This commit adds possibility to configure fip port_forwarding
service plugin and l3 extension with devstack plugin for OVN.
Since OVN uses API workers, this change also introduces the
callbacks necessary in pf_plugin, so events related to port
forwarding are sent using neutron_lib callbacks registry.
Related-Bug: #1877447
Change-Id: I8124fac13bf4d802d232e8b3976e6a2cebc72106
Looks like this was initially missed on the OVN migration,
but after talking with Octavia, this setup should really
all live here since it's SDN-specific things that are
being configured.
Content basically copied from the octavia devstack/plugin.sh
script with some small modifications to support OVN.
Change-Id: Idb80cd164c6b41ca6636373696a9a1e7f19b5e62
This patch is moving the DevStack module to deploy OVN to the Neutron
DevStack plugin.
As a first step, this plugin will continue to use the
openstack/networking-ovn repository and, as we advance into the mergings
steps we will modify this plugin (just few lines) to use the code in
the Neutron repository itself.
TODO's where left in the code on top of all the bits that will change
once the networking-ovn code is merged into Neutron.
Below is a snippet of the what needs to be enabled in local.conf to get
OVN deployed:
[[local|localrc]]
enable_plugin neutron https://opendev.org/openstack/neutron
Q_AGENT=ovn
Q_ML2_PLUGIN_MECHANISM_DRIVERS=ovn,logger
Q_ML2_PLUGIN_TYPE_DRIVERS=local,flat,vlan,geneve
Q_ML2_TENANT_NETWORK_TYPE="geneve"
Partially-Implements: blueprint neutron-ovn-merge
Change-Id: I24ab11ab923339959eecfbaed79a3ceadc4a87f4
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This commit adds possibility to configure L3 conntrack_helper
service plugin and l3 extension with devstack plugin.
Related-Bug: #1823633
Change-Id: Ie96ff80f1c296c40ec2cd82c8d917a8bb262b12e
No longer build the OVS kernel modules when installing from
source. This was added when OVS didn't support conntrack,
which hasn't been the case for a while.
This is breaking one of the networking-ovn repos periodic jobs.
Depends-on: https://review.opendev.org/#/c/680066/
Change-Id: Ia9cc8f3ee11802f51317eb0e7c82fadd1c15c4b4
Closes-bug: #1830248
When openvswitch firewall driver is used, it is required to load
nf_conntrack_proto_gre kernel module to make GRE tunnels from VM to VM
working properly.
This patch adds such info in ovs firewall documentation as it should be
deployer decision to load or not load this module.
This patch also adds sanity check which checks if nf_conntrack_proto_gre
module is loaded or not, and can warn user when this module is not
loaded.
It also adds loading of this kernel module in neutron devstack plugin.
Change-Id: Ic97ca00c804f0a540ee0dc53d9e4e07bf8410869
Closes-Bug: #1828053
This patch implements devstack plugin for network-segment-range api.
The network-segment-range api service is based on network-segment-range
spec [1].
[1] https://specs.openstack.org/openstack/neutron-specs/specs/stein/network-segment-range-management.html
Co-authored-by: Allain Legacy <Allain.legacy@windriver.com>
Partially-implements: blueprint network-segment-range-management
Change-Id: I09116a4323763db12917e03f354cf0ef25289fd0
This patch implements the L3 agent side router gateway IP rate
limit. For routers in centralized snat node (network node),
the tc rules will be set on the corresponding device in router
namespace:
1. Legacy and HA router, qrouter-namespace and qg-device
2. Dvr (edge) router, snat namespace and qg-device
If gateway IP rate limit was set, then under the same router,
all the VMs without floating IP will share the bandwidth.
Partially-Implements blueprint: router-gateway-ip-qos
Closes-Bug: #1757044
Change-Id: Ie92ff0d4df0e85ce71c7d50f34ea6ff973812af8
This commit adds possibility to configure fip port_forwarding
service plugin and l3 extension with devstack plugin.
Change-Id: If01dd1db1b4a44ba2f7e2d8f8326e331f9dc79e9
Adds devstack configs to try to enable the L3 agent
extension `fip_qos` by checking the API service
extension router, agent and QoS.
Once this L3 agent extension works during the devstack
zuul job installation, we can continue to run the
neutron-tempest-plugin tests for floating IP QoS.
Partially-Implements blueprint: floating-ip-rate-limit
Change-Id: Ibef48e7842a276fe77c901403d67760871f2b7e0
This will be used in a job that will run neutron designate integration
tests from the neutron-tempest-plugin repo.
Change-Id: Ib380d8a98e991a475b20140f5c37e3747aa5fc0c
Needed-By: I9c2eadf1dc86cb60190fb22393a02ffa02770620
If devstack triggers a plugin that directly imports from devstack/lib/*
before triggering neutron's plugin.sh, NEUTRON_* variables that are used
in some devstack/lib/* files may not be set.
The ``settings`` file is sourced by devstack for all repos before any of
plugins enabled in the environment is triggered, and so moving NEUTRON_*
definitions there should guarantee for us that the variables are set
when the first enabled plugin is executed.
Since Q_PLUGIN_CONF_PATH and Q_PLUGIN_CONF_FILE are defined in
lib/neutron_plugins/ml2:neutron_plugin_configure_common, and we want to
avoid triggering that code from the plugin, we need to duplicate values
for NEUTRON_CORE_PLUGIN_CONF_PATH and NEUTRON_CORE_PLUGIN_CONF from
there.
Closes-Bug: #1675022
Change-Id: Ib65d3615fba270c2fd6c116218bbb95a29f56aa6
All services except q-sriov-agt now have their neutron-* counterparts.
The only service left behind is the SRIOV agent since it's not critical
to cover it right now, because it's not deployed in gate with the new
lib/neutron code.
Change-Id: I2fbd7649b6ef312940dca704ed3ebdb1e2e93576
Co-Authored-By: YAMAMOTO Takashi <yamamoto@midokura.com>
Those are generally defined by new lib/neutron code.
Change-Id: I2dd0128267b8a836c392d7ac26ade5bd0f421997
Co-Authored-By: YAMAMOTO Takashi <yamamoto@midokura.com>
Instead of making devstack enable it, because it can have
undesired effects for other rally-using gate jobs.
(See Closes-Bug for an example)
Closes-Bug: #1643451
Change-Id: Id971432955196a7d5f64c598aeebf1a7bc245321
This allows us to configure neutron when running the rally job in
the gate. This effort stems from patch [1]. Blame Kevin for not
wanting to squash the two together.
[1] I12aaf6121b677e9696131601b3539a7091e2858c
Change-Id: I006957784ac7900021bcfee57cbc83b5a6c533c4
This adds revises_on_change for the following models
and API tests to ensure the correct behavior:
* port security (network and port)
* DNS domain (network and port)
* extra dhcp opts (port)
* extra routes (router)
* subnet service type (subnet)
Additionally, it configures the DNS extension to be loaded
in the gate since the extension is enabled for tempest.
Closes-Bug: #1627649
Change-Id: Ifa969c8c2582f8f41d42df07652f259781a36bb5
This patch enables basic CRUD operations on trunk ports and defines
related API extensions. Trunk ports and sub-ports can be persisted
in the Neutron model and are made visible through the API, but the
L2 agent is not notified and no trunk ports or subports are actually
instantiated on compute hosts.
This one of the main patches in the series that implement the end
to end functionality.
Partially-implements: blueprint vlan-aware-vms
Co-Authored-By: Armando Migliaccio <armamig@gmail.com>
Change-Id: I26453eb9a1b25e116193417271400994ac57e4c1
Macvtap agent can now be configured via this devstack.
Note that it is only supported in multinode environments
as compute node. The controller node still needs to run
linuxbridge or ovs.
Documentation will be added in devstack via [1]
[1] https://review.openstack.org/292778
Example:
OVS Controller
--------------
Make sure that the controller
- loads the macvtap ml2 driver
- uses vlan or flat networking
Macvtap Compute Node local.conf
-------------------------------
[[local|localrc]]
SERVICE_HOST=1.2.3.4
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
disable_all_services
enable_plugin neutron git://git.openstack.org/openstack/neutron
enable_service n-cpu
enable_service q-agt
Q_AGENT=macvtap
PHYSICAL_NETWORK=default
[[post-config|/$Q_PLUGIN_CONF_FILE]]
[macvtap]
physical_interface_mappings = $PHYSICAL_NETWORK:eth1
Closes-Bug: #1557407
Change-Id: I0dd4c0d34d5f1c35b397e5e392ce107fb984b0ba
Once the spinout is undergoing we should perform the eviction.
Partially-implements: blueprint bgp-spinout
Depends-on: I8be510153edbc496575cde34943ca4c56645e0fb
Change-Id: I20b6ddd37d10eae70e8294d578e53137c0f866fe
This eases the deployment of a devstack machine with the latest
Open vSwitch bits, adding this to local.conf provides a fully
featured ovs-ct firewall setup:
enable_plugin neutron git://git.openstack.org/openstack/neutron
Q_BUILD_OVS_FROM_GIT=True
[[post-config|/$Q_PLUGIN_CONF_FILE]]
[securitygroup]
firewall_driver = openvswitch
Change-Id: Ia7ad1658b95d7404384c7cae833008a57e3e5af1
This patch implements a new agent named "BgpDrAgent". The new agent
will host different BGP speaking drivers and makes the required BGP
peering session/s for neutron. The agent takes the needed "peer/s and
route/s" information from the BGP speaker entity and synchronize the
same to the registerd driver.
For realizing HA, two BgpDrAgents should host the same BGP speaker.
Partially-Implements: blueprint bgp-dynamic-routing
Co-Authored-By: Ryan Tidwell <ryan.tidwell@hpe.com>
Co-Authored-By: Jaume Devesa <devvesa@gmail.com>
Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
Change-Id: I3217795bdd0fa2d9d4b39274f4f95fc013c8d29d
This patch enables basic CRUD on BGP dynamic routing
entities bgp_speaker and bgp_peer, as well as
bgp_speaker-bgp_peer and bgp_speaker-network
bindings.
An admin user can create BgpSpeakers and configure
peering entities (BgpPeers) for BgpSpeakers. BgpSpeaker
to BgpPeer association is n-to-n. An admin user can
also associate networks with BgpSpeakers. Relationship
between BgpSpeaker and Network is 1-to-n.
This patch provides BGP-related functionality only to
the admin users.
Partially-Implements: blueprint bgp-dynamic-routing
Co-Authored-By: Ryan Tidwell <ryan.tidwell@hpe.com>
Co-Authored-By: Jaume Devesa <devvesa@gmail.com>
Co-Authored-By: vikram.choudhary <vikram.choudhary@huawei.com>
Change-Id: I2412c1689683da9d7ec884a4cea506d4eed99453
Make flavor service profile store actual driver instead of
hardcoded dummy driver. Ensure service type on flavor persisted.
Raise ServiceProfileDriverNotFound if non-empty driver is not part
of ServiceTypeManager providers.
Raise ServiceProfileEmpty if profile has neither a driver nor
any metainfo.
Raise InvalidFlavorServiceType if invalid service type passed.
Show flavors associated with a profile, not just profiles associated
with a flavor, to ease diagnosis when ServiceProfileInUse raised.
Create method to extract provider given a flavor for use with
neutron-lbaas plus tests.
Ensure various boolean forms accepted for enabled flag.
To enable in DevStack, add to local.conf:
enable_plugin neutron https://git.openstack.org/openstack/neutron
enable_service q-flavors
Add associated unit tests. Fix tempest api test that used invalid
LOADBALANCERS service type.
Change-Id: I5c22ab655a8e2a2e586c10eae9de9b72db49755f
Implements: blueprint neutron-flavor-framework
For now it only supports q-qos service that is used to configure QoS service
plugin. It also adds ability to enable l2 agent extensions.
To check that it works, I am enabling QoS tests back for API job.
Partially-Implements: blueprint quantum-qos-api
Change-Id: I19e4fe0cf5ecc55397628017631c3ff6718ce36f