12838 Commits

Author SHA1 Message Date
Zuul
c696ef4d68 Merge "Devstack - use Neutron branch for related projects" 2019-05-29 15:18:52 +00:00
Kobi Samoray
2a6ccc98c5 Devstack - use Neutron branch for related projects
Use Neutron's branch while fetching neutron-related projects

Change-Id: I672b18d1dd852a1d616ca5af74e9bf6773d2bb71
2019-05-29 05:32:16 +00:00
Adit Sarfaty
bfb43d2e08 NSX|P: Update tier1 GW and route adv together
When a GW is added or removed, the backend call to update the tier1
connectivity path should be combined with the one to update the
route advertisement.
This will be more efficient, as well as work around a backend issue.

Change-Id: Id90f7ef7ccdef0230c9181f01da3ad056508c6b0
2019-05-28 17:02:27 +00:00
Zuul
e702f7116e Merge "DVS: Add plugin validations" 2019-05-28 10:54:54 +00:00
Zuul
e90f5cf7b8 Merge "NSXT LB: initialize client, server SSL profiles" 2019-05-28 10:43:36 +00:00
Zuul
bff7368734 Merge "NSX|V: prevent the deletion of Lb interface ports" 2019-05-28 09:21:47 +00:00
Zuul
3841b89f51 Merge "TVD: Retry on pluging initialization" 2019-05-28 08:59:48 +00:00
Adit Sarfaty
7ccd2f2e84 NSX|V: prevent the deletion of Lb interface ports
Make sure the user cannot delete those internal lb ports

Change-Id: If2be64b69c43f5ef6814abb3caffdfe554f7a3a1
2019-05-26 16:38:51 +03:00
Adit Sarfaty
1f820c6811 DVS: Add plugin validations
1. Do not allow to enable port-security on a vlan port
2. Do not allow creation of an external network
3. Validate that the physical network exists for portgroup network creation
4. Use default dvs as physical network for vlan netowrk validation

Change-Id: I3b738d2990794f35776859d1fbe509036084ec3a
2019-05-26 13:16:40 +00:00
Zuul
4b3d0e9446 Merge "NSX|V3+P: restrict associate floatingip to router interface/DHCP ports" 2019-05-26 09:37:12 +00:00
Adit Sarfaty
e6a1b694cf TVD: Retry on pluging initialization
Change-Id: I0c6a10a35d333115065c2d7442885f716fc6118f
2019-05-26 11:14:19 +03:00
Zuul
e62f12256d Merge "NSX|V3 Fix dhcp-relay validation" 2019-05-23 08:15:43 +00:00
Zuul
01a3b45da5 Merge "retire the NSX MH plugin" 2019-05-23 06:27:03 +00:00
Zuul
c5db5f7c4c Merge "NSX|V3: Create service router upon LB member creation" 2019-05-23 06:06:10 +00:00
Adit Sarfaty
46363e8d2f NSX|V3+P: restrict associate floatingip to router interface/DHCP ports
Change-Id: I9f79dcb5d12c9eda3e7cfa4b43bfbc6c121491a3
2019-05-23 08:30:24 +03:00
Adit Sarfaty
a5fa0f8a74 Fix broken unit tests
Commit I3f2905c2c4fca02406dfa3c801c166c14389ba41 added some IPv6 unit tests
which the vmware plugins do not support.
This patch skips the new tests.

Change-Id: I89fa1838ed6eed149e04e3e259b9480f1f700c49
2019-05-22 15:51:10 +03:00
Boden R
26135f34ac retire the NSX MH plugin
This patch retires the NSX MH plugin by:
- Deleting the nsx_mh plugin and unit test code.
- Using the NSX-V and V3 plugin test base classes where needed.
- Removing any extensions that are MH specific.

Change-Id: Idf65e44c301e790ca4ea69a6a8735aa0309a0dcc
2019-05-22 09:59:21 +00:00
Adit Sarfaty
4a27a5a6e8 NSX|V3: Create service router upon LB member creation
For a loadbalancer with an external VIP, the service router might need to
be created before attaching the lb service to the router.

Change-Id: I61aba11215e9917053dc80627e6ef7db5ccf08c6
2019-05-22 11:17:14 +03:00
Adit Sarfaty
b5f59ece91 Adding TVD + Policy plugins opts
Change-Id: I3510f8aafdc6694e9fedf3a0a836f403c7b820c2
2019-05-22 09:33:50 +03:00
Adit Sarfaty
f72324d397 NSX|V3 Fix dhcp-relay validation
When DHCP relay is configured, a compute port cannot be created
without a router attached to its subnet.
Due to an error in the validation, all compute ports creation
was blocked.

Change-Id: I6016d7015376c280a36b716f3e478d488988b237
2019-05-22 09:31:11 +03:00
Adit Sarfaty
8681c50144 Update six requirements to 1.11
Change-Id: If935e9e474f69978348cbb42637951ae97c0aff6
2019-05-22 07:38:30 +03:00
Zuul
d97dea7d6a Merge "NSX: Restrict enable-dhcp on update external subnet" 2019-05-21 12:12:47 +00:00
Kobi Samoray
7ebfa76139 NSXT LB: initialize client, server SSL profiles
During first init, the plugin creates client and server SSL profiles.
However, these aren't preserved within the plugin - they'll be retrieved
after the plugin is restarted. Therefore on the initial execution,
creation of HTTPS listeners will fail.

Change-Id: I685e5f7c3589f8e79e99f3a627bd595ba66eff33
2019-05-21 11:12:52 +00:00
Zuul
011f195599 Merge "NSX|V: prevent updating router size" 2019-05-21 10:46:46 +00:00
Adit Sarfaty
420fc333a1 NSX|V: prevent updating router size
Changing router size is allowed only for exclusive routers.
Raise an error for this in case of shared or distributed routers.

Change-Id: I522db0a1a2160550f4a424b5b2939fd43d9b758e
2019-05-19 18:50:13 +00:00
Michal Kelner Mishali
c567af4497 NSX: Restrict enable-dhcp on update external subnet
Adding restriction for enabling dhcp on updating external subnet

Change-Id: I4ae085eaac5461c637edb43888e615cf7bc97ccb
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-05-19 14:43:20 +03:00
Anna Khmelnitsky
9bdbc90be1 NSX|P: Handle update of dhcp port
Since dhcp port is created as neutron port, it is automatically
updated by neutron when subnet is added/deleted. This patch fixes
regular port flows in policy plugin with regard to dhcp port:
dhcp port is non-policy entity for now and should not be considered
backend port on policy level.

Change-Id: I9c0849f6f288cafac37d599e240975acf38b136c
2019-05-19 08:22:39 +00:00
Adit Sarfaty
d753ec6945 Remove neutron-lbaas support & dependencies
Commit Ia4f4b335295c0e6add79fe0db5dd31b4327fdb54 removed all the
neutron-lbaas code from the master (Train) branch

Change-Id: I9035f6238773aad0591436c856550b7a5e01e687
2019-05-19 11:16:45 +03:00
Zuul
8c37986e84 Merge "NSX|V3+P: add context param to is_overlay_network abstract func" 2019-05-16 11:38:16 +00:00
Zuul
451a871b03 Merge "NSX|V: Fix metadata admin utility from missing config" 2019-05-16 11:38:14 +00:00
Zuul
904e93cc76 Merge "NSX|V3+P: Change max allowed host routes" 2019-05-16 10:04:58 +00:00
Michal Kelner Mishali
5454b916fb NSX|V3+P: Change max allowed host routes
Change number of max allowed host routes to 26.
option121 is set as 27, but there's 1 host route set by default.
Fixing test.

Change-Id: I660ee1f710dd84fe3e91122a009d520d0341f261
Signed-off-by: Michal Kelner Mishali <mkelnermishal@vmware.com>
2019-05-16 09:47:27 +03:00
Adit Sarfaty
5b591457c0 NSX|P: Create/delete tier1 locale-service upon router create/delete
The NSX backend needs each logical router to have a locale-service
entry, which should also be deleted before the router is deleted.

Change-Id: If64c1b67c19906105b07c6facedf5d07ac36176d
2019-05-16 05:29:24 +00:00
Zuul
db82bd3c14 Merge "NSXP: parse statistics correctly" 2019-05-14 12:03:59 +00:00
Zuul
14a4ecd861 Merge "NSX|V3: Admin utility for reusing existing default section" 2019-05-14 12:00:25 +00:00
Adit Sarfaty
8f19dd83e3 NSX|V3+P: add context param to is_overlay_network abstract func
The implementations in each plugin already have it.

Change-Id: I0f075b8bb9c6343018bfcb7dac79528200d232d2
2019-05-14 08:29:49 +03:00
Zuul
9ea4a311b9 Merge "NSX|V: check edge existence before updating router admin state" 2019-05-14 02:32:21 +00:00
Zuul
e5a7d3feb5 Merge "NSX|P: Whitelist IPv6 MLD in default FW section" 2019-05-13 15:43:25 +00:00
Kobi Samoray
a18d04ca55 NSXP: parse statistics correctly
Change-Id: Iab48111a4309766dd97340338ff261a57347ade4
2019-05-13 17:39:48 +03:00
Adit Sarfaty
f7ad7929d3 NSX|V: Fix metadata admin utility from missing config
Change-Id: I1887f07426b26c03e4a85b45d97120ab01d35835
2019-05-13 14:43:39 +03:00
Adit Sarfaty
46f921496d NSX|V: check edge existence before updating router admin state
Change-Id: I0b27155f47d33367634bf5e9d3c612e5e522faa1
2019-05-13 11:22:51 +00:00
Adit Sarfaty
c479499f97 NSX|V3: Admin utility for reusing existing default section
To support the case of 2 instalations on teh same NSX backend,
The newer installation should reuse the default Os section & NS group.

Usage:
nsxadmin -r firewall-sections -o reuse

Change-Id: I0e187cea6ffa9ca3cdb6d215530426e611c8ae20
2019-05-13 07:52:47 +03:00
Kobi Samoray
864cf95bf2 NSXP LB: use correct attribute for LB service id
LB service id within list was incorrectly rertieved

Change-Id: I4b77a705c151bd293ff88344769592b0ec97d5aa
2019-05-12 15:08:25 +03:00
Zuul
ab3fd27f15 Merge "NSX|P: Cleanup partial update workaround" 2019-05-12 09:46:45 +00:00
Zuul
68a1137bdb Merge "NSX|P: Validate internal IPAM driver" 2019-05-12 09:45:19 +00:00
Anna Khmelnitsky
0547e1ab00 NSX|P: Whitelist IPv6 MLD in default FW section
Change-Id: I51f3398931cbd612832a9d6fdc8908988f7603f8
2019-05-10 13:34:58 -07:00
Anna Khmelnitsky
0e5c09f455 NSX|P: Validate internal IPAM driver
NSX IPAM driver is not supported so far.

Change-Id: I148139ee1f152b1e878f482e2ce300178a6b5b26
2019-05-09 17:06:38 -07:00
Zuul
606fc011ff Merge "NSXv: Subnet NAT rule configuration" 2019-05-08 19:20:47 +00:00
Zuul
d2bd7fec96 Merge "NSX|V3+P: Fix HTTP response code for cluster down" 2019-05-08 17:19:50 +00:00
Kobi Samoray
fe9e9245bb NSXv: Subnet NAT rule configuration
While configuration flag
bind_floatingip_to_all_interfaces = True

the subnet NAT rule should not apply only to external interface, as it
also serves traffic between instances on the same router.
So if instances A and B are connected via the same router, and instance
A is accessing instance B's FIP, traffic should reach instance B with
the router's NAT IP - unless there's a FIP to instance A as well.

Change-Id: Ib312289bed86f8539f593da4a01f800b65f72ac5
2019-05-08 19:26:07 +03:00