This patch adds additional logging of tcpdump stderr output in
DSCP marking packets tests.
It is required to figure out why those tests are failing sometimes.
Change-Id: I02fe64bf817b47970e4e073f48ea8dea53bdd4f5
Related-Bug: #1733649
In the current code, if user specifies floating-ip-address
and subnet, we only process the subnet when creating
the fip port.
This patch adds floating_ip_address and subnet_id to
fip port's fixed_ips, if floating_ip_address is not in the subnet,
InvalidIpForSubnet exception will be raised.
This patch also fixes a default value error in tests.
Change-Id: I436353690839281ca7e13eaf792249306b71dd4b
Closes-Bug: #1732890
Instead of using old _get_subnet() method new method
_get_subnet_object() will now be used in neutrondb_ipam
driver and because of that it will use Subnet OVO object.
Change-Id: Ie9876064da989842576eeb30804b6a991d4d2937
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
An invalid input would cause a server execption. We now validate
that the body in the tags validation is not None.
TrivialFix
Change-Id: I97a00ee6d2672485334bba757706f107e052b551
Closes-Bug: #1736678
Currently if a new port is created by a tenant with whom
the network is shared (tenant is not the owner but has
network shared via RBAC) , the port is allocated on the default
subnet. This patch allows the tenant to create/update a port on
any subnet which is actually a part of a shared network, owned by
another tenant.
Tempest test in [1]
[1]: https://review.openstack.org/521413
Change-Id: I1046f6b13e68b1e274cc8f62f5b30aa5f8d71cdc
Closes-Bug: #1543756
If a network's RBAC external attribute is deleted, we
should update the router:external attribute to False
if there is no other access_as_external rbac policy on the network.
Tempest API test patch: https://review.openstack.org/#/c/520255/
Change-Id: Ibdbe8a88581e54250259825bbf1c77485fd09f89
Closes-Bug: #1692472
get_subnet method returns subnet dict object so it can be
switched to use _get_subnet_object private method and pass
subnet OVO to _make_subnet_dict()
Change-Id: I61225992a03d17adfd606463e3841f9b0c0c1a2d
Partially-Implements: bp/adopt-oslo-versioned-objects-for-db
When the support of protocol numbers in security groups
was fixed in [1], it introduced two deficiencies in the
iptables code:
- it was missing some protocols, for example, 'icmp', 'tcp'
and 'udp', so when rules were added by number we did not
use their name as iptables expects
- it used a dictionary to map numbers to names, but protocol
numbers are stored as strings (i.e. '1' != 1)
Updated the iptables number mapping dict to have all
currently-known values, even those that are already well-known
and should have been using a string instead of a number.
Also changed the iptables number mapping dict to use
strings as the keys instead of numbers, since that's
what will be passed from the security group code.
Removed IPTABLES_PROTOCOL_MAP as it lives in neutron-lib,
and accidentally snuck-in in [1].
[1] I5895250b47ddf664d214cf085be693c3897e0c87
Change-Id: I6b7575eb531b4f35579960c3feb47000cd259b86
Closes-Bug: 1719711
Prevents the MAC address of the VIP address of an LBaaS or
LBaaSv2 instance from populating in the DVR router ARP table
Change-Id: If49aaa48a5e95ccd0a236db984d3984a6e44c87c
Closes-Bug: 1733852
This essentially reverts commit 12d24abba75ab3b926edbac389437bacc23914dd.
Making the callback _delete_segments_for_network respond to
BEFORE_DELETE network event has created some bugs. In one of them,
it is not possible to delete a routed network, because the segments
cannot be deleted due to the fact that the associated subnets still
exist.
Making _delete_segments_for_network respond to PRECOMMIT_DELETE
introduces a StaleDataError with the standard attributes of the
deleted segments. To work around that, network_db is expired and
read again after notifying the PRECOMMIT_DELETE event in
delete_network in the DB core plug-in.
This also fixes an issue where we could delete the segment ID
of the l3-ha network when deleting a router, leaving all other
routers non-functioning. Moving this to PRECOMMIT_DELETE fixes
it since it is done after we have checked that the network is
not in use and can be deleted.
Closes-Bug: #1697324
Closes-Bug: #1732543
Change-Id: I7c3c4654f183b317647a28d599a538fe460db68f
When we delete vm port with attached QoS policy,
it is just doing nothing if vif_port does not exist.
This is fine for egress bandwidth limit as it is configured
directly on vif_port in OVS.
For ingress bw limit however it uses additional records in
Openvswitch database: qos and queue. Those records are not
cleaned up in such case.
This patch also records port in self.ports in the case of
bandwidth limit rules, just as in the case of dscp rules.
Never execute port clear if vif_port not exists. Finally, ovs
driver can clean such qos and queue records
Change-Id: Iddeb49e1e6538a178ca468df0fdf9e0617ca4f1c
Closes-Bug: #1726732
This patch is adding a CREATE_PRECOMMIT notification for floating ips.
Before it was possible to register a callback for that (no errors) but
the notification would never be sent because the code was simple not in
place.
Closes-Bug: #1736201
Change-Id: If901d4d54118a6343597ab2ad075b6a2399ea62c
Burst value for TCP traffic should be set as 80% of desired bandwidth
limit value. For example, if the bandwidth limit is set to 1000kbps
then enough burst value will be 800kbit. If the configured burst value
is too low, achieved bandwidth limit will be lower than expected.
If the configured burst value is too high, too few packets could
be limited and achieved bandwidth limit would be higher than expected.
So we should recommend a correct example in case that user ignores
the note.
Change-Id: Iefea3ce699c39e217e89dec93a8fe8ea1a90ac82
Currently, when metadata_agent.ini is built, the default value for the
directive metadata_workers is the build host's number of CPU. This is
wrong because metadata_agent.ini cannot be built reproducibly, which is
a bug in many distributions.
See for Debian: https://wiki.debian.org/ReproducibleBuilds/About
This patch therefore uses sample_default oslo.config directive to
hardcode a value put in generated configuration file that would not
depend on build environment.
Change-Id: I7292d09b96f90d0477dd4b59766854a733e1da38
Closes-Bug: #1736114
Oslo.messaging commit: 2d53db6c51c2ac2ccddda210906c1e6418557470
changed topic to be a list.
Change-Id: I24032c91d2f01687009d6e32a972d34b248962c4
Closes-Bug: #1736220
This patch adds additional logging of captured tcpdump output during
dscp mark packets tests.
Change-Id: I1ab5727ea70afbe19d2557b9b5c4d77500658cbc
Related-Bug: #1733649
OVS agent will raise an exception when deleting
multiple vms in bulk. Nova will delete tap when vms are
removed. Then, ovs agent checks ovs_port
by calling "self.get_ovs_port", and the exception will be raised.
The patch will catch exception.
Change-Id: Ief7de22e5f85253d8a25ecfbb139a8f87c1a0b35
Closes-Bug: #1729213
The existing method is to meter outgoing traffic from the entire VM
to a specific "remote_ip_addr"(in case of outbound),
but the method I suggested can meter outgoing traffic
from a particular subnet to external network.
From a metering point of view,
it does not matter which address/CIDR is the destination for outbound.
But, it is important to know where(subnet or VM) the packet leaves from.
That way you can see how much VMs are using the external network.
For outbound metering, dst is 0.0.0.0/0 and src is network of VMs
and for inbound metering, src is 0.0.0.0/0 and dst is network of VMs.
When creating a meter-label-rule, it is correct
to specify src address for "remote_ip_prefix" option for outbound
and specify dst address for inbound.
If you are confused by the term "remote_ip_prefix",
you need to clarify this option.
Change-Id: Ia3f3e26410a73d7b44abae637703fda41c4bc09a
Closes-Bug: #1716913
