Initial implementation
Changes in the mechanism driver:
* Automatically create a port with device_owner=network:dhcp to
serve metadata and eventually DHCP.
* Auto-allocate an IP for the metadata port on subnet creation.
* Push static route for 169.254.169.254 in DHCP options.
* Wait until metadata service is provisioned in the chassis where
a port resides before sending the event to Nova.
Agent:
* Implementation of [0].
Devstack plugin:
* Starts networking-ovn-agent with the proper config files.
* Disables config drive in nova.conf for tempest against master
branch.
* Enables TEMPEST_RUN_VALIDATION for tempest against master branch.
In order to test this patch out we need to make these changes to
nova.conf:
* [DEFAULT] section:
force_config_drive = False
* [neutron] section:
service_metadata_proxy = True
This patch depends on [1] and [2] (already merged into OVS master).
NOTE: Metadata tests are only enabled for the non-voting tempest job
which runs against OVS master branch. The release job runs against
OVS 2.7 which doesn't include [1][2] so those tests are disabled
until OVS 2.8 is released.
[0]
https://docs.openstack.org/developer/networking-ovn/design/metadata_api.html
[1] https://patchwork.ozlabs.org/patch/767369/
[2] https://patchwork.ozlabs.org/patch/771297/
Change-Id: Ife2fd18f2f88050429e70c7e557fa41d2d54b034
This patch is extending the DevStack plugin to allow installing ovsdbapp
from git master branch. This will be used in the ovsdbapp gate to run
the latest code against networking-ovn to ensure that changes made to
the ovsdbapp library won't break the project.
Change-Id: I3ea1fb34c22685130153fd9edca1c1c89cd45291
This is not needed anymore since DevStack has been fixed.
Change-Id: I3c3237d3bba4664abf5562c1272e9bd233444140
Depends-On: Ib5a8ffe63eaec15bc29bfdd133db7169507bab82
Horizon has been disable by defaul in devstack-gate
(https://review.openstack.org/#/c/474283/), just like many other
projects, networking-ovn also doesn't test horizon in the gate so
there's no reason to keep it enabled.
Change-Id: Id83583b360e60c038f63b3caaf0c0595a6b9df3e
The patch[1] changed default ssh validation from False to True, that
leads to our gate failure, because VM obtains password from metadata
agent for these tests but OVN does not support it.
This patch reverts validation to False, until OVN metadata agent is
supported.
[1]https://review.openstack.org/#/c/458678/
Change-Id: Ie74fcd15dcc3c5999255dd0e1816417cb7eec56a
Cinder is not needed for testing we can disable it to speed up the
DevStack setup a bit.
This patch keeps Horizon enabled but add a note about disabling it if
the user doesn't want to use it.
Change-Id: I6ead17a0e964447aa911e8ea0b83c7e6ae02a10b
Note why these odd devstackgaterc files and exist and what change must
merge before we can remove them.
Change-Id: I225eb171c58d9aee24380c2ee33f132eaefdbc35
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Networking-ovn gate failed for ovn-controller service error.
Use absolute path command and pass user as a parameter to run_process
Ralated commit:
7f8df450db
Another problem is regarding the commit
d0c961a99f570ec1973bf5540ba9237b6720c848 from OVS that removed the
run, log, and db directories as part of the normal `make install`
process. These directories were expected to be in place, so this patch
is manually creating them before the DevStack module for networking-ovn
tries to set some permissions on them.
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I0293c275f782d3f2fd3ea9d078a94c05b6a0b314
Closes-Bug: #1687568
Adapt new QoS driver to fix devstack failure.
Override test_floatingip_update_subnet_gateway_disabled to fix unit
test.
Change mapping_dict.keys() to list(mapping_dict.keys()) in
_get_chassis_physnets to fix python3.5 dsvm functional test
Closes-Bug: #1683722
Closes-Bug: #1659821
Change-Id: Ic51ca5e396a34197cdc60844a9eaaa605041ccc5
This commits further explains why discover_hosts_in_cells_interval
setting is needed in the nova postconf on the sample devstack local.conf
Change-Id: Ifb4504dea2cf4c76f07789da2d0a31029246a945
Both the L3 and DHCP agents are no longer supported. Remove many more
remnants from when they were supported.
Change-Id: If71489f9ac56c7c26746d0fbfb4640e570591f26
Signed-off-by: Russell Bryant <rbryant@redhat.com>
After kernel updated, kernel devel-lib was updated as well, generated
makefile in OVS became stale, that using unstack.sh and then stack.sh
can't re-compile new OVS kernel module.
Add "sudo make distclean" to cleanup_ovn to wipe generated makefile.
Change-Id: Id18b64f7a7fe92c484798e2a66b31bff14f2d39e
Signed-off-by: Dong Jun <dongj@dtdream.com>
Cell is enabled by default since Ocata. Because of the change, when
a new compute node is added the host needs to be discovered by the
cell. Otherwise, there will be nova scheduler error when booting a
vm: host xxx is not mapped to any cell. Discovery can be done either
manually or by enabling automatic discovery. This patch is to enable
the automatic discovery, to avoid unexpected error when following the
steps in [1].
[1] https://docs.openstack.org/developer/networking-ovn/testing.html
Change-Id: I1719fc8e3d0a0e6b5a003a73087886df18fc08ea
Use https instead of http to ensure the safety without containing our
account/password information
Change-Id: I1f6b32a5323571f584efd194e0bd404bd6758af5
We do not use the neutron metadata service, so disable it in the sample
devstack configuration file.
Change-Id: I2463b0b11afd33b5d299cc106bd527d12b967e83
Signed-off-by: Russell Bryant <rbryant@redhat.com>
A recent project-config commit started passing in an optional argument
to devstackgaterc to specify which OVS branch to use. Make it work.
https://review.openstack.org/#/c/394684/
Change-Id: Id7823ddc9d6c4755367525cb43ca16ad4ffa9a86
Signed-off-by: Russell Bryant <rbryant@redhat.com>
As of the following project-config change, this file is no longer used:
https://review.openstack.org/394684
Change-Id: I9950240d5fded4502140bd128cb32d6b08353292
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Create some files to work around gate failures until the following patch
merges: https://review.openstack.org/#/c/435665/
Change-Id: I22759aa2f4991b6992fa673ccebdd99af94d629a
Signed-off-by: Russell Bryant <rbryant@redhat.com>
This is a patch for supporting distributed NAT with centralized NAT rules
in networking-ovn native L3 routing.
Revise:
Remove transit network
Support scheduling gateway port by setting redirect-chassis
Support gateway sNAT
Support gateway default route
Support floating IP
Support full sync including sNAT, gateway route and floating IP
TODO:
Unit tests of syncing sNAT and FIP
Gratuitous ARP for sNAT and FIP
Closes-Bug: #1658622
Change-Id: I217d6c391140fa4392ae1cea0bc21c9ea0521796
Signed-off-by: Dong Jun <dongj@dtdream.com>
Co-authored-by: Guoshuai Li <ligs@dtdream.com>
The main tempest job and the "native-services" job have been running the
same configuration for a while. At one point we had thought that we
might want to retain support for the DHCP agent, but I propose that we
drop it and revisit if there's demand for it in the future.
After this patch lands, I'm going to remove references to the
nativeservicesrc file in CI config and then we can remove the file from
our repo.
Change-Id: I3aa7a6ac10e4da00d5830f68d7c9d3d684f91218
Closes-bug: 1639806
With the default compute-node sample, although the stack completed,
nova thread boot failed and an error occurred in n-cpu.log.
Change-Id: I61a9d5cdc1f384c64a580e4459c65872ac9733b7
Closes-Bug: #1664103
Signed-off-by: Dong Jun <dongj@dtdream.com>
On OVN compute node, only n-cpu service is enabled. Thus, some
library codes are not sourced and create_nova_conf_neutron could
not be found during nova setup. Source the neutron-legacy in
plugin.sh.
Change-Id: I776c34da11b4a9464076f712821f99276d9e3ea2
Closes-Bug: #1653835
Caused by this ovs commit:
84d0ca5d00
To improve security, the NB and SB ovsdb daemons no longer
have open ptcp connections by default. This is a change in
behavior from previous versions, users wishing to use TCP
connections to the NB/SB daemons can either request that
a passive TCP connection be used via ovn-ctl command-line
options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
scripts):
--db-sb-create-insecure-remote=yes
--db-nb-create-insecure-remote=yes
Thus add option to devstack:
--db-nb-create-insecure-remote=$DB_NB_INSECURE_REMOTE
--db-sb-create-insecure-remote=$DB_SB_INSECURE_REMOTE
Change-Id: Ic57b971c8f35235fcaf3a5200de3f18e5166cdc1
Signed-off-by: Dong Jun <dongj@dtdream.com>
The commit with change id: I16b337b64b7d96486ba0edeea1bb51151f0b8825
disables l3 agent in devstackgaterc job. With this the
tempest.scenario.test_security_groups_basic_ops.\
TestSecurityGroupsBasicOps.test_cross_tenant_traffic is failing.
Excluding this test for now till the issue is found and fixed.
Bug #1641125 is opened to track this.
Depends-on: I16b337b64b7d96486ba0edeea1bb51151f0b8825
Change-Id: Idc5d7dc5b979eba7b227fee227fb36d89271065c
Related-Bug: #1641125
tempest.scenario.test_security_groups_basic_ops.\
TestSecurityGroupsBasicOps.test_cross_tenant_traffic is failing
frequently in the gate-tempest-dsvm-networking-ovn-native-services job.
Excluding this for now till the issue is found and fixed.
Bug #1641125 is opened to track this.
Change-Id: I0e4d7289ee31c8feb4f1f89e232b2ff4be6adf08
Related-Bug: #1641125
Now that native SNAT and floating IP support has been merged for
networking-ovn, we can drop support for the Neutron L3 agent. This
patch affects the following CI jobs:
tempest-dsvm-networking-ovn - Change to use OVN L3. We will keep this
job because we still need a second temptest job that ensures the DHCP
agent still works, even though it's currently disabled due to a bug that
came up a few days ago.
rally-dsvm-networking-ovn - Use OVN L3 instead of the Neutron L3 agent.
The changes to the test regex are mostly to reduce the diff from this
file to devstackgatenativeservicesrc.
Partial-bug: #1626717
Change-Id: I16b337b64b7d96486ba0edeea1bb51151f0b8825
Signed-off-by: Russell Bryant <rbryant@redhat.com>
devstackgaterc job is failing in gate. When q-dhcp is disabled,
it is passing.
This patch disables the q-dhcp and makes use of the native dhcp as a
temporary solution to fix this issue.
q-dhcp needs to be enabled back once the issue is fixed properly.
Please see the bug description for more details.
Change-Id: I03aaceead620b8e312823a872ef95c42df673252
Partial-bug: #1639806
This commit introduces the NAT support for networking-ovn. The proposal for
NAT support can be found @ [1]
TODO:
1. Add functional test cases (To be followed up in a different patch)
2. Add sync code (Opened a bug to track this)
3. Add unit tests for the new ovsdb APIs (Opened a bug to track this)
[1] https://etherpad.openstack.org/p/Integration_with_OVN_L3_Gateway
Change-Id: I9b78ceb6b42e96c1ba58ed269e369b46113edd7e
Closes-Bug: 1514995
Closes-Bug: 1551717
Daniel Alvarez