This patch implements an OVS bridge monitor based in the OVSDB
native implementation (OVSDB IDL, Open vSwitch Database Interface
Definition Language). This new implementation supersedes the CLI
OVSDB monitor.
Partial-Bug: #1789592
Change-Id: I9c512d4cbd4cebf94c339231f83bbe89b37650ba
This incorporates flake8 2.6.x and pycodestyle will be used
instead of older pep8. This ensures future python3 compatibility
and a bit better code styling.
Change-Id: Ia7c7c5a44727f615a151e1e68dd94c7ed42f974f
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.
Change-Id: Ia59753ded73cd23019605668e60cfbc8841e803d
Closes-Bug: #1692951
neutron-lib contains a number of the plugin related constants from
neutron.plugins.common.constants. This patch consumes those constants
from neutron-lib and removes them from neutron. In addition the notion
of the dummy plugin service type is moved strictly into the test
package of neutron since it's not a real service plugin.
NeutronLibImpact
Change-Id: I767c626f3fe6159ab3abd6a7ae3cb9893b79bf66
Otherwise we don't see some of them for the agent, for example,
AGENT.root_helper is missing.
To make sure the logging is as early as possible, and to make sure that
options that may be registered by extensions are also logged, some
refactoring was applied to the code to move the extension manager
loading as early as possible, even before agent's __init__ is called.
Related-Bug: #1718767
Change-Id: I823150cf6406f709d1e4ffa74897d598e80f5329
Replace the calls to the OVSPluginAPI info retrieval functions
with reads directly from the push notification cache.
Since we now depend on the cache for the source of truth, the
'port_update'/'port_delete'/'network_update' handlers are configured
to be called whenever the cache receives a corresponding resource update.
The OVS agent will no longer subscribe to topic notifications for ports
or networks from the legacy notification API.
Partially-Implements: blueprint push-notifications
Change-Id: Ib2234ec1f5d328649c6bb1c3fe07799d3e351f48
idl_factory was removed in favor of just passing in an Idl instance
as an Idl doesn't start a connection until its .run() is called.
The try/excepts will be removed when the ovsdbapp 0.4.0 constraint
changes are merged.
Change-Id: Id22faa1f6179c2fdf8a136972d65f10749c9fc2e
The other_config columns in OVSDB are defined as maps with string
keys and string values. The OVS agent was passing an integer
segmentation id and could pass None as the physical_network.
Unfortunately, the upstream Python OVS library does not pass the
exceptions through to us.
Change-Id: Iafa6be3749b1ee863f5fa71150c708fc46951510
Closes-Bug: #1630920
The use_veth_interconnection config doesn't work fine because
IPDevice is passed into OVSBridge's add_port() although the method
expects port_name. This patch fixes the wrong argument.
Change-Id: I6ea3e37d857f34228c41118709b91f4407555a33
Closes-Bug: #1622850
Physical bridges can cause network disruption when ofctl controller becomes
inaccessible due to heavy load or when the traffic to controller is blocked.
By setting secure fail mode, the openflow rules remain untouched on such
an event, while with the default setting, the flows are cleared.
Co-Authored-By: Jakub Libosvar <libosvar@redhat.com>
Closes-Bug: 1607787
Change-Id: I1dffe0a248664d2a675fd1ca58530c233e335d2d
UpgradeImpact
Previously, local mapping from tunnel ids or vlan ids to internal vlans
was held in ovs agent itself not exposing this mapping outside. This
patch itroduces a singleton object in memory providing needed interface
for handling local vlan mappings.
Partially-implements: blueprint vlan-aware-vms
Partially-implements: blueprint l2-api-extensions
Change-Id: I514c7632c1c26d6cfeb706fc5d829a46dcce3782
get_vif_ports returns ports with INVALID and UNASSIGNED
ofports and get_vif_port_set does not. The main scan_ports
loop uses the latter so any INVALID ofports (i.e. ofport == -1)
will be treated as removed and have their local VLANs reclaimed.
So an INVALID ofport could have the same local VLAN as a new
port that was added after it had been reclaimed.
This was causing an error in the _restore_local_vlan_map function
since it was using get_vif_ports which would cause it to process
INVALID ports as well so it could get two network UUIDs using the
same VLAN.
This fixes it by skipping INVALID and UNASSIGNED ofports in the
vlan restoration so it matches the behavior of scan_ports
(which is responsible for deciding which ports are added/removed
for VLAN allocation).
Closes-Bug: #1526974
Change-Id: I9d722fa4fabd467ded44d9cd291a3fa4d1af90f6
- unit tests were fixed mainly by mocking
Connection class of native implementation.
- some ovs-lib tests rely on direct ovs-vsctl
output. Temporarily decorated with @vsctl_only.
UpgradeImpact
Change-Id: I2632b0e21edd61536867a9fc830a45d9899091e4
When agent starts up, it checks whether patch ports exists
before adding them. But the routine used to query the
patch port's existence is get_port_ofport() which retries
the opertation because of the @_ofport_retry decoration.
This creates an unwanted delay in the startup of the
agent, when the port do not exist.
The port's existence can be checked with port_exists()
call on the bridge with no retries.
Change-Id: I9fac0066d6c03491536a6e2718d6340acd275d9d
Closes-Bug: #1579769
When starting up, we don't want to delete the patch port between br-int
and the physical bridges. In liberty the br-int bridge was changed to
not tear down flows on startup, and change
I9801b76829021c9a0e6358982e1136637634a521 will change the physical
bridges to not tear down flows also.
Without this patch the patch port is torn down and not reinstalled until
after the initial flows are set back up.
Partial-Bug: #1514056
Change-Id: I05bf5105a6f3acf6a313ce6799648a095cf8ec96
Perform deletion of the stale flows in physical bridges consistently with
br-int and br-tun, respecting drop_flows_on_start configuration option.
Added tests for auxiliary bridge and functional tests for the physical
bridge using VLAN/flat external network. Fixes part of the bug 1514056;
together with [1] and [2], the bug should be considered fixed.
The commit also fixes inconsistency between netmask of allocated IP
addresses assigned in _create_test_port_dict and ip_len in _plug_ports
of base.py.
[1] https://review.openstack.org/#/c/297211/
[2] https://review.openstack.org/#/c/297818/
Co-Authored-By: Jian Wen <wenjianhn@gmail.com>
Partial-Bug: 1514056
Change-Id: I9801b76829021c9a0e6358982e1136637634a521
On agent start, we check the interface type to cleanup ports of
wrong type if any. We should not log error on not finding db entry
for interface type, because the interface and hence the db entry
may not exist yet.
Change-Id: Ie619a7fd141fbaa92d39b73f77e5c8c1efc8ec48
Closes-Bug: #1545058
When starting up, we don't want to delete the patch port between br-int
and br-tun unless we're also dropping the flows.. In liberty both of
these bridges were switched to not dump flows on startup and to put the
bridges in secure mode so that default flood flows are not installed
when the bridge is created.
Without this patch the patch port is torn down and not reinstalled until
br-tun is setup again.
Partial-Bug: #1514056
Change-Id: Ia518a99a2de5d1bda467fde57892c43970f88bcd
OVSDB implementation refuses to set options:peer column value
as there is no such column in the Interface table. The correct way
is to set 'options' column value to a map containing key 'peer', as
already used in ovs_lib.
Change-Id: Ib5e956f425b36f54cda017c91ac71d9d7ee9747c
Closes-Bug: 1528894
This patch makes sure that existing connection breaks once security
group rule that allowed such connection is removed. Due to correctly
track connections on the same hypervisor, zones were changed from
per-port to per-network (based on port's vlan tag). This information is
now stored in register 6. Also there was added a test for RELATED
connections to avoid marking such connection as invalid by REPLY rules.
Closes-Bug: 1549370
Change-Id: Ibb5942a980ddd8f2dd7ac328e9559a80c05789bb
Change I4b4527c28d0738890e33b343c9e17941e780bc24 introduced a
validate_local_ip sanity check for the local_ip to see that it
belongs to the host.
This method uses linux specific implementation that fails on windows.
This patch fixes this bug by adding a implementation for
validate_local_ip that works on windows as well, using netifaces.
Change-Id: Ia8299512687d9d7135fe013fbb38f2b28d54125d
Closes-Bug: #1497940
- Introduces an API to allow l2-agents to access resources within
the Open vSwitch Agent, specifically the integration and tunnel bridges.
- adds consume_api method to the AgentCoreResourceExtension class.
- modifies the AgentExtensionManager class to accept the AgentExtensionAPI
class as an optional argument.
- adds the OVSAgentExtensionAPI class.
- modifies ovs_lib and ofswitch to include a list of uuid stamps
to exempt from flow deletion.
- adds the OVSBridgeCookieMixin class that manages the distribution of
cookies and maintains the list of reserved cookies.
- modifies OVSNeutronAgent to initialize OVSAgentExtensionAPI and pass
into the AgentExtensionManager.
Partial-Bug: #1517903
Co-Authored-By: Nate Johnston <nate_johnston@cable.comcast.com>
Co-Authored-By: Thomas Morin <thomas.morin@orange.com>
Implements: blueprint l2-api-extensions
Change-Id: I7cb61f30689dff2d7895d444060dedc1532a63ec
With the new RPC calls get_devices_details_and_failed_devices
and update_device_list the agent gets a list of devices
for which some operation failed. The agent can now make use
of this information and instead of syncing all the devices
can sync only those which failed.
With the current change if a device keeps failing, the agent
will try to sync it forever. In a following patch I will limit
the number of retrials.
Partially-Implements: blueprint restructure-l2-agent
Change-Id: I295dc79031a0547f8687c5835c7ba7bbc43df36d
When changing datapath_type in the config, physical and tunnel bridges
do not have their datapath_type updated. Calling create() on already
created bridges should be safe as it passes '--may-exist' when adding
the bridge, which will do nothing if the bridge already exists, but
the second part of the transaction will still update things like
datapath_type.
It should be noted that ancillary bridges (like br-ex) are not
modified by this patch as datapath_type was never applied to them to
begin with.
Incidentally, the native and vsctl versions behaved slightly
differently when handling datapath_type: vsctl builds the multi-cmd
transaction with add-br ... -- set ..., so that the second cmd would
actually complete. The native just bailed if may_exist and the bridge
existed. This is fixed as part of this patch.
Change-Id: Ib8bc817c7bc724d80193d0ca7af480a7ea103f77
Closes-Bug: 1532273
The original change had to be reverted because it caused
tests failing in the gate. The failures were due to the
fact that when a port was not ready, an exception was
thrown to trigger a full resync of the agent. This
behavior was meant to be temporary and was fixed in a
dependent patch that was not merged though. This revert
moves the handling of not ready ports in this patch.
It also refactors the unit tests a bit.
This reverts commit e7270d9505.
Change-Id: I6574cef3c95525ace6a98cf968ee159190681394
Removed create_agent_config_map method which creates specific
configurations dictionary according to cfg.CONF and call the OVS-agent
with that structure. Passing oslo_config directly to init-method
of OVS-agent is more straightforward and makes it more testable.
Also refactored unit and functional tests of OVS-agent in accordance
with the changes in init-method.
Closes-bug: #1464394
Change-Id: I88742e4d454709e35481f2c505c9d64995497cac
Adds the ovs 'config' property which returns the contents of the
single row of the Open_vSwitch table. This gives access to certain
OVS capabilities such as datapath_types and iface_types.
Using this information in concert with the datapath_type config
option, vif details are calculated by the OVS mech driver. If
datapath_type == 'netdev' and OVS on the agent host is capable of
supporting dpdkvhostuser, then it is used.
Authored-By: Terry Wilson <twilson@redhat.com>
Co-Authored-By: Sean Mooney <sean.k.mooney@intel.com>
Closes-Bug: #1506127
Change-Id: I5047f1d1276e2f52ff02a0cba136e222779d059c
Now that we have the constant defined, we should reuse it from other
code to avoid potential typos.
Change-Id: Iebb270be46b116df3441370dc1a6784571311aa9
This might be associated to manifestation of bug #1514935
This reverts commit 1992d52d63.
Closes-Bug: #1514935
Change-Id: If01cc87b6735e1bc039f99c4c6121e7c5ce547d0
OVSDB monitor generates the events that the OVS agent
needs to process (device added or updated). Instead of
polling the agent processes the queue of events.
Change-Id: I168a3cc3aa96a809153a30635ad7bda29e8ee47c
Partially-Implements: blueprint restructure-l2-agent
Some callers of ip_lib.device_exists() have already instantiated
an IPDevice object, let's move the device existence check into
the IPDevice class so they can call it directly.
Change-Id: I3cdcd0a86b77e1fd5a808b7a5f0de2057f1e90c1
In OVS Agent rpc_loop() resync mechanism clears the registered ports and
rescans them again, and it might result in missing some "port removed"
event and treat_devices_removed will not be called.
This fix rescans the newly updated ports when resync mechanism called,
without clearing the current registered ports.
The registered ports will be cleared only if there are too many
consecutive resyncs to avoid resycing forever because of the same
faulty port.
Closes-Bug: #1329223
Co-Authored-By: Andrey Epifanov <aepifanov@mirantis.com>
Co-Authored-By: Gandharva S <gandharva.s@hp.com>
Co-Authored-By: Romil Gupta <romilg@hp.com>
Co-Authored-By: Rossella Sblendido <rsblendido@gmail.com>
Change-Id: Ib0db9dcf889d9fd90b623857782c9a6b091e18f5
The new option for the ovs agent will enable to set/unset the
csum option for the vxlan/gre tunnels. The default is maintained as False.
Change-Id: I18dcd8946b585e70f8890a5c222ea37059c4a0c5
Implements: bp ovs-tunnel-csum-option
Closes-bug: #1492111
Introduce an alternative OpenFlow implementation, "native",
implemented using Ryu ofproto python library from Ryu SDN Framework.
Make it selectable with of_driver=native agent option.
The aim is to replace the existing ovs-ofctl based implementation
eventually.
It introduces node-local OpenFlow controller embedded in
OVS agent. Benefits include:
* Reduce the overhead of invoking ovs-ofctl command (and associated
rootwrap)
* Make future uses of OpenFlow asynchronous messages (e.g. Packet-In,
Port-Status, etc) easier
* Make XenAPI integration simpler
Highlights:
* Switch to OpenFlow 1.3.
* Make OVS-agent act as an OpenFlow controller
* Configure OVS on the node to connect to the controller
DocImpact
Implements: blueprint ovs-ofctl-to-python
Co-Authored-by: IWAMOTO Toshihiro <iwamoto@valinux.co.jp>
Change-Id: I02e65ea7c6083b2c0a686fed2ab04da4d92b21a3
This change introduces a new datapath_type parameter
to allow specification of the ovs datapath to be used.
This change introduces new functional and unit tests.
DocImpact
Change-Id: I929d8d15fc6cfdb799c53ef0f3722f4ed5c1096d
Partial-Bug: #1469871
When agent is restarted it drops all existing flows. This
breaks all networking until the flows are re-created.
This change adds an ability to drop only old flows.
Agent_uuid_stamp is added for agents. This agent_uuid_stamp is set as
cookie for flows and then flows with stale cookies are deleted during
cleanup.
Co-Authored-By: Ann Kamyshnikova<akamyshnikova@mirantis.com>
Closes-bug: #1383674
DocImpact
Change-Id: I95070d8218859d4fff1d572c1792cdf6019dd7ea
In Python 3, this happens:
>>> d = {}
>>> a = d.values()
>>> b = d.values()
>>> a == b
False
And anyway we're not really willing to pass dict_values objects around; we are
expecting lists, just like in Python 2, so let's just do the conversion.
Change-Id: I62ef32d50ba5ce64a653ffc62ba18c53cab9b15c
Blueprint: neutron-python3
when ovs-agent set a tag for a port, it will first remove all
flows on this port, because it should guarantee that no drop_port
flow installed by port_dead remains, so arp spoofing protection
flow must be installed after it.
Closes-Bug: #1472452
Change-Id: I566d0fd93b39e81a34214f1a7a0a1decc9a169d6
OVSBridge was inheriting db_list from BaseOVS, which was
returning the information of all the ports on the machine,
not only the ones belonging to the bridge.
The OVSNeutronAgent was using that method with the assumption
that ports were filtered by bridge.
To avoid confusion, this patch add a new method to OVSBridge
get_ports_attributes to query the info for all the ports
belonging to the bridge.
db_list is removed from BaseOVS since that method is already
available in ovsdb/api.py
ovs_lib methods that use db_list are refactored accordingly.
Co-Authored-By: Assaf Muller <amuller@redhat.com>
Change-Id: I2ce6d232744f48ba7fc0f824a7db32e3655bc2aa
Closes-Bug: 1473199
The rename from Quantum to Neutron left a few q_ strings
around, let's go ahead and clean them up.
Change-Id: I06e6bdbd0c2f3a25bb90b5fa291009b9ec2d471d
Rodolfo Alonso Hernandez