopes
This tests that firewall still does its purpose even when rules are
being updated. That means there is no short period of time where
security groups are inactive during update.
Part of this patch introduces Pinger class. This object provides
capability of sending ICMP packets asynchronously and after
it's stopped it provides statistics like how many packets were
sent and how many were received. Note the difference between
assert_ping() functions, which are synchronous.
Another testing of remote security groups is also added.
Related-bug: #1461000
Change-Id: I6251ee264396f8dbc9b284758b96e5cdc6ac500b
Part of this patch is also preparation for having common test plan for
firewall driver testing.
Following test cases were implemented:
- dhcp works by default
- dhcp server is prevented on vm by default
- ip spoofing from vm
- allowed address pairs allows traffic to given ip
- arp can go through
- ingress/egress traffic with src/dest port ranges
Related-bug: #1461000
Change-Id: Ib00c99f236855e6556f43f4ffc55014c73b077bb
QoSAgentExtension should invoke QoSAgentDriver
to reflush qos policy rules only if there is any rules related change.
QoS policy changes, such as description change, should not cause
reconfiguration of the qos policy rules.
Closes-Bug: #1509232
Change-Id: I036b0449c7b5521adeb32602a0c0e6cf2d27510a
In check_ports_exist_on_l3agent we have an optimization fix
that checks for the subnets associated with the router and if
the subnets have dhcp enabled we go ahead and create the
router if it is a dvr_snat agent.
This was introduced in liberty since we saw some race condition
in the gate with single node failures.
It may not be completely right, since the dhcp agents can
run on non dvr_snat nodes as well.
Based on recommendation from the reviews, and a recent upstream
patch that sends notification on port create, we would want to
remove this and monitor the situation.
This would reduce the load on check_ports_exist_on_l3agent for
non dvr_snat nodes.
Depends-On: I40b8684f6ec9ddd31753f7bbbdb364d1c0ec838a
Related-Bug: #1513678
Change-Id: I0f50dc1101b2013caf03a64a4f48e2d03ea87b26
This patch updates docstring for get_ports_on_host_by_subnet, to
tell that the method will only get dvr serviced ports, not all ports
for given subnet and host.
Change-Id: I85ea5a9e37b6c894f7d51e73c10143b208a29f0e
https://review.openstack.org/#/c/258867/ removed
_validate_subnet_list and _validate_uuid_list.
_validate_subnet_list is being used in VPNaaS and VPNaaS gate
is now broken. We need to remove validators more carefully
because subprojects may use them.
This commit restores them once.
Change-Id: I9c40b9d67a8364f698cc9bf604e4e1f4caea413e
Closes-Bug: #1528435
After looking at the test and its scope, it seems like 100% of the
code it tests is owned by oslo.service. That library has its own tests,
is there value in keeping the test in Neutron?
Change-Id: I0d8a22cc8127e183c1f55790f4b04dea2d30d356
Closes-Bug: #1518921
