This patch enables pylint 1.4.5 checking in netwoking-ovn.
Script tools/coding-checks.sh is copied from neutron and adapted for
networking-ovn.
.pylintrc is also copied from neutron, message options that do not
need to be suppressed have been removed and some of remaining options
will be removed by code adjustment in separate patches.
Change-Id: I9e1612583debb555199b416675eea6685801f04c
The well known service type constants are in
neutron_lib.plugins.constants, but for legacy reasons a few still exist
and are referenced from neutron_lib.constants [1] that we'd like to
remove.
This patch switches references over to neutron_lib's plugin constants.
[1] https://github.com/openstack/neutron-lib/blob/master/neutron_lib/constants.py#L353
Change-Id: I8b5141f952b3500c7a4ce9c36e07a04630a5e44f
This patch is adding the network and subnet resources from the ml2
driver into OVNClient so later in this series of patches they can make
use of journaling.
Related-Bug: #1605089
Change-Id: I8477c246628711111c16f801c3dfad601eae9ba1
Right now we have code doing CRUD operations on ONV resources spread
around different places (ml2/mech_driver.py, l3/l3_ovn.py), this makes
things very complicated to implement something like journaling (see
bug: #1605089) where all resources, L2 and L3, are created from a
central place (the journal thread, which keeps things in order).
This patch is adding a new class called OVNClient which centralizes all
the CRUD operations for the OVN resources in one place.
For this first iteraction, the Port resource from the mechanism driver
and the L3 resources (floating ip, routers and routers ports) are being
moved to this new class, others will come in follow up patches.
Related-Bug: #1605089
Change-Id: Ia453a14cdc2ec393037fb813caff8fae23acd7c3
Remove sleep in _sync() and do this delay when spawning greenthread,
then _sync() can be renamed to a callable method.
There are a few benefits, sync caller can simply call do_sync() instead of
sub-functions, and adding new sync sub-functions such as trunk, qos will
be simplified too,
Change-Id: I7b8acb9de0d2085443ac77c57fa4835f93241c55
Signed-off-by: Dong Jun <dongj@dtdream.com>
This is in line with late i18n team requests, and to adopt the new N537
hacking check from neutron-lib.
Change-Id: Ieacc6d3cfcea6846054655312916d29c1bb40d43
Depends-On: I1a7fff4140e50deb0e10024dedfba45d793b20fe
Pass original mac to _get_ovn_dhcpv6_opts when syncing, otherwise a
warning occurred for stateless DHCP because _get_ovn_dhcpv6_opts uses
a new random mac and then options do not match.
Change-Id: Id24083953f2eab4ef7e5035a3eece76e007e002f
Closes-Bug: #1681621
Signed-off-by: Dong Jun <dongj@dtdream.com>
Both the L3 and DHCP agents are no longer supported. Remove many more
remnants from when they were supported.
Change-Id: If71489f9ac56c7c26746d0fbfb4640e570591f26
Signed-off-by: Russell Bryant <rbryant@redhat.com>
If ls exists in OVN DB and provnet lsp doesn't, provnet lsp syncing from
neutron network(vlan or flat) is not handled.
Change-Id: I3db3d98d95791f018eb3803916dc2bee9522affd
Closes-Bug: #1671394
Signed-off-by: Dong Jun <dongj@dtdream.com>
Ignore syncing floating IP ports when handling OVN DB sync.
Change-Id: I4161f870e819e55963867a33d09580d4b81ad4ad
Closes-Bug: #1665574
Signed-off-by: Dong Jun <dongj@dtdream.com>
It is useless to get router when handling floating IP, because
'gw_port_id' is no longer needed for setting NAT addresses.
Change-Id: Ief7f0a6ee4be62e08a2b3677ea2650a5549c6d01
Closes-Bug: #1664842
Signed-off-by: Dong Jun <dongj@dtdream.com>
This is a patch for supporting distributed NAT with centralized NAT rules
in networking-ovn native L3 routing.
Revise:
Remove transit network
Support scheduling gateway port by setting redirect-chassis
Support gateway sNAT
Support gateway default route
Support floating IP
Support full sync including sNAT, gateway route and floating IP
TODO:
Unit tests of syncing sNAT and FIP
Gratuitous ARP for sNAT and FIP
Closes-Bug: #1658622
Change-Id: I217d6c391140fa4392ae1cea0bc21c9ea0521796
Signed-off-by: Dong Jun <dongj@dtdream.com>
Co-authored-by: Guoshuai Li <ligs@dtdream.com>
Replace six.iterkeys() with "for key in dict"
1.As mentioned in [1], we should avoid using six.itervalues and six.iterkeys().
We can use dict.values instead, as it will return iterators in PY3 as well.
And dict.items/keys will more readable. 2.In py2, the performance about
list should be negligible, see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I099b2ac3b0db3c4b7d20b94523d91725cae9df45
This patch refactors networking-ovn to use provider net
from neutron-lib. For more details see [1].
NeutronLibImpact
[1] https://review.openstack.org/421562/
Change-Id: I2056353a4046ae2d91abcfa93895edc5c7e71119
When adding a router-interface from dashboard with subnet and a
specified IP, the port in neutron DB contains security_groups default.
The networking-ovn adds router-interface IP to "Address_Set" of
Northbound-DB.
Actually, the router port need no security groups, this issue affects
lrouter's forwarding.
This patch fixes this bug. If security groups are present in a trusted
port we ignore them.
Change-Id: Ie872510416f50fcee7ec6d3760006b095621bff9
Closes-Bug: #1647949
Signed-off-by: Dong Jun <dongj@dtdream.com>
1.As mentioned in [1], we should avoid using six.iteritems to achieve iterators.
We can use dict.items instead, as it will return iterators in PY3 as well.
And dict.items/keys will more readable. 2.In py2, the performance about
list should be negligible, see the link [2].
[1] https://wiki.openstack.org/wiki/Python3
[2] http://lists.openstack.org/pipermail/openstack-dev/2015-June/066391.html
Change-Id: I23a273d6e84f4046787a7dadf4691b6d5a9c3f75
Now that [1] is merged to ovs branch-2.6 and OpenStack requires
ovs >= 2.6.1, remove the networking-ovn workarounds.
Note: The wrapper functions which support the non-mutate code paths
will be removed in a separate patch set.
[1] http://openvswitch.org/pipermail/dev/2016-October/080683.html
Depends-On: I38f9c6ec84667fecbe0353cd073b9b65d1c47d13
Change-Id: I961189f4439f932bfb8311f72e21e527b1b808f0
Closes-Bug: 1629099
This commit introduces the NAT support for networking-ovn. The proposal for
NAT support can be found @ [1]
TODO:
1. Add functional test cases (To be followed up in a different patch)
2. Add sync code (Opened a bug to track this)
3. Add unit tests for the new ovsdb APIs (Opened a bug to track this)
[1] https://etherpad.openstack.org/p/Integration_with_OVN_L3_Gateway
Change-Id: I9b78ceb6b42e96c1ba58ed269e369b46113edd7e
Closes-Bug: 1514995
Closes-Bug: 1551717
Based on improved neutron ovsdb transaction, we can put two ovsdb commands
into to one transaction, when they have dependency on data structure.
Like, before we set port dhcp options for a port, or create a port with port
dhcp options, we need to insert the port dhcp options first, and get the
inserted UUID. And currently, we do these by separated transactions.
Separated transactions make orphan row can happen, and to clean orphan rows
related to ports left behind, we do full table scan to locate them, lose in
performance.
Since the patch will fix the orphan DHCP_Options row issue,
DelLSwitchPortCommand will be also enhanced to remove port dhcp options
referred by port within the same transaction.
Depends-on: I1781794958af1483dabc0f5d17f2df6fea828564
Closes-bug: #1626812
Closes-bug: #1626828
Change-Id: Id078d57fe84e1af8db061ae6b812f162fed02dcd
For v6 subnets, the 'DHCP_Options.options' in the OVN NB DB were set to empty.
This patch now sets this column for v6 subnets and also sets the
'Logical_Switch_Ports.dhcpv6_options' appropriately. If extra DHCPv6 options
are defined for a port, a new row in DHCP_Options table is created just like
the way it is done for DHCPv4.
Beside 'enable_dhcp' attribute check to a subnet, for v6 subnets, we will also
check its 'ipv6_address_mode', to make sure v6 subnets with 'slaac' as
'ipv6_address_mode' attribute value will have no DHCP_Options rows for them
be created.
Co-authored-by: Zongkai LI <lzklibj@cn.ibm.com>
Change-Id: I9cf5a7ef7676c4461c05d6cb2aabbcb95b20f4d7
Using OVS transaction mutate support causes the updated column to
be an empty list after the mutation. This results in subsequent
actions taken based on the column data to be incorrect. The column
data is accurate again once the current transaction completes. It
appears that the OVS python IDL is not properly handling getattr()
after column mutation.
This workaround is needed until OVS is fixed. The workaround drops
transaction mutate support for logical router static routes since
they require numerous column data comparisions within a single
transaction. In addition, OVN DB sync ACL processing had to be
modified to ensure mutations wouldn't impact any comparison. At
this time, no other problems where identified.
The functional tests were updated to test the logical router
static routes problem and other paths with multiple commands
within a mutate transaction.
Recent neutron relocations also required a couple minor unit
test updates.
Change-Id: I11782a74a7b08dbfd54aeb37cfbda68b0b3a2ef9
Related-Bug: 1622647
Partial-Bug: 1629099
The OVN NB sync ACLs processing ignores lswitches without ports.
As a result, the neutron-ovn-db-sync-util utility and neutron server
service startup sync won't delete ACLs on a lswitch unless the
lswitch has at least one port on it with a security group.
This patch set fixes the problem by using the neutron networks list
instead of the port security group binding list to determine the
OVN ACLs to process based on OVN lswitches.
Change-Id: Ie245186560c97b585f85c8497ab61d8ea22c0256
Closes-Bug: #1611963
This patch enables the OVN NB DB sync tool to sync SG, SG rules
in Neutron with Address Sets and ACLs in the OVN_Northbound DB.
Change-Id: I25071d8ce62709243ad5f08854aad344e4a62d07
Closes-Bug: #1600330
When sync ovn sb db with neutron, compare the records in neutron and
information in ovn sb db. And then clear the stale data, udpate
existing data and add new data in neutron db.
Change-Id: Icb740af5613bb87577f19df98e8f578a3e5003f8
Partially-implements: blueprint routed-networks
Enhance functional tests to ensure that ACLs are properly
synchronized during OVN NB DB synchronization.
While enhancing the tests, a bug was discovered that resulted
in synchronization removing all ACLs for a port when it only
needed to create the port in OVN (ACLs already exist). This
was caused by duplicate ACLs being created during the port sync.
Change-Id: Ief64f73511de70ff16aaf2a2a9d26ae5a718c3b3
Closes-Bug: #1594241
This patch provides the infrastructure for the OVN L3 to schedule
the router gateway port. The OVN hypervisor administrator can
set aside certain hypervisors to be used for scheduling router
gateway ports. This is the corresponding WIP patch at the moment:
http://openvswitch.org/pipermail/dev/2016-June/073285.html
For now it is assumed that any hypervisor/chassis can host a router
gateway port.
There are 2 types of schedulers defined at the moment
(1) RandomChoice
(2) LeastLoaded
The Chassis (add/delete/update) event is used to schedule router
gateway ports which have not been bound to any chassis.
A future patch will add functional tests.
Change-Id: I83fb561cee642b90c4de41bb8e472f47fa807191
Related-Bug: 1514995
Add OVN address set support for implementing remote security
groups. This should significantly improve performance of port
create, update and delete operations when remote security
groups are used (see [1]).
[1] http://paste.openstack.org/show/526972/
Bug #1600330 has been added for the follow-on work to update
the OVN NB DB sync tool.
Co-Authored-By: Richard Theis <rtheis@us.ibm.com>
Change-Id: I56e9eb1ded1836b9a9f7262f22daa51103bc8518
Closes-bug: #1560817
This patch will update the SegmentHostMapping, with the information
from chassis table in SB DB. The update will happen when the service
starts and the chassis create/update/delete.
TODO(Will be in follow up patch):
Add functional test for OVN SB DB
Change-Id: I24baad1bee5f4b38f777721c5f174c10158813a5
Partially-implements: blueprint routed-networks
Gary Kotton