The OVS Firewall has a singleton class that manages the conjuction IDs
to used in the OF rules. Those conjuntions are used to group rules
related to remote security group IDs.
Now each time the OVS agent is started, the OVS Firewall initial
conjunction ID is calculated based on the present OF rules. This value
and the next one used won't clash with any present rule in the
integration bridge during the initial transient period.
Related-Bug: #1934917
Change-Id: Ie2e4441f766947a2164dec2d1555c7049428903f
This patch switches over to callback payloads for ROUTER
BEFORE_CREATE, PRECOMMIT_CREATE, BEFORE_UPDATE and
PRECOMMIT_DELETE events.
Change-Id: I4a52c773d3f753c918df0986f1d261083156651c
This patch adds new API extension to QoS service plugin
to allow CURD actions for packet rate limit (packet per
second) rule in Neutron server side.
NOTE: This patch will NOT implement the real functionality
in L2/L3 backend to limit the pps.
Co-Authored-By: NANALI <lin203@chinaunicom.cn>
Closes-bug: #1912460
Change-Id: Icc88accb88d9cec40c960c56f032c3c27317b42e
It is possible for events from the nb/sb to fire before the opposite
db connection is made. These events can call back into driver code
which tries to access the other db before it is connected.
Closes-Bug: #1929197
Closes-Bug: #1928794
Closes-Bug: #1929633
Change-Id: If947581b90ced42981c4611c32de8f428a052c69
The os-resource-classes lib is the official source of the standard
placement resource classes. Currently, the neutron-lib contains a copy
of those constants. However, they are already marked as deprecated and
are going to be removed with next major release.
Related-Bug: #1934256
Change-Id: I33ecd6f32410f9b7ab1e87a6640201ea157bc383
This patch switches the code over to the payload style of callbacks
for PORT BEFORE_CREATE and PRECOMMIT_CREATE events
Change-Id: Ia6903be1af4de575ab9d82c9cb0c88290d07abb3
In python3.9, ipaddress.IPv4Interface does not support defining an
IP address with leading zeroes. E.g.:
>>> ipaddress.IPv4Interface('00.0.0.0/0')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.9/ipaddress.py", line 1390, in __init__
IPv4Address.__init__(self, addr)
File "/usr/lib/python3.9/ipaddress.py", line 1307, in __init__
self._ip = self._ip_int_from_string(addr_str)
File "/usr/lib/python3.9/ipaddress.py", line 1199, in
_ip_int_from_string
raise AddressValueError("%s in %r" % (exc, ip_str)) from None
ipaddress.AddressValueError: Leading zeros are not permitted in '00' in
'00.0.0.0'
Change-Id: I29137b22c158e979e81be9e41464948aa99f5498
Closes-Bug: #1930222
This patch switches over to the payload style of callbacks for
NETWORK based events. As part of this change a few shims are needed
to handle cases where some callbacks don't yet use payloads and others
do. Once we move over to payloads for all callbacks the shims can be
removed.
NeutronLibImpact
Change-Id: I889364b5d184d47a79fe6ed604ce13a4b334acfa
This patch switches the code over to the payload style of callbacks [1]
for TRUNK and SUBPORTS events. As needed existing callbacks are shimmed
to support both payload and kwarg style callbacks. These shims will be
removed once all callbacks are switched over to payloads.
Also the neutron.services.trunk.callback module is removed as consumers
will no longer need the TrunkPayload therein.
NeutronLibImpact
[1]
https://docs.openstack.org/neutron-lib/latest/contributor/callbacks.html
Change-Id: Ie302b48b283f8780072b5c9e2bc8787d87c11794
This patch removes a conditional check in the update_router() method
which was verifying if snat was enabled in order to update the nat
rules. This check does not make sense in the update method as if snat
was disabled we should still call update_nat_rules() which will then
remove the NAT entry from the OVN NB DB.
Change-Id: Ice20d22365acaf33ee211b1e38b7d0bc151c1ba8
Closes-Bug: #1922089
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
In python3 dict.values() doesn't return list but instead dict_values,
it must be converted to list to "enjoy" list operations like insert.
Add unit tests to be sure.
Closes-Bug: #1923423
Change-Id: Ie270ac2ee65c02bdb099d11af7f1d2fb62ad0f61
This commit makes the delete_router_port() method from OVNClient more
resilient to NotFound errors. Apart from the L3 plugin, this method is
also invoked by the maintenance task to fix stale/not-up-to-date objects
in the OVN database, and since the maintenance task runs every 5 minutes
only it could happen that some objects fetched by delete_router_port()
are gone by the moment that method is invoked.
Change-Id: I0d78278797beb2af42ec38462e2b2edc8e2a4ae6
Closes-Bug: #1920968
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This is patchset 2 of 2 for OVN driver handling of security-group-logging.
It includes the core changes and tests for this feature.
This feature requires OVN 20.12 [0] or newer. Functional test will be
skipped for non-supported versions.
Related-Bug: 1468366
Closes-Bug: 1914757
[0]: 880dca99ea
Change-Id: Ic86fa70eb34c9b178267b80de1f8883a3ef03e98
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
When an floating IP is dissasociated from an internal port, the QoS
rule in the OVN database should be removed too. This patch adds a
QoS extension call to delete the QoS rules in OVN in this case.
Change-Id: I00794e9c6403bbe528ea398b981e54d41d53b5a5
Closes-Bug: #1916470
Minimum bandwidth QoS rule is only applicable for the network which is
backed by physical networks.
It will raise exception when you want to set Minimum bandwidth QoS rule
or update rule on network without ports.
Closes-Bug: #1913180
Change-Id: I6ab945086b13730ad60957760bbc2eb5c321aca2
During the live migration trunk subports where updated only based
on the "host_id" field. But when rpc message to update subports
is send trunk's port is still bound to the old host and has
"migrating_to" field in binding:profile set to the new host.
Because of that binding:host_id for the subport's port wasn't updated
proberly and port was set to DOWN on the new host.
That could even cause connectivity break if L2population is used in the
cloud.
This patch fixes that by updating subport's binding:host_id field based
on the migrating_to field if that is available and not empty.
Closes-Bug: #1914747
Change-Id: I98e55242d381ada642ca0729e9aefdea7628c945
get_schema_helper() makes a direct short-lived connection to the
ovsb-server to grab the running schema before we initiate a
connection for the Idl. Moving the schema retrieving code out of
the path of starting the connection allows us to adjust to the
ovsdb-server's schema version at driver init instead of having to
set it in post_fork_initialize().
One benefit of this is that Events can be more easily defined to
watch for a table which might change depending on the schema, e.g.
Chassis vs Chassis_Private.
Change-Id: Ia3dd792f4335fcde0df7d11e6aaf693dd9611bb6
Only min bw rules are required hence no need to fetch
all rules of QoS policy.
Also no need to get qos policy from DB
Partial-Bug: #1905726
Change-Id: Iad29cb34825adaa8c766d01b192a6bbe9992148b
create port forwarding, should set floating ip status running, delete all port
forwarding, the floating ip status should be down.
Closes-Bug: #1910334
Change-Id: I8b3e4bf6b3cac3a95ea76b85dd4882ddafc962c8
When an OVO revision number transaction constraint is requested
in the HTTP header, the OVO standard attributes revision number
should be checked only once, because:
- The revision number constrain refers to a single resource; only
a single check is needed.
- Some backends (OVN), execute more than one DB transaction.
As reported in the related LP bug, the second time the OVO is
checked during the second DB transaction, the revision number of
the OVO has been bumped and does not match with the original
number requested.
Closes-Bug: #1909008
Change-Id: I25c36b1604e5855a22960f1b504a79f740c134bb
assertItemsEqual was removed from Python's unittest.TestCase in
Python 3.3 [1][2]. We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
NOTE(dmllr): added hacking check
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I7c20fec08e5dc9f67b34100c925ea6724bbd25f0
- Add api extension and db model changes to support remote_address_group_id
in SG rules.
- RPC and firewall agent changes will be in the follow-up patches.
Change-Id: I99681736d05eefd82bdba72b3866eab9468ef5dd
Implements: blueprint address-groups-in-sg-rules
After OVS 2.8.2 is released all tables shoud have the external_ids
column. Unit tests now expect external_ids parameters too.
Change-Id: I7f244be2a1991cb39f4df6f1a9f12b19ac7e1c61
Signed-off-by: Elvira García Ruiz <egarciar@redhat.com>
Fix unit test for ovn port forwarding to:
- Use assertCountEqual to ignore the order of the content when it should;
- Fix (expected, actual) parameters in assertEqual
TrivialFix
Change-Id: I0bbea25861b078a0da8b8feaa4a6251527cc5979
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
Extend neutron metering agent to generate Granular metering data.
The rationale here is to have data (bytes and packets) not just in
a label basis, but also in tenant, router, and router-label, and tenant-label
basis. This allows operators to develop more complex network monitoring
solutions.
Moreover, I added documentation to explain what is the neutron metering agent,
its configs, and different message formats.
Change-Id: I7b6172f88efd4df89d7bed9a0af52f80c61acbe0
Implements: https://blueprints.launchpad.net/neutron/+spec/granular-metering-data
Closes-Bug: #1886949
This patch implements in the OVN backend the existing floating
IP QoS extension.
The OVN client, using the existing QoS extension, will retrieve
the QoS rules attached to each floating IP, the router where the
floating IP lives and the router gateway port. The QoS rules
will be applied on the router gateway port.
The OVN NB QoS rules for floating IP addresses have a "match"
field containing a tuple of parameters:
- The direction of the flow:
'inport == "src"' or
'outport == "dst"'
- The IP address to match:
'ip4.src == 1.2.3.4' or
'ip4.dst == 1.2.3.4'
- The chassis where the port is located:
'is_chassis_resident("chassis")'
Closes-Bug: #1877408
Related-Bug: #1596611
Depends-On: https://review.opendev.org/#/c/727847/
Change-Id: Ib65d8edcb0a415f6d698c952334d3b4bb0d9fff6
There is no real reason we should be using some of the
terms we do, they're outdated, and we're behind other
open-source projects in this respect. Let's switch to
using more inclusive terms in all possible places.
Change-Id: I99913107e803384b34cbd5ca588451b1cf64d594
This is a subset of the changes for implementing the floating IP
port forwarding feature in neutron, using OVN as the backend.
This changeset covers the core implementation for portforwarding/drivers/ovn,
mech_driver, ovn-router as well as a subset of tests.
Port forwarding support in ovn_db_sync is not included here to facilitate review.
That, as well as all other supporting changes, are under the ovn/port_forwarding topic:
https://review.opendev.org/#/q/topic:ovn/port_forwarding+(status:open+OR+status:merged)
Depends-On: https://review.opendev.org/#/c/726478/
Partially-implements: ovn/port_forwarding
Partial-Bug: #1877447
Change-Id: I019fe11ac1ddcf2304f3f144c62d52667fc11dce
This is a follow up for https://review.opendev.org/#/c/738145/
During backporting review, it became clear that unit test had a
flaw. It assumed that order of items in dictionary that make up
the exception message did not change. That is not true, based
on the python version used.
This follow up also includes a review feedback that did not make
into the original change: rename function that raises exception
to have "raise" in its name (raise_port_forwarding_update_failed).
Change-Id: I6fcd64e205e584017e6c9022f82a5497ea1cc576
Closes-Bug: #1878299
Add validator to update_floatingip_port_forwarding so codepath does not
attempt performing invalid database operation. With that, operation fails
right away, with a hint on the offending argument(s).
Change-Id: I8284b22c5d691bfd9eadeb8590c3d4b27d261b04
Closes-Bug: #1878299
Rodolfo Alonso Hernandez