Changed the code to use context manager for updating ml2_vlan_allocations db when
arista_vlan type driver is in use. This also makes the code compatible with
SQLAlchemy version 2.0 where Session.autocommit is removed
Change-Id: I75b760a27d7aef29591c0efc03542d37a30afd70
This reverts commit 14640a366c.
Reason for revert: This causes issues for HA deployments as it may cause port bindings to be synced before dependent ports, vms, networks, etc.. Rather than working around the upstream issue, I think we need to try to fix it (or treat it as a known limitation that requires re-creating DVR ports as a workaround.)
Change-Id: I903133a0365ddee9b309962c26c06ac6ba0abb68
Notable changes:
- bump hacking to make it py38+ compatible
- (with changes to pass against the newer pep8 rules)
- ensure requests get monkey-patched to avoid exceeding
maximum recursion depth in SSL
- start running openstack-python3-yoga-jobs-neutron
Change-Id: I84be86737b493dfc811a772bbeabefd10e645206
A recent change (https://review.opendev.org/c/openstack/neutron/+/826502)
now requires that L2 drivers specify their connectivity in a property
rather than in vif_details. This change updates the mech drivers
in networking-arista to follow that paradigm
Change-Id: I9c5805b9dfa3b21dbe422b7ba3e2babf700aec9a
The db_lib.py needs changes to be compatible with SQLAlchemy 2.0.
This patch is a temporary fix to avoid failure in the CI and make it
working
Change-Id: I30035658b369fb1e54a340d20b384d7d3b2e9971
A recent to the way neutron sends trunk/subport payloads
(0f3e04b00f)
breaks the arista_trunk service plugin.
This change adopts the new format.
Change-Id: Id0c46a2fc63eea0a6e80d6052649dedcebf4b041
When a port binding resource update comes in from the provisioning
queue, its host will always be the FQDN (if Neutron/Nova have been
configured to use FQDN hostnames.) If use_fqdn is false, we already
use the short host name on create and in tracking existing neutron
and CVX resources, but on delete, we're correctly querying the DB
with the FQDN, but then continuing to use the FQDN in forcing the
CVX update and generating the data for the HTTP DELETE call.
The proposed fix is to override the force_resource_update and
_delete_neutron_resource methods to correct the hostname in those
calls if necessary.
Change-Id: Ifaca6c22770991a6195f69dd245c865ebf978138
When two DVR bindings go to ACTIVE simultaneously, one of the
updates will hit a stale data exception when commit to the DB.
This will ultimately result in update_port_postcommit not getting
called when the second binding's status goes to ACTIVE on retry.
To handle this, we now check for missing port bindings once per
sync period.
Change-Id: I8262bec98993fe80ca3482a47d283aeafea75101
This reverts commit 7da640b4ed.
Reason for revert: Breaks sync when DVR ports are DOWN while DVR port bindings exist
Change-Id: If6d5f67da7a19d4d5e0469023e24e060afa2c2d3
When two DVR bindings go to ACTIVE simultaneously, one of the
updates will hit a stale data exception when commit to the DB.
This will ultimately result in update_port_postcommit not getting
called when the second binding's status goes to ACTIVE on retry.
In order to workaround this issue, we now bind DVR ports even
in a DOWN state.
Change-Id: I4811c8ce398a5a95a446c68ed81af550f6ea394f
(cherry picked from commit f2e081e7fa)
In stein the get_session function was removed from the
upstream type driver helper. This change replaces that
with calls to neutron-lib's db_api.
This also re-enables the type driver unit tests which have
been disabled for a while (missing __init__.py) and adds
coverage for a upstream test cases for the upstream VLAN
type driver against the Arista VLAN type driver.
Change-Id: I5b52abafadf236278ca707c89b69883501992219
This is just a patch of the remaining diff for bug 1889396 between
stable branches and master to keep them inline.
Change-Id: Icf4121c2a3a05912ce2a4ac2c9cf441d6609ae24
This change reduces info level logging such that it only produces
logs when CVX state needs to be updated. Internal accounting has
been changed to DEBUG level.
Network create before change at INFO level:
31521 Arista Sync time 1590625762.4879267 last sync 1590625762.2405837 timeout 0.7526607513427734
31521 Processing create network ID: e7af8f41-89ef-4a9c-b0bf-619056e5112f
31521 create network with id e7af8f41-89ef-4a9c-b0bf-619056e5112f
31521 Requesting create Networks resource e7af8f41-89ef-4a9c-b0bf-619056e5112f
31521 Resource Networks e7af8f41-89ef-4a9c-b0bf-619056e5112f found, creating
31521 Networks resource e7af8f41-89ef-4a9c-b0bf-619056e5112f added locally
31521 create requisite tenant with id tid
31521 Requesting create Tenants resource tid
31521 Resource Tenants tid found, creating
31521 Tenants resource tid added locally
31521 Tenants resource tid requires update
31521 create requisite segment with id 253f985d-4708-4980-a298-e99489cb6a74
31521 Requesting create Segments resource 253f985d-4708-4980-a298-e99489cb6a74
31521 Resource Segments 253f985d-4708-4980-a298-e99489cb6a74 found, creating
31521 Segments resource 253f985d-4708-4980-a298-e99489cb6a74 added locally
31521 Getting PortBindings from CVX
31521 No PortBindings resources to delete
31521 Getting BaremetalPorts from CVX
31521 No BaremetalPorts resources to delete
31521 Getting VmPorts from CVX
31521 No VmPorts resources to delete
31521 Getting RouterPorts from CVX
31521 No RouterPorts resources to delete
31521 Getting DhcpPorts from CVX
31521 No DhcpPorts resources to delete
31521 Getting Baremetals from CVX
31521 No Baremetals resources to delete
31521 Getting Vms from CVX
31521 No Vms resources to delete
31521 Getting Routers from CVX
31521 No Routers resources to delete
31521 Getting Dhcps from CVX
31521 No Dhcps resources to delete
31521 Getting Segments from CVX
31521 No Segments resources to delete
31521 Getting Networks from CVX
31521 No Networks resources to delete
31521 Getting Tenants from CVX
31521 No Tenants resources to delete
31521 Getting Tenants from CVX
31521 Getting Tenants from neutron
31521 Creating Tenants resources with ids tid on CVX
31521 Tenants resources with ids tid created on CVX
31521 Getting Networks from CVX
31521 Getting Networks from neutron
31521 Creating Networks resources with ids e7af8f41-89ef-4a9c-b0bf-619056e5112f on CVX
31521 Networks resources with ids e7af8f41-89ef-4a9c-b0bf-619056e5112f created on CVX
31521 Getting Segments from CVX
31521 Getting Segments from neutron
31521 Creating Segments resources with ids 253f985d-4708-4980-a298-e99489cb6a74 on CVX
31521 Segments resources with ids 253f985d-4708-4980-a298-e99489cb6a74 created on CVX
31521 Getting Dhcps from CVX
31521 Getting Dhcps from neutron
31521 No Dhcps resources to create
31521 Getting Routers from CVX
31521 Getting Routers from neutron
31521 No Routers resources to create
31521 Getting Vms from CVX
31521 Getting Vms from neutron
31521 No Vms resources to create
31521 Getting Baremetals from CVX
31521 Getting Baremetals from neutron
31521 No Baremetals resources to create
31521 Getting DhcpPorts from CVX
31521 Getting DhcpPorts from neutron
31521 No DhcpPorts resources to create
31521 Getting RouterPorts from CVX
31521 Getting RouterPorts from neutron
31521 No RouterPorts resources to create
31521 Getting VmPorts from CVX
31521 Getting VmPorts from neutron
31521 No VmPorts resources to create
31521 Getting BaremetalPorts from CVX
31521 Getting BaremetalPorts from neutron
31521 No BaremetalPorts resources to create
31521 Getting PortBindings from CVX
31521 Getting PortBindings from neutron
31521 No PortBindings resources to create
After:
32632 Arista Sync time 1590625370.1938148 last sync 1590625369.7015142 timeout 0.5077025890350342
32632 Processing create network ID: db232697-ba88-43c0-85e2-7957cf675aca
32632 Creating Tenants resources with ids tid on CVX
32632 Tenants resources with ids tid created on CVX
32632 Creating Networks resources with ids db232697-ba88-43c0-85e2-7957cf675aca on CVX
32632 Networks resources with ids db232697-ba88-43c0-85e2-7957cf675aca created on CVX
32632 Creating Segments resources with ids 978ae7ed-718f-4d43-8c4c-f227656278fa on CVX
32632 Segments resources with ids 978ae7ed-718f-4d43-8c4c-f227656278fa created on CVX
Change-Id: I77c569870f9c1a09e4d4956c87943ebd77d7a62f
This change contains two fixes:
1. When a port goes to ERROR state, treat it as a delete
2. When a device_id is '', don't query for all instances
Change-Id: I587fef123e0552cc3bd2fe3fb74cfcb2dbb23c8b
bind_port gets called in the API worker, of which there may be
multiple processes. This change passes external=True to ensure
we use an interprocess lock.
Change-Id: Ia4a94f00ef94faf8d4b6892550d32a6540c8e989
This commit is removing support fro python2 in networking-arista and
synchrinizing the package requirements with neutron. Because of this
some code changes have been performed in order for the pep8 test to pass
Change-Id: I829d7eec72cb22d1142782894b9833769f432a66
This change includes 3 fixes:
1. Sync workers sleep for [0,1) seconds after every sync
2. Dependent resources are always synced in the same sync cycle
3. Sync lock is released on failure if at least one successful sync has occurred
Change-Id: I1ab75dcce69b68acf63c24d31a3e106ecc506fb3
This allows the arista mech driver to bind ports without
a fixed IP (see https://review.opendev.org/#/c/678027/)
Change-Id: I0f0859da7311a22f878fa673ca67898d7e154313
Query one more time from NetworkSegment for a dynamic segment added
to the table instead of relying on what reserve_provider_segment returns
Change-Id: Iee958314366b9651f79544d80a7a55cf09c73a28
With previous patch the INTERNAL-TENANT-ID was used, instead of blank project_id,
for creating L3 HA network on CVX. This patch removes the use of
INTERNAL-TENANT-ID and instead it uses the project_id from HA router for
creating network, or port resources on CVX.
Change-Id: I632ce29f934d2e3cc96032e2baeee7e96f20d8f3
If L3 HA is enabled in neutron, by creating a router, a HA network with
no project_id is created. With this patch Arista ML2 driver uses an internal
project_id, i.e. 'INTERNAL-TENANT-ID', to set the project_id of the network when
creating it on the CVX.
Change-Id: Ifb9ce0a4594706945cef47321d902aa07a5944dd
The trunk constants live in neutron-lib now. This patch switches over
to them in prep for https://review.openstack.org/#/c/649672/
Change-Id: I2642269c3554cb4d4b0d31aae2597f3476b3b487
The arista_vlan type driver's sync thread actually runs in
a separate process so interthread communication through shared
memory fails. This fixes the situation by having the type driver
query the db for the correct network_vlan_range before calling the
base vlan driver's allocation, verification and release methods that
use that variable.
Change-Id: I0e5590388b62a346aa747192dd84f93e9e380a63
When the arista_vlan type driver is enabled, but CVX is not reachable,
Neutron cannot be started as the parsing of available VLANs hits an
exception. This change causes available VLANs to be an empty list
at startup, which will prevent VLAN network creation until CVX is reachable,
but will not interfere with Neutron startup.
Change-Id: I100a62da7782023e9acb167662c2a5159bedf338
1. Ensure port->network dependency is enforced in update_port_postcommit
2. Always send creates if resource in DB (resource may have been deleted by
another worker)
3. If resource in DB, do not send DELETE, send a POST instead
(indicates resource was recreated)
4. Ignore 'Unkown port id' in errors in DELETEs
5. Track that a sync is still necessary when sync lock is not grabbed
6. DB queries must be done with the sync lock to avoid race conditions
7. Run sync worker in separate process to avoid blocking other workers
Change-Id: I25b4c55d77a5a00087d8679a5323ab956f3b9665
This implements the use of dynamic ACLs to ensure that stale
security groups and rules do not persist on TORs.
It also adds logic to query TORs for dynamic ACLs and ACL bindings.
This allows us to cleanup any stale config that might be present as a
result of intermittent connection loss. It also allows to only send
config that may be missing, rather than reconfiguring everything on
each sync.
Change-Id: I2beaa0b182cf054e2846145322b083781467d018
This change results in resource updates becoming implicit
when a resource has changed by comparing the new resource
to the existing resource and forcing a POST if they differ.
Change-Id: Id43b042228288a510dbc814135c006d72fe2f0ff
1. Fix the format string for full sync complete
2. Correctly force a full sync on any failure
3. Fully remove SG code from arista_sync
4. Don't create/delete port_bindings for unsupported ports
Change-Id: I990e55b9d116d258a3011290b025920f3fb4ae1d
The binding_levels may be cleared when update_port is called (e.g. in
case of deleting a baremetal instance). In such a case, original_binding_levels
can be used to get required binding levels.
Change-Id: Ibab2c9d90023c52141ce0b9d57fdafaf0aadf8c9
Dependent resources should be deleted before the resources they
depend on to allow CVX to better handle the DELETEs. This avoids
situations such as where we delete a network before its segments
causing the segment DELETEs to fail as a result of being unable
to find the network in the region's network collection.
Change-Id: I1f1fa2d199b45bed52c549731580c06a306a3231
When a SG is applied to a VM, ingress refers to traffic flowing
into a VM and egress refers to traffic flowing out.
In the baremetal case, traffic flowing out of a switchport is
flowing into the the bare metal. Therefore, INGRESS SG rules
should be applied as 'out' ACLs and EGRESS rules as 'in' ACLs.
The names of the rules have been adjusted to match the OpenStack
meaning on the rules for clarity.
Change-Id: I1e8937cf6a4290782e0377f9061b72040d5b5716
Mitchell Jameson