102 Commits

Author SHA1 Message Date
Nate Johnston
efc04eec00 Look for ipv6 routes so ipv6-only jobs will not fail
For change 739139 [1] PS 12, the
neutron-tempest-plugin-scenario-linuxbridge died in devstack with
"/opt/stack/devstack/functions-common:237 Failure retrieving default
route device", which comes from
"/opt/stack/devstack/lib/neutron-legacy:237:die_if_not_set".

Looking at the worlddump.txt for that job [2] I see that there is a
default ipv6 route; the vm was not configured with ipv4 networking.

    ip route
    --------

    ip -6 route
    -----------

    ::1 dev lo proto kernel metric 256 pref medium
    2607:ff68:100:54::/64 dev ens3 proto kernel metric 256 expires 86380sec pref medium
    fe80::/64 dev ens3 proto kernel metric 256 pref medium
    default via fe80::f816:3eff:fe77:b05c dev ens3 proto ra metric 1024 expires 280sec hoplimit 64 pref medium

Looking at the devstack code that throws the error [3] it looks like
it only looks for a default route in the output of `ip route`, which
does not include ipv6 information.  This change should look in both
the ipv4 and ipv6 route table.  A similar check in the L3 setup code
is also updated.

[1] https://review.opendev.org/#/c/739139/
[2] https://d4eb7e3efe98cba79a4b-f4d168cdb20f40841821e4b213645c0f.ssl.cf2.rackcdn.com/739139/12/gate/neutron-tempest-plugin-scenario-linuxbridge/9a6b4f7/controller/logs/worlddump-latest.txt
[3] https://opendev.org/openstack/devstack/src/branch/master/lib/neutron-legacy#L236

Closes-Bug: #1902002
Change-Id: I839e8c222368df98fec308cf41248a9dd0a8c187
2020-11-09 17:05:38 -05:00
Jens Harbott
0c9a6cab91 Enable accept_ra before enabling forwarding
We need to enable accept_ra before we enable forwarding, otherwise
existing addresses and routes may get dropped until the next RA is
received, possibly causing connection errors in the meantime.

Change-Id: I1fdeede59547de896ed89222ecf121fd9e6b810d
2019-09-19 13:59:28 +00:00
aojeagarcia
866efef17a Allow ipv6 ECMP in devstack
It turns out that a host can have multiple valid default gateways,
something that's not common in ipv4.

This patches add supports for multiple default gateways in ipv6
environments.

Closes-Bug: #1786259

Change-Id: I30bf655f7160dd19c427ee79acdf145671a3e520
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
2018-09-28 08:48:55 +00:00
Tim Swanson
bb7d2f233b Allow public router external net to use a non-flat provider network.
Allow users to auto-create a neutron non-flat providernet public network
and use it for external router interfaces.  By default, keep the existing
flat network type behavior.

Change-Id: I64f71b0c9fcac97b9b84b7d30ee61659b2a690f1
2018-01-18 10:59:51 -05:00
Shachar Snapiri
fe4c3cfcf5 Modified the subnet-range parameter to be optional
The subnet-range parameter is only sent now if a valid value exists so
the command will not fail

Change-Id: I5296f5b59bc6d3d3db90a685a8678db9a156eece
Closes-Bug: #1718111
2018-01-08 12:27:19 +00:00
Jenkins
c2ae15a6dd Merge "Make subnet pool names unique" 2017-09-05 12:21:11 +00:00
Ben Swartzlander
d15f222e2b Fix IPv6 provider networks
Add a missing --subnet-range argument when creating an ipv6 provider
network. Also changed SUBNET_V6_ID to IPV6_SUBNET_ID. And remove the
--ipv6-address-mode arg because it doesn't apply to subnets on routers.

Change-Id: I82796804a06e758e458606dc9eb400bcd08ad6e4
2017-03-11 01:50:01 +00:00
Jens Rosenboom
f069acf9ee Make subnet pool names unique
Using the same name for two different subnet pools means that one needs
to reference them by their UUID. Choosing unique names will allow us to
use the name to reference the pool later on.

At the same time simplify the command used for pool creation by
instructing OSC to only output the value that we are interested in.

Change-Id: Idedcb6328925d44cdd0f415450ec4ebbc272401d
2017-02-24 16:37:34 +01:00
Jenkins
5c332b09ab Merge "Corrected router gateway set command" 2017-02-24 06:32:13 +00:00
PranaliD
705b3785ca Corrected router gateway set command
While configuring the external network as the default
router gateway for IPV6 in lib/neutron_plugins/services/l3,
"router" keyword is missing in the command.

Corrected the command.

Change-Id: I055bea5137a841f709d4865ec9a43d6b53f8f4c9
Closes-Bug: 1660712
2017-02-01 11:33:44 +05:30
Brian Haley
1ec93a8fc2 Create private IPv6 subnet specifying mode flags
$ipv6_modes should always be passed when creating the
default IPv6 subnet, not just when fixed_range_v6 is
set.  Without it the default was DHCPv6, which cirros
doesn't support out of the box.  Was broken in
change-over from neutron to openstack cli.

Change-Id: Iadd39b1ce02fe0b3781bd3ae04adfd20d7e12d9f
Closes-bug: #1656098
2017-01-12 16:11:11 -05:00
Jenkins
721eb4fcdd Merge "Fix provider networking error message" 2017-01-03 20:06:37 +00:00
Armando Migliaccio
36f81ff6d5 Switch to using openstack client for setting the router's gateway
Depends-on: Ifb5a4d1965cd7e75c0c8cf2cfb677e0628b699dc
Change-Id: Iba58f5275cacc7bc82fa2f2d2b96315c2350ab70
2016-12-23 11:30:24 +00:00
Jenkins
c0ef1bd05b Merge "lib/neutron: Create initial topology only on controller node" 2016-11-28 10:41:09 +00:00
Jenkins
f5e78b6fb6 Merge "Allow provider network to be used for ssh validation" 2016-11-28 10:28:47 +00:00
Clark Boylan
a5afa7d81a Fix default ipv6 fixed range var
The intent was to make any ipv6 safe addr range bigger than a /64 a /64
when setting the fixed range. Unfortunately the awk only emited the mask
and not the addr. Fix this by sprinkling the address back in.

Fixes-Bug: 1643055
Change-Id: I526d4c748fd404ecb3c77afcbb056aa95090c409
2016-11-18 12:35:50 -08:00
Jenkins
a79aa4783b Merge "Derive IP ranges from new ADDRS_SAFE_TO_USE vars" 2016-11-18 18:01:22 +00:00
Jenkins
1493bdeba2 Merge "Stop setting route pointing back to tenant router" 2016-11-18 01:50:50 +00:00
Michael Turek
7938d83d3b Allow provider network to be used for ssh validation
Currently devstack assumes that the network used for ssh
validation is the private network. This patch adds a hook that
sets the network used for ssh validation based on whether or not
provider networking is being used. It also moves the function
'is_provider_network' into functions-common as it will now be
used by both tempest and neutron.

Change-Id: I265c9e26c9bfb18b7e201f27d8912b8bec235872
2016-11-17 13:40:01 -05:00
Kevin Benton
4bfbc291ee Derive IP ranges from new ADDRS_SAFE_TO_USE vars
The switch to using subnetpools caused quite a bit of confusion
because it didn't respect the value of FIXED_RANGE. This caused
conflicts in the gate with it's default IPv4 value of 10.0.0.0/8.

This patch does a few things to address the issue:
* It introduces the IPV4_ADDRS_SAFE_TO_USE and IPV6_ADDRS_SAFE_TO_USE
  values and adjusts all of the FIXED_RANGE and SUBNETPOOL_PREFIX values
  to dervive from them by default.
  * This addresses the concern that was raised about implying that
    SUBNETPOOL_PREFIX and FIXED_RANGE are equivalent when setting
    SUBNETPOOL_PREFIX=FIXED_RANGE by default. Now we have a new value
    for the operator specify a chunk of addresses that are safe to
    use for private networks without implementation implications.
  * Backwards compatibility is maintained by alloing users to override
    override all of these values.
* The default for IPV4_ADDRS_SAFE_TO_USE uses /22 instead of /24
  * Because we want to be able to use subnetpools for auto allocated
    topologies and we want to be able to have a large chunk of
    instances on each network, we needed a little more breathing room
    in the default v4 network size.
* SUBNET_POOL_SIZE_V4 default is changed from 24 to 26
  * In conjuction with this change and the one above, the default
    subnetpool will support up to 16 64-address allocations.
  * This should be enough to cover any regular gate scenarios.
  * If someone wants a bigger/smaller subnet, they can ask for that
    in the API request, change this value themselves, or use a different
    network entirely.
* FIXED_RANGE_V6 defaults to a max prefix of /64 from IPV6_ADDRS_SAFE_TO_USE
  * This avoids the private subnet in the non-subnetpool case from being
    larger than /64 to avoid issues identified in rfc 7421.
  * Users can still explicitly set this value to whatever they want.
    This 'max' behavior is only for the default.
  * This allows IPV6_ADDRS_SAFE_TO_USE to default to a /56, which leaves
    tons of room for v6 subnetpools.

Closes-Bug: #1629133
Change-Id: I7b32804d47bec743c0b13e434e6a7958728896ea
2016-11-16 05:26:03 +00:00
Kevin Benton
df5e69114f Stop setting route pointing back to tenant router
This removes the logic to add a route pointing to the IPv4
tenant private network range since the router is performing
SNAT. If reaching the IPs via the route worked at all, it was
by accident since this behavior is certainly not guaranteed
by Neutron.

Change-Id: If45e3fc15c050cfbac11b57c1eaf137dd7ed816f
2016-11-16 02:05:35 +00:00
Armando Migliaccio
4f11ff30cf Adopt openstack client for neutron commands
The neutron client is going to be deprecated during the
Ocata timeframe, so it is time to start switching to the
openstack client to invoke networking commands.

use of neutron client in neutron-legacy has been left as is.

The command for setting the router gateway is left as follow up.

Change-Id: I0a63e03d7d4a08ad6c27f2729fc298322baab397
2016-11-03 10:37:58 -07:00
YAMAMOTO Takashi
07edde1c14 lib/neutron: Create initial topology only on controller node
To avoid it being created multiple times for multinode setup.

Note: This reverts "Enable neutron to work in a multi node setup"
(commit 88f8558d874072536e7660a233f24207a7089651) partly and fixes
the issue differently.
The configuration in question uses the new lib/neutron. (not neutron-legacy)
In that case, calling create_neutron_initial_network from stack.sh directly
is a wrong way, as create_neutron_initial_network is sourced by
neutron-legacy.  The new neutron code should not rely on the legacy one.

Closes-Bug: #1613069
Change-Id: I868afeb065d80d8ccd57630b90658e330ab94251
2016-10-26 11:57:48 +02:00
Jenkins
88172b8763 Merge "Reduce the scope of the subnet pool prefix in neutron" 2016-10-14 20:04:27 +00:00
Jenkins
fab7a04de8 Merge "Neutron L3 subnetpool creation should be optional" 2016-10-11 19:45:27 +00:00
Jan Stodt
05dc1aad6c Fix provider networking error message
This fix replaces Q_USE_PROVIDERNET_FOR_PUBLIC with
Q_USE_PROVIDER_NETWORKING in the error messages introduced by
[1].

The error is thrown when provider networking with IPv6 has been
requested via local.conf, but no provider IPv6 range or provider
IPv6 gateway is provided. But if a provider network should be used
over the private network is determined along the variable
Q_USE_PROVIDER_NETWORKING and not Q_USE_PROVIDERNET_FOR_PUBLIC.

The variable Q_USE_PROVIDERNET_FOR_PUBLIC determines if a provider
network should be used as public network. This happens a few lines
later in the code and is not related to those error messages.

[1] https://review.openstack.org/#/c/326638/1/lib/neutron_plugins/
services/l3

Change-Id: I50aa1e9d2027eef598c95404851e51c31a397fbb
2016-10-06 08:41:05 +02:00
Jenkins
91d8a38e16 Merge "Allow default IPv6 route device names to have dots" 2016-10-05 18:24:12 +00:00
Miguel Angel Ajo
ca89d071b3 Reduce the scope of the subnet pool prefix in neutron
Some of the clouds used for CI use the 10.2xx.0.0/16 range
for VMs, and collide with the wider 10.0.0.0/8.

This setting allows for creation of 256 subnets out of the pool.

Change-Id: I48c86f94098f1501f0e7f90a265dda7e81440eb0
Closes-Bug: 1629133
2016-10-04 18:19:33 +02:00
rajinir
c58a15575d Neutron L3 subnetpool creation should be optional
Added an option to make subnetpools to be optional
as it ignores the public network specified in
FIXED_RANGE.

DocImpact
Change-Id: Ic89ceca76afda67da5545111972c3348011f294f
Closes-Bug: #1628267
2016-09-30 11:46:38 -05:00
Drago Rosson
b34d459bbc Allow default IPv6 route device names to have dots
When dots are used with sysctl, they are reinterpreted as slashes.
Route devices can have dots in their names, so when they are used in a
sysctl command that also uses dots, its dot will be replaced with a
slash, causing an error.

Change-Id: Ie32126a3aa8d646568d7d37ec4874419b9658935
Closes-Bug: #1627770
2016-09-27 10:24:47 -05:00
YAMAMOTO Takashi
1aa4368135 Move Q_ROUTER_NAME to where it belongs
The motivation is to make it more friendly with lib/neutron.
ie. independent from lib/neutron-legacy

Change-Id: I19821b009cbf1bc715a6c7b2854e4c77d2041ec4
2016-09-27 13:51:09 +09:00
Jenkins
69700227a9 Merge "Make the Neutron l3 plugin use the subnetpools" 2016-09-26 15:01:16 +00:00
Henry Gessau
734f144f5d Neutron L3: account for all default routes
Some systems may have more than one default route.
Set up iptables NAT rules on all v4 default route devices.
Accept RAs on all v6 default route devices.

Closes-Bug: #1624773

Change-Id: If58509297497ea33c6c156f083a4394000bd0561
2016-09-19 14:18:53 -04:00
Jenkins
fac8adbe1b Merge "Enable neutron to work in a multi node setup" 2016-09-06 14:02:07 +00:00
Kevin Benton
1554adef26 Revert "Revert "Use real Neutron network for L3 GW by default""
This reverts commit 7da968a8be03229cfa72b215b87f17e28e23a988.

Change-Id: I9ed28ccf6af611b280ada3420d7d2a833178fcac
2016-08-29 17:44:37 +00:00
Jenkins
61be14d299 Merge "Let neutron use default gateway IP for subnets" 2016-08-26 13:56:09 +00:00
Jenkins
b3b5eebaf5 Merge "Remove lbaas from devstack proper, take 2" 2016-08-25 18:32:38 +00:00
Doug Wiegley
7e40c6406b Remove lbaas from devstack proper, take 2
p-c patches have merged, neutron-lbaas removal is in the merge queue.

This reverts commit b3f26cb66c70b599c4d77945f2bdadd9537c7c35.

Depends-On: I506949e75bc62681412358ba689cb07b16311b68
Change-Id: I98d62c13ef90b20a9c67ef4f1720efcaa366fb31
2016-08-25 01:29:04 +00:00
Monty Taylor
c12d1d9ce0 Accept IPv6 RAs on the interface with the default route
Because neutron sets ipv6 forwarding settings, we stop accepting RAs
from IPv6-only host environments. This leads to a loss of external
connectivity, which is bad for zuul running tests and stuff.

Setting accept_ra to 2 will cause the RAs to be accepted.

Change-Id: Ia044fff2a1731ab6c04f82aea47096b425e0c0a0
2016-08-24 15:44:40 -04:00
Gary Kotton
88f8558d87 Enable neutron to work in a multi node setup
On the controller node where devstack is being run should create
the neutron network. The compute node should not.

The the case that we want to run a multi-node neutron setup we need
to configure the following (in the case that a plugin does not
have any agents running on the compute node):
ENABLED_SERVICES=n-cpu,neutron

In addition to this the code did not enable decomposed plugins to
configure their nova configurations if necessary.

This patch ensure that the multi-node support works.

Change-Id: I8e80edd453a1106ca666d6c531b2433be631bce4
Closes-bug: #1613069
2016-08-24 08:28:37 -07:00
Brian Haley
31813e9219 Let neutron use default gateway IP for subnets
By default, FIXED_RANGE and NETWORK_GATEWAY (and the
IPv6 equivalents) are in the same subnet.  But if
FIXED_RANGE is over-ridden in local.conf we could
create a subnet with an invalid gateway address.

Since neutron will pick the lowest host IP as the
gateway by default, do not specify them unless the
user has specifically set them.

Do this for both the private and public subnets, as
well as the public IPv4 subnet.

Change-Id: Ifc71400a3af1f131bb8a9722188e13de5bd3c806
2016-08-22 21:02:46 -04:00
Matt Van Dijk
d7a3f5c4cc Make the Neutron l3 plugin use the subnetpools
The plugin creates subnetpools but does not use them when creating the
default subnets. It uses CIDR values that overlap with the
default pools. Change this to use the subnetpools.

Change-Id: I6171c13507e420f146801d323cb1011be36c1e8c
Closes-bug: 1613717
2016-08-17 21:59:52 +00:00
Kevin Benton
6a42a85b56 Fixes for linux bridge and Q_USE_PROVIDER_NET
===Set bridge_mappings for linux bridge===
The external network physnet needs a bridge_mapping to the public
bridge when the L2 agent is responsible for wiring.

===Add PUBLIC_PHYSICAL_NETWORK to flat_networks===
This network must be present in the ML2 flat_networks config if
flat_networks is specified.

===Set ext_gw_interface to PUBLIC_BRIDGE in provider net case===
ext_gw_interface must be a bridge in a bridge_mapping when
Q_USE_PROVIDERNET_FOR_PUBLIC is used.

Closes-Bug: #1605423
Change-Id: I95d63f8dfd21499c599d425678bf5327b599efcc
2016-08-05 20:15:39 -07:00
Sean Dague
6a008fa74b Change to neutron by default.
nova-net is deprecated, and it's long time to switch to neutron by
default. This patch does that, and has an auto configuration mode that
mostly just works for the basic case.

It does this by assuming that unless the user specifies an interface
for it to manage, that it will not automatically have access to a
physical interface. The floating range is put on br-ex (per normal),
fixed ranges stay on their OVS interfaces.

Because there is no dedicated interface managed by neutron, we add an
iptables rule which allows guests to route out. While somewhat
synthetic, it does provide a working out of the box developer
experience, and is not hugely more synthetic then all the other
interface / route setup we have to do for the system.

You should be able to run this with a local.conf of just

[[local|localrc]]
ADMIN_PASSWORD=pass
DATABASE_PASSWORD=pass
RABBIT_PASSWORD=pass
SERVICE_PASSWORD=pass

And get a working neutron on a single interface box

Documentation will come in subsequent patches, however getting the
code out there and getting feedback is going to help shape this
direction.

Change-Id: I185325a684372e8a2ff25eae974a9a2a2d6277e0
2016-08-04 14:13:30 -04:00
Kevin Benton
7da968a8be Revert "Use real Neutron network for L3 GW by default"
This reverts commit 130a11f8aaf08ea529b6ce60dd9052451cb7bb5c.
Linux bridge devstack logic needs some changes first.

Change-Id: I5885062ad128518c22f743db016e1a6db64f3313
Closes-Bug: #1605423
2016-07-22 06:02:22 +00:00
Kevin Benton
130a11f8aa Use real Neutron network for L3 GW by default
Relying on 'external_network_bridge=br-ex' for the L3
agent has been deprecated in Neutron. This patch adjusts
the devstack defaults to setup Neutron in the preferred
manner (empty external_network_bridge value and
correct bridge_mappings for the L2 agent).

This will also help with correct MTU calculations now that
the external network will have the correct segmentation
type on it ('flat' now instead of 'vxlan' by default).

Related-Bug: #1511578
Related-Bug: #1603493
Change-Id: Id20e67aba5dfd2044b82c700f41c6e648b529430
2016-07-20 10:00:22 +00:00
Ihar Hrachyshka
7b5c7dce53 Introduce PUBLIC_BRIDGE_MTU variable to set br-ex MTU
This variable can be used to accommodate for underlying infrastructure
that does not provide full 1500-sized traffic, or maybe instead gives
access to Jumbo frames.

Change-Id: I38a80bac18673a30842a7b997d0669fed5aff976
Related-Bug: #1603268
2016-07-17 00:14:43 +02:00
Jenkins
2451518b5b Merge "Remove fwaas from DevStack" 2016-07-14 21:51:31 +00:00
Jenkins
2fec2fe732 Merge "Neutron: check if q-l3 or neutron-l3 is enabled" 2016-06-27 21:39:08 +00:00
Jenkins
01cbe7c143 Merge "Fix error reported due to re-add ipv6 address" 2016-06-23 02:54:32 +00:00