In order to avoid confusion with the metadata agent in ML2/OVS,
the configuration file for OVN metadata agent is renamed.
Change-Id: I1e47e421a629086ce14444aba9c6e8a8ff3a489f
The nova_metadata_ip config for the metadata daemon has to point
to the SERVICE_HOST (controller) instead of HOST_IP (the host
being deployed).
Also the service_metadata_proxy True has to be set along with
the n-api-metadata service (not n-cpu), so the nova-metadata server
will see the setting.
Change-Id: Ia7c6fd5921fdee7399b53ac823d172000d508644
Right now we're starting metadata agent passing in neutron and ml2
config files. In multinode environments we can't assume that those
files will be present in compute nodes so this patch is adding the
necessary parameters to metadata config file so that it doesn't
depend on any more files.
Change-Id: Ibc7cc750f26bbbbb0fc5f63c3863ef5b3705ddd8
* Use oslo-config-generator config file to generate ml2_conf.ini.
This can be used by oslo_config sphinxext in a follow-up patch.
* Generate metadata_agent.ini sample automatically.
Previously metadata_agent.ini was maintained manually.
* Update .gitignore not to ignore etc directory.
I see no good reason not to maintain etc directory in the repo.
* Update devstack plugin to ensure the output directory
where the ml2_conf sample file will be generated.
Preparation for auto-generated config reference
as part of doc-migration community-wide effort.
Change-Id: I64c6c66f9e14b558733254e9c9c2c64d647b70f8
Depending on whether OVN metadata service is enabled or not,
devstack will now configure the plugin accordingly.
Change-Id: Ibf8c7b4eea58e105ae660dedff98aeb673f375a4
Initial implementation
Changes in the mechanism driver:
* Automatically create a port with device_owner=network:dhcp to
serve metadata and eventually DHCP.
* Auto-allocate an IP for the metadata port on subnet creation.
* Push static route for 169.254.169.254 in DHCP options.
* Wait until metadata service is provisioned in the chassis where
a port resides before sending the event to Nova.
Agent:
* Implementation of [0].
Devstack plugin:
* Starts networking-ovn-agent with the proper config files.
* Disables config drive in nova.conf for tempest against master
branch.
* Enables TEMPEST_RUN_VALIDATION for tempest against master branch.
In order to test this patch out we need to make these changes to
nova.conf:
* [DEFAULT] section:
force_config_drive = False
* [neutron] section:
service_metadata_proxy = True
This patch depends on [1] and [2] (already merged into OVS master).
NOTE: Metadata tests are only enabled for the non-voting tempest job
which runs against OVS master branch. The release job runs against
OVS 2.7 which doesn't include [1][2] so those tests are disabled
until OVS 2.8 is released.
[0]
https://docs.openstack.org/developer/networking-ovn/design/metadata_api.html
[1] https://patchwork.ozlabs.org/patch/767369/
[2] https://patchwork.ozlabs.org/patch/771297/
Change-Id: Ife2fd18f2f88050429e70c7e557fa41d2d54b034
This patch is extending the DevStack plugin to allow installing ovsdbapp
from git master branch. This will be used in the ovsdbapp gate to run
the latest code against networking-ovn to ensure that changes made to
the ovsdbapp library won't break the project.
Change-Id: I3ea1fb34c22685130153fd9edca1c1c89cd45291
This is not needed anymore since DevStack has been fixed.
Change-Id: I3c3237d3bba4664abf5562c1272e9bd233444140
Depends-On: Ib5a8ffe63eaec15bc29bfdd133db7169507bab82
Horizon has been disable by defaul in devstack-gate
(https://review.openstack.org/#/c/474283/), just like many other
projects, networking-ovn also doesn't test horizon in the gate so
there's no reason to keep it enabled.
Change-Id: Id83583b360e60c038f63b3caaf0c0595a6b9df3e
The patch[1] changed default ssh validation from False to True, that
leads to our gate failure, because VM obtains password from metadata
agent for these tests but OVN does not support it.
This patch reverts validation to False, until OVN metadata agent is
supported.
[1]https://review.openstack.org/#/c/458678/
Change-Id: Ie74fcd15dcc3c5999255dd0e1816417cb7eec56a
Cinder is not needed for testing we can disable it to speed up the
DevStack setup a bit.
This patch keeps Horizon enabled but add a note about disabling it if
the user doesn't want to use it.
Change-Id: I6ead17a0e964447aa911e8ea0b83c7e6ae02a10b
Note why these odd devstackgaterc files and exist and what change must
merge before we can remove them.
Change-Id: I225eb171c58d9aee24380c2ee33f132eaefdbc35
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Networking-ovn gate failed for ovn-controller service error.
Use absolute path command and pass user as a parameter to run_process
Ralated commit:
7f8df450db
Another problem is regarding the commit
d0c961a99f570ec1973bf5540ba9237b6720c848 from OVS that removed the
run, log, and db directories as part of the normal `make install`
process. These directories were expected to be in place, so this patch
is manually creating them before the DevStack module for networking-ovn
tries to set some permissions on them.
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I0293c275f782d3f2fd3ea9d078a94c05b6a0b314
Closes-Bug: #1687568
Adapt new QoS driver to fix devstack failure.
Override test_floatingip_update_subnet_gateway_disabled to fix unit
test.
Change mapping_dict.keys() to list(mapping_dict.keys()) in
_get_chassis_physnets to fix python3.5 dsvm functional test
Closes-Bug: #1683722
Closes-Bug: #1659821
Change-Id: Ic51ca5e396a34197cdc60844a9eaaa605041ccc5
This commits further explains why discover_hosts_in_cells_interval
setting is needed in the nova postconf on the sample devstack local.conf
Change-Id: Ifb4504dea2cf4c76f07789da2d0a31029246a945
Both the L3 and DHCP agents are no longer supported. Remove many more
remnants from when they were supported.
Change-Id: If71489f9ac56c7c26746d0fbfb4640e570591f26
Signed-off-by: Russell Bryant <rbryant@redhat.com>
After kernel updated, kernel devel-lib was updated as well, generated
makefile in OVS became stale, that using unstack.sh and then stack.sh
can't re-compile new OVS kernel module.
Add "sudo make distclean" to cleanup_ovn to wipe generated makefile.
Change-Id: Id18b64f7a7fe92c484798e2a66b31bff14f2d39e
Signed-off-by: Dong Jun <dongj@dtdream.com>
Cell is enabled by default since Ocata. Because of the change, when
a new compute node is added the host needs to be discovered by the
cell. Otherwise, there will be nova scheduler error when booting a
vm: host xxx is not mapped to any cell. Discovery can be done either
manually or by enabling automatic discovery. This patch is to enable
the automatic discovery, to avoid unexpected error when following the
steps in [1].
[1] https://docs.openstack.org/developer/networking-ovn/testing.html
Change-Id: I1719fc8e3d0a0e6b5a003a73087886df18fc08ea
Use https instead of http to ensure the safety without containing our
account/password information
Change-Id: I1f6b32a5323571f584efd194e0bd404bd6758af5
We do not use the neutron metadata service, so disable it in the sample
devstack configuration file.
Change-Id: I2463b0b11afd33b5d299cc106bd527d12b967e83
Signed-off-by: Russell Bryant <rbryant@redhat.com>
A recent project-config commit started passing in an optional argument
to devstackgaterc to specify which OVS branch to use. Make it work.
https://review.openstack.org/#/c/394684/
Change-Id: Id7823ddc9d6c4755367525cb43ca16ad4ffa9a86
Signed-off-by: Russell Bryant <rbryant@redhat.com>
As of the following project-config change, this file is no longer used:
https://review.openstack.org/394684
Change-Id: I9950240d5fded4502140bd128cb32d6b08353292
Signed-off-by: Russell Bryant <rbryant@redhat.com>
Create some files to work around gate failures until the following patch
merges: https://review.openstack.org/#/c/435665/
Change-Id: I22759aa2f4991b6992fa673ccebdd99af94d629a
Signed-off-by: Russell Bryant <rbryant@redhat.com>
This is a patch for supporting distributed NAT with centralized NAT rules
in networking-ovn native L3 routing.
Revise:
Remove transit network
Support scheduling gateway port by setting redirect-chassis
Support gateway sNAT
Support gateway default route
Support floating IP
Support full sync including sNAT, gateway route and floating IP
TODO:
Unit tests of syncing sNAT and FIP
Gratuitous ARP for sNAT and FIP
Closes-Bug: #1658622
Change-Id: I217d6c391140fa4392ae1cea0bc21c9ea0521796
Signed-off-by: Dong Jun <dongj@dtdream.com>
Co-authored-by: Guoshuai Li <ligs@dtdream.com>
The main tempest job and the "native-services" job have been running the
same configuration for a while. At one point we had thought that we
might want to retain support for the DHCP agent, but I propose that we
drop it and revisit if there's demand for it in the future.
After this patch lands, I'm going to remove references to the
nativeservicesrc file in CI config and then we can remove the file from
our repo.
Change-Id: I3aa7a6ac10e4da00d5830f68d7c9d3d684f91218
Closes-bug: 1639806
With the default compute-node sample, although the stack completed,
nova thread boot failed and an error occurred in n-cpu.log.
Change-Id: I61a9d5cdc1f384c64a580e4459c65872ac9733b7
Closes-Bug: #1664103
Signed-off-by: Dong Jun <dongj@dtdream.com>
On OVN compute node, only n-cpu service is enabled. Thus, some
library codes are not sourced and create_nova_conf_neutron could
not be found during nova setup. Source the neutron-legacy in
plugin.sh.
Change-Id: I776c34da11b4a9464076f712821f99276d9e3ea2
Closes-Bug: #1653835
Caused by this ovs commit:
84d0ca5d00
To improve security, the NB and SB ovsdb daemons no longer
have open ptcp connections by default. This is a change in
behavior from previous versions, users wishing to use TCP
connections to the NB/SB daemons can either request that
a passive TCP connection be used via ovn-ctl command-line
options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
scripts):
--db-sb-create-insecure-remote=yes
--db-nb-create-insecure-remote=yes
Thus add option to devstack:
--db-nb-create-insecure-remote=$DB_NB_INSECURE_REMOTE
--db-sb-create-insecure-remote=$DB_SB_INSECURE_REMOTE
Change-Id: Ic57b971c8f35235fcaf3a5200de3f18e5166cdc1
Signed-off-by: Dong Jun <dongj@dtdream.com>
The commit with change id: I16b337b64b7d96486ba0edeea1bb51151f0b8825
disables l3 agent in devstackgaterc job. With this the
tempest.scenario.test_security_groups_basic_ops.\
TestSecurityGroupsBasicOps.test_cross_tenant_traffic is failing.
Excluding this test for now till the issue is found and fixed.
Bug #1641125 is opened to track this.
Depends-on: I16b337b64b7d96486ba0edeea1bb51151f0b8825
Change-Id: Idc5d7dc5b979eba7b227fee227fb36d89271065c
Related-Bug: #1641125
tempest.scenario.test_security_groups_basic_ops.\
TestSecurityGroupsBasicOps.test_cross_tenant_traffic is failing
frequently in the gate-tempest-dsvm-networking-ovn-native-services job.
Excluding this for now till the issue is found and fixed.
Bug #1641125 is opened to track this.
Change-Id: I0e4d7289ee31c8feb4f1f89e232b2ff4be6adf08
Related-Bug: #1641125
Now that native SNAT and floating IP support has been merged for
networking-ovn, we can drop support for the Neutron L3 agent. This
patch affects the following CI jobs:
tempest-dsvm-networking-ovn - Change to use OVN L3. We will keep this
job because we still need a second temptest job that ensures the DHCP
agent still works, even though it's currently disabled due to a bug that
came up a few days ago.
rally-dsvm-networking-ovn - Use OVN L3 instead of the Neutron L3 agent.
The changes to the test regex are mostly to reduce the diff from this
file to devstackgatenativeservicesrc.
Partial-bug: #1626717
Change-Id: I16b337b64b7d96486ba0edeea1bb51151f0b8825
Signed-off-by: Russell Bryant <rbryant@redhat.com>
devstackgaterc job is failing in gate. When q-dhcp is disabled,
it is passing.
This patch disables the q-dhcp and makes use of the native dhcp as a
temporary solution to fix this issue.
q-dhcp needs to be enabled back once the issue is fixed properly.
Please see the bug description for more details.
Change-Id: I03aaceead620b8e312823a872ef95c42df673252
Partial-bug: #1639806
This commit introduces the NAT support for networking-ovn. The proposal for
NAT support can be found @ [1]
TODO:
1. Add functional test cases (To be followed up in a different patch)
2. Add sync code (Opened a bug to track this)
3. Add unit tests for the new ovsdb APIs (Opened a bug to track this)
[1] https://etherpad.openstack.org/p/Integration_with_OVN_L3_Gateway
Change-Id: I9b78ceb6b42e96c1ba58ed269e369b46113edd7e
Closes-Bug: 1514995
Closes-Bug: 1551717
The new multinode experimental gate job [1] requires the subnode to
be configured properly as a compute node running the OVN controller.
[1] https://review.openstack.org/#/c/373528/
Change-Id: I38f9c243264c88f7f583bf9485edd5cfb81e90cf
Partial-Bug: 1621627
An incorrect environment variable is used while waiting for ovn-northd
to start. As a result, the test was successful even though ovn-northd
wasn't started. This may cause the subsequent ovs-appctl command to fail
and thus the DevStack deployment to fail. We've seen this periodically
in the gate.
Change-Id: I3c3fbaa57dfff0c1585d349f2746ee6b3d1c6faa
The DHCP agent logs in the gate-tempest-dsvm-networking-ovn job
see numerous key errors as reported in bug 1624079. These errors
appear to be related to setting the DHCP agent force_metadata
or enable_isolated_metadata configuration options to True.
These key errors may be related to the recent instability of the
gate-tempest-dsvm-networking-ovn job. While bug 1624079 is being
fixed, we will only force the DHCP agent to handle metadata when
native OVN L3 is enabled.
Change-Id: Iaa13240150dcf7541e4b2adfb9112cf9d006442b
Related-Bug: 1624079
The vtep-gw sets up vxlan tunnels to other chassis only if
the encapsulations they support includes vxlan.
For the vagrant vtep-gw testbed, configure vxlan as a
supported encap by default.
Change-Id: I2fa5f318587e0b3b2cea57ac2e345040927de744
OVN native L3 and DHCP don't provide metadata support so config drive
must be used when both are enabled. However, if the conventional DHCP
agent is enabled it can be configured to provide metadata support.
This patch set provides the necessary DevStack and Vagrant deployment
fixes to properly configure DHCP and metadata support. In addition,
documentation and release notes have been updated accordingly. And
finally, the q-meta service was removed from devstackgatekuryrrc,
since the gate job is setup for OVN native services.
Co-Authored-By: Matt Kassawara <mkassawara@gmail.com>
Change-Id: I9f6b23247df01c40c127b0e9daecd12f5721ff50
Related-Bug: #1514488
Fail deployment if both q-dhcp and OVN_NATIVE_DHCP are enabled. Such
deployments introduce unnecessary neutron DHCP provisioning blocks
and still don't provide DHCP metadata proxy support.
Depends-On: I9f6b23247df01c40c127b0e9daecd12f5721ff50
Change-Id: I0f0241c68b9cf83d8c83a9c9695075ad71ce51ca
Related-Bug: #1514488
Just run the smoke tests after grenade upgradation. This is similar
to how neutron runs the tests after upgrade.
Change-Id: Ica80d91c56e83f9ecf0e58c1d3d3c647979a1e29
Daniel Alvarez
Miguel Angel Ajo
Akihiro Motoki
Lucas Alvares Gomes
Dong Jun
Russell Bryant
Daniel Mellado
Han Zhou
zhangyanxian
Armando Migliaccio
Tong Liu
Numan Siddique
da52700
Chandra S Vejendla
Richard Theis
Kevin Benton
ramu.ramamurthy
Babu Shanmugam