Browse Source

Merge "[OVN] Ensure metadata checksum" into stable/train

changes/66/787966/1
Zuul 3 weeks ago
committed by Gerrit Code Review
parent
commit
b6337b5b56
3 changed files with 52 additions and 2 deletions
  1. +22
    -0
      networking_ovn/agent/metadata/agent.py
  2. +26
    -1
      networking_ovn/tests/functional/test_metadata_agent.py
  3. +4
    -1
      networking_ovn/tests/unit/agent/metadata/test_agent.py

+ 22
- 0
networking_ovn/agent/metadata/agent.py View File

@ -17,6 +17,7 @@ import re
from neutron.agent.linux import external_process
from neutron.agent.linux import ip_lib
from neutron.agent.linux import iptables_manager
from neutron.common import utils
from neutron_lib import constants as n_const
from oslo_concurrency import lockutils
@ -374,6 +375,24 @@ class MetadataAgent(object):
else:
self.teardown_datapath(datapath)
def _ensure_datapath_checksum(self, namespace):
"""Ensure the correct checksum in the metadata packets in DPDK bridges
(LP#1904871) In DPDK deployments (integration bridge datapath_type ==
"netdev"), the checksum between the metadata namespace and OVS is not
correctly populated.
"""
if (self.ovs_idl.db_get(
'Bridge', self.ovn_bridge, 'datapath_type').execute() !=
ovn_const.CHASSIS_DATAPATH_NETDEV):
return
iptables_mgr = iptables_manager.IptablesManager(
use_ipv6=True, nat=False, namespace=namespace)
rule = '-p tcp -m tcp -j CHECKSUM --checksum-fill'
iptables_mgr.ipv4['mangle'].add_rule('POSTROUTING', rule, wrap=False)
iptables_mgr.apply()
def provision_datapath(self, datapath):
"""Provision the datapath so that it can serve metadata.
@ -481,6 +500,9 @@ class MetadataAgent(object):
'Interface', veth_name[0],
('external_ids', {'iface-id': port.logical_port})).execute()
# Ensure the correct checksum in the metadata traffic.
self._ensure_datapath_checksum(namespace)
# Spawn metadata proxy if it's not already running.
metadata_driver.MetadataDriver.spawn_monitored_metadata_proxy(
self._process_monitor, namespace, METADATA_PORT,


+ 26
- 1
networking_ovn/tests/functional/test_metadata_agent.py View File

@ -13,8 +13,12 @@
# License for the specific language governing permissions and limitations
# under the License.
import re
import mock
from neutron.agent.linux import iptables_manager
from neutron.common import utils as n_utils
from neutron.tests.common import net_helpers
from oslo_config import fixture as fixture_config
from oslo_utils import uuidutils
from ovsdbapp.backend.ovs_idl import event
@ -66,7 +70,12 @@ class TestMetadataAgent(base.TestOVNFunctionalBase):
self.handler = ovsdb_event.RowEventHandler()
self.sb_api.idl.notify = self.handler.notify
# We only have OVN NB and OVN SB running for functional tests
mock.patch.object(ovsdb, 'MetadataAgentOvsIdl').start()
self.mock_ovsdb_idl = mock.Mock()
mock_metadata_instance = mock.Mock()
mock_metadata_instance.start.return_value = self.mock_ovsdb_idl
mock_metadata = mock.patch.object(
ovsdb, 'MetadataAgentOvsIdl').start()
mock_metadata.return_value = mock_metadata_instance
self._mock_get_ovn_br = mock.patch.object(
agent.MetadataAgent,
'_get_ovn_bridge',
@ -311,3 +320,19 @@ class TestMetadataAgent(base.TestOVNFunctionalBase):
('external_ids', {'test': 'value'})).execute(check_error=True)
self.assertTrue(event2.wait())
self.assertFalse(event.wait())
def test__ensure_datapath_checksum_if_dpdk(self):
self.mock_ovsdb_idl.db_get.return_value.execute.return_value = (
ovn_const.CHASSIS_DATAPATH_NETDEV)
regex = re.compile(r'-A POSTROUTING -p tcp -m tcp '
r'-j CHECKSUM --checksum-fill')
namespace = self.useFixture(net_helpers.NamespaceFixture()).name
self.agent._ensure_datapath_checksum(namespace)
iptables_mgr = iptables_manager.IptablesManager(
use_ipv6=True, nat=False, namespace=namespace)
for rule in iptables_mgr.get_rules_for_table('mangle'):
if regex.match(rule):
return
else:
self.fail('Rule not found in "mangle" table, in namespace %s' %
namespace)

+ 4
- 1
networking_ovn/tests/unit/agent/metadata/test_agent.py View File

@ -232,7 +232,9 @@ class TestMetadataAgent(base.BaseTestCase):
'update_chassis_metadata_networks') as update_chassis,\
mock.patch.object(
driver.MetadataDriver,
'spawn_monitored_metadata_proxy') as spawn_mdp:
'spawn_monitored_metadata_proxy') as spawn_mdp, \
mock.patch.object(
self.agent, '_ensure_datapath_checksum') as mock_checksum:
# Simulate that the VETH pair was already present in 'br-fake'.
# We need to assert that it was deleted first.
@ -263,6 +265,7 @@ class TestMetadataAgent(base.BaseTestCase):
spawn_mdp.assert_called_once()
# Check that the chassis has been updated with the datapath.
update_chassis.assert_called_once_with('1')
mock_checksum.assert_called_once_with('namespace')
def _test_update_chassis_metadata_networks_helper(
self, dp, remove, expected_dps, txn_called=True):


Loading…
Cancel
Save