Qos rules don't really have project_id attribute and they belon to the
project to which QoS policy belongs to. For that reason there is no need
to send project_id in the body of the POST request to create QoS rule in
tests module.
Related-bug: #2022043
Change-Id: Ie4d99bcbf67419f80dbe74b2265eb87f90720673
Fix for the related bug needs to be done in neutron-lib and after it
will be merged tenant_id nor project_id will not be available in the
flavor and service_profile resources. But for now they are so to make
FlavorExtensionTestCase class to be working fine with, new and old
neutron-lib versions, this patch modifies those unit tests slightly to
make them compatible with both neutron-lib versions.
Related-bug: #2022043
Change-Id: Id3f6ad38bb560a8a679d981d4ce8518053d2b3c2
Some of the resources, like e.g. QoS rules don't have tenant or
project_id attribute as they belong to the project to which QoS policy
(their parent) belongs to.
Because of that we should get project id for such resources from their
parent object instead of looking for it in its attributes.
Related-Bug: #2022043
Change-Id: I3e6625eb237ad442ab904f59de5c2959d4090700
The service "neutron-periodic-workers" is in charge of executing the
ML2 plugin periodic workers (usually ``PeriodicWorker`` type). These
workers have a worker_process_count=0.
Before this patch, the method ``start_periodic_workers`` was also
spawning other ML2 plugin workers, as the ML2/OVN ``MaintenanceWorker``,
not expected to be running in this service.
Closes-Bug: #2071920
Related-Bug: #2069581
Change-Id: Ic87ec5cc5037cab6eb0e24746a95ab4c8447870b
https://review.opendev.org/c/openstack/neutron/+/867359 inadvertently
dropped a return when binding:profile was missing, making it possible
to hit a KeyError when trying to access port["binding:profile"]. This
was seen in the Maintenance thread after adding a port.
Fixes: b6750fb2b8
Closes-Bug: #2071822
Change-Id: I232daa2905904d464ddf84e66e857f8b1f08e941
This method retrieves the metadata port using the SB datapath UUID,
not the network name.
Trivial-Fix
Change-Id: Ia2754052eb12778ec067a1bfc04ce3fd9b4f50d2
This patch enables the use of the WSGI module with the ML2/OVN
mechanism driver. The ML2/OVN requires two events that are called
during the Neutron eventlet server initialization:
* BEFORE_SPAWN: called once before the API workers have been created
and after the ML2 plugin code has been initalizated.
* AFTER_INIT: called when the API worker is started; at this point
the different worker processes have been spawned.
The WSGI module didn't make these event calls. Now these events are
called during the API server initialization, after the ML2 plugin
has been initalizated but before the server is running and attending
any request.
This approach differs from the Neutron eventlet server event calls
because the BEFORE_SPAWN event is called for all API workers; that
means the method ``OVNMechanismDriver.pre_fork_initialize`` is called
as many times as workers are configured.
Closes-Bug: #1912359
Change-Id: I684c6cea620308a6617b665400ce608650a2adfd
For openvswitch security group, due to some extreme
case, if ofport is processed once, the openvswitch
security driver will cache some old ofport informations
with different local vlan from current assignment.
So this patch changes the local_vlan get method
to the port other_config, this value should be
managed by ovs_agent properly, we can rely on
that.
Closes-Bug: #2071451
Change-Id: I7ad7df72807c95571ef3156c99072852d1c4f494
Since external network update or new subnet created on external
network, the related L3 routers have to do some update actions.
In order to make the L3 stuff limited to L3 code room only,
this patch move these code logical to L3 DB.
Change-Id: I9aefc5f8b68bc6c48cb07c87aba9c40e536afb55
If create subnet for existing external network, check the service_type
to skip all exsiting router gateway ports updating. And this check is
added only for L3RouterPlugin.
IPv6 subnet creation for external network will keep the current behavior.
IPv6 subnet has not 'floatingip' types. And IPv6 subnet should be created
once enough, because a /64 CIDR is large enough typically. Creating IPv6
subnets many times does not occur frequently. So make IPv6 run as it is.
Closes-Bug: #2043761
Change-Id: Ica03d091572025fd6938ad1fdf4b13854625f267
The subnet policy rule ``ADMIN_OR_NET_OWNER_MEMBER`` requires to
retrieve the network object from the database to read the project ID.
When retrieving a list of subnets, this operation can slow down the
API call. This patch is reordering the subnet RBAC policy checks to
make this check at the end.
As reported in the related LP bug, it is usual to have a "creator"
project where different resources are created and then shared to others;
in this case networks and subnets. All these subnets will belong to the
same project. If a non-admin user from this project list all the
subnets, with the code before to this patch it would be needed to
retrieve all the networks to read the project ID. With the current code
it is needed only to check that the user is a project reader.
The following benchmark has been done in a VM running a standalone
OpenStack deployment. One project has created 400 networks and 400
subnets (one per network). Each network has been shared with another
project. API time to process "GET /networking/v2.0/subnets":
* Without this patch: 5.5 seconds (average)
* With this patch: 0.25 seconds (average)
Related-Bug: #2071374
Related-Bug: #2037107
Change-Id: Ibca174213bba3c56fc18ec2732d80054ac95e859
In [1], a method to process the DHCP events in the correct order was
implemented. That method checks the port events in order to match
the "fixed_ips" field. That implies the Neutron server provides this
information in the port event, sent via RPC.
However in [2], the "fixed_ips" information was removed from the
``DhcpAgentNotifyAPI._after_router_interface_deleted``, causing a
periodic error in the ``DHCPResourceUpdate.__lt__`` method, as reported
in the LP bug. This patch is restoring this field in the RPC message.
[1]https://review.opendev.org/c/openstack/neutron/+/773160
[2]https://review.opendev.org/c/openstack/neutron/+/639814
Closes-Bug: #2071426
Change-Id: If1362b9b91794e74e8cf6bb233e661fba9fb3b26
To solve a performance issue when using network rbacs with thousands
of entries in the subnets, networks, and networks rbacs tables, it's
necessary to change the eager loader strategy to not create and process
a "cartesian" product of thousands of unnecessary combinatios for the
purpose of the relationship included between rbac rules and subnetpool
database model.
We don't need a many-to-many relationship here. So, we can use the
selectin eager loading to make this relationship one-to-many and create
the model with only the necessary steps, without exploding into a
thousands of rows caused by the "left outer join" cascade.
The "total" queries from this process would be divided into a series of
smaller queries with much better performance, and the resulting huge
select query will be resolved much faster without joined cascade,
representing significant performance gains.
Closes-bug: #2071374
Change-Id: I2e4fa0ffd2ad091ab6928bdf0d440b082c37def2
The test_l2_agent_restart test was failing due to the agents not
restarting within the timeout of 30s. This is fixed by:
* Use `systemctl restart` to restart the service instead of killing
and creating a new transient service.
* Don't block on `systemctl` calls to allow parallel service
operations. Previously this was serialized in the rootwrap daemon
which lead to delays.
* Use `KillMode=mixed` to first only kill the main process and give it
25s to cleanly shutdown all other processes. After this timeout all
processes are killed. Previously systemd sent a SIGTERM to all
processes which caused unclean shutdowns of some neutron agents which
expected to shutdown their child processes themselves.
Change-Id: Ic752e36e6fe6ba9b1fc9e7296204c086c465d76f
Closes-Bug: #2070390
When using the Neutron WSGI module, the ML2/OVN maintenance worker needs
to be spawned in a separate service. This patch adds the service
``neutron-ovn-maintenance-worker``, that is a single process service tha
runs the ``MaintenanceWorker`` instance. This process is in charge of
performing periodic routines related to the ML2/OVN driver.
This new service should be included in any deployment project that
allows to spawn Neutron ML2/OVN with WSGI. Along with this patch, a new
one for devstack will be proposed.
Related-Bug: #1912359
Change-Id: Iea2995adb3343aae74a1b617fbccfce5c62c6b87
When using the Neutron WSGI module, the plugin services (periodic
workers created on demand in the ML2 plugin initialization) were not
spawned.
This patch adds a new service that should be spawned within the Neutron
API processes, similar to the RPC server.
Closes-Bug: #2069581
Change-Id: Ia5376a68bfbcff4156800f550f28b59944b863c3
It's seen that these tests interfered(removed router namespace) with
test_metadata_proxy_rate_limiting_ipv6 but can interfere with others
too, let's run these serially to avoid random failures.
Following tests will run serially now:-
- test_periodic_sync_routers_task
- test_periodic_sync_routers_task_routers_deleted_while_agent_down
- test_periodic_sync_routers_task_routers_deleted_while_agent_sync
Closes-Bug: #2069744
Change-Id: I34598cb9ad39c96f5e46d98af1185992c5eb3446
* Generate unique internal and external router device names
using the agent's hostname. This is to allow multiple HA
router replicas to co-exist on the same machine, otherwise
they'd all use the same device names and OVS would freak out.
* Add host.disconnect method that disconnects the host from
the central internal and external bridges, simulating pulling
the cable from the host's NIC.
* Add host.kill and host.shutdown methods to forcefully kill and
gracefully shutdown a host simulating a host failure and host
shutdown. This also includes code to cleanup left-over router
namespaces.
* Added a L3 HA failover test for graceful failover, host failure and
network disconnect.
* Improve systemd service restart handling in Process fixture to use
`systemctl restart` and to not block the rootwrap daemon.
Co-Authored-By: Assaf Muller <amuller@redhat.com>
Change-Id: Iaaa1c2cab0341a929e368392aa7dc47c9b2399c2
Original-Change-Id: I250fa41d89dfc4f9f3ba4c03a027b52b2e8c4b4b
This patch ensures that the "classless-static-route" is wrapped in {} as
expected by OVN and also merges the default routes with the user
inputted ones so everything works as expected.
Closes-Bug: #2069625
Change-Id: I302a872161c55df447a05b31d99c702537502a2f
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The patch [1] defines the RpcWorker and RpcReportsWorker processes
names. However, the parent class ``neutron_lib.worker.BaseWorker``
init method is not reading the class variable defined in [1]. This
patch is explictly passing the ``desc`` class name in the init method.
[1]https://review.opendev.org/c/openstack/neutron/+/907712
Closes-Bug: #2069581
Change-Id: I50c2b0567ea10316ad06e6e6c1d01db8b9520e3e
The current comparison strategy is very time-consuming, and if
there are hundreds of thousands of security group rules, the
comparison time can still vary from several hours. The main
time-consuming operations are [1].
This patch is sorted first by security group rule ID and then
compared. The execution of sorting actions is relatively fast.
After actual measurement, the total time consumption is in the
minute level.
Partial-Bug: #2023130
[1] b86ca713f7/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py (L285-L291)
Change-Id: If4c886d928258450aac31e12a4e26e0cbe2ace62
This allows deployment tooling to easily switch from passing a binary
path to passing a Python module path. We'll use it shortly.
Change-Id: I5350dff6be0daf1d4e5e5dfa4aab745b765436f7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
We want this module for use elsewhere. This has a natural home in the
neutron.api module so move it there. This is similar to what has
previously been done for nova [1].
Tests for the module are also moved and other tests slightly decoupled.
[1] https://review.opendev.org/c/openstack/nova/+/902686
Change-Id: I835e7ad95b6d7d83d06f4303b476519c16b9a2c8
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
As was agreed on the CI meeting [1], this patch moves
neutron-ovn-grenade-multinode job from the experimental queue to the
check and gate queues.
Now in check/gate there are 2 grenade jobs: one ovs-multinode job and
one ovn-multinode job.
To not increase number of jobs in the check/gate, this patch also moves
neutron-ovs-grenade-dvr-multinode job to the periodic (and experimental)
queue.
[1] https://meetings.opendev.org/meetings/neutron_ci/2024/neutron_ci.2024-06-11-15.02.log.html#l-18
Change-Id: I22d0f9a59bca6f412dcf30005678229a859d5e4c
