22224 Commits

Author SHA1 Message Date
Slawek Kaplonski
538e663f0d Switch to use configure_keystone_authtoken_middleware in devstack plugin
Function "configure_auth_token_middleware" was deprecated in devstack
in [1].
Patch [1] also introduced regression which cause failures in neutron's
neutron-tempest-plugin-designate-scenario job.

New function configure_keystone_authtoken_middleware should be used
instead.
This patch switches to use this new function to solve problem
caused by patch [1] when old function is used.

[1] https://review.opendev.org/#/c/628651/

Change-Id: I96d69bc7a1489377b5e95965e95dc3d3f2f3a933
Closes-Bug: #1834849
2019-07-01 13:50:33 +02:00
Zuul
49c67014c2 Merge "Add custom ethertype processing" 2019-07-01 11:00:55 +00:00
Zuul
54946b7a73 Merge "Assert HA router has one active hosting agent" 2019-06-29 16:03:24 +00:00
Nate Johnston
9ea6a61665 Add custom ethertype processing
The OVS Firewall blocks traffic that does not have either the IPv4 or
IPv6 ethertypes at present.  This is a behavior change compared to the
iptables_hybrid firewall, which only operates on IP packets and thus
does not address other ethertypes.

This is a lightweight change that sets a configuration option in the
neutron openvswitch agent configuration file for permitted ethertypes
and then ensures that the requested ethertypes are permitted on
initialization.  This addresses the security and usability concerns on
both master and stable branches while a full-fledged extension to the
security groups API is considered.

Change-Id: Ide78b0b90cf6d6069ce3787fc60766be52062da0
Related-Bug: #1832758
2019-06-28 14:07:16 -04:00
Zuul
1fb90112a7 Merge "Disable "of_inactivity_probe" in fullstack tests" 2019-06-28 15:15:58 +00:00
Zuul
ad36ba680f Merge "BGP Documentation Updates" 2019-06-28 09:09:32 +00:00
Zuul
69d4d5e481 Merge "Make networking-ovn-tempest-dsvm-ovs-release job voting" 2019-06-28 05:38:45 +00:00
Zuul
871adf6d86 Merge "[Follow Up] Add Smart NIC representor port to integration bridge" 2019-06-28 02:38:33 +00:00
Zuul
e8c6356697 Merge "Fix of_* config options help messages" 2019-06-28 01:23:27 +00:00
Zuul
45adbf41a3 Merge "Add default value to agent create_or_update_agent new param" 2019-06-28 01:23:24 +00:00
Zuul
a430256e3e Merge "Treat networks shared by RBAC in same way as shared with all tenants" 2019-06-28 00:08:39 +00:00
Ryan Tidwell
6fd1cf35a8
BGP Documentation Updates
This change updates the documentation for neutron-dynamic-routing
to reflect recent enhancements in DVR compatibility and use of the
openstack CLI instead of the neutron CLI.

Change-Id: I5af8b5e76ca8fd2fba58d0dd987be37530836480
Closes-Bug: #1832603
2019-06-27 16:01:05 -05:00
Zuul
1bcd209436 Merge "Retry trunk status updates failing with StaleDataError" 2019-06-27 15:56:25 +00:00
Slawek Kaplonski
d5edb080b0 Treat networks shared by RBAC in same way as shared with all tenants
In patch [1] handle of networks with "shared" flag set to True was
fixed and it is now possible to use "rule:shared" in API policy in
actions related e.g. to ports or subnets.
But network can be shared with some specific tenant only by doing it
with RBAC mechanism and in such case it didn't work with [1] only.
It was like that because context.get_admin_context() was used to get
network so this returned network had got shared=False set even if
request comes from tenant for which network was shared through RBAC.

Now network will be always get with context which have got set proper
tenant_id so "shared" flag will be set properly even in case if it's
shared through RBAC.

[1] https://review.opendev.org/#/c/652636/

Change-Id: I38615c0d18bb5a1f22f3e7865ce24615a540aa9a
Closes-Bug: #1833455
2019-06-26 22:04:36 +00:00
Zuul
d35dd9c9c8 Merge "Fix update of network's segmentation id" 2019-06-26 20:58:10 +00:00
Zuul
44b0cae16b Merge "Remove some synchronization decorators from ip_lib" 2019-06-26 17:45:05 +00:00
Slawek Kaplonski
547d694fa1 Fix of_* config options help messages
In patch [1] of_interface config option was removed and now
there is only "native" driver available.
So there is no need to mention in description of of_* config
options that option is used only for 'native' driver. It is
used always now.

TrivialFix

[1] https://review.opendev.org/#/c/599496/

Change-Id: Ia3c261b4fccd637691ad442038fb301b0eeb8258
2019-06-26 12:34:33 +02:00
Zuul
467fc3395d Merge "use AuthenticIPNetwork and AuthenticEUI from neutron-lib" 2019-06-26 06:39:45 +00:00
Zuul
a2bb204bc8 Merge "Turn CIDR in query filter into proper subnet" 2019-06-26 06:39:40 +00:00
Zuul
1ade5d6564 Merge "[OVS] Network segmentation ID change not allowed if multisegments" 2019-06-26 06:39:37 +00:00
Zuul
f556ca703a Merge "Switch to new engine facade for BaseResourceFilter" 2019-06-25 22:44:29 +00:00
Boden R
39c7ac3ffe use AuthenticIPNetwork and AuthenticEUI from neutron-lib
This patch switches over to neutron-lib's version of the the
_AuthenticBase, AuthenticEUI and AuthenticIPNetwork classes by
deleting them from neutron and using lib's version instead.

Depends-On: https://review.opendev.org/#/c/659881/

NeutronLibImpact

Change-Id: Ia3d3db401d6abcb9c9965b945bcd4c199f8e812b
2019-06-25 08:47:48 -06:00
Adit Sarfaty
0963ce94e0 Add default value to agent create_or_update_agent new param
Commit Ifc88dfb3041aa07b197f395172b69399796ba46a recently added a
new agent_timestamp parameter to create_or_update_agent.
As some other projects use this api, the change should have been
backwards compatible.
Adding default to None will solve this issue.

Closes-Bug: #1833589
Change-Id: I2d17f8eaf4d74ae2081f82e3c1a09bdc80b1d701
2019-06-25 14:13:10 +00:00
Zuul
84335b3c7b Merge "Read IP monitor changes in a parallel thread" 2019-06-25 02:25:17 +00:00
Zuul
0b0e0c8b95 Merge "Import "Manage Networking service quotas" admin guide" 2019-06-24 22:47:19 +00:00
Zuul
33310a7dcd Merge "use object event_types from neutron-lib" 2019-06-24 19:18:50 +00:00
Matt Riedemann
2e8693e3a0 Import "Manage Networking service quotas" admin guide
This copies the guide from openstack-manuals [1] which should
have been done with the manuals docs migration in Pike. The
only content change is a todo is added to migrate the guide
from using the deprecated neutron CLIs to the openstack CLIs.

[1] https://docs.openstack.org/ocata/admin-guide/cli-networking-advanced-quotas.html

Change-Id: Ia0cad1ea0c27067bc257c1fc8e05299052e35e1b
Closes-Bug: #1834068
2019-06-24 13:37:36 -04:00
Rodolfo Alonso Hernandez
d8078469a8 Disable "of_inactivity_probe" in fullstack tests
Disable the inactivity probe during the fullstack tests. This probe
is not tracked nor controller during these tests and usually make
them more unstable. As seen in the bug report, in loaded CI nodes,
sometimes the probe raises an error, stopping the current test:

  reconnect|ERR|tcp:127.0.0.1:56401: no response to inactivity probe
    after 5 seconds, disconnecting

Change-Id: Id27326d5deae78ebfad1012efb507fde9e6c1453
Closes-Bug: #1833386
2019-06-24 10:41:46 +00:00
Hamdy Khader
bddad0e1ae [Follow Up] Add Smart NIC representor port to integration bridge
Added fulstack tests for L2 OVS agent's ability to bind SmartNIC ports

Change-Id: If36b56e508fb8ac941ad2f37e483465acb1292a1
2019-06-24 06:58:18 +00:00
LIU Yulong
f5b2c7eed8 Assert HA router has one active hosting agent
Check HA router binding state before restart the agent
for test case:
test_ha_router_restart_agents_no_packet_lost

And move the ping check more nearly to the restart action.

This reverts commit bc073849b6aba62a39846b8be98b0da744caab84.

Change-Id: Ia2eba8d19fcc4d744b7b93623c0f1faf0457bd91
2019-06-23 19:42:37 +08:00
Rodolfo Alonso Hernandez
93d75d89a0 Switch to new engine facade for BaseResourceFilter
Partially-Implements blueprint: enginefacade-switch

Change-Id: I1785ee36ef2a74c8673d6834ac4227a67c55daa3
2019-06-22 15:24:43 +00:00
Rodolfo Alonso Hernandez
dc80fc9fe7 [OVS] Network segmentation ID change not allowed if multisegments
If a network has several segments, the provider network segmentation ID
cannot be changed. This is defined in the feature spec [1].

In the case of having a multisegment network, the OVS agent RPC call
"get_network_details" will return the following value:

  {
    "network": {
      "updated_at": "2019-02-19T13:25:15Z",
      "revision_number": 5,
      "id": "ba973781-065b-4c69-9f07-a5c4f9a3b754",
      ...
      "segments": [{
        "provider:network_type": "vxlan",
        "provider:physical_network": null,
        "provider:segmentation_id": 10041
      },
      {
        "provider:network_type": "vxlan",
        "provider:physical_network": null,
        "provider:segmentation_id": 10066
      }],
      ...
}

The provider network information will be contained inside the "segments"
list, instead of being container in the parent "network" dictionary.

Closes-Bug: #1832745

[1]https://opendev.org/openstack/neutron-specs/src/branch/master/specs/stein/change-segmentation-id-vlan-provider-network.rst

Change-Id: I4fa37519bbf91e93ebd2f0e46e4d14edd40728fd
2019-06-22 15:21:58 +00:00
Zuul
b7b399f16e Merge "Update DPDK docs with note about using veth pairs" 2019-06-22 01:31:53 +00:00
Zuul
3b92b131b4 Merge "Increase TestDhcpAgentHA.agent_down_time to 30 seconds" 2019-06-21 19:27:43 +00:00
Zuul
654e46578d Merge "Add more debug information TestNeutronServer" 2019-06-21 14:15:14 +00:00
Rodolfo Alonso Hernandez
8ecad3ca4b Remove some synchronization decorators from ip_lib
Removed the synchronization from the following ip_lib functions:
* create_netns
* remove_netns
* list_netns

The mentioned bug #1811515 and the corresponding patch [1], explain
the problem of Pyroute2 NetNS class and the file descriptors used
in a multithread environment. This is why, until a fix is applied to
this library, a synchronization decorator was applied to all Pyroute2
commands.

However, the listed functions do not instantiate this class. These three
methods only handle the filesystem in order to create, remove or list
the system namespaces. That means those methods are not affected by the
mentioned bug in Pyroute2 and it is safe to execute them without any
synchronization.

[1] https://review.opendev.org/#/c/631275/

Change-Id: I71521efbdaf9bb6d7cd9650f77c52bf6e02c9ced
Closes-Bug: #1833717
Related-Bug: #1811515
2019-06-21 13:57:26 +00:00
Zuul
566a57a22e Merge "Release notes for dns_domain behavioural changes" 2019-06-20 23:00:25 +00:00
Zuul
7a7c8e68ec Merge "Add fwaas_v2 log optional configuration in l3_agent.ini" 2019-06-20 23:00:18 +00:00
James Page
8b1442c708 Release notes for dns_domain behavioural changes
As part of the fix for bug 1826419, a prior release note was
deleted and no new release note was added to document the
change in behaviour as a result of upgrading.

Add new release note to detail the behaviour of
{network,conf}.dns_domain with respect to the DHCP agent
post upgrade.

The deleted release note will be restored in the stable
branches where it was removed.

Change-Id: Ic668d64c28cdc1068cb2413b09839a127bad46d3
Related-Bug: 1826419
2019-06-20 10:40:34 -04:00
Zuul
0ae30d9449 Merge "use subnet_service_types extension from neutron-lib" 2019-06-20 01:14:55 +00:00
Rodolfo Alonso Hernandez
2ffde257cf Add more debug information TestNeutronServer
The test cases implemented calling "_test_restart_service_on_sighup",
mock the service "start" function. This function appends a temporary
file and this file is read by the main to check the correctness of
the service and workers executing.

In case of failure waiting for the file to be created and populated,
the main function will report now:
- If the file was not created.
- The current size of the file, compared to the expected one (the number
  of times the "start" function was called)

The polling time to check the status of the file was increased to 1
second.

Change-Id: I68452408920ad9a1ee7252dd9012f898ddfa7e09
Related-Bug: #1833279
2019-06-19 22:17:03 +00:00
Slawek Kaplonski
051b58f566 Update DPDK docs with note about using veth pairs
In case when ovs-dpdk is used together with ``ovs_use_veth`` config
option set to True, it cause invalid checksum on all packets send from
qdhcp namespace.
This commit adds short info about this limitation to ovs-dpdk config
guide.

Change-Id: I6237abab3d9e625440e95e75f5091d09a1ec44f0
Related-Bug: #1832021
2019-06-19 14:16:38 -04:00
Zuul
a832a1d1b3 Merge "bump neutron-lib to 1.27.0" 2019-06-19 07:08:37 +00:00
Zuul
0f0d1ea0ff Merge "Add agent timestamp to "_log_heartbeat" method" 2019-06-19 01:37:40 +00:00
Zuul
9829a68664 Merge "segments: Fix resource provider inventories update" 2019-06-19 01:37:37 +00:00
Zuul
568f70fcef Merge "Force segments to use placement 1.1" 2019-06-19 01:27:32 +00:00
Zuul
f0c9322283 Merge "Remove mock of not existing method in L3 agent UT." 2019-06-19 00:59:06 +00:00
Zuul
688bbdd5cd Merge "[Doc] Drop some experimental warnings from admin guide" 2019-06-18 21:00:32 +00:00
Boden R
7181cad179 use object event_types from neutron-lib
This patch consumes the OVO event_types from neutron-lib by removing
the module from neutron and using it from lib instead.

NeutronLibImpact

Change-Id: I3bc3ceb0c47766b0984b67081c4c7d243b8609c2
2019-06-18 14:25:02 -06:00
Boden R
79f7a947d9 use subnet_service_types extension from neutron-lib
This patch switches over to use the subnet_service_types extension
from neutron-lib's API definitions by removing the extension and
test module and using the lib API definition instead.

NeutronLibImpact

Change-Id: Ibba7af42aef7403472a11abe7b0e2e9239c4958e
2019-06-18 11:24:18 -06:00