24178 Commits

Author SHA1 Message Date
shenjiatong
5d8f3fd614 Do not report ovs agent state if ovs is dead
Do not report ovs agent state when ovs is dead,
and let neutron-server mark service as down. So
cluster admin could determine there is a problem
of the given ovs agent

Change-Id: Ib4b06c7877a7343f4204d4f4f5863931717ff507
Closes-Bug: #1910946
2021-01-13 16:17:14 +08:00
Zuul
607f15c1ac Merge "Remove duplicate licese text from the br_tun file" 2020-12-21 18:00:43 +00:00
Zuul
4e37346d27 Merge "[OVN] Update metadata port ony for requested subnet" 2020-12-21 12:20:01 +00:00
Zuul
38d683a7ec Merge "New fullstack test for subnet port delete race condition" 2020-12-21 11:54:16 +00:00
Slawek Kaplonski
a8d5280b35 Remove duplicate licese text from the br_tun file
TrivialFix

Change-Id: I6550bf2546a022e4b2f189f1f7480fed0f5d967b
2020-12-21 12:09:36 +01:00
Zuul
74e4cd31f1 Merge "Move linters dependencies to tox.ini" 2020-12-18 10:39:31 +00:00
Rodolfo Alonso Hernandez
93225e016b [OVN] Update metadata port ony for requested subnet
When a subnet is updated or created, the metadata port is updated too,
to add the fixed IP address of the new subnet. In this case, the port
should update only the IP address of this specific subnet.

Change-Id: I05394e49077a72199bbc80c8cb622ec2b17f2fa7
Closes-Bug: #1890432
2020-12-18 10:05:11 +00:00
Zuul
4c886998b1 Merge "Add vlan-transparent to OVN ML2 Supported API extensions" 2020-12-17 14:42:27 +00:00
Zuul
b20bb13a6c Merge "[OVN] Skip maintenance IGMP snoop check if not LS name" 2020-12-17 13:47:45 +00:00
Zuul
1bf7ef6348 Merge "Ensure "keepalived" is correcly disabled" 2020-12-17 13:25:35 +00:00
elajkat
c6034bf7f4 New fullstack test for subnet port delete race condition
Segment delete can fail if the subnet related to the segment is deleted.

Related-Bug: #1878632
Depends-On: https://review.opendev.org/727796

Change-Id: I9a656cee769d2ba515d00d2acbd28a3c2f641ff7
2020-12-17 11:54:08 +01:00
Bernard Cafarelli
89e2fad8ef
Move linters dependencies to tox.ini
Another item noted with the new pip resolver [1], linters dependencies
in test-requirements.txt may cause resolver issues (trying to pull in
enum34), conflicting requirements and cause them to be installed for all
test jobs. Move them to tox.ini as was done for some projects already
(this may be backported/squashed with pip resolver fix in stable
branches depending on how fixing these will go).

[1] http://lists.openstack.org/pipermail/openstack-discuss/2020-December/019362.html

Change-Id: I0111c41bea6a6caf5ffba1f5c34489854d9c9747
2020-12-17 11:32:03 +01:00
Zuul
5895f39eec Merge "Fix removal of dvr-src mac flows when non-gateway port on router is deleted" 2020-12-17 01:16:10 +00:00
Zuul
3b7de59d40 Merge "[Docs] Add doc about debugging of the Grenade jobs" 2020-12-16 23:13:02 +00:00
Zuul
9bbbb6f58e Merge "Fix OVS conjunctive IP flows cleanup" 2020-12-16 23:12:51 +00:00
Zuul
1994fbb8f9 Merge "Switch to new engine facade for IpamPluggableBackend and Ipam driver" 2020-12-16 19:45:26 +00:00
Zuul
0a852dab99 Merge "Handle router HA port concurrently deleting" 2020-12-16 16:38:41 +00:00
Rodolfo Alonso Hernandez
2618acff51 Ensure "keepalived" is correcly disabled
To stop a "keepalived" process, a SIGTERM signal is sent. This patch
checks if the process is not present in the system. If the instance
is still running after a short time, a SIGKILL signal is sent.

Change-Id: I2e784ea7e00c145135288bf309bb34ce311ac15c
Closes-Bug: #1908057
2020-12-16 16:33:01 +00:00
Zuul
5c54553224 Merge "SimpleInterfaceMonitor filter events by bridge name" 2020-12-16 13:13:52 +00:00
Hemanth Nakkina
329ea19f8b Fix removal of dvr-src mac flows when non-gateway port on router is deleted
Removal of non-gateway port on DVR router deletes all the DVR to
SRC mac flows for the instances of same subnet on that compute node.
The instances are not reachable from any other network.

This patch checks if the DVR router port is gateway for the subnet
or not. And deletes the DVR-SRC mac flows only if it is gateway port.
The DVR-SRC mac flows are deleted if the gateway is not set for the subnet.

Change-Id: Iadc1671c862f8c01e5761e92b82a04849d4bb411
Closes-Bug: #1892405
2020-12-16 11:09:22 +05:30
Zuul
64637e1468 Merge "[OVN] Updates to tools/migrate_names.txt" 2020-12-15 23:44:46 +00:00
Slawek Kaplonski
59827fa840 [Docs] Add doc about debugging of the Grenade jobs
Change-Id: I218a7a2584a8669a0da0a7ff328985e12f8ec92f
2020-12-15 22:55:06 +01:00
Zuul
a5c513ef7f Merge "[OVN] ovn-metadata-agent: Retry registering Chassis at startup" 2020-12-15 20:04:57 +00:00
Zuul
eaaa76530d Merge "Temporary blacklist test_reboot_server_hard in OVN IPv6 job" 2020-12-15 19:43:46 +00:00
Zuul
4998ddc5d2 Merge "Treat Forbidden as NotFound in Designate" 2020-12-15 19:25:27 +00:00
Zuul
70944f76d6 Merge "Switch to new engine facade for l3_hamode_db leftovers" 2020-12-15 16:30:47 +00:00
Zuul
6a8fa65302 Merge "Disable dns-integration API extension if it's not enabled in ML2" 2020-12-15 12:40:11 +00:00
Zuul
6fe80fc1d6 Merge "Fix imports order in neutron.services.ovn_l3_plugin module" 2020-12-15 12:39:48 +00:00
Miguel Lavalle
7e450091cf Switch to new engine facade for IpamPluggableBackend and Ipam driver
Partially-Implements blueprint: enginefacade-switch

Co-authored-by: Slawek Kaplonski <skaplons@redhat.com>

Change-Id: I22ea705906159bae87c5a04eb808f21e9096a282
2020-12-15 11:10:36 +00:00
Flavio Fernandes
ee75371df4 [OVN] Updates to tools/migrate_names.txt
Updates to tools/migrate_names.txt to correctly represent
mapping between neutron and networking-ovn for metadata
agent.

Change-Id: I52f4d20c7190490b707a08e0f7dd06ccd6f43f69
2020-12-14 16:44:40 -05:00
Eduardo Olivares
c4f957afbb Add vlan-transparent to OVN ML2 Supported API extensions
Change-Id: I8afeaaf4b5e34516ee8e547b6233e29e85c1fd45
2020-12-14 15:48:27 +00:00
Zuul
33d699d530 Merge "Add common system and project policy check strings to constants" 2020-12-14 14:15:43 +00:00
Zuul
69910a0bc5 Merge "Upgrade RPC version of SecurityGroup*Rpc" 2020-12-14 13:44:09 +00:00
Zuul
2d4b3aa119 Merge "Delete HA metadata proxy PID and config with elevated privileges" 2020-12-14 08:32:38 +00:00
LIU Yulong
91eb3d8346 Handle router HA port concurrently deleting
Router HA port may be deleted concurrently while the plugin
is trying to update. This patch catches the known exceptions.
Should not `plugin.update_port_statuses` use because:
1. plugin.update_port_statuses will hide all exception
   no matter the port exists.
2. The code just needs to catch the port not found error,
   but let all other exception raised if port still exists.

Closes-Bug: #1906375
Change-Id: Id5d9c99be3bd6854568d2b1baa86c25c0cfd4756
2020-12-14 00:56:54 +00:00
Rodolfo Alonso Hernandez
5a058d5019 [OVN] Skip maintenance IGMP snoop check if not LS name
In case a logical switch has no name, skip the maintenance IGMP
snoop check.

NOTE: Neutron defines the logical switch name with the pattern
"neutron-<network_id>". This logical switch does not belong to
Neutron.

Change-Id: I1ccdadf8e90e0bbce13294cc329ed43e90fa0259
Closes-Bug: #1896203
2020-12-13 22:44:11 +00:00
Rodolfo Alonso Hernandez
0a0f647ea0 Delete HA metadata proxy PID and config with elevated privileges
Both files cannot be deleted with the default permissions because
those files are created by the "root" user.

Change-Id: I73dd37b3104fac8d3172f520f71cffd85d040c4b
Closes-Bug: #1907695
2020-12-13 21:50:31 +00:00
Zuul
dc2c279c10 Merge "[OVN] Ensure metadata checksum" 2020-12-12 05:10:43 +00:00
Zuul
6623055005 Merge "Add some wait time between stopping and starting again ovsdb monitor" 2020-12-12 02:22:38 +00:00
Zuul
60c6d392af Merge "Limit usage of resources in the fullstack tests job" 2020-12-11 23:14:00 +00:00
Zuul
c8f48e24aa Merge "Add Python3 wallaby unit tests" 2020-12-11 19:59:30 +00:00
Zuul
ee6434e43d Merge "Remove left over code for filter_validation" 2020-12-11 18:27:37 +00:00
Hang Yang
f4b64e519c Fix OVS conjunctive IP flows cleanup
Currently when deleting a remote-group's member IPs, the deleted IPs'
 conjunctive flows are not cleaned up in OF tables. This is because
 the conjunctive flows' cookies don't match with the OVSBridge default
 cookie used by the delete flow method. This patch fixed the issue by
 using an ANY cookie that can always match with the cookies of the
 conjunctive flows.

Change-Id: I74916acf8311989dca267f23261ec4cf449a6abf
Closes-Bug: 1907491
2020-12-11 12:16:05 -06:00
Zuul
774908c50e Merge "[ovn] Add 'security-groups-remote-address-group' extension to OVN" 2020-12-11 11:23:46 +00:00
Zuul
c4846162b6 Merge "Update octavia plugin code" 2020-12-11 05:02:41 +00:00
Zuul
6c2c0627d1 Merge "Deprecate XenAPI support" 2020-12-11 01:13:15 +00:00
Rodolfo Alonso Hernandez
26a30a3b78 [OVN] Ensure metadata checksum
Ensure the TCP traffic leaving the OVN metadata namespace has
the checksum correctly populated. This is necessary when the
OVS datapath is "netdev".

Because the overhead added is minimal and only applies to the
metadata traffic inside the metadata namespace, this rule is
always set.

Change-Id: I7e39f40b325a6974a46ed34641cec5226c9e5a3f
Closes-Bug: #1904871
2020-12-10 17:18:50 +00:00
Zuul
ff33049eb6 Merge "Remove neutron-tempest-with-uwsgi job from CI queues" 2020-12-10 12:35:51 +00:00
Slawek Kaplonski
f63dc09206 Limit usage of resources in the fullstack tests job
To limit usage of resources (mostly memory) in the fullstack job and
to avoid oom killer to kill e.g. mysqld service, this patch:

* Makes number of API workers changeable by tests, as a parameter to
  EnvironmentDescription and defaults its value to 1. As neutron server
  is spawned separately for each test and is used only to process just
  few API requests during that single test so this should be still
  enough there, and where more API workers are needed (like some dhcp HA
  tests: TestDhcpAgentHARaceCondition) it can be changed,
* reduces number of test run workers from 4 to 3 - job will run slower
  but hopefully more stable,
* in the functional and fullstack tests job definition disable etcd3
  service - this will not save us a lot of memory but still it's not
  needed at all so why to run it there.

Change-Id: If19803ab6db144e2d17d6805d379c1c76d8fa343
Closes-Bug: #1906366
2020-12-10 10:10:01 +00:00
Slawek Kaplonski
8ca921b9eb Add common system and project policy check strings to constants
These are common policy check strings that we're going to use to
implement a few basic personas across OpenStack APIs. This is going to
help move OpenStack towards a more secure and consistent authorization
experience.

Partially-Implements blueprint: secure-bac-roles

Change-Id: Ic48c8c39b156ddc58f3fb632a6aa37d6fec40c41
2020-12-10 10:09:45 +00:00