For unit and functional:
The commit d00a50aad11465d904663dea14b3814017bcff75 moved the
plugins.ml2.config module to conf.plugins.ml2.config
For functional tests only:
Modify the post_test_hook.sh script to accomodate the new changes in
os-testr. This fix for networking-ovn is basically a copy & paste from
the neutron one [0].
[0] https://review.openstack.org/#/c/503138/
Change-Id: I4fbcbfdd6d5f9fa77414df15302da517f23986bd
This patch is first step towards supporting internal DNS support by
making use of OVN native DNS feature. This patch for now just adds
the DNS db mixin to resolve the bug 1714931. Without this patch, creating
floating ip is failing with 500 error when dns extension is enabled.
There were some unit test failures because of neutron db code accessing
'dns' data of floatingip db object as 'floatingip_db.dns'.
Neutron code references the db objects both as a dict and as an object.
Eg. port['id'] and port.id. This patch makes the FakeResource object
as a dict to fix this issue.
Closes-bug: #1714931
Change-Id: Id8f2c1216e6187bf95fea660c83a1d41aeefbb86
Currently allowed_address_pairs works only if the mac in the allowed
address pair is the same as the mac address of the port (ip can be
different). Otherwise, packets destined to the new mac address
cannot be delivered to the port, because there is no logical flow
in L2 lookup stage in OVN for the new mac. This patch fixes it by
adding the new mac to "addresses" of the OVN lport.
Change-Id: I69e85f2a1acb9541e624c8a153610f9759b8d238
Closes-bug: #1711887
Currently ovn schedules gateway router ports on all chassis.
Instead we need to check which chassis has external connectivity
and schedule them only on these chassis.
Chassis which has ovn-bridge-mappings properly configured(i.e
physnet same as gateway network physnet) in OVN_Southbound
database will be treated as having external connectivity.
Some network types(for example, geneve) may not use bridge
mappings. Currently, external networks of type VLAN and FLAT
use bridge mappings. So for these networks, we return chassis
with proper bridge mappings and for other networks we return
all chassis.
Closes-bug: #1705246
Change-Id: I73970aef6d84019032e3c68a6a785d7626ae2afc
New fields 'name' and 'severity' added in OVN ACL table for logging
purpose. In this change, we are updating Networking-ovn with
these fields(only if 'ACL' table supports them to maintain
Networking-ovn compatibility with other release branches of OVS,
which won't have these columns)
Note: Earlier gate functional tests were broken when these fields were
introduced in ACL table. As a temporary fix we pushed commit [1], which
forced functional tests to run on ovs branch 2.7. Now we are reverting
that as we are proposing proper fix with this patch.
[1] e951289b36
Closes-bug: #1708594
Change-Id: I580a4c80d875449d6c2571f439ffe3e8f1d46861
Presently we do not sync neutron db with OVN southbound db.
This patch does that. Also when an existing Neutron ML2 OVS
deployment is migrated to OVN, there could be router ports
of type DVR and HA. We need to consider these router port types
during sync.
Change-Id: I8628b32f70aa98d45cb340839aace180cf1d9c80
Closes-bug: #1629076
Co-authored-by: Dong Jun <dongj@dtdream.com>
Recently L3 gateway HA support added in OVN making
distributed gateway ports highly available. This
patch makes neutron gateway ports highly available
through OVN distributed gateway ports.
If multiple gateway chassis available for scheduling as candidates,
then this patch schedules router gateway port on max of 5 chassis.
If only one gateway chassis is available, it schedules on only this
chassis.
If NBDB supports new schema to represent gateway_chassis i.e
1) gateway_chassis column in logical_router_port table
2) and Gateway_Chassis table
router gateway port is scheduled based on this new schema, otherwise old
schema is used. If existing router gateway ports are already using old
schema, this patch still supports that and won't convert them to new
schema.
Change-Id: I56c28237b19a6ae01f8567d12580661bcca43ba7
Current trunk/subports support in OVN doesn't allow subports to
transition from DOWN to ACTIVE when they're attached to a trunk port.
Projects like kuryr-kubernetes need this to happen since it is the
way to identify when a nested VM or container inside a VM are ready.
This patch does the following changes:
- When a port transitions to 'up', before completing the provisioning
block, binding:host_id is updated on the Neutron port to the parent
value. This will make the plugin to try to bind the port and hence,
transition from DOWN to ACTIVE.
- When a subport is added or removed from the trunk, the
binding:profile information is updated on the Neutron port according
to what was introduced by e9f430135c.
If we don't set this value, parent_port would be cleared during the
binding process [0] and OVN would unbind it from the chassis.
Closes-bug: #1707141
[0] https://github.com/openstack/networking-ovn/blob/master/networking_ovn/common/ovn_client.py#L185
Change-Id: I62b3113f93572ac860fe5ebdd190907f35d4910f
This new commit [1] in neutron checks mtu size during segment
allocation and throws exception if MTU > 1450 for geneve network
type. Because of this new change, tests
'test_clear_segment_host_mapping' and
'test_update_segment_host_mapping' are failing in gate.
To fix this, we are updating mtu to 1450 in the test, before it
creates geneve segments for the network.
[1] ceb86366d25a928d7a3773075a7333801ee3dd29
Closes-bug: #1710496
Change-Id: I117cc2352848718b37f95bdb6aecbfb6ba1ccc67
Right now, we are calling provisioning_complete without checking
if the resource is added or not in provisioning block and each
provisioning_complete is triggering port's AFTER_UPDATE
event.
Unit test 'test_registry_notify_before_after_port_binding',
checks number of AFTER_UPDATE events, and is expecting only 2
events when port is updated. Neutron emits only 2 events.
networking-ovn triggering this third AFTER_UPDATE through
provisioning_complete. As neutron or networking-ovn is not
adding port in provisioning block, this provisioning_complete
is not required. So in this patch, we call provisioning_complete
only if the port is added in provisioning block.
Closes-bug: #1707215
Change-Id: Icab5514e29d1bd9927dbbdc68def73eff6be22ce
Right now, our gate is broken due to bug 1707215. Until it's fixed
this patch skips this test so that CI passes again.
Also fix the functional test failure in test_ovn_db_sync by using
ovs 2.7 branch. The reason for the failure is because, recently
ACL table was enhanced to add 2 new columns - name and severity.
If we use these new columns in the acl code AS IS,
'gate-tempest-dsvm-networking-ovn-ovs-release' will be broken.
We need to handle the DB changes properly in the networking-ovn code
in order to support master and latest release branch code of OVS.
Related-Bug: #1707215
Closes-bug: #1708594
Change-Id: Ibc0f5fbde8bba6dd264a2653d515bac4bfc9a8a4
Until OVS 2.8 is released, we don't want ovn_metadata to be enabled.
It will still be tested in the gate by the tempest job against OVS
master branch.
Once 2.8 is out we can revert this patch and enable it by default.
Change-Id: Id7f40c74da700c39b7151768c03823a5644c87a5
Initial implementation
Changes in the mechanism driver:
* Automatically create a port with device_owner=network:dhcp to
serve metadata and eventually DHCP.
* Auto-allocate an IP for the metadata port on subnet creation.
* Push static route for 169.254.169.254 in DHCP options.
* Wait until metadata service is provisioned in the chassis where
a port resides before sending the event to Nova.
Agent:
* Implementation of [0].
Devstack plugin:
* Starts networking-ovn-agent with the proper config files.
* Disables config drive in nova.conf for tempest against master
branch.
* Enables TEMPEST_RUN_VALIDATION for tempest against master branch.
In order to test this patch out we need to make these changes to
nova.conf:
* [DEFAULT] section:
force_config_drive = False
* [neutron] section:
service_metadata_proxy = True
This patch depends on [1] and [2] (already merged into OVS master).
NOTE: Metadata tests are only enabled for the non-voting tempest job
which runs against OVS master branch. The release job runs against
OVS 2.7 which doesn't include [1][2] so those tests are disabled
until OVS 2.8 is released.
[0]
https://docs.openstack.org/developer/networking-ovn/design/metadata_api.html
[1] https://patchwork.ozlabs.org/patch/767369/
[2] https://patchwork.ozlabs.org/patch/771297/
Change-Id: Ife2fd18f2f88050429e70c7e557fa41d2d54b034
Like in other commands this patch is adding a "if_exist" parameter to
SetLRouterPortInLSwitchPortCommand. This will later be used by the
journal recovery module.
Partial-Bug: #1605089
Change-Id: I093bc5982a71bd2d893a41a53194be3384b44088
The well known service type constants are in
neutron_lib.plugins.constants, but for legacy reasons a few still exist
and are referenced from neutron_lib.constants [1] that we'd like to
remove.
This patch switches references over to neutron_lib's plugin constants.
[1] https://github.com/openstack/neutron-lib/blob/master/neutron_lib/constants.py#L353
Change-Id: I8b5141f952b3500c7a4ce9c36e07a04630a5e44f
This patch is adding the network and subnet resources from the ml2
driver into OVNClient so later in this series of patches they can make
use of journaling.
Related-Bug: #1605089
Change-Id: I8477c246628711111c16f801c3dfad601eae9ba1
This patch is installing the SSL dependencies (libssl-dev/openssl-devel)
before compiling OVS when running the functional tests in the gate.
Without those packages OVS will be compiled without SSL support and will
cause the tests to fail in the gate.
Closes-Bug: #1696713
Change-Id: I42c9125ddd2ae1fa024732fed9b08f44617148f8
This patch supports subnet DHCP enabling and disabling and gracefully
subnet updating by comparing new DHCP options with old lsp DHCP options.
Change-Id: I947c20c93ac134f3a78289211e1ad6510ab5d4c6
Closes-Bug: #1682355
Signed-off-by: Dong Jun <dongj@dtdream.com>
Right now we have code doing CRUD operations on ONV resources spread
around different places (ml2/mech_driver.py, l3/l3_ovn.py), this makes
things very complicated to implement something like journaling (see
bug: #1605089) where all resources, L2 and L3, are created from a
central place (the journal thread, which keeps things in order).
This patch is adding a new class called OVNClient which centralizes all
the CRUD operations for the OVN resources in one place.
For this first iteraction, the Port resource from the mechanism driver
and the L3 resources (floating ip, routers and routers ports) are being
moved to this new class, others will come in follow up patches.
Related-Bug: #1605089
Change-Id: Ia453a14cdc2ec393037fb813caff8fae23acd7c3
Remove sleep in _sync() and do this delay when spawning greenthread,
then _sync() can be renamed to a callable method.
There are a few benefits, sync caller can simply call do_sync() instead of
sub-functions, and adding new sync sub-functions such as trunk, qos will
be simplified too,
Change-Id: I7b8acb9de0d2085443ac77c57fa4835f93241c55
Signed-off-by: Dong Jun <dongj@dtdream.com>
This:
1. replaces neutron.agent.ovsdb imports wih ovsdbapp imports.
2. Connection takes an idl instance due to removed deprecated
arguments in ovsdbapp
3. Ovsdb{N,S}bIdl classes are initialized with a connection
since driver/trigger options are networking-ovn specific
4. The Connection subclasses are removed as get_schema_helper
is no-longer Open_vSwitch-schema specific and ovsdbapp's
Connection.start has been modified to handle post_initialize
(which is no post_connect).
TODO:
1. Release an ovsdbapp with the necessary changes so CI will pass
Change-Id: I12260e60e40399f996d5f2ff4ddb7b65fdaebb95
Depends-On: Ie6dc0b75fc7c5ae00afc03e274f293b69d897913
Multi physnets can map to a same OVS bridge in OVN South bound DB, this
is reasonable configuration, but there is a ValueError in
helpers.parse_mappings() as following.
ValueError: Value br-ex in mapping: 'public2:br-ex' not unique
This patch fixes this bug.
Change-Id: Id6e2ec0328e9026716595d366453a4f319ee5754
Signed-off-by: Dong Jun <dongj@dtdream.com>
This is in line with late i18n team requests, and to adopt the new N537
hacking check from neutron-lib.
Change-Id: Ieacc6d3cfcea6846054655312916d29c1bb40d43
Depends-On: I1a7fff4140e50deb0e10024dedfba45d793b20fe
This patch fixes intermittent failure of two unit test cases,
test_enable_snat and test_disable_snat.
The reason is, str(dict) has a stable output in python 2 rather than in
python 3. I copy the checking logic from _check_for_external_ip_change
Change-Id: I3b532e875906d38d2d4f4ffb85ba4fb7886dfa7b
Partial-Bug: #1685844
Signed-off-by: Dong Jun <dongj@dtdream.com>
Lucas Alvares Gomes