This takes care of the last details for dropping py27 support by adding
a proper min version of python in setup.cfg.
See similar neutron commit: I911469d46fccf13bc7ead7a103a7d6e4e0ede7c3
Change-Id: I1176280b5d30b551774cdbe7b5ec65afc7978f6b
Since it's no longer supported past Train, lets stop
running the tests.
Please also see the related neutron patch:
I1c171ab906a3b4c66558163ad26947ebf710a276
Change-Id: Ic5361ac8495493d45603a57fcaac5f8385c681b7
The driver is loaded, then terminated whenever a request is issued.
This behavior causes termination of the Octavia listener which is
responsible to the processing of the driver status updates and
statistics processing.
The following change implements an agent which will execute the
listener.
Change-Id: I566aaa65df4ba7455577a539aa9eebb6cc36a099
Commit Ia4f4b335295c0e6add79fe0db5dd31b4327fdb54 removed all the
neutron-lbaas code from the master (Train) branch
Change-Id: I9035f6238773aad0591436c856550b7a5e01e687
This patch adds a driver for FWaaS V2 support in the NSX-V plugin.
It supports setting firewall rules per router interface port on the router
edge firewall.
In addition, the FWaaS TVD driver will now support NSX-V as well.
The driver code is a combination of the NSX-V3 FWaas-V2 code, and the old
NSX-V FWaaS-V1 code that is being deleted.
Change-Id: Iacc7eaff0c70b68156516008cf0277c154edd76b
vmware-nsx specific policies are defined as policy-in-code.
- vmware_nsx/policies/lsn.py, qos_queue.py and maclearning.py
are moved from the neutron repo.
- vmware_nsx/policies/providersecuritygroup.py is based on the difference
between etc/policy.json and the old neutron policy.json
- vmware_nsx/policies/security_group.py is based on
etc/policy.d/security-groups.json
- vmware_nsx/policies/network_gateway.py is based on
etc/policy.d/network-gateways.json
etc/policy.d/dynamic-routing.json and etc/policy.d/neutron-fwaas.json
have no policies specific to vmware-nsx, so they can be dropped and
we can use policy-in-code definitions in neutron-fwaas and
neutron-dynamic-routing.
etc/policy.d/routers.json and flow-classifier.json cannot be
converted into policy-in-code because the default policies are
different from those defined in neutron and networking-sfc.
Note that etc/policy.d/routers.json now has policies which are
different from the default policies defined in the neutron repo.
(Others are clean up by this commit.)
This commit depends on the following patches under review:
(neutron-fwaas policy-in-code support)
Depends-On: https://review.openstack.org/527282
(neutron-dynamic-routing policy-in-code support)
Depends-On: https://review.openstack.org/625429
(networking-sfc policy-in-code support)
Depends-On: https://review.openstack.org/625431
(Drop 3rd-party plugin specific policies)
Depends-On: https://review.openstack.org/625394
Partially Implements: blueprint neutron-policy-in-code
Co-Authored-By: Michal Kelner Mishali <mkelnermishal@vmware.com>
Co-Authored-By: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: I96a9dbd759d54308abbc12ce65c97b06a76453cd
Implementing the Octavia support for NSX-V & NSX-T.
Follow up patches will handle the TVD plugin, Status updates,
and migration.
Since Octavia is not (yet?) in the requirements, using a hack to allow unittests
to be skipped.
Co-Authored-by: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: Iadb24e7eadcab658faf3e646cc528c2a8a6976e5
The VPNaaS plugin expects the driver to update the connection status
from a separate process/thread/agent.
When the user requests a connection/list, the status is retrived from the VPNaaS DB,
without calling the driver.
To avoid adding a process to actively query and update all connections statuses, this
patch creates a new VPNaaS plugin, to be used instead of hte default one.
This plugin (vmware_nsx_vpnaas) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Change-Id: Ib750bfb8f0c8ad12265fa71506182ff5d7e8030a
The LBaaS V2 plugin expects the driver to update the LB objects operating
status from a separate process/thread.
When the user requests the LB status (or just the LB object itself with GET),
the operating status is retrived from the LBaaS DB, without calling the driver.
To avoid adding a process to actively query and update all objects statuses,
this patch creates a new LBaaSV2 plugin, to be used instead of the default one.
This plugin (vmware_nsx_lbaasv2) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Depends-on: I71a56b87144aad743795ad1295ec636b17429035
Change-Id: I3c4e75d92a1bacdb14292a8db727deb4923a85d9
Monitor LBaaS objects which are stuck in PENDING_CREATE or
PENDING_UPDATE states, and optionally change their mode to ERROR so
they can be cleaned up.
Change-Id: Ic3409590e52f885d367dae3b34f0066d01003b06
Adding service plugins for QoS, VPNaaS and L2Gateway
and updating the BGP plugin
to prevent users from getting objects belonging to a different
plugin
Change-Id: I3545c3acefaf50ca6937a0b7a65c131c569317cd
This change removes the now unused "warnerrors" setting, which is
replaced by "warning-is-error" in sphinx releases >= 1.5 [1].
[1] http://lists.openstack.org/pipermail/openstack-dev/ 2017-March/113085.html
Change-Id: Ie82fce03c73f4a78b557caecc5bcf4ad9c8b7cb1
Closes-Bug:#1693670
Adding FWaaS v1/v2 plugins to be used with the TVD core plugin.
The plugins will make sure to separate the v/t returned lists
using the same solution that was introduced for the LBass, now as a
general class decorator.
Change-Id: I5f01b8cf093d5ef3b340dce2d12fc41031dd12e9
The patch ensures that only a V tenant can see v resources and the
same for a T tenant/project.
NOTES:
1. In the neutron configuration file a new service plugin is created.
So we need the following:
[DEFAULT]
service_plugins = vmware_nsxtvd_lbaasv2
2. The extensions path needs to be updated so that the default LBaaS
extensions can be loaded.
So for example in the devstack case we need to configure:
[DEFAULT]
api_extensions_path = /opt/stack/neutron-lbaas/neutron_lbaas/extensions
Change-Id: Iea497cbb150048bedf712a195c7854e4836ad4a5
When there is a failure during the recycling of an edge appliace to the
backup pool, the edge at the backend may still be attached to networks
and use IP addresses which are free for reuse by Neutron.
Housekeeping job should address such cases.
Change-Id: I3a8ba622f742064bdc8906ba745da0a54a4576ac
Implements a generic mechanism to cleanup and fix various breakages and
issues between neutron, plugin and backend.
Also adds a housekeeping job which detects and handles broken DHCP edge
issues.
Change-Id: I5324befbe2c7740b8ed47e0a20586f8aca0726f1
Drivers for FWaaS V1/V2 for the NSX-TV plugin
Those drivers are just wrappers calling the right driver according to
the project of the firewall object.
Change-Id: Ia073da9c91cb4d69d772b3e0d0ab6f5c3fd60795
Introduce a plugin that can work with all of the VC and NSX
offerings under the same umbrella of a single plugin.
Co-Authored-By: Adit Sarfaty <asarfaty@vmware.com>
Change-Id: I0449d64e3cf79b7a3a846dacba95e8854d53bdf8
One can enable DNS integration for the upstream neutron
DNS integration extension by setting:
nsx_extension_drivers = vmware_dvs_dns
Closes-Bug: #1727626
Change-Id: If776d21679acfa2abf8018a8f6f19b58be24cb4b
For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.
Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
FWaaS V2 support in NSX-v3.
Support different firewall group per router interface port for
igress/egress.
limitation: cannot support egress rules with source ip, or ingress
rules with destination ips.
Depends-on: I2a37be5518bfc8124ffca2ab05f684d8c1c3d673
Change-Id: I3ed70fa48d078bed15f30e855b73bdfb11d11c6e
In vmware_nsx/plugin.py, NSX|mh plugin has been defined as
NsxPlugin and there is no NsxMhPlugin. To use alias for NSX|mh
plugin, vmware_nsx should be used instead of vmware.
Change-Id: Iff5cfe5a60809cf3c26d4445f0c3fb4b89db968f
This now existsin the vmware_nsx_tempest_plugin
Change-Id: I76e5856deeeb06b87675314635d06aa0291143eb
Depends-On: I804c3fd1e0c9cbeb454677e7951072ad74391fec
Adding FW rules to protect the traffic north-south behind a T1 router.
This will be done only if a firewall was attached to the router.
This includes:
- FWaaS rules
- Drop all default rule
When the firewall is deleted or the router removed from it,
a default allow all rule will be set.
For the rotuer firewall to work, the rotuer NAT rules should set
nat-bypass=False.
Change-Id: Iba03db8ca67ee10d1c54b96fb41a888cb549684d
* Added vmware_nsx_tempest under packages in setup.cfg so that
tempest can discovers it.
* Removed pbr version from vmware_nsx_tempest (in-tree tempest plugin)
as it causes versioning issue with the main package vmware_nsx.
* Added all sections and options defined in tempest plugin conf
so that tempest can retrive all the tempest sample configurations.
Depends-on: Iab0202a28bfa525c4cd91e776ac2bdba56a807f6
Change-Id: I2f706b8cdb31c53d951b059f939fb0d6afc32958
Closes-Bug: #1691122
If config neutron.core_plugins values for vmware_nsx.plugin.NsxVPlugin.
It throw warning for 'stevedore.named [-] Could not load vmware_nsx.plugin.NsxVPlugin'.
So,Add vmware_nsx vmware_nsxv vmware_nsxv3 and vmware_dvs entry_point in neutron.conre_plugins group.
Change-Id: Ie2a5a4d00bd15ad838737948e2eb8eec69f3303b
The openstack.org pages now support https and our references to
the site should by default be one signed by the organization.
Change-Id: I0448c7bc0294db867bc1766da7aaf07912575dbe
One can enable DNS integration for the upstream neutron
DNS integration extension by setting:
nsx_extension_drivers = vmware_nsxv_dns (for NSXV)
nsx_extension_drivers = vmware_nsxv3_dns (for NSXV3)
Change-Id: Id100f8034e602d92310d22f900c48d9dfbe59a8d
The NSX-V3 plugin will use the NSX-V3 backend IPAM.
An IP pool will be created for each subnet, and port IPs will be allocated
from this pool.
The current backend limitation is that we cannot allocate a specific IP,
so port create/update with fixed_ips will fail, unless the requested ip
is the subnet gateway ip.
To enable this option set 'ipam_driver = vmware_nsxv3_ipam' in the
neutron.conf
Change-Id: I5263555cbb776018a5d01f19d0997fd2adf6483d
Now that there exists only a gate job for Python 3.5 and not 3.4,
we should remove those references to the 3.4 that is untested.
Change-Id: Idb66d124611de879b33c0f8bd20f37f24da443b4
