The "ovn_agent.ini" file should be in "/etc/neutron/plugins/ml2",
same as any other ML2 mechanism driver agent configuration.
Related-Bug: #1998608
Change-Id: I3f0e948202b522df162ed67fe669a6ff8e90ab41
Added a new OVN Neutron Agent extension: QoS for hardware offloaded
ports. This extension will enforce the minimum bandwidth and maximum
bandwidth egress QoS rules for ports with hardware offload (DevLink
ports).
This extension uses the "ip-link" commands to set the "ceil" and
"rate" parameters on the corresponding virtual functions.
Related-Bug: #1998608
Change-Id: Id436e43868fa0d3fbc843adb55f333582ed0134f
The from_self() method in SQLAlchemy is currently
being considered for removal from the library,
with a deprecation phase throughout 1.4 and then
removal by SQLAlchemy 2.0.
The from_self() method takes an ORM query object,
turns it into a subquery, then returns a new query
object that will SELECT from that subquery, while transparently
altering subsequent criteria added to the query to
be stated in terms of the subquery. The current
design direction of SQLAlchemy hopes to
de-emphasize the "transparently altering criteria"
part of the above use case, and to move users towards a
more explicit and model of usage where a subquery should
be created and used explicitly using the aliased()
construct, which is now very mature and can be used in ways
that were not available when from_self() was first introduced.
On the SQLAlchemy side, from_self() has proven to be one
of the most difficult features to maintain and test
as it can easily lead to extremely complicated scenarios, and
while I am also experimenting with some alternatives that
may still retain some of the "automatic translation" features,
those features are still proving to add similar internal
complexity which is having me lean towards the original
plan of removing open-ended "entity translation" features
like that of from_self() at least through the start
of the 2.0 series.
A code search for all of Openstack shows that the
two files modified here are the only usages of the
from_self() method throughout all of searchable Openstack
code. This speaks to the general obscurity of this method,
although neutron's Subnet code is actually using this
method as intended. The new approach necessarily changes
some of the method signatures here so that the explicit
"subquery" entity can be passed; code searches again
show that these methods are not being called anywhere
outside, so the query_filter_service_subnets method
becomes the private _query_entity_service_subnets method.
References: https://github.com/sqlalchemy/sqlalchemy/issues/5368
Closes-Bug: #2004263
Change-Id: Icec998873221ac8e6a1566a157b2044c1f6cd7f3
Network owner should be able to delete ports plugged to the owner's
network, even if port belongs to some other project.
Closes-Bug: #2004012
Closes-Bug: #2004016
Change-Id: I6d5418762b48ff382ca95b1a445a6edc7d72b424
Before this patch, we would only get logged the client to server side of
the communication. The OVN allow-related ACL option was implemented [0]
so as to be able to log also the packets that are going from server to
client. This patch implements the addition of that feature in Neutron
and needs OVN version 22.03 or updated 21.12.
[0] https://patchwork.ozlabs.org/project/ovn/patch/20220201141118.1846390-1-mmichels@redhat.com/
Closes-Bug: #2003706
Change-Id: I72d061c333f53e07f6feedec032e2c0b06a61248
Signed-off-by: Elvira García <egarciar@redhat.com>
This new job called "tox-py311" is added to the following
template queues:
* check
* periodic
This patch tries to address what has been detected in [1][2]: a
mock spec argument cannot be another mock.
This new job is temporary. Once the "openstack-tox-py311" job
definition is created and added to the "openstack-python3-jobs"
template, we'll revert this patch. Until this happens, we'll
test Python3.11 using the "tox-py311" job defined in [3].
[1]https://github.com/python/cpython/issues/87644
[2]https://bugs.launchpad.net/cinder/+bug/2000436
[3]https://opendev.org/zuul/zuul-jobs/src/branch/master/zuul.d/python-jobs.yaml
Change-Id: Iebe3fc75ca8b15cec49603e61a7acd211f24e03e
Following the discussions on #2004004, we notice that there is an error
message in the Neutron code that is misleading.
This patch intends to improve the exception message, and provide a
little bit of documentation regarding the gateway IP address
validation for subnets.
Related-bug: #2004004
Change-Id: Ibf09254b5b2fee6efd3de5e5dc6f013424831db9
If get_link_devices() is called with 'index' in kwargs, pass the
argument to ip.get_links() correctly
Closes-Bug: #1953139
Change-Id: I6ae2d8c2a27aef548dd186e495c8998bf4086a20
notify() is called from python-ovs code which is not built to
recover from an exception in this user-overriden code. If there
is an exception (e.g. the DB server is down when we process
the hash ring), this exception can cause an unrecoverable error
in processing OVSDB messages, rendering the neutron worker useless.
Change-Id: I5f703d82175d71a222c76df37a82b5ccad890d14
This patch implements the OVN Neutron Agent executable, the extension
manager engine, the agent extension abstract class and the configuration
section.
Related-Bug: #1998608
Change-Id: I94bb98217e03f9ac314cb9723da277a23368649c
The OVS firewall driver requires nf_conntrack module(s)
to be loaded to function properly. While they are typically
loaded automatically, add a note to the admin guide about
the requirement to make it explicit.
Closes-bug: #1834213
Change-Id: I55871eff1e37d4155b8d2b5ae8c182d160c4af9f
It seems that in test test_configurations_are_synced_towards_placement
when the fake placement process is stopped it can take longer and
the test restarts the agent before it is really dead.
In this case neutron-server can report the status and the agent's
'resources_synced' field is True when the tests checks it.
A simple workaround for this can be to check if the AsyncProcess
class' _is_running property is False.
Closes-Bug: #1856319
Change-Id: Ia4c25110ee5a7b7539407d3531f559555fec50cc
When DAD fails on an IPv6 address, both the 'dadfailed'
and 'tentative' flags will be set. So change the code
to check for 'dadfailed' first, just to be explicit.
Added better unit testing to cover more cases as well.
Trivialfix
Change-Id: I2dddc296826e5ab5e057c32a554e353577cc36e8
This patch adds API definition and API extension class for
security group rules templates API described in the spec [1].
API definition in this case is very similar to the securitygroup API
definition and uses same converters and validators which are still in
Neutron instead of neutron-lib repo. Because of that this new API
definition is proposed to the neutron repo first and will be rehomed to
neutron-lib together with security groups API definition later.
[1] https://specs.openstack.org/openstack/neutron-specs/specs/2023.1/configurable-default-sg-rules.html
Related-bug: #1983053
Change-Id: I3aafe1aba406a52bc2b57be5133dee15b8848796
This patch removes the config option "debug" override done
during the script initialization.
Closes-Bug: #2003534
Change-Id: I403d73a1f35cb6314c814f25628a83d3e111e0fe
In case of error, the class ``ARPSpoofTestCase`` now provides the IPv6
and IPv4 neigh list of the source and destination ports.
This patch also adds a retry branch on the ``assert_ping`` method. If
enabled, if the first ping command fails, the method will try to execute
it again.
Related-Bug: #2003196
Change-Id: I4d1a6c799004339489fe35b44b7682f8f744560b
This patch introduces the new OVN Neutron Agent definition in the
OVN agent list and creates a new class ``OVNNeutronAgent``.
Related-Bug: #1998608
Change-Id: I57de801473fc30f06acf1bc8a65cb2ff76b2954a
The patch stops all running neutron-server processes before syncing
database from Neutron to OVN. Then it creates a new container to execute
the sync in and after it is done the container is removed.
Change-Id: Ifa439a536572efb72ccefde128fa186fc2f73bef
Zuul