This patch adds new fullstack test which spawns 2 "hosts" and 2 "VMs" on
those hosts. Both VMs are plugged to the vlan network with some
segmentation id. Next segmentation id of the network is updated and test
ensures that new vlan id is configured in the physical bridge on both
"hosts" and connectivity between VMs still works fine.
Test runs only with Openvswitch agents as Linuxbridge doesn't supports
live update of the segmentation_id in the network.
Change-Id: I459aac7f4e9afe679d8ece1c27d0be49cec8e4ff
Implement the "kill" method (send a signal to a process) using the
Python native library "os".
In functional tests, "RootHelperProcess.kill" method should not fail if
the process does not exist.
Closes-Bug: #1843446
Closes-Bug: #1843418
Change-Id: Iee97a83779dd3e20eb3a223fb8557a94b8f15dc0
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch migrates the "kill_process" method to privsep and
removes the unneeded rootwrap filters.
Change-Id: I48461be8b08cbc21c8af371f551b944343ba37bf
Story: #2007686
Task: #41558
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch migrates some missing execution methods present in
the code and removes unneeded rootwrap filters.
Story: #2007686
Task: #41558
Change-Id: I1542dc4cf98658fc9a40018192498c7a5cd1c3fe
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
Change-Id: Id3db4fbba44dd5644563481b6767ad0acbdcfb3e
Story: #2007686
Task: #41558
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch replaces some "IpNetnsCommand" command execution
methods.
Change-Id: Ic5fdf221a2a2cd0951539b0e040d2a941feee287
Story: #2007686
Task: #41558
Fixes broken functional tests where NamespaceFixture is used and
the TestTimer raises TestTimerTimeout even if the namespace was cleaned
up in time.
The fix makes sure that the alarm is cancelled in __exit__ if there
was no alarm before TestTimer's __enter__ (if self._old_timer is 0).
It also makes sure to reset the signal handler if the old one was
Handler.SIG_DFL (which is treated as false, no we need to check for
"is not None" instead).
Closes-Bug: #1912320
Change-Id: I9efad8eb5fe6e794235280f8a9a026800513d969
Until the related bug is fixed, if the namespace created in a
NamespaceFixture cannot be deleted due to a timeout exception,
the exception will be dismissed and a warning message logged.
The leftover namespace will not affect other test cases.
Change-Id: Idb262024ca74aaa924525150e610642f493c5dc4
Related-Bug: #1838793
Now that we use setproctitle for neutron-server workers (and
neutron-keepalived-state-change), this has the side effect of changing
the process name for agents, impacting some monitoring systems. More
details in launchpad bug.
This patch fixes it by setting the name with setproctitle to:
agent name (original process name).
Also use the newly introduced name constants to replace existing
hardcoded uses.
Change-Id: I74c3a4d3e9f833752571a75f196560cd45529385
Closes-Bug: #1881297
With python 3.x, classes can use the metaclass= logic
to not require usage of the six library.
One step in removing all of six usage from neutron.
Change-Id: I2f815e412d9a96eb5faf2b3bb3a1e393a9db9309
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This completes removal of all references to "import mock",
changing to "from unittest import mock" in fullstack and
functional tests.
Added a hacking check to enforce it in future patches.
Change-Id: Ifcaf1c21bea0ec3c35278e49cecc90a101a82113
NetcatTester class should handle BrokenPipeError exception
and not raise it to fail test immediately if nc process wasn't
yet started when it tries first time to read/write something to
it.
Change-Id: Ica953cc2038b24c4b3985447b393763912aa6abd
Closes-Bug: #1871908
To have correct support in rootwrap, "ping"/"ping6" command should
have the correct filters in rootwrap.
Because "ping" command is harmless, "CommandFilter" is used to allow
any binary call, regardless of the parameters used and the order.
Nevertheless, this patch also proposes to use "ping"/"ping6" with
the same parameters and a specific order, to help in the debug
process:
- ping[6] -W <timeout> <address>
- ping[6] -W <timeout> -c <count> <address>
- ping[6] -W <timeout> -c <count> -i <interval> <address>
Those commands could be called from inside a namespace. The needed
filter is also added in this patch.
Change-Id: Ie5cbc0dcc76672b26cd2605f08cfd17a30b4c905
Closes-Bug: #1863006
If a RootHelperProcess does not start, add more information to the
exception raised: the command return code, the stdout and the stderr.
Change-Id: I229e926341c5e6c8b06f59950e3ae09864d0f1f6
Closes-Bug: #1861221
Library "unittest2" has not released a new version since
Jun 30 2015 [1]. Neutron should remove the references to
this library and point to "unittest" instead.
[1] https://pypi.org/project/unittest2/#history
Change-Id: I7d55adc262280c0c2f13b9b81ecc582e1729afa0
Closes-Bug: #1859190
If any of the processes, client or server, spawned by NetcatTester is
not present during the stop command (kill signal sent), by default the
method will not raise an exception.
Change-Id: If8cf47a01dc353734ad07ca6cd4db7bec6c90fb6
Closes-Bug: #1852869
In test_dscp_marking_packets, sender vm is sending ICMP packets to the
receiver_vm.
Before this patch even if first ICMP packet wasn't send properly, test
failed due to exception raised in execute method.
It can happend sometimes that first packet will fail to be send as there
can be e.g. some configuration on agent's side not done yet. So we
should try to ping receiver_vm for 60 seconds instead of failing on
first attempt.
This patch changes that behaviour in test.
Change-Id: Ic84e1ef507f017516d47a6b66e646e7e7b5ded8d
Closes-Bug: #1852724
Since it's no longer supported past Train, lets stop
running the tests.
Updated docs and made some pep8 code tweaks as well.
Change-Id: I1c171ab906a3b4c66558163ad26947ebf710a276
Previously when parsed config contained wrong values, the message didn't
say what option is wrong. The message looked like:
TypeError: option values must be strings
This patch adds some info to the message so it says which option,
section and value is wrong. Example:
TypeError: option values must be strings: section DEFAULT,
option api_paste_config, value: None
Change-Id: Iaed040c3af9ab10292eeb49b0522ab09b23e29f7
In "NamespaceFixture", before deleting the namespace, this patch
introduces a check to first kill all processes running on it.
Closes-Bug: #1838793
Change-Id: I27f3db33f2e7ab685523fd2d6922177d7c9cb71b
This option was deprecated since couple of releases already.
In Stein we removed 'external_network_bridge' option from L3 agent's
config so now it's time to remove also this one.
There is also new upgrade check introduced to check and warn
users if gateway_external_network_id was used in the deployment.
This patch also removes method _check_router_needs_rescheduling() from
neutron/db/l3_db.py module as it is not needed anymore.
This patch also removes unit tests:
test_update_gateway_agent_exists_supporting_network
test_update_gateway_agent_exists_supporting_multiple_network
test_router_update_gateway_no_eligible_l3_agent
from neutron/tests/unit/extensions/test_l3.py module as those
tests are not needed when there is no "gateway_external_network_id"
config option anymore.
Change-Id: Id01571cd42cfe9c5ce91e90159917c7d3c963878
Removed E125 (continuation line does not distinguish itself
from next logical line) from the ignore list and fixed all
the indentation issues. Didn't think it was going to be
close to 100 files when I started.
Change-Id: I0a6f5efec4b7d8d3632dd9dbb43e0ab58af9dff3
When an agent reports the state, the timestamp is sent along with the
agent status. This timestamp now is logged if "log_agent_heartbeats" is
activated.
Change-Id: Ifc88dfb3041aa07b197f395172b69399796ba46a
Related-Bug: #1799555
Default value for "of_interface" config option was switched
to "native" in Pike release.
In the same release this option was deprecated to removal.
Now it's time to remove it and force use of "native" driver to
manage openflows.
Change-Id: Ic900209868acfbe3bbb56fabbbf5c4472857e412
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>
The functionality within neutron.db.common_db_mixin is available via
neutron-lib APIs. This patch removes common_db_mixin and updates any
uses of it to use neutron-lib instead.
Depends-On: https://review.openstack.org/#/c/636159/
NeutronLibImpact
Change-Id: I2388f90b37abb09408809dda8c21da551bcd94bb
1. give each HA failover case an independent vrrp_id
2. give each HA port an independent IP address, so the
interface IPs for router HA ports will be:
169.254.192.100 and 169.254.192.101
169.254.192.102 and 169.254.192.103
169.254.192.104 and 169.254.192.105
169.254.192.106 and 169.254.192.107
VIP of each case will be:
169.254.0.10/24
169.254.0.11/24
169.254.0.12/24
169.254.0.13/24
169.254.0.14/24
Closes-Bug: #1819160
Change-Id: I1216d96af40449ec16a852cc1f6c4f15c85f4546
All of the externally consumed variables from neutron.common.constants
now live in neutron-lib. This patch removes neutron.common.constants
and switches all uses over to lib.
NeutronLibImpact
Depends-On: https://review.openstack.org/#/c/647836/
Change-Id: I3c2f28ecd18996a1cee1ae3af399166defe9da87
Fullstack neutron-server seems do not accept any connection
during the running period sometimes. This patch explicitly
set listening port range for neutron-server API and ovs agent
openflow.
And make sure other client side connection port does not seize
the server side listening.
Change-Id: If2a7977a3ac795db0bc7f726c0b26c5de638ea47
Reduces E128 warnings by ~260 to just ~900,
no way we're getting rid of all of them at once (or ever).
Files under neutron/tests still have a ton of E128 warnings.
Change-Id: I9137150ccf129bf443e33428267cd4bc9c323b54
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
This option is deprecated and marked to be deleted in Ocata. So
as we are now in Stein development cycle I think that it's good time
to remove it.
Change-Id: I07474713206c218710544ad98c08caaa37dbf53a
Fullstack test test_dscp_marking_packets spawns tcpdump
process inside one fake vm's namespace and then tries to
ping this instance from second one.
After that it checks if tcdump captured any packet marked with
specific DSCP mark.
Ping was done usually only once (1 packet) because
it was done by using vm.wait_until_ping() method, so it could
happen sometimes that ping was send before tcpdump actually
started captuting traffic.
In such case test failed because there was no any packet captured.
This patch changes this by:
1. Start tcpdump async process with block=True, so it should be
already really started before test will go to the next steps,
2. Send always 10 packets instead of (usually) only one.
In addition this patch adds logging of captured tcpdump's stdout
and stderr streams. It may help debugging issues with this test in
the future.
Change-Id: I23bbde59af0250267843623dde2c5407059d9db2
Closes-Bug: #1818335
Port forwarding floating IPs QoS should be limited under
the binding QoS policy. So this patch extends the l3-agent
fip-qos agent extension floating IP list with the port
forwarding related IPs.
Change-Id: Iddabfabafc0803edd1e4ac0893dc188f1907234a
Closes-Bug: #1796925
This patch enables to bind a QoS policy to the router gateway,
then in L3 agent side SNAT traffic for the VMs without floating
IPs can be limited under the policy bandwidth rules. This is
suit for all kinds of L3 routers: DVR, DVR with SNAT HA, L3 HA
and Legacy.
API update router gateway json:
{
router": {
"external_gateway_info": {
...
"qos_policy_id": "policy-uuid"
}
}
}
Depends-On: https://review.openstack.org/#/c/567497/
Partially-Implements blueprint: router-gateway-ip-qos
Closes-Bug: #1757044
Related-Bug: #1596611
Change-Id: I26e22bce7edd1f93b2ac0048b61b14f858938537
The bulk port creation scenario requires the ability to generate
multiple MAC addresses for the bulk added ports. This change leverages
the code added in [1] to make bulk MAC creation available.
[1] https://review.openstack.org/510830
Implements: blueprint speed-up-neutron-bulk-creation
Depends-On: https://review.openstack.org/613149
Change-Id: Ia769dadf69781ba511a19c52998949b668963a19
For L3 DVR HA router, the centralized floating IP nat rules are not
installed in every HA node snat namespace. So, install the rules to
all the router snat-namespace on every scheduled HA router host.
Closes-Bug: #1793527
Change-Id: I08132510b3ed374a3f85146498f3624a103873d7
- This change updates _set_bridge_name to set
the bridge name field in the vif binding details.
- This change adds the integration_bridge name
to the agent configuration report.
Change-Id: I454efcb226745c585935d5bd1b3d378f69a55ca2
Closes-Bug: #1788009
On l3-agent restart, prefix delegation subnets weren't always
inserted into the local router_info cache, leading to a missing
ip6tables rule. Add it when the internal network is configured
if the prefix has already been assigned.
Change-Id: Ic045e2763ba2772bcaf037591821501e84e40878
Closes-bug: #1789403
async_process.py and ovsdb_monitor.py are now platform
independent, for which reason we can move them to
neutron/agent/common.
Note that a few subprojects are using async_process. We'll use
debtcollector so that we don't break those projects, while logging
a deprecation warning.
Change-Id: I6a7418cb8680cd71fe16c5d98b9b09ef2d260d37
Zuul