Setting a fixed IP on the LB port should be avoided,
restricting and sending a message to the user.
Change-Id: I90567591e269b356af03d1abe854c08829e8d954
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
Fix bug in checking for using allowed-address-pairs
on a LBAAS port
Change-Id: Ie4f80c3bea7c9e4779b979e41cbb8530ce91803c
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
allowed-address-pairs is not supported on LB port
Change-Id: I7588a14b94886e25354a900c4fc0b77cf5e03154
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
refactor the validation code for network & port create & update operations
and moce those to the common plugin code.
This will be used later by the policy plugin code.
Change-Id: Ia461851022a20f07cb50d05dc73cc37f48752164
The NSX|V3 will support a direct vnic types for VLAN/FLAT networks, without
portsecurity.
This this case the port VIF type will be DVS, and the network segmentation ID
will be added to the VIF details.
Change-Id: I4c40485c35c2804465240302023e667fc4642664
When deleting a DHCP port while disabling subnet-dhcp, the plugin
should ignore the port deletion failure only if it was caused by port not founb
Change-Id: Ibbdf315cf0e23666ab58853de4fb7d26e71a21c6
While lising the neutron ports to seach for mismatches, the NSX plugin
should be used so all the attributes are populated.
Change-Id: I2ffa8204d8c1c419b8c7b9066f5e7b29fb1bc71a
The NSX plugin does not support minimum BW rules.
This patch fails validation to prevent the creation of such rules.
Change-Id: I293dd5b6c659855bb939912370d72cdfd228a338
During plugin init the default firewall section is created.
If it already exists, it will be updated, which causes race condition
in case of multiple controllers.
There is no need to update the default section during init, unless the
nsx.ini configuration changed, in which case admin utility should be used
to update the section: nsxadmin -r firewall-sections -o nsx-update
In addition, catch exceptions when creating the section, as there also might
be a race condition there.
Change-Id: I19b238a561af95e856d9dae32764ce4d484df767
The new stable upper-constraints file is only available
after the openstack/requirements repository is branched.
This will happen around the RC1 timeframe.
Recheck and merge this change once the requirements
repository has been branched.
The CI system will work with this patch before the requirements
repository is branched because zuul configues the job to run
with a local copy of the file and defaults to the master branch.
However, accepting the patch will break the test configuration
on developers' local systems, so please wait until after the
requirements repository is branched to merge the patch.
Change-Id: I7ae697a8023c76ec352616b269150633acdea119
The MAC learning flag is saved in the DB and displayed only if it
was set by the user, or by the plugin (in case of ENS support).
If the value was unset - it is not added to the DB, and not displayed.
This patch fixes 2 issues with this logic:
1. Make sure False value is also saved in the DB
2. Make sure False value is also returned in show port command
Change-Id: Ifb167c192bf5001ac7415d32be5a382782a44708
For the fire cell anti affinity to work as designed, there is a need to use different
groups & rules per host group, since those hostgroups can be different for differnet
availability zones
Change-Id: I092f5c228489a3a0d73f060380f1a1a6c526fb00
(cherry picked from commit cda47aa304121281920ec120e4d0cca9ae6ea657)
The VPNaaS plugin expects the driver to update the connection status
from a separate process/thread/agent.
When the user requests a connection/list, the status is retrived from the VPNaaS DB,
without calling the driver.
To avoid adding a process to actively query and update all connections statuses, this
patch creates a new VPNaaS plugin, to be used instead of hte default one.
This plugin (vmware_nsx_vpnaas) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Change-Id: Ib750bfb8f0c8ad12265fa71506182ff5d7e8030a
The LBaaS V2 plugin expects the driver to update the LB objects operating
status from a separate process/thread.
When the user requests the LB status (or just the LB object itself with GET),
the operating status is retrived from the LBaaS DB, without calling the driver.
To avoid adding a process to actively query and update all objects statuses,
this patch creates a new LBaaSV2 plugin, to be used instead of the default one.
This plugin (vmware_nsx_lbaasv2) will issue a get-statuses call to the driver,
update the current statuses in the DB, and call the original plugin.
Depends-on: I71a56b87144aad743795ad1295ec636b17429035
Change-Id: I3c4e75d92a1bacdb14292a8db727deb4923a85d9
When the network or port has qos-poliy-id, the plugin needs to
validate this ID is real and accessable for this project.
Until now this was done only when setting the policy id in teh network/port
mapping table, which just ignored errors.
This patch adds the validation early in the create/update process.
Change-Id: If8ad0ce844cbf4706793a45f8698031b5eaf7e3d
When the network or port has qos-poliy-id, the plugin needs to
validate this ID is real and accessable for this project.
Until now this was done only when setting the policy id in teh network/port
mapping table, which just ignored errors.
This patch adds the validation early in the create/update process.
Change-Id: If8ad0ce844cbf4706793a45f8698031b5eaf7e3d
For the fire cell anti affinity to work as designed, there is a need to use different
groups & rules per host group, since those hostgroups can be different for differnet
availability zones
Change-Id: I092f5c228489a3a0d73f060380f1a1a6c526fb00
When updating a port, the original port used in notifications should
have the port binding fields, or else some services (like FWaaS)
might fail.
Change-Id: I3a0d66b2741504903c9df92fcdd8520765d73f9d