The external network extension's API definition was rehomed into
neutron-lib with I9933b91d1e82db3891b3b72f06e94316e56a4f15. This patch
consumes it, switch over to neutron-lib's modules in prep for
I696b52265b9528082cd2524f05febe2338376488
Change-Id: I338af67ad05827d6a770bebe0600e9d08e37afae
Using a dedicated timeout exception for vcns calls timeout
The exception used before was logged as 'unprintable' since it didn't
include the relevant parameters
Change-Id: I706f3819ecaa180752e7c1926f7ec63510962f3a
Adding a configuration option to prevent DHCP/Router edges sharing between
different tenants.
Also adding admin utilities for upgrade - redistribute the dhcp edges and
router edges if the configuration changed:
nsxadmin -r dhcp-binding -o nsx-redistribute
nsxadmin -r routers -o nsx-redistribute
Change-Id: I0d669c60413172a94ea5fc0beba0035df72c62ac
When adding/removing a port to the exclude list, we check if there
are other ports of the same device there.
this test was done is a wrong way expecting the device owner to be
'compute:none', instead of starting with 'compute'
Change-Id: I5c6ed8f3c5cf0d4ebb63e1a9ec36614fa4c4f15b
Neutron LBaaSv2 should be able to delete a healthmonitor even when
NSX is inconsistent with Neutron DB.
Change-Id: I62c0b34e68dbc4415cc679d30a9316a55525437d
Commit I5ea01a24b4327a6aba0d6270bc5278324972871c added a new unittest
which the md proxy tests cannot support due to having additional
subnets configured.
This patch will skip the new test.
Change-Id: Ib02758fc824e6c397f833481ca02ba559b3b2164
If there is any lb service attach to the router, LB VIP needs to
be advertised on the router. Enable advertise_lb_vip flag when
lb service is attached to the rouer. Disable the flag when lb
service is deleted and detached from the router.
Change-Id: If291d5e9e52959ea0eaf4f75dd6c6505a4f48562
Raise an exception if a port or a network creation/update enables
port security on an ENS transport zone.
Change-Id: Ifbffec35c321d1ccf8c1aa00b4b3ed33140fb218
When FWaaS v1 or v2 are used, there is a need to add FW rules
to allow the dhcp traffic to the relay server.
Those rules are added to the firewall before the default deny rule.
In case of FWaaS v2 - for each port separately.
The admin utility handling a change in the DHCP relay configuration
will now update the rules as well.
Change-Id: I30e666085fe5cdf17d48984518c73f79bf8cdf55
For DHCP relay support, and possibly other features, there is a need to
add specific allow rules to the router firewall between the FWaas v1/v2
rules, and the default drop rule.
This patch set the structure to do that, without actually adding new rules.
In case of FWaaS v2 the additional rules are per router interface.
Change-Id: I63d754495f56ec9081d84dcea6fb688ee1c41dbd
Fix LBaaS pool algorithm to NSXv3 backend mapping based on platform
finalized load balancing algorithm naming.
Change-Id: I91c0b5c09c9bfaf34cd027049b8c2ba8d3efd5c4
Upstream only supports the following the following response code:
- REDIRECT_TO_URL: 302
- REJECT: 403
Change in driver to use these code only.
Also, this patch fixes LB HTTP phase for redirect based on nsxv3
platform enforcement.
Change-Id: I25d0e5e7165200f2f6c56bea848a0318560bca1b
Currently NSXv3 has a limitation that it doesn't support FIP for
loadbalancer VIP. If user creates a floating ip for a port, we
will first check if this port belongs to loadbalancer. If so,
don't add SNAT/DNAT rules for this port.
Also added code to handle update/delete floating ip if the port
is a loadbalancer port.
Change-Id: Idea8aa9b381071678b00c238eba1f127b56968b1
The client certificate unittests should inherit from SqlTestCase.
This may solve some errors we encountered in those tests recently.
Change-Id: If1f3c5bae58c5adc9fc8a78f6b2fded1bfd9294e
1. If the nsx-network is a vlan one, the plugin should not allow
attaching it to a router.
2. If the creation of the network fails, the plugin should try to delete
the dhcp port even though the logical switch will not be deleted,
just like it is done when delete-network is performed.
3. The neutron network id is initialized early if the network is to be
created on the nsx backend.
For nsx-network it is not the case, so the create_network method should
take the id from the neutron created-network instead of the net_data.
Change-Id: I9a31641c1838c3762241d2c668634f18d19b0adc
When failing to create internal network or subnet, the mdproxy
handler should raise an error, or else it will fail when returning
None.
Change-Id: I09e7eb13d9c76f9f3faa6a7ef50d6d8432225bd2
When something fails during the init_complete process, the plugins
md_proxy data is not fully initialized, so it is possible that even the default
handler was not set yet.
This patch ensures that the relevant md-proxy handler exists before using it.
Change-Id: I1db84c0abc30d8ea3d601f26b5b852a254a6036c
1. add relay service only if the subnet is with dhcp
2. do not add native dhcp if dhcp relay is configured for this subnet
3. do not allow router creation with dhcp relay and without IPAM
4. do not allow creation of VM port from a network with dhcp relay and
without a router.
Change-Id: I05fa71f69ded69ea58a4e4df0a1f20c963cb3fc5
NSXv3 backend just changed lb rule match_type from PATTERN to
REGEX. Change in our vmware-nsx to refect that.
Change-Id: I72416b49a25d25179dccf97e238dea078eabdff0
neutron-lib contains the neutron.common.constants.
This patch switches references over to use the lib version of them.
Change-Id: I0354c84bd85e20ff4ea7ba392bf9ebfc2e7ac70e
NSXv3 platform changed API of LB service statistics which results
in exception of LBaaS loadbalancer stats. This patch fixes stats
based on the latest platform change.
Note that multiple LBaaS loadbalancers may share the same LB service
on NSXv3 backend. Only statistics belong to this loadbalancer
should be returned.
Change-Id: I097b42d55b178d153f142aa7de3675655ec373fb
Closes-Bug: #1718062