When two DVR bindings go to ACTIVE simultaneously, one of the
updates will hit a stale data exception when commit to the DB.
This will ultimately result in update_port_postcommit not getting
called when the second binding's status goes to ACTIVE on retry.
To handle this, we now check for missing port bindings once per
With previous patch the INTERNAL-TENANT-ID was used, instead of blank project_id,
for creating L3 HA network on CVX. This patch removes the use of
INTERNAL-TENANT-ID and instead it uses the project_id from HA router for
creating network, or port resources on CVX.
If L3 HA is enabled in neutron, by creating a router, a HA network with
no project_id is created. With this patch Arista ML2 driver uses an internal
project_id, i.e. 'INTERNAL-TENANT-ID', to set the project_id of the network when
creating it on the CVX.
(cherry picked from commit 094b199a71)
1. When beginning a sync, we set current_sync_name in the JSON rpc after
a successful POST to the sync endpoint. The only place we reset to the
current_sync_name is in the sync_end(). Therefore, any failure in sync
will result in current_sync_name not being cleared. A future attempt to
begin sync will fail as a result since a POST to sync with a sync_id
specified returns an error if a sync is not in progress with that sync
ID. The fix is to clear the current_sync_name when beginning a new sync
2. Update CVX's sync interval if it's not set to avoid immediate sync
3. Don't prematurely set the local uuid to cvx uuid, preventing full
syncs if the full sync fails.
4. We were querying CVX before beginning sync, we now do that after sync
5. Get rid of threading.Event for sync_worker communication. Neutron
starts the sync worker in another process, so it doesn't work.
multiprocessing.Queue uses sockets and fds to implement an interprocess
Queue that does wakeup the sync worker within the other process. It
however does not wakeup a thread within the same process, so use
eventlet.queue.LightQueue for testing.
6. Don't call delete_port_resources for a transition from DOWN -> DOWN
7. Fix network name and instance hostId to match the JSON API model
8. Improve logging for arista_resources and mechanism_arista.
9. Don't sync tenants with id ''
(cherry picked from commit d0372d7a21)
Move all security group logic to a service plugin. ACLs are now
applied to ports in response to PORT callbacks rather than via
the ML2 mechanism driver.
eAPI commands are also now built incrementally rather than by
This change actually utilizes the provisioning queue to provision
resources from the Arista mechanism driver. With this change, all
provisioning is now done by the sync worker.
A large part of this change is a rework of test_mechanism_arista.py
to validate the new provisioning mechanism. The new tests are closer to
end-to-end tests than unit tests. The tests now initialize neutron's ML2
plugin, load the Arista and OVS mech drivers and starts their workers.
Networks and ports are then created via calls to the neutron ML2 plugin,
which will then call the arista driver with context formatted correctly
(rather than the fake context we previously used.) The arista driver
will populate the provision queue in response to these calls and the
sync worker will eventually provision a MockCvx instance. The use of a
MockCvx instance is the only thing that really separates this from a
full end-to-end test as it doesn't actually validate the rpc calls it
sees in the way that the JSON api on CVX would.
I've also added some code to the test to enable profiling (it's disabled
by default) to simplify decisions about any future optimizations that we
may elect to pursue.