The L3 HA RPC code that creates HA interfaces can race
with an HA router deletion on the server side. The L3 HA
code ends up creating a port on the HA network while the
server side is deleting the router and the HA network.
This stops the L3 HA network from being deleted because
it has a new port without a bound segment, which leaves the
HA network in a segmentless condition and no ports after
the L3 RPC code cleans up its port.
This adjusts the L3 RPC logic to attempt an HA network cleanup
whenever it encounters the concurrent router deletion case
to ensure that the HA network gets cleaned up.
To make this more robust in the future, we may need the L3
HA code to recognize when an HA network has no segments and
automatically create a new one.
Change-Id: Idd301f6df92e9bc37187e8ed8ec00004e67da928
Closes-Bug: #1696537
DVR flows are not compatible with OVS firewall flows as firewall flows
have higher priority. As a consequence, rules for DVR were never match
as firewall uses output directly.
This patch replaces flows using normal or output actions and resends
packets to TRANSIENT table instead. This transient table then uses
either those normal or output action rules. With this split, we will be
able to match egress/ingress flows in TRANSIENT table instead of
LOCAL_SWITCHING putting DVR pipeline in front of OVS firewall pipeline.
Change-Id: I9f738047f131b42d11a90f539435006d16ea7883
Closes-bug: #1696983
html_last_updated_fmt option is interpreted as a
byte string in python3, causing Sphinx build to break.
This patch makes it utf-8 string.
Change-Id: I82de8ad2a254843434e960f8b093ac8bba2ba89b
This adjusts get_resources filters to take a tuple of values
instead of a single value. This gets translated into an OR query
on the server side.
This is used in the dependent patch to query for all ports in a
set of security groups.
Change-Id: I10ce263d3eb89cfec3bae4f66d3ef59365a18e15
Partially-Implements: blueprint push-notifications
All of the ML2 binding models were missing the revises_on_change
attribute to bump the revision of the port whenever they are
created/updated/deleted.
These are important because port binding happens in a separate
transaction so without them the revision number before and after
port binding was exactly the same. This opened up the L2 agent
to a race condition dependent on the order of processed push
notifications.
Closes-Bug: #1699034
Change-Id: I75f3c63941130ce845574e60214ac34e99111693
The workaround of using deepcopy calls on the PortBinding
and PortBindingLevel objects prevents the port relationship
from being loaded to bump its revision because it then fails
to merge.
So in order to allow port bindings to bump the revision we
need to stop using sqlalchemy objects in the PortContext. This
patch adds a new snapshot object that just copies the column
values and provides a method to reconcile them back into the
session.
This workaround can go away after we switch to using OVOs, but
this needs to be backportable so we can't just wait for OVO
adoption.
Partial-Bug: #1699034
Change-Id: Ib85ec8182117fa3c4844dabfffe881e38e68b556
This is needed to retrieve all ports in a given set of
security groups.
Partially-Implements: blueprint push-notifications
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Change-Id: Iffa1bd341d9d20277ec153aa1dac6f61f05ec5bd
Fix a regression from the recent change. [1]
[1] I6f49f25eb2ad16221357024f45a6bb6175d5cd55
Closes-Bug: #1698812
Change-Id: Ifef2561ef4ff2a44068fc008475b216fdabe7095
When creating an IPv6 auto-address subnet for a network, ports can be
created or updated concurrently in the same network, before the subnet
creation concludes. In such a situation, an IpAddressAlreadyAllocated
exception may be raised, because the subnet create request attempts to
allocate auto addresses to the concurrently created or updated ports,
which have been already allocated by the port requests.
This patchset adds code to the IPAM to skip the attempt to assign the
auto address to ports if they already have received them.
Change-Id: If1eb4046865f43b15ba97c52e2d0b9343dc72c19
Closes-Bug: #1655567
In Python 3 str is unicode by default and hence there is no unicode
global function. This switches our use of it to to six.u() which handles
the py2/py3 difference under the covers.
Change-Id: I3cfff2fe8e07e2a9ed8b89c93d24351b1f440b00
In order to allow the DHCP agent to service other subnets on the
network in other segments via DHCP relay, we need to use the
'non_local_subnets' network attribute returned by rpc to set up dhcp
for off-link subnets.
Change-Id: I88e1c574bc429dc599ad7c956c03fa0688338186
Closes-Bug: 1692486
In order to allow the DHCP agent to service other subnets
on the network in other segments via DHCP relay, we need to
return all subnets regardless of segment association.
However, this behavior will break older DHCP agents that
then try to get IPs on the subnets belonging to other segments.
This patch adds a new subnet attribute, 'non_local_subnets'
that will be returned in the DHCP RPC calls, so that agents
that can deal with off-link subnets can handle them
accordingly.
Change-Id: I9cce7b8a19c1201435df0c6baac7be57c57847e6
Partial-Bug: #1692486
The segmentation_id of a new segment is assigned by the
_handle_segment_change callback in the ML2 plugin, which is executed
after the segment was created, before commiting it to the DB. This
patchset adds code to update the newly created segment with the
segmentation_id assigned by the callback.
Change-Id: I493278a0bf5a3a0aadad10e5bee546d83b949fdc
Closes-Bug: #1698596
There is no point in retrying binding if the network has no
segments to bind to. This occurs during normal operations when
a network is being quickly created/deleted and the DHCP port
gets created during the network deletion.
By skipping binding we avoid misleading error messages and
wasted CPU cycles.
Closes-Bug: #1696010
Change-Id: I0b987ab7c3f65c1d860064a1b437b92a1dc1cb81
PRECOMMIT_XXX events callback need completed sg info, like the sg id
and its related rules for registered driver.
Change-Id: I6f49f25eb2ad16221357024f45a6bb6175d5cd55
Co-Authored-By: Rui Wang <starwangrui@gmail.com>
Co-Authored-By: Manjeet Singh Bhatia <manjeet.s.bhatia@intel.com>
Co-Authored-By: Yalei Wang <yalei.wang@intel.com>
Closes-bug: #1546910
Commit af52d499a53f9dddacd8c9116d1bb0570e8f579c broke decomposed
plugins.
This was for a number of reasons:
1. _make_security_group_dict should always get the object as
as parameter. There were some cases where it received the
database object
2. The returned port security groups needed to be a list
3. A rule create needed to fetch from the DB
In addition to this the methods resource_extend.apply_funcs
should receive the database object.
Change-Id: I740da1ea65a0af9451701e3a40fd673fa82f0f5b
If bridge IP address already exists, when we try and add
it an error will be raised. Check for the existence of
the IP to avoid the error.
Closes-Bug: #1697926
Change-Id: I9aae3b4f0fab053e8c215887f58b983d9549582d
Leading spaces before item lists leads to vertical line
on the left side. They are completely unnecessary.
Change-Id: I08c3f077e470aa593076a525de1445bc5d0bdb9a
openstackdocstheme generates the toc tree in the left sidebar
based on the page hierarchy from the top page.
The previous developer guide hirarchy is a bit deep, and
this commit reorganizes the devref pages for better navigation
with openstackdocstheme.
Change-Id: I1412b047efc1c268b34ef97e78073da7bcbb6d7e