Check if SNAT iptables manager is initialized before processing the
IP NAT rules. If the router never had an external GW port, the DVR
GW in the SNAT namespace has not been created and the SNAT iptables
manager has not been initialized.
In this case, the IP NAT rules for centralized FIPs (to be applied
on the SNAT namespace) cannot be set.
Conflicts:
neutron/tests/functional/agent/l3/framework.py
Closes-Bug: #1945215
Change-Id: I426602514805d728f8cd78e42f2b0979b2101089
(cherry picked from commit f18edfdf45)
(cherry picked from commit b9143c37e0)
When allocating a partially defined segment with VLAN type driver, any
physical network can be returned. The method will select randomly any
VLAN segment available, independently of the physnet configured order.
Conflicts:
neutron/tests/unit/plugins/ml2/drivers/test_type_vlan.py
Change-Id: I4d344f5ca6673b70b69a03503ec0f267bf0cadf7
Closes-Bug: #1929190
(cherry picked from commit 05ce5a1f94)
(cherry picked from commit c823bc3294)
(cherry picked from commit e07b66e710)
(cherry picked from commit 9b0f094564)
When the L3 agent starts, reads the floating IP rule priority from
a state file created by "FipRulePriorityAllocator". In case of not
having all floating IPs registers in this file, the method:
- Creates a new priority for this floating IP.
- Creates the "ip rule" in the namespace.
- Adds a new entry in "self.floating_ips_dict".
All "ip rules" present in the namespace that do not match the
registered fixed IP address ("from") and the priority assigned
are deleted.
Closes-Bug: #1891673
Closes-Bug: #1929821
Conflicts:
neutron/tests/unit/agent/l3/test_dvr_local_router.py
Change-Id: Ia3fbde3304ab5f3c309dc62dbf58274afbcf4614
(cherry picked from commit a03c240ef4)
(cherry picked from commit b4ad1a2775)
In short this patch can cause the privsep reader thread to
die resulting in the l3 agent getting stuck and e.g. not
processing any router updates. See related LP bug for full
explanation.
Closes-Bug: #1927868
This reverts commit 662f483120.
Change-Id: Ide7e9771d08eb623dd75941e425813d9b857b4c6
(cherry picked from commit 344fc0c8d2)
If plugin "network_segment_range" is not enabled and a new segment
is required, if no segmentation ID is provided in the request, the
segmentation ID assigned is randomly retrieved from the non
allocated segmentation IDs.
The goal is to improve the concurrent network (and segment) creation.
If several segments are created in parallel, this random query
will return a different segmentation ID to each one, avoiding the
database retry request.
Closes-Bug: #1920923
Conflicts:
neutron/common/utils.py
neutron/plugins/ml2/drivers/helpers.py
neutron/tests/functional/objects/plugins/ml2/test_base.py
neutron/tests/unit/plugins/ml2/drivers/test_type_vlan.py
Change-Id: Id3f71611a00e69c4f22340ca4d05d95e4373cf69
(cherry picked from commit 6eaa6d83d7)
(cherry picked from commit ab56a5cd65)
neutron.tests.unit.common.test_utils.TestThrottler.test_throttler
is failing with "AssertionError: 1 not greater than 1", change the
assert to assertGreaterEqual.
Change-Id: Iba29ab0b1141e731cc811e8bee076dd5726248b5
Closes-Bug: #1916572
(cherry picked from commit b168232e03)
Commit 80eddc4039 optimized
net delete by including net info into notification payload,
however ML2 plugin needs provider info as well.
Conflicts:
neutron/plugins/ml2/plugin.py
Closes-Bug: #1942469
Change-Id: I9f753be0ce5ae7870afb9b3cb74f89be8482356e
(cherry picked from commit 27edf6b6d3)
It seems that using default singleton=True in the
routes.middleware.RoutesMiddleware which is leading to use thread-local
RequestConfig singleton object is not working well with eventlet
monkeypatching of threading library which we are doing in Neutron.
As a result it leaks memory in neutron-api workers every time when API
request to not existing API endpoint is made by user.
To avoid that memory leak, let's use singletone=False in that
RoutesMiddleware object, at least until problem with thread-local
singleton and eventlet monkey patching will be solved.
Closes-Bug: #1942179
Change-Id: Id3a529248d3984506f0166bdc32e334127a01b7b
(cherry picked from commit e610a5eb9e)
In some cases, the arp entry of snat port is not updated
in qrouter namespace. l3-agent calls get_ports_by_subnet()
while setting arps for the subnet. And the snat port is
not returned if it is still unbound. One of the scenario
this is observed is when router is created, external
gateway set and internal subnet attached to router in
quick succession.
This patch retrieves snat port details from router info
as well and updates arp entry for snat port.
Conflicts:
neutron/agent/l3/dvr_local_router.py
Closes-Bug: #1933092
Change-Id: I7ee797b4b930306cf6360922d855f8b24f1b813d
(cherry picked from commit be7d0bb6ab)
(cherry picked from commit f1a9f4ed62)
Passing newline to the dnsmasq may cause security issues, especially
that in case of Neutron that dhcp options' values are controlled by
cloud users.
This patch removes everything what is after first newline character
in the dhcp_extra_opt's values before passing them to dnsmasq.
Closes-Bug: #1939733
Change-Id: Ifeaf258f0b5ea86f25620ac4116d618980a7272e
(cherry picked from commit df891f0593)
When a new network and its first subnet is created, the DHCP agent
bumps the "load" parameter to reflect the number of networks handled.
This "load" parameter is modified when:
- As commented, when the first subnet of a network is created. The
"load" value is bumped.
- When periodically the DHCP agent sends the status, informing about
the current number of networks handled.
If during the subnet creation this "load" value is not updated, it will
be in the next periodic update of the agent.
This "load" value is used by the scheduler to equally distribute the
objects to be managed by any agent type (DHCP agents manage networks).
The bug refers to DHCP but is valid for any other agent.
Conflicts:
neutron/common/utils.py
neutron/scheduler/base_resource_filter.py
Change-Id: Ief402048d99d40b64d81fcf58eb2e39b1ba7ebbb
Closes-Bug: #1939432
(cherry picked from commit 668b1cc652)
(cherry picked from commit 816aca60b9)
(cherry picked from commit 1eb6b8926a)
(cherry picked from commit f315f85a7b)
"nftables" compatible binary, "ebtables-nft", is not 100% compatible
with the legacy API, as reported in LP#1922892.
This patch fixes the following issues when using "ebtables-nft" (while
keeping compatibility with legacy binary):
- When a new chain is created, a default DROP rule is added at the end
of the chain (append). This will prevent the error code 4 when the
chain is listed.
- The chain rules are added at the begining of the chain (insert),
before the default DROP rule. This will prioritize the port rules.
- The MAC rules are cleaned before the new ones are added. That will
prevent the deletion of any new needed rule, now added after the
deletion.
- The "ebtables" command will retry on error code 4. This is the
error returned when the chains are listed and no rule is present
in a new created chain (reporeted in LP#1922892).
This code is backwards compatible, that means it works with the legacy
"ebtables" binary; this is currently installed in the Neutron CI [1].
In order to test with the new binary, "ebtables-nft", two new CI jobs
are added to the periodic queue [2].
[1]1ad9ca56b0/roles/legacy_ebtables/tasks/main.yaml
[2]https://review.opendev.org/c/openstack/neutron/+/785144
Closes-Bug: #1922892
Related-Bug: #1508155
Closes-Bug: #1938670
Conflicts:
neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_arp_protect.py
Change-Id: I9463b000f6f63e65aaf91d60b30f6c92c01e3baf
(cherry picked from commit 0a931391d8)
(cherry picked from commit fafa5dacd5)
Router_info's _process_internal_ports() method is the one which is
manipulating router_info.internal_ports cache and network_update()
method from the L3 agent is relying on that Router_info's cache to
check if updated network is connected to the router or not.
So they shouldn't be run together as that may cause some race conditions
and unexpected issues, like e.g. described in the related bug.
Until now, network_update event was the only one which was processed
without using queue of events. And because of that such race condition
as described above were possible.
To fix that, this patch changes network_update method in the way that it
now adds update events for each router hosted by agent to the queue.
Those events for single routers are then processed, checks if network is
actually connected to the router and if yes, schedules router update to
be processed.
Conflicts:
neutron/agent/l3/agent.py
Closes-Bug: #1933234
Change-Id: I2efe66a7415f7a18fb85bd2536a1901e751d6203
(cherry picked from commit 6ce48c30bd)
(cherry picked from commit 604b055c71)
(cherry picked from commit 05d0bc6d50)
(cherry picked from commit 463083c713)
It may be useful during debugging some L3 and events related issues.
Related-bug: #1933234
Change-Id: I4bcba0ae82d99fac962d758b48b1727f344ec7bb
(cherry picked from commit 5c9a7fe1b4)
(cherry picked from commit 25f4864d12)
(cherry picked from commit 7de9aa109a)
(cherry picked from commit 5dfd2e5615)
Set "floatingip.fixed_port" attribute as
viewonly. According to [1], "the originating relationship for a
particular state change will not produce state changes within the
viewonly relationship". That means any change on any of those ports
won't change the backref and won't affect "floatingip" object.
Closes-Bug: #1930294
[1]https://docs.sqlalchemy.org/en/14/orm/relationship_api.html
Change-Id: I202a12f82f70b1094cdb986ba404f396d5e0e427
(cherry picked from commit a98fe51b83)
Because the DHCP agent does not know the IAID (identity association
identifier) of assigned IPv6 addresses it's not possible to generate the
lease file including IPv6 leases. Because of this IPv6 addresses are
excluded when generating the lease file in case of DHCP agent restarts.
This causes DHCPv6 clients to fail to RENEW their lease and to go
through a full address discovery cycle with possible short connectivity
disruption.
This commit copies the existing IPv6 leaes from an already existing
lease file if present. While this does not allow for DHCP agent
failover, this is still better than just skipping the IPv6 addresses.
A lease file without the IPv6 addresses is still generated if an agent
is migrated to a different host.
This commit complements the fix implemented in
Ib1b2f284ab81f1c4af7b08b5257b45a3f6e79c3e which just skips the IPv6
leases as otherwise the lease file would be invalid and all leases would
be lost. It does not change the behavior for still valid IPv4 leases.
With this issue fixed an additional fix is required to not loose DHCPv6
leases when the agent restarts dnsmasq. Currently the DHCP agent
regenerates all configuration files on restart. This means that DHCPv6
leases are lost as they can't be regenerated. This changes the agent to
only delete the config files if the agent's ports are also removed.
Closes-Bug: #1722126
Related-Change: Ib1b2f284ab81f1c4af7b08b5257b45a3f6e79c3e
This backport contains some test fixes to make the tests work with
Python 2.7 and the PEP8 N322 check.
Changed file: neutron/tests/unit/agent/linux/test_dhcp.py
Change-Id: I40761b30563749251b9d74731bbe7a80a124da89
(cherry picked from commit 6bc1c00d66)
The added new file make some changes to compatible with python2. So,
it different with origin patch.
Change-Id: I2e89bcb183a75f39ba6aeeef6f1ea355fca59fc8
(cherry picked from commit cbfac6b7a8)
This reverts commit b1811dc1bb.
This backported patch introduced two incompatible calls in python2.7:
- subprocess.communicate does not have timeout as input parameter
- subprocess does not implement TimeoutExpired
Reason for revert: #1933366
Change-Id: I22f3bf543948dcadaf7276762b14198028f40bc6
Floating IP agent gateway ports are created for each external network
for each node where DVR L3 agent is running and where there is some FIP
from the ext_net.
But even, if L3 agent is removed (e.g. when scaling down the cluster),
such floating IP gateway port is never removed so it consumes IP address
from the external network.
With this patch when the DVR L3 agent is deleted, all such fip gateway
ports owned by that agent will be deleted.
When new L3 agent is created (registered in the DB), Neutron will check
if there are any floating IPs on that host and will recreate such FIP
gateway ports for it.
Closes-Bug: #1891360
Change-Id: If6ef990baf039c556d7420962ac4c54608711f06
(cherry picked from commit 8cc7c0cf7a)
- don't re-fetch subnet object from DB
- network is not used in SubnetContext when deleting subnet
Above gives ~35% improvement
Change-Id: I34f850782092f771482a297ae1e68a63ffb027c1
(cherry picked from commit bdd50ffcde)
- pass network dict from ml2 plugin to _create_subnet_postcommit
- skip ipam subnet fetch for non ipv6 auto-address subnets
- don't count subnets (DB request) if subnet has no segment
Change-Id: Iaecfda2700c5316cb25a93496d24ece366e40a4a
(cherry picked from commit f52280287f)
Neutron-keepalived-state-change-monitor process is using HTTP to notify
L3 agent that state of the HA router was changed. It is done through
unix socket.
With HTTP 1.1 connection isn't closed properly and if
router's state was changed more than once in short time, it could happen
that wsgi worker on the L3 agent's side didn't process second request at
all. That caused problem with transitioning router to master state after
creation.
Request to close connection should be explicitly defined in the header
[1] and this patch adds "connection: close" header to the headers send in
such request to do exactly that.
[1] https://www.geeksforgeeks.org/http-headers-connection/
Closes-Bug: #1923633
Change-Id: Ic08ca5b167db4884efa07112cf9a6c3637e1b827
(cherry picked from commit 976cba6133)
This change ensures that neutron relies on the same logic as libvirt
to generate hypervisor hostname, to fix imcompatible hostname format
used in Nova and Neutron for resource provider name in some
configuration pattens like the one generated by TripleO.
Conflicts:
neutron/agent/common/utils.py
neutron/tests/unit/agent/common/test_utils.py
Closes-Bug: #1926693
Change-Id: Iea2533f4c52935b4ecda9ec22fb619c131febfa1
(cherry picked from commit 577217c52d)
Currently neutron uses socket.gethostname() to determine hypervisor
names, but this implementation is not fully compatible with libvirt
driver which uses canonical name for hypervisor name.
This incompatibility causes an issue with root resource provider
detection if a deployment uses FQDNs as canonicanl names.
This change introduces the resource_provider_default_hypervisor option,
so that users can override the hypervisor name by the single option(*1)
instead of setting two list options(*2). This is especially useful if
the deployment has multiple bridges or interfaces.
(*1)
[OVS]
resource_provider_bandwidths=br-data1:1024:1024,br-data2:1024:1024,\
br-data3:1024,1024,br-data4,1024:1024
resource_provider_default_hypervisor=compute0.mydomain
(*2)
[OVS]
resource_provider_bandwidths=br-data1:1024:1024,br-data2:1024:1024,\
br-data3:1024,1024,br-data4,1024:1024
resource_provider_hypervisors=br-data1:compute0.mydomain,br-data2:\
compute0.mydomain,br-data3:compute0.mydomain,br-data4:compute0.mydomain
Conflicts:
neutron/agent/common/utils.py
Related-Bug: #1926693
Change-Id: I692219200535df3af1265248e88c96947e4d8f9d
(cherry picked from commit ddf0fef28b)
During the CI meeting we agreed that non-voting jobs in the branches
which are in Extened Maintenance (EM) phase should be moved to from
the check to the experimental queue.
This patch is doing exactly that.
Change-Id: Ic64fb0926c52408c7199c728ff88348b979d2f93
The rpc_response_max_timeout parameter is used in comminucation over
messaging queue, thus should be available for sriov-agent which
communicate with neutron-server over messaging queue.
Change-Id: Ie6ae31e40488fd8f3d43e83b25e536a7dd9d938c
Closes-Bug: #1930996
(cherry picked from commit be43141a5f)
(cherry picked from commit 04f4d9d406)
(cherry picked from commit 41e603b0c3)
(cherry picked from commit 6badfcd650)
Added common config and SR-IOV agent config parameters to the sanity
check script, to add the following missing configuration parameters:
- default.notify_nova_on_port_status_changes
- default.notify_nova_on_port_data_changes
- sriov_nic.physical_device_mappings
Change-Id: I2a5e1fe3dbc6f2f342feaec92f4c122cfccce6d1
Closes-Bug: #1926170
(cherry picked from commit 28cd6c82e9)
Rodolfo Alonso Hernandez
Zuul
Edward Hope-Morley
LIU Yulong
Oleg Bondarev
Slawek Kaplonski
Hemanth Nakkina
Gaudenz Steinlin
yangjianfeng
Oleg Bondarev
Takashi Kajinami