-
Notifications
You must be signed in to change notification settings - Fork 9
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
openstack-neutron: 2014.2-32.eayunstack.dev
Signed-off-by: Hunt Xu <[email protected]>
- Loading branch information
Hunt Xu
committed
May 8, 2017
1 parent
3262773
commit 4314792
Showing
8 changed files
with
341 additions
and
1 deletion.
There are no files selected for viewing
29 changes: 29 additions & 0 deletions
29
packaging/openstack-neutron/0098-Enable-ES-port-metering-on-all-sg-enabled-ports.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| From 9703f20001559049153be54bdae656d082e54661 Mon Sep 17 00:00:00 2001 | ||
| From: Hunt Xu <[email protected]> | ||
| Date: Fri, 28 Apr 2017 09:45:47 +0800 | ||
| Subject: [PATCH] Enable ES port metering on all sg-enabled ports | ||
|
|
||
| Fixes: redmine #9968 | ||
|
|
||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/agent/linux/iptables_firewall.py | 3 --- | ||
| 1 file changed, 3 deletions(-) | ||
|
|
||
| diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py | ||
| index b0bfb208a..8297fdf14 100644 | ||
| --- a/neutron/agent/linux/iptables_firewall.py | ||
| +++ b/neutron/agent/linux/iptables_firewall.py | ||
| @@ -179,9 +179,6 @@ class IptablesFirewallDriver(firewall.FirewallDriver): | ||
| return port['device'] | ||
|
|
||
| def _setup_metering_chains(self, port, direction, chain_name): | ||
| - if not port['device_owner'].startswith('compute:'): | ||
| - # Only meter instances' ports | ||
| - return chain_name | ||
| # Only support IPv4 | ||
| chains = self._metering_chain_names(port, direction) | ||
| for m_chain_name in chains: | ||
| -- | ||
| 2.12.2 | ||
|
|
46 changes: 46 additions & 0 deletions
46
packaging/openstack-neutron/0099-Configuration-option-for-whether-to-use-ES-port-mete.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| From 211de1c34cc858394a9bc0a6ac77b1891bf86f86 Mon Sep 17 00:00:00 2001 | ||
| From: Hunt Xu <[email protected]> | ||
| Date: Fri, 28 Apr 2017 11:24:21 +0800 | ||
| Subject: [PATCH] Configuration option for whether to use ES port metering | ||
|
|
||
| Fixes: redmine #9970 | ||
|
|
||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/agent/linux/iptables_firewall.py | 2 ++ | ||
| neutron/agent/securitygroups_rpc.py | 6 +++++- | ||
| 2 files changed, 7 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py | ||
| index 8297fdf14..a6254d88d 100644 | ||
| --- a/neutron/agent/linux/iptables_firewall.py | ||
| +++ b/neutron/agent/linux/iptables_firewall.py | ||
| @@ -179,6 +179,8 @@ class IptablesFirewallDriver(firewall.FirewallDriver): | ||
| return port['device'] | ||
|
|
||
| def _setup_metering_chains(self, port, direction, chain_name): | ||
| + if not cfg.CONF.SECURITYGROUP.enable_es_port_metering: | ||
| + return chain_name | ||
| # Only support IPv4 | ||
| chains = self._metering_chain_names(port, direction) | ||
| for m_chain_name in chains: | ||
| diff --git a/neutron/agent/securitygroups_rpc.py b/neutron/agent/securitygroups_rpc.py | ||
| index 892011ab2..53f35d54b 100644 | ||
| --- a/neutron/agent/securitygroups_rpc.py | ||
| +++ b/neutron/agent/securitygroups_rpc.py | ||
| @@ -48,7 +48,11 @@ security_group_opts = [ | ||
| '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16', # RFC 1918 | ||
| '169.254.0.0/16' # RFC 3927 | ||
| ], | ||
| - help=_('IP addresses that should be recognized as private.')) | ||
| + help=_('IP addresses that should be recognized as private.')), | ||
| + cfg.BoolOpt( | ||
| + 'enable_es_port_metering', | ||
| + default=False, | ||
| + help=_('Whether to enable extra iptables rules for port metering.')), | ||
| ] | ||
| cfg.CONF.register_opts(security_group_opts, 'SECURITYGROUP') | ||
|
|
||
| -- | ||
| 2.12.2 | ||
|
|
29 changes: 29 additions & 0 deletions
29
packaging/openstack-neutron/0100-Fix-enable-update-l7policy-value-attribute.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| From 8f351075ad1f143d6201fc5059a3cd10d2de73f9 Mon Sep 17 00:00:00 2001 | ||
| From: "cheng.tang" <[email protected]> | ||
| Date: Wed, 3 May 2017 16:19:23 +0800 | ||
| Subject: [PATCH] Fix enable update l7policy value attribute | ||
|
|
||
| Fixes: redmine #9989 | ||
|
|
||
| Signed-off-by: cheng.tang <[email protected]> | ||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/extensions/loadbalancer_l7.py | 2 +- | ||
| 1 file changed, 1 insertion(+), 1 deletion(-) | ||
|
|
||
| diff --git a/neutron/extensions/loadbalancer_l7.py b/neutron/extensions/loadbalancer_l7.py | ||
| index f3d369a18..7f92c9d0b 100644 | ||
| --- a/neutron/extensions/loadbalancer_l7.py | ||
| +++ b/neutron/extensions/loadbalancer_l7.py | ||
| @@ -95,7 +95,7 @@ RESOURCE_ATTRIBUTE_MAP = { | ||
| 'key': {'allow_post': True, 'allow_put': False, | ||
| 'validate': {'type:string_or_none': None}, | ||
| 'default': None, 'is_visible': True}, | ||
| - 'value': {'allow_post': True, 'allow_put': False, | ||
| + 'value': {'allow_post': True, 'allow_put': True, | ||
| 'validate': {'type:string_or_none': None}, | ||
| 'default': None, 'is_visible': True}, | ||
| 'admin_state_up': {'allow_post': True, 'allow_put': True, | ||
| -- | ||
| 2.12.2 | ||
|
|
45 changes: 45 additions & 0 deletions
45
packaging/openstack-neutron/0101-l3_db-update-GatewayInUseByFloatingIp-check.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| From 7df501d0af9055a8904433f6a18015f3d9837102 Mon Sep 17 00:00:00 2001 | ||
| From: Hunt Xu <[email protected]> | ||
| Date: Wed, 3 May 2017 18:38:17 +0800 | ||
| Subject: [PATCH] l3_db: update GatewayInUseByFloatingIp check | ||
|
|
||
| With EayunStack floatingip mechanism, floatingip no longer depend on | ||
| router gateway. | ||
|
|
||
| As with EayunStack floatingip mechanism, the floatingip port will be set | ||
| up on hosts and thus its status will be ACTIVE. So we do the filter | ||
| using these ports' statuses to identify whether a router gateway is | ||
| actually in use by any floatingip. | ||
|
|
||
| Fixes: redmine #9990 | ||
|
|
||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/db/l3_db.py | 10 ++++++++-- | ||
| 1 file changed, 8 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/neutron/db/l3_db.py b/neutron/db/l3_db.py | ||
| index f535ac90e..d5ccc1d91 100644 | ||
| --- a/neutron/db/l3_db.py | ||
| +++ b/neutron/db/l3_db.py | ||
| @@ -342,9 +342,14 @@ class L3_NAT_dbonly_mixin(l3.RouterPluginBase): | ||
| if not port_requires_deletion: | ||
| return | ||
| admin_ctx = context.elevated() | ||
| - | ||
| - if self.get_floatingips_count( | ||
| - admin_ctx, {'router_id': [router_id]}): | ||
| + fip_qry = context.session.query(FloatingIP) | ||
| + fip_qry = fip_qry.join( | ||
| + models_v2.Port, | ||
| + FloatingIP.floating_port_id == models_v2.Port.id) | ||
| + fip_qry = fip_qry.filter( | ||
| + models_v2.Port.status == l3_constants.PORT_STATUS_DOWN, | ||
| + FloatingIP.router_id == router_id) | ||
| + if fip_qry.all(): | ||
| raise l3.RouterExternalGatewayInUseByFloatingIp( | ||
| router_id=router_id, net_id=router.gw_port['network_id']) | ||
| with context.session.begin(subtransactions=True): | ||
| -- | ||
| 2.12.2 | ||
|
|
44 changes: 44 additions & 0 deletions
44
packaging/openstack-neutron/0102-Fix-fip-port-qos-namespace-selection-in-sync_qos.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| From c62b21be60a80a57475323433aa4060ba1aad5d8 Mon Sep 17 00:00:00 2001 | ||
| From: Hunt Xu <[email protected]> | ||
| Date: Fri, 5 May 2017 18:07:51 +0800 | ||
| Subject: [PATCH] Fix fip port qos namespace selection in sync_qos | ||
|
|
||
| Fixes: redmine #10008 | ||
|
|
||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/db/qos/qos_db.py | 11 +++++++---- | ||
| 1 file changed, 7 insertions(+), 4 deletions(-) | ||
|
|
||
| diff --git a/neutron/db/qos/qos_db.py b/neutron/db/qos/qos_db.py | ||
| index d3c463f5d..b3a465ccb 100644 | ||
| --- a/neutron/db/qos/qos_db.py | ||
| +++ b/neutron/db/qos/qos_db.py | ||
| @@ -25,6 +25,7 @@ from neutron.db import common_db_mixin as base_db | ||
| from neutron.db import l3_agentschedulers_db as l3_agent_db | ||
| from neutron.db import l3_db | ||
| from neutron.extensions import agent as ext_agent | ||
| +from neutron.extensions import l3 as ext_l3 | ||
| from neutron.extensions import qos as ext_qos | ||
| from neutron.openstack.common import uuidutils | ||
| from neutron.openstack.common import log as logging | ||
| @@ -821,10 +822,12 @@ class QosPluginRpcDbMixin(object): | ||
| namespace = 'qrouter-' + qos.router_id | ||
| elif qos.port_id: | ||
| if self._is_owner_floatingip(qos.port.device_owner): | ||
| - fips = self._l3_plugin.get_floatingips( | ||
| - context, filters={'port_id': qos.port_id}) | ||
| - if fips: | ||
| - namespace = 'qrouter-' + fips[0]['router_id'] | ||
| + try: | ||
| + fip = self._l3_plugin.get_floatingip( | ||
| + context, qos.port.device_id) | ||
| + except ext_l3.FloatingIPNotFound: | ||
| + continue | ||
| + namespace = 'qrouter-' + fip['router_id'] | ||
| else: | ||
| namespace = '_root' | ||
|
|
||
| -- | ||
| 2.12.2 | ||
|
|
90 changes: 90 additions & 0 deletions
90
packaging/openstack-neutron/0103-ES-fip-setup-ip-rule-for-floatingip-itself.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| From 59faba8b196cb3d70033ad4f24ee565be7d369c4 Mon Sep 17 00:00:00 2001 | ||
| From: Hunt Xu <[email protected]> | ||
| Date: Wed, 3 May 2017 12:33:12 +0800 | ||
| Subject: [PATCH] ES fip: setup ip rule for floatingip itself | ||
|
|
||
| Floatingip needs to respond to arp requests, thus a specific ip rule is | ||
| needed for rp_filter to be passed even though the router is not | ||
| connected to the external network. | ||
|
|
||
| Before this commit, we set rp_filter to 1. However that is insufficient | ||
| because when the router is not connected to external, rp_filter will | ||
| still fail. | ||
|
|
||
| As a result of this change, we can now use RFC3074 strict mode reverse | ||
| path filtering because packets using the floatingip as its source will | ||
| now lookup the route table for that floatingip. This brings some | ||
| security improvements. Also, sending gratuitous arp packets upon | ||
| floatingip set up is no longer required. | ||
|
|
||
| Fixes: redmine #9982 | ||
|
|
||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/agent/l3_agent.py | 22 ++++++++++++---------- | ||
| 1 file changed, 12 insertions(+), 10 deletions(-) | ||
|
|
||
| diff --git a/neutron/agent/l3_agent.py b/neutron/agent/l3_agent.py | ||
| index 413dbbd51..86d87735e 100644 | ||
| --- a/neutron/agent/l3_agent.py | ||
| +++ b/neutron/agent/l3_agent.py | ||
| @@ -731,9 +731,9 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, | ||
| # interfaces on the same subnet | ||
| ip_wrapper.netns.execute(['sysctl', '-w', | ||
| 'net.ipv4.conf.default.arp_ignore=1']) | ||
| - # RFC3704 Loose Reverse Path | ||
| + # RFC3704 Strict Reverse Path | ||
| ip_wrapper.netns.execute(['sysctl', '-w', | ||
| - 'net.ipv4.conf.default.rp_filter=2']) | ||
| + 'net.ipv4.conf.default.rp_filter=1']) | ||
|
|
||
| def _create_router_namespace(self, ri): | ||
| self._create_namespace(ri.ns_name) | ||
| @@ -1236,17 +1236,19 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, | ||
|
|
||
| return fip_statuses | ||
|
|
||
| - def _es_process_ip_rules(self, ri, fixed_addrs): | ||
| + def _es_process_ip_rules(self, ri, fip_map): | ||
| ns_ipr = ip_lib.IpRule(self.root_helper, namespace=ri.ns_name) | ||
| existing_ips = ns_ipr.list_from_rules() | ||
| + fixed_ips = fip_map.keys() | ||
| + floating_ips = fip_map.values() | ||
|
|
||
| - for ip in existing_ips - fixed_addrs: | ||
| - table = netaddr.IPNetwork(ip).value | ||
| - ns_ipr.delete_rule_from(ip, table) | ||
| + for ip in existing_ips - set(fixed_ips + floating_ips): | ||
| + ns_ipr.delete_rule_from(ip, None) | ||
|
|
||
| - for ip in fixed_addrs - existing_ips: | ||
| + for ip in set(fixed_ips) - existing_ips: | ||
| table = netaddr.IPNetwork(ip).value | ||
| ns_ipr.add_rule_from(ip, table) | ||
| + ns_ipr.add_rule_from(fip_map[ip], table) | ||
|
|
||
| def _es_add_floating_ip(self, ri, fip): | ||
| addr_added = False | ||
| @@ -1295,8 +1297,6 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, | ||
| device.route.add_gateway(ex_gateway, table=table) | ||
| # Don't touch the main table | ||
| device.route.delete_onlink_route(fip_subnet) | ||
| - self._send_gratuitous_arp_packet( | ||
| - ri.ns_name, interface_name, fip['floating_ip_address']) | ||
|
|
||
| ri.es_fips_dict[fip['id']] = fip | ||
|
|
||
| @@ -1325,7 +1325,9 @@ class L3NATAgent(firewall_l3_agent.FWaaSL3AgentRpcCallback, | ||
| floating_ips = ri.router.get(l3_constants.FLOATINGIP_KEY, []) | ||
|
|
||
| self._es_process_ip_rules( | ||
| - ri, set([fip['fixed_ip_address'] for fip in floating_ips])) | ||
| + ri, { | ||
| + fip['fixed_ip_address']: fip['floating_ip_address'] | ||
| + for fip in floating_ips}) | ||
|
|
||
| for fip in floating_ips: | ||
| fip_statuses[fip['id']] = self._es_add_floating_ip(ri, fip) | ||
| -- | ||
| 2.12.2 | ||
|
|
34 changes: 34 additions & 0 deletions
34
packaging/openstack-neutron/0104-Fix-error-when-update-l7policy-with-pool_id-None.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| From 16f54067865ce61bb42046597403514623d8e120 Mon Sep 17 00:00:00 2001 | ||
| From: "cheng.tang" <[email protected]> | ||
| Date: Thu, 4 May 2017 18:18:07 +0800 | ||
| Subject: [PATCH] Fix error when update l7policy with pool_id None | ||
|
|
||
| Fixes: redmine #9998 | ||
|
|
||
| Signed-off-by: cheng.tang <[email protected]> | ||
| Signed-off-by: Hunt Xu <[email protected]> | ||
| --- | ||
| neutron/services/loadbalancer/plugin.py | 7 ++++--- | ||
| 1 file changed, 4 insertions(+), 3 deletions(-) | ||
|
|
||
| diff --git a/neutron/services/loadbalancer/plugin.py b/neutron/services/loadbalancer/plugin.py | ||
| index bc994e14a..a6bdbfd2b 100644 | ||
| --- a/neutron/services/loadbalancer/plugin.py | ||
| +++ b/neutron/services/loadbalancer/plugin.py | ||
| @@ -377,9 +377,10 @@ class LoadBalancerPlugin(ldb.LoadBalancerPluginDb, | ||
| old_l7policy = self.get_l7policy(context, id) | ||
| update_l7policy = super(LoadBalancerPlugin, self).update_l7policy( | ||
| context, id, l7policy) | ||
| - if update_l7policy['pool_id'] or old_l7policy['pool_id']: | ||
| - driver = self._get_driver_for_pool(context, | ||
| - update_l7policy['pool_id']) | ||
| + | ||
| + pool_id = update_l7policy['pool_id'] or old_l7policy['pool_id'] | ||
| + if pool_id: | ||
| + driver = self._get_driver_for_pool(context, pool_id) | ||
| driver.update_l7policy(context, old_l7policy, update_l7policy) | ||
| return update_l7policy | ||
|
|
||
| -- | ||
| 2.12.2 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -4,7 +4,7 @@ | |
|
|
||
| Name: openstack-neutron | ||
| Version: 2014.2 | ||
| Release: 31%{?dist_eayunstack} | ||
| Release: 32%{?dist_eayunstack} | ||
| Provides: openstack-quantum = %{version}-%{release} | ||
| Obsoletes: openstack-quantum < 2013.2-0.4.b3 | ||
| Summary: OpenStack Networking Service | ||
|
|
@@ -140,6 +140,13 @@ Patch0094: 0094-Enable-egress-qos-to-be-set-on-floatingip-ports.patch | |
| Patch0095: 0095-Add-extra-action-for-lb-session-persistence.patch | ||
| Patch0096: 0096-iptables_firewall-minor-fix-for-_setup_metering_chai.patch | ||
| Patch0097: 0097-Validate-http_method-and-url_path-for-lbaas-health-m.patch | ||
| Patch0098: 0098-Enable-ES-port-metering-on-all-sg-enabled-ports.patch | ||
| Patch0099: 0099-Configuration-option-for-whether-to-use-ES-port-mete.patch | ||
| Patch0100: 0100-Fix-enable-update-l7policy-value-attribute.patch | ||
| Patch0101: 0101-l3_db-update-GatewayInUseByFloatingIp-check.patch | ||
| Patch0102: 0102-Fix-fip-port-qos-namespace-selection-in-sync_qos.patch | ||
| Patch0103: 0103-ES-fip-setup-ip-rule-for-floatingip-itself.patch | ||
| Patch0104: 0104-Fix-error-when-update-l7policy-with-pool_id-None.patch | ||
|
|
||
|
|
||
| BuildArch: noarch | ||
|
|
@@ -715,6 +722,13 @@ IPSec. | |
| %patch0095 -p1 | ||
| %patch0096 -p1 | ||
| %patch0097 -p1 | ||
| %patch0098 -p1 | ||
| %patch0099 -p1 | ||
| %patch0100 -p1 | ||
| %patch0101 -p1 | ||
| %patch0102 -p1 | ||
| %patch0103 -p1 | ||
| %patch0104 -p1 | ||
|
|
||
| find neutron -name \*.py -exec sed -i '/\/usr\/bin\/env python/{d;q}' {} + | ||
|
|
||
|
|
@@ -1176,6 +1190,15 @@ exit 0 | |
|
|
||
|
|
||
| %changelog | ||
| * Mon May 08 2017 Xu Meihong <[email protected]> 2014.2-32.eayunstack.dev | ||
| - add patch 0098 from github pull request #86 (redmine#9968) | ||
| - add patch 0099 from github pull request #87 (redmine#9970) | ||
| - add patch 0100 from github pull request #90 (redmine#9989) | ||
| - add patch 0101 from github pull request #89 (redmine#9990) | ||
| - add patch 0102 from neutron-qos github pull request #25 (redmine#10008) | ||
| - add patch 0103 from github pull request #88 (redmine#9982) | ||
| - add patch 0104 from github pull request #91 (redmine#9998) | ||
|
|
||
| * Wed Apr 26 2017 Xu Meihong <[email protected]> 2014.2-31.eayunstack.dev | ||
| - add patch 0095 from github pull request #82 (redmine#9667) | ||
| - add patch 0096 from github pull request #83 (redmine#9154) | ||
|
|
||