When we delete vm port with attached QoS policy,
it is just doing nothing if vif_port does not exist.
This is fine for egress bandwidth limit as it is configured
directly on vif_port in OVS.
For ingress bw limit however it uses additional records in
Openvswitch database: qos and queue. Those records are not
cleaned up in such case.
This patch also records port in self.ports in the case of
bandwidth limit rules, just as in the case of dscp rules.
Never execute port clear if vif_port not exists. Finally, ovs
driver can clean such qos and queue records
(cherry picked from commit ee423e1fa0)
If port update event is received by L2 agent and there is
no QoS policy assigned to such port, agent tries to delete
any existing QoS rules from port.
For bandwidth limit rules OVS qos driver tries to update
port in OVS database.
In case if port not exists in OVS database agent raised
This patch fixes that by checking if port really exists and
removing QoS bandwidth limit rules only for existing ports.
(cherry picked from commit 46289c3c74)
In some cases we would want to refrain from cleaning up specific
In Octavia, the health manager service is using a predefined
openvswitch port which will gets nuked by the ovs_cleanup script in the
That port is created by the operating system NIC configuration file
(by using OVS_EXTRA), but due to the order of actions in the boot
process, the ovs_cleanup script gets invoked by systemd only at a later
stage. As a result the port will be deleted each time and the Octavia
health manager service will fail to bind.
This patch takes advantage of the 'external_ids' column that already
exists for ovs ports, in order to filter out ports we would like to
skip. We filter those ports by adding 'skip_cleanup' to the
It is important to note that this will work if we append the following
to the port: -- set Interface o-hm0 external_ids:skip_cleanup=true"
n8g-sfc currently has its own variant of OVSBridge to allow the use
of priority in a delete_flows call
This change is meant to make this available outside n8g-sfc and
simplify n8g-sfc code.
This change adds a 'strict' boolean parameter to mod_flow and delete_flows
that results in ovs-ofctl to be run with --strict for del-flows and
mod-flows actions. When strict is set, the use of priority is allowed
and hence not rejected anymore.
Note that for batched actions in a deffered bridge, we disallow mixing
calls with strict and without strict, which can't be translated in one CLI
When neutron is deployed with hypervisor is XenServer, current
implementation will grab port's iface-id via xapi, but this isn't
the proper way:
Port's iface-id is already set when creating VM or hot plugging
VIFs in nova project, so there is no need to grab it via xapi
With this change delete_flows will only remove flows matching the default
cookie of the bridge.
The uninstall_flows implementation in the native bridge is also modified
to touch only the flows with the bridge cookie.
To still allow deletion of all cookies, cookie=COOKIE_ANY is introduced
as a special value, and used in the agent code in the places where the
intent is indeed to clean all flows whatever their cookie is.
Refactoring Neutron configuration options for agent common config to be
in neutron/conf/agent/common. This will allow centralization of all
configuration options and provide an easy way to import.
With this change calling delete_flows with no kwargs will (instead
of resulting in calling "ovs-ofctl <action> <bridge> -", which does
nothing with no flow spec given on stdin) result in calling
"ovs-ofctl <action> <bridge>", which will delete all flows.
This aligns the behavior of delete_flows with the behavior currently seen by
all callers for the same method shadowed by the implementations in
While debugging the related bug, this showed up in the logs:
AddBridgeCommand(datapath_type=None, may_exist=system, name=test-brd8f3648c)
This was caused by the add_bridge command not passing in the datapath
type as named argument so it was taking the positional argument of
may_exist. So the datapath type was being lost whenever this command
was being used.
This fixes it by makeing add_bridge use a named argument for
datapath_type and it also switches it to using the
OVSBridge.create() method to unify the code-paths for bridge
It's not clear that this was a cause of the bug though, so
this fix is only related.
- patch DB retry count for tests excercising retry decorator.
These tests were taking 40 seconds per run (one used by 4 classes)
by going through the full retry count with backoff. ~240 seconds of
CPU time lost to them.
- Adjust vsctl_timeout down on ofport retry test.
This one was taking up to 10 seconds with the default timeout.
We are replacing all usages of the 'retrying' package with
'tenacity' as the author of retrying is not actively maintaining
the project. Tenacity is a fork of retrying, but has improved the
interface and extensibility (see  for more details). Our end
goal here is removing the retrying package from our requirements.
Tenacity provides the same functionality as retrying, but has the
following major differences to account for:
- Tenacity uses seconds rather than ms as retrying did.
- Tenacity has different kwargs for the decorator and
Retrying class itself.
- Tenacity has a different approach for retrying args by
using classes for its stop/wait/retry kwargs.
- By default tenacity raises a RetryError if a retried callable
times out; retrying raises the last exception from the callable.
Tenacity provides backwards compatibility here by offering
the 'reraise' kwarg.
- Tenacity defines 'time.sleep' as a default value for a kwarg.
That said consumers who need to mock patch time.sleep
need to account for this via mocking of time.sleep before
tenacity is imported.
- For retries that check a result, tenacity will raise if the retried
function raises, whereas retrying retried on all exceptions.
This patch updates all usages of retrying with tenacity.
Unit tests will be included where applicable.
Note: This change is not newton critical so projects are welcome
to hold off on committing until post-newton. Ideally this change
will merge by the first part of Ocata so dependant functionality
can land and have time to solidify for Ocata.
- unit tests were fixed mainly by mocking
Connection class of native implementation.
- some ovs-lib tests rely on direct ovs-vsctl
output. Temporarily decorated with @vsctl_only.
When the OVS bridge is still being initialized we get
a "failed to connect to socket" error when running ovs-ofctl.
This shows up quite frequently in our functional tests and
may be the source of their high failure rate.
Ultimately we need to change the behavior of run_ofctl to not
ignore errors by default, but this will require a lot of effort
because there are many places that likely expect this behavior.
As a workaround, this patch checks for the specific socket failure
and attempts the command again up to 10 times, sleeping for 1
second between each attempt to wait for the bridge to be ready.
- Introduces an API to allow l2-agents to access resources within
the Open vSwitch Agent, specifically the integration and tunnel bridges.
- adds consume_api method to the AgentCoreResourceExtension class.
- modifies the AgentExtensionManager class to accept the AgentExtensionAPI
class as an optional argument.
- adds the OVSAgentExtensionAPI class.
- modifies ovs_lib and ofswitch to include a list of uuid stamps
to exempt from flow deletion.
- adds the OVSBridgeCookieMixin class that manages the distribution of
cookies and maintains the list of reserved cookies.
- modifies OVSNeutronAgent to initialize OVSAgentExtensionAPI and pass
into the AgentExtensionManager.
Co-Authored-By: Nate Johnston <firstname.lastname@example.org>
Co-Authored-By: Thomas Morin <email@example.com>
Implements: blueprint l2-api-extensions
Now it lives in networking-midonet repository.
This change will not force a resync in the case where a virtual machine is
deleted, and therefore its OVS port deleted, in between the time an RPC
call was made to get the devices and where we make the call to correlate
those devices to vif ports.
Changed the interface_driver configure for agents from class
imports to stevedor aliases. The loading method needed to be
updated to load as a DriverManager. Backward compatability
for configuration as class import.
Neutron should use the specific assertion:
instead of the generic assertion:
as it raises more specific errors.
The new option for the ovs agent will enable to set/unset the
csum option for the vxlan/gre tunnels. The default is maintained as False.
Implements: bp ovs-tunnel-csum-option
Without that fix flows applied to br-tun through
DeferredOVSBridge are created without cookie.
That results in l2pop flows being deleted in the process of
cleanup of stale flows.
Solution is to add cookie to all add/mod-flows of OVSBrigde
class in the method do_action_flows.
Also, agent_uuid_stamp moved to a proper place - into the
base OVSBridge class as storing attributes in Mixing was
just a wrong code design.
This change introduces a new datapath_type parameter
to allow specification of the ovs datapath to be used.
This change introduces new functional and unit tests.
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface
to configure an IPv6 address to the interface. This patch logs an
appropriate error message and exits the agent if ipv6 is enabled and
network_device_mtu is less than the minimum value.
When agent is restarted it drops all existing flows. This
breaks all networking until the flows are re-created.
This change adds an ability to drop only old flows.
Agent_uuid_stamp is added for agents. This agent_uuid_stamp is set as
cookie for flows and then flows with stale cookies are deleted during
Co-Authored-By: Ann Kamyshnikova<firstname.lastname@example.org>
The idea here was to remove redundant unit tests.
The approach here has been that if the function being tested does not
implement any custom logic (apart from calling ovsdb), the unit test
does not help.
Refer to the bug description for more details of the specific tests
OVSBridge was inheriting db_list from BaseOVS, which was
returning the information of all the ports on the machine,
not only the ones belonging to the bridge.
The OVSNeutronAgent was using that method with the assumption
that ports were filtered by bridge.
To avoid confusion, this patch add a new method to OVSBridge
get_ports_attributes to query the info for all the ports
belonging to the bridge.
db_list is removed from BaseOVS since that method is already
available in ovsdb/api.py
ovs_lib methods that use db_list are refactored accordingly.
Co-Authored-By: Assaf Muller <email@example.com>
oslo_utils raise ImportError if import fails. We should propagate other
failures to callers. Otherwise we may hide issues.
Also report exact failure from import_object in case L3 agent fails to
As part of the job, consolidated code to load interface driver into
Also, stopped checking for specific log messages in dhcp and l3 agent
unit tests: it's too fragile and actually not something we need a unit
Not to introduce more work for people who handle py3 porting effort,
added the unit test into the list of those that are executed for py34
job until the whole suite is ready for python3.
This patch updates get_vif_ports so that it skips
ports which aren't in the 'Interfaces' table.
This fixes an issue where neutron-ovs-cleanup would
fail if any sort of OVS bond was on the bridge getting
cleaned up. This is because bonds don't have the same
attributes as ports, and thus fail subsequent ovs-vsctl
During startup, the agent was making many calls per port
to read information about the current VLAN, external ID, etc.
This resulted in hundreds of calls just to read information about
a relatively small number of ports.
This patch addresses that by converting a few key functions to
lookup information for all of the ports at once.
Performance improvement on dev laptop for 250 ports from agent
start to port ACTIVE status:
Newly added ports to OVSDB might not yet have an
ofport number assigned to them. This causes the
return from the DB query to return a list instead
of a port number.
This patch handles that by attempting to convert
each result into an integer and then catching the
exception and continuing through the iteration to
ignore uninitialized ports like these.
It also adds a unit test based on data from a
failure observed in the gate.
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
This patch abstracts away platform specific differences in
agent/linux/utils.py and agent/linux/polling.py in order for
OVS neutron agent to work on Hyper-V.
agent.linux.utils uses fcntl that is not available on Windows and
also uses rootwrap which is no necessary on Windows.
ovsdb_monitor.SimpleInterfaceMonitor works only on GNU/Linux because
agent.linux.async_process uses platfom specific components like the
Unit tests have been updated accordingly
Implements blueprint: hyper-v-ovs-agent
This patch moves ovs_lib from agent/linux to agent/common
since it will be used by ovs_neutron_agent on both Linux
and Windows platforms. To provide compatibility with out of
tree code, a placeholder has been left in agent/linux.
Unit tests are updated accordingly.
Partially implements blueprint: hyper-v-ovs-agent