neutron

add explicit check for 'external-network' in L3

Bug #1042030 reported by dan wendlandt on 2012-08-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	High	Salvatore Orlando	neutron 2012.2 "folsom"

Bug Description

The existing L3 API has a notion of an 'external network', which is a network from which floating-ips can be allocated, as well as to which routers can be "uplinked' for access to the outside world.

However, we do not yet have a way to explicitly mark a network as external.

I have a branch that does this internally, but it will overlap/conflict with rkukura's provider networks branch, so I'm waiting until that branch is merged to complete this bug.

dan wendlandt (danwent) on 2012-08-27

Changed in quantum:
status:	New → In Progress
importance:	Undecided → High
assignee:	nobody → dan wendlandt (danwent)
milestone:	none → folsom-rc1

dan wendlandt (danwent) on 2012-08-27

summary:

- add explicit notion of 'external-network' for L3
+ add explicit check for 'external-network' in L3

Revision history for this message

dan wendlandt (danwent) wrote on 2012-08-31:

Note: these external networks should also not allow DHCP to be enabled.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-02: Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/12298

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-05:

Fix proposed to branch: master
Review: https://review.openstack.org/12389

Changed in quantum:
assignee:	dan wendlandt (danwent) → Salvatore Orlando (salvatore-orlando)

Salvatore Orlando (salvatore-orlando) on 2012-09-05

Changed in quantum:
assignee:	Salvatore Orlando (salvatore-orlando) → dan wendlandt (danwent)

OpenStack Infra (hudson-openstack) on 2012-09-05

Changed in quantum:
assignee:	dan wendlandt (danwent) → Salvatore Orlando (salvatore-orlando)

OpenStack Infra (hudson-openstack) on 2012-09-06

Changed in quantum:
assignee:	Salvatore Orlando (salvatore-orlando) → dan wendlandt (danwent)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-06: Fix merged to quantum (master)

Reviewed: https://review.openstack.org/12298
Committed: http://github.com/openstack/quantum/commit/75e2dfffaf02dd8f1b85b510e58d2f3719d97f19
Submitter: Jenkins
Branch: master

commit 75e2dfffaf02dd8f1b85b510e58d2f3719d97f19
Author: Dan Wendlandt <email address hidden>
Date: Wed Sep 5 22:43:22 2012 -0700

Make sure floating IPs + gateways must be on external nets

bug #1042030

    - adds admin-writable, world-readable router:external attribute to
    the network object if L3 extension is loaded.
    - prevents floating ips from being created unless network is external
    - shortens L3 extensions alias from 'os-quantum-router' to 'router' to
    make attribute extensions more readable.

    WIP:
    - Need to add policy logic so non-admin users can always see external
    networks without requiring that these networks are shared (since VMs can
    always create ports on shared networks, but provider may want to have
    externals networks that VMs cannot directly plug into.

    Random clean-up:
    - prevent delete_network in plugins from implying it returns something
    - modify extensions.py so that exceptions during calls to
    get_extended_resources() will actually be logged if unexpected.
    - unset executable bit on test_iptables_manager.py to make sure tox
    actually runs it.

Change-Id: I5bbf063927b93458da7cb467d9ad5c92ebabbbf7

Changed in quantum:
status:	In Progress → Fix Committed

OpenStack Infra (hudson-openstack) on 2012-09-07

Changed in quantum:
assignee:	dan wendlandt (danwent) → Salvatore Orlando (salvatore-orlando)
status:	Fix Committed → In Progress

Revision history for this message

Thierry Carrez (ttx) wrote on 2012-09-07:

Is this fixed or more is coming up ?

Revision history for this message

Salvatore Orlando (salvatore-orlando) wrote on 2012-09-07:

Thierry,

I apologise for the state of this bug changing from commited to "in progress".
The fix was divided in two patches, one from Dan and one from me. When Dan's patch went it, it changed to commited.
Now it's back to "in progress", as I've updated the other patch, which should be hopefully merged soon.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2012-09-09:

Reviewed: https://review.openstack.org/12389
Committed: http://github.com/openstack/quantum/commit/a7326a947bc0b30778e06acd772dd38bcb28d96d
Submitter: Jenkins
Branch: master

commit a7326a947bc0b30778e06acd772dd38bcb28d96d
Author: Salvatore Orlando <email address hidden>
Date: Mon Sep 3 14:17:20 2012 -0700

Policies for external networks

Bug #1042030 , part 2

Also reworks model queries in order to allow plugins and extensions
to augment them as required through hooks.

Change-Id: Ice72fc6d3b1c613d596c037818ed66d7e9ed841d

Changed in quantum:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2012-09-12

Changed in quantum:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2012-09-27

Changed in quantum:
milestone:	folsom-rc1 → 2012.2

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.