[OVN] Check if OVN NB supports stateless NAT rules
Added a check for OVN NB schema, looking for "options" field in "NAT" table (added in OVN NB schema 5.17). This patch removes the code to support OVN without stateless NAT rules. It is assumed that "options" field in "NAT" table is always present. Closes-Bug: #1949494 Change-Id: Ib3b6dd68009ab635627168b11626d7e7c548ee2f
This commit is contained in:
parent
12eecf9679
commit
ce1a87057a
@ -51,6 +51,7 @@ DIRECT_PORT_QOS_MIN_OVS_VERSION = '2.11'
|
||||
MINIMUM_DIBBLER_VERSION = '1.0.1'
|
||||
CONNTRACK_GRE_MODULE = 'nf_conntrack_proto_gre'
|
||||
OVN_NB_DB_SCHEMA_PORT_GROUP = '5.11'
|
||||
OVN_NB_DB_SCHEMA_STATELESS_NAT = '5.17'
|
||||
|
||||
|
||||
class OVNCheckType(enum.Enum):
|
||||
@ -597,3 +598,17 @@ def ovn_nb_db_schema_port_group_supported():
|
||||
'Exception: %s', e)
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
def ovn_nb_db_schema_stateless_nat_supported():
|
||||
try:
|
||||
ver = _get_ovn_version(OVNCheckType.nb_db_schema)
|
||||
minver = versionutils.convert_version_to_tuple(
|
||||
OVN_NB_DB_SCHEMA_STATELESS_NAT)
|
||||
if ver < minver:
|
||||
return False
|
||||
except (OSError, RuntimeError, ValueError) as e:
|
||||
LOG.debug('Exception while checking OVN DB schema version. '
|
||||
'Exception: %s', e)
|
||||
return False
|
||||
return True
|
||||
|
@ -311,6 +311,14 @@ def check_ovn_nb_db_schema_port_group_support():
|
||||
return result
|
||||
|
||||
|
||||
def check_ovn_nb_db_schema_stateless_nat():
|
||||
result = checks.ovn_nb_db_schema_stateless_nat_supported()
|
||||
if not result:
|
||||
LOG.warning('OVN NB DB schema does not support stateless NAT. This '
|
||||
'support was added in DB schema version 5.17.')
|
||||
return result
|
||||
|
||||
|
||||
# Define CLI opts to test specific features, with a callback for the test
|
||||
OPTS = [
|
||||
BoolOptCallback('ovs_vxlan', check_ovs_vxlan, default=False,
|
||||
@ -379,6 +387,10 @@ OPTS = [
|
||||
check_ovn_nb_db_schema_port_group_support,
|
||||
help=_('Check OVN NB DB schema support Port_Group'),
|
||||
default=False),
|
||||
BoolOptCallback('ovn_nb_db_schema_stateless_nat_support',
|
||||
check_ovn_nb_db_schema_stateless_nat,
|
||||
help=_('Check OVN NB DB schema support stateless NAT'),
|
||||
default=False),
|
||||
]
|
||||
|
||||
|
||||
@ -427,6 +439,7 @@ def enable_tests_from_config():
|
||||
cfg.CONF.set_default('check_min_tx_rate_support', True)
|
||||
if 'ovn' in cfg.CONF.ml2.mechanism_drivers:
|
||||
cfg.CONF.set_default('ovn_nb_db_schema_port_group_support', True)
|
||||
cfg.CONF.set_default('ovn_nb_db_schema_stateless_nat_support', True)
|
||||
|
||||
|
||||
def all_tests_passed():
|
||||
|
@ -283,9 +283,6 @@ class DBInconsistenciesPeriodics(SchemaAwarePeriodicsBase):
|
||||
@rerun_on_schema_updates
|
||||
def migrate_to_stateless_fips(self):
|
||||
"""Perform the migration from stateful to stateless Floating IPs. """
|
||||
if not self._ovn_client.is_stateless_nat_supported():
|
||||
raise periodics.NeverAgain()
|
||||
|
||||
# Only the worker holding a valid lock within OVSDB will perform the
|
||||
# migration.
|
||||
if not self.has_lock:
|
||||
|
@ -117,10 +117,6 @@ class OVNClient(object):
|
||||
return self._nb_idl.is_col_supports_value('ACL', 'action',
|
||||
'allow-stateless')
|
||||
|
||||
# TODO(ihrachys) remove when min OVN version >= 20.03
|
||||
def is_stateless_nat_supported(self):
|
||||
return self._nb_idl.is_col_present('NAT', 'options')
|
||||
|
||||
def _get_allowed_addresses_from_port(self, port):
|
||||
if not port.get(psec.PORTSECURITY):
|
||||
return [], []
|
||||
@ -745,9 +741,8 @@ class OVNClient(object):
|
||||
'logical_ip': floatingip['fixed_ip_address'],
|
||||
'external_ip': floatingip['floating_ip_address'],
|
||||
'logical_port': floatingip['port_id'],
|
||||
'external_ids': ext_ids}
|
||||
if self.is_stateless_nat_supported():
|
||||
columns['options'] = {'stateless': 'true'}
|
||||
'external_ids': ext_ids,
|
||||
'options': {'stateless': 'true'}}
|
||||
|
||||
if ovn_conf.is_ovn_distributed_floating_ip():
|
||||
if self._nb_idl.lsp_get_up(floatingip['port_id']).execute():
|
||||
|
@ -140,9 +140,7 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
|
||||
never_again=False)
|
||||
|
||||
def _test_migrate_to_stateless_fips_helper(
|
||||
self, stateless_supported, migration_expected, never_again):
|
||||
self.fake_ovn_client.is_stateless_nat_supported.return_value = (
|
||||
stateless_supported)
|
||||
self, migration_expected, never_again):
|
||||
with mock.patch.object(ovn_db_sync.OvnNbSynchronizer,
|
||||
'migrate_to_stateless_fips') as mtsf:
|
||||
if never_again:
|
||||
@ -156,16 +154,10 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
|
||||
else:
|
||||
mtsf.assert_not_called()
|
||||
|
||||
def test_migrate_to_stateless_fips_not_needed(self):
|
||||
self._test_migrate_to_stateless_fips_helper(
|
||||
stateless_supported=False, migration_expected=False,
|
||||
never_again=True)
|
||||
|
||||
def test_migrate_to_stateless_fips(self):
|
||||
# Check normal migration path: if the migration has to be done, it will
|
||||
# take place and won't be attempted in the future.
|
||||
self._test_migrate_to_stateless_fips_helper(stateless_supported=True,
|
||||
migration_expected=True,
|
||||
self._test_migrate_to_stateless_fips_helper(migration_expected=True,
|
||||
never_again=True)
|
||||
|
||||
def test_migrate_to_stateless_fips_no_lock(self):
|
||||
@ -175,8 +167,7 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
|
||||
# Check that if this worker doesn't have the lock, it won't
|
||||
# perform the migration and it will try again later.
|
||||
self._test_migrate_to_stateless_fips_helper(
|
||||
stateless_supported=True, migration_expected=False,
|
||||
never_again=False)
|
||||
migration_expected=False, never_again=False)
|
||||
|
||||
def _test_fix_create_update_network(self, ovn_rev, neutron_rev):
|
||||
with db_api.CONTEXT_WRITER.using(self.ctx):
|
||||
|
@ -0,0 +1,5 @@
|
||||
---
|
||||
features:
|
||||
- |
|
||||
Since this version, the support for stateless security groups is mandatory.
|
||||
The minimum OVN NB schema version must be 5.17.
|
Loading…
Reference in New Issue
Block a user