Ovs-agent will scan and process the ports during the
first rpc_loop, and a local port update notification
will be sent out. This will cause these ports to
be processed again in the ovs-agent next (second)
This patch passes the restart flag (iteration num 0)
to the local port_update call trace. After this patch,
the local port_update notification will be ignored in
the first RPC loop.
Default value for "of_interface" config option was switched
to "native" in Pike release.
In the same release this option was deprecated to removal.
Now it's time to remove it and force use of "native" driver to
Co-Authored-By: Ihar Hrachyshka <email@example.com>
Co-Authored-By: Slawek Kaplonski <firstname.lastname@example.org>
Ovs-agent can be very time-consuming in handling a large number
of ports. At this point, the ovs-agent status report may have
exceeded the set timeout value. Some flows updating operations
will not be triggerred. This results in flows loss during agent
restart, especially for hosts to hosts of vxlan tunnel flow.
This fix will let the ovs-agent explicitly, in the first rpc loop,
indicate that the status is restarted. Then l2pop will be required
to update fdb entries.
Sometimes, when the OVSDB is too loaded (that could happen during the
functional tests), there is a delay between the OVSDB post transaction
end and when the register (new or updated) can be read. Although this is
something that should not happen (considering the OVSDB is transactional),
tests should deal with this inconvenience and provide a robust method to
retrieve a value and at the same time check the value. This new method
should provide a retrieving mechanism to read again the value in case of
In order to solve the gate problem ASAP, another bug is fixed in this
patch: to skip the QoS removal when OVS agent is initialized during
When executing functional tests, several OVS QoS policies specific for
minimum bandwidth rules . Because during the functional tests
execution several threads can create more than one minimum bandwidth
QoS policy (something in a production environment cannot happen), the
OVS QoS driver must skip the execution of  to avoid removing other
QoS created in parellel in other tests.
This patch is marking as unstable "test_min_bw_qos_policy_rule_lifecycle"
and "test_bw_limit_qos_port_removed". Those tests will be investigated
once the CI gates are stable.
 Those QoS policies are created only to hold minimum bandwidth rules.
Those policies are marked with:
 d6fba30781/neutron/plugins/ml2/drivers/openvswitch/agent/extension_drivers/qos_driver.py (L43)
Now, that the ovsdb monitor is also available on Windows, we can
use it on Windows as well, minimizing polling.
We're simply moving the bits to the common polling module.
Agent OVS interface code adds ports without a vlan tag,
if neutron-openvswitch-agent fails to set the tag, or takes
too long, the port will be a trunk port, receiving
traffic from the external network or any other port
sending traffic on br-int.
Also, those kinds of ports are triggering a code path
on the ovs-vswitchd revalidator thread which can eventually
hog the CPU of the host (that's a bug under investigation )
Co-Authored-By: Slawek Kaplonski <email@example.com>
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.
neutron-lib contains a number of the plugin related constants from
neutron.plugins.common.constants. This patch consumes those constants
from neutron-lib and removes them from neutron. In addition the notion
of the dummy plugin service type is moved strictly into the test
package of neutron since it's not a real service plugin.
Otherwise we don't see some of them for the agent, for example,
AGENT.root_helper is missing.
To make sure the logging is as early as possible, and to make sure that
options that may be registered by extensions are also logged, some
refactoring was applied to the code to move the extension manager
loading as early as possible, even before agent's __init__ is called.
Refactoring neutron agent linux and ovsdb config opts
to be in neutron/conf/agent so that all the config options
reside in a centralized location. This simplifies the
process of looking up the config opts and provides an easy
way to import.
Refactoring Neutron configuration options for agent common config to be
in neutron/conf/agent/common. This will allow centralization of all
configuration options and provide an easy way to import.
Neutron-lib 1.1.0 is now out and contains the get_random_mac
definition. This patch moves neutron references over to
the neutron-lib version.
This reverts commit 75edc1ff28.
Ports with port security disabled require firewall entries in
neutron-openvswi-FORWARD chain to work properly.
Ports created with no security groups will not get skipped with current
With fixed security groups check, these ports' security groups can not
be updated after creation.
Refactoring ml2 plugin openvswitch driver configuration options to be
in neutron/conf/plugins/ml2/drivers. This would allow centralization
of all configuration options and provides an easy way to import.
Upon restart the agent reconciles the logical with the physical
state by removing/adding physical subports that are used to
be/are current present in the logical view.
This patch adds a functional test to demonstrate that there's
no need to handle the resync in the trunk driver, since the ovs
agent already takes care of it.
Partially-implements: blueprint vlan-aware-vms
neutron-sanity-check tool was importing neutron.tests.base module, which
may be not present on some systems (f.e. RDO splits neutron/tests/
subtree in a separate python-neutron-tests package). It made the tool
not usable in some setups.
This is not the first time when we by mistake import from
neutron.tests.* and break distributions. It's time to stop it by
proactively forbidding that pattern via a new hacking check.
Some functions were moved from neutron.tests.base to
neutron.common.utils to fulfill the need requirement. They were moved
using debtcollector, no current consumers should be affected.
Refactoring neutron common config opts to be in neutron/conf/common so
that all the configuration options reside in a centralized location.
This simplifies the process of looking up the config opts and provides
an easy way to import.
Moved conf/common/config.py to conf/common.py as per review comments.
This change generalizes agent extension code so that all agents can take
advantage of a common mechanism.
Co-Authored-By: Margaret Frances <firstname.lastname@example.org>
Partially-Implements: blueprint l3-agent-extensions
We need to be able to re-use wait_until_true in tempest scenario tests.
There is tempest bug https://bugs.launchpad.net/tempest/+bug/1592345
that prevents us to do so.
Also wait_until_true is not linux specific so it makes more sense to
have it in common package.
Remove IPv4 restriction for local_ip configuration statement.
Check for IP version mismatch of local_ip and remote_ip before creating
Create hash of remote IPv6 address for OVS interface/port name with least
posibility for collissions.
Fix existing tests that fail because of the added check for IP version
and subsequently valid IP addresses in _setup_tunnel_port.
Perform deletion of the stale flows in physical bridges consistently with
br-int and br-tun, respecting drop_flows_on_start configuration option.
Added tests for auxiliary bridge and functional tests for the physical
bridge using VLAN/flat external network. Fixes part of the bug 1514056;
together with  and , the bug should be considered fixed.
The commit also fixes inconsistency between netmask of allocated IP
addresses assigned in _create_test_port_dict and ip_len in _plug_ports
Co-Authored-By: Jian Wen <email@example.com>
With the new RPC calls get_devices_details_and_failed_devices
and update_device_list the agent gets a list of devices
for which some operation failed. The agent can now make use
of this information and instead of syncing all the devices
can sync only those which failed.
With the current change if a device keeps failing, the agent
will try to sync it forever. In a following patch I will limit
the number of retrials.
Partially-Implements: blueprint restructure-l2-agent
When changing datapath_type in the config, physical and tunnel bridges
do not have their datapath_type updated. Calling create() on already
created bridges should be safe as it passes '--may-exist' when adding
the bridge, which will do nothing if the bridge already exists, but
the second part of the transaction will still update things like
It should be noted that ancillary bridges (like br-ex) are not
modified by this patch as datapath_type was never applied to them to
Incidentally, the native and vsctl versions behaved slightly
differently when handling datapath_type: vsctl builds the multi-cmd
transaction with add-br ... -- set ..., so that the second cmd would
actually complete. The native just bailed if may_exist and the bridge
existed. This is fixed as part of this patch.
The original change had to be reverted because it caused
tests failing in the gate. The failures were due to the
fact that when a port was not ready, an exception was
thrown to trigger a full resync of the agent. This
behavior was meant to be temporary and was fixed in a
dependent patch that was not merged though. This revert
moves the handling of not ready ports in this patch.
It also refactors the unit tests a bit.
This reverts commit e7270d9505.
Removed create_agent_config_map method which creates specific
configurations dictionary according to cfg.CONF and call the OVS-agent
with that structure. Passing oslo_config directly to init-method
of OVS-agent is more straightforward and makes it more testable.
Also refactored unit and functional tests of OVS-agent in accordance
with the changes in init-method.
OVSDB monitor generates the events that the OVS agent
needs to process (device added or updated). Instead of
polling the agent processes the queue of events.
Partially-Implements: blueprint restructure-l2-agent
This change will not force a resync in the case where a virtual machine is
deleted, and therefore its OVS port deleted, in between the time an RPC
call was made to get the devices and where we make the call to correlate
those devices to vif ports.
When agent is restarted it drops all existing flows. This
breaks all networking until the flows are re-created.
This change adds an ability to drop only old flows.
Agent_uuid_stamp is added for agents. This agent_uuid_stamp is set as
cookie for flows and then flows with stale cookies are deleted during
Co-Authored-By: Ann Kamyshnikova<firstname.lastname@example.org>
We can skip trying to setup firewall filters for ports which are
having port_security_enabled as False or which are not associated
to any security group.
This functional test spawns the OVS agent, with bandwidth limit rules in
a policy attached to ports. Then it asserts that the low level OVS
bandwidth limits are set for each port.
To make this possible we refactor and extract the base OVS agent test
framework into neutron.tests.functional.agent.l2.base.
Partially-Implements: blueprint ml2-qos