The current queue config is deprecated and will be removed in the next
major zuul release. Update to ensure windmill uses correct config.
More info can be found on the zuul mailing list:
https://lists.zuul-ci.org/pipermail/zuul-discuss/2022-May/001801.html
Change-Id: I6d059710911fadc80b86bf2ebbad9527c372c5fa
The admin utility is currently storing the state in the local
directory, which might not be ideal in several cases
Change-Id: Iad85386a012aafc3db0a8b0737fb38bbaf09b0e9
Invert the order of operation in order to ensure DB entry is not
removed is operations fails in unexpected way
Change-Id: I77c1a48ac59ab577ed284d40e2a90fc44fe32b10
Migrate RBAC policies, skipping those which have been implicitly
created from shared or external networks.
Change-Id: I0833a52993248857b1eb25491928ca86a720c04c
The neutron standard-attr-description is not working with NSX
plugins for security group rules. It seems that when the extension
is loaded the relevant DB model class is not yet available.
To address this problem, this change explictly adds a resource
extender function for the NSX plugin to add the description field
to ecurity groups rule responses.
Change-Id: I4d8b2629660f9e33401ce6b011b1784a6ec66aac
This patch adds an operation for the NSX-V and two operations for
the NSX-T plugin. The goal of these operation are:
- Find routers without any downlink. They cannot be migrated and
should be removed before migration to NSX-T.
- Patch and restore Neutron routers without gateway. For N/S
cutover, each router must have a T0 uplink or an SR. The 'fixup'
operation ensures the NSX T1 routers for these neutron routers
will have a T0 uplink. (They surely do not have a SR).
The 'restore' operation returns T1 routers to their original state.
Change-Id: Iffd1a5e43e08fdc997a591829c87bcc0bb806c77
In some cases deletion might fail because a segment port
is still reported as attached.
This change will ensure the operation is retried so it
eventually succeeds.
Change-Id: Ic40f8162f127414653ebeebca4cae5481b01585f
This change ensures the LB pool for a router is updated
according to the LB size when attaching a load balancer to
it. Implemented only for API replay cases on NSX Policy.
Change-Id: Id9d6514ccfdb240cf8a9542fcfaaaf672af85154
Include /etc/neutron/fwaas.conf in default config files and verify
each file exists before using it in the admin util command.
Change-Id: Ibd53dcb0824eef89f03c27a9dea9a12aede1d370
Add a --ignore-errors CLI options to preserve the current behaviour
where API replays completes all operations and then reports errors.
When --ignore-errors is not set, API replay will fail and quit
at the first error.
Also fixes help string for enable_barbican option.
Change-Id: Ic2f6f89060f26292b017b2b3defb488452ec1cb7
During port deletion on the backend, we remove profile bindings and
then the actual port. If for any reason a binding is not found, the
process should still proceed to delete remaining resources up to
the segment port.
This change fixes this behaviour, as the code was instead returning
as soon an object was not found.
Change-Id: I529ce34db323f900129865befc6bd64e1ff4f5ff
This change leverages a new NSX client method, patch_entries.
This method does not require all rules to be in the request body.
We can therefore save a DB operation, and submit a much smaller
payload. NSX responses are also much faster.
In addition, this routine ensure the DB record for a security
group rule is removed if the creation of the same rule fails at
the NSX backend.
Change-Id: I5c97c3042f8f740cac211314e11ce01e03beaa7e
Add the options to detect and cleanup loadbalancer services which are
allocated in NSX but do not exist in Octavia.
The orphaned loadbalancer services prevents routers from being deleted
and therefore should be cleaned up prior to the router deletion.
Change-Id: Ic0ad5175214cff034bd76a16fc11dbea3ccd6b13
Introduce a new configuration option - windows_metadata_route.
Specifies whether an explicit route for metadata proxy access
on windows should be added.
The default value will be True for backward compatibility.
This option will need to be set to False for some guest OSes such
as RHEL8 as a duplicate metadata route can cause failures while
setting up networking.
Change-Id: If7507d0d4242cce2c73c7a2239149ec35fef232f
This change replaces remaining occurences of the notify method with
calls to the publish method.
As NSX admin utilities heavily rely on callbacks, this change also
ensures that all callbacks are now accepting event payloads rather
thank kwargs.
Change-Id: I0450fff486898d6ab74086b7952dc27134cb77e2
For some dual-stack use cases it will be mandatory to disable multicast
routing on NSX-T segments.
Change-Id: I821b6038ec4b0404d54c03c8802bdbbf8d211ed4
When an AZ is configured with a non-default DVS id, it must have a
metadata configuration as well.
The minimum required is the metadata edge IPs.
Change-Id: Iebbbf6e73975c67876a925a4d54a6a263c4da10f
During API replay we should not call get_active_loadbalancers
or try and serve it, as the replay process will act both as
a client and RPC server.
Change-Id: I7cd620c2cca3ee8ac6e558f5aa7cb67a71e6b25b
This simple change ensures NSX-T Load Balancers do not go into
ERROR state due to another LBS attachment already present on
NSX-T Tier-1.
Change-Id: I85c71a60a78a642d133dba18f2c78b68ff8c7504
If a NSX-T segment is not realized, the plugin will currently
return a null value for the corresponding logical switch id.
This leads nova to boot VMs with an incorrect network attachment.
This change ensures the null value is not cached for the neutron
network.
Change-Id: I7ef3fc8e13777e5fcdc53bd84d5dc235f7e8686c
If the multiple address bindings fall in the same CIDR, we should be
careful in verifying that the corresponding entry has not already
been removed from the binding list
Change-Id: I4e8ace9c3a4f6a09246038fec09d3040b8b93e74
When provider security groups are removed, the corresponding
bindings could have already been removed by
_update_port_preprocess_security.
This change ensures binding deletion is done only when needed,
and avoids failures in case the bindings have already been
removed.
Change-Id: Iaccf4f3ddb9fef6d8dcb254bc978883b99c947f3
Skip the operation as the RPC server may not be available and
during API replay mode Neutron does not need to perform this
operation.
Change-Id: Icf848acccfddb760a85b4b182d5050bbd45f3871
Due to removal of deprecated attributes from NSX APIs, the routine
for checking VLAN overlap with uplink transport needs to be amended
to search for transport zone in host switch info.
This change also optimizes the process by avoiding fetching the same
profile multiple times.
Change-Id: I3af3c0f2bef1041c18c1b9d84aaa5ca7bd7638bf
If a tier0 already exists in policy its identifier should still be used
for handling uplinks for tier1 routers.
Currently the routine is simply ignoring these tier0 routers.
Change-Id: If76c4668cb81434262a17b062495210792bbedf0