Commit Graph

13683 Commits (master)

Author SHA1 Message Date
Clark Boylan 715cb5fc11 Fix Zuul shared queue config.
The current queue config is deprecated and will be removed in the next
major zuul release. Update to ensure windmill uses correct config.

More info can be found on the zuul mailing list:

Change-Id: I6d059710911fadc80b86bf2ebbad9527c372c5fa
2022-05-19 14:04:25 -07:00
Zuul 0253265f75 Merge "[Admin utils] Specify path for redistribution state file" 2021-12-03 08:07:56 +00:00
Salvatore Orlando 7ebf0ed1e0 [Admin utils] Specify path for redistribution state file
The admin utility is currently storing the state in the local
directory, which might not be ideal in several cases

Change-Id: Iad85386a012aafc3db0a8b0737fb38bbaf09b0e9
2021-12-02 14:56:00 -08:00
Salvatore Orlando e2832876e9 Workaround for oslo_serialization bug 1515231
We shall not use jsonutils.load.
Instead, read the file and the use jsonutils.loads.

Change-Id: I3df9f8ecf477fa52a77990abfe83dd43326b61b1
2021-11-30 22:48:42 -08:00
Kobi Samoray 63b33c48e2 Octavia: Fix logging error
Change-Id: I0444e3883635262ac219da197e3e175bac894e14
2021-11-30 11:26:25 +02:00
Salvatore Orlando 52a975fffe Cleanup port: perform backend operation before DB operation
Invert the order of operation in order to ensure DB entry is not
removed is operations fails in unexpected way

Change-Id: I77c1a48ac59ab577ed284d40e2a90fc44fe32b10
2021-11-28 10:22:59 -08:00
Zuul a6764b97bc Merge "[API Replay] Migrate RBAC policies" 2021-11-27 15:39:22 +00:00
Salvatore Orlando 5706012434 [API Replay] Migrate RBAC policies
Migrate RBAC policies, skipping those which have been implicitly
created from shared or external networks.

Change-Id: I0833a52993248857b1eb25491928ca86a720c04c
2021-11-26 15:53:48 -08:00
Salvatore Orlando f2b4b552ef Ensure security group rule description is returned
The neutron standard-attr-description is not working with NSX
plugins for security group rules. It seems that when the extension
is loaded the relevant DB model class is not yet available.

To address this problem, this change explictly adds a resource
extender function for the NSX plugin to add the description field
to ecurity groups rule responses.

Change-Id: I4d8b2629660f9e33401ce6b011b1784a6ec66aac
2021-11-26 06:19:29 -08:00
Zuul 2158636ebc Merge "[V2T] Helper admin utils for validation and N/S cutover" 2021-11-26 08:35:36 +00:00
Salvatore Orlando f177d2923d [V2T] Helper admin utils for validation and N/S cutover
This patch adds an operation for the NSX-V and two operations for
the NSX-T plugin. The goal of these operation are:

- Find routers without any downlink. They cannot be migrated and
  should be removed before migration to NSX-T.
- Patch and restore Neutron routers without gateway. For N/S
  cutover, each router must have a T0 uplink or an SR. The 'fixup'
  operation ensures the NSX T1 routers for these neutron routers
  will have a T0 uplink. (They surely do not have a SR).
  The 'restore' operation returns T1 routers to their original state.

Change-Id: Iffd1a5e43e08fdc997a591829c87bcc0bb806c77
2021-11-25 14:56:32 -08:00
Zuul 7ef211fb20 Merge "[API Replay] Do not migrate NSX-V LB ports" 2021-11-21 20:43:14 +00:00
Zuul 8d9a6ec008 Merge "[API replay] Update of LB allocation pool" 2021-11-21 20:27:19 +00:00
Salvatore Orlando 5741b2e51d [API Replay] Do not migrate NSX-V LB ports
They are not needed on NSX-T. Avoid creating stale ports on
NSX-T segments.

Change-Id: I21b7e02c8088cdd9401e33cf5c74909d4fa5d6f9
2021-11-21 10:33:41 -08:00
Zuul ca624d95fb Merge "Retry DHCP server deletion" 2021-11-19 15:01:26 +00:00
Zuul 86a27b2f62 Merge "[NSX-P] Improve port deletion handling" 2021-11-19 15:01:23 +00:00
Zuul a05e4ebfd6 Merge "[Admin utils] Also include fwaas.conf in default config files" 2021-11-19 14:45:59 +00:00
Salvatore Orlando d6922a5d80 Retry DHCP server deletion
In some cases deletion might fail because a segment port
is still reported as attached.

This change will ensure the operation is retried so it
eventually succeeds.

Change-Id: Ic40f8162f127414653ebeebca4cae5481b01585f
2021-11-19 04:11:10 -08:00
Zuul 5d96c1dac7 Merge "[API Replay] Fail fast by default" 2021-11-17 12:11:22 +00:00
Salvatore Orlando 0cd6eb615c [API replay] Update of LB allocation pool
This change ensures the LB pool for a router is updated
according to the LB size when attaching a load balancer to
it. Implemented only for API replay cases on NSX Policy.

Change-Id: Id9d6514ccfdb240cf8a9542fcfaaaf672af85154
2021-11-17 02:48:07 -08:00
Kobi Samoray 6ad0d595aa Support upload of self signed certificates
Uploading of self signed certificates while creating TLS listener fails.

Change-Id: I21ac14407c61906f01563e6b06f819ef250233a8
2021-11-10 20:36:57 +00:00
Kobi Samoray df1cff206d Fix UTs
Skip some newly added unit tests

Change-Id: I927c6e8e0bb79e0d09068c60f29607321a365371
2021-11-10 21:04:16 +02:00
Salvatore Orlando 8d0b0dc208 [Admin utils] Also include fwaas.conf in default config files
Include /etc/neutron/fwaas.conf in default config files and verify
each file exists before using it in the admin util command.

Change-Id: Ibd53dcb0824eef89f03c27a9dea9a12aede1d370
2021-11-05 09:27:02 -07:00
Salvatore Orlando beef0d8feb [API Replay] Fail fast by default
Add a --ignore-errors CLI options to preserve the current behaviour
where API replays completes all operations and then reports errors.

When --ignore-errors is not set, API replay will fail and quit
at the first error.

Also fixes help string for enable_barbican option.

Change-Id: Ic2f6f89060f26292b017b2b3defb488452ec1cb7
2021-10-27 13:24:58 -07:00
Salvatore Orlando c941dba414 [NSX-P] Improve port deletion handling
During port deletion on the backend, we remove profile bindings and
then the actual port. If for any reason a binding is not found, the
process should still proceed to delete remaining resources up to
the segment port.

This change fixes this behaviour, as the code was instead returning
as soon an object was not found.

Change-Id: I529ce34db323f900129865befc6bd64e1ff4f5ff
2021-10-27 13:24:13 -07:00
Zuul b8dfb190f0 Merge "Improve security group rule add performance and reliability" 2021-10-25 21:32:40 +00:00
Salvatore Orlando e70cf0e5d1 Improve security group rule add performance and reliability
This change leverages a new NSX client method, patch_entries.
This method does not require all rules to be in the request body.
We can therefore save a DB operation, and submit a much smaller
payload. NSX responses are also much faster.

In addition, this routine ensure the DB record for a security
group rule is removed if the creation of the same rule fails at
the NSX backend.

Change-Id: I5c97c3042f8f740cac211314e11ce01e03beaa7e
2021-10-25 13:21:00 -07:00
Kobi Samoray 5b2151d976 [NSXP,NSXT] orphaned LBs handling to nsxadmin
Add the options to detect and cleanup loadbalancer services which are
allocated in NSX but do not exist in Octavia.
The orphaned loadbalancer services prevents routers from being deleted
and therefore should be cleaned up prior to the router deletion.

Change-Id: Ic0ad5175214cff034bd76a16fc11dbea3ccd6b13
2021-10-21 10:09:06 +03:00
Kobi Samoray f3be2be987 Admin util: fix MetadataEventPayload init
Remove extra agrument from class initialization

Change-Id: I8d268aa17985d4e16e77a24cffab5975d7d6130b
2021-10-19 09:18:16 +03:00
Zuul 21a0d31bac Merge "[NSX-P] Ensure multicast is disabled for dualstack use cases" 2021-10-18 18:23:11 +00:00
Salvatore Orlando 31bd496e31 [NSX-P/NSX-v3] Metadata route: make windows route optional
Introduce a new configuration option - windows_metadata_route.
Specifies whether an explicit route for metadata proxy access
on windows should be added.

The default value will be True for backward compatibility.
This option will need to be set to False for some guest OSes such
as RHEL8 as a duplicate metadata route can cause failures while
setting up networking.

Change-Id: If7507d0d4242cce2c73c7a2239149ec35fef232f
2021-10-18 09:33:54 -07:00
Salvatore Orlando 819c74ef30 Replace occurrences of registry.notify
This change replaces remaining occurences of the notify method with
calls to the publish method.
As NSX admin utilities heavily rely on callbacks, this change also
ensures that all callbacks are now accepting event payloads rather
thank kwargs.

Change-Id: I0450fff486898d6ab74086b7952dc27134cb77e2
2021-10-18 03:24:34 -07:00
Salvatore Orlando 5c7c09d56a [NSX-P] Ensure multicast is disabled for dualstack use cases
For some dual-stack use cases it will be mandatory to disable multicast
routing on NSX-T segments.

Change-Id: I821b6038ec4b0404d54c03c8802bdbbf8d211ed4
2021-10-14 13:53:33 -07:00
Kobi Samoray 8031a85420 NSXV: validate metadata config for AZs
When an AZ is configured with a non-default DVS id, it must have a
metadata configuration as well.
The minimum required is the metadata edge IPs.

Change-Id: Iebbbf6e73975c67876a925a4d54a6a263c4da10f
2021-10-10 17:50:35 +03:00
Salvatore Orlando dc308d59d8 [API replay] Avoid Octavia RPC errors
During API replay we should not call get_active_loadbalancers
or try and serve it, as the replay process will act both as
a client and RPC server.

Change-Id: I7cd620c2cca3ee8ac6e558f5aa7cb67a71e6b25b
2021-10-08 13:50:08 -07:00
Zuul 9062ba2f00 Merge "[API Replay] Migrate LB on external subnets first" 2021-10-08 17:00:46 +00:00
Salvatore Orlando 8c90b5340f [API Replay] Migrate LB on external subnets first
This simple change ensures NSX-T Load Balancers do not go into
ERROR state due to another LBS attachment already present on
NSX-T Tier-1.

Change-Id: I85c71a60a78a642d133dba18f2c78b68ff8c7504
2021-10-07 11:32:13 -07:00
Salvatore Orlando d055dec0fa [NSX-P] Don't cache empty logical switch id for segment
If a NSX-T segment is not realized, the plugin will currently
return a null value for the corresponding logical switch id.
This leads nova to boot VMs with an incorrect network attachment.

This change ensures the null value is not cached for the neutron

Change-Id: I7ef3fc8e13777e5fcdc53bd84d5dc235f7e8686c
2021-10-07 07:34:47 -07:00
Salvatore Orlando 841fa95a58 MP2P: Reduce max polling time for migrator to 2 secs
Also enable exponential backoff with intervals starting at
0.1 seconds.

Change-Id: I8f2358a4c8334f5df4b5cd29396a7ca77305a6d5
2021-10-05 10:25:58 -07:00
Zuul 349e03727a Merge "[NSX-P|v3] Avoid trivial errors in address binding handling" 2021-09-29 21:35:59 +00:00
Salvatore Orlando 5365416398 [NSX-P|v3] Avoid trivial errors in address binding handling
If the multiple address bindings fall in the same CIDR, we should be
careful in verifying that the corresponding entry has not already
been removed from the binding list

Change-Id: I4e8ace9c3a4f6a09246038fec09d3040b8b93e74
2021-09-29 13:16:15 -07:00
Salvatore Orlando 5d4b75fc7d Delete bindings for provider SG only if needed
When provider security groups are removed, the corresponding
bindings could have already been removed by
This change ensures binding deletion is done only when needed,
and avoids failures in case the bindings have already been

Change-Id: Iaccf4f3ddb9fef6d8dcb254bc978883b99c947f3
2021-09-29 07:09:56 -07:00
Zuul 11fafef7cb Merge "[API replay] Do not collect Octavia stats in API replay mode" 2021-09-24 22:50:25 +00:00
Salvatore Orlando 00e0f7c6cf [API replay] Do not collect Octavia stats in API replay mode
Skip the operation as the RPC server may not be available and
during API replay mode Neutron does not need to perform this

Change-Id: Icf848acccfddb760a85b4b182d5050bbd45f3871
2021-09-24 07:48:31 -07:00
Salvatore Orlando f075372c65 [V2T] Restore logging level for validation issues
Restore level error/warning for failed validation checks.

Change-Id: Idd11a5d106d17e8a11c27f95e4dec92d565a04fb
2021-09-24 00:20:30 -07:00
Zuul bf658c791c Merge "[API replay] QoS rules do not have an id" 2021-09-23 07:28:50 +00:00
Zuul 90b6791cb9 Merge "Adapt check for restricted VLAN" 2021-09-22 21:42:44 +00:00
Salvatore Orlando 1e346e9c8e Adapt check for restricted VLAN
Due to removal of deprecated attributes from NSX APIs, the routine
for checking VLAN overlap with uplink transport needs to be amended
to search for transport zone in host switch info.

This change also optimizes the process by avoiding fetching the same
profile multiple times.

Change-Id: I3af3c0f2bef1041c18c1b9d84aaa5ca7bd7638bf
2021-09-22 10:12:40 -07:00
Salvatore Orlando 7f2ea572e8 [MP2P migration] Use tier0 id even if already exist in policy
If a tier0 already exists in policy its identifier should still be used
for handling uplinks for tier1 routers.

Currently the routine is simply ignoring these tier0 routers.

Change-Id: If76c4668cb81434262a17b062495210792bbedf0
2021-09-22 07:46:57 -07:00
Zuul 10e75a1cc7 Merge "Add function to nsxadmin tool" 2021-09-22 12:01:33 +00:00