In order to avoid confusion with the metadata agent in ML2/OVS,
the configuration file for OVN metadata agent is renamed.
Change-Id: I1e47e421a629086ce14444aba9c6e8a8ff3a489f
The nova_metadata_ip config for the metadata daemon has to point
to the SERVICE_HOST (controller) instead of HOST_IP (the host
being deployed).
Also the service_metadata_proxy True has to be set along with
the n-api-metadata service (not n-cpu), so the nova-metadata server
will see the setting.
Change-Id: Ia7c6fd5921fdee7399b53ac823d172000d508644
Right now we're starting metadata agent passing in neutron and ml2
config files. In multinode environments we can't assume that those
files will be present in compute nodes so this patch is adding the
necessary parameters to metadata config file so that it doesn't
depend on any more files.
Change-Id: Ibc7cc750f26bbbbb0fc5f63c3863ef5b3705ddd8
* Use oslo-config-generator config file to generate ml2_conf.ini.
This can be used by oslo_config sphinxext in a follow-up patch.
* Generate metadata_agent.ini sample automatically.
Previously metadata_agent.ini was maintained manually.
* Update .gitignore not to ignore etc directory.
I see no good reason not to maintain etc directory in the repo.
* Update devstack plugin to ensure the output directory
where the ml2_conf sample file will be generated.
Preparation for auto-generated config reference
as part of doc-migration community-wide effort.
Change-Id: I64c6c66f9e14b558733254e9c9c2c64d647b70f8
Depending on whether OVN metadata service is enabled or not,
devstack will now configure the plugin accordingly.
Change-Id: Ibf8c7b4eea58e105ae660dedff98aeb673f375a4
Initial implementation
Changes in the mechanism driver:
* Automatically create a port with device_owner=network:dhcp to
serve metadata and eventually DHCP.
* Auto-allocate an IP for the metadata port on subnet creation.
* Push static route for 169.254.169.254 in DHCP options.
* Wait until metadata service is provisioned in the chassis where
a port resides before sending the event to Nova.
Agent:
* Implementation of [0].
Devstack plugin:
* Starts networking-ovn-agent with the proper config files.
* Disables config drive in nova.conf for tempest against master
branch.
* Enables TEMPEST_RUN_VALIDATION for tempest against master branch.
In order to test this patch out we need to make these changes to
nova.conf:
* [DEFAULT] section:
force_config_drive = False
* [neutron] section:
service_metadata_proxy = True
This patch depends on [1] and [2] (already merged into OVS master).
NOTE: Metadata tests are only enabled for the non-voting tempest job
which runs against OVS master branch. The release job runs against
OVS 2.7 which doesn't include [1][2] so those tests are disabled
until OVS 2.8 is released.
[0]
https://docs.openstack.org/developer/networking-ovn/design/metadata_api.html
[1] https://patchwork.ozlabs.org/patch/767369/
[2] https://patchwork.ozlabs.org/patch/771297/
Change-Id: Ife2fd18f2f88050429e70c7e557fa41d2d54b034
This patch is extending the DevStack plugin to allow installing ovsdbapp
from git master branch. This will be used in the ovsdbapp gate to run
the latest code against networking-ovn to ensure that changes made to
the ovsdbapp library won't break the project.
Change-Id: I3ea1fb34c22685130153fd9edca1c1c89cd45291
Networking-ovn gate failed for ovn-controller service error.
Use absolute path command and pass user as a parameter to run_process
Ralated commit:
7f8df450db
Another problem is regarding the commit
d0c961a99f570ec1973bf5540ba9237b6720c848 from OVS that removed the
run, log, and db directories as part of the normal `make install`
process. These directories were expected to be in place, so this patch
is manually creating them before the DevStack module for networking-ovn
tries to set some permissions on them.
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I0293c275f782d3f2fd3ea9d078a94c05b6a0b314
Closes-Bug: #1687568
Adapt new QoS driver to fix devstack failure.
Override test_floatingip_update_subnet_gateway_disabled to fix unit
test.
Change mapping_dict.keys() to list(mapping_dict.keys()) in
_get_chassis_physnets to fix python3.5 dsvm functional test
Closes-Bug: #1683722
Closes-Bug: #1659821
Change-Id: Ic51ca5e396a34197cdc60844a9eaaa605041ccc5
Both the L3 and DHCP agents are no longer supported. Remove many more
remnants from when they were supported.
Change-Id: If71489f9ac56c7c26746d0fbfb4640e570591f26
Signed-off-by: Russell Bryant <rbryant@redhat.com>
After kernel updated, kernel devel-lib was updated as well, generated
makefile in OVS became stale, that using unstack.sh and then stack.sh
can't re-compile new OVS kernel module.
Add "sudo make distclean" to cleanup_ovn to wipe generated makefile.
Change-Id: Id18b64f7a7fe92c484798e2a66b31bff14f2d39e
Signed-off-by: Dong Jun <dongj@dtdream.com>
This is a patch for supporting distributed NAT with centralized NAT rules
in networking-ovn native L3 routing.
Revise:
Remove transit network
Support scheduling gateway port by setting redirect-chassis
Support gateway sNAT
Support gateway default route
Support floating IP
Support full sync including sNAT, gateway route and floating IP
TODO:
Unit tests of syncing sNAT and FIP
Gratuitous ARP for sNAT and FIP
Closes-Bug: #1658622
Change-Id: I217d6c391140fa4392ae1cea0bc21c9ea0521796
Signed-off-by: Dong Jun <dongj@dtdream.com>
Co-authored-by: Guoshuai Li <ligs@dtdream.com>
Caused by this ovs commit:
84d0ca5d00
To improve security, the NB and SB ovsdb daemons no longer
have open ptcp connections by default. This is a change in
behavior from previous versions, users wishing to use TCP
connections to the NB/SB daemons can either request that
a passive TCP connection be used via ovn-ctl command-line
options (e.g. via OVN_CTL_OPTS/OVN_NORTHD_OPTS in startup
scripts):
--db-sb-create-insecure-remote=yes
--db-nb-create-insecure-remote=yes
Thus add option to devstack:
--db-nb-create-insecure-remote=$DB_NB_INSECURE_REMOTE
--db-sb-create-insecure-remote=$DB_SB_INSECURE_REMOTE
Change-Id: Ic57b971c8f35235fcaf3a5200de3f18e5166cdc1
Signed-off-by: Dong Jun <dongj@dtdream.com>
This commit introduces the NAT support for networking-ovn. The proposal for
NAT support can be found @ [1]
TODO:
1. Add functional test cases (To be followed up in a different patch)
2. Add sync code (Opened a bug to track this)
3. Add unit tests for the new ovsdb APIs (Opened a bug to track this)
[1] https://etherpad.openstack.org/p/Integration_with_OVN_L3_Gateway
Change-Id: I9b78ceb6b42e96c1ba58ed269e369b46113edd7e
Closes-Bug: 1514995
Closes-Bug: 1551717
The new multinode experimental gate job [1] requires the subnode to
be configured properly as a compute node running the OVN controller.
[1] https://review.openstack.org/#/c/373528/
Change-Id: I38f9c243264c88f7f583bf9485edd5cfb81e90cf
Partial-Bug: 1621627
An incorrect environment variable is used while waiting for ovn-northd
to start. As a result, the test was successful even though ovn-northd
wasn't started. This may cause the subsequent ovs-appctl command to fail
and thus the DevStack deployment to fail. We've seen this periodically
in the gate.
Change-Id: I3c3fbaa57dfff0c1585d349f2746ee6b3d1c6faa
The DHCP agent logs in the gate-tempest-dsvm-networking-ovn job
see numerous key errors as reported in bug 1624079. These errors
appear to be related to setting the DHCP agent force_metadata
or enable_isolated_metadata configuration options to True.
These key errors may be related to the recent instability of the
gate-tempest-dsvm-networking-ovn job. While bug 1624079 is being
fixed, we will only force the DHCP agent to handle metadata when
native OVN L3 is enabled.
Change-Id: Iaa13240150dcf7541e4b2adfb9112cf9d006442b
Related-Bug: 1624079
The vtep-gw sets up vxlan tunnels to other chassis only if
the encapsulations they support includes vxlan.
For the vagrant vtep-gw testbed, configure vxlan as a
supported encap by default.
Change-Id: I2fa5f318587e0b3b2cea57ac2e345040927de744
OVN native L3 and DHCP don't provide metadata support so config drive
must be used when both are enabled. However, if the conventional DHCP
agent is enabled it can be configured to provide metadata support.
This patch set provides the necessary DevStack and Vagrant deployment
fixes to properly configure DHCP and metadata support. In addition,
documentation and release notes have been updated accordingly. And
finally, the q-meta service was removed from devstackgatekuryrrc,
since the gate job is setup for OVN native services.
Co-Authored-By: Matt Kassawara <mkassawara@gmail.com>
Change-Id: I9f6b23247df01c40c127b0e9daecd12f5721ff50
Related-Bug: #1514488
Fail deployment if both q-dhcp and OVN_NATIVE_DHCP are enabled. Such
deployments introduce unnecessary neutron DHCP provisioning blocks
and still don't provide DHCP metadata proxy support.
Depends-On: I9f6b23247df01c40c127b0e9daecd12f5721ff50
Change-Id: I0f0241c68b9cf83d8c83a9c9695075ad71ce51ca
Related-Bug: #1514488
Because the native services gate job sets ipv6 forwarding settings,
we stop accepting RAs from IPv6-only host environments. This leads
to a loss of external connectivity, which is bad for zuul running
tests and stuff.
Setting accept_ra to 2 will cause the RAs to be accepted.
This fix is based on [1].
[1] https://review.openstack.org/#/c/359490/
Depends-On: I1f30b550287e2ae0d49accee81a7ce4bddd3e0a4
Change-Id: Iae1b92ec9de087b6786dee372add064c54a01369
Support install the ovs python module from ovs source. This can
be used to test and validate new ovs python features. This should
only be used for development purposes since the ovs python version
is controlled by OpenStack requirements.
Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
Change-Id: Icced0f49d3522044356a03b86c7a39788da16ba3
OVN has added a new DHC_Options table in OVN NB DB to define
DHCP options. Logical Switch ports refer to this table if
DHCP is to be enabled.
This patch creates rows for DHCP_Options for each of the
subnets and adds the reference to the ports when created.
If extra DHCP options are defined for a port, a new
DHCP_Options row is created for the port.
Change-Id: Ia3e229f86bf66f5b9b0d867ff41f56ed4be2e8f4
Closes-bug: #1514488
This patch provides the infrastructure for the OVN L3 to schedule
the router gateway port. The OVN hypervisor administrator can
set aside certain hypervisors to be used for scheduling router
gateway ports. This is the corresponding WIP patch at the moment:
http://openvswitch.org/pipermail/dev/2016-June/073285.html
For now it is assumed that any hypervisor/chassis can host a router
gateway port.
There are 2 types of schedulers defined at the moment
(1) RandomChoice
(2) LeastLoaded
The Chassis (add/delete/update) event is used to schedule router
gateway ports which have not been bound to any chassis.
A future patch will add functional tests.
Change-Id: I83fb561cee642b90c4de41bb8e472f47fa807191
Related-Bug: 1514995
A recent DevStack change [1] broke the networking-ovn gate. The
change is being reverted [2] to unbreak the gate. However, the
change found a weakness in the OVN provider network setup. In
particular when Q_USE_PROVIDERNET_FOR_PUBLIC=True, the
networking-ovn DevStack plugin should setup the bridge and
bridge mapping like it does when Q_USE_PROVIDER_NETWORKING=True.
The vagrant deployment broke in a different way because
PHYSICAL_NETWORK was not set (which is used to set the
flat networks supported). To fix this, the vagrant deployment
will now use the networking-ovn DevStack plugin for basic
provider network setup.
[1] https://review.openstack.org/#/c/343072/
[2] https://review.openstack.org/#/c/345820/
Related-Bug: #1605423
Change-Id: I63dd83b2374071703d341ec9e8d4d28c11174683
The tunnel overhead calculation now accounts for the IP overhead.
See [1] for details. As a result, the networking OVN ML2 driver's
geneve max_header_size default configuration is 20 bytes too large
since it included the IPv4 overhead. This patch set takes advantage
of [1] and allows the IP overhead to be calculated by ML2.
[1] https://review.openstack.org/#/c/320121
Change-Id: Id8ac05c166ebd02e4abf94777020bde34cce808f
Related-Bug: #1584940
Rework previous fix for gate failures [1] based on review
comments. Instead of overriding the neutron-ovs-cleanup command,
this fix will copy the applicable OVS bridge setup functions
from DevStack with the neutron-ovs-cleanup command removed.
[1] https://review.openstack.org/#/c/336543/
Change-Id: I438f1eea732f28826c0061b16ddaf3f82685a6f7
When we write a grenade plugin, we need most of the functions
in plugin.sh. Hence moving the functions to a library, it will
enable both the plugin functionalities to operate on the same library.
Change-Id: Idf37e1561318dcf84e89b402c0be3ac4b3cfc266
Daniel Alvarez