When we delete vm port with attached QoS policy,
it is just doing nothing if vif_port does not exist.
This is fine for egress bandwidth limit as it is configured
directly on vif_port in OVS.
For ingress bw limit however it uses additional records in
Openvswitch database: qos and queue. Those records are not
cleaned up in such case.
This patch also records port in self.ports in the case of
bandwidth limit rules, just as in the case of dscp rules.
Never execute port clear if vif_port not exists. Finally, ovs
driver can clean such qos and queue records
Change-Id: Iddeb49e1e6538a178ca468df0fdf9e0617ca4f1c
Closes-Bug: #1726732
(cherry picked from commit ee423e1fa0)
If port update event is received by L2 agent and there is
no QoS policy assigned to such port, agent tries to delete
any existing QoS rules from port.
For bandwidth limit rules OVS qos driver tries to update
port in OVS database.
In case if port not exists in OVS database agent raised
exception.
This patch fixes that by checking if port really exists and
removing QoS bandwidth limit rules only for existing ports.
Change-Id: I3775ee7b383ada6e4e4ace53b5405aa3c7c22027
Closes-Bug: 1712913
(cherry picked from commit 46289c3c74)
In some cases we would want to refrain from cleaning up specific
openvswitch ports.
In Octavia, the health manager service is using a predefined[1]
openvswitch port which will gets nuked by the ovs_cleanup script in the
boot process.
That port is created by the operating system NIC configuration file
(by using OVS_EXTRA[2]), but due to the order of actions in the boot
process, the ovs_cleanup script gets invoked by systemd only at a later
stage. As a result the port will be deleted each time and the Octavia
health manager service will fail to bind.
This patch takes advantage of the 'external_ids' column that already
exists for ovs ports, in order to filter out ports we would like to
skip. We filter those ports by adding 'skip_cleanup' to the
'external_ids' column.
It is important to note that this will work if we append the following
to the port: -- set Interface o-hm0 external_ids:skip_cleanup=true"
Related-Bug: #1685223
[1] http://git.openstack.org/cgit/openstack/octavia/tree/devstack/plugin.sh?h=stable/ocata#n190
[2] https://github.com/osrg/openvswitch/blob/master/rhel/README.RHEL#L102
Change-Id: If483d0ee027596999370ab0d21b1743d4ef16acb
n8g-sfc currently has its own variant of OVSBridge to allow the use
of priority in a delete_flows call
This change is meant to make this available outside n8g-sfc and
simplify n8g-sfc code.
This change adds a 'strict' boolean parameter to mod_flow and delete_flows
that results in ovs-ofctl to be run with --strict for del-flows and
mod-flows actions. When strict is set, the use of priority is allowed
and hence not rejected anymore.
Note that for batched actions in a deffered bridge, we disallow mixing
calls with strict and without strict, which can't be translated in one CLI
call.
Needed-By: I3bf939590dd43bff685f133bff86eb7e9068de91
Change-Id: I289d546780f10dc1002ab6bc2e1b38c9ef2d728f
When neutron is deployed with hypervisor is XenServer, current
implementation will grab port's iface-id via xapi, but this isn't
the proper way:
Port's iface-id is already set when creating VM or hot plugging
VIFs in nova project, so there is no need to grab it via xapi
Change-Id: Ie07527cc89ac81ff1e3519db66925cee482f77a4
Closes-Bug: #1649747
With this change delete_flows will only remove flows matching the default
cookie of the bridge.
The uninstall_flows implementation in the native bridge is also modified
to touch only the flows with the bridge cookie.
To still allow deletion of all cookies, cookie=COOKIE_ANY is introduced
as a special value, and used in the agent code in the places where the
intent is indeed to clean all flows whatever their cookie is.
Partial-Bug: #1557620
Change-Id: Idd0531cedda87224531cb8fb6a912ccd0f1554d5
Refactoring Neutron configuration options for agent common config to be
in neutron/conf/agent/common. This will allow centralization of all
configuration options and provide an easy way to import.
Partial-Bug: #1563069
Change-Id: Iebac0cdd3bcfd0135349128921b7ad7a1a939ab8
Needed-By: Ib676003bbe909b5a9013a3178b12dbe291d936af
With this change calling delete_flows with no kwargs will (instead
of resulting in calling "ovs-ofctl <action> <bridge> -", which does
nothing with no flow spec given on stdin) result in calling
"ovs-ofctl <action> <bridge>", which will delete all flows.
This aligns the behavior of delete_flows with the behavior currently seen by
all callers for the same method shadowed by the implementations in
OpenFlowSwitchMixin classes.
Change-Id: Ic0449acb3a0d4915ce025300d6f3c507a3cd8e48
Closes-Bug: 1658019
Provide a method called get_port_mac()
networking-sfc needs the mac address of port "patch-tun".
This is not a neutron port.
Change-ID: I61f607f0ed40da13bb2cc1ea72993f43d4a9c65b
While debugging the related bug, this showed up in the logs:
AddBridgeCommand(datapath_type=None, may_exist=system, name=test-brd8f3648c)
This was caused by the add_bridge command not passing in the datapath
type as named argument so it was taking the positional argument of
may_exist. So the datapath type was being lost whenever this command
was being used.
This fixes it by makeing add_bridge use a named argument for
datapath_type and it also switches it to using the
OVSBridge.create() method to unify the code-paths for bridge
creation.
It's not clear that this was a cause of the bug though, so
this fix is only related.
Change-Id: I5711c29c21741dd847f2c27fb621f723b24cb7fd
Related-Bug: #1627106
- patch DB retry count for tests excercising retry decorator.
These tests were taking 40 seconds per run (one used by 4 classes)
by going through the full retry count with backoff. ~240 seconds of
CPU time lost to them.
- Adjust vsctl_timeout down on ofport retry test.
This one was taking up to 10 seconds with the default timeout.
TrivialFix
Change-Id: Iabe99c06abde81ced7e8dfa48bfe8b066c59ce70
We are replacing all usages of the 'retrying' package with
'tenacity' as the author of retrying is not actively maintaining
the project. Tenacity is a fork of retrying, but has improved the
interface and extensibility (see [1] for more details). Our end
goal here is removing the retrying package from our requirements.
Tenacity provides the same functionality as retrying, but has the
following major differences to account for:
- Tenacity uses seconds rather than ms as retrying did.
- Tenacity has different kwargs for the decorator and
Retrying class itself.
- Tenacity has a different approach for retrying args by
using classes for its stop/wait/retry kwargs.
- By default tenacity raises a RetryError if a retried callable
times out; retrying raises the last exception from the callable.
Tenacity provides backwards compatibility here by offering
the 'reraise' kwarg.
- Tenacity defines 'time.sleep' as a default value for a kwarg.
That said consumers who need to mock patch time.sleep
need to account for this via mocking of time.sleep before
tenacity is imported.
- For retries that check a result, tenacity will raise if the retried
function raises, whereas retrying retried on all exceptions.
This patch updates all usages of retrying with tenacity.
Unit tests will be included where applicable.
Note: This change is not newton critical so projects are welcome
to hold off on committing until post-newton. Ideally this change
will merge by the first part of Ocata so dependant functionality
can land and have time to solidify for Ocata.
[1] https://github.com/jd/tenacity
Closes-Bug: #1635395
Change-Id: I1c0620894d07d58efbba5226b5244fec950354ca
- unit tests were fixed mainly by mocking
Connection class of native implementation.
- some ovs-lib tests rely on direct ovs-vsctl
output. Temporarily decorated with @vsctl_only.
UpgradeImpact
Change-Id: I2632b0e21edd61536867a9fc830a45d9899091e4
When the OVS bridge is still being initialized we get
a "failed to connect to socket" error when running ovs-ofctl.
This shows up quite frequently in our functional tests and
may be the source of their high failure rate.
Ultimately we need to change the behavior of run_ofctl to not
ignore errors by default, but this will require a lot of effort
because there are many places that likely expect this behavior.
As a workaround, this patch checks for the specific socket failure
and attempts the command again up to 10 times, sleeping for 1
second between each attempt to wait for the bridge to be ready.
Closes-Bug: #1550623
Closes-Bug: #1551593
Change-Id: I663a54608ed96133014104fe033ecea0a867ac4c
- Introduces an API to allow l2-agents to access resources within
the Open vSwitch Agent, specifically the integration and tunnel bridges.
- adds consume_api method to the AgentCoreResourceExtension class.
- modifies the AgentExtensionManager class to accept the AgentExtensionAPI
class as an optional argument.
- adds the OVSAgentExtensionAPI class.
- modifies ovs_lib and ofswitch to include a list of uuid stamps
to exempt from flow deletion.
- adds the OVSBridgeCookieMixin class that manages the distribution of
cookies and maintains the list of reserved cookies.
- modifies OVSNeutronAgent to initialize OVSAgentExtensionAPI and pass
into the AgentExtensionManager.
Partial-Bug: #1517903
Co-Authored-By: Nate Johnston <nate_johnston@cable.comcast.com>
Co-Authored-By: Thomas Morin <thomas.morin@orange.com>
Implements: blueprint l2-api-extensions
Change-Id: I7cb61f30689dff2d7895d444060dedc1532a63ec
Now it lives in networking-midonet repository.
Closes-Bug: #1510826
Depends-On: I0a4d19ddeddfde2319dcbe24665a24d371625b10
Related-blueprint: core-vendor-decomposition
Change-Id: Ifd18ee1703541d04f1a4717a8b0b8e6dc61a2f4e
This change will not force a resync in the case where a virtual machine is
deleted, and therefore its OVS port deleted, in between the time an RPC
call was made to get the devices and where we make the call to correlate
those devices to vif ports.
Change-Id: Ie55eb69ad7ee177f0cf8ee8fc7fc585fbd0d4a22
Closes-Bug: #1499488
Changed the interface_driver configure for agents from class
imports to stevedor aliases. The loading method needed to be
updated to load as a DriverManager. Backward compatability
for configuration as class import.
DocImpact
Change-Id: Ic349691989484286cd7c60eaf3ad1454c5852d1f
Closes-Bug: #1504536
Neutron should use the specific assertion:
self.assertIsNone(observed)
instead of the generic assertion:
self.assertEqual(None, observed)
as it raises more specific errors.
Closes-Bug: #1503055
Change-Id: Ib7e5875bd0a95320d89a7504f951998fb210acc1
The new option for the ovs agent will enable to set/unset the
csum option for the vxlan/gre tunnels. The default is maintained as False.
Change-Id: I18dcd8946b585e70f8890a5c222ea37059c4a0c5
Implements: bp ovs-tunnel-csum-option
Closes-bug: #1492111
Without that fix flows applied to br-tun through
DeferredOVSBridge are created without cookie.
That results in l2pop flows being deleted in the process of
cleanup of stale flows.
Solution is to add cookie to all add/mod-flows of OVSBrigde
class in the method do_action_flows.
Also, agent_uuid_stamp moved to a proper place - into the
base OVSBridge class as storing attributes in Mixing was
just a wrong code design.
Change-Id: Ic09a0dbc04fc5da38d30e1392cf2ea27d576040c
Closes-Bug: #1489372
This change introduces a new datapath_type parameter
to allow specification of the ovs datapath to be used.
This change introduces new functional and unit tests.
DocImpact
Change-Id: I929d8d15fc6cfdb799c53ef0f3722f4ed5c1096d
Partial-Bug: #1469871
IPv6 protocol requires a minimum MTU of 1280 bytes on the interface
to configure an IPv6 address to the interface. This patch logs an
appropriate error message and exits the agent if ipv6 is enabled and
network_device_mtu is less than the minimum value.
DocImpact
Closes-Bug: #1475015
Change-Id: I13666de4e6f5f6775ad26342e513c3c17a003b8e
When agent is restarted it drops all existing flows. This
breaks all networking until the flows are re-created.
This change adds an ability to drop only old flows.
Agent_uuid_stamp is added for agents. This agent_uuid_stamp is set as
cookie for flows and then flows with stale cookies are deleted during
cleanup.
Co-Authored-By: Ann Kamyshnikova<akamyshnikova@mirantis.com>
Closes-bug: #1383674
DocImpact
Change-Id: I95070d8218859d4fff1d572c1792cdf6019dd7ea
The idea here was to remove redundant unit tests.
The approach here has been that if the function being tested does not
implement any custom logic (apart from calling ovsdb), the unit test
does not help.
Refer to the bug description for more details of the specific tests
removed.
Change-Id: I35dc60bb714566c33f5cee5aab3e5b83bd0610e3
Closes-Bug: #1459811
OVSBridge was inheriting db_list from BaseOVS, which was
returning the information of all the ports on the machine,
not only the ones belonging to the bridge.
The OVSNeutronAgent was using that method with the assumption
that ports were filtered by bridge.
To avoid confusion, this patch add a new method to OVSBridge
get_ports_attributes to query the info for all the ports
belonging to the bridge.
db_list is removed from BaseOVS since that method is already
available in ovsdb/api.py
ovs_lib methods that use db_list are refactored accordingly.
Co-Authored-By: Assaf Muller <amuller@redhat.com>
Change-Id: I2ce6d232744f48ba7fc0f824a7db32e3655bc2aa
Closes-Bug: 1473199
oslo_utils raise ImportError if import fails. We should propagate other
failures to callers. Otherwise we may hide issues.
Also report exact failure from import_object in case L3 agent fails to
import interface_driver.
As part of the job, consolidated code to load interface driver into
common function.
Also, stopped checking for specific log messages in dhcp and l3 agent
unit tests: it's too fragile and actually not something we need a unit
test for.
Not to introduce more work for people who handle py3 porting effort,
added the unit test into the list of those that are executed for py34
job until the whole suite is ready for python3.
Change-Id: I10cdb8414c9fb4ad5cfd3f3b2630811f50ffb0c7
This patch updates get_vif_ports so that it skips
ports which aren't in the 'Interfaces' table.
This fixes an issue where neutron-ovs-cleanup would
fail if any sort of OVS bond was on the bridge getting
cleaned up. This is because bonds don't have the same
attributes as ports, and thus fail subsequent ovs-vsctl
queries.
Change-Id: Ic9d30e5916122ce23c5dc8631fbb71115ae8a960
Closes-bug: #1473179
During startup, the agent was making many calls per port
to read information about the current VLAN, external ID, etc.
This resulted in hundreds of calls just to read information about
a relatively small number of ports.
This patch addresses that by converting a few key functions to
lookup information for all of the ports at once.
Performance improvement on dev laptop for 250 ports from agent
start to port ACTIVE status:
before: 1m21s
after: 1m06s
Closes-Bug: #1460233
Change-Id: Ic80c85a07fee3e5651dc19819c6cebdc2048dda7
The current API only support setting a bridge fail mode
to secure, this patch allow the user to set it to 'standalone'
as well
Change-Id: If7e6532dc7f8527c35834a37144ea4386fe1b861
Closes-Bug: #1458924
Newly added ports to OVSDB might not yet have an
ofport number assigned to them. This causes the
return from the DB query to return a list instead
of a port number.
This patch handles that by attempting to convert
each result into an integer and then catching the
exception and continuing through the iteration to
ignore uninitialized ports like these.
It also adds a unit test based on data from a
failure observed in the gate.
Change-Id: I5c1bc8363cc7b07a03df12e3ccd49a09b1907ad2
Closes-Bug: #1444269
This change ensures that the structure of the unit test tree matches
that of the code tree to make it obvious where to find tests for a
given module. A check is added to the pep8 job to protect against
regressions.
The plugin test paths are relocated to neutron/tests/unit/plugins
but are otherwise ignored for now.
Change-Id: If307593259139171be21a71c58e3a34bf148cc7f
Partial-Bug: #1440834
neutron/tests/unit/agent/common directory defines tests but is not a
valid python2 package: __init___.py is missing.
Change-Id: Ida0055b64c23c4af3f4cdce2a777b19418451f33
This patch abstracts away platform specific differences in
agent/linux/utils.py and agent/linux/polling.py in order for
OVS neutron agent to work on Hyper-V.
agent.linux.utils uses fcntl that is not available on Windows and
also uses rootwrap which is no necessary on Windows.
ovsdb_monitor.SimpleInterfaceMonitor works only on GNU/Linux because
agent.linux.async_process uses platfom specific components like the
kill command.
Unit tests have been updated accordingly
Implements blueprint: hyper-v-ovs-agent
Change-Id: I3326414335467d9dc5da03e6d1016d0e32330dd0
This patch moves ovs_lib from agent/linux to agent/common
since it will be used by ovs_neutron_agent on both Linux
and Windows platforms. To provide compatibility with out of
tree code, a placeholder has been left in agent/linux.
Unit tests are updated accordingly.
Partially implements blueprint: hyper-v-ovs-agent
Change-Id: I009f7f5e3b014633541ed5a45628aa1b2287e22b
Zachary