In "test_restart_rpc_on_sighup_multiple_workers", the test needs to
wait until the RPC workers have been properly launched by
``oslo_service.service.ProcessLauncher.launch_service``. Once this
method returns, it is guaranteed that the child worker processes
are running and the signal process handlers are attending the
SIGHUP signal that will reset them.
Conflicts:
neutron/tests/functional/test_server.py
Closes-Bug: #1938428
Change-Id: I1dc56092d099223accc3aefa8e303310c4f6787e
(cherry picked from commit fafcabdbe0)
When an interface is moved to a new namespace, specially with OVS
internal ports, the interface first dissapears from any network
namespace and then is added again. ovs-vswitchd service detects
this interface change as reported in [1]. This delay is the cause
of the related bug, where some interfaces are not present when
the L3 agent needs to manipulate them.
[1]https://bugs.launchpad.net/neutron/+bug/1948832/comments/3
Conflicts:
neutron/tests/functional/agent/linux/test_ip_lib.py
Closes-Bug: #1948832
Change-Id: I3af4d0afa784899689ccb595ce6ba64495431eb9
(cherry picked from commit ebc4766990)
(cherry picked from commit 9c41365041)
Passing newline as extra dhcp option name to the DHCP agent causes
issues with configuration of the dnsmasq process for the network.
This patch removes everything what is after first newline character
in the dhcp_extra_opt's name before building dnsmasq's config.
Depends-On: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/815518
Closes-bug: #1943930
Change-Id: Iab2832e750ff5ef09c5dcacae4dbff4f9e62bc2d
(cherry picked from commit 5abd1fb610)
This is follow up of the patch [1] which fixed updating MTU in the
snat namespace for the DVR routers.
In case of DVR-HA routers there was additional issue with that as
L3 agent tried to update MTU for the qr- interface in the
self.ha_namespace which, for DVR-HA routers is snat namespace.
This patch fixes that issue by setting MTU on the qr- interface in
qrouter namespace and also setting MTU on the snat interface in snat
namespace.
[1] https://review.opendev.org/c/openstack/neutron/+/799226
Conflicts:
neutron/tests/functional/agent/l3/test_dvr_router.py
Closes-bug: #1933273
Change-Id: I409bc674b65e4f495ebd42d03e97a09d51482339
(cherry picked from commit 21eabbcf03)
networking-midonet-tempest-aio-ml2-centos-7 is not defined
after networking-midonet is retired.
This is causing the zuul configuration error on stable/train
gate.
Example: https://review.opendev.org/c/openstack/neutron/+/816597
NOTE: configuration error only happens when there is a change in
zuul.yaml file otherwise zuul just skip to run the non-defined jobs
Change-Id: Id996d0d6731ace2768c0ad10abad1adb565a77ae
Setting new controller for bridge every time when neutron-ovs-agent
is restarted or is doing full-sync may cause some short data plane
connectivity loss and is not needed if same controller is already
configured for the bridge.
With this patch neutron-ovs-agent will first check if controller is
configured for the bridge and if it's the same as what should be
configured, it will skip setting it up.
With this patch also protocols added to the bridge will be first checked
if they aren't already there and only missing ones will be added if
necessary.
Setting of the connectivity mode and inactivity probe is
always performed as this don't cause connectivity issues and is cheap
so we can always ensure that those parameters are configured properly.
Conflicts:
neutron/agent/common/ovs_lib.py
neutron/plugins/ml2/drivers/openvswitch/agent/openflow/native/ovs_bridge.py
neutron/tests/unit/plugins/ml2/drivers/openvswitch/agent/openflow/native/ovs_bridge_test_base.py
Closes-Bug: #1948642
Change-Id: Idfa763df8c60d8ae46cd6351d1b6dc7d950b4c67
(cherry picked from commit 11d166be68)
(cherry picked from commit b1eccf5a2d)
(cherry picked from commit 11fe2bff17)
To check the existance of a namespace, instead of listing the
namespaces directory (by default "/var/run/netns"), this patch
directly checks the existence of the namespace directory, using
"os.path.exists".
This check is faster than listing the whole directory and avoids
timeout problems as reported in the related bug.
Conflicts:
neutron/privileged/agent/linux/utils.py
Closes-Bug: #1947974
Change-Id: I558d50d28378beb3710d98a2113ff9549c82ae17
(cherry picked from commit 8127221479)
(cherry picked from commit 6a9c05a924)
NOTE: this patch is an ammend of [1].
When a SG or a port is deleted, the related log entry should be
too. A log entry has the following fields:
- log.resource_id = SG ID
- log.target_id = port ID
[1] was deleting all log entries, related or not with the SG ID
deleted. This is because "get_logs_bound_sg" returned all log entries,
including those ones without any "resource_id" or "target_id".
Now this method can return only the log entries related to a port or
a SG, excluding those ones without those two parameters populated.
Closes-Bug: #1939558
[1]https://review.opendev.org/c/openstack/neutron/+/804237
Conflicts:
neutron/tests/unit/services/logapi/test_logging_plugin.py
Change-Id: Icb92327a06486e168ce064532d819347e6031cc1
(cherry picked from commit 41f78c678b)
(cherry picked from commit 2c4ab468ae)
(cherry picked from commit d5fd9f035a)
(cherry picked from commit 7790cecfc8)
(cherry picked from commit 226367eed1)
When network's MTU is changed, Neutron sends notification about it
to the L3 agents. In case of DVR (and DVR HA) MTU is then changed in
the qrouter- namespace but should be also changed on snat interfaces
in the snat namespace. And that part was missing.
This patch adds special implementation of the internal_network_updated()
method in the DvrEdgeRouter class so it can configure MTU also for
in the snat namespace.
This patch also removed passing attributes "interface_name",
"ip_cidrs" and "mtu" to the internal_network_updated() method and adds
"port" dict to be passed there. It is consistent with what is already
done in e.g. internal_network_added() method and "port" dict is actually
necessary to configure properly snat internal interface in the snat
namespace.
This patch adds also functional test of update network mtu for all types
of routers as there was no such test at all.
There is additional issue with DVR-HA which isn't fixed with that patch
and for which follow up will be proposed. Because of that this patch is
marked as partial fix for the related bug.
Conflicts:
neutron/tests/functional/agent/l3/test_dvr_router.py
Related-Bug: #1933273
Change-Id: I200acfcaaae7f056ea9a563fead9ff2de8464971
(cherry picked from commit b5dd6efdca)
Allow IP allocation with different segments also for IPv6
auto allocation for OVN service ports.
See change: Ib51cde89ed873f48db4daebc27a0980da9cc0f19
Change-Id: Ic6db2f66be596756b1fed9ffeffc7b049f6e957f
Closes-Bug: #1944948
(cherry picked from commit 84b6db3b05)
Check if SNAT iptables manager is initialized before processing the
IP NAT rules. If the router never had an external GW port, the DVR
GW in the SNAT namespace has not been created and the SNAT iptables
manager has not been initialized.
In this case, the IP NAT rules for centralized FIPs (to be applied
on the SNAT namespace) cannot be set.
Conflicts:
neutron/tests/functional/agent/l3/framework.py
Closes-Bug: #1945215
Change-Id: I426602514805d728f8cd78e42f2b0979b2101089
(cherry picked from commit f18edfdf45)
(cherry picked from commit b9143c37e0)
In allowed address pairs of the port there can be given not single IP
address but whole CIDR. In such case ARP entries for IPs from such
cidr will not be added in the DVR router namespace.
Conflicts:
neutron/agent/l3/dvr_local_router.py
Closes-Bug: #1934912
Change-Id: I7bdefea943379125f93b116bb899446b874d9505
(cherry picked from commit 19375b3e78)
(cherry picked from commit d0cf4638f5)
When allocating a partially defined segment with VLAN type driver, any
physical network can be returned. The method will select randomly any
VLAN segment available, independently of the physnet configured order.
Conflicts:
neutron/tests/unit/plugins/ml2/drivers/test_type_vlan.py
Change-Id: I4d344f5ca6673b70b69a03503ec0f267bf0cadf7
Closes-Bug: #1929190
(cherry picked from commit 05ce5a1f94)
(cherry picked from commit c823bc3294)
(cherry picked from commit e07b66e710)
(cherry picked from commit 9b0f094564)
When security group is deleted, log entries configured for that SG
weren't removed and stayed in the DB as orphaned entries.
That patch fixes that by subscribe logapi service plugin to the
AFTER_DELETE security group events.
Conflicts:
neutron/tests/unit/services/logapi/test_logging_plugin.py
Closes-bug: #1939558
Change-Id: Ibffbbd3b529c31372715d9a064f7cb6bada8c424
(cherry picked from commit 7f06322355)
(cherry picked from commit 9d6aaff9a1)
In functional tests of the HA and DVR HA routers, when e.g.
failover is tested, we should always wait for routers to be in the
expected initial state (primary or backup) before router failover
will actually be done.
Without that, we may hit race condition when initial router's state
is enqueued but not processed yet and then state will be changed thus
no any action will be performed by L3 agent and test may fail.
Additionally in that patch there is "master" instead of "primary" used
for router state.
Conflicts:
neutron/tests/functional/agent/l3/test_dvr_router.py
Closes-Bug: #1939507
Change-Id: Ibd8f78fc822b04965c6a79b57b13be364934f64f
(cherry picked from commit b8ef8e722a)
When the L3 agent starts, reads the floating IP rule priority from
a state file created by "FipRulePriorityAllocator". In case of not
having all floating IPs registers in this file, the method:
- Creates a new priority for this floating IP.
- Creates the "ip rule" in the namespace.
- Adds a new entry in "self.floating_ips_dict".
All "ip rules" present in the namespace that do not match the
registered fixed IP address ("from") and the priority assigned
are deleted.
Closes-Bug: #1891673
Closes-Bug: #1929821
Conflicts:
neutron/tests/unit/agent/l3/test_dvr_local_router.py
Change-Id: Ia3fbde3304ab5f3c309dc62dbf58274afbcf4614
(cherry picked from commit a03c240ef4)
(cherry picked from commit b4ad1a2775)
In short this patch can cause the privsep reader thread to
die resulting in the l3 agent getting stuck and e.g. not
processing any router updates. See related LP bug for full
explanation.
Closes-Bug: #1927868
This reverts commit 662f483120.
Change-Id: Ide7e9771d08eb623dd75941e425813d9b857b4c6
(cherry picked from commit 344fc0c8d2)
If plugin "network_segment_range" is not enabled and a new segment
is required, if no segmentation ID is provided in the request, the
segmentation ID assigned is randomly retrieved from the non
allocated segmentation IDs.
The goal is to improve the concurrent network (and segment) creation.
If several segments are created in parallel, this random query
will return a different segmentation ID to each one, avoiding the
database retry request.
Closes-Bug: #1920923
Conflicts:
neutron/common/utils.py
neutron/plugins/ml2/drivers/helpers.py
neutron/tests/functional/objects/plugins/ml2/test_base.py
neutron/tests/unit/plugins/ml2/drivers/test_type_vlan.py
Change-Id: Id3f71611a00e69c4f22340ca4d05d95e4373cf69
(cherry picked from commit 6eaa6d83d7)
(cherry picked from commit ab56a5cd65)
neutron.tests.unit.common.test_utils.TestThrottler.test_throttler
is failing with "AssertionError: 1 not greater than 1", change the
assert to assertGreaterEqual.
Change-Id: Iba29ab0b1141e731cc811e8bee076dd5726248b5
Closes-Bug: #1916572
(cherry picked from commit b168232e03)
Commit 80eddc4039 optimized
net delete by including net info into notification payload,
however ML2 plugin needs provider info as well.
Conflicts:
neutron/plugins/ml2/plugin.py
Closes-Bug: #1942469
Change-Id: I9f753be0ce5ae7870afb9b3cb74f89be8482356e
(cherry picked from commit 27edf6b6d3)
It seems that using default singleton=True in the
routes.middleware.RoutesMiddleware which is leading to use thread-local
RequestConfig singleton object is not working well with eventlet
monkeypatching of threading library which we are doing in Neutron.
As a result it leaks memory in neutron-api workers every time when API
request to not existing API endpoint is made by user.
To avoid that memory leak, let's use singletone=False in that
RoutesMiddleware object, at least until problem with thread-local
singleton and eventlet monkey patching will be solved.
Closes-Bug: #1942179
Change-Id: Id3a529248d3984506f0166bdc32e334127a01b7b
(cherry picked from commit e610a5eb9e)
In some cases, the arp entry of snat port is not updated
in qrouter namespace. l3-agent calls get_ports_by_subnet()
while setting arps for the subnet. And the snat port is
not returned if it is still unbound. One of the scenario
this is observed is when router is created, external
gateway set and internal subnet attached to router in
quick succession.
This patch retrieves snat port details from router info
as well and updates arp entry for snat port.
Conflicts:
neutron/agent/l3/dvr_local_router.py
Closes-Bug: #1933092
Change-Id: I7ee797b4b930306cf6360922d855f8b24f1b813d
(cherry picked from commit be7d0bb6ab)
(cherry picked from commit f1a9f4ed62)
Passing newline to the dnsmasq may cause security issues, especially
that in case of Neutron that dhcp options' values are controlled by
cloud users.
This patch removes everything what is after first newline character
in the dhcp_extra_opt's values before passing them to dnsmasq.
Closes-Bug: #1939733
Change-Id: Ifeaf258f0b5ea86f25620ac4116d618980a7272e
(cherry picked from commit df891f0593)
When a new network and its first subnet is created, the DHCP agent
bumps the "load" parameter to reflect the number of networks handled.
This "load" parameter is modified when:
- As commented, when the first subnet of a network is created. The
"load" value is bumped.
- When periodically the DHCP agent sends the status, informing about
the current number of networks handled.
If during the subnet creation this "load" value is not updated, it will
be in the next periodic update of the agent.
This "load" value is used by the scheduler to equally distribute the
objects to be managed by any agent type (DHCP agents manage networks).
The bug refers to DHCP but is valid for any other agent.
Conflicts:
neutron/common/utils.py
neutron/scheduler/base_resource_filter.py
Change-Id: Ief402048d99d40b64d81fcf58eb2e39b1ba7ebbb
Closes-Bug: #1939432
(cherry picked from commit 668b1cc652)
(cherry picked from commit 816aca60b9)
(cherry picked from commit 1eb6b8926a)
(cherry picked from commit f315f85a7b)
"nftables" compatible binary, "ebtables-nft", is not 100% compatible
with the legacy API, as reported in LP#1922892.
This patch fixes the following issues when using "ebtables-nft" (while
keeping compatibility with legacy binary):
- When a new chain is created, a default DROP rule is added at the end
of the chain (append). This will prevent the error code 4 when the
chain is listed.
- The chain rules are added at the begining of the chain (insert),
before the default DROP rule. This will prioritize the port rules.
- The MAC rules are cleaned before the new ones are added. That will
prevent the deletion of any new needed rule, now added after the
deletion.
- The "ebtables" command will retry on error code 4. This is the
error returned when the chains are listed and no rule is present
in a new created chain (reporeted in LP#1922892).
This code is backwards compatible, that means it works with the legacy
"ebtables" binary; this is currently installed in the Neutron CI [1].
In order to test with the new binary, "ebtables-nft", two new CI jobs
are added to the periodic queue [2].
[1]1ad9ca56b0/roles/legacy_ebtables/tasks/main.yaml
[2]https://review.opendev.org/c/openstack/neutron/+/785144
Closes-Bug: #1922892
Related-Bug: #1508155
Closes-Bug: #1938670
Conflicts:
neutron/tests/unit/plugins/ml2/drivers/linuxbridge/agent/test_arp_protect.py
Change-Id: I9463b000f6f63e65aaf91d60b30f6c92c01e3baf
(cherry picked from commit 0a931391d8)
(cherry picked from commit fafa5dacd5)
Router_info's _process_internal_ports() method is the one which is
manipulating router_info.internal_ports cache and network_update()
method from the L3 agent is relying on that Router_info's cache to
check if updated network is connected to the router or not.
So they shouldn't be run together as that may cause some race conditions
and unexpected issues, like e.g. described in the related bug.
Until now, network_update event was the only one which was processed
without using queue of events. And because of that such race condition
as described above were possible.
To fix that, this patch changes network_update method in the way that it
now adds update events for each router hosted by agent to the queue.
Those events for single routers are then processed, checks if network is
actually connected to the router and if yes, schedules router update to
be processed.
Conflicts:
neutron/agent/l3/agent.py
Closes-Bug: #1933234
Change-Id: I2efe66a7415f7a18fb85bd2536a1901e751d6203
(cherry picked from commit 6ce48c30bd)
(cherry picked from commit 604b055c71)
(cherry picked from commit 05d0bc6d50)
(cherry picked from commit 463083c713)
It may be useful during debugging some L3 and events related issues.
Related-bug: #1933234
Change-Id: I4bcba0ae82d99fac962d758b48b1727f344ec7bb
(cherry picked from commit 5c9a7fe1b4)
(cherry picked from commit 25f4864d12)
(cherry picked from commit 7de9aa109a)
(cherry picked from commit 5dfd2e5615)
Since [1], Pyroute forks the namespace creation to avoid calling
destructive routine "libc.unshare(CLONE_NEWNET)" from the main
process. This implementation uses sockets between both processes
to return any error feedback sent from the child process.
This patch implements the same fork without any communication. If
the child process raises an exception other than "OSError(EEXIST)",
the child process returns 1 that is read by the the main process,
that raises a "RuntimeError" exception.
Related-Bug: #1917487
[1]81db2c98a1
Conflicts:
neutron/privileged/agent/linux/ip_lib.py
Change-Id: I0294586335a71d0757803843f675124bfb450967
(cherry picked from commit eb56747851)
Set "floatingip.fixed_port" attribute as
viewonly. According to [1], "the originating relationship for a
particular state change will not produce state changes within the
viewonly relationship". That means any change on any of those ports
won't change the backref and won't affect "floatingip" object.
Closes-Bug: #1930294
[1]https://docs.sqlalchemy.org/en/14/orm/relationship_api.html
Change-Id: I202a12f82f70b1094cdb986ba404f396d5e0e427
(cherry picked from commit a98fe51b83)
Zuul
Rodolfo Alonso Hernandez
Slawek Kaplonski
Ghanshyam Mann
Harald Jensås
Edward Hope-Morley
LIU Yulong
Oleg Bondarev
Hemanth Nakkina