Commit Graph

1589 Commits (99f4495c940011293e3cabbb590770dc1e7b6900)

Author SHA1 Message Date
Rodolfo Alonso Hernandez e7a2b6d179 Add IPWrapper.get_devices_info using PyRoute2
This function returns the attributes of a list of devices.

Change-Id: I322fc7db9c71e7c21fd03d616937d172da856428
Related-Bug: #1804274
4 years ago
LIU Yulong 63ea9d7bcc Set lower addr to avoid IP out of range
Since port creating can result an IP address in the
entire CIDR especially small subnet. And those next
N IP actions can be out of subnet IP range. This
patch gives the original test port a specific IP
addr to prevent this issue.

Closes-Bug: #1812404
Change-Id: I34cb99a518d4469c7d1ca9e2897671608b2b81ad
4 years ago
Brian Haley 4bb78e8c21 Fix l3-agent usage of L3AgentExtension class
The L3AgentExtension class delete_router() method expects a
dict as it's 'data' argument, but the l3-agent code that
deletes a router was passing just the router ID.  Change to
correctly pass a router dictionary if one exists.

Change-Id: I112d1f8dce9defddfbd8fbfa75bf538e308e1561
Closes-bug: #1809134
4 years ago
Zuul aa8a6ea848 Merge "Remove polling from test_create_bridges" 4 years ago
Zuul 83eb3e1613 Merge "remove the neutron.db._resource_extend module" 4 years ago
LIU Yulong 433228dd78 Prevent bind fip to port has port forwarding
If one port has port forwarding and the port is under
a dvr router, then binding floating IP to this port
will not be allowed.

Change-Id: Ia014e18264b43cf751a5bc0e82bc55d106582620
Closes-Bug: #1799138
4 years ago
Boden R 29f56478d1 remove the neutron.db._resource_extend module
The _resource_extend module is already rehomed into neutron-lib and is
shimmed in neutron. This patch removes the module as no active
consumers are using it.


Change-Id: I1550075fa5fa2aa2f1a88ee7189d311a1fe78391
4 years ago
Slawek Kaplonski 760eedf7f7 Use oslo_log instead of alembic.util in functional tests
Instead of using alembic.utils logging functions which
prints output to stdout, lets use in functional tests
oslo_log logger to log all such commands.

This is needed to limit amount of output on stdout during
functional tests running on python3.5.

It was previously switched to use oslo_log in this migration
scripts always by [1] but because of issue in OSA we had to
revert this patch in [2].
So now let's try to change it only in functional tests.


Change-Id: I88fde6d107a1f1b5c48c5c89cd2e1c07fd12c755
5 years ago
Zuul 3a3cc219b2 Merge "Disable displaying warnings in functional tests" 5 years ago
Terry Wilson 5dd2bc0a3c Remove polling from test_create_bridges
It is possible to use ovsdbapp Events to wait for bridges to be
created instead of polling until they exist.

Change-Id: I97f1c15a13a3bb90d774066a9933f3a4d39f50e2
5 years ago
Zuul 23da72833f Merge "Implement IpAddrCommand.get_devices_with_ip using pyroute2" 5 years ago
Zuul f20f59427e Merge "Add logging for functional tests" 5 years ago
Slawek Kaplonski d01e309f2d Disable displaying warnings in functional tests
Because of known issue with stestr running on Python 3,
that too much output on stdout/stderr cause some subunit.parser
errors, we need to avoid displaying python warnings during
functional tests.

Change-Id: I1a80f62542c68fe891e445920dc89a63efef9175
5 years ago
Rodolfo Alonso Hernandez 05a54e8004 Implement IpAddrCommand.get_devices_with_ip using pyroute2
Related-Bug: #1492714

Change-Id: If7292c33dd0716a0a412bf60658123d2e688dfdb
5 years ago
Slawek Kaplonski f2192f1226 Add logging for functional tests
In patch [1] I changed most of functional tests classes to
inherit from neutron.tests.functional.base.BaseLoggingTestCase
class to enable logging of results for such tests.
I missed two classes then, so this patch fixes it and adds
inherit from same base class to tests which still didn't have
logging enabled.


Change-Id: I9afbe241ee26c8cdc807d2f4fa1c285ff1f07d60
5 years ago
Slawek Kaplonski 0a4d2ee877 Fix mysql functional migration tests
In patch [1] I marked all MySQL related migration tests
as unstable but I made mistake with calling super() method in
tests from TestModelsMigrationsMysql class.
This wasn't catched as tests were skipped instead of fail.

This patch fixes that, so tests can be run properly and be skipped
only if "real" issue with timeout will happen.


Change-Id: Id42d6d8e24fdea5ac83f0fecc6975c19b933a501
Related-Bug: #1687027
5 years ago
Zuul 41bd39663e Merge "Do not delete trunk bridges if service port attached" 5 years ago
Rodolfo Alonso Hernandez 489dd18530 Implement IpRuleCommand.delete() using pyroute2
Related-Bug: #1492714

Change-Id: Ia9f192541f7b9994c3dae93f3f3ae96f1a4fba0c
5 years ago
Zuul 7bb0b84151 Merge "Convert policy.json into policy-in-code" 5 years ago
Zuul c1b6a1180d Merge "Mark mysql related functional tests as unstable" 5 years ago
Zuul 8d2a6e87ac Merge "[DVR] Allow multiple subnets per external network" 5 years ago
Akihiro Motoki f8984c6699 Convert policy.json into policy-in-code
This commit introduces a framework for policy-in-code support
in the neutron stadium and converts the existing policy.json
in the neutron repository into the policy-in-code style.

1) This commit tries not to change the existing policy behavior
provided by the neutron repository even if there are some stale policies
or policies to be defined in a neutron-related project.
They should be clean up later in Stein release.

2) 'default' policy should be dropped from the default policies
as all default policies should be defined in the code (as many projects
which already completed policy-in-code do). However, dropping 'default'
policy potentially affects policy behavior in neutron-related projects,
so it needs to be visit carefully. Considering this, this commit decides
to keep the 'default' policy.

Partially Implements: blueprint neutron-policy-in-code
Change-Id: I6a61079da4d4f5080ee32d640144e6bdb14735fa
5 years ago
Slawek Kaplonski b75cf8743c Mark mysql related functional tests as unstable
Thos tests are failing quite often because of timeouts. Details
are in related bug report.
Lets make our life easier and mark them as unstable until we will
figure out how to fix this issue.

Change-Id: I47743e519c41795bba64e4da041a87bffd947fbd
Related-Bug: #1687027
5 years ago
Hongbin Lu 7a2b4dcff1 Replace ryu with os_ken
Implements: blueprint ryu-framework-maintenace-transition
Change-Id: Ic721efc7cd0066be0ea7b6239b273e656643e9c1
5 years ago
Rodolfo Alonso Hernandez 97c98a1c6d [DVR] Allow multiple subnets per external network
An external network can have more than one subnet. Currently only the
first subnet is added to the FIP namespace routing table. Packets for
FIPs with addresses in other subnets can't pass through the external
port because there is no route for those FIP CIDRs.

This change adds routes for those CIDRs via the external port IP and

These routes doesn't collide with the existing ones, added to provide
a back path for the packets with a destination IP matching a FIP.

$ ip netns exec fip-e1ec0f98-b593-4514-ae08-f1c5cf1c2788 ip route
  (1) dev fpr-3937f879-d  proto kernel  scope link \
  (2) via dev fpr-3937f879-d
  (3) dev fg-bee060f1-dd  proto kernel  scope link  \
  (4) via dev fg-bee060f1-dd  scope link

Rule (2) is added when a FIP is assigned. This rule permits ingress
packets going into the router namespace. This FIP belongs to the second
subnet of the external network (note the external port CIDR is not the
same). Rule (4), added by this patch, allows egress packets to exit
the FIP namespace through the external port. Rule (2), because of the
prefix length (32), has more priority than rule (4).

Change-Id: I4d476b47e89fa5709dca2f66ffae72a27d88340a
Closes-Bug: #1805456
5 years ago
Nate Johnston bd2a1bc6c3 Do not delete trunk bridges if service port attached
When a deployment has instance ports that are neutron trunk ports with
DPDK vhu in vhostuserclient mode, when the instance reboots nova will
delete the ovs port and then recreate when the host comes back from
reboot.  This quick transition change can trigger a race condition that
causes the tbr trunk bridge to be deleted after the port has been
recreated.  See the bug for more details.

This change mitigates the race condition by adding a check for active
service ports within the trunk port deletion function.

Change-Id: I70b9c26990e6902f8888449bfd7483c25e5bff46
Closes-Bug: #1807239
5 years ago
Zuul 8c03272479 Merge "Add native OVSDB implementation for bridge monitor" 5 years ago
Zuul 50c8cc60dd Merge "Implement IpRuleCommand.add() using pyroute2" 5 years ago
Rodolfo Alonso Hernandez 87926fddc0 Implement IpRuleCommand.add() using pyroute2
Change-Id: I0cc6b24a91794eeba46462fac2bfdeda2ba2ab9e
Related-Bug: #1492714
5 years ago
Rodolfo Alonso Hernandez 22c9cf3d95 Add native OVSDB implementation for bridge monitor
This patch implements an OVS bridge monitor based in the OVSDB
native implementation (OVSDB IDL, Open vSwitch Database Interface
Definition Language). This new implementation supersedes the CLI
OVSDB monitor.

Partial-Bug: #1789592

Change-Id: I9c512d4cbd4cebf94c339231f83bbe89b37650ba
5 years ago
LIU Yulong cd3cc7e908 [L3][QoS] Agent side router gateway IP rate limit
This patch implements the L3 agent side router gateway IP rate
limit. For routers in centralized snat node (network node),
the tc rules will be set on the corresponding device in router
    1. Legacy and HA router, qrouter-namespace and qg-device
    2. Dvr (edge) router, snat namespace and qg-device

If gateway IP rate limit was set, then under the same router,
all the VMs without floating IP will share the bandwidth.

Partially-Implements blueprint: router-gateway-ip-qos
Closes-Bug: #1757044
Change-Id: Ie92ff0d4df0e85ce71c7d50f34ea6ff973812af8
5 years ago
Zuul 8200bfa078 Merge "Implement IpRuleCommand.list_rules() using pyroute2" 5 years ago
Zuul 8db1a47fa8 Merge "Enable 'all' IPv6 forwarding knob correctly" 5 years ago
Zuul 37714482e6 Merge "Get centralized FIP only on router's snat host" 5 years ago
Rodolfo Alonso Hernandez c68ebd661b Implement IpRuleCommand.list_rules() using pyroute2
Change-Id: I55d5dd756940e5a92f472c9309d49f427e907928
Related-Bug: #1492714
5 years ago
Zuul 6b6291bd5c Merge "All functional tests logs results now" 5 years ago
Slawek Kaplonski 7d0e1ccd34 Get centralized FIP only on router's snat host
It may happen that L3 agent works in dvr_snat mode but
it handles some router as "normal" dvr router because
snat for this router is handled on other node.
In such case we shouldn't try to get floating IPs cidrs
from snat namespace as it doesn't exists on host.

Change-Id: Ib27dc223fcca56030ebb528625cc927fc60553e1
Related-Bug: #1717302
5 years ago
Zuul 5d8c8d8feb Merge "DVR Floating IP create don't raise exception if agent not found" 5 years ago
Slawek Kaplonski 4ad302af87 All functional tests logs results now
Some functional tests clases didn't inherit from
neutron.tests.functional.base.BaseLoggingTestCase class
and because of that there was no logs from such tests

This patch changes it and logs should be available for all
functional tests.


Change-Id: Ia71390afe9c8191179c626375ed683f242d35b3e
5 years ago
Slawek Kaplonski 0745e32cd2 DVR Floating IP create don't raise exception if agent not found
Patch [1] added handling of AgentNotFoundByTypeHost exception in
create_fip_agent_gw_port_if_not_exists method in
neutron.db.l3_dvr_db.DVRResourceOperationHandler class.
Unfortunatelly there was mistake there and such exception wasn't
catched properly.
That caused issue e.g. in functional-python35 tests but wasn't catched
properly in functional tests using python27.

This patch changes this to handle such exception properly.


Change-Id: If43f2c944ff46d8b05fbcf68231fd04bed147ba0
5 years ago
Zuul 7d6057739b Merge "Prevent create port forwarding to port which has binding fip" 5 years ago
Zuul 468fc5fa34 Merge "Implement ip_lib get_devices using pyroute2" 5 years ago
Brian Haley b847cd02c5 Enable 'all' IPv6 forwarding knob correctly
When the external gateway is plugged and we enable IPv6
forwarding on it, make sure the 'all' sysctl knob is also
enabled, else IPv6 packets will not be forwarded.  This
seems to only affect HA routers that default to disabling
this 'all' knob on creation.

Also, when we are removing all the IPv6 addresses from a
HA router internal interface, set 'accept_ra' to zero so
it doesn't accidentally auto-configure an address.  Set
it back to one when adding them back.

Re-homed newly added _wait_until_ipv6_forwarding_has_state()

Closes-bug: #1787919

Change-Id: Ia1f311ee31d1479089685367a97bf13cf170b342
5 years ago
Zuul 0008d3aa41 Merge "DVR: Centralized FloatingIPs are not cleared after migration." 5 years ago
Rodolfo Alonso Hernandez aa19fa1c3f Implement ip_lib get_devices using pyroute2
IPWrapper.get_devices() now uses pyroute2 and priv_sep.

Related-Bug: #1492714
Change-Id: Idb847bf16fe8898735266d93d39430da1f5410f9
5 years ago
Swaminathan Vasudevan cd0cc47a6a DVR: Centralized FloatingIPs are not cleared after migration.
With DVR routers, if a port is associated with a FloatingIP,
before it is used by a VM, the FloatingIP will be initially
started at the Network Node SNAT Namespace, since the port
is not bound to any host.

Then when the port is attached to a VM, the port gets its
host binding, and then the FloatingIP setup should be migrated
to the Compute host and the original FloatingIP in the Network
Node SNAT Namespace should be cleared.

But the original FloatingIP setup in SNAT Namespace was not
cleared by the agent.

This patch addresses the issue.

Change-Id: I55a16bcc0020087aa1abe76f5bc85cd64ccdaecd
Closes-Bug: #1796491
5 years ago
LIU Yulong b8d2ab8543 Prevent create port forwarding to port which has binding fip
For dvr scenario, if port has a bound floating, and then create
port forwarding to it, this port forwarding will not work, due to
the traffic is redirected to dvr rules.

This patch restricts such API request, if user try to create port
forwarding to a port, check if it has bound floating IP first.
This will be run for all type of routers, since neutron should
not let user to waste public IP address on a port which already
has a floating IP, it can take care all the procotol port

Closes-Bug: #1799137
Change-Id: I4ba4b023d79185f8d478d60ce16417d3501bf785
5 years ago
Zuul 02edde5cbf Merge "Fix connection between 2 dvr routers" 5 years ago
Slawek Kaplonski 916e774516 Wait to ipv6 forwarding be really changed by L3 agent
In test test_ha_router_namespace_has_ipv6_forwarding_disabled
functional test it may happen that L3 agent will not change ipv6
forwarding and test fails because it checks that only once just
after router state is change to master.

This patch fixes that race by adding wait for 60 seconds to
ipv6 forwarding change.

Change-Id: I85a602561ebe9b7ab135913af49a3f010b09f196
Closes-Bug: #1801930
5 years ago
LIU Yulong c183781231 Add test cases to verify port number 0 for port_forwaring
Floating IP port forwarding internal or external port number should
not allow 0, otherwise you will get some ValueError exception in
neutron server.

Change-Id: I8bf8ed6f9c4b937743f8c0f998ee897e3af17459
Closes-Bug: #1799150
5 years ago