Commit Graph

302 Commits (master)

Author SHA1 Message Date
Fernando Royo cdd932af20 Allow multiple VIPs per LB
User can specify additional subnet_id/ip_address pairs to bring up on
the VIP port.

Change-Id: I5537973bc2fd9879bdf5fafc9bebc08d7242c597
2023-11-07 12:11:07 +00:00
Fernando Royo 1661f3815c Add maintenance task to update entities on component start
Some changes require updating the existing entities in a
clear and transparent way for the user.

This patch adds a mechanism to create separate tasks that
can run periodically or just once in order to update or
modify existing entities that require changes after a new
patch or RFE.

As an example, a first task has been included for updating
existing OVN LB HM ports, changing their device_owner, and
adding their device_id.

Closes-Bug: 2038091
Change-Id: I0d4feb1e5c128d5a768d1b87deb2dcb3ab6d1ea1
2023-10-19 08:47:49 +00:00
Fernando Royo e2dbc59be5 Change device_owner used for OVN LB HM port
To differentiate OVN LB HM (Load Balancer Health Monitor) ports
from Neutron ovn-metadata ports, a new constant will be used for
the 'device_owner' field in OVN LB HM ports.

This change ensures that these ports are not managed by some Neutron
tasks that assume only one port per network should have a 'device_owner'
value of 'network:distributed'.

Partially-Closes: 2038091


Change-Id: I9a9a55d919fc215bf9a593a894e678c84e395e82
2023-10-17 08:36:54 +00:00
Fernando Royo 983ee0c4f3 Check multiple address of a LRP plugged to LS
When LB or member is created, driver looks for the Logical Router which
is plugged to the Logical Switch. As there can be more than one address
on the port, we should iterate over them to be compared with the gateway

This patch modifies code to do not crash if more than one address is
found in neutron:cidrs external_ids field.

Closes-Bug: 2036620
Change-Id: I17b2c2577a4d99455c30ca1e10632a7004d7c084
2023-09-22 10:05:33 +02:00
OpenStack Release Bot eda2def050 Update master for stable/2023.2
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: I5acf5babe7f81123d3b883ae91e75ae86e198d92
2023-09-15 14:06:01 +00:00
Fernando Royo fe6612f714 Cover the use case of a member non existing
When a HM is attached to a pool and a backend member in that pool
is a fake member (e.g. due to a typo on creation) the member remains
in ONLINE status. Basically this is due to the fact that there
isn't any LSP attached to that member and no Service_Monitor entries
will take care of it.

This patch checks inmediatelly after creation the member and update
the whole LB status to reflect this fake member that could help to
the user to identify quickly those fake members.

Closes-Bug: 2034522
Change-Id: I72b2d9c5f454f9b156414bf91ca7deb7f0e9d8b0
2023-09-08 12:21:37 +02:00
Rodolfo Alonso Hernandez e02c1b9b3e Bump Neutron and neutron-lib versions
It is needed to enforce the correct versions of both projects due
to incompatibilities with previous version. The Neutron Bobcat beta
3 should work with neutron-lib 3.8.0.

Change-Id: I1b7e35c92b01c15c9c236861f60d13bc5098330f
2023-09-06 12:56:44 +00:00
Fernando Royo 70fb6b345c [CI] Bump OVS_BRANCH in ovs/ovn source deploy jobs
Since [1] OVN/OVS source deploy jobs running with
OVN_BRANCH=main fails to compile ovn as this now
requires newer ovs commits from branch-3.2.


Change-Id: Ia546671f0d7be3e893eb2c7de67c82287bc53f52
2023-09-06 12:44:26 +02:00
Fernando Royo e9a55cd2b6 Add FIP on LogicalSwitchPortUpdate event
When a LogicalSwitchPortUpdate event is triggered after removing
FIP from LB VIP, the event received include the port affected,
but the FIP related is not passing to the handler method.

This patch includes the FIP into the info passed to the handler
method, simplifying the current handler logic and providing
future support for the new multi-vip feature. Also added a match
for only manage events including external_id updates.

Closes-Bug: #2028161
Change-Id: Ibee3906e8e9575fba7811e989e3e111a026ce45b
2023-07-20 08:32:39 +02:00
Fernando Royo ebfbd848b1 Fix port for Load Balancer Health Check for FIP
Currently when a FIP is attached to LB VIP after a HM is already
created, the LB_HC created for the new FIP is not including the
port in the vip field. At this way, when a member is in ERROR
operating status, request over the FIP are still distribute
to the ERROR'ed members.

This patch add the port when the FIP is associated to the LB VIP.

Related-Bug: #1997418
Change-Id: Iefe5d67b5a8fc47972b14c4247c381d625efcc09
2023-07-13 14:08:16 +00:00
Fernando Royo ed02dba2bc Update pool upon HM deletion request
When a HM is deleted, Octavia API will block the related
pool with a provision_status to PENDING_UPDATE, waiting
for the new status after finishing the HM deletion on the
provider. When multiple pools are attached to a LB, this
status is sent for the first pool obtained, keeping the
related pool in PENDING_UPDATE.

This patch ensures that the update status sent by the ovn
provider is referencing the correct pool id.

Closes-Bug: 2024912
Change-Id: Ie5d01ce291409383558b3dd7c4d2fe91fd657255
2023-07-13 11:08:42 +00:00
Luis Tomas Bolivar 382ddb0329 Add support for SOURCE_IP session persistence
This patch adds support to configure ovn loadbalancer
affinity_timeout option based on the pool session persistence

Change-Id: I07c8f3492e62576f66008e8ea1ef9846bed8c6fa
2023-07-11 11:34:52 +02:00
Luis Tomas Bolivar 20997b185f Ensure DVR is restablished on member on cascade deletion
Traffic to member, if they have FIPs gets centralized when they
are part of a loadbalancer. However, when the loadbalancer gets
deleted, the traffic should be distributed again (if DVR was
enabled). To do that this patch also considers the cascade deletion

Closes-Bug: #2025637
Change-Id: Ie4b44c9f15fc9e33a68f9aacd766590b974c63fd
2023-07-03 10:18:53 +00:00
Zuul ede9b19309 Merge "Discard batch-update-members not valid request" 2023-05-30 09:46:28 +00:00
Fernando Royo 01309d067c Apply admin_state_up on a new member creation
If a new member is added with the admin_state_up set to False,
they should not participate in load balancing requests over
the LB VIP. However, the member still receives requests, even
though the Octavia API applies the member's operation_status correctly,

This patch fixes this issue by not adding the member to the vips
(at OVN NB) so that request over LB VIP are not taking into account
that member.

Closes-Bug: 2016862
Change-Id: Iec7f6b1da8548a29eb9cc0e2544e77e1a6c6fb1e
2023-05-26 06:43:02 +00:00
Fernando Royo 5f27384805 Discard batch-update-members not valid request
An out of sync has been identified between the changes applied
over the OVN NB DB and Octavia DB when a batch-update-members
includes some unsupported option for any of the member to be

To prevent such inconsistencies, this patch rejects the entire
request if any of the proposed changes are identified as
unsupported. The user will be notified of the reason for the

Closes-Bug: 2017216
Change-Id: I6e132ab5c23c9c53176612f74bb500e46c89024f
2023-05-23 06:58:17 +00:00
Fernando Royo 0285967056 Add retry on case of sqlite3.InterfaceError on FT
After a thorough review of the issue, it looks like that the problem
does not originate from the base code of ovn-octavia-provider or
neutron. Other projects are also experiencing this problem,
indicating that it likely stems from a different source or set of
libraries [1].

To minimize the need for extensive rechecks on future patches, this
patch introduces a retry mechanism, utilizing tenacity, to the
affected methods.

Once the root cause of the problem '(sqlite3.InterfaceError) Cursor
needed to be reset because of commit/rollback and can no longer be
fetched from,' is identified and resolved, this patch should be


Related-Bug: #2020195
Change-Id: Ia7a9b5230f9cf56de8278b736022240a780130d6
2023-05-19 13:15:18 +00:00
Zuul 52ceb9a937 Merge "Fix update member action" 2023-05-18 12:14:41 +00:00
Zuul 16ebf6324f Merge "Update doc about ovn-octavia HM type limitation" 2023-05-10 10:02:31 +00:00
Fernando Royo 8beeeb9112 Fix update member action
Upon receipt of a member update request, certain attribute checks
are done, which may result in an error and prevent the update from
being successfully completed.

As per [1], only the "admin_state_up" attribute holds significance
in enabling or disabling members on the ovn-provider side during
an update operation.

This patch remove other checks are deemed unnecessary.


Closes-Bug: 2017127
Change-Id: I388284968e27e0ad8ec7bb0a522aa2925b560146
2023-05-10 09:37:30 +00:00
Gregory Thiemonge 220d8c8581 Replace python-neutronclient with openstacksdk
python-neutronclient has been deprecated and Octavia has already removed
it in the dependend change below. These are the respective changes on
ovn-octavia-provider side and they are in line with changes in Octavia

- Replaced code that uses the deprecated `python-neutronclient` library
  with code that uses `openstacksdk` and removed `python-neutronclient`
  as a dependency.
- Marked certain configuration options that were related to Keystone
  authentication as deprecated for removal. In future releases
  authentication options options need to be added to the [neutron]
  section of the configuration.

Note: After [1] some calls to neutron test_db_base_plugin_v2 had added
a new param 'as_admin' that need to be included in the calls from
ovn-provider functional tests. Squashed with patch [2] to solve
cross dependency.


Change-Id: I985b24e4a6db962b1e73eeae69a8c96f4b0760ae
2023-05-10 08:59:10 +02:00
Zuul b80bf850d9 Merge "Use ovsdbapp commands to add/del backends to ip_port_mappings" 2023-04-19 11:39:55 +00:00
Fernando Royo 79fb5bf86c Update doc about ovn-octavia HM type limitation
Clarify that HM type is not supported for SCTP because OVN
health checks is just supporting TCP and UDP-CONNECT.

Change-Id: Ice771ae36a521baad792c935fd2481602548a24d
2023-04-10 17:12:28 +02:00
yatinkarel f9319a185b Pin OVS_BRANCH to working commit
With [1] OVN main branch compilation fails, until
main branch is fixed to work with ovs master, let's
pin OVS_BRANCH to working commit.


Related-Bug: #2015728
Change-Id: Icdd1affc944de6c1e00da9539e13a8d698cfc0e6
2023-04-10 12:43:03 +05:30
Fernando Royo e40e0d62ac Use ovsdbapp commands to add/del backends to ip_port_mappings
LB ip_port_mapping is updated just adding and deleting every member
after any related operation over the LB-HM, this operation was done
in two steps, a db_clear and a db_set.

This patch takes ovsdbapp specific commands for add/del backends to
the ip_port_mapping in a more appropiate way, reducing any further
operation from OVN DBs not related to the member added/deleted. Also
taking care about the possibility of the same backend_ip could be
pointed by other member, under a different HM.

ovsdbapp bumps to 2.1.0 to be able to use those new functionalities [1]

[1] f3c5da5402

Closes-Bug: 2007835
Change-Id: I5705c490bcd36e7e2edcc62954a3ffa0ff645519
2023-04-03 08:17:23 +00:00
Fernando Royo 1878eb4c21 Fix broken pep8 jobs due to bandit 1.7.5 updated version
With the latest version of bandit (1.7.5), a new lint rule has been
introduced that checks the inclusion of the timeout parameter for
every "requests" call [1].

So B113 lint rule[2] needs to be skipped or code adapted, this patch
add the timeout parameter to the put/get requests.

[1] 5ff73ff8ff

Closes-bug: #2011573
Change-Id: I341faedbf7e237eed176e0d3ed3586b8d2c2cbb8
2023-03-14 14:15:34 +01:00
Zuul e5d1bd0336 Merge "Update master for stable/2023.1" 2023-03-02 21:23:03 +00:00
OpenStack Release Bot e953043ce9 Update master for stable/2023.1
Add file to the reno documentation build to show release notes for

Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on

Sem-Ver: feature
Change-Id: I4b12eeeb72bdbc301540564005e476672bfd1012
2023-03-02 11:45:46 +00:00
Fernando Royo 13c731346a Add new FTs for health monitoring basic operations
This patch add new functional tests for the health monitor CRUD

Change-Id: Ib18a4d1047e5e7b523719df37d3defb5dda23daa
2023-03-01 11:17:38 +01:00
Fernando Royo cc30eae60c Remove HM uuiid from LB external_ids when the HM's pool is deleted
The expected behavior when a HM is deleted is that any reference to it
in the LB's external_ids must be cleanup or removed. Until this patch,
this reference was not removed when the pool associated to the HM
is deleted.

Closes-Bug: #2008695
Change-Id: Ieeef917d9e293af27e5feed14335f25fd9a6fb48
2023-02-28 13:43:06 +01:00
Fernando Royo 569c9c011a Reset member provisioning status to NO_MONITOR when a HM is deleted
At present, when a health monitor (HM) is created for a pool,
the members of that pool are automatically set to ONLINE
provisioning status, unless the HM identifies an ERROR during
health checks.

This patch addresses an issue where, after deleting an HM,
the members should be reset to NO_MONITOR provisioning status,
regardless of whether the HM had previously set them to ONLINE
or ERROR status.

Closes-Bug: #2007985
Change-Id: I02bcba61d0cbc9202a6e50b849f8d781fb825d49
2023-02-27 17:56:26 +01:00
Luis Tomas Bolivar ba4ea1134b Ensure HM also apply to FIPs associated to LB VIPs
Currently, if a FIP gets associated to a LB with HealthMonitors
it is not included as a new OVN Load Balancer Health Checks. This
means that if the VIP is used, traffic will not be redirected to
the dead members, buit if the FIP is used there is no health checks
being applied and traffic will reach dead members.

This patch adds the extra functionality so that an extra OVN
Load Balancer Health Check is created for the FIPs associated to
the Load Balancer.

Closes-Bug: #1997418

Change-Id: Idbf1fb15076518092ce5fdaa57500d29342f51be
2023-02-21 14:47:26 +01:00
Fernando Royo 54d96ca072 Avoid use of ovn metadata port IP for HM checks
For every backend IP in the load balancer for which health
check is configured, a new row in the Service_Monitor table
is created and according to that ovn-controller will
periodically sends out the service monitor packets.

In this patch we create a new port for this purpose,
instead of use the ovn_metadata_port to configure the
backends in the field ip_port_mappings, this mapping is
the info used to be translated to Service_Monitor
entries (more details [1]).

[1] 24cd3267c4/northd/ovn-northd.8.xml (L1431)

Closes-Bug: #2004238
Change-Id: I11c4d9671eee002b15080d055a18a4d3f4d7c540
2023-02-16 11:19:34 +01:00
Luis Tomas Bolivar d10feb642f Remove LB from LS belonging to provider networks
In core OVN, LBs on switches with localnet ports (i.e., neutron
provider networks) don't work if traffic comes from localnet [1]

In order to force NAT to happen at the virtual router instead
of the LS level, when the VIP of the LoadBalancer is associated
to a provider network we should avoid adding the LB to the
LS associated to the provider network


Closes-Bug: #2003997

Change-Id: I009ddd2604d208bbf793e2d19d4195b77726f7b2
2023-02-01 14:33:37 +01:00
Fernando Royo ef019ed63b Fix jobs after tox4 upgrade
Following the recommendations provided in [1], this patch disables the
"skipsdist" flag. Also format passenv values due to cannot contain
whitespace, and add allowlist_externals where necessary because looks
more strictly checked.


Change-Id: Iea8e355cd18c51a00bdbe5225239965cfc1704d7
2023-01-02 08:25:21 +00:00
Zuul e0f96f02bf Merge "Fix listener provisioning_status after HM created/deleted" 2022-12-22 11:35:40 +00:00
Fernando Royo 548d65d1a5 Uncouple HM status of member statuses
When a new HM is created, the provisioning status is conditioned
by the status of the existing members on the pool. When any of
the members are in ERROR status (e.g. when a member is configure
with non existing address) the created HM is in ERROR status.

It makes more sense to warn about the member problem but let the
HM continue with its normal flow of operation over the possible
remaining members that exist for the pool on which it is created.
This patch removes the break after finding a problematic member 
(port not found) and just log a warning about the issue, but 
continue with the rest of the members.

Closes-Bug: #2000071
Change-Id: I5be9130eb63c03d273fc8dfcc93094204a3ed361
2022-12-20 15:04:53 +00:00
Fernando Royo 421665e2d2 Fix listener provisioning_status after HM created/deleted
When a HM is created/deleted over a pool, the listener related to the
pool keeps in PENDING_UPDATE status.

This patch return the correct status to Octavia API for the
listeners related to the pool, ensuring they could be modified and
not considered as inmutable.

Closes-Bug: #1999813
Change-Id: I4f6e4a8acb7c7bb030aaadc6875894d6fc00d740
2022-12-20 15:04:41 +00:00
Fernando Royo 2aab7367af Pin OVS_BRANCH to master again
This patch reverts [1], [2] now [3] has been merged in the
OVN repository.


Change-Id: I5279b288da46f6e223afb738c2c788f2bb2823b5
2022-12-20 12:12:03 +00:00
Zuul 9c9085eaab Merge "Make clear distinction between health check and health monitor" 2022-11-29 10:14:09 +00:00
Zuul 2f3a3443fd Merge "Ensure HM updates work as expected" 2022-11-25 17:05:05 +00:00
Luis Tomas Bolivar 9cb8cd5054 Make clear distinction between health check and health monitor
There was quite a mix between (Octavia) Health Monitors and
(OVN) Load Balancer Health Checks. This patch tries to make a
more clear distinction between Octavia HM and OVN LB HCs.

This patch also add a reference to the Octavia Health Monitors
Ids to the external_ids of the OVN NB Load_Balancer entries.

Related-Bug: #1997418

Change-Id: Ib8499d7c4ea102e183ead31f063a3c0a70af6e23
2022-11-25 11:17:52 +01:00
Luis Tomas Bolivar 4ccc5970da Ensure HM updates work as expected
This patch ensures if only one parameter is provided the
rest are not modified (set to undefined)

Closes-Bug: #1997416
Change-Id: Ie47f19afdd041843fe47da739b09ee03a88c7b02
2022-11-22 14:41:02 +01:00
Fernando Royo e32049135a Add support for HM on a fullypopulated load balancers
Octavia API allows to create fully populated load balancers with
a single call, and the pools included in that call could include
HM. OVN-octavia-provider was not implementing this option and only
the loadbalancer/listener(s)/pool(s)/member(s) were created,
keeping the HM at the Octavia API as PENDING_CREATE.

This also generated leftovers when trying to delete the loadbalancer
with the --cascade option.

Closes-Bug: #1997094

Change-Id: Ic24a0c1622c0aac2a40542cadf91a1bc47de1de6
2022-11-22 09:10:05 +00:00
Fernando Royo 71055bf302 Increase code coverage
Coverage tests is flickering over the threshold configured on 92%.
(without knowing the reason)

This patch adds additional unit tests to  files that has been
flickering in the last running cover jobs, in order to keep the
results in a more stable line.

Change-Id: I1cadb861ff5eb8cf6379d561e693a967fd5b90fc
2022-11-21 15:59:45 +01:00
Zuul a2b3561ee6 Merge "Ensure OVN-LB is properly configured upon LS removal from LR" 2022-10-26 07:35:42 +00:00
Luis Tomas Bolivar 512b2c83b5 Ensure OVN-LB is properly configured upon LS removal from LR
If an ovn-lb is created (VIP and members) in a LS (neutron network)
that has 2 subnets (IPv4 + IPv6), and this LS is connected to a LR,
removing the LS from the LR leads to the removal of the ovn-lb from
the LS and consequently to remove it from the OVN SB DB as it is not
associated to any datapath

This is a problem on the _find_ls_for_lr function that looks for
all the LR ports, and get the network name from them, therefore,
even though the port for the LS got deleted, there is still another
port from the other subnet pointing to the same network (LS), which
is the culprit to delete the ovn-lb from that LS.

With this patch, the VIP IP version is consider so that the router
ports that belongs to the other subnet are not considered and the
ovn-lb is not therefore removed from the LS.

Closes-Bug: #1992363
Change-Id: I7b6dd9a31020d942d391726662e9b5ed9d76dc1f
2022-10-18 08:29:20 +02:00
Zuul 35a5ee669f Merge "Ensure LB are removed from LS not connected to the LB LR" 2022-10-13 19:31:32 +00:00
Zuul fa4d500f69 Merge "Optimization for find_ls_for_lr" 2022-10-11 14:10:58 +00:00
Zuul 4596d065c5 Merge "Remove duplicated constant entry" 2022-10-11 09:11:50 +00:00