/
changelog
653 lines (510 loc) · 27 KB
/
changelog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
calico (1.2.0-1) trusty; urgency=medium
* Truncate long output from FailedSystemCall exception.
* Add instructions for use with OpenStack Liberty.
-- Matt Dupre <matt@projectcalico.org> Mon, 26 Oct 2015 17:50:04 +0000
calico (1.2.0~pre.2-1) trusty; urgency=medium
* Add endpoint status reporting to Felix. Felix now reports the state of
endpoints into etcd so that the OpenStack plugin can report this
information into Neutron. If Felix fails to configure a port, this now
causes VM creation to fail.
* Reduce occupancy of Felix's tag resolution index in the common case
where IP addresses only have a single owner.
* Felix now sets the default.rp_filter sysctl to ensure that endpoints
come up with the Kernel's RPF check enabled by default.
* Optimize Felix's actor framework to reduce message-passing overhead.
-- Matt Dupre <matt@projectcalico.org> Mon, 19 Oct 2015 15:28:30 +0100
calico (1.2.0~pre.1~dev.1) trusty; urgency=low
* Internal testing release.
* Add liveness reporting to Felix. Felix now reports its liveness into
etcd and the neutron driver copies that information to the Neutron DB.
* Performance enhancements to ipset manipulation.
* Rev python-etcd dependency to 0.4.1. Our patched python-etcd version
(which contains additional patches) is still required.
-- Shaun Crampton <shaun@projectcalico.org> Fri, 25 Sep 2015 14:40:00 +0100
calico (1.1.0-1) trusty; urgency=low
* Improve the documentation about upgrading a Calico/OpenStack system.
* Fix compatibility with latest OpenStack code (oslo_config).
* Use posix_spawn to improve Felix's performance under heavy load.
* Explicitly use and enable the kernel's reverse path filtering
function, and remove our iptables anti-spoofing rules, which were not
as robust.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Tue, 08 Sep 2015 11:46:51 +0100
calico (1.0.0-1) trusty; urgency=medium
* Calico version 1.0.0 release
-- Matt Dupre <matt@projectcalico.org> Fri, 14 Aug 2015 13:40:28 +0100
calico (0.29~rc1) trusty; urgency=medium
* First release candidate
-- Matt Dupre <matt@projectcalico.org> Wed, 05 Aug 2015 16:46:08 +0100
calico (0.28) trusty; urgency=medium
* Felix now restarts if its etcd configuration changes.
* Felix now periodically refreshes iptables to be robust to other processes
corrupting its chains.
* More thorough resynchronization of etcd from the Neutron mechanism driver.
* Added process-specific information to the diagnostics dumps from Felix.
-- Matt Dupre <matt@projectcalico.org> Tue, 04 Aug 2015 17:36:13 +0100
calico (0.27.1) trusty; urgency=medium
* Interim bug-fix release - reinstate DHCP checksum calculation rule.
-- Matt Dupre <matt@projectcalico.org> Wed, 15 Jul 2015 17:28:43 +0100
calico (0.27) trusty; urgency=medium
* Limit number of concurrent shell-outs in felix to prevent file descriptor
exhaustion.
* Have felix periodically resync from etcd and force-refresh the dataplane.
* Stop restarting Felix on Ubuntu if it fails more than 5 times in 10 seconds.
* Move DHCP checksum calculation to Neutron.
* Get all fixed IPs for a port.
-- Matt Dupre <matt@projectcalico.org> Tue, 14 Jul 2015 11:58:44 +0100
calico (0.26) trusty; urgency=medium
* Update and improve security model documentation.
* Streamline conntrack rules, move them to top-level chains to avoid
duplication.
* Narrow focus of input iptables chain so that it only applies to
Calico-handled traffic.
* Provide warning log when attempting to use Neutron networks that are not of
type 'local' or 'flat' with Calico.
* Handle invalid JSON in IPAM key in etcd.
* Move all log rotation into logrotate and out of Felix, to prevent conflicts.
* Change log rotation strategy for logrotate to not rotate small log files.
* Delay starting the Neutron resynchronization thread until after all the
necessary state has been configured, to avoid race conditions.
* Prevent systemd restarting Felix when it is killed by administrators.
-- Cory Benfield <cory@projectcalico.org> Mon, 29 Jun 2015 11:49:42 +0100
calico (0.25) trusty; urgency=medium
* Remove stale conntrack entries when an endpoint's IP is removed.
* Fix bug where profile chain was left empty instead of being stubbed out.
* Improve security between endpoint and host and simplify INPUT chain logic.
-- Cory Benfield <cory@projectcalico.org> Mon, 22 Jun 2015 14:07:48 +0100
calico (0.24) trusty; urgency=medium
* Add Felix statistics logging on USR1 signal.
* Add support for routing over IP-in-IP interfaces in order to make it
easier to evaluate Calico without reconfiguring underlying network.
* Reduce felix occupancy by replacing endpoint dictionaries by "struct"
objects.
* Allow different hosts to have different interface prefixes for combined
OpenStack and Docker systems.
* Add missing support for 0 as a TCP port.
* Add support for arbitrary IP protocols.
* Intern various IDs in felix to reduce occupancy.
* Fix bug where Calico may not propagate security group rule changes from
OpenStack.
* Reduced logspam from Calico Mechanism Driver.
-- Cory Benfield <cory@projectcalico.org> Mon, 15 Jun 2015 11:45:01 +0100
calico (0.23) trusty; urgency=medium
* Reset ARP configuration when endpoint MAC changes.
* Forget about profiles when they are deleted.
* Treat bad JSON as missing data.
* Add instructions for Kilo on RHEL7.
* Extend diagnostics script to collect etcd and RabbitMQ information.
* Improve BIRD config to prevent NETLINK: File Exists log spam.
* Reduce Felix logging volume.
-- Matt Dupre <matt@projectcalico.org> Mon, 08 Jun 2015 16:37:50 +0100
calico (0.22.1) trusty; urgency=medium
* Updated Mechanism driver to specify fixed MAC address for Calico tap
interfaces.
* Prevent the possibility of gevent context-switching during garbage collection
in Felix.
* Increase the number of file descriptors available to Felix.
* Firewall input characters in profiles and tags.
* Implement tree-based dispatch chains to improve IPTables performance with
many local endpoints.
* Neutron mechanism driver patches and docs for OpenStack Kilo release.
* Correct IPv6 documentation for Juno and Kilo.
-- Matt Dupre <matt@projectcalico.org> Tue, 02 Jun 2015 17:15:48 +0100
calico (0.21) trusty; urgency=medium
* Support for running multiple neutron-server instances in OpenStack
* Support for running neutron-server API workers in OpenStack
* Calico Mechanism Driver now performs leader election to control state
resynchronization
* Extended data model to support multiple security profiles per endpoint
* Calico Mechanism Driver now attempts to delete empty etcd directories
* Felix no longer leaks memory when etcd directories it watches are deleted
* Fix error on port creation where the Mechanism Driver would create, delete,
and then recreate the port in etcd
* Handle EtcdKeyNotFound from atomic delete methods
* Handle etcd cluster ID changes on API actions
* Fix ipsets cleanup to correctly iterate through stopping ipsets
* Ensure that metadata is not blocked by over-restrictive rules on outbound
traffic
* Updates and clarifications to documentation
-- Matt Dupre <matt@projectcalico.org> Tue, 26 May 2015 17:22:01 +0100
calico (0.20) trusty; urgency=medium
* Felix graceful restart support
* Refactoring and additional unit testing
-- Matt Dupre <matt@projectcalico.org> Mon, 18 May 2015 17:55:32 +0100
calico (0.19) trusty; urgency=medium
* Further fixes and improvements to Calico components
- Add script that automates the merging required for a Debian/Ubuntu package
- Actually save off the endpoints in the endpoint index.
- Fix reference leak in felix caused by reference cycle.
- Core review markups and cleanups to ref-tracking code.
- Add FV-level test that genuinely leaks an exception.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Mon, 11 May 2015 12:32:26 +0100
calico (0.18) trusty; urgency=medium
* Further fixes and improvements to Calico components
- Note that RHEL 6.5 instructions are not yet complete
- Document that Felix requires a config file, or it won't start on RHEL
- Tidy up line wrapping in RHEL install docs
- Move utility functions to frules
- Minor code tidies in dispatch.py
- Refactor DispatchManager API to not use dicts
- Add unit tests for DispatchChains
- Clarify DispatchChains comparison logic
- Move common validation code to single place.
- Reinstate etc after overwriting import.
- Initial code review markups for iptables updater.
- Code review markups for fiptables.py.
- Address some RHEL 7 install instruction issues:
- Minor grammar markups
- Fix missing import in common
- Revert "Initial code review markups for iptables updater."
- Docstrings for UpdateSplitter
- Remove invalid module reference
- Retire RHEL 6.5 instructions until we can fix them up, or are convinced there is no demand.
- Allow for config to be read from config files.
- Code review feedback
- changed bgp_export policy to be interface of origin based
- Ensure no logs are made to screen in mainline with screen logging disabled
- syntax cleanup, prettified, and default filter added back in.
- cut and paste doh... - v4 default address used in v6 config file
- Work in progress on cleanup/support for anycast IPs.
- Minor fixes: typos and incorrect indexing into dicts.
- Fixes and cleanups: move updates into lower level methods.
- Fix missing delete when cleaning up ip address.
- Minor cleanups and self-review markups.
- Code review markups. Track dirty tags and update en-masse.
- Revert "Revert "Initial code review markups for iptables updater.""
- Revert rename of _Transaction.updates, it is referenced by IptablesUpdater.
- Suppress start-of-day iptables-restore errors from CaS-type operations.
- Tidy up etcd exception logging.
- Clean up devices exception logging.
- Add actor life-cycle logging.
- Add endpoint and profile IDs as comments in iptables chains.
- Unit tests for the UpdateSplitter
- RHEL7 doc: fix formatting of Calico repo config
- RHEL7 doc: don't mention Icehouse
- Clarify that mapping is dict
- Update documentation of configuration for Felix.
- Felix review and some UT (actor, refcount)
- Replace endpoint ID with tuple that includes host and workload too.
- Code review markups to refcount.py.
- Don't process endpoint creation until SOD complete
- Docs typo fix: incorrect etcd mount in fstab
- Remove comments
- Document the new mailing lists
- Update involved.rst
- Plugin: provide correct workload ID - fixes #445
- Plugin: provide correct workload ID - UT updates
- Update README.md
- Cleanup README line length
- Missing sec group retries
- Close race between resync and access to self.sgs in plugin.
- Remove race in needed_profile cleanup by using a semaphore.
- Be resilient to ports disappearing while loading SG members.
- Protect all access to the security groups dict.
- Fix up UT environment to include neutron.common.exceptions.
- Reinstate ability to take file path as command line parameter.
- Markups to config file specification - tidy exception handling
- Wording tweaks based on previous version of config documentation.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Tue, 05 May 2015 16:31:11 +0100
calico (0.17) trusty; urgency=medium
* Bug fixes and improvements to Calico components
- Clean up config loading (code review markups).
- Remove references to ACL manager from RHEL docs
- Etcd install instructions for RHEL
- Be more defensive in etcd polling, catch various HTTP-related exceptions.
- Fix import order in felix.py to invoke gevent monkey-patch first.
- Fix missing arg to log message.
- Remove incorrect comment.
- Fix plugin to set only icmp_type/code and not port range for ICMP.
- Add UTs for ICMP rule generation.
- Add felix support for ICMP code, firewall values.
- Validate plugin data agsint felix's validation routines.
- Code review markups.
- Fix missing continue: use setting of response as a gate in fetcd.py.
- Increase severity of socket.timeout warning.
- Add httplib errors into excepts.
- Code review markups.
- Update involved.rst
- Update contribute.rst
- Tidy up line lengths
- Revert "Tidy up line lengths"
- Tidy up line lengths
- Don't unnecessarily pin versions
- Fix up a range of commnents.
- Cleanup toctree for contribution doc
- Further README cleanup
- The letter 'a' is tricksy
- Update contribute.rst
- RPM Version 0.16
- Fix RPM version
- Beef up syslog format, add a couple of additional logs.
- Debian packaging: python-gevent is not actually needed on controller
- RPM packaging: remove ACL manager and ZMQ deps; add python-gevent (fixes #435)
- Packaging: add dependency of Felix on net-tools, for the arp command (fixes #146)
- Make ipset uperations idempotent.
- Fix cluster UUID check. Copy UUID from old client to new, fix typo in arg name.
- RHEL install markups
- Fix my own review markups
- Run etcd on startup
- After reboots
- Copy etcd binaries to the right place
- Update bundle for etcd architecture
- Use commit id instead of tag in tox dependency
- Code review markups.
- Prevent ActiveIpset from recreating ipset after on_unreferenced().
- Fix missing stdin argument to Popen, beef up diags for ActiveIpset.
- Code review markups.
- Update openstack.rst
- Don't setuid on RHEL 6.5.
- Wrapping lines
- Fix numbering in ubuntu-opens-install.rst
- Add missing jump target to ICMPv6 from endpoint rule.
- Add "icmp_code" to whitelist of allowed rule fields.
- Prevent programming of ICMP type 255, which the kernel treats as wildcard.
- Isolate rule parsing failure to individual rule.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Mon, 27 Apr 2015 15:58:46 +0100
calico (0.16) trusty; urgency=medium
* Move to etcd for inter-component communications from zeromq
- Significant Felix enhancements to take advantage of new data model
- Retire ACL Manager
- Mechanism driver updates to take advantage of new data model
- Update documentation
-- Matt Dupre <matt@projectcalico.org> Mon, 20 Apr 2015 18:07:21 +0100
calico (0.15) trusty; urgency=medium
* Fix exception in Neutron mechanism driver
* Many documentation changes and additions
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 10 Apr 2015 15:22:03 +0000
calico (0.14) trusty; urgency=medium
* Move documentation from separate calico-docs GitHub wiki to Read the Docs
* Neutron mechanism driver fixes
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 20 Mar 2015 11:12:44 +0000
calico (0.13) trusty; urgency=medium
* Bug fixes and enhancements to Calico components
- Remove python-iptables
- Add EL6.5 support
- Make Calico components restart after failures
- Enhance diagnostics gathering script
- Fix live migration support
- Many logging, testing and configuration improvements
- Improve handling of connection timeouts
- Program proxy NDP
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 06 Mar 2015 17:45:21 +0000
calico (0.12.1) trusty; urgency=medium
* Bug fixes and improvements to Calico components
- Initial refactor of fsocket.
- Fix issue #133 (lost resync when connection error)
- Fix restart failure on connection error (bug #97)
- More timing tests, and fixing of resulting bugs.
- Tighten up resync testing, with bug fix.
- ACL Manager fix: Suppress superfluous unsolicited ACLUPDATE messages when nothing has changed
- Use ip route replace instead of add Fixes timing window when route exists during live migration
- Fix #164: Disable proxy_delay on taps to avoid delayed proxy ARP response.
- Better doc and organization for setup code
- mech_calico: Bind as directed by Neutron server's bind_host config
- Delete routes when endpoint destroyed
- Send ENDPOINTDESTROYED rsp even whenendpoint is unknown (fixes #192)
- More robust exception handling in handle_endpoint{updated|destroyed}
- Unit testing and diagnostics improvements
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 13 Feb 2015 15:52:54 +0000
calico (0.11) trusty; urgency=medium
* Logging improvements and additional unit tests
* ACL Manager fixes
- Support multiple security groups on a single endpoint
- ACL Manager stops listening for network updates silently when a rule
references an empty security group
- Ensure ACL Manager exits cleanly with a log when worker threads crash
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 30 Jan 2015 16:07:22 +0000
calico (0.10.3~rc3) trusty; urgency=medium
* Add support for Red Hat 7
* Fixes and improvements
- Change from VIF_TYPE_ROUTED to VIF_TYPE_TAP
- Require explicit configuration before starting Felix or ACL Manager
- Correct installation of *.cfg example files
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 23 Jan 2015 11:20:14 +0000
calico (0.10.3~rc2) trusty; urgency=medium
* Further Felix code fixes:
- If we recreate the ACL SUB connection, resubscribe to everything.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Thu, 22 Jan 2015 11:02:01 +0000
calico (0.10.3~rc1) trusty; urgency=medium
* More code fixes and improvements
- Delete old (pre-Felix) Calico agent
- There are no more *.ini files to install.
- Felix unit testing and refactoring
- Add initial diags collection file
- Ensure that Felix handles resyncs with 0 endpoints
-- Matt Dupre <matthew.dupre@metaswitch.com> Tue, 20 Jan 2015 17:45:32 +0000
calico (0.10.2) trusty; urgency=medium
* Code fixes and improvements
- Version number now correctly reported by Python.
- Felix now correctly sends keepalives.
- Substantial myriad heartbeat fixes in all components.
- Fixed Felix crash when building certain error logs.
- Fixed Felix crash when asked to program an interface that is not up yet.
-- Cory Benfield <cory.benfield@metaswitch.com> Fri, 16 Jan 2015 13:45:01 +0000
calico (0.10.1) trusty; urgency=medium
* Increment version number to replace PPA build with proper requirements
-- Matt Dupre <matthew.dupre@metaswitch.com> Thu, 15 Jan 2015 17:40:23 +0000
calico (0.10) trusty; urgency=medium
* Code fixes and improvements
- Felix now exits with non-zero status code on error.
- Allow a new log level: NONE which disables that log handler.
- Broadened check of logfile
- Log out daemon name to syslog.
- Set up syslog better - so works on ubuntu.
- Allow explicit configuration of Felix hostname.
- Made acl_manager logging config work like felix config
- Allow the IP address of Felix to be explicitly specified.
- Add bind address to ACL manager.
- Review markups - allow hostnames as well as IP addresses.
- Handle errors from failure to connect to Felix
- Tell BIRD to run on "br-mgmt" interface, for setups migrated from OVS to Calico
- Do not leak ipsets for endpoints which have been removed.
- Remove workaround for (now fixed) python-iptables bug.
- Improve last fix to avoid duplicate rules.
- Retire unneeded dropping of DHCP packets.
- Do not hang in termination in zmq.
- Restructure rules so that DROP default still works.
- Add support for port ranges Includes some extra tests to get better coverage of area changed.
- Split felix-MAIN into felix-INPUT and felix-FORWARD
* Packaging improvements
- Add basic requirements files for Felix and ACL Mgr
- Conditionally install extra dependencies.
- Add plugin requirements.
- Add eventlet dependency.
- Set minimum python-iptables version.
-- Matt Dupre <matthew.dupre@metaswitch.com> Wed, 14 Jan 2015 19:18:23 +0000
calico (0.9.1) trusty; urgency=medium
* Remove python-dev dependency.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Thu, 18 Dec 2014 10:17:58 +0000
calico (0.9) trusty; urgency=medium
* New announced release.
-- Matt Dupre <matthew.dupre@metaswitch.com> Mon, 15 Dec 2014 12:05:34 +0000
calico (0.9~rc1) trusty; urgency=medium
* Felix unit testing, restructuring and fixes
- Initial test infrastructure - no real tests yet.
- Basic restructuring - start reorg of futils
- Move iptables specific stuff into its own module. Not complete, but works in this state, so committing now!
- Remove some iptc knowledge from frules.
- More refactoring to allow mocking out of iptables code.
- Minor fix after some testing of the new code.
- Tidy up Felix use of system calls.
- Simplify test framework. Still no actual tests...
- Move config logic around so it can be tested.
- Add some config file tests
- Having got coverage working, a couple of tests.
- Add .coverage to .gitignore
- Stub out fiptables properly. Can now do minimal test of felix init.
- Code review markups.
- More minor code markups.
- Force the resync count to be an integer.
- Tidy up some confusing code relating to resync counts.
- Simplify the if test by removing extra duplicate test.
- Firewall against bad plugin or ACL addresses
- Updated config code to firewall against invalid addresses.
- Fix incorrect function path causing Felix crash
- Ensure BIRD gets all kernel routes in its table.
- Ensure BIRD6 can make correct routing decisions.
- More code tidies (including a real bug).
* Packaging tidy-up
- Harmonize content and presentation of copyright notices
- Pin Calico package versions to each other
- RPM packaging fixes
- Don't include upstart jobs for Felix and ACL manage in calico-compute RPM
- Move CalicoMechanismDriver back here (i.e. out of Neutron tree)
- Move CalicoMechanismDriver back here (i.e. out of Neutron tree)
* Logging improvements
- Add common logging setup functions.
- Replace Felix logging with common log functions.
- Replace ACL manager logging with common code.
- Fix import statements for logging.
-- Matt Dupre <matthew.dupre@metaswitch.com> Fri, 12 Dec 2014 11:15:31 +0000
calico (0.8) trusty; urgency=medium
* New announced release.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Fri, 21 Nov 2014 19:28:34 +0000
calico (0.8~2) trusty; urgency=medium
* Further fixes and enhancements to Felix
- Handle ACLUPDATE for deleted endpoint.
- Config file tweaks. Comment out values matching defaults.
- Add Metadata IP and Port configuration to Felix
- Allow address as well as IP for metadata.
- Ban traffic to the loopback address from VMs (unless for metadata)
-- Neil Jerram <Neil.Jerram@metaswitch.com> Fri, 21 Nov 2014 11:59:45 +0000
calico (0.8~1) trusty; urgency=medium
* New fixes and enhancements to Felix
- Clean up code and tidy up ready so that accept default rules can work.
- Some trivial code tidy left over from the merges.
- Minor typo fixes.
- Code review markups.
- Fix bug where duplicate rules created.
- Fix up ICMP rules for all ICMP.
- Various code review markups ready for merging.
- Unblock outgoing DHCP. Bug in fix to issue38.
- Fix more issues with issue38 code. Allow DHCP for IPv6 too Fix up
getting in / out interfaces backwards
-- Neil Jerram <Neil.Jerram@metaswitch.com> Thu, 20 Nov 2014 13:05:58 +0000
calico (0.7) trusty; urgency=medium
* Update packaging to support source package creation and upload.
- Stop using python-pbr.
- Implement install steps in setup.py and debian/rules, instead of setup.cfg.
-- Neil Jerram <Neil.Jerram@metaswitch.com> Tue, 11 Nov 2014 15:47:22 +0000
calico (0.6.4) trusty; urgency=medium
* Update version number in setup.cfg
-- Neil Jerram <nj@metaswitch.com> Mon, 10 Nov 2014 16:29:06 +0000
calico (0.6.3) trusty; urgency=medium
* Add Build-Depends: python-setuptools, python-pbr
* Add debian/source/format
-- Neil Jerram <nj@metaswitch.com> Mon, 10 Nov 2014 15:51:45 +0000
calico (0.6) trusty; urgency=medium
* Many fixes and enhancements to Felix (the new Calico agent)
- IP v6 support and minor bug fixes.
- Minor logging enhancement.
- Fix dull bug where we never left long enough for resync responses to return on a slow system, ignoring the config values.
- Many more updates. Apart from intermittent iptables issues, mostly working well. Next action is to fix those.
- Finally fix dull issue with python-iptables, state and IPv6.
- Add ep_retry code.
- Fix small bugette in handling of endpoint retry.
- Stop using "state" completely - "conntrack" seems more reliable.
- Fix up bug where we created IPv6 sets as IPv4, then crashed.
- GETACLUPDATE response may arrive before tap interface created; handle it.
- Speculative fix for problem with icmp ip6tables rules.
- Do not get confused during second resync and delete endpoints.
- Allow for the state of endpoints to be disabled.
- Subscribe to ACL heartbeats to avoid timing it out continuously.
- Minor cosmetic edits.
- More minor refactoring and code tidy up.
- Remove IPs from an endpoint when they are removed by the API. Also, some minor code tidies.
- Clean up logic when removing unused IPs.
- Fix up dull typo in IP removal code.
- Fix bug where tap address got wrong MAC address.
- Put in candidate workaround for looping in iptables configuration.
* Packaging: calico-felix needs dependency on python-dev(el)
* RPM packaging fixes
- Start and stop Calico services on install/uninstall
- Run Calico services as root, not as 'neutron'
* ACL Manager fix
- ACL manager was sending a three part message for keepalives. Make it a two part message like the others.
-- Neil Jerram <nj@metaswitch.com> Fri, 07 Nov 2014 15:39:05 +0000
calico (0.5) trusty; urgency=medium
* New Calico architecture
-- Neil Jerram <nj@metaswitch.com> Mon, 27 Oct 2014 16:31:06 +0000
calico (0.4.1) trusty; urgency=medium
* Install generator script and template for BIRD6 config
-- Neil Jerram <nj@metaswitch.com> Fri, 26 Sep 2014 10:56:05 +0100
calico (0.4) trusty; urgency=medium
* Import routes from all ethernet interfaces (in BIRD config)
* Changes to remove unnecessary dependencies on linuxbridge code
* Enhancements for Calico/IPv6 connectivity
-- Neil Jerram <nj@metaswitch.com> Tue, 16 Sep 2014 17:27:09 +0100
calico (0.3-1) trusty; urgency=medium
* Fix Ubuntu upstart job so that calico-compute runs after iptables-persistent
-- Neil Jerram <nj@metaswitch.com> Thu, 24 Jul 2014 17:38:32 +0100
calico (0.3) trusty; urgency=medium
* Fix provision of metadata to new instances.
-- Neil Jerram <nj@metaswitch.com> Fri, 18 Jul 2014 18:06:15 +0100
calico (0.2) trusty; urgency=medium
* Make iptables rule for DHCP checksum filling persist across compute
node reboots.
* Add firewall_driver config to calico_agent.ini.
-- Neil Jerram <nj@metaswitch.com> Tue, 01 Jul 2014 15:17:52 +0100
calico (0.1) trusty; urgency=medium
* Initial release.
-- Neil Jerram <nj@metaswitch.com> Thu, 26 Jun 2014 16:03:59 +0100