1. 28 Nov, 2017 5 commits
  2. 27 Nov, 2017 5 commits
  3. 22 Nov, 2017 1 commit
  4. 25 Oct, 2017 4 commits
  5. 23 Oct, 2017 3 commits
    • David Johnson's avatar
      Deal with a new behavior in Mitaka Neutron openvswitch plugin. · ca1048e6
      David Johnson authored
        Huge hack.  Somewhere in Mitaka, something starts removing the first
        flow rule from the table (and that is the rule allowing our control
        net iface ARP replies to go out!).  So, put a simple rule at the head
        of the line that simply allows ARP replies from the local control net
        default gateway to arrive on our control net iface.  This rule is of
        course eclipsed by the "Allow any inbound ARP replies on the control
        network" rule below -- thus it is safe to allow this arbitrary process
        to delete.
      
      Of course, there is probably some assumption that the plugin is making
      that might be going wrong.  Oh well, let's wait for that to happen.
      Don't have time to read the code right now to find the remover-culprit.
      ca1048e6
    • David Johnson's avatar
      Make sure our anti-ARP spoofing flow rules are re-added on reboot. · 76865ca1
      David Johnson authored
      This is necessary for Mitaka and on.  I don't know if I hadn't done it,
      or just can't find the old mechanism that no longer works :).  Anyway,
      now I do it in a new way!
      76865ca1
    • David Johnson's avatar
      The new libvirt-guests.service defaults to suspending the guests. · ce0ba38b
      David Johnson authored
      This screws up everything -- from shutdown to bootup.  For whatever
      reason, it blocks the physhost from coming up on the network... and
      eventually systemd times out the boot and reboots!  Ugh.  Stuff like
      this shouldn't get introduced in an LTS release.
      ce0ba38b
  6. 26 Sep, 2017 2 commits
  7. 11 Sep, 2017 1 commit
  8. 08 Sep, 2017 2 commits
  9. 01 Sep, 2017 3 commits
    • David Johnson's avatar
      Ugh, use *LOCKFILE everywhere to ensure we wait. · ae292ea5
      David Johnson authored
      aarch64 machines are really slow, and the default lockfile-create
      timeout of 180s has started to prove insufficient.  The "macros" were
      there already just unused in these few cases :(.
      ae292ea5
    • David Johnson's avatar
      Also ensure address pool is pinned to Site 1. · 205f8c4f
      David Johnson authored
      (This requires the latest geni-lib support for a site tag for AddressPools.)
      205f8c4f
    • David Johnson's avatar
      Fix bug from the split ctl/nm days; also parse routable_pools "safely". · c8f2eb34
      David Johnson authored
      This was a holdover from the original profile with split ctl and nm
      management nodes.  Now there is just a single ctl node by default, but
      the IPs are still requested tied to the nm node.  So we were ignoring
      the split and the custom naming options.
      
      Then, the hunk o' perl that was pulling the addrs out of the manifest
      was first just assuming the first cluster manifest had the proper addrs,
      which is wrong; we have to look at all cluster manifests.  Then, we have
      to ensure we are extracting public addrs for the NM node (which in the
      non-split world is the ctl node).
      
      So now the hunk o' perl is really large and is "safer".
      c8f2eb34
  10. 15 Mar, 2017 1 commit
  11. 13 Jan, 2017 4 commits
  12. 12 Jan, 2017 1 commit
  13. 12 Dec, 2016 1 commit
    • David Johnson's avatar
      Push securitygroup settings to both plugin conf files. · bb20c75c
      David Johnson authored
      Over time, the initscripts have changed which files they point the agent
      to read.  I think it used to be both ml2_conf.ini and
      {driver}_agent.ini, but as of Mitaka/Ubuntu16, it seems to be only
      {driver}_agent.ini .  So just write the same thing into both places.
      bb20c75c
  14. 13 Nov, 2016 1 commit
  15. 10 Nov, 2016 1 commit
  16. 03 Nov, 2016 1 commit
  17. 28 Oct, 2016 2 commits
  18. 27 Oct, 2016 2 commits