Merge "Remove migrate_to_port_groups maintenance task"
This commit is contained in:
Zuul
Gerrit Code Review
commit
92bff7aec6
|
|
@ -271,17 +271,6 @@ class API(api.API, metaclass=abc.ABCMeta):
|
|||
:returns: :class:`Command` with no result
|
||||
"""
|
||||
|
||||
@abc.abstractmethod
|
||||
def delete_address_set(self, name, if_exists=True):
|
||||
"""Delete an address set
|
||||
|
||||
:param name: The name of the address set
|
||||
:type name: string
|
||||
:param if_exists: Do not fail if the address set does not exist
|
||||
:type if_exists: bool
|
||||
:returns: :class:`Command` with no result
|
||||
"""
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_all_chassis_gateway_bindings(self,
|
||||
chassis_candidate_list=None):
|
||||
|
|
@ -390,13 +379,6 @@ class API(api.API, metaclass=abc.ABCMeta):
|
|||
DHCP_Options matched found.
|
||||
"""
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_address_sets(self):
|
||||
"""Gets all address sets in the OVN_Northbound DB
|
||||
|
||||
:returns: dictionary indexed by name, DB columns as values
|
||||
"""
|
||||
|
||||
@abc.abstractmethod
|
||||
def get_sg_port_groups(self):
|
||||
"""Gets port groups in the OVN_Northbound DB that map to SGs.
|
||||
|
|
|
|||
|
|
@ -612,26 +612,6 @@ class DelStaticRouteCommand(command.BaseCommand):
|
|||
break
|
||||
|
||||
|
||||
class DelAddrSetCommand(command.BaseCommand):
|
||||
def __init__(self, api, name, if_exists):
|
||||
super(DelAddrSetCommand, self).__init__(api)
|
||||
self.name = name
|
||||
self.if_exists = if_exists
|
||||
|
||||
def run_idl(self, txn):
|
||||
try:
|
||||
addrset = idlutils.row_by_value(self.api.idl, 'Address_Set',
|
||||
'name', self.name)
|
||||
except idlutils.RowNotFound:
|
||||
if self.if_exists:
|
||||
return
|
||||
msg = _("Address set %s does not exist. "
|
||||
"Can't delete.") % self.name
|
||||
raise RuntimeError(msg)
|
||||
|
||||
self.api._tables['Address_Set'].rows[addrset.uuid].delete()
|
||||
|
||||
|
||||
class UpdateObjectExtIdsCommand(command.BaseCommand):
|
||||
table = None
|
||||
field = 'name'
|
||||
|
|
|
|||
|
|
@ -466,9 +466,6 @@ class OvsdbNbOvnIdl(nb_impl_idl.OvnNbApiIdlImpl, Backend):
|
|||
return cmd.DelStaticRouteCommand(self, lrouter, ip_prefix, nexthop,
|
||||
if_exists)
|
||||
|
||||
def delete_address_set(self, name, if_exists=True, **columns):
|
||||
return cmd.DelAddrSetCommand(self, name, if_exists)
|
||||
|
||||
def _get_logical_router_port_gateway_chassis(self, lrp):
|
||||
"""Get the list of chassis hosting this gateway port.
|
||||
|
||||
|
|
@ -635,18 +632,6 @@ class OvsdbNbOvnIdl(nb_impl_idl.OvnNbApiIdlImpl, Backend):
|
|||
|
||||
return dhcp_options
|
||||
|
||||
def get_address_sets(self):
|
||||
address_sets = {}
|
||||
for row in self._tables['Address_Set'].rows.values():
|
||||
if not (ovn_const.OVN_SG_EXT_ID_KEY in row.external_ids):
|
||||
continue
|
||||
name = getattr(row, 'name')
|
||||
data = {}
|
||||
for row_key in getattr(row, "_data", {}):
|
||||
data[row_key] = getattr(row, row_key)
|
||||
address_sets[name] = data
|
||||
return address_sets
|
||||
|
||||
def get_router_port_options(self, lsp_name):
|
||||
try:
|
||||
lsp = idlutils.row_by_value(self.idl, 'Logical_Switch_Port',
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ from neutron.db import ovn_hash_ring_db as hash_ring_db
|
|||
from neutron.db import ovn_revision_numbers_db as revision_numbers_db
|
||||
from neutron.objects import ports as ports_obj
|
||||
from neutron.objects import router as router_obj
|
||||
from neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb import ovn_db_sync
|
||||
from neutron import service
|
||||
from neutron.services.logapi.drivers.ovn import driver as log_driver
|
||||
|
||||
|
|
@ -299,35 +298,6 @@ class DBInconsistenciesPeriodics(SchemaAwarePeriodicsBase):
|
|||
else:
|
||||
self._ovn_client.update_subnet(context, sn_db_obj, n_db_obj)
|
||||
|
||||
# The migration will run just once per neutron-server instance. If the lock
|
||||
# is held by some other neutron-server instance in the cloud, we'll attempt
|
||||
# to perform the migration every 10 seconds until completed.
|
||||
# TODO(jlibosva): Remove the migration to port groups at some point. It's
|
||||
# been around since Queens release so it is good to drop this soon.
|
||||
@periodics.periodic(spacing=10, run_immediately=True)
|
||||
@rerun_on_schema_updates
|
||||
def migrate_to_port_groups(self):
|
||||
"""Perform the migration from Address Sets to Port Groups. """
|
||||
# TODO(dalvarez): Remove this in U cycle when we're sure that all
|
||||
# versions are running using Port Groups (and OVS >= 2.10).
|
||||
|
||||
# If Port Groups are not supported or we've already migrated, we don't
|
||||
# need to attempt to migrate again.
|
||||
if not self._nb_idl.get_address_sets():
|
||||
raise periodics.NeverAgain()
|
||||
|
||||
# Only the worker holding a valid lock within OVSDB will perform the
|
||||
# migration.
|
||||
if not self.has_lock:
|
||||
return
|
||||
|
||||
admin_context = n_context.get_admin_context()
|
||||
nb_sync = ovn_db_sync.OvnNbSynchronizer(
|
||||
self._ovn_client._plugin, self._nb_idl, self._ovn_client._sb_idl,
|
||||
None, None)
|
||||
nb_sync.migrate_to_port_groups(admin_context)
|
||||
raise periodics.NeverAgain()
|
||||
|
||||
def _log_maintenance_inconsistencies(self, create_update_inconsistencies,
|
||||
delete_inconsistencies):
|
||||
if not CONF.debug:
|
||||
|
|
|
|||
|
|
@ -1243,67 +1243,6 @@ class OvnNbSynchronizer(OvnDbSynchronizer):
|
|||
txn.add(self.ovn_api.dns_set_records(ls_dns_record.uuid,
|
||||
**dns_records))
|
||||
|
||||
def _delete_address_sets(self, ctx):
|
||||
with self.ovn_api.transaction(check_error=True) as txn:
|
||||
for sg in self.core_plugin.get_security_groups(ctx):
|
||||
for ip_version in ['ip4', 'ip6']:
|
||||
txn.add(self.ovn_api.delete_address_set(
|
||||
utils.ovn_addrset_name(sg['id'], ip_version)))
|
||||
|
||||
def _delete_acls_from_lswitches(self, ctx):
|
||||
with self.ovn_api.transaction(check_error=True) as txn:
|
||||
for net in self.core_plugin.get_networks(ctx):
|
||||
# Calling acl_del from ovsdbapp with no ACL will delete
|
||||
# all the ACLs belonging to that Logical Switch.
|
||||
txn.add(self.ovn_api.acl_del(utils.ovn_name(net['id'])))
|
||||
|
||||
def _create_sg_port_groups_and_acls(self, ctx, db_ports):
|
||||
# Create a Port Group per Neutron Security Group
|
||||
with self.ovn_api.transaction(check_error=True) as txn:
|
||||
for sg in self.core_plugin.get_security_groups(ctx):
|
||||
pg_name = utils.ovn_port_group_name(sg['id'])
|
||||
if self.ovn_api.get_port_group(pg_name):
|
||||
continue
|
||||
ext_ids = {ovn_const.OVN_SG_EXT_ID_KEY: sg['id']}
|
||||
txn.add(self.ovn_api.pg_add(
|
||||
name=pg_name, acls=[], external_ids=ext_ids))
|
||||
acl_utils.add_acls_for_sg_port_group(
|
||||
self.ovn_api, sg, txn,
|
||||
self._ovn_client.is_allow_stateless_supported())
|
||||
for port in db_ports:
|
||||
for sg in port['security_groups']:
|
||||
txn.add(self.ovn_api.pg_add_ports(
|
||||
utils.ovn_port_group_name(sg), port['id']))
|
||||
|
||||
def migrate_to_port_groups(self, ctx):
|
||||
# This routine is responsible for migrating the current Security
|
||||
# Groups and SG Rules to the new Port Groups implementation.
|
||||
# 1. Create a Port Group for every existing Neutron Security Group and
|
||||
# add all its Security Group Rules as ACLs to that Port Group.
|
||||
# 2. Delete all existing Address Sets in NorthBound database which
|
||||
# correspond to a Neutron Security Group.
|
||||
# 3. Delete all the ACLs in every Logical Switch (Neutron network).
|
||||
|
||||
# If we've already migrated, return
|
||||
if not self.ovn_api.get_address_sets():
|
||||
return
|
||||
|
||||
LOG.debug('Port Groups Migration task started')
|
||||
|
||||
# Ignore the floating ip ports with device_owner set to
|
||||
# constants.DEVICE_OWNER_FLOATINGIP
|
||||
db_ports = [port for port in
|
||||
self.core_plugin.get_ports(ctx) if not
|
||||
utils.is_lsp_ignored(port) and not
|
||||
utils.is_lsp_trusted(port) and
|
||||
utils.is_port_security_enabled(port)]
|
||||
|
||||
self._create_sg_port_groups_and_acls(ctx, db_ports)
|
||||
self._delete_address_sets(ctx)
|
||||
self._delete_acls_from_lswitches(ctx)
|
||||
|
||||
LOG.debug('Port Groups Migration task completed')
|
||||
|
||||
def sync_port_qos_policies(self, ctx):
|
||||
"""Sync port QoS policies.
|
||||
|
||||
|
|
|
|||
|
|
@ -865,11 +865,6 @@ class TestNBImplIdlOvn(TestDBImplIdlOvn):
|
|||
self.assertEqual(len(dhcp_options['subnets']), 3)
|
||||
self.assertEqual(len(dhcp_options['ports_v4']), 2)
|
||||
|
||||
def test_get_address_sets(self):
|
||||
self._load_nb_db()
|
||||
address_sets = self.nb_ovn_idl.get_address_sets()
|
||||
self.assertEqual(len(address_sets), 4)
|
||||
|
||||
def test_get_router_floatingip_lbs(self):
|
||||
lrouter_name = 'rtr_name'
|
||||
# Empty
|
||||
|
|
|
|||
|
|
@ -31,7 +31,6 @@ from neutron.db.models import ovn as ovn_models
|
|||
from neutron.db import ovn_revision_numbers_db
|
||||
from neutron.objects import ports as ports_obj
|
||||
from neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb import maintenance
|
||||
from neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb import ovn_db_sync
|
||||
from neutron.tests.unit import fake_resources as fakes
|
||||
from neutron.tests.unit.plugins.ml2 import test_security_group as test_sg
|
||||
from neutron.tests.unit import testlib_api
|
||||
|
|
@ -109,44 +108,6 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
|
|||
self.periodic.check_for_inconsistencies()
|
||||
mock_fix_net.assert_called_once_with(mock.ANY, fake_row)
|
||||
|
||||
def _test_migrate_to_port_groups_helper(self, a_sets, migration_expected,
|
||||
never_again):
|
||||
self.fake_ovn_client._nb_idl.get_address_sets.return_value = a_sets
|
||||
with mock.patch.object(ovn_db_sync.OvnNbSynchronizer,
|
||||
'migrate_to_port_groups') as mtpg:
|
||||
if never_again:
|
||||
self.assertRaises(periodics.NeverAgain,
|
||||
self.periodic.migrate_to_port_groups)
|
||||
else:
|
||||
self.periodic.migrate_to_port_groups()
|
||||
|
||||
if migration_expected:
|
||||
mtpg.assert_called_once_with(mock.ANY)
|
||||
else:
|
||||
mtpg.assert_not_called()
|
||||
|
||||
def test_migrate_to_port_groups_not_needed(self):
|
||||
self._test_migrate_to_port_groups_helper(a_sets=None,
|
||||
migration_expected=False,
|
||||
never_again=True)
|
||||
|
||||
def test_migrate_to_port_groups(self):
|
||||
# Check normal migration path: if the migration has to be done, it will
|
||||
# take place and won't be attempted in the future.
|
||||
self._test_migrate_to_port_groups_helper(a_sets=['as1', 'as2'],
|
||||
migration_expected=True,
|
||||
never_again=True)
|
||||
|
||||
def test_migrate_to_port_groups_no_lock(self):
|
||||
with mock.patch.object(maintenance.DBInconsistenciesPeriodics,
|
||||
'has_lock', mock.PropertyMock(
|
||||
return_value=False)):
|
||||
# Check that if this worker doesn't have the lock, it won't
|
||||
# perform the migration and it will try again later.
|
||||
self._test_migrate_to_port_groups_helper(a_sets=['as1', 'as2'],
|
||||
migration_expected=False,
|
||||
never_again=False)
|
||||
|
||||
def _test_fix_create_update_network(self, ovn_rev, neutron_rev):
|
||||
with db_api.CONTEXT_WRITER.using(self.ctx):
|
||||
self.net['revision_number'] = neutron_rev
|
||||
|
|
|
|||
Loading…
Reference in New Issue