491 Commits

Author SHA1 Message Date
Zuul
0e2508c8b1 Merge "Notify ironic on port status changes" 2019-06-01 02:07:46 +00:00
Zuul
3e6376f428 Merge "Add Smart NIC representor port to integration bridge" 2019-05-31 12:05:36 +00:00
Zuul
e79d71677f Merge "OVS DPDK port representors support" 2019-05-29 23:32:12 +00:00
Harald Jensås
afff649a39 Notify ironic on port status changes
This patch adds an ironic notifier that sends notifications
to ironic endpoint /v1/events. The events are triggered by
port updates and deletions. Only ports with vnic_type
baremetal are honored.

Story: 1304673
Task: 22263
Closes-Bug: #1828367
Implements: blueprint event-notifier-ironic
Authored-By: Vasyl Saienko <vsaienko@mirantis.com>
Co-Authored-By: Harald Jensås <hjensas@redhat.com>
Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: I0bb3187a88a7f20adb8c60e24945db159afb83f1
2019-05-27 13:38:42 +02:00
Hamdy Khader
47390226f5 OVS DPDK port representors support
Adds support for OVS DPDK port representors[1], a direct port on
a netdev datapath is considered a DPDK representor port.

get_vif_type returns OVS VIF type in case of a direct port.

[1] http://docs.openvswitch.org/en/latest/topics/dpdk/phy/#representors

Closes-Bug: #1829734
Change-Id: I3956eeda19ebc93fdb0b13c1cfb3dc64abffee9f
2019-05-27 13:30:49 +03:00
Ihar Hrachyshka
4aeec20001 Drop of_interface option
Default value for "of_interface" config option was switched
to "native" in Pike release.
In the same release this option was deprecated to removal.
Now it's time to remove it and force use of "native" driver to
manage openflows.

Change-Id: Ic900209868acfbe3bbb56fabbbf5c4472857e412
Co-Authored-By: Ihar Hrachyshka <ihrachys@redhat.com>
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>
2019-05-24 10:33:48 +02:00
Hamdy Khader
b4243ad3f7 Add Smart NIC representor port to integration bridge
In case of Smart NIC vNIC type neutron should mimic nova-compute
that plug the port to the ovs bridge.

Extend the Neutron OVS mechanism driver and Neutron OVS Agent to bind
the Neutron port for the baremetal host with Smart NIC. This will allow
the Neutron OVS Agent to configure the pipeline of the OVS running on
the Smart NIC and leverage the pipeline features such as: VXLAN,
Security Groups and ARP Responder.

Story: #2003346
Closes-Bug: #1785608
Change-Id: I6d520d3bac2e9ceb30b5b6197c6eb0f958cc3659
2019-05-23 10:54:36 +03:00
Zuul
8887343782 Merge "Change provider network segmentation ID in OVS agent" 2019-05-22 12:36:20 +00:00
Nate Johnston
1916bc5c06 Allow first address in an IPv6 subnet as valid unicast
When looking at the RFC [1], there's no mention that this can't be the
gateway address.  Permit it.

[1] https://tools.ietf.org/html/rfc4291#section-2.6.1

Change-Id: I3f2905c2c4fca02406dfa3c801c166c14389ba41
Fixes-Bug: #1682094
2019-05-21 16:31:18 +00:00
Rodolfo Alonso Hernandez
2bcc178be1 Change provider network segmentation ID in OVS agent
Added the ability to change the segmentation ID of a network
with ports bound to OVS agent. The rules, both in the integration
bridge and the physical bridge, to convert the internal VLAN tag
and the external segmentation ID (external VLAN tag) are deleted
and created again with the new value. The traffic from the tenant
networks will be tagged then with the new segmentation ID.

Added get network details agent RPC call to retrieve the information
of the updated network.

Partial-Bug: #1806052

Change-Id: I69f6f3ef717c3ed40218099b1f389afd3d39bd62
2019-05-20 18:53:17 +00:00
Darragh O'Reilly
540d00f68e Make OVS controller inactivity_probe configurable
This parameter applies to the OVSDB Controller table when the
native openflow driver is used. There are reports that increasing
it can reduce errors on busy systems. This patch also sets the
default value to 10s which is more than the OVS default of 5s.
See the ovs-vswitchd.conf.db man page for full description.

Change-Id: If0d42919412dac75deb4d7f484c42cea630fbc59
Partial-Bug: #1817022
2019-05-17 16:08:21 +00:00
Zuul
554b7cd228 Merge "Add router_factory to l3-agent and L3 extension API" 2019-04-27 06:37:15 +00:00
Yang Youseok
ec875b42b6 Add router_factory to l3-agent and L3 extension API
Currently, most implementations override the L3NatAgent class itself
for their own logic since there is no proper interface to extend
RouterInfo class. This adds unnecessary complexity for developers
who just want to extend router mechanism instead of whole RPC.

Add a RouterFactory class that developer can registers RouterInfo class
and delegate it for RouterInfo creation. Seperate functions and variables
which currently used externally to abstract class from RouterInfo, so that
extension can use the basic interface.

Provide the router registration function to the l3 extension API so that
extension can extend RouterInfo itself which correspond to each features
(ha, distribtued, ha + distributed)

Depends-On: https://review.openstack.org/#/c/620348/
Closes-Bug: #1804634
Partially-Implements: blueprint openflow-based-dvr
Change-Id: I1eff726900a8e67596814ca9a5f392938f154d7b
2019-04-26 10:22:50 +09:00
Zuul
540449cfbd Merge "Add log file for neutron-keepalived-state-change" 2019-04-24 19:04:47 +00:00
LIU Yulong
ccf76c36bb Add log file for neutron-keepalived-state-change
neutron-keepalived-state-change may not start but have no method
to find out why. This patch adds the log file for it.

Change-Id: I688a6e6d0ac42c00d87571484f726e0eae091675
Related-Bug: #1822155
2019-04-18 01:04:16 +00:00
Zuul
61e0ab0640 Merge "Change default local ovs connection timeout" 2019-04-05 04:18:55 +00:00
LIU Yulong
64ea642359 Change default local ovs connection timeout
Large number of flows can cause local ovs connection
timeout. Ultimately getting succeed will be better
than a retry or fullsync.

Related-Bug: #1813703
Related-Bug: #1813705
Related-Bug: #1813707
Related-Bug: #1813709

Change-Id: Ifa0608a7e131df3cad2f7727426720afce641a58
2019-03-25 02:51:20 +00:00
15253efde5 Update master for stable/stein
Add file to the reno documentation build to show release notes for
stable/stein.

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/stein.

Change-Id: I56674b093e7de39399d7753df7f9cd46ccd197e5
Sem-Ver: feature
2019-03-24 22:14:44 +00:00
Bence Romsics
d1696619c5 Reject min-bw rule operations on non-physnet networks/ports
Change-Id: I54d421d0993bd9515ab5ba32f75f40d1ef46eccb
Closes-Bug: #1819029
Depends-On: https://review.openstack.org/644847
2019-03-23 15:44:31 +00:00
Zuul
c42287eef3 Merge "More accurate agent restart state transfer" 2019-03-23 04:46:44 +00:00
Brian Haley
7369b69e2e Dynamically increase DHCP process queue green pool size
As done for the l3-agent in 837c9283abd4ccb56d5b4ad0eb1ca435cd2fdf3b,
dynamically resize the DHCP process queue green pool.

This patch adds a new measurement based on the network quantity to
indicate the DHCP process queue green pool size. The pool size
will be limited from 8 (original value) to 32, because we do not want
to increase the DHCP agent processing cost on the node.

Change-Id: Ic0e7bc15f138273c7a6ad41f228c9f315e6c7a91
Related-Bug: #1813787
2019-03-21 21:55:04 +00:00
LIU Yulong
a5244d6d44 More accurate agent restart state transfer
Ovs-agent can be very time-consuming in handling a large number
of ports. At this point, the ovs-agent status report may have
exceeded the set timeout value. Some flows updating operations
will not be triggerred. This results in flows loss during agent
restart, especially for hosts to hosts of vxlan tunnel flow.

This fix will let the ovs-agent explicitly, in the first rpc loop,
indicate that the status is restarted. Then l2pop will be required
to update fdb entries.

Closes-Bug: #1813703
Closes-Bug: #1813714
Closes-Bug: #1813715
Closes-Bug: #1794991
Closes-Bug: #1799178

Change-Id: I8edc2deb509216add1fb21e1893f1c17dda80961
2019-03-21 15:12:31 +00:00
Miguel Lavalle
636f1b5394 Define qos-rules-alias extension
This patch adds qos-rules-alias extension to enable users to perform
GET, PUT and DELETE operations on QoS rules as though they are first
level resources. In other words, the user doesn't have to specify the
QoS policy ID.

Change-Id: Ia7535d83e3ae874106e22652dfd97bd9250ad37b
Partial-Bug: #1777627
2019-03-21 15:06:10 +00:00
Brian Haley
4350ed3c35 Better handle ports in security groups
After taking a closer look at bug 1818385, I found a couple
of follow-on things to fix in the security group code.

First, there are very few protocols that accept ports,
especially via iptables.  For this reason I think it's
acceptable that the API rejects them as invalid.

Second, UDPlite has some interesting support in iptables.  It
does not support using --dport directly, but does using
'-m multiport --dports 123', and also supports port ranges using
'-m multiport --dports 123:124'.  Added code for this special
case.

Change-Id: Ifb2e6bb6c7a2e2987ba95040ef5a98ed50aa36d4
Closes-Bug: #1818385
2019-03-15 13:54:33 -04:00
Zuul
7198fb6a0a Merge "Remove deprecated 'external_network_bridge' option" 2019-03-13 15:42:44 +00:00
Doug Wiegley
5e0fc3d2da Allow sharing of security groups via RBAC mechanism
Neutron-lib api ref: https://review.openstack.org/#/c/635313/
Tempest tests: https://review.openstack.org/#/c/635312/
Client: https://review.openstack.org/#/c/635428/

Partial-Bug: #1817119
Depends-On: https://review.openstack.org/635313
Change-Id: I974b0a603b6ca75cf080fb7b0751c7fb87df8443
2019-03-09 17:30:14 -06:00
Sławek Kapłoński
b09b44608b Remove deprecated 'external_network_bridge' option
This option is deprecated and marked to be deleted in Ocata. So
as we are now in Stein development cycle I think that it's good time
to remove it.

Change-Id: I07474713206c218710544ad98c08caaa37dbf53a
2019-03-09 22:07:38 +00:00
Kailun Qin
563a536d02 Support Network Segment Range CRUD as extensions
This patch adds the support for network segment range CRUD. Subsequent
patches will be added to use this network segment range on segment
allocation if this extension is loaded.

Changes include:
- an API extension which exposes the segment range to be administered;
- standard attributes with tagging support for the new resource;
- a new service plugin "network_segment_range" for the feature
  enabling/disabling;
- a new network segment range DB table model along with operation
  logic;
- Oslo Versioned Objects for network segment range data model;
- policy-in-code support for network segment range.

Co-authored-by: Allain Legacy <Allain.legacy@windriver.com>

Partially-implements: blueprint network-segment-range-management
Change-Id: I75814e50b2c9402fe6776229d469745d7a72290b
2019-03-07 08:20:30 +00:00
Zuul
018595d4b0 Merge "Enable adoption of subnets into a subnet pool" 2019-03-02 20:37:11 +00:00
Doug Wiegley
61b231a999 Change process name of neutron-server to match worker role
We spawn a lot of neutron-servers, on all but the smallest systems.
It's often hard to tell which are busy/overloaded or spinning.
Add an option to set the process names to their role.

This has a small chance of breaking existing scripting, depending
how they're parsing ps output.

Sample output:
$ ps xw | grep neutron-server
 1126 pts/2    S+     0:00 grep --color=auto neutron-server
25355 ?        Ss     0:26 /usr/bin/python /usr/local/bin/neutron-server \
  --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini
25368 ?        S      0:00 neutron-server: api worker
25369 ?        S      0:00 neutron-server: api worker
25370 ?        S      0:00 neutron-server: api worker
25371 ?        S      0:00 neutron-server: api worker
25372 ?        S      0:02 neutron-server: rpc worker
25373 ?        S      0:02 neutron-server: rpc worker
25374 ?        S      0:02 neutron-server: services worker

The "normal" looking ps output is the main parent.

Partial-Bug: #1816485
Depends-On: https://review.openstack.org/637119
Change-Id: I0e664a5f8e792d85b8f5483fb8c6f1cd59a677cd
2019-03-01 14:18:09 -05:00
Ryan Tidwell
d5896025b7
Enable adoption of subnets into a subnet pool
This patch enables the adoption of existing subnets into a
subnetpool. Adoption of a subnet is done by passing the ID
of the hosting network and the address family (ip_version)
which causes all subnets in the specified address family
on the given network to be adopted by the subnet pool. This
continues to work within the constraints on subnet pool
membership of subnets on the same network. This also ensures
prefix uniqueness across an address scope before comitting the
adoption of subnets.

Change-Id: I5d3c07beb7f109142d2e3633e69f86ca39edc450
Partially-Implements: blueprint subnet-onboard
Co-Authored-By: Ryan Tidwell <rtidwell@suse.com>
Co-Authored-By: Reedip <reedip.banerjee@nectechnologies.in>
Co-Authored-By: Trevor McCasland <TM2086@att.com>
Co-Authored-By: Bernard Caffarelli <bcafarel@redhat.com>
2019-02-26 11:13:09 -06:00
Zuul
5323e9549d Merge "Reject QoS minimum bandwidth rule updates for bound ports as NotImplemented" 2019-02-23 05:16:37 +00:00
Zuul
b6d2eb4308 Merge "Modify api and rpc default number of workers" 2019-02-21 18:00:43 +00:00
Bence Romsics
facc4e94ca Reject QoS minimum bandwidth rule updates for bound ports as NotImplemented
Updating QoS policies and rules backed by resources tracked in Placement
is a complex task, which was left out of scope for the Stein release.
Of course this is only relevant for policies/rules already in use on
bound ports. Rules of unbound ports can still be updated freely.

Please note this patch cannot catch all possible problems. There will
always be a time window between the allocation committed to Placement
and Nova sending the port binding request to Neutron. If the policy or
rule is changed in this window we cannot do anything against it.

APIImpact: Reject QoS minimum bandwidth policy/rule updates for bound
           ports as NotImplemented

Change-Id: I477edb0ae35b385ac776a58195f22382e2fce4ed
Partial-Bug: #1578989
See-Also: https://review.openstack.org/502306 (nova spec)
See-Also: https://review.openstack.org/508149 (neutron spec)
2019-02-21 16:59:31 +01:00
Doug Wiegley
7e09b25b96
Modify api and rpc default number of workers
- Limit number of api workers to roughly using half of system
  RAM. Spawning a bunch, just to have the OOM killer nuke them
  regularly is not useful.
- Bump the rpc_workers default to half of the api_workers.
  A default of 1 falls behind on any reasonably sized node.

Change-Id: I8b84a359f83133014b3d4414aafc10e6b7c6a876
Closes-bug: #1815629
2019-02-19 13:24:01 -07:00
LIU Yulong
e8b7e768a2 Add dependency for service plugin
Adds a required list 'required_service_plugins' to each service plugin,
then we can initialize the service plugin with required dependency.
And also adds the 'router' plugin to port forwarding service plugin
required list.

Closes-Bug: #1809238
Change-Id: I53fdaee0cd96a5315a7abc39799657d613eb3a2e
2019-02-16 00:17:53 +08:00
Zuul
a159a7294d Merge "Add port forwarding floating IP QoS" 2019-02-01 18:31:34 +00:00
LIU Yulong
e108ac6bdf Add port forwarding floating IP QoS
Port forwarding floating IPs QoS should be limited under
the binding QoS policy. So this patch extends the l3-agent
fip-qos agent extension floating IP list with the port
forwarding related IPs.

Change-Id: Iddabfabafc0803edd1e4ac0893dc188f1907234a
Closes-Bug: #1796925
2019-01-30 14:04:00 +00:00
Harald Jensås
b0d758e1b4 Fix port update deferred IP allocation with host_id + new MAC
IP allocation was initially deffered due to lack of binding
information. On port update the with both `mac_address` and
`binding_host_id`` in the request 'fixed_ips: []' was
appended to the new_port data. This caused the check for
fixed_ips_requested to return True, which in turn cause
deferred_ip_allocation to evaluates False.

Only set the new_port default fixed_ips to original_ips if
the original port had fixed_ips.

Closes-Bug: #1811905
Change-Id: If98a82f8432b09a29f9d0cc6627e9649b43bc4a1
2019-01-29 22:31:17 +00:00
nicky
f1592c42d9 Add a new configuration parameter rpc_response_max_timeout
A new parameter rpc_response_max_timeout is added and registered into
neutron.conf.

The rpc_response_max_timeout plays a role of the ceiling of timeout
seconds when waiting for the response of a remote rpc server.

During an RPC call, the waiting time starts from the existing parameter
rpc_response_timeout(default 60s) and doubled each time until it reaches
the ceiling which is currently set as 10 times rpc_response_timeout.
It seems to be less flexible since user cannot directly change the
ceiling value unless he/she changes the rpc_response_timeout.
By adding rpc_response_max_timeout, user can now modify it without
changing any other parameters.

Co-Authored-By: Allain Legacy<Allain.legacy@windriver.com>

Change-Id: I170113c2946cc95308edcb1a703a99c71e50b6f9
Related-Bug: #1805769
Story: 2004456
Task: 28171
2019-01-18 09:55:31 +00:00
LIU Yulong
433228dd78 Prevent bind fip to port has port forwarding
If one port has port forwarding and the port is under
a dvr router, then binding floating IP to this port
will not be allowed.

Change-Id: Ia014e18264b43cf751a5bc0e82bc55d106582620
Closes-Bug: #1799138
2019-01-03 12:41:55 +08:00
Zuul
d8c06b002f Merge "Support fetching specific db column in OVO" 2018-12-20 03:56:14 +00:00
Zuul
ff887f9981 Merge "Use publish for AGENT AFTER_CREATE/AFTER_UPDATE" 2018-12-20 02:07:41 +00:00
Zuul
3ac1bea967 Merge "Upgrade check command - add support for 3rd party checks" 2018-12-19 12:50:19 +00:00
Lajos Katona
6d99fb19ab Use publish for AGENT AFTER_CREATE/AFTER_UPDATE
This patch switches callbacks over to the payload object style events
for AGENT AFTER_CREATE and AFTER_UPDATE based notifications. To do
so a DBEventPayload object is used with the publish() method to
pass along the API related data.

Change-Id: Ibefa495be41c91957c2e8d797130e569bccc3765
2018-12-19 10:26:05 +01:00
Slawek Kaplonski
f5b01e0e12 Upgrade check command - add support for 3rd party checks
CLI command "neutron-status upgrade check" now can load
checks from 3rd party and stadium projects using entry_points.

Such additional checks should be available under
"neutron.status.upgrade.checks" namespace in entry_points.

Change-Id: I416abbcdd7b397ec6acd2827129d7a56095ea63d
Story: 2003657
2018-12-18 11:23:03 +01:00
Lajos Katona
97c9c4656d get_standard_device_mappings for mechdriver
get_mappings for machanism drivers return back different dicts for
different mechanism drivers. By adding get_standard_device_mappings
method SRIOV and OVS mechanism drivers can return a mapping dict in a
form like this one:
{'physnet_name': ['device_or_bridge_1', 'device_or_bridge_2']}

Change-Id: Ieddd9b3a4f3d7269aafc373f040c55b025f5c201
Related-Bug: #1578989
2018-12-13 09:52:01 +00:00
Hongbin Lu
f24f422373 Support fetching specific db column in OVO
There is a analysis [1] suggested to run queries against specific
columns rather than full ORM entities to optimize the performance.
Right now, it is impossible to execute such optimization because
OVO doesn't support fetching specific column yet.

This commit introduces a new method 'get_values' in the base
neutron object class. Subclass of neutron object can leverage
this method to fetch specific field of a OVO. It supports fetching
non-synthetic fields only as syntheic fields are not directly backed
by corresponding DB table columns.

neutron-lib patch: https://review.openstack.org/#/c/619047/

[1] https://review.openstack.org/#/c/592361/

Needed-By: https://review.openstack.org/#/c/610184/

Change-Id: Ib90eae7738a5d2e4548fe9fed001d6cdaffddf3b
Partial-Implements: blueprint adopt-oslo-versioned-objects-for-db
2018-12-11 19:29:28 +00:00
LIU Yulong
00bf365025 [L3][QoS] Neutron server side router gateway IP QoS
This patch enables to bind a QoS policy to the router gateway,
then in L3 agent side SNAT traffic for the VMs without floating
IPs can be limited under the policy bandwidth rules. This is
suit for all kinds of L3 routers: DVR, DVR with SNAT HA, L3 HA
and Legacy.

API update router gateway json:
{
router": {
  "external_gateway_info": {
    ...
    "qos_policy_id": "policy-uuid"
    }
  }
}

Depends-On: https://review.openstack.org/#/c/567497/

Partially-Implements blueprint: router-gateway-ip-qos
Closes-Bug: #1757044
Related-Bug: #1596611
Change-Id: I26e22bce7edd1f93b2ac0048b61b14f858938537
2018-12-01 17:45:46 +08:00
Zuul
a16ea46224 Merge "Add propagate_uplink_status to port" 2018-12-01 08:09:59 +00:00