1040 Commits

Author SHA1 Message Date
Jenkins
8538db828a Merge "Remove neutron-fwaas specific policies" 2017-07-26 08:49:43 +00:00
Akihiro Motoki
a52f3af266 Remove neutron-fwaas specific policies
Drops unit tests related to fwaas policies.

Tests related to get_firewall_policy/rule are also unnecessary.
They have been migrated to neutron-fwaas already.

Closes-Bug: #1703347
Depends-On: I6dc6b2295a605444c918e44949f4b1485177e82e
Change-Id: Ie866f140fd4e5537ff0d757304ab5279f0cf0a79
2017-07-16 17:56:25 +00:00
Nguyen Phuong An
913c9e78b9 [log]: implement logging plugin
This patch introduces the logging api definition and initial
implementation of LoggingApiPlugin. The api definition code will
be removed after [1] has been merged on neutron lib.

[1]https://review.openstack.org/#/c/415817/

Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>

Partially-implements: blueprint security-group-logging
Related-Bug: #1468366
Change-Id: Iace31506502de25da9dce5fcfdbfe2c726bea27f
2017-07-12 13:30:50 +07:00
Miguel Angel Ajo
6037e53f07 Remove deprecated support for QoS notification_drivers
In Ocata, notification_drivers were deprecated in favor of
the new QoSDriver architecture.

This patch removes backwards compatible support for notification
drivers along with its testing.

Change-Id: I5f747635be3fd66b70326d9f94c85a6736286bd2
2017-04-17 06:32:01 -07:00
Jenkins
fc5aafaf57 Merge "Adding missing neutron policies to policy.json" 2017-04-17 05:17:21 +00:00
Felipe Monteiro
8fad40bd2f Adding missing neutron policies to policy.json
Currently, Neutron's policy.json does not exhaustively
list all the policy actions within Neutron.

This has some downsides:
  1) It makes it harder to override these policy actions
  2) It is inconsistent
  3) The policy.json should be a "golden copy" of all the
     policy actions enforced by the system.
  4) It makes it harder to RBAC test Neutron
     (because it is very difficult to determine which
      policy actions are valid and which are not).

The current policy actions that are enforced by the system
but not contained in the policy.json are as follows:
  - create_security_group
  - delete_security_group
  - delete_security_group_rule
  - get_security_group_rules
  - get_security_groups
  - get_security_group_rule
  - get_security_group
  - update_security_group
  - update_router
  - update_router:external_gateway_info
  - update_router:external_gateway_info:network_id

Closes-Bug: #1676674
Change-Id: I4625c8f55bfa46b1a2209642e425677a47455219
2017-04-12 16:05:35 +01:00
Carlos Goncalves
89de63de05 Port data plane status extension implementation
Implements the port data plane status extension. Third parties
can report via Neutron API issues in the underlying data plane
affecting connectivity from/to Neutron ports.

Supported statuses:
  - None: no status being reported; default value
  - ACTIVE: all is up and running
  - DOWN: no traffic can flow from/to the Neutron port

Setting attribute available to admin or any user with specific role
(default role: data_plane_integrator).

ML2 extension driver loaded on request via configuration:

  [ml2]
  extension_drivers = data_plane_status

Related-Bug: #1598081
Related-Bug: #1575146

DocImpact: users can get status of the underlying port data plane;
attribute writable by admin users and users granted the
'data-plane-integrator' role.
APIImpact: port now has data_plane_status attr, set on port update

Implements: blueprint port-data-plane-status

Depends-On: I04eef902b3310f799b1ce7ea44ed7cf77c74da04
Change-Id: Ic9e1e3ed9e3d4b88a4292114f4cb4192ac4b3502
2017-04-11 19:56:13 +00:00
Huan Xie
3d58ce44d4 Deal with port commonly when hypervisor is XenServer
When neutron is deployed with hypervisor is XenServer, current
implementation will grab port's iface-id via xapi, but this isn't
the proper way:
Port's iface-id is already set when creating VM or hot plugging
VIFs in nova project, so there is no need to grab it via xapi

Change-Id: Ie07527cc89ac81ff1e3519db66925cee482f77a4
Closes-Bug: #1649747
2017-03-30 22:33:14 -07:00
Jenkins
6dba921f2d Merge "Add PD support in HA router" 2017-03-15 07:25:35 +00:00
Robert Li
bb3c0e8285 Add PD support in HA router
The following enhancements are added:
  -- PD keeps track of status of neutron routers: active or
     standalone (master), or standby (not master),
  -- PD DHCP clients are only spawned in the active router. In the
     standby router, PD keeps track of the assigned prefixes, but
     doesn't spawn DHCP clients.
  -- When switchover occurs, on the router becoming standby, PD
     clients are "killed" so that they don't send prefix withdrawals
     to the DHCP server. On the router becoming active, PD spawns DHCP
     clients with the assigned prefixes configured as hints in the
     DHCP client's configuration

Closes-Bug: #1651465
Change-Id: I17df98128c7a88e72e31251687f30f569df6b860
2017-03-15 04:31:09 +00:00
Jenkins
b29339f28f Merge "iptables: stop 'fixing' kernel sysctl bridge firewalling knobs" 2017-03-15 02:45:53 +00:00
Jenkins
26b8848a9e Merge "Switch ns-metadata-proxy to haproxy" 2017-03-14 17:32:13 +00:00
Daniel Alvarez
3b22541a2a Switch ns-metadata-proxy to haproxy
Due to the high memory footprint of current Python ns-metadata-proxy,
it has to be replaced with a lighter process to avoid OOM conditions in
large environments.

This patch spawns haproxy through a process monitor using a pidfile.
This allows tracking the process and respawn it if necessary as it was
done before. Also, it implements an upgrade path which consists of
detecting any running Python instance of ns-metadata-proxy and
replacing them by haproxy. Therefore, upgrades will take place by
simply restarting neutron-l3-agent and neutron-dhcp-agent.

According to /proc/<pid>/smaps, memory footprint goes down from ~50MB
to ~1.5MB.

Also, haproxy is added to bindep in order to ensure that it's installed.

UpgradeImpact

Depends-On: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
Depends-On: Ia37368a7ff38ea48c683a7bad76f87697e194b04

Closes-Bug: #1524916
Change-Id: I5a75cc582dca48defafb440207d10e2f7b4f218b
2017-03-08 15:20:50 +00:00
Ihar Hrachyshka
c1dfb53bf1 iptables: stop 'fixing' kernel sysctl bridge firewalling knobs
Those are different on different kernel versions, and have reasonable
default values on all newer kernel versions, including RHEL. We
nevertheless made devstack to set those in the past; now I propose to
clean the code from neutron tree and leave it up to deployment tools to
fix in an unlikely case the system has broken default values.

Now that iptables firewall code does not trigger sysctl, we can also
remove this filter from the corresponding rootwrap .filters file.

DocImpact make sure deployment docs mention the expected sysctl knob
          values.

Change-Id: Iabf61021c90b0536be274463d48fb5a572ecc023
Related-Bug: #1622914
2017-02-27 15:14:14 +00:00
Hirofumi Ichihara
e3063496cf Revert "Linux Bridge: driver support for QoS egress minimum bandwidth"
This reverts commit 84b3ae3ae9111e241352bdccad238c9fd37b83df.

The logic was incorrect[1]. We cannot achieve QoS egress minimum bandwidth of Linuxbridge by the patch. I also think that the issue is not solved by small patch and we must consider deeply.

[1]: https://bugs.launchpad.net/neutron/+bug/1662582

Change-Id: Id4703b5c63876f16e31b6805cd147b5840a4a591
2017-02-09 19:11:00 +00:00
Jenkins
4157c2888e Merge "Linux Bridge: driver support for QoS egress minimum bandwidth" 2017-01-25 10:13:03 +00:00
Jenkins
86d47bad2d Merge "XenAPI: Support daemon mode for rootwrap" 2017-01-21 02:18:20 +00:00
Davanum Srinivas
d6c99d521f Add KillFilter for python 3.5
When we run devstack with USE_PYTHON3, the existing KillFilter
definitions are not enough. Let's add one specific to python 3.5
as well.

Change-Id: I2472e4e39315225d6c9ea1651c8e3b20edc59b49
2017-01-20 15:08:56 +00:00
Jianghua Wang
8047da17db XenAPI: Support daemon mode for rootwrap
For Neutron's compute agent in a XenServer's compute node, the commands
actually need run in Dom0. Currently XenServer only supports rootwrap
for that purpose by invoking a script which invokes XenAPI to execute
commands in dom0. There are much performance overhead due to it requires
parsing on the script and the configuration file every time running
commands.

This change is to support daemon mode with which each agent service will
call XenAPI directly to execute commands in dom0. And it will keep the
single XenAPI session.

DocImpact: Need update the following configuration.

file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
root_helper_daemon = xenapi_root_helper
[xenapi]
connection_url = http://169.254.0.1
connection_username = root
connection_password = xenroot

Closes-Bug: #1585510
Change-Id: I684034359fe0571bc92dbcf342a9821553b1da35
2017-01-19 07:33:43 +00:00
Rodolfo Alonso Hernandez
84b3ae3ae9 Linux Bridge: driver support for QoS egress minimum bandwidth
This patch provides the Linux Bridge agent driver the ability to control
Linux Traffic Control (TC) to set the minimum required transmission rate
for an interface.

The TC library is refactored to use HTB qdiscs. This allows TC to
define, for several flows in the same interface, the maximum and the
minimum network bandwidth and the burst size.

To be able to do traffic shaping (instead of policing) for ingress
traffic, a new element, the Intermediate Functional Block device (IFB)
is introduced.

DocImpact
Partial-Bug: #1560963

Change-Id: I4d4db54519f1435068d1af38819404d1e5d9cd52
2017-01-13 15:44:16 +00:00
Jenkins
296670e3ff Merge "SR-IOV: remove ml2_conf_sriov.ini from oslo-config-generator" 2017-01-04 09:44:21 +00:00
Davanum Srinivas
45ef8997e8 Remove Duplicate line in privsep.filters
Only one line is picked up by configparser, so we should just
have one in the default privsep.filters file. This was found when
a stricter configparser kicked in for a python3.5 test.

Closes-Bug: #1652157
Change-Id: Ib7d9aa0e0b74a936002e0eea0b3af05102b06a62
2016-12-23 10:59:57 -05:00
Jenkins
77de472680 Merge "Adopt privsep and read routing table with pyroute2" 2016-12-22 12:00:03 +00:00
Omer Anson
9183da7c96 Adopt privsep and read routing table with pyroute2
Make use of oslo.privsep to support namespaces. This includes all
relevant code necessary for oslo.privsep to work.

Change ip_lib's get_routing_table method to use pyroute2, rather than
parsing the output of 'ip route'.

Change-Id: I89bfa3dbf1776da973cfca389b2841019a520f75
Partial-Bug: 1492714
Co-Authored-By: Angus Lees <gus@inodes.org>
2016-12-21 17:52:58 +02:00
Moshe Levi
e9efe86856 SR-IOV: remove ml2_conf_sriov.ini from oslo-config-generator
This I42dadfd0b62730ca2d34d37cb63f19f6fec75567 patch
remove the supported_pci_vendor_devs option and now
no additional options are required for sriov ml2 mech
driver. The is a clean up patch to remove also the
ml2_conf_sriov.ini from the oslo-config-generator.

Closes-Bug: #1641220

Change-Id: Ida6c0930ce65169a9bc59ef80d6b427b2d5d4e09
2016-12-21 08:27:07 +02:00
Daniel Alvarez
1d38f30555 Kill processes when cleaning up namespaces
This patch will kill processes that are listening on any port/UNIX
socket within the namespace to be cleaned up. To kill them it will
issue a SIGTERM to them (or to their parents if they were forked) and,
if they don't die after a few seconds, a SIGKILL to them and all their
children.

This is intended for those cases when there's no specific cleanup and
serves as a fallback method.

Change-Id: I4195f633ef4a1788496d1293846f19eef89416aa
Partial-Bug: #1403455
2016-12-20 10:52:41 +00:00
Ihar Hrachyshka
a8e1badbd2 Expose OVS bridge related options into metering agent config file
Agent state options (report_interval), or interface related options
(f.e. ovs_integration_bridge) should be exposed into all configuration
files for all agents that may report a state, or instantiate a bridge
object.

Since some of options that were previously considered 'base' don't apply
to metering agent (specifically, availability_zone), moved them into
separate lists and included them into relevant agents (l3 and dhcp).

The only glitch with the change is that log_agent_heartbeats option is
now exposed into metering agent configuration file, even though the
agent does not honour it. I think it's minor and we can live with it.

Change-Id: Ibceca20cec60e75a8c6ddd35f3f9cb8cca272a9e
2016-10-02 12:33:52 +00:00
Jenkins
a6c5737eb7 Merge "iptables: fail to start ovs/linuxbridge agents on missing sysctl knobs" 2016-10-21 02:14:02 +00:00
Juan Antonio Osorio Robles
19c354aacd Add http_proxy_to_wsgi to api-paste
This sets up the HTTPProxyToWSGI middleware in front of Neutron-API. The
purpose of this middleware is to set up the request URL correctly in
case there is a proxy (For instance, a loadbalancer such as HAProxy)
in front of Neutron.

So, for instance, when TLS connections are being terminated in the
proxy, and one tries to get the versions from the / resource of
Neutron, one will notice that the protocol is incorrect; It will show
'http' instead of 'https'. So this middleware handles such cases.
Thus helping Keystone discovery work correctly.

The HTTPProxyToWSGI is off by default and needs to be enabled via a
configuration value.

Change-Id: Ice9ee8f4e04050271d59858f92034c230325718b
Closes-Bug: #1590608
2016-10-14 11:24:03 +03:00
Ihar Hrachyshka
e83a44b96a iptables: fail to start ovs/linuxbridge agents on missing sysctl knobs
For new kernels (3.18+), bridge module is split into two pieces: bridge
and br_netfilter. The latter provides firewall support for bridged
traffic, as well as the following sysctl knobs:

* net.bridge.bridge-nf-call-arptables
* net.bridge.bridge-nf-call-ip6tables
* net.bridge.bridge-nf-call-iptables

Before kernel 3.18, any brctl command was loading the 'bridge' module
with the knobs, so at the moment where we reached iptables setup, they
were always available.

With new 3.18+ kernels, brctl still loads 'bridge' module, but not
br_netfilter. So bridge existance no longer guarantees us knobs'
presence. If we reach _enable_netfilter_for_bridges before the new
module is loaded, then the code will fail, triggering agent resync. It
will also fail to enable bridge firewalling on systems where it's
disabled by default (examples of those systems are most if not all Red
Hat/Fedora based systems), making security groups completely
ineffective.

Systems that don't override default settings for those knobs would work
fine except for this exception in the log file and agent resync. This is
because the first attempt to add a iptables rule using 'physdev' module
(-m physdev) will trigger the kernel module loading. In theory, we could
silently swallow missing knobs, and still operate correctly. But on
second thought, it's quite fragile to rely on that implicit module
loading. In the case where we can't detect whether firewall is enabled,
it's better to fail than hope for the best.

An alternative to the proposed path could be trying
to fix broken deployment, meaning we would need to load the missing
kernel module on agent startup. It's not even clear whether we can
assume the operation would be available to us. Even with that, adding a
rootwrap filter to allow loading code in the kernel sounds quite scary.
If we would follow the path, we would also hit an issue of
distinguishing between cases of built-in kernel module vs. modular one.
A complexity that is probably beyond what Neutron should fix.

The patch introduces a sanity check that would fail on missing
configuration knobs.

DocImpact: document the new deployment requirement in operations guide
UpgradeImpact: deployers relying on agents fixing wrong sysctl defaults
               will need to make sure bridge firewalling is enabled.
               Also, the kernel module providing sysctl knobs must be
               loaded before starting the agent, otherwise it will fail
               to start.

Depends-On: Id6bfd9595f0772a63d1096ef83ebbb6cd630fafd
Change-Id: I9137ea017624ac92a05f73863b77f9ee4681bbe7
Related-Bug: #1622914
2016-09-26 14:49:05 +00:00
Michael Krotscheck
26e9105b62
Neutron versions api now has its own middleware pipeline
This patch exposes the root (version) resource to CORS-enabled
browser clients that wish to perform API version discovery. It
does this by creating a new composite pipeline for the neutronversions
app, adding the already-existing CORS middleware into the chain.

This feature is required for js-openstack-lib, and its devstack
tests. https://review.openstack.org/#/c/366905/

Change-Id: I6611839f38d553fc29c813a4b8d874fde77b8034
required-by: Ia2f59213eedf6d7acbb02789ee921c13ff391d09
2016-09-08 13:17:28 -07:00
Yushiro FURUKAWA
f72863a6b6 Remove FWaaS policy.json entries
The FWaaS policy.json entries are being relocated into the FWaaS
repository.

Co-Authored-By: Nate Johnston <Nate_Johnston@cable.comcast.com>
Depends-On: Idd8993da78dbd779e2b3d38a4039dabf60d416d5

Change-Id: Iec36638a7a57cc14753e93c5d207853d4a3e3b6e
2016-09-06 21:30:41 +00:00
Jenkins
3ce2450d98 Merge "Adding support of releasing DHCPv6 leases" 2016-09-01 07:33:35 +00:00
Sergey Nechaev
2aa23de58f Adding support of releasing DHCPv6 leases
Original problem is that dhcp_release does not work with IPv6, but IPv6
leases still should be released. For example:

1. Start VM in dhcpv6-stateful network, make it acquire IPv6 address.
2. Delete VM.
3. Start another VM in same network before lease expires.

There's a very high chance that the same IPv6 address will be allocated
for both of these VMs (same address will be reused after first VM was
deleted).

On DHCP agent, hosts file would be changed, but not lease file, so
dnsmasq will not give second VM address until lease expires. Reducing
lease time is not a good solution here.

Solution is adding invocation of dhcp_release6 utility when
releasing IPv6 address. dhcp_release6 utility appears in dnsmasq 2.76.
It crafts DHCP6_Release packet, sends it from passed network
interface to IPv6 multicast address and waits for DHCP6_Reply.

Closes-Bug: 1521666
Change-Id: I5efab81cdaf0676503b6c7da0d4b4f400d859286
2016-08-31 17:33:54 -04:00
Rodolfo Alonso Hernandez
60325f4ae9 Add QoS minimum bandwidth rule for instance egress traffic
This patch introduces the front end implementation for QoS
minimum bandwidth rule.

APIImpact: New type of parameter for QoS rule in neutron API
DocImpact

Change-Id: I6b619a96a2bfde164646c71409b671352bc6ce7d
Partial-Bug: #1560963
2016-08-27 17:08:18 +00:00
Miguel Lavalle
5e3c284fba Revert "Publish segment id in port responses"
This reverts commit b35d7fa3cbcd68ef10b9c40a47c0698c7e0a2089.
Patchset set is reverted after deciding Nova can get the segment_id
from the subnet associated to the port

Change-Id: Idf4ba107bf6e1427c82ab5b6a5cea0dba9264699
2016-08-18 06:01:22 -05:00
Miguel Lavalle
b35d7fa3cb Publish segment id in port responses
In this patchset, attribute 'ipam_segment_id' is added to ports to
contain the id of the segment where the port is bound in the case of a
routed network. This new attribute will be used by the Nova scheduler
to place an instance using the port in a host bound to the segment

Change-Id: Ide13a7c53c5f4a33894f459c38924830ba583f98
Partially-Implements: blueprint routed-networks
2016-08-11 21:00:48 -05:00
Brian Haley
eead641242 Enable CRUD for Subnet Service Types
This patch enables basic CRUD operations to support
Subnet service-types.

Partially-implements: blueprint service-subnets

Co-Authored-By: John Davidge <john.davidge@rackspace.com>

Change-Id: I0a1724ad00f0a3e675bb700cdd291f55f898c6f3
2016-08-05 16:31:30 -07:00
Ryan Tidwell
9cda319687 Enable CRUD for trunk ports
This patch enables basic CRUD operations on trunk ports and defines
related API extensions. Trunk ports and sub-ports can be persisted
in the Neutron model and are made visible through the API, but the
L2 agent is not notified and no trunk ports or subports are actually
instantiated on compute hosts.

This one of the main patches in the series that implement the end
to end functionality.

Partially-implements: blueprint vlan-aware-vms

Co-Authored-By: Armando Migliaccio <armamig@gmail.com>
Change-Id: I26453eb9a1b25e116193417271400994ac57e4c1
2016-07-02 16:09:45 -07:00
Fang Zhen
56efc8ac76 Switch to oslo.cache
Oslo incubator is about to stop for cache module. We could use
oslo.cache instead. The legacy memory backend is replaced by
oslo_cache.dict.

Closes-Bug: #1517883

Change-Id: I108242ca9f27c9ec47959ce7615bc7d84cae014b
2016-06-02 15:22:36 +00:00
Jenkins
f602918205 Merge "Remove remaining BGP code from neutron" 2016-05-25 06:50:07 +00:00
Na
12200922a9 Remove remaining BGP code from neutron
There still are BGP codes in neutron repo, this patch remove it.
It was missed in commit I20b6ddd37d10eae70e8294d578e53137c0f866fe

Change-Id: I6bf71b14a03ccc005dcd4d67078e7e9f4a7ed197
Closes-Bug: #1584333
2016-05-24 06:36:54 -07:00
Dina Belova
9a43f58f4d Add OSprofiler support
* Add osprofiler wsgi middleware. This middleware is used for 2 things:
  1) It checks that person who wants to trace is trusted and knows
     secret HMAC key.
  2) It starts tracing in case of proper trace headers
     and adds first wsgi trace point, with info about HTTP request

* Add initialization of osprofiler at start of service
  Currently that includes oslo.messaging notifer instance creation
  to send Ceilometer backend notifications.

Neutron client change: Ic11796889075b2a0e589b70398fc4d4ed6f3ef7c

Co-authored-by: Ryan Moats <rmoats@us.ibm.com>
Depends-On: I5102eb46a7a377eca31375a0d64951ba1fdd035d
Closes-Bug: #1335640
DocImpact Add devref and operator documentation on how to use this
APIImpact
Change-Id: I7fa2ad57dc5763ce72cba6945ebcadef2188e8bd
2016-05-20 11:35:59 -05:00
Carl Baldwin
f494de47fc Associate subnets to segments through subnet API
Change-Id: Ia1084a94ac659332c126eb9d4787b04a89a4ba90
DocImpact: Need to add segment_id to API docs
Partially-Implements: blueprint routed-networks
2016-05-10 15:56:48 -06:00
Carl Baldwin
a34c3543d0 Basic Extension and CRUD for Segments
This patch enables CRUD on Segments by defining a new entity called
'Segment' with an extension definition and some DB code to read the
existing segments DB.  A basic framework for create, update, and
delete are provided.

For now, this is just the basic boiler-plate but I've got to start
somewhere.  It is implemented as a service plugin that is disabled by
default because it has not been fully tested with any plugin.
Follow-on patches will implement support for this new extension in
ML2 and OVN at least.

Change-Id: Ifc370fdd38f9a5b296334635fa85bd93d270b910
Partially-Implements: blueprint routed-networks
2016-05-05 13:58:34 -06:00
Armando Migliaccio
e8d3626d1c Remove BGP code from neutron
Once the spinout is undergoing we should perform the eviction.

Partially-implements: blueprint bgp-spinout

Depends-on: I8be510153edbc496575cde34943ca4c56645e0fb
Change-Id: I20b6ddd37d10eae70e8294d578e53137c0f866fe
2016-04-25 21:54:06 -07:00
Sławek Kapłoński
6dcdb15dce LinuxBridge agent's QoS driver bw limit for egress traffic
QoS service plugin provides for now bandwidth limit rules for egress traffic
only (from VM point of view). QoS extension driver for Linuxbridge agent now
configures limits in proper way on tap interface so limited is traffic which is
outgoing from VM.
Linuxbridge agent's QoS extension configures egress bandwidth limit and burst
value in exactly same way how openvswitch is doing it with tc.
Old methods in TcCommand class will stay untouched because they can be used
later to implement also ingress bandwidth limits in QoS.

Change-Id: Id2b0463f49df52744e5bc3979a4cfd0ff06f9248
Closes-bug: #1563720
2016-04-18 14:07:07 +00:00
David Shaughnessy
a9a1943fde DSCP QoS rule implementation
This patch adds the front end and back end implementation of QoS DSCP.

Associated patches that are dependent on this one:

* python-neutronclient: https://review.openstack.org/#/c/254280
* openstack-manuals: https://review.openstack.org/#/c/273638
* API Guide: https://review.openstack.org/#/c/275253
* Heat:
  * Spec: https://review.openstack.org/#/c/272173
  * QoSDscpMarkingRule resource: https://review.openstack.org/#/c/277567
* Fullstack tests: https://review.openstack.org/#/c/288392/

APIImpact - The API now supports marking traffic egressing from a VM's
            dscp field with a valid dscp value.

Co-Authored-By: Nate Johnston <nate_johnston@cable.comcast.com>
Co-Authored-By: Victor Howard <victor.r.howard@gmail.com>
Co-Authored-By: Margaret Frances <margaret_frances@cable.comcast.com>
Co-Authored-By: James Reeves <james.reeves5546@gmail.com>
Co-Authored-By: John Schwarz <jschwarz@redhat.com>
Needed-By: I25ad60c1b9a66e568276a772b8c496987d9f8299
Needed-By: I881b8f5bc9024c20275bc56062de72a1c70c8321
Needed-By: I48ead4b459183db795337ab729830a1b3c0022da
Needed-By: Ib92b172dce48276b90ec75ee5880ddd69040d7c8
Needed-By: I4eb21495e84feea46880caf3360759263e1e8f95
Needed-By: I0ab6a1a0d1430c5791fea1d5b54106c6cc93b937
Partial-Bug: #1468353

Change-Id: Ic3baefe176df05f049a2e06529c58fd65fe6b419
2016-03-18 10:07:24 +01:00
Jenkins
2768da320d Merge "Moved CORS middleware configuration into oslo-config-generator" 2016-03-10 09:22:23 +00:00
Jenkins
774303cfa3 Merge "Autogenerate macvtap agent config file" 2016-03-04 07:06:43 +00:00