When LBaaS specifies protocol as TERMINATED_HTTPS, NSX Edge should be
configured with protocol-type=https.
Also, as Edge supports HTTPS without termination as well, we do not need
to use TCP as protocol type for HTTPS as well.
Change-Id: I16ae69537706862634e1f1bda3be6ae0aeb052d3
Add vxlan enum in tz_network_bindings table, thus it can be
used for provider:network_type.
Also make provider:network_type required when creating a
provider network.
Change-Id: I4f07cea2149964c75eb72d6acf7b8fc5fcba4044
Patch https://review.openstack.org/#/c/259534 have modified the length
of the id fields for the certificates in neutron-lbaas.
Id field in vmware-nsx should match the length in neutron.
Change-Id: I25d868747c79dcaaeb5691b8cc1cf3cacf804de7
Skip the new test test_route_update_with_external_route. This was
added by commit 3d5d378769f0715e3254ac00b6f091a6f9f6960b. This
is not supported by the plugin.
Change-Id: I9c96736162bd8ba92fb32e88ebd82f39ae4adbf5
When trying to delete router interface which is in use such as FIP
case, the request should be rejected and we should not delete the port
the backend.
Fixes-Bug: #1548624
Change-Id: I3a77f7dd47faca84e15950f40cc43a74d24ffab9
Commit 8052c3985325e9067d83496936092ee9334df75b broke the unit
tests for the NSXv plugin. The tests added upstream updated
the MAC address and this is not supported and should be skipped
in the NSX|V
Co-Authored-By: Aaron Rosen <aaronorosen@gmail.com>
Change-Id: I876e7f74e74bd48430cdd42ab7c5533e495e9a49
Some of the api/scenario tempest tests are common across all NSX
plugins. Instead of putting one under each plugin test directory,
create api and scenario folders as a placeholder for all tests
that all common across the plugins.
Change-Id: Ife53c86699942a6ad47bf0a49eb3c2190b9b64f5
Previously, an internal metadata network is created
for a router whenever a subnet is attached to this router.
The purpose of this internal network is to help processing
metadata requests from instances on DHCP-disabled networks.
This commit adds a config option to create internal metadata
networks only when a DHCP-disabled subnet is attached to a router.
This will help saving system resources because each metadata
network consumes one DHCP name space.
Change-Id: Ia56050b3f431dbd65bb39da29ba6dbf8e62e36ea
When creating a router with --no-snat option, routes were not published
to PLR and therefore returning traffic could not reach the TLR.
This patch addresses this issue
Change-Id: I50f7015547a9461da0d2e5cff6d8a3f3ca41c1e0
This patch moves remove_router_interface_info db call ahead of backend
call so that any validation check can be executed before calling
backend.
Fixes-Bug: #1548624
Change-Id: I34052efb5a39c40987d720720cb62c292d0b4859
1. remove test_network_basic_ops from tempest-scenario suite.
2. test_network_basic_ops in nsxv/scenario that overwrite the
checking_network_internal_connectivity to by-pass dhcp
service tests.
3. skip test_update_instance_port_admin_state by set
port_admin_state_change = False
under network-feature-enabled session
Change-Id: Iede18daa61f9e5211a6669edb72778696011223b
Sometimes vdr interface deletion rest call would fail due to NSX
manager's internal handle error. Once it happened, DB inconstency may
occur. The patch fixed the bug by adding retrying method to ensure
deletion rest call can finally be executed at the backend.
Change-Id: I9e5ded204dbd22771f79eedab50f56f9a456f4cd
This reverts commit 3d9b3610ebbb97b90ef8e219df18a0ab137cfe0f.
We need to revert this as it break Nova. The reason is that Nova gets the network-id and expects that that be the ID of the NSX network...
Change-Id: I0e8db2dd5504e8b60f278d4664f80749e557dca5
A backend call may fail with ServiceClusterUnavailable, which is not a
ManagerError, therefore, we should not assume that backend resources were
succesfully created if no ManagerError was raised.
This patch only changes the create_security_group method with that
logic, other methods may also require a similar change.
Change-Id: I0170b910f246e8bb0d05fca12d4d8de3cbb26a4f
Closes-Bug: #1546474
Do the following for NSXv locking:
- Drop external=True from get_lock() calls: this is redundant as
locking wrapper appends this anyway.
- Add locking for distributed router module.
- Use edge-id as lock id when locking various edge attributes.
- Drop the use of lock_file_prefix as it is not supported by
distributed locking.
Change-Id: I13115f65a89d5fae507f87f7fb1ac096089e385a
Create a separate network (logical switch) id from the nsx-t,
keep it in the db binding table, and use it later for update/delete
network actions.
This also removes an extra call to update the backend when creating
a network.
Change-Id: I56188e3b0aa80cf46013afe1c1c6013489007c05
Initial release of MTZ scenario test cases.
Those tests validate VMs booted from networks with different TZs
and be able to reach others under shared or exclusive routers.
Change-Id: I4b71976b663c978c33a801b29c58b320c2348b53