When openvswitch firewall driver is used, it is required to load
nf_conntrack_proto_gre kernel module to make GRE tunnels from VM to VM
working properly.
This patch adds such info in ovs firewall documentation as it should be
deployer decision to load or not load this module.
This patch also adds sanity check which checks if nf_conntrack_proto_gre
module is loaded or not, and can warn user when this module is not
loaded.
It also adds loading of this kernel module in neutron devstack plugin.
Change-Id: Ic97ca00c804f0a540ee0dc53d9e4e07bf8410869
Closes-Bug: #1828053
This patch implements devstack plugin for network-segment-range api.
The network-segment-range api service is based on network-segment-range
spec [1].
[1] https://specs.openstack.org/openstack/neutron-specs/specs/stein/network-segment-range-management.html
Co-authored-by: Allain Legacy <Allain.legacy@windriver.com>
Partially-implements: blueprint network-segment-range-management
Change-Id: I09116a4323763db12917e03f354cf0ef25289fd0
When openvswitch module is loaded by modprobe in [1], if virtual
interface "ovs-system" exists, it causes the error " modprobe:
FATAL: Module openvswitch is in use."
This patch will check "ovs-system" exists or not, then delete it
before load openvswitch module.
[1] https://github.com/openstack/neutron/blob/master/devstack/lib/ovs#L92
Change-Id: I750bd74d1d07a73b57924b84f3d8506e6063936c
This patch implements the L3 agent side router gateway IP rate
limit. For routers in centralized snat node (network node),
the tc rules will be set on the corresponding device in router
namespace:
1. Legacy and HA router, qrouter-namespace and qg-device
2. Dvr (edge) router, snat namespace and qg-device
If gateway IP rate limit was set, then under the same router,
all the VMs without floating IP will share the bandwidth.
Partially-Implements blueprint: router-gateway-ip-qos
Closes-Bug: #1757044
Change-Id: Ie92ff0d4df0e85ce71c7d50f34ea6ff973812af8
This commit adds possibility to configure fip port_forwarding
service plugin and l3 extension with devstack plugin.
Change-Id: If01dd1db1b4a44ba2f7e2d8f8326e331f9dc79e9
If the host OS is using an older kernel and invoke the compile_ovs
function from the DevStack OVS library (devstack/lib/ovs), that function
will try to install the kernel-dev and kernel-headers package even if
the "build_modules" parameter is set to False.
That could fail because the specific kernel-* packages for the version
of the kernel running may not be present in the distro's repository
anymore. Plus, if the kernel modules will not be compiled, there's no
reason to install such packages.
This patch is fixing this problem by using the "build_modules" parameter
as a flag to whether install or not those kernel-* packages.
Change-Id: I11af0e22d25973e6334e867ab2659fbdf9f10d86
Closes-Bug: #1802101
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The patch is fixing two problems found when stacking DevStack on a
Fedora 28 host OS.
Problem 1: Account to the different patch versions between the
kernel-devel and kernel-headers packages.
Problem 2: Install the elfutils-libelf-devel package which is needed to
compile OVS.
For more a detailed information about each problem, check the bug linked
in this patch.
Closes-Bug: #1790143
Change-Id: Idfdee28124ff19272abcaaa3adade0435e3e474a
None of these should be executable, from what I can tell.
Side note: never backup a git repo to an NTFS drive or you lose all your
permissions and need hacks to restore them.
Change-Id: I34de5488129c575a66b38b400c31393fb511765f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Adds devstack configs to try to enable the L3 agent
extension `fip_qos` by checking the API service
extension router, agent and QoS.
Once this L3 agent extension works during the devstack
zuul job installation, we can continue to run the
neutron-tempest-plugin tests for floating IP QoS.
Partially-Implements blueprint: floating-ip-rate-limit
Change-Id: Ibef48e7842a276fe77c901403d67760871f2b7e0
This will be used in a job that will run neutron designate integration
tests from the neutron-tempest-plugin repo.
Change-Id: Ib380d8a98e991a475b20140f5c37e3747aa5fc0c
Needed-By: I9c2eadf1dc86cb60190fb22393a02ffa02770620
This patchset adds a Tempest API test for the port dns_domain attribute.
It also enables the dns-domain-ports extension for testing, which is a
super-set of the dns extension.
Change-Id: I5c1da61a8a49c190aad549713da646a3abb8ccb1
This patch I3d0981fbe30f2436f00c200919b50aeb97491252
resolved custom kernel version, but introduced a bug
for the 3.x series. This patch avoids the replacement
in the case of the 3.x series.
Closes-Bug: #1704077
Co-Authored-By: Moshe Levi <moshele@mellanox.com>
Change-Id: Iff1c5a39fe4b0d9320910d0cfafdd36873825d03
When building custom kernel version
uname -r returns 4.10.0-00054-ge4cd924
but the rpm name is kernel-4.10.0_00054_ge4cd924-1.x86_64
This is because dash is illegal character in rpm version
This patch fix the kernel version is rpm based OS
but converting all the dashes to underscores
Change-Id: I3d0981fbe30f2436f00c200919b50aeb97491252
We don't need condinional ovs compilation since we run on Ubuntu Xenial.
This patch removes remaining bits that are not used by Neutron nor any
other big tent project.
Depends-On: Ia8f63b91334f73519878ba90957db84e7cf176f9
Change-Id: Icfa2eb0258af7c44638dcca688c1fa5ed343455a
After switching to UCA, we started getting ovs 2.5.2. There was a
condition that compiled openvswitch only if the version was lower than
2.5.1. This patch always compiles only kernel part of openvswitch so we
get VXLAN tunnelling working with fullstack.
Closes-bug: 1684897
Change-Id: I13898fc661d590609d2ef40873daef987956db6b
If devstack triggers a plugin that directly imports from devstack/lib/*
before triggering neutron's plugin.sh, NEUTRON_* variables that are used
in some devstack/lib/* files may not be set.
The ``settings`` file is sourced by devstack for all repos before any of
plugins enabled in the environment is triggered, and so moving NEUTRON_*
definitions there should guarantee for us that the variables are set
when the first enabled plugin is executed.
Since Q_PLUGIN_CONF_PATH and Q_PLUGIN_CONF_FILE are defined in
lib/neutron_plugins/ml2:neutron_plugin_configure_common, and we want to
avoid triggering that code from the plugin, we need to duplicate values
for NEUTRON_CORE_PLUGIN_CONF_PATH and NEUTRON_CORE_PLUGIN_CONF from
there.
Closes-Bug: #1675022
Change-Id: Ib65d3615fba270c2fd6c116218bbb95a29f56aa6
This function is public and works for both lib/neutron as well as
lib/neutron-legacy modes.
Co-Authored-By: YAMAMOTO Takashi <yamamoto@midokura.com>
Change-Id: Ib9da52b32bc9adca337e02383194f3fbd9256e9a
Depends-On: I9068fd608e82e70db8d725f92269a26920efebcb
All services except q-sriov-agt now have their neutron-* counterparts.
The only service left behind is the SRIOV agent since it's not critical
to cover it right now, because it's not deployed in gate with the new
lib/neutron code.
Change-Id: I2fbd7649b6ef312940dca704ed3ebdb1e2e93576
Co-Authored-By: YAMAMOTO Takashi <yamamoto@midokura.com>
Those are generally defined by new lib/neutron code.
Change-Id: I2dd0128267b8a836c392d7ac26ade5bd0f421997
Co-Authored-By: YAMAMOTO Takashi <yamamoto@midokura.com>
Instead of making devstack enable it, because it can have
undesired effects for other rally-using gate jobs.
(See Closes-Bug for an example)
Closes-Bug: #1643451
Change-Id: Id971432955196a7d5f64c598aeebf1a7bc245321
The only reason we need newer openvswitch is following fix [1] for
user-space part of openvswitch. This patch fixes our
test_install_flood_to_tun tests.
Current 2.6 branch has issues with ovsdb where connection with native
interface is getting lost and functional job gets stuck. To mitigate
that, this patch switches back to OVS 2.5.1 version for functional jobs,
compiling only user-space part as OVS 2.5.1 kernel modules are not
supported by Xenial.
Fullstack job remains running with 2.6 because the job needs OVS kernel patch
for local VXLAN tunneling.
[1] 56de2148f6
Related-bug: bug/1646107
Change-Id: Ic5419afe7170e759749afd7055441c82c317efe0
In OVS version 2.5.1 there are several bug fixes to issues that Neutron
encounters. This fix allows devstack to install a newer version of OVS,
by default version 2.5.1.
Specifically, for bug 1640283, we need the following commit from OVS:
8c0b419a0b9ac0141d6973dcc80306dfc6a83d31 ofproto/trace: Fix "unchanged"
output for Final flow
The version is overridable by NEUTRON_OVERRIDE_OVS_BRANCH variable.
Change-Id: Icc9d9811e6fc1935966241ed499c5e597a675877
Related-Bug: 1602567
Closes-Bug: 1640283
This allows us to configure neutron when running the rally job in
the gate. This effort stems from patch [1]. Blame Kevin for not
wanting to squash the two together.
[1] I12aaf6121b677e9696131601b3539a7091e2858c
Change-Id: I006957784ac7900021bcfee57cbc83b5a6c533c4
This adds revises_on_change for the following models
and API tests to ensure the correct behavior:
* port security (network and port)
* DNS domain (network and port)
* extra dhcp opts (port)
* extra routes (router)
* subnet service type (subnet)
Additionally, it configures the DNS extension to be loaded
in the gate since the extension is enabled for tempest.
Closes-Bug: #1627649
Change-Id: Ifa969c8c2582f8f41d42df07652f259781a36bb5
Previously we didn't consider kernels higher than 4. This patch returns
True right away if the verions is lesser than 4. If it is 4, then it must
be lesser or equal to 3 to return True. All other versions are not
supported.
Change-Id: I3e9fa088d7cb9cfecbe7670c84a051e15be2a3a9
The previous condition was mistakenly using -le (less or equal) where
strict -lt (less than) condition is needed, making all 4.x matching.
Note: it's the third version of the condition. Reviewers, please
actually review. :)
Change-Id: I34d832ec762f30de16e148ba5bea4888a0606c92
The previous check was mistakenly not matching for 3.4+ kernels that
support compilation.
The ovs 2.5 version delivers stability fixes, apart from features.
That's why the fix is expected to fix recent gate failures we started to
see.
Change-Id: I21749a59a040abc8b9f6a6a6c69f3fa96515962f
Closes-Bug: #1621789
The intention of this patch is not to break current compilations on
Xenial boxes that run with 4.4 kernel which is not supported by OVS
openvswitch kernel module. After we are confident to switch master
branch to be running on Xenial only, we will get rid of the compilation
itself until it's needed by other features.
Change-Id: I1c890bf5a6564a69e36b8289a5d8dc0deee2a429
This patch enables basic CRUD operations on trunk ports and defines
related API extensions. Trunk ports and sub-ports can be persisted
in the Neutron model and are made visible through the API, but the
L2 agent is not notified and no trunk ports or subports are actually
instantiated on compute hosts.
This one of the main patches in the series that implement the end
to end functionality.
Partially-implements: blueprint vlan-aware-vms
Co-Authored-By: Armando Migliaccio <armamig@gmail.com>
Change-Id: I26453eb9a1b25e116193417271400994ac57e4c1
When use origin/master, if we re-installed the devstack with a
RECLONE=True, an error will happen with the error message:
[ERROR] /opt/stack/devstack/functions-common:560 origin/master is neither branch nor tag
Use the branch name without 'origin/' works the same.
Similar change: https://review.openstack.org/#/c/333826
Change-Id: I16f6bd28ad27d4e957c226ed3fceb8881af6e84f
Macvtap agent can now be configured via this devstack.
Note that it is only supported in multinode environments
as compute node. The controller node still needs to run
linuxbridge or ovs.
Documentation will be added in devstack via [1]
[1] https://review.openstack.org/292778
Example:
OVS Controller
--------------
Make sure that the controller
- loads the macvtap ml2 driver
- uses vlan or flat networking
Macvtap Compute Node local.conf
-------------------------------
[[local|localrc]]
SERVICE_HOST=1.2.3.4
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
disable_all_services
enable_plugin neutron git://git.openstack.org/openstack/neutron
enable_service n-cpu
enable_service q-agt
Q_AGENT=macvtap
PHYSICAL_NETWORK=default
[[post-config|/$Q_PLUGIN_CONF_FILE]]
[macvtap]
physical_interface_mappings = $PHYSICAL_NETWORK:eth1
Closes-Bug: #1557407
Change-Id: I0dd4c0d34d5f1c35b397e5e392ce107fb984b0ba
Once the spinout is undergoing we should perform the eviction.
Partially-implements: blueprint bgp-spinout
Depends-on: I8be510153edbc496575cde34943ca4c56645e0fb
Change-Id: I20b6ddd37d10eae70e8294d578e53137c0f866fe