778 Commits

Author SHA1 Message Date
Arnau Verdaguer
fa2179278f [OVN] Prevent deleting the only IP of a router port
Neutron allows deleting the only IP of a router port but
the OVN NB DB doesn't, since it expects that the
network value of a port is greater than 0. This should
not be possible since it causes that the DB are not
perfectly sync.

It is needed to check BEFORE_UPDATE if the port
that will be updated is of type router owned and
if it will have an IP after the update. If not
an error needs to be raised.

Closes-Bug: #1948457
Change-Id: I206c31201470f178efdde8839622be7900c6ae3e
2021-12-02 14:33:29 +01:00
Zuul
270d412be9 Merge "[OVN] Check if OVN NB supports "Port_Group"" 2021-11-14 02:05:58 +00:00
Zuul
5a409f9476 Merge "Enable QoS minimum packet rate rule for OVS backend" 2021-11-14 02:05:50 +00:00
Zuul
cb2996882e Merge "Sanitize profile column of ml2_port_bindings table in the DB" 2021-11-13 10:24:07 +00:00
Zuul
d562866fd2 Merge "Deprecate 'allow_overlapping_ips' config option" 2021-11-04 14:20:17 +00:00
Zuul
6e9a368891 Merge "Add shared field to SG API response and filter" 2021-11-02 01:20:21 +00:00
Zuul
7f9fb75d90 Merge "Add port-resource-request-groups extension" 2021-10-31 22:09:55 +00:00
Tobias Urdin
7d552848c2 Set RPC timeout in PluginReportStateAPI to report_interval
See more details on why this is need in the referenced
bug #1948676

Change-Id: I8a95e80ca74edc8f8f394cefc749c4065a8e0575
Closes-Bug: #1948676
2021-10-27 11:28:49 +00:00
Przemyslaw Szczerbik
aada855f6d Enable QoS minimum packet rate rule for OVS backend
This patch does *not* implement dataplane enforcement.

QoS minimum packet rate rule is enabled in OVS backend driver and
create/delete/update empty methods are added to enable placement
enforcement.

Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: Ie283ad3a4ec433c88ac23f798908cd143159394b
2021-10-21 15:17:24 +02:00
Przemyslaw Szczerbik
d699a955cd Sanitize profile column of ml2_port_bindings table in the DB
With the introduction of port-resource-request-groups extension,
format of binding-profile.allocation has changed. Since the DB,
may contain port bindings that were created before the introduction
of the new format, it's necessary to perform upgrade check and
sanitize those rows that are still using an older format.

Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: I95e9e1bc553ac499d75c9280e45dfea61d135279
2021-10-21 15:17:24 +02:00
Przemyslaw Szczerbik
8db15cb2f3 Add port-resource-request-groups extension
port-resource-request-groups extension provides support for the
new format of resource_request. The new format allows to request
multiple groups of resources and traits from the same RP subtree.

Closes-Bug: #1943724
Partial-Bug: #1922237
Depends-On: https://review.opendev.org/c/openstack/tempest/+/809168/
See-Also: https://review.opendev.org/785236
Change-Id: I99a49b107b1872ddf83d1d8497a26a8d728feb07
2021-10-21 14:30:07 +02:00
Slawek Kaplonski
042de7e6bb Deprecate 'allow_overlapping_ips' config option
Config option allow_overlapping_ips is deprecated to removal now and
will be removed in the Z cycle.
Default value for that option is now set to True as this is supported by
IPAM module in Neutron.

Related-Bug: #1942294
Change-Id: I17bf5e4483025e9cc4ee04dd3e7c925f7bddc3db
2021-10-21 10:56:33 +00:00
Zuul
d22237d84e Merge "Report pkt processing capacity on Neutron agent RP" 2021-10-20 13:20:08 +00:00
Zuul
6a534dbe2b Merge "Fix dynamic segment allocation race condition" 2021-10-18 10:13:01 +00:00
Dr. Jens Harbott
8a890ed29c
Fix list of DNS extensions supported by OVN
The OVN driver needs to announce all DNS extensions as supported,
otherwise the neutron server will reject them.

Closes-Bug: 1947127
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ic269902ef7a16893c4ea624b04347d04db4f52d9
2021-10-14 11:21:40 +02:00
Rodolfo Alonso Hernandez
5d94a10a15 [OVN] Check if OVN NB supports "Port_Group"
Added a check for OVN NB schema, looking for "Port_Group" table
(added in OVN NB schema 5.11).

This patch removes the code to support OVN without "Port_Group"
table. It is assumed that this table is always present.

Closes-Bug: #1946023

Change-Id: If193ff5bc6e1421f4fa9db3779872a82a36c8b69
2021-10-14 09:07:28 +00:00
Przemyslaw Szczerbik
c2bc676183 Report pkt processing capacity on Neutron agent RP
Report the packet processing capacity on the Neutron agent resource
provider to Placement as the new 'NET_PACKET_RATE_KILOPACKET_PER_SEC'
or 'NET_PACKET_RATE_[E|I]GR_KILOPACKET_PER_SEC' resource inventory.
This is similar to how the bandwidth resource is reported today.

Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: I8deefbeed4b4b51dd20062df62c8891fee3ebf9d
2021-10-11 15:16:52 +02:00
Hang Yang
4bd1c82213 Add shared field to SG API response and filter
Add the shared field to security group API responses and support
using shared as a query filter.

A follow-up patch will remove the temporary api def once it is merged
and released in neutron-lib.

Related-Bug: #1942615
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/812617
Change-Id: Ic04be8f0b7097c8aed19365f06089aa7af333eb9
2021-10-07 14:49:19 -05:00
Sebastian Lohff
b993ebb407 Fix dynamic segment allocation race condition
When two segments are concurrently created this could have resulted in
both threads creating a segment, thus resulting in two segments with
different segmentation ids. To prevent this we now introduce a new
unique constraint onto the networksegments table, which requires
(network_id, network_type, physical_network) to be unique, which allows
only a single segment with a single segmentation id to exist per
combination of these three values.

With the constraint in place a DB error will be thrown, which will cause
allocate_dynamic_segment() to be executed again and this time it will
find the already existing segment. To make sure that no additional DB
objects are created when segment creation failed we need to put all of
the allocation code into a DB transaction.

Change-Id: I407ae88d69ed971bf8d9a9b79120366f33bb56fd
Closes-Bug: #1791233
2021-10-07 13:20:04 +02:00
Zuul
d94cc0d636 Merge "Execute the quota reservation removal in an isolated DB txn" 2021-10-02 03:05:26 +00:00
Rodolfo Alonso Hernandez
603abeb977 Execute the quota reservation removal in an isolated DB txn
The goal of [1] is to, in case of failing when removing the quota
reservation, continue the operation. Any expired reservation will
be removed automatically in any driver.

If the DB transaction fails, it should affect only to the reservation
trying to be deleted. This is why this patch isolates the
"remove_reservation" method and guarantees it is called outside an
active DB session. That guarantees, in case of failure, no other DB
operation will be affected.

This patch also partially reverts [2] but still checks the security
group rule quota when a new security group is created. Instead of
creating and releasing a quota reservation for the security group
rules created, now only the available quota limit is checked before
creating them. That won't prevent another operation to create security
group rules in parallel, exceeding the available quota. However, this
is not even guaranteed with the current quota driver.

[1]https://review.opendev.org/c/openstack/neutron/+/805031
[2]https://review.opendev.org/c/openstack/neutron/+/701565

Closes-Bug: #1943714

Change-Id: Id73368576a948f78a043d7cf0be16661a65626a9
2021-09-30 13:53:23 +00:00
Przemyslaw Szczerbik
1ea26616b4 ovs-agent: Report pkt processing info in heartbeat
OVS agent configuration is extended to support new configuration
options:
  - 'resource_provider_packet_processing_without_direction'
  - 'resource_provider_packet_processing_with_direction'
  - 'resource_provider_packet_processing_inventory_defaults'

OVS agent RPC hearthbeat now reports this information to neutron
server in 'configuration' field .

Example config:

ml2_conf.ini:
[ovs]
resource_provider_packet_processing_with_direction = :1000:1000

Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: Ief554bc445dfd93ea6995bb42b4d010674c7a091
2021-09-29 12:27:45 +02:00
Przemyslaw Szczerbik
56044db26d Add API extension for QoS minimum pps rule
This patch implements support for CRUD operations for QoS minimum
packet rate, for example:

DELETE /qos/policies/$POLICY_ID/minimum_packet_rate_rules/$RULE_ID

Placement or dataplane enforcement is not implemented yet.

Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: Ie994bdab62bab33737f25287e568519c782dea9a
2021-09-29 12:27:30 +02:00
Ihar Hrachyshka
dc677682ca ovn: use stateless NAT rules for FIPs
Using stateless NAT in OVN should always be a better choice for FIPs
because it allows to avoid hitting conntrack, potentially improving
NAT performance, esp. where hardware offload for the openflow rules is
involved.

The only limitation for using stateless NAT in OVN is that it requires
1:1 IP mapping; which is always the case for FIPs. This is why this
patch unconditionally switches to stateless for all FIPs.

Before setting stateless key to NAT's options, check that 'options'
are supported. (Support was added in OVN 20.03 as part of stateless
NAT implementation.) If an older OVN version is used, nothing changes.

The patch also adds a runtime migration rule for neutron-server to
transform all existing stateful fips to stateless.

Change-Id: I312a950131d62d93fb4bc121bc5e60febb8d35ee
2021-09-23 04:15:39 +00:00
347fd599ae Update master for stable/xena
Add file to the reno documentation build to show release notes for
stable/xena.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/xena.

Sem-Ver: feature
Change-Id: I307fdfc8957028671706265f0575789afa5e60af
2021-09-15 17:39:14 +00:00
Zuul
2ed28e4e01 Merge "Agent RPC step size in config." 2021-09-07 12:33:19 +00:00
Zuul
731303184e Merge "Make OVN driver validate Geneve max_header_size" 2021-09-03 02:08:18 +00:00
Zuul
8995a59869 Merge "[OVN] Document Network Availability Zones" 2021-09-03 00:00:04 +00:00
Radosław Piliszek
dc4a57d966 Make OVN driver validate Geneve max_header_size
Also updates the docs to be clearer on OVN-Geneve relation topics.

Co-Authored-By: Elvira García Ruiz <egarciar@redhat.com>
Change-Id: Ia253cc4d85261ce1535f4d27b3da91275d879903
Closes-bug: #1868137
2021-09-02 08:41:19 +00:00
Mitya_Eremeev
1221cf1b24 Agent RPC step size in config.
Number of resources for neutron to divide
the large RPC call data sets always equals 100.
In "big" networks even these numbers can be
still huge and cause service timeouts.
Now we can decrease these numbers in config.
Default value equals 20 now.

Closes-Bug: 1938202
Change-Id: Idf545ad31398ded460b6c2ae1675dd5e9ae71440
2021-09-01 10:18:12 +03:00
Slawek Kaplonski
df891f0593 Remove dhcp_extra_opt value after first newline character
Passing newline to the dnsmasq may cause security issues, especially
that in case of Neutron that dhcp options' values are controlled by
cloud users.
This patch removes everything what is after first newline character
in the dhcp_extra_opt's values before passing them to dnsmasq.

Closes-Bug: #1939733
Change-Id: Ifeaf258f0b5ea86f25620ac4116d618980a7272e
2021-08-31 15:43:11 +02:00
Lucas Alvares Gomes
4e325088d3 [OVN] Document Network Availability Zones
This patch adds the documentation to the Network Availability Zones
support in OVN. Instead of having two documentation pages, one for router
AZs and another one for network AZs, this patch merges both guides into
one single documentation. Setting up AZs in OVN is the same for both
types and the differences between the two are documented within their
own sections.

The patch also removes a limitation listed in the SR-IOV documentation
for OVN since we no longer have a default HA Chassis Group. This
limitation was removed as part of the Network AZ work.

Change-Id: I55f27a5473dcd1e6e2255007108c2008acfb6dec
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-08-16 11:59:48 +01:00
Zuul
86de15d632 Merge "[QoS] Add rule type packet per second (pps)" 2021-08-04 13:30:17 +00:00
Zuul
0411743bb9 Merge "Sanitize MAC addresses" 2021-07-28 14:27:03 +00:00
LIU Yulong
8e30639452 [QoS] Add rule type packet per second (pps)
This patch adds new API extension to QoS service plugin
to allow CURD actions for packet rate limit (packet per
second) rule in Neutron server side.

NOTE: This patch will NOT implement the real functionality
in L2/L3 backend to limit the pps.

Co-Authored-By:  NANALI <lin203@chinaunicom.cn>

Closes-bug: #1912460
Change-Id: Icc88accb88d9cec40c960c56f032c3c27317b42e
2021-07-22 09:53:38 +08:00
Zuul
a91a56a408 Merge "L3 router support ECMP" 2021-07-19 14:00:03 +00:00
Zuul
4952baaf6f Merge "Revert "Config option to enable OVN IDL on other workers"" 2021-07-15 10:27:36 +00:00
Lucas Alvares Gomes
e71ba8d2d1 Revert "Config option to enable OVN IDL on other workers"
This reverts commit 66ac943b6435901c163c3050ad41dfcaf36ac11d.

Reason for revert: After discussions with the core reviewers for ML2/OVN
and Neutron folks about this configuration option we understood that we
should just enable RpcWorkers  to connect to the OVN database by default
and later allow rpc_workers to be set to 0 in Neutron (for those looking
for optimizations and that don't need RpcWorkers in their deployment). So
I am proposing a revert for this configuration option.

Change-Id: I73ba195401fff9f832b84633398816383f710b23
2021-07-14 16:50:06 +01:00
XiaoYu Zhu
9b2983743b L3 router support ECMP
This patch changes the policy for updating routes to support ECMP,
and will now add ECMP routes to the Neutron router namespace when
there are multiple routes pointing to the same destination address.

Change-Id: I842c1408ee0235bc54441e9ed69c8b87ea30651b
Related-Bug: #1880532
2021-07-13 15:13:29 +08:00
Zuul
c1d33a9948 Merge "Check router routes connectivity when GW port is updated" 2021-07-09 15:59:53 +00:00
Rodolfo Alonso Hernandez
827cca2ed7 Sanitize MAC addresses
This patch sanitizes the MAC address coming from a user input:
- The "base_mac" address configuration parameter.
- The "port.mac_address" stored in the database, if the script
  provided is not executed.

This patch relays on [1], that will sanitize any input coming from
the server API.

This patch adds a new script to sanitize all "port.mac_address"
registers stored in the dabatabase.

[1]https://review.opendev.org/c/openstack/neutron-lib/+/788300

Related-Bug: #1926273

Change-Id: I8572906cc435feda1f82263fd94dda47fc1526e1
2021-07-08 16:46:55 +00:00
ramishra
ec550f5f52 Add fake_project_id middleware for noauth
This adds a middleware for noauth that would inject a fake
project_id for create requests. This would ensure that api
consumers don't have to provide a fake project_id in requests.

Closes-Bug: #1934039
Change-Id: I5e1de571034be41f1147c130fce66e6cf70b1369
2021-07-05 21:18:09 +05:30
Zuul
3127bd1d57 Merge "[ML2] Change way how list of supported API extensions is made" 2021-06-28 00:54:46 +00:00
Slawek Kaplonski
db2207f32d [ML2] Change way how list of supported API extensions is made
Previously if extension was not supported by one of the mech drivers,
but it wasn't filtered out by next mech driver, it was available finally
in the list.
Now, this patch changes that so if extension is disabled by one of the
drivers it isn't available on the list at all.
This will work better e.g. with discoverability of what is available
e.g. when OVN backend is used by Neutron.

Closes-Bug: #1929676
Change-Id: I6a4ff42f47f7ee90365516d37472c09ac87773e5
2021-06-25 07:41:11 +00:00
Rodolfo Alonso Hernandez
5fb5653ffe Check router routes connectivity when GW port is updated
When the router GW interface is updated or deleted, the routes should
be checked in other to prove all of them have connectivity to any of
the router interface subnets.

In a router, all routes nexthops must have connectivity with one
interface subnet. If not, this route cannot send the packets to this
route gateway; therefore this route becomes invalid.

Closes-Bug: #1925368

Change-Id: I7ce93b863b0dc0d4a2376fcfd602d2facb6fb2d0
2021-06-24 11:54:17 +00:00
LIU Yulong
56e8498a4d Add agent extension 'dhcp' for ovs agent
Add a new ovs agent extension to support distributed DHCP for
VMs in compute nodes directly. For large scale deployment, this
can be used to reduce the number of neutron agents. Large scale
cloud can benefit from it.

From the perspective of virtual machine, this will reduce the
probability of DHCP request failure. The VMs will get a higher
level availability for DHCP R/R, no single point of failure
permanently. If one host goes down, VMs in other hosts will not
be influnced by it.

For the perspective of network performance, after using this
extension, the DHCP broadcasting packages will be limited
to the host locally.

Partially-Implements: bp/distributed-dhcp-for-ml2-ovs
Closes-Bug: #1900934
Change-Id: Id8a4c501daad7c2185e6d69441182666ef987e61
2021-06-24 08:38:38 +08:00
Zuul
887dc1049c Merge "Config option to enable OVN IDL on other workers" 2021-06-23 20:22:50 +00:00
Zuul
4b0a225e80 Merge "SR-IOV agent can handle ports with same MAC addresses" 2021-06-22 19:21:53 +00:00
Zuul
e431c09438 Merge "Allow to parse keywords in dns labels" 2021-06-22 13:31:32 +00:00
Bodo Petermann
66ac943b64 Config option to enable OVN IDL on other workers
Add a configuration option to ovn group:
additional_worker_classes_with_ovn_idl
to optionally enable OVN IDL connections on additional workers.
By default the IDL connections are only initialized on API and
maintenance workers as other worker types normally don't need them.
But some plugins or extensions might still require IDL connections on
other workers and now may enable them via configuration, by adding the
worker class (or its alias from neutron.worker_classes) to
additional_worker_classes_with_ovn_idl.

Closes-Bug: #1927977
Change-Id: Ia0d882220cd281e3c91648e3f32a842d61a5f57d
2021-06-22 10:33:11 +02:00