28054 Commits

Author SHA1 Message Date
Zuul
f70ef2c23c Merge "[stable only] Do not fail on missing logical router ports" into stable/2024.1 2024-05-29 10:27:45 +00:00
4221f706ce [functional tests] compatibility with ovsdbapp>=2.6.1
ovsdbapp>=2.6.1 handles cleanup of Chassis_Private record
with chassis delete so we don't need explicit delete.
The compatibility part can be dropped when we update
requirements.txt to ovsdbapp>=2.6.1.

Closes-Bug: #2066263
Change-Id: I45c6e6a1c3536cf4f2d90b01a3577eec9eaf3743
(cherry picked from commit 20b9893e34dda0b448ac75c795867cb46de5e127)
2024-05-29 09:56:28 +00:00
Zuul
3cd00ef270 Merge "Put monitors dictionary back in MetadataDriverBase class" into stable/2024.1 2024-05-29 09:04:49 +00:00
5bdd0efb39 [stable only] Do not fail on missing logical router ports
set_gateway_mtu runs for all the gateway ports for a network
and if one of the ports get's deleted in meanwhile
whole transaction fails.

To handle this we need to add if_exists=True to the transaction
but for that it needs to be supported in ovsdbapp. It's fixed
in ovsdbapp with [1] but would require to bump ovsdbapp
minimal version in requirements.txt which we normally don't
do for stable branches.

So using "update_lrouter_port" instead as that have the
required option available. Before [2] that was only used
but during the switch if_exists part was missed.

[1] https://review.opendev.org/q/I56685478214aae7b6d3a2a3187297ad4eb1869a3
[2] https://review.opendev.org/c/openstack/neutron/+/762695

Closes-Bug: #2065701
Related-Bug: #2060163
Change-Id: I447990509cdea9830228d3bc92a97062cc57a472
2024-05-28 13:16:39 +05:30
Slawek Kaplonski
d8208fc514 Return both project_id when validating auto allocate network
When neutron API is called to check requirements for the auto_allocate
topology, it needs to return not only 'tenant_id' field but also
'project_id' as that is required for the policy enforcement.
Without this 'project_id' field requirements check was failing for
member and reader users as they got 404 from the Neutron API. And the
reason why Neutron was returning 404 was that it wasn't passing policy
enforcement due to missing project_id field in the 'target' object.

Closes-bug: #2066369
Change-Id: Idf96a82bc6c8cb0b47dfde3baba94b42a8a8beba
(cherry picked from commit dfc01beab22f1c2b977d3e399c3fcda69a72082d)
2024-05-27 08:17:55 +00:00
Brian Haley
a61598f64b Put monitors dictionary back in MetadataDriverBase class
When the common Metadata Driver was created in [0], the
monitors dictionary was dropped accidentally. This causes
tracebacks in the fullstack L3-HA tests when
after_router_updated() is called. Put it back along with
its related tests.

[0] https://review.opendev.org/c/openstack/neutron/+/894399

Closes-bug: #2065145
Change-Id: I137ed7cec9e0eafdb3a351e5a414f5a0c16f33e5
(cherry picked from commit 5b62e27154c976cfd5707029a94e22e23ecbddef)
2024-05-20 14:11:56 +00:00
Jakub Libosvar
ac1472c8cf Don't update revision number if object was not modified
If there were not changes made to data in the database there is no
reason to bump revision numbers because the underlying drivers won't
change too. This saves cycles in case empty updates are incoming to the
API.

Co-Authored-By: Ihar Hrachyshka <ihar@redhat.com>

Closes-bug: #2065094
Change-Id: Ib74fdab7a8927ef9cc24ef7810e9cf2c264941eb
(cherry picked from commit 5795c192b840ae327bc9e32d5183f177daa9b55b)
2024-05-08 13:14:35 +00:00
Zuul
bfae864a95 Merge "Fixing the 500 HTTP code in the metadata service if Nova is down" into stable/2024.1 2024-04-16 16:04:44 +00:00
Brian Haley
51961e195f Fix KeyError failure in _sync_subnet_dhcp_options()
If the netron-ovn-db-sync-util is run while neutron-server
is active (which is not recommended), it can randomly fail
if there are active API calls in flight to create networks
and/or subnets.

Skip the subnet and log a warning if detected.

Closes-bug: #2045811
Change-Id: Ic5d9608277dd5c4881b3e4b494e1864be0bed1b4
(cherry picked from commit e4323e1f209ea1c63fe7af5275ea2b96f52b8740)
2024-04-08 21:46:34 +00:00
Anton Kurbatov
646270de5b Fixing the 500 HTTP code in the metadata service if Nova is down
If the Nova metadata service is unavailable, the requests.request()
function may raise a ConnectionError. This results in the upper code
returning a 500 HTTP status code to the user along with a traceback.
Let's handle this scenario and instead return a 503 HTTP status code
(service unavailable).

If the Nova service is down and is behind another proxy (such as
Nginx), then instead of a ConnectionError, the request may result in
receiving a 502 or 503 HTTP status code. Let's also consider this
situation and add support for an additional 504 code.

Closes-Bug: #2059032
Change-Id: I16be18c46a6796224b0793dc385b0ddec01739c4
(cherry picked from commit 6395b4fe8ed99855853587fa93cb59fd2691aed5)
2024-04-02 08:58:33 +00:00
Miguel Lavalle
d683804dfa Check unspecified flavor in user defined driver
In order to decide whether to process a router related
request, the user defined router flavor OVN driver needs to
check the flavor_id specified in the request. This change adds
the code to test the case when the API passed the flavor_id as
unspecified.

Change-Id: I4d7d9d5582b97246cad63ef7f5511b159d6c6791
Closes-Bug: #2059051
(cherry picked from commit 9d729bda207847b4c94d570eacdd26951294f49f)
24.0.0.0rc2 24.0.0
2024-03-26 14:08:57 +00:00
Robert Breker
0eccc52f82 Enhance IptablesFirewallDriver with remote address groups
This change enhances the IptablesFirewallDriver with support for remote
address groups. Previously, this feature was only available in the
OVSFirewallDriver. This commit harmonizes the capabilities across both
firewall drivers, and by inheritance also to OVSHybridIptablesFirewallDriver.

Background -
The Neutron API allows operators to configure remote address groups [1],
however the OVSHybridIptablesFirewallDriver and IptablesFirewallDriver do
not implement these remote group restrictions. When configuring security
group rules with remote address groups, connections get enabled
based on other rule parameters, ignoring the configured remote address
group restrictions.
This behaviour undocumented, and may lead to more-open-than-configured network
access.

Closes-Bug: #2058138
Change-Id: I76b3cb46ee603fa5e829537af41316bb42a6f30f
(cherry picked from commit 5e1188ef38da3f196aadf82a3842fa982c9a0c83)
2024-03-21 11:50:50 +00:00
Miguel Lavalle
fed96541c7 Fix making all user defined flavor routers HA
Since [1] was merged, user defined flavor routers with the HA
attribute set to False cannot be created. This change fixes
it.

Closes-Bug: #2057983

[1] https://review.opendev.org/c/openstack/neutron/+/910889

Change-Id: Ic72979cfe535c1bb8cba77fb82a380c167509060
(cherry picked from commit 26ff51bf05dd8b61d96489f6b459e8f62f855823)
2024-03-17 18:31:49 +00:00
14f5d52fa7 Update TOX_CONSTRAINTS_FILE for stable/2024.1
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.

Until the requirements repository has as stable/2024.1 branch, tests will
continue to use the upper-constraints list on master.

Change-Id: I1371b181b1042a25a43686566952cdc6a1c23bef
2024-03-15 14:50:27 +00:00
0ed3ab9d80 Update .gitreview for stable/2024.1
Change-Id: I20700dbde715a8d130a5d6fabb5d75e9b2afb37a
2024-03-15 14:50:24 +00:00
Zuul
c0f113073d Merge "[OVN] Implement OVN agent metadata extension" 24.0.0.0rc1 2024-03-14 16:49:40 +00:00
Arnau Verdaguer
2a196fefd4 Fix TestOVNMechanismDriver ipv6 tests
- test_update_subnet_dhcp_options_in_ovn_ipv6_not_change
- test_enable_subnet_dhcp_options_in_ovn_ipv6
This tests will fail if host where unit tests has ipv6 dns_servers
configured. This patch mocks get_system_dns_servers to avoid tests
to look at the host configuration.

Closes-Bug: #2056778
Change-Id: I2e703ab4b63c90d7a14f0dc41d37b0a98163bce0
2024-03-11 17:30:11 +01:00
Zuul
e8468a6dd6 Merge "[OVN] Enable "ha" API flag for OVN routers" 2024-03-07 22:32:47 +00:00
Zuul
63d6079d1c Merge "reno: Update master for unmaintained/victoria" 2024-03-07 16:33:04 +00:00
Zuul
48fa82f879 Merge "reno: Update master for unmaintained/wallaby" 2024-03-07 16:32:59 +00:00
Zuul
652d06447e Merge "reno: Update master for unmaintained/xena" 2024-03-07 16:23:26 +00:00
Zuul
7774317af7 Merge "Exclude files from coverage check, improve overall result" 2024-03-07 00:47:07 +00:00
Zuul
705f9bacdd Merge "`OvnDriver and DvrHaDriver` to use "distributed_support" variable" 2024-03-06 22:56:05 +00:00
Rodolfo Alonso Hernandez
b8953b543a [OVN] Enable "ha" API flag for OVN routers
The "ha" API flag is now enabled for the OVN routers. Because of the
current implementation, this flag must be always "True". When a new
router is created, this flag is always set. If an OVN router is
explicitly created or updated with "--no-ha" (ha=False), the server
will raise an InvalidInput exception.

Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/911081

Closes-Bug: #2020823
Change-Id: I60ff33680dd5397a226a9051d51bfb0701f862b5
2024-03-06 18:42:29 +00:00
Zuul
5de90ff9c4 Merge "Use the system-dependent string for IP protocol 4" 2024-03-06 18:28:59 +00:00
Zuul
c6b9106784 Merge "[FT] Check "Port_Binding" register exists before checking type" 2024-03-06 12:25:42 +00:00
Zuul
91ec092987 Merge "Fix pointless-string-statement warnings" 2024-03-06 12:25:26 +00:00
Zuul
3d1abd3343 Merge "Fix misplaced-bare-raise warning" 2024-03-06 12:25:18 +00:00
33044d5e04 reno: Update master for unmaintained/xena
Update the xena release notes configuration to build from
unmaintained/xena.

Change-Id: I15e8648c15c60e77b7892869a7a0fd9c5c0589aa
2024-03-06 12:19:45 +00:00
Zuul
ecbe2a2059 Merge "Fix import-outside-toplevel warnings" 2024-03-06 12:12:54 +00:00
Zuul
cd1cd3d534 Merge "Remove unneeded check in dhcp.py" 2024-03-06 12:12:48 +00:00
499988db7f reno: Update master for unmaintained/wallaby
Update the wallaby release notes configuration to build from
unmaintained/wallaby.

Change-Id: I0aa342b9d1206c2e9cd6746240b8be7055614018
2024-03-06 12:11:14 +00:00
63e976b620 reno: Update master for unmaintained/victoria
Update the victoria release notes configuration to build from
unmaintained/victoria.

Change-Id: Icad36b47dcd19ea1bf7b05077473d1a1655a739f
2024-03-06 12:01:46 +00:00
Zuul
36c6da46e5 Merge "Allow HA routers to have automatic l3agent failover" 2024-03-06 09:32:43 +00:00
Brian Haley
cd1d191e33 Use the system-dependent string for IP protocol 4
iptables-save uses a system-dependent value, usually that
found in /etc/protocols, when 'ipip' is given as the
security group protocol. The intent is to always use the
string value for IP protocol '4', as iptables-save has no
'-n' flag to print values numerically.

This updates a previous change (793dfb04d) that hard-coded
that string to 'ipencap', which broke CentOS/Fedora, which
uses 'ipv4'.

For this reason we cannot hard-code anything in neutron-lib,
this needs to be added dynamically, so this one-line change
needs to stay here, and effectively closes the bug.

Closes-bug: #2054324
Change-Id: Ic40b539c9ef5cfa4cbbd6575e19e653342e8342b
2024-03-05 15:36:17 -05:00
Zuul
5c187e8dab Merge "Add release notes for l3-ext-gw-multihoming and adjacent features" 2024-03-05 17:26:27 +00:00
Rodolfo Alonso Hernandez
fe31f4fe02 [OVN] Implement OVN agent metadata extension
This patch is implementing the OVN agent metadata extension, by reusing
the OVN metadata class. The class ``MetadataAgent`` is inherited in the
``MetadataExtension`` class. The goal is to use the same code in both
implementations (until the OVN metadata agent is deprecated).

The OVN agent metadata extension has a different initialization
process. The OVN and OVS IDL connections are created during the
extension initialization but are not accessible. The ``start`` method
is used to load the configuration, execute the sync process and
register the metadata extension.

This extension will replace the need of the OVN metadata agent. The
deprecation of this agent will imply the refactor of the existing code
that now is shared between both agents.

This new OVN agent will be tested in the "neutron-tempest-plugin-ovn"
CI job, after the change done in the following patch.

Needed-By: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/909860

Partial-Bug: #2017871
Change-Id: I4381a67648a9b6198a8d936db784964d74dc87a1
2024-03-05 16:44:34 +00:00
Zuul
c4c14f9589 Merge "[OVN] Set MTU of the VETH interfaces between OVS and metadata" 2024-03-05 09:48:42 +00:00
Rodolfo Alonso Hernandez
09412db90b Exclude files from coverage check, improve overall result
Added new files to the "omit" section of the coverage testing. These
files have a current 0% of testing coverage. The list include:
* The initial cmd commands for the different Neutron agents.
* The OVN mechanism driver OVSDB API definition.
* The Loki plugin, used only in tempest tests.

Change-Id: Ifb43e3e0b69fac21f49096153de11016e0c8e581
2024-03-05 08:13:17 +00:00
Rodolfo Alonso Hernandez
06d48cb980 `OvnDriver and DvrHaDriver` to use "distributed_support" variable
``OvnDriver`` and ``DvrHaDriver`` classes were using an incorrect
variable name to define the DVR support, that should be
"distributed_support" instead of "dvr_support".

Closes-Bug: #2056199
Change-Id: Id2ee080dde8cd094995e94564f2877a89e9cc5aa
2024-03-05 02:34:30 +00:00
Zuul
729937f6d2 Merge "[OVN] Make mandatory the router name in the LRP.external_ids" 2024-03-04 14:23:07 +00:00
Rodolfo Alonso Hernandez
8b007e6366 [FT] Check "Port_Binding" register exists before checking type
In "test_virtual_port_host_update_upon_failover", it is needed to check
if the "Port_Binding" register exists before checking the type.

Closes-Bug: #2055886
Change-Id: I8a6b3498803bcba592a82dfbe43a39137dd12fa2
2024-03-04 14:00:07 +00:00
Zuul
96558ac77a Merge "Fix iptables mapping of 'ipip' protocol" 2024-03-04 10:44:58 +00:00
Rodolfo Alonso Hernandez
b5aecfeff8 [OVN] Make mandatory the router name in the LRP.external_ids
The router name will be always defined in the "Logical_Router_Port"
external_ids field.

Related-Bug: #2052821
Change-Id: Ia2f70363963dca9f035eff8d1ff0c399dc8b9239
2024-03-04 08:10:48 +00:00
Zuul
310a96a302 Merge "[ovn] Add support for enable_default_route_bfd attribute" 2024-03-01 23:04:54 +00:00
Zuul
40815c7086 Merge "Make common Metadata Driver classes" 2024-03-01 20:59:48 +00:00
Zuul
afe001cf63 Merge "[OVN] Remove OVN_GATEWAY_INVALID_CHASSIS artifact" 2024-03-01 20:38:48 +00:00
Vasyl Saienko
af91252646 Remove unneeded check in dhcp.py
We know what all list items are dicts, so remove isninstance
check in next line of code.

Change-Id: I51a95a351cc4322d4a53543f6ee3dcfa141eeadd
2024-03-01 17:36:32 +00:00
Zuul
fffcab9f68 Merge "[ovn] Ensure OVN DB update on change of number of GW ports" 2024-03-01 12:43:55 +00:00
Zuul
6106eefdf8 Merge "[OVN][FT] Check `WaitForCreatePortBindingEvent` wait result" 2024-03-01 11:03:06 +00:00