This patch removes some of the fullstack test cases which aren't really
needed because they are either testing some use cases covered already by
scenario tests or some other common tests.
Removed tests:
* TestOvsConnectivitySameNetwork.test_connectivity - basic connectivity
test covered by many other test cases,
* TestDhcpAgentNoHA.test_dhcp_assignment - basic test checking if
network was assigned to the DHCP agent - it's tested by many other
tests,
* TestLegacyL3Agent.test_namespace_exists - test which only checks that
qrouter namespace was created by the L3 agent, not needed really,
* TestLegacyL3Agent.test_east_west_traffic - covered already by many
scenario test cases,
* TestLegacyL3Agent.test_north_south_traffic - covered already by many
scenario test cases,
* TestBwLimitQoS.test_bw_limit_qos_policy_rule_lifecycle - covered
already by neutron-tempest-plugin scenario test,
* TestQoSWithL2Population - trivial test which isn't needed really,
* SecurityGroupRulesTest.test_security_group_rule_quota - already
covered by the neutron-tempest-plugin admin api test cases,
* TestSubnet.test_create_subnet_ipv4 - already tested in many scenario
test cases,
* TestSubnet.test_create_subnet_ipv6_slaac - already tested in tempest
scenario test case,
* TestTrunkPlugin.test_trunk_lifecycle - already covered by the scenario
test from the neutron-tempest-plugin
Additionally this patch removes monkeypatching of the init_handler
method from the neutron-ovs-agent. It was needed only due to the trunk
ports test and is not needed anymore.
Conflicts:
neutron/tests/fullstack/test_trunk.py
Change-Id: Ifa438d30599ad7e627c85c772ffae9ae9226f7ea
(cherry picked from commit c1a0ceb86c64e6c312ad680b7051ccb931eb5fe3)
A non-vlan-transparent trunk parent port (tpt) should only forward
untagged frames. Earlier it was configured to forward anything (trunk
mode in ovs). This patch changes the trunk mode to access mode and
sets the trunk parent's tag explicitly to 0.
Change-Id: I4bcfe53fe87d7c9218dd0db9d7224bb323709a21
Closes-Bug: #2048785
(cherry picked from commit 27601f8eead444283e4d1c258298ac5afaff377f)
This reverts commit 222c997022392561c2de2cb493f0f5214eb20dfc.
Reason for revert:
This patch seems to be breaking the test
"test_multiple_agents_for_network(Open vSwitch agent)" in the
fullstack job.
Change-Id: Ib93ebdcceb177c297b3b287fda01e3d57a275cb4
Related-Bug: #1961740
When a router interface is created, the corresponding subnet gateway IP
is tested first [1]. If the subnet has no gateway IP, the router
interface cannot be created. This IP will be assigned to this port.
The Neutron API also prevents from modifying the subnet gateway IP
if assigned to a router interface [2]. However the API is not
preventing the subnet gateway IP deletion. This patch is adding
this check.
This patch is being tested in the neutron-tempest-plugin [3].
[1]de58c1b995/neutron/db/l3_db.py (L902-L904)
[2]de58c1b995/neutron/db/db_base_plugin_v2.py (L715)
[3]https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/904710
Closes-Bug: #2036423
Change-Id: I4c7b399a3a052749abdb88fb50be628ee91b63a0
(cherry picked from commit f9e40971e94e4fd239fcf7537b0f1200fbd4ee0f)
As of Ib3c6f0dc01efd31430691e720ba23ccb4ede65fa, the
MaintenanceWorker checks for Chassis_Private table support and
uses it to remove duplicate Chassis/Chassis_Private entries. The
Chassis_Private table was not monitored in the BaseOvnSbIdl class
which the MaintenanceWorker uses.
Closes-Bug: #2049265
Change-Id: I711996b7644e80bc195833e4429e4d745728f9cf
(cherry picked from commit 60eb15ed301751c3f6825f165fd36188e86dd642)
When network device which is ovs internal port is moved to the namespace
it may happend sometimes that it will have "shy port syndrome" [1].
Even though there is wait for device to be in namespace in the set_netns
method it may happend that device is in namespace during this check but
it dissapears for short time later and that causes failures e.g. in
functional tests like described in [2].
To avoid that, this patch proposed simple (and ugly) sleep for 1 second
before checking if port really exists in the namespace. If it will be
"shy" port it should already flap during that 1 second.
[1] https://bugs.launchpad.net/neutron/+bug/1618987
[2] https://bugs.launchpad.net/neutron/+bug/1961740
Related-Bug: #1961740
Related-Bug: #1998337
Change-Id: I442587e7ef55917f4ea873e190bf8afbc0e911e1
(cherry picked from commit 2af5fd889b3286dcec21e2bc89f287a0e4129d0f)
The agent_down_time ends up being passed to an eventlet green-thread;
under the hood, this uses a CPython C-types interface with a limitation
of (2^32 / 2 - 1) INT_MAX (as defined in C) where int is usually 32 bits
I have set the max value to (2^32 / 2 - 1)/1000 as agent_down_time
configured in seconds, this ends up being 2147483.
This patch is required as passing a larger number
causes this error: OverflowError: timeout is too large
If a user currently has a value larger than (2^32 / 2 - 1)/1000 set,
Neutron Server will fail to start and will print out a very helpful
error message.
Conflicts:
neutron/conf/agent/database/agents_db.py
Closes-Bug: #2028724
Change-Id: Ib5b943344cddbd468c00768461ba1ee00a2b4c58
(cherry picked from commit 6fef1e65250dbda057206e1c2ee64f59b21d490f)
Nova will automatically translate VF capabilities to Neutron
port binding profiles after patch [1] will be merged. Existing
recommendations in "admin/config-ovs-offload.html" should be
updated: there is no need to define capabilities in port
binding profiles for new ports anymore.
[1] https://review.opendev.org/c/openstack/nova/+/899229
Related-bug: #2020813
Depends-on: https://review.opendev.org/c/openstack/nova/+/899229
Change-Id: I63b0641f6b7ef0e1190f421a90619bb2971d0d44
(cherry picked from commit 3fc8d32383feb325f090af5866cad75e0b564e36)
(cherry picked from commit 7daf61a0af7327eb46a29805cc93773aa8cd16fd)
(cherry picked from commit ba8335375a28aa51a91a90f3ce855996915bfba5)
This method populates the SG rules in a dictionary. Each SG rule
inherits the "stateful" value of the SG. Prior to this patch, each
SG rule was isuing a database call to retrieve the SG register.
In this patch, the SG "stateful" retrieval is done in one database
query for all SG. That improves the performance of this method
reducing the database access to only one single call.
This improvement, as commented in the LP bug, affects to
ML2/LinuxBridge. ML2/OVS agent uses a cached RPC implementation
that not requires to perform any RPC call/database query.
Closes-Bug: #2045950
Change-Id: Iafd0419a1d1eeb25d5589edc2570ebf287450957
(cherry picked from commit 6b6abb9698318a0b5db09f0c4d30a47438a94643)
The functional test "TestMaintenance.test_port_forwarding" is checking
the "registry.publish" call after calling
"create_floatingip_port_forwarding" and
"update_floatingip_port_forwarding". This patch makes this check
explicit for the expected call.
This patch is similar to [1].
[1]https://review.opendev.org/c/openstack/neutron/+/893028
Related-Bug: #2033387
Change-Id: I595dbd9b3abf413408fddf60735c0e8bd54e1d5c
(cherry picked from commit 2f637b2cb92dc37ef080eaf433fe580279136f32)
When syncing hostname and physical networks, filter neutron
hosts on agent_type. Only segmenthostmappings for hosts
with agent 'OVN Controller agent' should be cleaned up.
Since change: I935186b6ee95f0cae8dc05869d9742c8fb3353c3 there
is de-duplication of segmenthostmapping updates from agents.
If the OVN DB sync clears/deletes mappings for hosts owned by
other agents/plugins the mappings are never re-created.
Closes-Bug: #2040172
Change-Id: Iaf15e560e1b1ec31618b2ebc6206a938463c1094
Signed-off-by: Harald Jensås <hjensas@redhat.com>
(cherry picked from commit 71d69cf6277ba553354512209a2bff61c013f8ea)
Both metadata agents (OVN and non-OVN) should handle
process exceptions when spawning haproxy processes
such that the agent can continue its operation for
other haproxy processes.
Note:
neutron/tests/unit/agent/dhcp/test_agent.py#L836
Added `mock.call.get_pid_file_name()` to the expected
list of process calls. This call was removed in stable/2031.1
and later.
https://review.opendev.org/c/openstack/neutron/+/903149
Closes-Bug: #2033305
Change-Id: I6da1b135c83ecfc41ec91e907ebf8500325a7a80
(cherry picked from commit ed0515737be75745933f4994b5e6b652f9e0a2be)
When creating a subnet using a subnetpool, we were
failing to validate all the passed API arguments in
the dictionary, leading to a case where you could
specify an invalid DNS nameserver. For example,
using an IPv4 nameserver on an IPv6 subnet. This
could cause daemons the l3-agent starts, like radvd,
to fail to start correctly, leading to a loss of
connectivity.
Specifying a subnet by cidr without a subnetpool
did already correctly fail with an IP version
mismatch error, this is just an edge case that
was never tested.
Since _validate_subnet() was called in so many places
it was moved to a common location and is only not
called for IPv6 prefix-delegation subnets.
Closes-bug: #2036877
Change-Id: I6302e9a373cf93e706cec10f87c3beaf632a0391
(cherry picked from commit 2f91d330dae0127be1adb98f3d6d1fd49745f25d)
In some fullstack tests it is expected that agent is DOWN in the Neutron
DB. It could happen sometimes that in almost the same time test's client
was doing GET /v2.0/agents/{agent_id} call and got result with
"alive=False" and in other thread rpc worker was processing heartbeat
from the agent so it was revived just after API request was finished.
That was causing test failures in some cases.
This patch adds second API call to get agent again after 2 seconds if it
was already marked as DEAD, just to make sure that it is really dead ;)
Closes-Bug: #2045757
Change-Id: I1c20c90b8abd760f3a53b24024f19ef2bd189b5a
(cherry picked from commit 58dcd30dbba67464f6fd7880ce7aee543156af65)
OVN metadata port from NetworkCache is being used and fixed_ips
for it were not available at the time network was added into
the cache. So let's re fetch it if it is available in the cache.
Related-Bug: #1982569
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2213862
Change-Id: Ie0ec43566fa2b3e13b4917493336ce1519c9b6bb
(cherry picked from commit 0afa24d9af9425036b452ca3ffac685f2a30d47d)
Extend the get_hosts_mapped_with_segments method to add
optional filters to include/exclude based on agent type.
Uses a joined query, when both include and exclude
filtering is used togheter the exclude filter is most
significant.
Partial-Bug: #2040172
Change-Id: I2cfd52a2657fad989e24e974fda470ecd960262b
Signed-off-by: Harald Jensås <hjensas@redhat.com>
(cherry picked from commit 64b5787c3283b29cd36dde46ae298ae332f972d5)
The privileged/agent/linux/ip_lib.py code was not always
catching "entry does not exist" type errors when deleting
entries, and most of the callers were not catching it either,
which could lead to random failures.
Add code in the IP route, rule and bridge fdb code to catch
these errors and not raise on them, other exceptions will
still be raised.
Also fixed delete_neigh_entry() to not raise when the
given namespace does not exist to make it like all the
other calls in the file.
Added or modified functional tests for above cases.
Conflicts:
neutron/privileged/agent/linux/ip_lib.py
neutron/tests/unit/privileged/agent/linux/test_ip_lib.py
Change-Id: I083649ab1b9a9057ee276a7f3ba069eb667db870
Closes-bug: #2030804
(cherry picked from commit 16875b5f92731a9cf2d7e819d406bfcc442339f3)
When neutron server restarts the mac address for NAT entries related
to ovn-lb FIPs gets re-added, distributing the traffic that should
be centralized and therefore breaking the connectivity. This happens
due to the port being down. This patch is ensuring the MAC entry
is only being readded in case the port is UP
Closes-Bug: #2042938
Change-Id: I6203009750a4e589eeb808f842cb522d61476179
(cherry picked from commit f2a3020cf0a46dbd896c5f7b4b4f6643d32a6b4a)
As we discussed on the Neutron CI meeting on 7.11.2023 (it was video
meeting, no strict logs stored) [1], to save some time in the fullstack
job execution we want to stop running all the Linuxbridge related
tests/scenarios in fullstack test suite.
Linuxbridge is experimental feature now, not really fully supported by
the Neutron team so we are allowed to do so in this case.
This patch is doing exactly that. There are no any Linuxbridge agent
related tests/scenarios.
Support for Linuxbridge in the Fullstack framework wasn't however
removed completely. It is like that because of 2 reasons:
* there is one DHCP agent related test which tests different segments
and is using Linuxbridge agent on one of the fake nodes,
* maybe there will be at some point need to have some Linuxbridge agent
test there so the infrastructure for that is still available, it won't
cause any issues while it's (almost) not used currently.
[1] https://meetings.opendev.org/meetings/neutron_ci/2023/neutron_ci.2023-11-07-15.00.html
Change-Id: I709c477f66ada037e47ec9abc7fbed1d1a238d20
(cherry picked from commit 688c5e2a911410260a34817a7e15a88bfd465fef)
The job names were changed but not replaced in the
"neutron-periodic-jobs" template.
This patch is also adding new binaries to the nftables installation
role, that includes all the "-save" and "-restore" ones.
Closes-Bug: #2039027
Change-Id: Ia4c140af74db29f4e40299648f1b5091b4801b51
(cherry picked from commit daa0d1c5a2bec7b78837686eff3ea052f0c45bd7)
(cherry picked from commit 591cf6c35c2986a4d11517c08bcf654802bb1a6a)
Conflicts:
zuul.d/job-templates.yaml
When DHCP agent is deployed with ml2/ovn for baremetal
ports, ovn metadata route is not added.
This patch adds route via ovn metadata port if exists
so baremetal nodes can fetch metadata.
Conflicts:
neutron/agent/linux/dhcp.py
The conflict was just simple indent and formatting which needed
manual resolution
Closes-Bug: #1982569
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2213862
Change-Id: I12e496d70bb6db707b317d0aeb6e4edd6c43571e
(cherry picked from commit 82f2a21d1c9e27999d3fd7006a7ecf961039a370)
This change modifies the metadata agent heatbeat
to use a random offset with a max delay of 10 seconds.
The orgial reason for the current logic was to mitigate
https://bugs.launchpad.net/neutron/+bug/1991817
so the logic to spread the heatbeats is maintained but
we now set an upper bound on the delay.
Close-Bug: #2020215
Change-Id: I4d382793255520b9c44ca2aaacebcbda9a432dde
(cherry picked from commit 5e0c102830a18850e35f746160867613e96d1dbc)
To avoid mass response of OVN metadata agents on
heartbeat update - event on OVN Southbound
SB_Global table nb_cfg entry increment, this patch postpone
Chassis/Chassis_Private table update for random number
of seconds in range of ( cfg.CONF.agent_down_time // 2 ).
Related-Bug: #1991817
Change-Id: I6373a3c213b24ec957e4d2ea7fc42524517d10d5
(cherry picked from commit 628442aed7400251f12809a45605bd717f494c4e)
"ebtables-nft" is failing to delete the rule filtering by MAC address:
Bridge chain: neutronMAC-test-veth024379, entries: 2, policy: DROP
-i test-veth024379 --among-src fa:16:3e:47:87:0 -j RETURN
-j DROP
A workaround for this issue, that works with both "ebtables-nft" and
"ebtables-legacy", is to flush the table and recreate the DROP rule.
The MAC spoofing tables have two rules: the one filtering by MAC address
and the default DROP rule. This workaround has the same effect as just
deleting the filtering rule.
Closes-Bug: #2038541
Change-Id: I38bd016c35d7a76d88c6eceec797d1cea84c45d1
(cherry picked from commit 1879d925330af5598a105a8893ab6cfda9dc37e6)
During the port bulk creation, if an IPAM allocation fails (for
example, if the IP address is outside of the subnet CIDR), the
other IPAM allocations already created are deleted before raising
the exception.
Conflicts:
neutron/tests/unit/plugins/ml2/test_plugin.py
Closes-Bug: #2039550
Change-Id: I7fd6e38016d099c03f80874bfa1fb8bdaff8bd2c
(cherry picked from commit 71a7abb498fded6d8d60453074efdef9657f416e)
(cherry picked from commit a4c03671f2b8784cb6bec227ddbd56a16fffbcf1)
In most typical use cases ML2/OVN backend don't needs to run DHCP agent
as OVN provides DHCP functionality natively. But there are some use
cases like Baremetal provisioning over IPv6 or Spine Leaf architecture
with DHCP relays where DHCP agent is necessary and it can work perfectly
fine with ML2/OVN backend.
The problem was that dhcpagentscheduler API extension wasn't listed as
supported by the OVN backend so it was filtered out from the list of
supported extensions during start of the neutron server. This caused
problems with API to get/set/delete networks to/from DHCP agent.
This patch adds this API extension to the list of the extensions
supported by the OVN driver to fix that issue.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/898090
Closes-bug: #2038655
Change-Id: I09a37ca451d44607b7dde344c93ace060c7bda01
(cherry picked from commit f006d29251abe3c138ee0dea5b549496b66b8fa7)