Go to file

Stephen Finucane e5080c7330 libvirt: Ignore 'use_ipv6' for port filters

The libvirt driver provides port filtering capability. This capability
is enabled when the following is true:

- The IPTables firewall driver is enabled
- Security groups are disabled
- Neutron port filtering is disabled
- An IPTables-compatible interface is used, e.g. hybrid mode, where the
  VIF is a tap device

When enabled, libvirt applies IPTables rules that provide MAC, IP, and
ARP spoofing protection.

At present, setting the 'use_ipv6' config option to False prevents the
generation of IPv6 rules even when there are IPv6 subnets available.
This is fine when using nova-network, where the same config option is
used to control generation of these subnets. However, a mismatch between
this nova option and equivalent IPv6 options in neutron would result in
IPv6 packets being dropped.

Seeing as there is no apparent reason for not allowing IPv6 traffic when
the network is IPv6-capable, we can ignore this option. Instead, we use
the availability of IPv6-capable subnets as an indicator that IPv6 rules
should be added.

This paves the way for deprecating the 'use_ipv6' option, which is now
only used for two deprecated features: nova-network and file injection.

Change-Id: Idcfdaf3b163ba852c9a2c45d5e0c6c35e643c7f5
Implements: blueprint centralize-config-options-pike

2017-03-20 16:52:14 +00:00

api-guide/source

Removes unnecessary utf-8 encoding

2016-12-20 10:27:01 +07:00

api-ref/source

Merge "Add description for Image location in snapshot"

2017-03-17 19:30:48 +00:00

contrib

Merge "changed quantum to neutron in vif-openstack"

2014-03-05 10:45:05 +00:00

devstack

Skip test_stamp_pattern in cells v1 job

2017-02-14 10:25:24 -05:00

doc

Merge "Remove extension in API layer"

2017-03-20 14:39:36 +00:00

etc/nova

Fix doc generation warnings

2017-02-24 17:43:08 +00:00

gate

move gate hooks to gate/

2017-01-04 11:05:16 +00:00

nova

libvirt: Ignore 'use_ipv6' for port filters

2017-03-20 16:52:14 +00:00

plugins/xenserver

XenAPI Remove useless files when use os-xenapi lib

2017-01-10 18:06:17 -08:00

releasenotes

libvirt: Ignore 'use_ipv6' for port filters

2017-03-20 16:52:14 +00:00

tools

Merge "More usage of ostestr and cleanup an unused dependency"

2017-03-20 16:04:47 +00:00

.coveragerc

Remove nova/openstack/* from .coveragerc

2016-10-12 16:20:49 -04:00

.gitignore

doc: Integrate oslo_policy.sphinxpolicygen

2016-10-20 10:31:01 +01:00

.gitreview

Add .gitreview config file for gerrit.

2011-10-24 15:07:19 -04:00

.mailmap

Add mailmap entry

2014-05-07 12:14:26 -07:00

.testr.conf

[placement] Adjust the name of the gabbi tests

2016-09-20 19:14:44 +00:00

babel.cfg

Get rid of distutils.extra.

2012-02-08 19:30:39 -08:00

bindep.txt

List system dependencies for running common tests

2016-08-24 06:49:32 +02:00

CONTRIBUTING.rst

Workflow documentation is now in infra-manual

2014-12-05 03:30:37 +00:00

HACKING.rst

Enable global hacking checks and removed local checks

2017-02-10 15:09:37 +01:00

LICENSE

initial commit

2010-05-27 23:05:26 -07:00

MAINTAINERS

Add a maintainers file

2015-05-23 03:22:07 +10:00

README.rst

Show team and repo badges on README

2016-11-25 13:55:29 +01:00

requirements.txt

Merge "Move to tooz hash ring implementation"

2017-03-20 16:18:53 +00:00

setup.cfg

Use Sphinx 1.5 warning-is-error

2017-03-03 18:52:56 +01:00

setup.py

Updated from global requirements

2017-03-02 11:50:48 +00:00

test-requirements.txt

Merge "More usage of ostestr and cleanup an unused dependency"

2017-03-20 16:04:47 +00:00

tests-functional-py3.txt

Remove invalid URL in gabbi tests

2017-01-17 21:10:45 +00:00

tests-py3.txt

Skip unit tests for SSL + py3

2017-03-02 14:30:16 +08:00

tox.ini

Merge "More usage of ostestr and cleanup an unused dependency"

2017-03-20 16:04:47 +00:00

README.rst

Team and repository tags

OpenStack Nova

OpenStack Nova provides a cloud computing fabric controller, supporting a wide variety of compute technologies, including: libvirt (KVM, Xen, LXC and more), Hyper-V, VMware, XenServer and OpenStack Ironic.

OpenStack Nova is distributed under the terms of the Apache License, Version 2.0. The full terms and conditions of this license are detailed in the LICENSE file.

API

To learn how to use Nova's API, consult the documentation available online at:

http://developer.openstack.org/api-guide/compute/ http://developer.openstack.org/api-ref/compute/

For more information on OpenStack APIs, SDKs and CLIs, please see:

http://www.openstack.org/appdev/ http://developer.openstack.org/

Operators

To learn how to deploy and configure OpenStack Nova, consult the documentation available online at:

http://docs.openstack.org

For information about the different compute (hypervisor) drivers supported by Nova, please read:

http://docs.openstack.org/developer/nova/feature_classification.html

In the unfortunate event that bugs are discovered, they should be reported to the appropriate bug tracker. If you obtained the software from a 3rd party operating system vendor, it is often wise to use their own bug tracker for reporting problems. In all other cases use the master OpenStack bug tracker, available at:

http://bugs.launchpad.net/nova

Developers

For information on how to contribute to Nova, please see the contents of the CONTRIBUTING.rst.

Any new code must follow the development guidelines detailed in the HACKING.rst file, and pass all unit tests.

Further developer focused documentation is available at:

http://docs.openstack.org/developer/nova/