neutron

Prevent the attachment of a subnet to a router

Bug #1537091 reported by Mathieu Rohon
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Wishlist
Mathieu Rohon
neutron newton-rc2 "rc2"

Bug Description

Some external plugins might need to prevent the attachment of a subnet to a router, like reported in bug [1]

Now that [2] has been fixed, we can prevent this attachment by adding a new BEFORE_UPDATE callback in ML2, which will be triggered when the router port gets updated by the l3plugin.
Raising an exception during the processing of the BEFORE_UPDATE call should result in preventing the attachment of the subnet to the router.

[1]https://bugs.launchpad.net/bgpvpn/+bug/1537067
[2]https://bugs.launchpad.net/bgpvpn/+bug/1475093

Mathieu Rohon (mathieu-rohon)
tags: added: rfe
summary: - Send a BEFORE_UPDATE callback for port updates
+ Prevent the attachment of a subnet to a router
linwei,wu (wlwwu)
Changed in neutron:
assignee: nobody → linwei,wu (wlwwu)
Miguel Lavalle (minsel)
Changed in neutron:
importance: Undecided → Wishlist
Carl Baldwin (carl-baldwin)
Changed in neutron:
status: New → Confirmed
Carl Baldwin (carl-baldwin)
tags: added: l3-ipam-dhcp
Revision history for this message
Armando Migliaccio (armando-migliaccio) wrote :

If all you need is a callback hook, this does not need an RFE. Hooks are generally accepted as a way to integrate loosely the various components that make up Neutron. We only need to make sure we add it in the right place. Feel free to proceed as a regular bug fix.

tags: removed: rfe
linwei,wu (wlwwu)
Changed in neutron:
assignee: linwei,wu (wlwwu) → nobody
Mathieu Rohon (mathieu-rohon)
Changed in neutron:
assignee: nobody → Mathieu Rohon (mathieu-rohon)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/369221

Changed in neutron:
status: Confirmed → In Progress
Ihar Hrachyshka (ihar-hrachyshka)
Changed in neutron:
milestone: none → newton-rc1
Armando Migliaccio (armando-migliaccio)
Changed in neutron:
milestone: newton-rc1 → ocata-1
Armando Migliaccio (armando-migliaccio)
tags: added: newton-rc-potential
Revision history for this message
Mathieu Rohon (mathieu-rohon) wrote :

This patch is needed to fix a high priority bug in networking-bgpvpn :

https://bugs.launchpad.net/bgpvpn/+bug/1537067

The code seems ready and not disturbing, I hope it will get merged in a RC!

Armando Migliaccio (armando-migliaccio)
Changed in neutron:
milestone: ocata-1 → newton-rc2
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/369221
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=71dd840d30130afad37d8c1f404d7167a2063a8d
Submitter: Jenkins
Branch: master

commit 71dd840d30130afad37d8c1f404d7167a2063a8d
Author: Mathieu Rohon <email address hidden>
Date: Mon Sep 12 07:58:00 2016 +0000

    Send a callback before attaching a subnet to a router

    Attaching a subnet to a router may be forbidden in some cases.
    To prevent this attachment, we need to send a BEFORE_CREATE event
    with "router_interface" as resource, and reraise any exception
    that tells neutron a third party code forbid this attachment.

    Change-Id: Ia71e0c5e9e3e073053ead7e1e7c3040087f5ee13
    Closes-bug: 1537091

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/377090

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/newton)

Reviewed: https://review.openstack.org/377090
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=27e6ba09327c429e5c2ccb90d0d0169bed75a450
Submitter: Jenkins
Branch: stable/newton

commit 27e6ba09327c429e5c2ccb90d0d0169bed75a450
Author: Mathieu Rohon <email address hidden>
Date: Mon Sep 12 07:58:00 2016 +0000

    Send a callback before attaching a subnet to a router

    Attaching a subnet to a router may be forbidden in some cases.
    To prevent this attachment, we need to send a BEFORE_CREATE event
    with "router_interface" as resource, and reraise any exception
    that tells neutron a third party code forbid this attachment.

    Change-Id: Ia71e0c5e9e3e073053ead7e1e7c3040087f5ee13
    Closes-bug: 1537091
    (cherry picked from commit 71dd840d30130afad37d8c1f404d7167a2063a8d)

tags: added: in-stable-newton
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 9.0.0.0rc2

This issue was fixed in the openstack/neutron 9.0.0.0rc2 release candidate.

Ihar Hrachyshka (ihar-hrachyshka)
tags: removed: newton-rc-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 10.0.0.0b1

This issue was fixed in the openstack/neutron 10.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.