23137 Commits

Author SHA1 Message Date
Lucas Alvares Gomes
4824a714bf [OVN] Add support for external ports
This patch is adding support for a new port type called "external" in
core OVN.

Prior to this work, when a VM had a SR-IOV port attached to it, OVN itself
wasn't able to reply to things such as DHCP requests packets since the
OVS port was skipped. Core OVN then introduced the concept of "external"
ports which are ports deployed on a different node than the one that the
VM is running and is able to reply to such requests on behalf of the VM.

With this patch, when a port with the VNIC type "direct" and no
"switchdev" capability is created, ovn driver will then create a
logical port with the type "external" for it and add it to a default
HA Chassis Group. The port will then get bound to the "master" (higher
priority) chassis of that group.

Please note that, as a first step, this patch is creating only one HA
Chassis Group which *all* external ports will belong to. That means that
all external ports will be *scheduled onto the same node* (but it's
HA nevertheless). In the future we should enhance this behavior.

Change-Id: Ic6c4bb6c584682169f3ebd73105a847b05dddc76
Closes-Bug: #1841154
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-03-09 16:07:49 +00:00
Zuul
1f79ce8736 Merge "[OVN] Add IGMP snooping support" 2020-03-09 15:29:33 +00:00
Zuul
a1447d9e9f Merge "Increase log information in "TestMonitorDaemon"" 2020-03-07 12:08:41 +00:00
Zuul
c12bc5c097 Merge "Provide meaningful defaults for OVN/OVS_REPO_NAME" 2020-03-06 19:02:11 +00:00
Zuul
2dbf68042d Merge "Register DNSMASQ_OPTS in functional sanity tests" 2020-03-06 18:57:11 +00:00
Brian Haley
cc281afeec
Register DNSMASQ_OPTS in functional sanity tests
test_dnsmasq_version() is sometimes triggering a traceback
because the new dnsmasq_enable_addr6_list config option isn't
being found. Register the option in the test class.

Change-Id: Ie441f831bcd0835ae8e1cd082005640b65b7393a
Closes-bug: #1866129
2020-03-06 11:29:46 +01:00
Zuul
3e7ca41190 Merge "Limit ovn sanity checks to q-svc" 2020-03-06 03:47:30 +00:00
Zuul
43e6e87118 Merge "Add tag-ports-during-bulk-creation to devstack" 2020-03-06 00:22:33 +00:00
Zuul
129c68ef39 Merge "Revert "Blacklist test_multiple_ports_portrange_remote for OVN"" 2020-03-05 17:40:27 +00:00
Bence Romsics
295480c53c Provide meaningful defaults for OVN/OVS_REPO_NAME
In local dev environments devstack may be configured to clone
a component from a git repo with a working directory, for example:
$HOME/src/ovn/.git

The original logic took the the base name without the .git extension
as the repo name to use - for this path that is the empty string,
which of course did not work.

This change supplies a meaningful default repo name for cases like this.

Change-Id: I3a2796f67d7f0634b1f25d44f4fa229d31ef9cc1
2020-03-05 10:47:49 +01:00
Zuul
77616fd177 Merge "Change way of retrieving LSP in virtual_port functional tests" 2020-03-05 06:53:01 +00:00
Zuul
c243f3b561 Merge "[OVN] Enable live-migration tests for devstack multinode" 2020-03-05 01:58:15 +00:00
Zuul
92d54faa7b Merge "[OVN] Add missing OVN functional tests" 2020-03-04 19:28:10 +00:00
Zuul
8540345244 Merge "Support for stateless security groups" 2020-03-04 14:16:34 +00:00
Zuul
59dd469bd3 Merge "DHCPv6 - Use addr6_list in dnsmasq" 2020-03-04 11:20:45 +00:00
Zuul
73c1ef8e70 Merge "[OVN] Merge networking-ovn vagrant into neutron" 2020-03-04 09:18:37 +00:00
Zuul
a9d6eae110 Merge "Rename devstack service neutron-ovn-metadata-agent" 2020-03-03 23:40:32 +00:00
Zuul
a68fa1dcc3 Merge "Make neutron-ovn-tempest-slow job green" 2020-03-03 19:52:40 +00:00
Zuul
96fce08bbc Merge "[OVN] DevStack: Split the OVN_BRANCH and OVS_BRANCH variables" 2020-03-03 19:47:37 +00:00
Zuul
d0050d8aa2 Merge "Fix assertEqual() calls in metadata agent unit tests" 2020-03-03 19:47:25 +00:00
Zuul
409a9b36ed Merge "Remove extra header fields in proxied metadata requests" 2020-03-03 19:47:21 +00:00
Zuul
46e7a22f7d Merge "Improve log message on exception for invalid tunnel type" 2020-03-03 19:47:18 +00:00
Zuul
13c5fc4ddd Merge "Add "project_id" filter when changing the network segmentation ID" 2020-03-03 18:29:44 +00:00
Zuul
c09041a8ca Merge "Allow usage of assert_called_once method in unit tests" 2020-03-03 18:27:16 +00:00
Aditya Reddy Nagaram
cbc473e066 Support for stateless security groups
Blueprint: stateless-security-groups

Change-Id: Iae39a89b762786e4f05aa61aa0db634941806d41
2020-03-03 16:53:42 +01:00
Zuul
d1384bddec Merge "Move rejection of min-bw rule on non-physnet port to the ovs qos driver" 2020-03-03 15:10:34 +00:00
Bence Romsics
6b01ecf9ea Limit ovn sanity checks to q-svc
The sanity checks related to neutron-server config only make sense
when q-svc service is enabled. When building a devstack without q-svc
(for example a compute-only devstack) do not force this configuration
to be present where it's meaningless.

Change-Id: I5b9176d4a55a826f498e367f1f02569429dbe546
2020-03-03 14:43:01 +01:00
Bence Romsics
02a7e96743 Rename devstack service neutron-ovn-metadata-agent
... to q-ovn-metadata-agent.

To the best of my understanding we decided to keep using the
neutron-legacy devstack module since it is the one used in the gate:

http://lists.openstack.org/pipermail/openstack-discuss/2019-December/thread.html#11544

And we merge new features like the ovn migration only working with
neutron-legacy:

https://review.opendev.org/696592

It seems to me we were a bit inconsistent in naming devstack service
'neutron-ovn-metadata-agent' since legacy style devstack service
names start with 'q-'.

For example this sample config is broken:

https://opendev.org/openstack/neutron/src/branch/master/devstack/ovn-compute-local.conf.sample#L31-L35

stack.sh dies with:

lib/neutron: line 368: neutron_plugin_create_nova_conf: command not found

Because not having a single 'q-' service in that enabled service list
we trip up devstack's 'is_neutron_legacy_enabled' check:

e51cbf0ea9/lib/neutron (L127-L135)

This change renames devstack service neutron-ovn-metadata-agent
to q-ovn-metadata-agent.

I'm not proud to propose this change in 2020 (circa 5 years after
the rename from Quantum to Neutron) so let me know if you see a better
way. :-)

Change-Id: I507a3426e2b63bff49891bd5a51fa9d9999a0ffa
2020-03-03 14:43:01 +01:00
Lucas Alvares Gomes
7fa6c1bf39 [OVN] Add IGMP snooping support
This patch is ading IGMP snooping support in the OVN driver. Multicast
support has been introduced in core OVN upstream.

Also, the patch always sets the "mcast_flood_unregistered" config in
the OVN Logical_Switch to the same value as the "mcast_snoop" config.
This is so that OVN matches the OVS behavior which is to enable IGMP
flooding by default [0] (in OVN, by default it's false).

[0] http://www.openvswitch.org/support/dist-docs/ovs-vsctl.8.txt (grep
for "mcast-snooping-disable")

Change-Id: I32f61ba3dd06d7eacf76a74c5c44e1286f90e584
Co-Authored-By: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-03-03 10:33:02 +00:00
Harald Jensås
592c2f8d91 DHCPv6 - Use addr6_list in dnsmasq
Adds a new bool option dnsmasq_enable_addr6_list, when
enabled configuration for dnsmasq will be created with a
single dhcp-host entry specifying a list of ip addresses
allocated for a port.

Previously the dnsmasq dhcp-agent driver would write a
separate dhcp-host entry for each fixed-ip of a port in
the dnsmasq hosts file. The result of the previous
behaviour is that dnsmasq will only use one of the config
entries, i.e the first one matching the mac identifier.

The trade-off is that only a single dns_assignment will
be used for IPv6 addresses within the same subnet. (But
in practice, this was always the case since only the
first config entry would be used by dnsmasq.)

Why is this neccecary:
  This is done to enable ironic provisioning over IPv6
  using DHCPv6-stateful. For background info, please
  read dnsmasq-discuss thread:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2020q1/thread.html#13671

Closes-Bug: #1861032
Change-Id: I833840e7daed2efa7efaece27cfd1ba28e0feb90
2020-03-03 11:03:36 +01:00
Zuul
fb2453c999 Merge "[OVN] Update zuul jobs to use local OVN driver" 2020-03-03 09:58:41 +00:00
Maciej Józefczyk
07d5a20b3b [OVN] Add missing OVN functional tests
This patch adds functional tests for:
  * OVN DB Resources
  * OVN DB Sync
  * OVSDB Monitor
  * OVN DB Revision numbers
  * OVN L3 Plugin
  * OVN Trunk driver

Previous paths in networking-ovn tree:
./networking_ovn/tests/functional/test_ovn_db_resources.py ->
  ./neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovn_db_resources.py
./networking_ovn/tests/functional/test_ovn_db_sync.py ->
  ./neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovn_db_sync.py
./networking_ovn/tests/functional/test_ovsdb_monitor.py ->
  ./neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovsdb_monitor.py
./networking_ovn/tests/functional/test_revision_numbers.py ->
  ./neutron/tests/functional/db/test_ovn_revision_numbers_db.py
./networking_ovn/tests/functional/test_router.py ->
  ./neutron/tests/functional/services/ovn_l3/test_plugin.py
./networking_ovn/tests/functional/test_trunk_driver.py ->
  ./neutron/tests/functional/services/trunk/drivers/ovn/test_trunk_driver.py

Co-Authored-By: Amitabha Biswas <abiswas@us.ibm.com>
Co-Authored-By: Armando Migliaccio <armamig@gmail.com>
Co-Authored-By: Brian Haley <bhaley@redhat.com>
Co-Authored-By: Daniel Alvarez <dalvarez@redhat.com>
Co-Authored-By: Dong Jun <dongj@dtdream.com>
Co-Authored-By: Guoshuai Li <ligs@dtdream.com>
Co-Authored-By: Hong Hui Xiao <honghui_xiao@yeah.net>
Co-Authored-By: Hong Hui Xiao <xiaohhui@cn.ibm.com>
Co-Authored-By: Jakub Libosvar <libosvar@redhat.com>
Co-Authored-By: Jenkins <jenkins@review.openstack.org>
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Co-Authored-By: Maciej Józefczyk <mjozefcz@redhat.com>
Co-Authored-By: Numan Siddique <nusiddiq@redhat.com>
Co-Authored-By: Richard Theis <rtheis@us.ibm.com>
Co-Authored-By: Terry Wilson <twilson@redhat.com>
Co-Authored-By: Zuul <zuul@review.opendev.org>
Co-Authored-By: Zuul <zuul@review.openstack.org>
Co-Authored-By: bailinzhang <zhang.bailin@zte.com.cn>
Co-Authored-By: lzklibj <lzklibj@cn.ibm.com>
Co-Authored-By: melissaml <ma.lei@99cloud.net>
Co-Authored-By: venkata anil <anilvenkata@redhat.com>
Co-Authored-By: xurong00037997 <xu.rong@zte.com.cn>

Change-Id: I215d65599e7ea2ee25794d25fa264ae03eaa3d13
Related-Blueprint: neutron-ovn-merge
2020-03-03 09:21:25 +00:00
Zuul
eeea4b4682 Merge "Ensure that default SG exists during list of SG rules API call" 2020-03-03 08:57:31 +00:00
Zuul
cd6001a9d0 Merge "[OVN] Always update router static route" 2020-03-03 04:55:49 +00:00
Rodolfo Alonso Hernandez
42fc820ded Increase log information in "TestMonitorDaemon"
When reading the 'neutron-keepalived-state-change' log, if an error
occurs, provide in the error log the namespace devices and addresses.

Change-Id: Ia324b2cf40cb72d28efdc8826c673ec9395d3a24
Closes-Bug: #1865557
2020-03-02 17:58:40 +00:00
Zuul
10b0613cc0 Merge "[OVN] Remove SG dependency on original port dict" 2020-03-02 16:29:45 +00:00
Brian Haley
ec539cb76f Fix assertEqual() calls in metadata agent unit tests
Should be self.assertEqual(expected, actual)

Trivialfix

Change-Id: Ia714ae0755487dd519f8c6f0b4d7abd1492c05a9
2020-03-02 11:25:52 -05:00
Brian Haley
5af046fd4e Remove extra header fields in proxied metadata requests
If a user specifies a header in their request for metadata,
it could override what the proxy would have inserted on their
behalf. Make sure to remove any headers we don't want, and
override something that might be present in the request.
If the agent somehow gets a request with both headers it will
silently drop it.

Change-Id: Id6c103b7bcebe441c27c6049d349d84ba7fd15a6
Closes-bug: #1865036
2020-03-02 11:20:25 -05:00
Lucas Alvares Gomes
18c63a7148 [OVN] DevStack: Split the OVN_BRANCH and OVS_BRANCH variables
We will soon have different version for OVN and OVS, this patch is
splitting the OVN_BRANCH and OVS_BRANCH variables in the DevStack
module.

Change-Id: Icf32d168d177268afeb02c95084543d97f4f07e6
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-03-02 15:41:27 +00:00
Igor Malinovskiy
248cdaa6f7 Allow usage of assert_called_once method in unit tests
mock.assert_called_once is valid method since Python 3.6
but it's not allowed to use it in neutron because of
outdated flake8 check.

Change-Id: I8cdcc0e32618613472139ad9094bb19d562d6426
2020-03-02 14:17:26 +02:00
Maciej Józefczyk
5c99964ead [OVN] Enable live-migration tests for devstack multinode
Live migration now success because [1] has been fixed.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1716335

Change-Id: Ibf59ae3df4f9d0364d7aab4118e9a58145372bfa
2020-03-02 10:33:04 +00:00
Slawek Kaplonski
ab1390163d Make neutron-ovn-tempest-slow job green
This patch adds some tests to be blacklisted in
neutron-ovn-tempest-slow because of already known bugs.

Change-Id: I78606f33fcd8f0f4b179dc9d2b71cb9afb8b4880
2020-03-02 11:17:25 +01:00
Maciej Józefczyk
08132e213d Change way of retrieving LSP in virtual_port functional tests
Sometimes we had a situation, where Logical_Switch_Port type
received by IDL had a different type, that type set in the
NBDB. We changed the way we retrieve the LS from DB, to not
loop over rows in table, but call db_find_rows() instead.
With this change after about 40 retries of functional tests we
don't spot the same issue again.

Change-Id: I07c081d1984b26a10a4d854d17117cfeaac7f8ac
Related-Bug: 1862618
2020-03-02 10:06:44 +01:00
Zuul
f97ae3d6f8 Merge "Filter by owner SGs when retrieving the SG rules" 2020-03-02 02:21:44 +00:00
zhangyuhe
8c103739f6 [OVN] Always update router static route
- This change fixed an issue where the update_router_routes method
would not execute when all static routes were removed

Closes-Bug: #1860273

Change-Id: I33559947f63ab4259ec99f093350e8e6eeb83d7d
Signed-off-by: zhangyuhe <1073258077@qq.com>
2020-03-02 09:41:48 +08:00
Miguel Lavalle
d6e1523f78 Add tag-ports-during-bulk-creation to devstack
Add tag-ports-during-bulk-creation to devstack

Change-Id: I838de14f183f805c19411218edb815e190f8d650
2020-03-01 18:59:15 -06:00
Zuul
972a174fdc Merge "Remove neutron-tempest-dvr job from CI" 2020-03-01 14:45:22 +00:00
Zuul
3c210f610c Merge "Ensure netlink.nla_slot tuple key is a string" 2020-03-01 14:00:21 +00:00
Zuul
d2e35c830b Merge "Catch PortBindingChassisEvent in test_agent_resync_on_non_existing_bridge" 2020-03-01 13:55:37 +00:00
Slawek Kaplonski
4739a4febb Ensure that default SG exists during list of SG rules API call
During processing of security group rule list API call Neutron will
now ensure that default security group for project given in the filters
or in the context exists.
It is similar to what is done for list of security groups or creation of
new network/port in the project.

Change-Id: Id6fee5a752968b356b884d939b708a420016c9bc
Closes-Bug: #1864171
2020-03-01 11:25:58 +01:00