OVN's API called get_port_groups is poorly named and has misleading docstring.
It returns only the OVN port groups that map to the security group in Neutron.
Therefore, it should be called get_sg_port_groups.
Closes-Bug: #1883716
Related-Bug: #1881316
Change-Id: Iae3f413dd1c4b0813b05d9bfd593c9e709540370
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
This patch is adding documentation about the router availability zones
feature in the OVN driver.
Change-Id: I6c8267100e1ee82c8b563528467b50b91f7700f6
Related-Bug: #1881095
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This was proposed to be deprecated long time ago already.
We have patch ports in Openvswitch to connect bridges together.
Change-Id: Ie343f83a886bb8c366873fd5e076bb7096e1a6ed
Related-bug: #1587296
In fullstack security group test, after fake VMs are created there
check if connectivity to some custom port is working fine with port
security disabled.
After that there is called "block_until_ping" method for each vms.
This patch changes that to first wait if we can ping vms and later do
netcat tests.
Even if that will not solve problems with failures of this test, we
may know more if the issue is caused by netcat or it's just no
ICMP connectivity between VMs at all.
Change-Id: Ie9e2170c761c9a10f3daa991c3fb77f304bb07e2
Related-Bug: #1742401
This patch is adding support for the router_availability_zone extension
for Neutron.
The OVN driver will now read from the router's availability_zone_hints
field and schedule the router ports onto OVN chassis belonging to those
AZs.
Since the OVN driver does not rely on the L3 agent, this patch does not
re-use the configuration option for the agent to configure the
availability zone that a Chassis belongs to (even because there's no
configuration file in nodes such as networker nodes). Instead, this
patch reuses the "ovn-cms-options" field from the local OVSDB to
configure the Chassis. The follow syntax has been used:
$ ovs-vsctl set Open_VSwitch .
external-ids:ovn-cms-options="enable-chassis-as-gw,availability-zones=az0:az1"
In the example above, the Chassis has been configured to belong to two
AZs: "az0" and "az1".
This patch also implements listing the availability zones:
$ openstack availability zone list
As well as validating the router's availability zone hints:
$ openstack router create --availability-zone-hint az0
--availability-zone-hint az1 test_router
The above command would fail if there's no "az0" and "az1" configured in
any OVN chassis.
Documentation for this feature is being written and will be submitted
in a separated patch.
Partial-Bug: #1881095
Change-Id: I4567f3d541d382b6432c1ab3d35276d81ce71d82
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
We have separate project now - OVN Octavia provider - and its gate
is responsible for testing OVN integration with Octavia.
Change-Id: I317b7ad54a2f5c5c99bf0bff9eba4d91a1a86491
When a Port is deleted, the QoS extension will reset any rule (QoS
and Queue registers) applied on this port or will reset the
related Interface policing parameters.
If the Port and the related Interface are deleted during the QoS
extension operation, those commands will fail. This patch makes those
operations more resiliant by not checking the errors when writing on
the Port or the Interface register.
Change-Id: I2cc4cdf5be25fab6adbc64acabb3fffebb693fa6
Closes-Bug: #1884512
Method _ensure_default_security_group wasn't atomic as it first tries to get
default SG and if that not exists in DB, it tries to create it.
It may happend, like e.g. in Calico plugin that between
get_default_sg_id method and create_security_group method, this default
SG will be created by other neutron worker. And in such case there will
be Duplicate entry exception raised.
So this patch is adding handling of such exception.
Change-Id: I515c310f221e7d9ae3be59a26260538d1bc591c2
Closes-Bug: #1883730
While the segments plugin is not loaded in neutron config, it should
be loaded anyways in OVN maintanance task, to operate on the first
default segment of each network.
Change-Id: Ideffacc2f478c95eeec881c82d1d5bae46ecdc74
Closes-Bug: 1883193
As we discussed during last PTG, this patch adds singlenode tempest
job which uses neutron-lib from master branch always.
Change-Id: I883ba5d68b716d601898621079a835c706f52f85
This patch moves functions to enable br-ex-tcpdump and br-int-flows
services from the ovn devstack plugin to the main neutron devstack
plugin and enables it on all tempest and grenade jobs which are using
neutron-openvswitch-agent as a L2 backend.
Change-Id: Idfea869c08811914124d076da18cec17a12eee49
Updates to tools/migrate_names.txt to correctly represent
mapping between neutron and networking-ovn.
Change-Id: I76562302119c6727a78bc72c4cf5346b3b8befe6
The rate value is converted to bytes per second before being
sent to Pyroute2, but it used the wrong value for the calculations.
This resulted in incorrect rates.
It should be multiplied by 1000 (kbit), not 1024 (Kibit).
The same applies to the burst value (kb).
Change-Id: I70cb1fe651a50b2f6495d7a365a6beb2ba111c6d
Closes-Bug: #1884273
As stated in the bug description, there are many writes of the
agent liveness external_ids into the Chassis table. There was a
protection to avoid bumping nb_cfg too frequently.
The same protection is reused to avoid writing into the Chassis
external_ids.
This patch reduces the number of transactions to the SB database
and, therefore, the recomputations that it causes to ovn-controller
in all nodes.
Change-Id: I5db90fde8e7394772ec23c6384c711096c246621
Closes-Bug: #1883554
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
neutron functional jobs run tests using the tox env.
Even tempest jobs need tox to be present to run the tempest
tests in venv. But functional job derived from devstack-minimal
jobs does not make sure tox is present or not. devstack jobs does not
mak sure that as those are not only used for tox run but also for
other integration testing.
Current neutorn functional job failure-
- https://zuul.opendev.org/t/openstack/build/59865004855c404ab18f06fc0ec1d005
let's call ensure-tox role in job to make sure tox is present.
Change-Id: I9b4161946daa5863ddab94a57ad282e82bcf6e5c
Closes-Bug: 1884256
That method could be used outside the library where currently is
implemented. This patch relocates it in a common place for all
privileged.agent.linux libraries.
Change-Id: I5a6124eca3b57ee36479c106b62d101f538c12eb
Story: #2007686
Task: #40047
OVS tag v2.13.0 is not compatible with current used kernel on upstream
Bionic Ubuntu kernel 4.15.0. This patch sticks to commit hash to unblock
the gate. We can either change to newer 2.13 tag once released or better
stop compiling OVS and use one packaged by Ubuntu.
Run functional/fullstack tests with selected OVN and OVS versions
Previously for functional tests OVS version was hardcoded - v2.12.0,
and OVN was installed from OVS repository.
After we merged OVN driver to Neutron tree we run both
Neutron/OVS and Neutron/OVN functional tests in one job.
This patch adds possibility to specify from which tag/branch OVS and OVN
should be checkout.
Change-Id: I83688031951b97bfe64f3aaa761ad7afc1d5ea55
Closes-Bug: #1883601
Closes-Bug: #1878160
The method "_read_leases_file_leases" is not called with the
parameter "ip_version". This parameter can be removed from the
method signature and the related code.
Trivial-Fix
Change-Id: I3ba720243ae4c405c10895d423e8a014201f4067
This patch fixes:
- The IPv6 tag added in the "host" file if is supported in
dnsmasq. That shifts all other parameters in the register.
- IPv6 registers can have more than one IP address; in this
case, the method "_read_hosts_file_leases" should return a
tuple per IP address.
Change-Id: I4d0bc1eb9448366d8f1b2dacc9c5c2e4e6958253
Closes-Bug: #1884105
Change the service_plugin references in QoS admin document to use
only the steevedore names, to be consistent throughout the document.
Change-Id: Iebb28e0a68ce580d03851b083add70c79204da1c
Closes-Bug: #1882072
