packages/openstack-neutron
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:d0b3cfbb37d9043af1b65e106285a8fa21961c67
Branches Tags
packages:main
...
compare: packages:5fb4e7964f39f3d8b374eeeaf7e8a38c3be083d9
Branches Tags
packages:main

10 Commits
d0b3cfbb37 ... 5fb4e7964f

Author SHA1 Message Date
openeuler-ci-bot
5fb4e7964f
!56 Fix CVE-2024-53916:Fix the tagging policy engine 
From: @Accessac 
Reviewed-by: @tzing_t 
Signed-off-by: @tzing_t
 2025-02-07 06:19:02 +00:00
wangjing
3a4a46e596 fix CVE-2024-53916:Fix the tagging policy engine 2024-11-29 06:57:16 +00:00
openeuler-ci-bot
29dd3205db
!45 Add distributed traffic feature support 
From: @A_L_I_E_Z 
Reviewed-by: @han-guangyu 
Signed-off-by: @han-guangyu
 2023-11-01 02:34:20 +00:00
wangkuntian
784a5b2e38 Add distributed traffic feature 2023-10-27 10:50:02 +08:00
openeuler-ci-bot
d5795208be !20 【轻量级 PR】:fix install issue 
From: @zhangy1317
Reviewed-by: @xiyuanwang
Signed-off-by: @xiyuanwang
 2021-11-25 07:00:14 +00:00
zhangy1317
7bc577dfb0 fix install issue 2021-11-24 08:42:28 +00:00
openeuler-ci-bot
200a4a5e70 !19 [sync] PR-18: Train support 
From: @openeuler-sync-bot
Reviewed-by: @xiyuanwang
Signed-off-by: @xiyuanwang
 2021-11-12 07:43:35 +00:00
wangxiyuan
dfc5b77940 Train support 
(cherry picked from commit d5f5701480a5fccad90de587574778746a609cfc)
 2021-11-12 15:40:29 +08:00
openeuler-ci-bot
52a5ca6417 !16 【轻量级 PR】:【轻量级 PR】:Add conntrack-tools to linuxbride Requires 
From: @xiyuanwang
Reviewed-by: @huangtianhua
Signed-off-by: @huangtianhua
 2021-09-13 06:17:31 +00:00
王玺源
a71cee7eaf Add conntrack-tools to linuxbride Requires 2021-09-09 02:22:53 +00:00
5 changed files with 3168 additions and 177 deletions
Show Stats Expand all files Collapse all files

2583
0001-add-distributed-traffic-feature-support.patch Normal file
View File

File diff suppressed because it is too large Load Diff

451
CVE-2024-53916-Fix-the-tagging-policy-engine.patch Normal file
View File

@ -0,0 +1,451 @@
diff --git a/neutron/extensions/tagging.py b/neutron/extensions/tagging.py
index b65978e..8ffd8a6 100644
--- a/neutron/extensions/tagging.py
+++ b/neutron/extensions/tagging.py
@@ -12,6 +12,9 @@
# under the License.
import abc
+import collections
+import functools
+import itertools
from neutron_lib.api import extensions as api_extensions
from neutron_lib.api import faults
@@ -28,6 +31,16 @@ from neutron.api import extensions
from neutron.api.v2 import resource as api_resource
from neutron.db import standard_attr
+from neutron.objects import network as network_obj
+from neutron.objects import network_segment_range as network_segment_range_obj
+from neutron.objects import ports as ports_obj
+from neutron.objects.qos import policy as policy_obj
+from neutron.objects import router as router_obj
+from neutron.objects import securitygroup as securitygroup_obj
+from neutron.objects import subnet as subnet_obj
+from neutron.objects import subnetpool as subnetpool_obj
+from neutron.objects import trunk as trunk_obj
+from neutron import policy
TAG = 'tag'
TAGS = TAG + 's'
@@ -49,6 +62,33 @@ TAG_ATTRIBUTE_MAP = {
'is_visible': False, 'is_filter': True},
}
+PARENTS = {
+ 'floatingips': router_obj.FloatingIP,
+ 'network_segment_ranges': network_segment_range_obj.NetworkSegmentRange,
+ 'networks': network_obj.Network,
+ 'policies': policy_obj.QosPolicy,
+ 'ports': ports_obj.Port,
+ 'routers': router_obj.Router,
+ 'security_groups': securitygroup_obj.SecurityGroup,
+ 'subnets': ('networks', subnet_obj.Subnet),
+ 'subnetpools': subnetpool_obj.SubnetPool,
+ 'trunks': trunk_obj.Trunk,
+}
+ResourceInfo = collections.namedtuple(
+ 'ResourceInfo', ['project_id',
+ 'parent_type',
+ 'parent_id',
+ 'upper_parent_type',
+ 'upper_parent_id',
+ ])
+EMPTY_RESOURCE_INFO = ResourceInfo(None, None, None, None, None)
+
+def _policy_init(f):
+ @functools.wraps(f)
+ def func(self, *args, **kwargs):
+ policy.init()
+ return f(self, *args, **kwargs)
+ return func
class TagResourceNotFound(exceptions.NotFound):
message = _("Resource %(resource)s %(resource_id)s could not be found.")
@@ -88,75 +128,161 @@ class TaggingController(object):
self.plugin = directory.get_plugin(TAG_PLUGIN_TYPE)
self.supported_resources = TAG_SUPPORTED_RESOURCES
+ def _get_target(self, res_info):
+ target = {'id': res_info.parent_id,
+ 'tenant_id': res_info.project_id,
+ 'project_id': res_info.project_id}
+ if res_info.upper_parent_type:
+ res_id = (self.supported_resources[res_info.upper_parent_type] +
+ '_id')
+ target[res_id] = res_info.upper_parent_id
+ return target
+
+ def _get_resource_info(self, context, kwargs):
+ """Return the tag parent resource information
+
+ Some parent resources, like the subnets, depend on other upper parent
+ resources (networks). In that case, it is needed to provide the upper
+ parent resource information.
+
+ :param kwargs: dictionary with the parent resource ID, along with other
+ information not needed. It is formated as
+ {"resource_id": "id", ...}
+ :return: ``ResourceInfo`` named tuple with the parent and upper parent
+ information and the project ID (of the parent or upper
+ parent).
+ """
+ for key, parent_type in itertools.product(
+ kwargs.keys(), self.supported_resources.keys()):
+ if key != self.supported_resources[parent_type] + '_id':
+ continue
+
+ parent_id = kwargs[key]
+ parent_obj = PARENTS[parent_type]
+ if isinstance(parent_obj, tuple):
+ upper_parent_type = parent_obj[0]
+ parent_obj = parent_obj[1]
+ res_id = (self.supported_resources[upper_parent_type] +
+ '_id')
+ upper_parent_id = parent_obj.get_values(
+ context.elevated(), res_id, id=parent_id)[0]
+ else:
+ upper_parent_type = upper_parent_id = None
+
+ try:
+ project_id = parent_obj.get_values(
+ context.elevated(), 'project_id', id=parent_id)[0]
+ except IndexError:
+ return EMPTY_RESOURCE_INFO
+
+ return ResourceInfo(project_id, parent_type, parent_id,
+ upper_parent_type, upper_parent_id)
+
+ # This should never be returned.
+ return EMPTY_RESOURCE_INFO
+
def _get_parent_resource_and_id(self, kwargs):
for key in kwargs:
for resource in self.supported_resources:
if key == self.supported_resources[resource] + '_id':
return resource, kwargs[key]
return None, None
-
+ @_policy_init
def index(self, request, **kwargs):
- # GET /v2.0/networks/{network_id}/tags
- parent, parent_id = self._get_parent_resource_and_id(kwargs)
- return self.plugin.get_tags(request.context, parent, parent_id)
-
+ # GET /v2.0/{parent_resource}/{parent_resource_id}/tags
+ ctx = request.context
+ rinfo = self._get_resource_info(ctx, kwargs)
+ target = self._get_target(rinfo)
+ policy.enforce(ctx, 'get_{}_{}'.format(rinfo.parent_type, TAGS),
+ target)
+ return self.plugin.get_tags(ctx, rinfo.parent_type, rinfo.parent_id)
+
+ @_policy_init
def show(self, request, id, **kwargs):
- # GET /v2.0/networks/{network_id}/tags/{tag}
+ # GET /v2.0/{parent_resource}/{parent_resource_id}/tags/{tag}
# id == tag
validate_tag(id)
- parent, parent_id = self._get_parent_resource_and_id(kwargs)
- return self.plugin.get_tag(request.context, parent, parent_id, id)
-
+ ctx = request.context
+ rinfo = self._get_resource_info(ctx, kwargs)
+ target = self._get_target(rinfo)
+ policy.enforce(ctx, 'get_{}_{}'.format(rinfo.parent_type, TAGS),
+ target)
+ return self.plugin.get_tag(ctx, rinfo.parent_type, rinfo.parent_id, id)
+
+ @_policy_init
def create(self, request, **kwargs):
# not supported
# POST /v2.0/networks/{network_id}/tags
raise webob.exc.HTTPNotFound("not supported")
+ @_policy_init
def update(self, request, id, **kwargs):
- # PUT /v2.0/networks/{network_id}/tags/{tag}
+ # PUT /v2.0/{parent_resource}/{parent_resource_id}/tags/{tag}
# id == tag
validate_tag(id)
- parent, parent_id = self._get_parent_resource_and_id(kwargs)
- notify_tag_action(request.context, 'create.start',
- parent, parent_id, [id])
- result = self.plugin.update_tag(request.context, parent, parent_id, id)
- notify_tag_action(request.context, 'create.end',
- parent, parent_id, [id])
+ ctx = request.context
+ rinfo = self._get_resource_info(ctx, kwargs)
+ target = self._get_target(rinfo)
+ policy.enforce(ctx, 'update_{}_{}'.format(rinfo.parent_type, TAGS),
+ target)
+ notify_tag_action(ctx, 'create.start', rinfo.parent_type,
+ rinfo.parent_id, [id])
+ result = self.plugin.update_tag(ctx, rinfo.parent_type,
+ rinfo.parent_id, id)
+ notify_tag_action(ctx, 'create.end', rinfo.parent_type,
+ rinfo.parent_id, [id])
return result
+ @_policy_init
def update_all(self, request, body, **kwargs):
- # PUT /v2.0/networks/{network_id}/tags
+ # PUT /v2.0/{parent_resource}/{parent_resource_id}/tags
# body: {"tags": ["aaa", "bbb"]}
validate_tags(body)
- parent, parent_id = self._get_parent_resource_and_id(kwargs)
- notify_tag_action(request.context, 'update.start',
- parent, parent_id, body['tags'])
- result = self.plugin.update_tags(request.context, parent,
- parent_id, body)
- notify_tag_action(request.context, 'update.end',
- parent, parent_id, body['tags'])
+ ctx = request.context
+ rinfo = self._get_resource_info(ctx, kwargs)
+ target = self._get_target(rinfo)
+ policy.enforce(ctx, 'update_{}_{}'.format(rinfo.parent_type, TAGS),
+ target)
+ notify_tag_action(ctx, 'update.start', rinfo.parent_type,
+ rinfo.parent_id, body['tags'])
+ result = self.plugin.update_tags(ctx, rinfo.parent_type,
+ rinfo.parent_id, body)
+ notify_tag_action(ctx, 'update.end', rinfo.parent_type,
+ rinfo.parent_id, body['tags'])
return result
+ @_policy_init
def delete(self, request, id, **kwargs):
- # DELETE /v2.0/networks/{network_id}/tags/{tag}
+ # DELETE /v2.0/{parent_resource}/{parent_resource_id}/tags/{tag}
# id == tag
validate_tag(id)
- parent, parent_id = self._get_parent_resource_and_id(kwargs)
- notify_tag_action(request.context, 'delete.start',
- parent, parent_id, [id])
- result = self.plugin.delete_tag(request.context, parent, parent_id, id)
- notify_tag_action(request.context, 'delete.end',
- parent, parent_id, [id])
+ ctx = request.context
+ rinfo = self._get_resource_info(ctx, kwargs)
+ target = self._get_target(rinfo)
+ policy.enforce(ctx, 'delete_{}_{}'.format(rinfo.parent_type, TAGS),
+ target)
+ notify_tag_action(ctx, 'delete.start', rinfo.parent_type,
+ rinfo.parent_id, [id])
+ result = self.plugin.delete_tag(ctx, rinfo.parent_type,
+ rinfo.parent_id, id)
+ notify_tag_action(ctx, 'delete.end', rinfo.parent_type,
+ rinfo.parent_id, [id])
return result
+ @_policy_init
def delete_all(self, request, **kwargs):
- # DELETE /v2.0/networks/{network_id}/tags
- parent, parent_id = self._get_parent_resource_and_id(kwargs)
- notify_tag_action(request.context, 'delete_all.start',
- parent, parent_id)
- result = self.plugin.delete_tags(request.context, parent, parent_id)
- notify_tag_action(request.context, 'delete_all.end',
- parent, parent_id)
+ # DELETE /v2.0/{parent_resource}/{parent_resource_id}/tags
+ ctx = request.context
+ rinfo = self._get_resource_info(ctx, kwargs)
+ target = self._get_target(rinfo)
+ policy.enforce(ctx, 'delete_{}_{}'.format(rinfo.parent_type, TAGS),
+ target)
+ notify_tag_action(ctx, 'delete_all.start', rinfo.parent_type,
+ rinfo.parent_id)
+ result = self.plugin.delete_tags(ctx, rinfo.parent_type,
+ rinfo.parent_id)
+ notify_tag_action(ctx, 'delete_all.end', rinfo.parent_type,
+ rinfo.parent_id)
return result
diff --git a/neutron/tests/unit/extensions/test_tagging.py b/neutron/tests/unit/extensions/test_tagging.py
new file mode 100644
index 0000000..d9eea32
--- /dev/null
+++ b/neutron/tests/unit/extensions/test_tagging.py
@@ -0,0 +1,179 @@
+# Copyright 2024 Red Hat, Inc.
+# All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+import netaddr
+from neutron_lib import constants as n_const
+from neutron_lib import context
+from neutron_lib.utils import net as net_utils
+from oslo_utils import uuidutils
+
+from neutron.extensions import tagging
+from neutron.objects import network as network_obj
+from neutron.objects import network_segment_range as network_segment_range_obj
+from neutron.objects import ports as ports_obj
+from neutron.objects.qos import policy as policy_obj
+from neutron.objects import router as router_obj
+from neutron.objects import securitygroup as securitygroup_obj
+from neutron.objects import subnet as subnet_obj
+from neutron.objects import subnetpool as subnetpool_obj
+from neutron.objects import trunk as trunk_obj
+from neutron.tests.unit import testlib_api
+
+
+class TaggingControllerDbTestCase(testlib_api.WebTestCase):
+ def setUp(self):
+ super().setUp()
+ self.user_id = uuidutils.generate_uuid()
+ self.project_id = uuidutils.generate_uuid()
+ self.ctx = context.Context(user_id=self.user_id,
+ tenant_id=self.project_id,
+ is_admin=False)
+ self.tc = tagging.TaggingController()
+
+ def test_all_parents_have_a_reference(self):
+ tc_supported_resources = set(self.tc.supported_resources.keys())
+ parent_resources = set(tagging.PARENTS.keys())
+ self.assertEqual(tc_supported_resources, parent_resources)
+
+ def _check_resource_info(self, parent_id, parent_type,
+ upper_parent_id=None, upper_parent_type=None):
+ p_id = self.tc.supported_resources[parent_type] + '_id'
+ res = self.tc._get_resource_info(self.ctx, {p_id: parent_id})
+ reference = tagging.ResourceInfo(
+ self.project_id, parent_type, parent_id,
+ upper_parent_type, upper_parent_id)
+ self.assertEqual(reference, res)
+
+ def test__get_resource_info_floatingips(self):
+ ext_net_id = uuidutils.generate_uuid()
+ fip_port_id = uuidutils.generate_uuid()
+ fip_id = uuidutils.generate_uuid()
+ network_obj.Network(
+ self.ctx, id=ext_net_id, project_id=self.project_id).create()
+ network_obj.ExternalNetwork(
+ self.ctx, project_id=self.project_id,
+ network_id=ext_net_id).create()
+ mac_str = next(net_utils.random_mac_generator(
+ ['ca', 'fe', 'ca', 'fe']))
+ mac = netaddr.EUI(mac_str)
+ ports_obj.Port(
+ self.ctx, id=fip_port_id, project_id=self.project_id,
+ mac_address=mac, network_id=ext_net_id, admin_state_up=True,
+ status='UP', device_id='', device_owner='').create()
+ ip_address = netaddr.IPAddress('1.2.3.4')
+ router_obj.FloatingIP(
+ self.ctx, id=fip_id, project_id=self.project_id,
+ floating_network_id=ext_net_id, floating_port_id=fip_port_id,
+ floating_ip_address=ip_address).create()
+ self._check_resource_info(fip_id, 'floatingips')
+
+ def test__get_resource_info_network_segment_ranges(self):
+ srange_id = uuidutils.generate_uuid()
+ network_segment_range_obj.NetworkSegmentRange(
+ self.ctx, id=srange_id, project_id=self.project_id,
+ shared=False, network_type=n_const.TYPE_GENEVE).create()
+ self._check_resource_info(srange_id, 'network_segment_ranges')
+
+ def test__get_resource_info_networks(self):
+ net_id = uuidutils.generate_uuid()
+ network_obj.Network(
+ self.ctx, id=net_id, project_id=self.project_id).create()
+ self._check_resource_info(net_id, 'networks')
+
+ def test__get_resource_info_policies(self):
+ qos_id = uuidutils.generate_uuid()
+ policy_obj.QosPolicy(
+ self.ctx, id=qos_id, project_id=self.project_id).create()
+ self._check_resource_info(qos_id, 'policies')
+
+ def test__get_resource_info_ports(self):
+ net_id = uuidutils.generate_uuid()
+ port_id = uuidutils.generate_uuid()
+ network_obj.Network(
+ self.ctx, id=net_id, project_id=self.project_id).create()
+ mac_str = next(net_utils.random_mac_generator(
+ ['ca', 'fe', 'ca', 'fe']))
+ mac = netaddr.EUI(mac_str)
+ ports_obj.Port(
+ self.ctx, id=port_id, project_id=self.project_id,
+ mac_address=mac, network_id=net_id, admin_state_up=True,
+ status='UP', device_id='', device_owner='').create()
+ self._check_resource_info(port_id, 'ports')
+
+ def test__get_resource_info_routers(self):
+ router_id = uuidutils.generate_uuid()
+ router_obj.Router(
+ self.ctx, id=router_id, project_id=self.project_id).create()
+ self._check_resource_info(router_id, 'routers')
+
+ def test__get_resource_info_security_groups(self):
+ sg_id = uuidutils.generate_uuid()
+ securitygroup_obj.SecurityGroup(
+ self.ctx, id=sg_id, project_id=self.project_id,
+ is_default=True).create()
+ self._check_resource_info(sg_id, 'security_groups')
+
+ def test__get_resource_info_subnets(self):
+ net_id = uuidutils.generate_uuid()
+ subnet_id = uuidutils.generate_uuid()
+ network_obj.Network(
+ self.ctx, id=net_id, project_id=self.project_id).create()
+ cidr = netaddr.IPNetwork('1.2.3.0/24')
+ subnet_obj.Subnet(
+ self.ctx, id=subnet_id, project_id=self.project_id,
+ ip_version=n_const.IP_VERSION_4, cidr=cidr,
+ network_id=net_id).create()
+ self._check_resource_info(subnet_id, 'subnets',
+ upper_parent_id=net_id,
+ upper_parent_type='networks')
+
+ def test__get_resource_info_subnetpools(self):
+ sp_id = uuidutils.generate_uuid()
+ subnetpool_obj.SubnetPool(
+ self.ctx, id=sp_id, project_id=self.project_id,
+ ip_version=n_const.IP_VERSION_4, default_prefixlen=26,
+ min_prefixlen=28, max_prefixlen=26).create()
+ self._check_resource_info(sp_id, 'subnetpools')
+
+ def test__get_resource_info_trunks(self):
+ trunk_id = uuidutils.generate_uuid()
+ net_id = uuidutils.generate_uuid()
+ port_id = uuidutils.generate_uuid()
+ network_obj.Network(
+ self.ctx, id=net_id, project_id=self.project_id).create()
+ mac_str = next(net_utils.random_mac_generator(
+ ['ca', 'fe', 'ca', 'fe']))
+ mac = netaddr.EUI(mac_str)
+ ports_obj.Port(
+ self.ctx, id=port_id, project_id=self.project_id,
+ mac_address=mac, network_id=net_id, admin_state_up=True,
+ status='UP', device_id='', device_owner='').create()
+ trunk_obj.Trunk(
+ self.ctx, id=trunk_id, project_id=self.project_id,
+ port_id=port_id).create()
+ self._check_resource_info(trunk_id, 'trunks')
+
+ def test__get_resource_info_parent_not_present(self):
+ missing_id = uuidutils.generate_uuid()
+ p_id = self.tc.supported_resources['trunks'] + '_id'
+ res = self.tc._get_resource_info(self.ctx, {p_id: missing_id})
+ self.assertEqual(tagging.EMPTY_RESOURCE_INFO, res)
+
+ def test__get_resource_info_wrong_resource(self):
+ missing_id = uuidutils.generate_uuid()
+ res = self.tc._get_resource_info(self.ctx,
+ {'wrong_resource_id': missing_id})
+ self.assertEqual(tagging.EMPTY_RESOURCE_INFO, res)
\ No newline at end of file

BIN
neutron-18.1.0.tar.gz → neutron-15.3.4.tar.gz
View File

Binary file not shown.

18
neutron-ovn-metadata-agent.service
View File

@ -1,18 +0,0 @@
[Unit]
Description=OpenStack Neutron OVN Metadata Agent
After=syslog.target network.target openvswitch.service
Requires=openvswitch.service
[Service]
Type=simple
User=neutron
PermissionsStartOnly=true
ExecStart=/usr/bin/neutron-ovn-metadata-agent --config-file /etc/neutron/neutron_ovn_metadata_agent.ini --config-dir /etc/neutron/conf.d/neutron-ovn-metadata-agent --log-file /var/log/neutron/neutron-ovn-metadata-agent.log
PrivateTmp=false
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
# (TODO) - Backwards compatibility in systemd service
Alias=networking-ovn-metadata-agent

293
openstack-neutron.spec
View File

@ -1,3 +1,15 @@
%define gitPatch() \
cd %1; \
git init && git config user.name "openstack-plugin" && git config user.email "openstack-plugin"; \
git add . && git commit -m "openstack-plugin init"; \
git apply --check %2 || exit 1 && git apply %2; \
git add . && git commit -m "openstack-plugin patch"
%define gitUnPatch() \
cd %1;\
git reset --hard HEAD~;\
rm -rf %1/.git
%{!?upstream_version: %global upstream_version %{version}%{?milestone}} %{!?upstream_version: %global upstream_version %{version}%{?milestone}}
%global service neutron %global service neutron
@ -17,8 +29,8 @@ Neutron API supports extensions to provide advanced network \
capabilities (e.g., QoS, ACLs, network monitoring, etc.) capabilities (e.g., QoS, ACLs, network monitoring, etc.)
Name: openstack-%{service} Name: openstack-%{service}
Version: 18.1.0 Version: 15.3.4
Release: 1 Release: 4
Summary: OpenStack Networking Service Summary: OpenStack Networking Service
License: ASL 2.0 License: ASL 2.0
@ -51,7 +63,8 @@ Source34: neutron-l2-agent-sysctl.conf
# essentially because .modules files are shell scripts. # essentially because .modules files are shell scripts.
Source35: neutron-l2-agent.modules Source35: neutron-l2-agent.modules
Source36: neutron-destroy-patch-ports.service Source36: neutron-destroy-patch-ports.service
Source37: neutron-ovn-metadata-agent.service Source37: 0001-add-distributed-traffic-feature-support.patch
Patch01: CVE-2024-53916-Fix-the-tagging-policy-engine.patch
# Required for tarball sources verification # Required for tarball sources verification
BuildArch: noarch BuildArch: noarch
@ -60,7 +73,7 @@ BuildRequires: git-core
BuildRequires: openstack-macros BuildRequires: openstack-macros
BuildRequires: python3-devel BuildRequires: python3-devel
BuildRequires: python3-babel BuildRequires: python3-babel
BuildRequires: python3-keystoneauth1 >= 3.14.0 BuildRequires: python3-keystoneauth1
BuildRequires: python3-keystonemiddleware BuildRequires: python3-keystonemiddleware
BuildRequires: python3-neutron-lib BuildRequires: python3-neutron-lib
BuildRequires: python3-novaclient BuildRequires: python3-novaclient
@ -76,13 +89,13 @@ BuildRequires: python3-oslo-rootwrap
BuildRequires: python3-oslo-service BuildRequires: python3-oslo-service
BuildRequires: python3-oslo-upgradecheck BuildRequires: python3-oslo-upgradecheck
BuildRequires: python3-oslo-versionedobjects BuildRequires: python3-oslo-versionedobjects
BuildRequires: python3-osprofiler >= 1.3.0 BuildRequires: python3-osprofiler
BuildRequires: python3-ovsdbapp BuildRequires: python3-ovsdbapp
BuildRequires: python3-pbr >= 4.0.0 BuildRequires: python3-pbr
BuildRequires: python3-psutil >= 3.2.2 BuildRequires: python3-psutil
BuildRequires: python3-pyroute2 >= 0.5.13 BuildRequires: python3-pyroute2
BuildRequires: python3-pecan >= 1.3.2 BuildRequires: python3-pecan
BuildRequires: python3-tenacity >= 4.4.0 BuildRequires: python3-tenacity
BuildRequires: python3-os-vif BuildRequires: python3-os-vif
BuildRequires: systemd BuildRequires: systemd
@ -91,8 +104,8 @@ Requires: openstack-%{service}-common = %{version}-%{release}
# dnsmasq is not a hard requirement, but is currently the only option # dnsmasq is not a hard requirement, but is currently the only option
# when neutron-dhcp-agent is deployed. # when neutron-dhcp-agent is deployed.
Requires: dnsmasq >= 2.76 Requires: dnsmasq
Requires: dnsmasq-utils >= 2.76 Requires: dnsmasq-utils
# radvd is not a hard requirement, but is currently the only option # radvd is not a hard requirement, but is currently the only option
# for IPv6 deployments. # for IPv6 deployments.
@ -111,7 +124,7 @@ Requires: conntrack-tools
Requires: keepalived Requires: keepalived
# haproxy implements metadata proxy process # haproxy implements metadata proxy process
Requires: haproxy >= 1.5.0 Requires: haproxy
# Those are not hard requirements, ipset is used by ipset-cleanup in the subpackage, # Those are not hard requirements, ipset is used by ipset-cleanup in the subpackage,
# iptables is used by the l3-agent which currently is not in a separate package, # iptables is used by the l3-agent which currently is not in a separate package,
@ -136,63 +149,62 @@ Requires: iproute-tc
%package -n python3-%{service} %package -n python3-%{service}
Summary: Neutron Python libraries Summary: Neutron Python libraries
%{?python_provide:%python_provide python3-%{service}} %{?python_provide:%python_provide python3-%{service}}
Requires: python3-alembic >= 0.9.6 Requires: python3-alembic
Requires: python3-debtcollector >= 1.19.0 Requires: python3-debtcollector
Requires: python3-designateclient >= 2.7.0 Requires: python3-designateclient
Requires: python3-eventlet >= 0.22.1 Requires: python3-eventlet
Requires: python3-greenlet >= 0.4.10 Requires: python3-greenlet
Requires: python3-futurist >= 1.2.0 Requires: python3-futurist
Requires: python3-jinja2 >= 2.10 Requires: python3-jinja2
Requires: python3-keystoneauth1 >= 3.14.0 Requires: python3-keystoneauth1
Requires: python3-keystonemiddleware >= 5.1.0 Requires: python3-keystonemiddleware
Requires: python3-netaddr >= 0.7.18 Requires: python3-netaddr
Requires: python3-neutronclient >= 6.7.0 Requires: python3-neutronclient
Requires: python3-neutron-lib >= 2.9.0 Requires: python3-neutron-lib
Requires: python3-novaclient >= 9.1.0 Requires: python3-novaclient
Requires: python3-os-vif >= 1.15.1 Requires: python3-os-vif
Requires: python3-oslo-cache >= 1.26.0 Requires: python3-oslo-cache
Requires: python3-oslo-concurrency >= 3.26.0 Requires: python3-oslo-concurrency
Requires: python3-oslo-config >= 8.0.0 Requires: python3-oslo-config
Requires: python3-oslo-context >= 2.22.0 Requires: python3-oslo-context
Requires: python3-oslo-db >= 4.44.0 Requires: python3-oslo-db
Requires: python3-oslo-i18n >= 3.20.0 Requires: python3-oslo-i18n
Requires: python3-oslo-log >= 4.3.0 Requires: python3-oslo-log
Requires: python3-oslo-messaging >= 7.0.0 Requires: python3-oslo-messaging
Requires: python3-oslo-middleware >= 3.31.0 Requires: python3-oslo-middleware
Requires: python3-oslo-policy >= 3.6.2 Requires: python3-oslo-policy
Requires: python3-oslo-privsep >= 2.3.0 Requires: python3-oslo-privsep
Requires: python3-oslo-reports >= 1.18.0 Requires: python3-oslo-reports
Requires: python3-oslo-rootwrap >= 5.8.0 Requires: python3-oslo-rootwrap
Requires: python3-oslo-serialization >= 2.25.0 Requires: python3-oslo-serialization
Requires: python3-oslo-service >= 1.31.0 Requires: python3-oslo-service
Requires: python3-oslo-upgradecheck >= 1.3.0 Requires: python3-oslo-upgradecheck
Requires: python3-oslo-utils >= 4.5.0 Requires: python3-oslo-utils
Requires: python3-oslo-versionedobjects >= 1.35.1 Requires: python3-oslo-versionedobjects
Requires: python3-osprofiler >= 2.3.0 Requires: python3-osprofiler
Requires: python3-ovsdbapp >= 1.7.0 Requires: python3-ovsdbapp
Requires: python3-pecan >= 1.3.2 Requires: python3-pecan
Requires: python3-pbr >= 4.0.0 Requires: python3-pbr
Requires: python3-psutil >= 5.3.0 Requires: python3-psutil
Requires: python3-pyroute2 >= 0.5.13 Requires: python3-pyroute2
Requires: python3-requests >= 2.18.0 Requires: python3-requests
Requires: python3-tenacity >= 6.0.0 Requires: python3-tenacity
Requires: python3-routes >= 2.3.1 Requires: python3-routes
Requires: python3-os-ken >= 0.3.0 Requires: python3-os-ken
Requires: python3-sqlalchemy >= 1.2.0 Requires: python3-sqlalchemy
Requires: python3-stevedore >= 1.20.0 Requires: python3-stevedore
Requires: python3-tooz >= 1.58.0 Requires: python3-tooz
Requires: python3-webob >= 1.8.2 Requires: python3-webob
Requires: python3-openstacksdk >= 0.31.2 Requires: python3-openstacksdk
Requires: python3-pyOpenSSL >= 17.1.0 Requires: python3-pyOpenSSL
Requires: python3-packaging >= 20.4 Requires: python3-packaging
Requires: python3-httplib2 >= 0.9.1 Requires: python3-httplib2
Requires: python3-netifaces >= 0.10.4 Requires: python3-netifaces
Requires: python3-paste >= 2.0.2 Requires: python3-paste
Requires: python3-paste-deploy >= 1.5.0 Requires: python3-paste-deploy
Requires: python3-decorator >= 3.4.0 Requires: python3-decorator
Requires: python3-os-xenapi
Provides: python3-networking-ovn = %{version}-%{release}
%description -n python3-%{service} %description -n python3-%{service}
@ -205,20 +217,20 @@ This package contains the Neutron Python library.
Summary: Neutron tests Summary: Neutron tests
%{?python_provide:%python_provide python3-%{service}-tests} %{?python_provide:%python_provide python3-%{service}-tests}
Requires: python3-%{service} = %{version}-%{release} Requires: python3-%{service} = %{version}-%{release}
Requires: python3-ddt >= 1.0.1 Requires: python3-ddt
Requires: python3-fixtures >= 3.0.0 Requires: python3-fixtures
Requires: python3-mock >= 2.0 Requires: python3-mock
Requires: python3-subunit >= 0.0.18 Requires: python3-subunit
Requires: python3-testrepository >= 0.0.18 Requires: python3-testrepository
Requires: python3-testtools >= 1.4.0 Requires: python3-testtools
Requires: python3-testresources >= 0.2.4 Requires: python3-testresources
Requires: python3-testscenarios >= 0.4 Requires: python3-testscenarios
Requires: python3-oslotest >= 1.10.0 Requires: python3-oslotest
Requires: python3-os-testr >= 0.7.0 Requires: python3-os-testr
Requires: python3-PyMySQL >= 0.6.2 Requires: python3-PyMySQL
Requires: python3-tempest >= 12.1.0 Requires: python3-tempest
Requires: python3-webtest >= 2.0 Requires: python3-webtest
# pstree is used during functional testing to ensure our internal # pstree is used during functional testing to ensure our internal
@ -254,6 +266,7 @@ Requires: ebtables
Requires: ipset Requires: ipset
Requires: iproute Requires: iproute
Requires: iptables Requires: iptables
Requires: conntrack-tools
# kmod is needed to get access to /usr/sbin/modprobe needed by # kmod is needed to get access to /usr/sbin/modprobe needed by
# neutron-enable-bridge-firewall.sh triggered by the service unit file # neutron-enable-bridge-firewall.sh triggered by the service unit file
Requires: kmod Requires: kmod
@ -306,7 +319,7 @@ Requires: openstack-%{service}-common = %{version}-%{release}
Requires: ipset Requires: ipset
Requires: iptables Requires: iptables
Requires: openvswitch Requires: openvswitch
Requires: python3-openvswitch >= 2.10.0 Requires: python3-openvswitch
# kmod is needed to get access to /usr/sbin/modprobe needed by # kmod is needed to get access to /usr/sbin/modprobe needed by
# neutron-enable-bridge-firewall.sh triggered by the service unit file # neutron-enable-bridge-firewall.sh triggered by the service unit file
Requires: kmod Requires: kmod
@ -355,35 +368,18 @@ Requires: openstack-%{service}-common = %{version}-%{release}
This package contains the Neutron agent to support advanced features of This package contains the Neutron agent to support advanced features of
SR-IOV network cards. SR-IOV network cards.
%package distributed-traffic
Summary: The plug-in package of openstack-neutron for router gateway portforwarding feature
Requires: git
Requires: python3-crudini
Requires: openstack-neutron
%package ovn-metadata-agent %description distributed-traffic
Summary: OVN metadata agent The plug-in package of openstack-neutron for router gateway portforwarding feature
BuildRequires: systemd
Requires: python3-%{service} = %{version}-%{release}
Requires: openvswitch >= 2.10.0
Provides: python3-networking-ovn-metadata-agent = %{version}-%{release}
%{?systemd_requires}
%description ovn-metadata-agent
OVN provides virtual networking for Open vSwitch and is a component of the
Open vSwitch project.
This package contains the agent that implements the metadata proxy so that VM's
can retrieve metadata from OpenStack Nova.
%package ovn-migration-tool
Summary: networking-ovn ML2/OVS to OVN migration tool
Requires: python3-%{service} = %{version}-%{release}
Provides: python3-networking-ovn-migration-tool = %{version}-%{release}
%description ovn-migration-tool
This package provides the necessary tools to update an existing ML2/OVS
OpenStack to OVN based backend.
%prep %prep
%autosetup -n %{service}-%{upstream_version} -S git %autosetup -n %{service}-%{upstream_version} -S git
sed -i 's/\/usr\/bin\/python/\/usr\/bin\/python3/' %{SOURCE36} sed -i 's/\/usr\/bin\/python/\/usr\/bin\/python3/' %{SOURCE36}
find %{service} -name \*.py -exec sed -i '/\/usr\/bin\/env python/{d;q}' {} + find %{service} -name \*.py -exec sed -i '/\/usr\/bin\/env python/{d;q}' {} +
@ -452,8 +448,7 @@ mv %{buildroot}%{_sysconfdir}/%{service}/api-paste.ini %{buildroot}%{_datadir}/%
install -d -m 755 %{buildroot}%{_sysconfdir}/%{service}/plugins/ml2 install -d -m 755 %{buildroot}%{_sysconfdir}/%{service}/plugins/ml2
mv etc/%{service}.conf %{buildroot}%{_sysconfdir}/%{service}/%{service}.conf mv etc/%{service}.conf %{buildroot}%{_sysconfdir}/%{service}/%{service}.conf
mv etc/neutron/ovn.ini %{buildroot}%{_sysconfdir}/%{service}/ovn.ini for agent in dhcp l3 metadata metering
for agent in dhcp l3 metadata metering neutron_ovn_metadata
do do
mv etc/${agent}_agent.ini %{buildroot}%{_sysconfdir}/%{service}/${agent}_agent.ini mv etc/${agent}_agent.ini %{buildroot}%{_sysconfdir}/%{service}/${agent}_agent.ini
done done
@ -462,16 +457,8 @@ do
mv etc/%{service}/plugins/ml2/${file}.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/ml2/${file}.ini mv etc/%{service}/plugins/ml2/${file}.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/ml2/${file}.ini
done done
# (TODO) Backwards compatibility for networking-ovn-metadata-agent.ini
install -d -m 755 %{buildroot}%{_sysconfdir}/neutron/plugins/networking-ovn
ln -s /etc/neutron/neutron_ovn_metadata_agent.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/networking-ovn/networking-ovn-metadata-agent.ini
# (TODO) Backwards compatibility for ovn.ini
ln -s /etc/neutron/ovn.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/networking-ovn/networking-ovn.ini
# (TODO) Backwards compatibility for networking-ovn-metadata-agent executable
ln -s %{_bindir}/neutron-ovn-metadata-agent %{buildroot}%{_bindir}/networking-ovn-metadata-agent
# Install logrotate # Install logrotate
install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-%{service} install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-%{service}
@ -494,11 +481,7 @@ install -p -D -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/neutron-netns-cleanup.s
install -p -D -m 644 %{SOURCE29} %{buildroot}%{_unitdir}/neutron-rpc-server.service install -p -D -m 644 %{SOURCE29} %{buildroot}%{_unitdir}/neutron-rpc-server.service
install -p -D -m 644 %{SOURCE32} %{buildroot}%{_unitdir}/neutron-linuxbridge-cleanup.service install -p -D -m 644 %{SOURCE32} %{buildroot}%{_unitdir}/neutron-linuxbridge-cleanup.service
install -p -D -m 644 %{SOURCE36} %{buildroot}%{_unitdir}/neutron-destroy-patch-ports.service install -p -D -m 644 %{SOURCE36} %{buildroot}%{_unitdir}/neutron-destroy-patch-ports.service
install -p -D -m 644 %{SOURCE37} %{buildroot}%{_unitdir}/neutron-ovn-metadata-agent.service
# (TODO) - Backwards compatibility for systemd unit networking-ovn-metadata-agent
ln -s %{_unitdir}/neutron-ovn-metadata-agent.service %{buildroot}%{_unitdir}/networking-ovn-metadata-agent.service
# Install helper scripts # Install helper scripts
install -p -D -m 755 %{SOURCE33} %{buildroot}%{_bindir}/neutron-enable-bridge-firewall.sh install -p -D -m 755 %{SOURCE33} %{buildroot}%{_bindir}/neutron-enable-bridge-firewall.sh
@ -536,7 +519,7 @@ mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/common
for service in server rpc-server ovs-cleanup netns-cleanup linuxbridge-cleanup macvtap-agent; do for service in server rpc-server ovs-cleanup netns-cleanup linuxbridge-cleanup macvtap-agent; do
mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/%{service}-$service mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/%{service}-$service
done done
for service in linuxbridge openvswitch dhcp l3 metadata metering sriov-nic ovn-metadata; do for service in linuxbridge openvswitch dhcp l3 metadata metering sriov-nic; do
mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/%{service}-$service-agent mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/%{service}-$service-agent
done done
@ -546,6 +529,9 @@ rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*/LC_*/%{service}*po
rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*pot rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*pot
mv %{buildroot}%{python3_sitelib}/%{service}/locale %{buildroot}%{_datadir}/locale mv %{buildroot}%{python3_sitelib}/%{service}/locale %{buildroot}%{_datadir}/locale
# Install router gateway portforwarding feature patch
install -D -p -m 644 %{SOURCE37} %{buildroot}%{python3_sitelib}/openstack-plugin/neutron/$(basename %{SOURCE37})
# Find language files # Find language files
%find_lang %{service} --all-name %find_lang %{service} --all-name
@ -664,16 +650,19 @@ fi
%cleanup_orphan_rootwrap_daemons %cleanup_orphan_rootwrap_daemons
%post ovn-metadata-agent %post distributed-traffic
%systemd_post neutron-ovn-metadata-agent.service export patch_name=$(basename %{SOURCE37})
%gitPatch %{python3_sitelib}/neutron %{python3_sitelib}/openstack-plugin/neutron/$patch_name
crudini --set %{python3_sitelib}/neutron-*.egg-info/entry_points.txt neutron.objects RGPortForwarding neutron.objects.rg_port_forwarding:RGPortForwarding
crudini --set %{python3_sitelib}/neutron-*.egg-info/entry_points.txt neutron.service_plugins rg_port_forwarding neutron.services.rg_portforwarding.pf_plugin:RGPortForwardingPlugin
crudini --set %{python3_sitelib}/neutron-*.egg-info/entry_points.txt neutron.agent.l3.extensions rg_port_forwarding neutron.agent.l3.extensions.rg_port_forwarding:RGPortForwardingAgentExtension
%preun ovn-metadata-agent %preun distributed-traffic
%systemd_preun neutron-ovn-metadata-agent.service %gitUnPatch %{python3_sitelib}/neutron
crudini --del %{python3_sitelib}/neutron-*.egg-info/entry_points.txt neutron.objects RGPortForwarding
crudini --del %{python3_sitelib}/neutron-*.egg-info/entry_points.txt neutron.service_plugins rg_port_forwarding
%postun ovn-metadata-agent crudini --del %{python3_sitelib}/neutron-*.egg-info/entry_points.txt neutron.agent.l3.extensions rg_port_forwarding
%systemd_postun_with_restart neutron-ovn-metadata-agent.service
%files %files
@ -694,9 +683,7 @@ fi
%{_bindir}/neutron-status %{_bindir}/neutron-status
%{_bindir}/neutron-server %{_bindir}/neutron-server
%{_bindir}/neutron-usage-audit %{_bindir}/neutron-usage-audit
%{_bindir}/neutron-ovn-metadata-agent %{_bindir}/neutron-rootwrap-xen-dom0
%{_bindir}/networking-ovn-metadata-agent
%{_bindir}/neutron-ovn-db-sync-util
%{_unitdir}/neutron-dhcp-agent.service %{_unitdir}/neutron-dhcp-agent.service
%{_unitdir}/neutron-l3-agent.service %{_unitdir}/neutron-l3-agent.service
%{_unitdir}/neutron-metadata-agent.service %{_unitdir}/neutron-metadata-agent.service
@ -747,8 +734,6 @@ fi
%dir %{_sysconfdir}/%{service}/plugins %dir %{_sysconfdir}/%{service}/plugins
%attr(-, root, %{service}) %{_datadir}/%{service}/%{service}-dist.conf %attr(-, root, %{service}) %{_datadir}/%{service}/%{service}-dist.conf
%config(noreplace) %attr(0640, root, %{service}) %{_sysconfdir}/%{service}/%{service}.conf %config(noreplace) %attr(0640, root, %{service}) %{_sysconfdir}/%{service}/%{service}.conf
%config(noreplace) %attr(0640, root, %{service}) %{_sysconfdir}/%{service}/ovn.ini
%{_sysconfdir}/%{service}/plugins/networking-ovn/networking-ovn.ini
%config(noreplace) %{_sysconfdir}/%{service}/rootwrap.conf %config(noreplace) %{_sysconfdir}/%{service}/rootwrap.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/* %config(noreplace) %{_sysconfdir}/logrotate.d/*
%{_sysconfdir}/sudoers.d/%{service} %{_sysconfdir}/sudoers.d/%{service}
@ -762,6 +747,8 @@ fi
%{_datarootdir}/%{service}/rootwrap/ipset-firewall.filters %{_datarootdir}/%{service}/rootwrap/ipset-firewall.filters
%{_datarootdir}/%{service}/rootwrap/l3.filters %{_datarootdir}/%{service}/rootwrap/l3.filters
%{_datarootdir}/%{service}/rootwrap/privsep.filters %{_datarootdir}/%{service}/rootwrap/privsep.filters
%{_datarootdir}/%{service}/rootwrap/ebtables.filters
%{_datarootdir}/%{service}/rootwrap/iptables-firewall.filters
%files linuxbridge %files linuxbridge
@ -827,30 +814,18 @@ fi
%config(noreplace) %attr(0640, root, %{service}) %{_sysconfdir}/%{service}/plugins/ml2/sriov_agent.ini %config(noreplace) %attr(0640, root, %{service}) %{_sysconfdir}/%{service}/plugins/ml2/sriov_agent.ini
%dir %{_sysconfdir}/%{service}/conf.d/%{service}-sriov-nic-agent %dir %{_sysconfdir}/%{service}/conf.d/%{service}-sriov-nic-agent
%files distributed-traffic
%files ovn-metadata-agent %{python3_sitelib}/openstack-plugin/neutron/%{basename %{SOURCE37}}
%license LICENSE
%{_bindir}/neutron-ovn-metadata-agent
%{_bindir}/networking-ovn-metadata-agent
%{_unitdir}/neutron-ovn-metadata-agent.service
%{_unitdir}/networking-ovn-metadata-agent.service
%config(noreplace) %attr(0640, root, %{service}) %{_sysconfdir}/%{service}/neutron_ovn_metadata_agent.ini
%dir %{_sysconfdir}/neutron/plugins/networking-ovn
%{_sysconfdir}/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini
/etc/neutron/plugins/networking-ovn/networking-ovn.ini
%dir %{_sysconfdir}/neutron/conf.d/neutron-ovn-metadata-agent
%files ovn-migration-tool
%license LICENSE
%{_bindir}/neutron-ovn-migration-mtu
%{_bindir}/ovn_migration.sh
%{_datadir}/ansible/neutron-ovn-migration/
%changelog %changelog
* Fri Jul 23 2021 liksh <liks11@chinaunicom.cn> 1:18.1.0-1 * Fri Nov 29 2024 wangjing <wangjing@uniontech.com> - 15.3.4-4
- Update to 18.1.0 - add patch CVE-2024-53916-Fix-the-tagging-policy-engine.patch
* Fri Jan 15 2021 joec88 <joseph.chn1988@gmail.com> 1:17.0.0-1 * Tue Oct 17 2023 wangkuntian <wangkuntian@uniontech.com> - 15.3.4-3
- openEuler build release - Add distributed traffic feature package
* Tue Nov 23 2021 zhangy1317 <zhangy1317@foxmail.com> - 15.3.4-2
- Fix install issue
* Fri Nov 05 2021 wangxiyuan <wangxiyuan1007@gmail.com> 15.3.4-1
- Support OpenStack Train release