Since port creating can result an IP address in the
entire CIDR especially small subnet. And those next
N IP actions can be out of subnet IP range. This
patch gives the original test port a specific IP
addr to prevent this issue.
Closes-Bug: #1812404
Change-Id: I34cb99a518d4469c7d1ca9e2897671608b2b81ad
The L3AgentExtension class delete_router() method expects a
dict as it's 'data' argument, but the l3-agent code that
deletes a router was passing just the router ID. Change to
correctly pass a router dictionary if one exists.
Change-Id: I112d1f8dce9defddfbd8fbfa75bf538e308e1561
Closes-bug: #1809134
If one port has port forwarding and the port is under
a dvr router, then binding floating IP to this port
will not be allowed.
Change-Id: Ia014e18264b43cf751a5bc0e82bc55d106582620
Closes-Bug: #1799138
The _resource_extend module is already rehomed into neutron-lib and is
shimmed in neutron. This patch removes the module as no active
consumers are using it.
NeutronLibImpact
Change-Id: I1550075fa5fa2aa2f1a88ee7189d311a1fe78391
Instead of using alembic.utils logging functions which
prints output to stdout, lets use in functional tests
oslo_log logger to log all such commands.
This is needed to limit amount of output on stdout during
functional tests running on python3.5.
It was previously switched to use oslo_log in this migration
scripts always by [1] but because of issue in OSA we had to
revert this patch in [2].
So now let's try to change it only in functional tests.
[1] https://review.openstack.org/#/c/625555/
[2] https://review.openstack.org/#/c/626565/
Change-Id: I88fde6d107a1f1b5c48c5c89cd2e1c07fd12c755
It is possible to use ovsdbapp Events to wait for bridges to be
created instead of polling until they exist.
Change-Id: I97f1c15a13a3bb90d774066a9933f3a4d39f50e2
Because of known issue with stestr running on Python 3,
that too much output on stdout/stderr cause some subunit.parser
errors, we need to avoid displaying python warnings during
functional tests.
Change-Id: I1a80f62542c68fe891e445920dc89a63efef9175
In patch [1] I changed most of functional tests classes to
inherit from neutron.tests.functional.base.BaseLoggingTestCase
class to enable logging of results for such tests.
I missed two classes then, so this patch fixes it and adds
inherit from same base class to tests which still didn't have
logging enabled.
[1] https://review.openstack.org/#/c/619266/
Change-Id: I9afbe241ee26c8cdc807d2f4fa1c285ff1f07d60
In patch [1] I marked all MySQL related migration tests
as unstable but I made mistake with calling super() method in
tests from TestModelsMigrationsMysql class.
This wasn't catched as tests were skipped instead of fail.
This patch fixes that, so tests can be run properly and be skipped
only if "real" issue with timeout will happen.
[1] https://review.openstack.org/#/c/624685/
Change-Id: Id42d6d8e24fdea5ac83f0fecc6975c19b933a501
Related-Bug: #1687027
This commit introduces a framework for policy-in-code support
in the neutron stadium and converts the existing policy.json
in the neutron repository into the policy-in-code style.
NOTES:
1) This commit tries not to change the existing policy behavior
provided by the neutron repository even if there are some stale policies
or policies to be defined in a neutron-related project.
They should be clean up later in Stein release.
2) 'default' policy should be dropped from the default policies
as all default policies should be defined in the code (as many projects
which already completed policy-in-code do). However, dropping 'default'
policy potentially affects policy behavior in neutron-related projects,
so it needs to be visit carefully. Considering this, this commit decides
to keep the 'default' policy.
Partially Implements: blueprint neutron-policy-in-code
Change-Id: I6a61079da4d4f5080ee32d640144e6bdb14735fa
Thos tests are failing quite often because of timeouts. Details
are in related bug report.
Lets make our life easier and mark them as unstable until we will
figure out how to fix this issue.
Change-Id: I47743e519c41795bba64e4da041a87bffd947fbd
Related-Bug: #1687027
An external network can have more than one subnet. Currently only the
first subnet is added to the FIP namespace routing table. Packets for
FIPs with addresses in other subnets can't pass through the external
port because there is no route for those FIP CIDRs.
This change adds routes for those CIDRs via the external port IP and
interface.
These routes doesn't collide with the existing ones, added to provide
a back path for the packets with a destination IP matching a FIP.
E.g.:
$ ip netns exec fip-e1ec0f98-b593-4514-ae08-f1c5cf1c2788 ip route
(1) 169.254.106.114/31 dev fpr-3937f879-d proto kernel scope link \
src 169.254.106.115
(2) 192.168.20.250 via 169.254.106.114 dev fpr-3937f879-d
(3) 192.168.30.0/24 dev fg-bee060f1-dd proto kernel scope link \
src 192.168.30.129
(4) 192.168.20.0/24 via 192.168.30.129 dev fg-bee060f1-dd scope link
Rule (2) is added when a FIP is assigned. This rule permits ingress
packets going into the router namespace. This FIP belongs to the second
subnet of the external network (note the external port CIDR is not the
same). Rule (4), added by this patch, allows egress packets to exit
the FIP namespace through the external port. Rule (2), because of the
prefix length (32), has more priority than rule (4).
Change-Id: I4d476b47e89fa5709dca2f66ffae72a27d88340a
Closes-Bug: #1805456
When a deployment has instance ports that are neutron trunk ports with
DPDK vhu in vhostuserclient mode, when the instance reboots nova will
delete the ovs port and then recreate when the host comes back from
reboot. This quick transition change can trigger a race condition that
causes the tbr trunk bridge to be deleted after the port has been
recreated. See the bug for more details.
This change mitigates the race condition by adding a check for active
service ports within the trunk port deletion function.
Change-Id: I70b9c26990e6902f8888449bfd7483c25e5bff46
Closes-Bug: #1807239
This patch implements an OVS bridge monitor based in the OVSDB
native implementation (OVSDB IDL, Open vSwitch Database Interface
Definition Language). This new implementation supersedes the CLI
OVSDB monitor.
Partial-Bug: #1789592
Change-Id: I9c512d4cbd4cebf94c339231f83bbe89b37650ba
This patch implements the L3 agent side router gateway IP rate
limit. For routers in centralized snat node (network node),
the tc rules will be set on the corresponding device in router
namespace:
1. Legacy and HA router, qrouter-namespace and qg-device
2. Dvr (edge) router, snat namespace and qg-device
If gateway IP rate limit was set, then under the same router,
all the VMs without floating IP will share the bandwidth.
Partially-Implements blueprint: router-gateway-ip-qos
Closes-Bug: #1757044
Change-Id: Ie92ff0d4df0e85ce71c7d50f34ea6ff973812af8
It may happen that L3 agent works in dvr_snat mode but
it handles some router as "normal" dvr router because
snat for this router is handled on other node.
In such case we shouldn't try to get floating IPs cidrs
from snat namespace as it doesn't exists on host.
Change-Id: Ib27dc223fcca56030ebb528625cc927fc60553e1
Related-Bug: #1717302
Some functional tests clases didn't inherit from
neutron.tests.functional.base.BaseLoggingTestCase class
and because of that there was no logs from such tests
in DEFAULT_LOG_DIR.
This patch changes it and logs should be available for all
functional tests.
TrivialFix
Change-Id: Ia71390afe9c8191179c626375ed683f242d35b3e
Patch [1] added handling of AgentNotFoundByTypeHost exception in
create_fip_agent_gw_port_if_not_exists method in
neutron.db.l3_dvr_db.DVRResourceOperationHandler class.
Unfortunatelly there was mistake there and such exception wasn't
catched properly.
That caused issue e.g. in functional-python35 tests but wasn't catched
properly in functional tests using python27.
This patch changes this to handle such exception properly.
[1] https://review.openstack.org/#/c/574917/
Change-Id: If43f2c944ff46d8b05fbcf68231fd04bed147ba0
When the external gateway is plugged and we enable IPv6
forwarding on it, make sure the 'all' sysctl knob is also
enabled, else IPv6 packets will not be forwarded. This
seems to only affect HA routers that default to disabling
this 'all' knob on creation.
Also, when we are removing all the IPv6 addresses from a
HA router internal interface, set 'accept_ra' to zero so
it doesn't accidentally auto-configure an address. Set
it back to one when adding them back.
Re-homed newly added _wait_until_ipv6_forwarding_has_state()
accordingly.
Closes-bug: #1787919
Change-Id: Ia1f311ee31d1479089685367a97bf13cf170b342
With DVR routers, if a port is associated with a FloatingIP,
before it is used by a VM, the FloatingIP will be initially
started at the Network Node SNAT Namespace, since the port
is not bound to any host.
Then when the port is attached to a VM, the port gets its
host binding, and then the FloatingIP setup should be migrated
to the Compute host and the original FloatingIP in the Network
Node SNAT Namespace should be cleared.
But the original FloatingIP setup in SNAT Namespace was not
cleared by the agent.
This patch addresses the issue.
Change-Id: I55a16bcc0020087aa1abe76f5bc85cd64ccdaecd
Closes-Bug: #1796491
For dvr scenario, if port has a bound floating, and then create
port forwarding to it, this port forwarding will not work, due to
the traffic is redirected to dvr rules.
This patch restricts such API request, if user try to create port
forwarding to a port, check if it has bound floating IP first.
This will be run for all type of routers, since neutron should
not let user to waste public IP address on a port which already
has a floating IP, it can take care all the procotol port
numbers.
Closes-Bug: #1799137
Change-Id: I4ba4b023d79185f8d478d60ce16417d3501bf785
In test test_ha_router_namespace_has_ipv6_forwarding_disabled
functional test it may happen that L3 agent will not change ipv6
forwarding and test fails because it checks that only once just
after router state is change to master.
This patch fixes that race by adding wait for 60 seconds to
ipv6 forwarding change.
Change-Id: I85a602561ebe9b7ab135913af49a3f010b09f196
Closes-Bug: #1801930
Floating IP port forwarding internal or external port number should
not allow 0, otherwise you will get some ValueError exception in
neutron server.
Change-Id: I8bf8ed6f9c4b937743f8c0f998ee897e3af17459
Closes-Bug: #1799150
Rodolfo Alonso Hernandez