openstack
/
neutron
Code Issues Proposed changes
neutron/neutron
History
Bernard Cafarelli 6124f60297 Switch isolated metadata proxy to bind to 169.254.169.254 
Currently the metadata proxy binds to default 0.0.0.0, which does not
add any advantage (metadata requests are not sent to random IP
addresses), and may allow access to cloud information from
third parties.

This changes the generated configuration to bind to METADATA_DEFAULT_IP
address instead.

This is not enabled in other metadata proxy configuration (in the L3
agent), as this would require net.ipv4.ip_nonlocal_bind everywhere
(currently only enabled for DVR) or transparent mode in haproxy (which
requires net.ipv4.ip_nonlocal_bind anyway)

Changed set_ip_nonlocal_bind_for_namespace() to support setting the
value in both the given and root namespace correctly, since it was
only used from inside the neutron codebase according to codesearch.

Change-Id: I388391cf697dade1a163d15ab568b33134f7b2d9
Co-Authored-By: Andrey Arapov <andrey.arapov@nixaid.com>
Closes-Bug: #1745618
 		2019-01-30 14:17:43 +00:00
..
agent Switch isolated metadata proxy to bind to 169.254.169.254 2019-01-30 14:17:43 +00:00
api Improve port dhcp Provisioning 2019-01-28 07:26:45 +00:00
cmd Merge "Upgrade check command - add support for 3rd party checks" 2018-12-19 12:50:19 +00:00
common shim remaining common exceptions 2019-01-25 08:52:33 -07:00
conf Add a new configuration parameter rpc_response_max_timeout 2019-01-18 09:55:31 +00:00
core_extensions use autonested_transaction from neutron-lib 2018-07-26 07:41:34 -06:00
db Update neutron files for new over-indentation hacking rule (E117) 2019-01-29 15:36:20 -05:00
debug Fix all pep8 E265 errors 2018-04-30 16:35:52 -04:00
extensions Prevent some L3 ports change IP address 2018-12-13 14:24:23 +00:00
hacking use sqla functions from neutron-lib 2018-07-25 21:04:20 +00:00
ipam Prevent some L3 ports change IP address 2018-12-13 14:24:23 +00:00
locale Imported Translations from Zanata 2018-03-03 06:08:46 +00:00
notifiers Send global_request_id for tracing calls from neutron to nova 2018-11-30 05:41:24 +00:00
objects Update neutron files for new over-indentation hacking rule (E117) 2019-01-29 15:36:20 -05:00
pecan_wsgi Add missing ws seperator between words 2018-11-19 13:57:05 +08:00
plugins Update neutron files for new over-indentation hacking rule (E117) 2019-01-29 15:36:20 -05:00
privileged Correct arguments to nfct_open 2019-01-24 08:41:38 +00:00
quota use context manager from neutron-lib 2018-10-24 07:18:46 -06:00
scheduler Fetch specific columns rather than full ORM entities 2018-08-22 10:14:09 +00:00
server Allow neutron-api load config from WSGI process 2018-07-25 15:22:14 +07:00
services remove the neutron.db._model_query module 2019-01-25 08:55:25 -07:00
tests Switch isolated metadata proxy to bind to 169.254.169.254 2019-01-30 14:17:43 +00:00
__init__.py Fix incorrect usage of '# flake8: noqa' 2018-10-29 15:27:50 -04:00
_i18n.py Make code follow log translation guideline 2017-08-14 02:01:48 +00:00
auth.py Use oslo.context class method to construct context object 2017-03-23 09:02:46 +00:00
manager.py Implement filter validation 2018-07-19 04:13:43 +00:00
neutron_plugin_base_v2.py Do not load default service plugins if core plugin is not DB based 2017-11-09 20:34:52 +00:00
opts.py supported_vnic_type configurable for sriov 2018-11-05 11:40:13 +01:00
policy.py Convert policy.json into policy-in-code 2018-12-13 20:37:53 +00:00
service.py remove context_manager from neutron 2018-12-18 12:26:53 -07:00
version.py
worker.py replace WorkerSupportServiceMixin with neutron-lib's WorkerBase 2017-06-14 06:56:48 -06:00
wsgi.py use context manager from neutron-lib 2018-10-24 07:18:46 -06:00