With backoff client, setting .timeout property on it doesn't take any
effect. It means that starting from Mitaka, we broke
quitting_rpc_timeout option.
Now, when the TERM signal is received, we reset the dict capturing
per-method timeouts; and we cap waiting times by the value of the
option. This significantly reduces time needed for the agent to
gracefully shut down.
Change-Id: I2d86ed7a6f337395bfcfdb0698ec685cf384f172
Related-Bug: #1663458
Refactoring Neutron configuration options for agent common config to be
in neutron/conf/agent/common. This will allow centralization of all
configuration options and provide an easy way to import.
Partial-Bug: #1563069
Change-Id: Iebac0cdd3bcfd0135349128921b7ad7a1a939ab8
Needed-By: Ib676003bbe909b5a9013a3178b12dbe291d936af
There was a switch to using uninstall_flows() in
I90ff1055d367609694eef975c7d084e4cd7a2cf4. But native driver doesn't
understand 'table' parameter and requires 'table_id' instead.
Closes-bug: #1672789
Change-Id: I7ccbd074c88d7f5577afcc2bba1489bae0897da5
in fact the range of available local vlan is 1-4094,
but when initialization of the local vlan in ovs_neutron_agent,
self.available_local_vlans is set([1,2,3...4093]),omit 4094
This causes a problem that ovs-agent will not use 4094 as local vlan
modify moves.range(p_const.MIN_VLAN_TAG, p_const.MAX_VLAN_TAG+1)
Closes-Bug: #1668908
Change-Id: Ic25929cad89ab2e31fdf5b70875b84491dfc52ed
Bashate is a style checker program for bash scripts. This addition
improves the quality of the current bash scripts and ensures that
any future change will follow the same standards.
Change-Id: Ia346f77632d4ac7beb288fa3aacea221d7969c87
With this change the delete_flow variant implementation
of OpenFlowSwitchMixin, which was overriding the parent implementation
from ovs_lib in an incompatible way using the native ryu implementation,
is renamed into uninstall_flows.
As discussed in bug 1628455, the approach consisting in
extending the _keyword dict to convert ovs-ofctl rules into ryu
parameters does not seem practical.
This change also updates calls to delete_flows so that, when
enabled, the native interface will be used. Similar calls outside neutron
repo need to be updated as well, which will be done in separate changes.
Change-Id: I90ff1055d367609694eef975c7d084e4cd7a2cf4
Closes-Bug: 1628455
Needed-By: Idd2315565cc9c88319984d83487148bf498e91ab
With this change calling delete_flows with no kwargs will (instead
of resulting in calling "ovs-ofctl <action> <bridge> -", which does
nothing with no flow spec given on stdin) result in calling
"ovs-ofctl <action> <bridge>", which will delete all flows.
This aligns the behavior of delete_flows with the behavior currently seen by
all callers for the same method shadowed by the implementations in
OpenFlowSwitchMixin classes.
Change-Id: Ic0449acb3a0d4915ce025300d6f3c507a3cd8e48
Closes-Bug: 1658019
In a regular gate run we have hundreds of entries of
"retrying failed devices set([]) _update_port_info_failed_devices_stats",
which makes it hard to see when things are actually failing and
retrying.
This patch just makes it only log if there is a failed device present.
TrivialFix
Change-Id: I3388bce4d51f18a527de425927b7bfc96992f703
This will deprecate the notification_driver config setting,
and no config setting will be needed.
Also it lays down the foundation for a more decoupled interaction
with mechanism drivers.
Closes-Bug: #1657379
Related-Bug: #1627749
DocImpact
Change-Id: I2f166a43f0b980ad22617f8a3f7b4cc7f4786c48
This change modifies the behavior of OVS native and ovs-ofctl bridge
implementations so that instead of configuring the bridge only for the
required OVS protocol version, they add the required version to the
already configured versions.
To achieve this, an add_protocols method is added to the OVSBridge
class, relying on the OVSDB add_db_attribute added in
Ib6ce75846f9b13c1c33f0ced5ccc619ee7860dc1, with the behavior of
making the provided set of versions supported in addition to already
configured ones.
It is aimed to be a cleaner solution to bug 1622644 than the quickfix merge
from I4475865c4f83cb9f3e12c709af752bc490692ca3 .
After this change, the set_protocols method appears useless and is
hence marked for future removal.
Depends-On: I4386aa293f9b18d2e17b4a80d9c7da4b9b46f3c9
Change-Id: Id5ac7e6431c97fc70d8404b16f89533b6f270eee
Related-Bug: 1622644
This new event is aimed at informing that OVS has restarted, and in particular
to let L2 extensions know that they may need to setup their flows again.
Change-Id: I9aebe7ccc3e2f565b4339d42842d89b911131b1f
Closes-Bug: 1646526
Partial-Bug: 1657689
For Neutron's compute agent in a XenServer's compute node, the commands
actually need run in Dom0. Currently XenServer only supports rootwrap
for that purpose by invoking a script which invokes XenAPI to execute
commands in dom0. There are much performance overhead due to it requires
parsing on the script and the configuration file every time running
commands.
This change is to support daemon mode with which each agent service will
call XenAPI directly to execute commands in dom0. And it will keep the
single XenAPI session.
DocImpact: Need update the following configuration.
file: /etc/neutron/plugins/ml2/openvswitch_agent.ini
[agent]
root_helper_daemon = xenapi_root_helper
[xenapi]
connection_url = http://169.254.0.1
connection_username = root
connection_password = xenroot
Closes-Bug: #1585510
Change-Id: I684034359fe0571bc92dbcf342a9821553b1da35
This reverts commit 75edc1ff28.
Ports with port security disabled require firewall entries in
neutron-openvswi-FORWARD chain to work properly.
Ports created with no security groups will not get skipped with current
code.
With fixed security groups check, these ports' security groups can not
be updated after creation.
Change-Id: I95ddbe38d8ac8a927a860a98f54e41e17fb71d43
Closes-Bug: #1549443
- vhost-user reconnect is a new feature added
in dpdk 16.07 and qemu 2.7.
- vhost-user reconnect allows VMs using vhost-user
interfaces to reconnect to the vhost-user backend if
the backend terminates either as a result of a graceful
shutdown or a crash with out requiring the vm to reboot.
- vhost-user reconnect requires qemu to be the vhost-user server
and ovs to be the client.
- dpdk prior to 16.07 only supports qemu client/ dpdk server mode.
- This change extends the ovs mech driver to select the correct qemu
vhost user socket mode based on the available interface types
reported by the agent.
Change-Id: Iec89eaa597311e086c5f6e8d67308d446b07ac33
Closes-Bug: #1604924
Depends-on: Ia5da5b3ef28d1b23b217adc5196199df47b54ed9
QosAgentDriver has a method which uses linux specific module, which
is trying to import pyroute2.
Module pyroute2 tries to import a module from socket which does not
exists on windows (socket.inet_pton[1]). This can cause neutron
services to fail to start on windows[2].
[1]: https://docs.python.org/2/library/socket.html#socket.inet_pton
[2]: http://paste.openstack.org/show/593272/
Change-Id: I706368bfcaece380e1357e0c504fd3b9553ba49c
Related-Bug: #1492714
For ovs-agent, it uses CANARY_TABLE table to check ovs status, when
ovs-agent restarts, it should firstly install flows for CANARY_TABLE
table.
Closes-bug: #1642223
Change-Id: I2aebbe5faca2fd4ec137255f0413cc2c129a4588
To handle the mentioned bug, commit 4361f754 patched a internal data
structure of ryu, which was a necessary evil at the time of the commit.
The data has been added in ryu-4.7 and the patch is no longer needed.
Change-Id: I0ecf1841dd84ab40e919e8e0817806a75b9aa9de
Related-bug: #1622017
Previously, if tag was not present in other_config obtained from ovsdb
for any reason, DEAD VLAN tag was used. This is not smart at all as it
puts all conntrack entries to one point. Also tag is mandatory and if
other_config doesn't contain it, it's a huge mistake that should never
happen.
Change-Id: I91ab75b52b70dbba4c7823550bfdfe0ab9396336
Related-bug: 1564947
Refactoring ml2 plugin openvswitch driver configuration options to be
in neutron/conf/plugins/ml2/drivers. This would allow centralization
of all configuration options and provides an easy way to import.
Change-Id: Ie8c6023b2d012eae7ecdb99d5d413956608f4294
Partial-Bug: #1563069
Previous patch closes app only when ovs-agent raises an exception. This
leaves some corner cases where exceptions inheriting from BaseException
are raised. It's better to be defensive and always close app on error.
Change-Id: Icaaaecc4d00e3a280c3af2e403499bb7ac9e8aa6
Related-bug: 1611237
When of_interface=native, the ovs agent code is run as a ryuapp thread,
which means it must be properly shut down or the process fails to
terminate. Catch exceptions and make sure that the agent terminates,
even if in unlucky cases.
Change-Id: I7aebeaa00e2416a275d9ecd940eb28c819349656
Closes-Bug: #1611237
VLAN mapping was separated from agent in change
I514c7632c1c26d6cfeb706fc5d829a46dcce3782
Please use new manager located in
neutron.plugins.ml2.drivers.openvswitch.agent.vlanmanager
Change-Id: Id6cc9c332c241602526d4c325ca4d1c80380b203
The other_config columns in OVSDB are defined as maps with string
keys and string values. The OVS agent was passing an integer
segmentation id and could pass None as the physical_network.
Unfortunately, the upstream Python OVS library does not pass the
exceptions through to us.
Change-Id: Iafa6be3749b1ee863f5fa71150c708fc46951510
Closes-Bug: #1630920
Commit Ifb70a118cef48c3c4cd313e22e907aa47bc51ad0 intended to remove some
classes, but without DeprecationWarnings. To prevent from possible
problems, if it would be now removed, added Warnings and included info,
about future removal.
Change-Id: Iacb93abc363bf638efc3acb5b29c02a7508bc43a
Related-Bug: #1444112
csnat_ofport is always OFPORT_INVALID on compute nodes
so the error was always wrong.
Not sure how it could mean duplicate dvr port even on controllers,
so the patch is just removing the condition and the log.
Closes-Bug: #1629816
Change-Id: Ifbb8128fbd932946dab84a73b780da495f2ea1af
With XenServer as hypervisor, the commands neutron-ovs-agent in
compute node run are actually executed in Dom0. But current Dom0
plugin doesn't allow conntrack command, this patch is to add such
support.
Also, the exitcode the commands returned in Dom0 will pass through
Dom0 to neutron to make sure the plugin is only aimed executing
commands, it doesn't deal with business scenario.
Closes-Bug: #1603400
Change-Id: I304788240bcd590ec211bca052fe64594a4e6eca
This change avoids issues where a piece of code restricts
a bridge to OF13 while there is code still needing OF10, and
vice-versa, by configuring bridge to both versions.
This is aimed to be a less complex and easier to merge fix than
Id5ac7e6431c97fc70d8404b16f89533b6f270eee.
Change-Id: I4475865c4f83cb9f3e12c709af752bc490692ca3
Closes-Bug: 1622644
When start ovs-agent, method tunnel_sync will call
_setup_tunnel_port when l2_pop is not enabled.
For each tunnel _setup_tunnel_port will be called once,
every call will add flood flows to br-tun. But one time
call is enough.
Change-Id: I80f25edb35a89c5476f5216e151a27cbd3dcd120
Co-Authored-By: Yan Xing an <yanxingan@cmss.chinamobile.com>
Closes-bug: #1589400
Fix useless use of _nxm variant in an OVS field name.
This was supposed to be part of I9a095add42ba5799bd81887f1cbe5507ab9ba48c,
but wasn't because I messed up.
Change-Id: I7f708289ae8f6776a7a54bdd26a19a14b69260bd
This change adds action to install_arp_responder of native implementation
so that the source and destination MAC addresses of the Ethernet header
are properly set, and now consistent with the ovs-ofctl implementation.
Change-Id: I9a095add42ba5799bd81887f1cbe5507ab9ba48c
Closes-Bug: 1623849
The use_veth_interconnection config doesn't work fine because
IPDevice is passed into OVSBridge's add_port() although the method
expects port_name. This patch fixes the wrong argument.
Change-Id: I6ea3e37d857f34228c41118709b91f4407555a33
Closes-Bug: #1622850
To pop VLAN tags in learn action generated flows, vlan_tci should
be used instead of vlan_vid. Otherwise, VLAN tags with VID=0 are
left.
Change-Id: Ie38ab860424f6e2e2448abac82c428dae3a8a544
Closes-bug: #1622017
Handler processes the events passed by OVSDBMonitor
and reacts to events related to trunk ports, calling
to trunk manager to wire/unwire trunks and subports.
Co-Authored-By: Jakub Libosvar <libosvar@redhat.com>
Partially-implements: blueprint vlan-aware-vms
Change-Id: I97487e9d7647b4110a2cdd48d0f129340d59a40d
When a VM is deleted all info except the port number is removed.
delete_dscp_marking requires the ofport to be present.
This results in an exception being thrown when a port with
the DSCP_Marking rule attached is deleted.
This patch:
- Stores the port info when the dscp_marking rule is updated
or created.
- Pops the stored info when the dscp_marking rule is removed
from the port or the port is deleted.
- Expands existing unit tests for the QoS Open vswitch driver
to cover this scenario.
Change-Id: I77f632fdc7d612267af9a4a3bf0f74288696332b
Closes-bug: #1603443
Oslo.utils provides same method get_ipv6_addr_by_EUI64, let's use
it and deprecate method get_ipv6_addr_by_EUI64 in neutron.
Closes-Bug: #1597213
Change-Id: If1eda1283b4405e13ccb60dab530ce4cc1b22948
Remove deprecation warnings for various constants
and exceptions that have moved to neutron_lib.
Fix miscellaneous other deprecations.
Uses constants instead of l3_constants when importing
neutron-lib constants.
Co-Authored By: Henry Gessau <gessau@gmail.com>
Co-Authored By: Gary Kotton <gkotton@vmware.com>
Change-Id: Ib0e8ff5c3e23677c1009241a1818cbc8a3430c38
The agent code is enhanced to allow the trunk agent-side counterpart
to be activated seamlessly by means or local registry notifications.
Some integration with the server side is provided by loading the
RPC agent-side skeleton. Basic unit testing provides some coverage.
More effective functional and system coverage will be provided once
everything comes together.
Partially-implements: blueprint vlan-aware-vms
Co-Authored-By: Adolfo Duarte <adolfo.duarte@hpe.com>
Change-Id: Id70553e8980593f99548a4d2b0a78355933f7c2c
Physical bridges can cause network disruption when ofctl controller becomes
inaccessible due to heavy load or when the traffic to controller is blocked.
By setting secure fail mode, the openflow rules remain untouched on such
an event, while with the default setting, the flows are cleared.
Co-Authored-By: Jakub Libosvar <libosvar@redhat.com>
Closes-Bug: 1607787
Change-Id: I1dffe0a248664d2a675fd1ca58530c233e335d2d
UpgradeImpact
Previously, local mapping from tunnel ids or vlan ids to internal vlans
was held in ovs agent itself not exposing this mapping outside. This
patch itroduces a singleton object in memory providing needed interface
for handling local vlan mappings.
Partially-implements: blueprint vlan-aware-vms
Partially-implements: blueprint l2-api-extensions
Change-Id: I514c7632c1c26d6cfeb706fc5d829a46dcce3782
This patch follows up on the Nova work that allows Neutron to pass an
OVS 'bridge_name' in a port's vif_details [1] and the os-vif work that
ensures the OVS bridge passed in as 'bridge_name' (or the config default
of 'br-int') is created [2].
If the port is a trunk's parent port, then bridge_name will be set to a
generated trunk bridge name for vlan-aware VMs. Otherwise, the
bridge_name field will remain empty.
Note: until Nova integrates os-vif [3] and uses a release that contains
the change in [2], the trunk bridge will not actually be created by
Nova/os-vif. It is expected to be integrated for the Newton release.
Until then, this Nova-equivalent patch can be used for testing
purposes [4].
[1] https://review.openstack.org/#/c/260700/
[2] https://review.openstack.org/#/c/330818/
[3] https://review.openstack.org/#/c/269672/
[4] https://review.openstack.org/#/c/332474/
Partially-implements: blueprint vlan-aware-vms
Change-Id: Iad72d163bc406df65866f6d962abcb78596828e7
This change generalizes agent extension code so that all agents can take
advantage of a common mechanism.
Co-Authored-By: Margaret Frances <margaret_frances@cable.comcast.com>
Partially-Implements: blueprint l3-agent-extensions
Change-Id: I9380343c09d28eec67077c9e6d77c33a195e516b
- Changes RULE_TYPE_DSCP_MARK to RULE_TYPE_DSCP_MARKING to conform
with the rules name.
- Added object versioning to qos related objects.
- qos/rule: Throws a QosRuleVersionUnavailable exception when
the QosDscpMarkingRule version is < '1.1'.
- removed test object version incrementation TODO from test_policy.py
- Object versioning can not be used to increment the object version.
Change-Id: I4f10ef3c1cbaa2a868de2b8e3abc4c39eb1f44c7
Partial-Bug: #1468353
String interpolation should be delayed to be handled
by the logging code, rather than being done
at the point of the logging call.
So add a hacking rule for it.
See the oslo i18n guideline.
* http://docs.openstack.org/developer/oslo.i18n/guidelines.html
Change-Id: I91e8d59d508c594256d5f74514e62f8f928d1df5
Closes-Bug: #1596829
The IPv6 header is twice the size of the IPv4 header, 40 vs 20
bytes, but the tunnel overhead constants are static, only
accounting for an IPv4 header in all cases. In order to be
correct it needs to treat the tunnel overhead different from
the IP overhead at L3.
This required removing the 20 byte IP overhead from the tunnel
type overhead constants and creating a new option,
ml2.overlay_ip_version, in order for the server to know which
version will be used, since it calculates the MTU for the network.
A version mis-match will now cause a tunnel sync to fail on
the server.
Moved all MTU tests to a common location to remove duplication.
DocImpact
Change-Id: Ia2546c4c71ff48b9fe2817fbad22b1fbf85f325b
Closes-bug: #1584940
Remove the extra checks in ovs_dvr_neutron_agent that can be done in
ovs_neutron_agent in one place.
Closes-bug: #1558888
Change-Id: I7192e1c0447ea35649672caa771e5a9c6aa2636b
Ihar Hrachyshka
John Perkins
Jakub Libosvar
rtmdk
Armando Migliaccio
Victor Morales
Thomas Morin
Kevin Benton
Miguel Angel Ajo
Jianghua Wang
Bernard Cafarelli
Sean Mooney
Denis Buliga
shihanzhang
IWAMOTO Toshihiro
Aradhana Singh
lilintan
Dariusz Smigiel
Terry Wilson
Gary Kotton
Oleg Bondarev
Huan Xie
yujie
Hirofumi Ichihara
rossella
David Shaughnessy
ChangBo Guo(gcb)
Hynek Mlnarik
Rawlin Peters
Nate Johnston
Takashi NATSUME
Brian Haley
JieLee