Do not report ovs agent state when ovs is dead,
and let neutron-server mark service as down. So
cluster admin could determine there is a problem
of the given ovs agent
Change-Id: Ib4b06c7877a7343f4204d4f4f5863931717ff507
Closes-Bug: #1910946
When a subnet is updated or created, the metadata port is updated too,
to add the fixed IP address of the new subnet. In this case, the port
should update only the IP address of this specific subnet.
Change-Id: I05394e49077a72199bbc80c8cb622ec2b17f2fa7
Closes-Bug: #1890432
Segment delete can fail if the subnet related to the segment is deleted.
Related-Bug: #1878632
Depends-On: https://review.opendev.org/727796
Change-Id: I9a656cee769d2ba515d00d2acbd28a3c2f641ff7
Another item noted with the new pip resolver [1], linters dependencies
in test-requirements.txt may cause resolver issues (trying to pull in
enum34), conflicting requirements and cause them to be installed for all
test jobs. Move them to tox.ini as was done for some projects already
(this may be backported/squashed with pip resolver fix in stable
branches depending on how fixing these will go).
[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019362.html
Change-Id: I0111c41bea6a6caf5ffba1f5c34489854d9c9747
To stop a "keepalived" process, a SIGTERM signal is sent. This patch
checks if the process is not present in the system. If the instance
is still running after a short time, a SIGKILL signal is sent.
Change-Id: I2e784ea7e00c145135288bf309bb34ce311ac15c
Closes-Bug: #1908057
Removal of non-gateway port on DVR router deletes all the DVR to
SRC mac flows for the instances of same subnet on that compute node.
The instances are not reachable from any other network.
This patch checks if the DVR router port is gateway for the subnet
or not. And deletes the DVR-SRC mac flows only if it is gateway port.
The DVR-SRC mac flows are deleted if the gateway is not set for the subnet.
Change-Id: Iadc1671c862f8c01e5761e92b82a04849d4bb411
Closes-Bug: #1892405
Updates to tools/migrate_names.txt to correctly represent
mapping between neutron and networking-ovn for metadata
agent.
Change-Id: I52f4d20c7190490b707a08e0f7dd06ccd6f43f69
Router HA port may be deleted concurrently while the plugin
is trying to update. This patch catches the known exceptions.
Should not `plugin.update_port_statuses` use because:
1. plugin.update_port_statuses will hide all exception
no matter the port exists.
2. The code just needs to catch the port not found error,
but let all other exception raised if port still exists.
Closes-Bug: #1906375
Change-Id: Id5d9c99be3bd6854568d2b1baa86c25c0cfd4756
In case a logical switch has no name, skip the maintenance IGMP
snoop check.
NOTE: Neutron defines the logical switch name with the pattern
"neutron-<network_id>". This logical switch does not belong to
Neutron.
Change-Id: I1ccdadf8e90e0bbce13294cc329ed43e90fa0259
Closes-Bug: #1896203
Both files cannot be deleted with the default permissions because
those files are created by the "root" user.
Change-Id: I73dd37b3104fac8d3172f520f71cffd85d040c4b
Closes-Bug: #1907695
Currently when deleting a remote-group's member IPs, the deleted IPs'
conjunctive flows are not cleaned up in OF tables. This is because
the conjunctive flows' cookies don't match with the OVSBridge default
cookie used by the delete flow method. This patch fixed the issue by
using an ANY cookie that can always match with the cookies of the
conjunctive flows.
Change-Id: I74916acf8311989dca267f23261ec4cf449a6abf
Closes-Bug: 1907491
Ensure the TCP traffic leaving the OVN metadata namespace has
the checksum correctly populated. This is necessary when the
OVS datapath is "netdev".
Because the overhead added is minimal and only applies to the
metadata traffic inside the metadata namespace, this rule is
always set.
Change-Id: I7e39f40b325a6974a46ed34641cec5226c9e5a3f
Closes-Bug: #1904871
To limit usage of resources (mostly memory) in the fullstack job and
to avoid oom killer to kill e.g. mysqld service, this patch:
* Makes number of API workers changeable by tests, as a parameter to
EnvironmentDescription and defaults its value to 1. As neutron server
is spawned separately for each test and is used only to process just
few API requests during that single test so this should be still
enough there, and where more API workers are needed (like some dhcp HA
tests: TestDhcpAgentHARaceCondition) it can be changed,
* reduces number of test run workers from 4 to 3 - job will run slower
but hopefully more stable,
* in the functional and fullstack tests job definition disable etcd3
service - this will not save us a lot of memory but still it's not
needed at all so why to run it there.
Change-Id: If19803ab6db144e2d17d6805d379c1c76d8fa343
Closes-Bug: #1906366
These are common policy check strings that we're going to use to
implement a few basic personas across OpenStack APIs. This is going to
help move OpenStack towards a more secure and consistent authorization
experience.
Partially-Implements blueprint: secure-bac-roles
Change-Id: Ic48c8c39b156ddc58f3fb632a6aa37d6fec40c41