The OVS Firewall has a singleton class that manages the conjuction IDs
to used in the OF rules. Those conjuntions are used to group rules
related to remote security group IDs.
Now each time the OVS agent is started, the OVS Firewall initial
conjunction ID is calculated based on the present OF rules. This value
and the next one used won't clash with any present rule in the
integration bridge during the initial transient period.
Related-Bug: #1934917
Change-Id: Ie2e4441f766947a2164dec2d1555c7049428903f
This patch switches over to callback payloads for ROUTER
AFTER_CREATE, AFTER_UPDATE and AFTER_DELETE events.
Change-Id: Ie818ffbb1a291faa80501157b46ff6671d5c26ba
This patch switches over to callback payloads for ROUTER
BEFORE_CREATE, PRECOMMIT_CREATE, BEFORE_UPDATE and
PRECOMMIT_DELETE events.
Change-Id: I4a52c773d3f753c918df0986f1d261083156651c
In "test_restart_rpc_on_sighup_multiple_workers", the test needs to
wait until the RPC workers have been properly launched by
``oslo_service.service.ProcessLauncher.launch_service``. Once this
method returns, it is guaranteed that the child worker processes
are running and the signal process handlers are attending the
SIGHUP signal that will reset them.
Closes-Bug: #1938428
Change-Id: I1dc56092d099223accc3aefa8e303310c4f6787e
Use an OVSDB lock to ensure that only one worker tries to create
the neutron_pg_drop port group. This also waits pre_fork so that if
getting the port group fails, neutron exits instead of continuing
on without the port group being created.
It was previously possible that a server could create the port
group and we wouldn't get the update before trying to create it
ourselves and checking for its existence.
This also modifies the get_port_group method to use the built-in
lookup() which searches by name or uuid and can take advantage of
both indexing and newly added ovsdbapp wait for sync functionality.
Closes-Bug: #1934930
Change-Id: Id870f746ff8e9741a7c211aebdcf13597d31465b
This patch adds new API extension to QoS service plugin
to allow CURD actions for packet rate limit (packet per
second) rule in Neutron server side.
NOTE: This patch will NOT implement the real functionality
in L2/L3 backend to limit the pps.
Co-Authored-By: NANALI <lin203@chinaunicom.cn>
Closes-bug: #1912460
Change-Id: Icc88accb88d9cec40c960c56f032c3c27317b42e
This reverts commit df5cb28737.
The reverted commit triggers the failure of tempest-slow-py3 job.
tempest-slow-py3 is equal to non-voting neutron-ovn-tempest-slow job
in the neutron CI. It is a non-voting job so the error was not detected
before merging it. To recover the tempest job in OpenStack wide,
this commit reverts it.
See http://lists.openstack.org/pipermail/openstack-discuss/2021-July/023764.html
Closes-Bug: #1936983
Change-Id: Id8cdd9c69e4fef2d9c335447b498958add8b7816
The mechanism driver support VNIC types validation is done now in the
"SimpleAgentMechanismDriverBase" class __init__ method. If a subclass
needs to administratively prohibit any VNIC type supported by default,
"vnic_type_prohibit_list" must be passed to the base class __init__
call.
Related-Bug: #1578989
Change-Id: Ic25a8a7c716b4980ad2542b44519f77c6fdad309
Added a new OVN Client extension: OVNClientPlacementExtension. This
extension is in charge of handling the bandwidth information stored
in the OVN database, in the "Chassis" registers on the
"ovn-cms-options" dictionary.
Three new keys are created to store the resource provider information
needed to parameterize the network backend bandwidth information,
following the implementation done in OVS and SR-IOV:
- resource_provider_bandwidths
- resource_provider_inventory_defaults
- resource_provider_hypervisors
When the OVN Client is started, the Placement extension will check if
the "placement" extension is loaded. It will also create an event to
check any configuration change done in any "Chassis" register.
The Placement extension will read the initial configuration stored
in the OVN database and will populate it to Placement API, creating
the needed resource providers, traits and inventories.
NOTE: This patch belongs to a series of patches to implement
minimum bandwidth scheduling blueprint in OVN backend. The next
patch will make OVN backend scheduling aware using the information
stored in Placement API and the port information passed by Nova when
a VM is created.
Partial-Bug: #1578989
Change-Id: I8ba38b8ace8852009fba8712aafa9f88c2b93ccb
This new context will have only two capabilities: CAP_NET_ADMIN
and CAP_SYS_ADMIN (for operations inside namespaces).
Change-Id: If9273db1a7ccdce3a81f68fce78408830e9c3d42
This reverts commit 66ac943b64.
Reason for revert: After discussions with the core reviewers for ML2/OVN
and Neutron folks about this configuration option we understood that we
should just enable RpcWorkers to connect to the OVN database by default
and later allow rpc_workers to be set to 0 in Neutron (for those looking
for optimizations and that don't need RpcWorkers in their deployment). So
I am proposing a revert for this configuration option.
Change-Id: I73ba195401fff9f832b84633398816383f710b23
It is possible for events from the nb/sb to fire before the opposite
db connection is made. These events can call back into driver code
which tries to access the other db before it is connected.
Closes-Bug: #1929197
Closes-Bug: #1928794
Closes-Bug: #1929633
Change-Id: If947581b90ced42981c4611c32de8f428a052c69
This patch changes the policy for updating routes to support ECMP,
and will now add ECMP routes to the Neutron router namespace when
there are multiple routes pointing to the same destination address.
Change-Id: I842c1408ee0235bc54441e9ed69c8b87ea30651b
Related-Bug: #1880532
This patch switches over to callback payloads for PORT
AFTER_DELETE events.
Some shims were removed.
Change-Id: If69e37b84fe1b027777b1d673b3d08a6651a979e
This patch sanitizes the MAC address coming from a user input:
- The "base_mac" address configuration parameter.
- The "port.mac_address" stored in the database, if the script
provided is not executed.
This patch relays on [1], that will sanitize any input coming from
the server API.
This patch adds a new script to sanitize all "port.mac_address"
registers stored in the dabatabase.
[1]https://review.opendev.org/c/openstack/neutron-lib/+/788300
Related-Bug: #1926273
Change-Id: I8572906cc435feda1f82263fd94dda47fc1526e1
When the L3 agent starts, reads the floating IP rule priority from
a state file created by "FipRulePriorityAllocator". In case of not
having all floating IPs registers in this file, the method:
- Creates a new priority for this floating IP.
- Creates the "ip rule" in the namespace.
- Adds a new entry in "self.floating_ips_dict".
All "ip rules" present in the namespace that do not match the
registered fixed IP address ("from") and the priority assigned
are deleted.
Closes-Bug: #1891673
Closes-Bug: #1929821
Change-Id: Ia3fbde3304ab5f3c309dc62dbf58274afbcf4614
Router_info's _process_internal_ports() method is the one which is
manipulating router_info.internal_ports cache and network_update()
method from the L3 agent is relying on that Router_info's cache to
check if updated network is connected to the router or not.
So they shouldn't be run together as that may cause some race conditions
and unexpected issues, like e.g. described in the related bug.
Until now, network_update event was the only one which was processed
without using queue of events. And because of that such race condition
as described above were possible.
To fix that, this patch changes network_update method in the way that it
now adds update events for each router hosted by agent to the queue.
Those events for single routers are then processed, checks if network is
actually connected to the router and if yes, schedules router update to
be processed.
Closes-Bug: #1933234
Change-Id: I2efe66a7415f7a18fb85bd2536a1901e751d6203
The os-resource-classes lib is the official source of the standard
placement resource classes. Currently, the neutron-lib contains a copy
of those constants. However, they are already marked as deprecated and
are going to be removed with next major release.
Related-Bug: #1934256
Change-Id: I33ecd6f32410f9b7ab1e87a6640201ea157bc383
Each cases are sharing the common lease path for dhclient,
for instance, in CentOS it is: /var/lib/dhclient/dhclient.leases.
That means all fullstack cases will use this file to store
fake VM's NIC DHCP lease information.
After run several times of fullstack cases, the dhclient will
get failed to set the test fake VM port's IP due to the mess
settings in this file.
This patch sets each fake VM's NIC lease file path to the
tmp folder with it's port id.
This may fix some cases that cannot set the IP addr to the test
device properly via DHCP.
Closes-Bug: #1934646
Change-Id: Ia87fa7c08df473acbcf1600035d99a83ed4b4375
In some cases, the arp entry of snat port is not updated
in qrouter namespace. l3-agent calls get_ports_by_subnet()
while setting arps for the subnet. And the snat port is
not returned if it is still unbound. One of the scenario
this is observed is when router is created, external
gateway set and internal subnet attached to router in
quick succession.
This patch retrieves snat port details from router info
as well and updates arp entry for snat port.
Closes-Bug: #1933092
Change-Id: I7ee797b4b930306cf6360922d855f8b24f1b813d
Align the config with DHCP agent options `dhcp_renewal_time`
and `dhcp_rebinding_time` for ovs-agent dhcp extension.
Partially-Implements: bp/distributed-dhcp-for-ml2-ovs
Related-Bug: #1900934
Change-Id: I671f23fcb763b847b1dc2b1d2de0567569aba892
Rodolfo Alonso Hernandez