284 Commits

Author SHA1 Message Date
Rodolfo Alonso Hernandez
2f944d3105 Support filtering for QoS rule type list
Added support for filtering the QoS rule type list command.
Two new filter flags are added:
- all_supported: if True, the listing call will print all QoS rule
  types supported by at least one loaded mechanism driver.
- all_rules: if True, the listing call will print all QoS rule types
  supported by the Neutron server.

Both filter flags are exclusive and not required.

Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/827533

Closes-Bug: #1959749
Change-Id: I41eaab177e121316c3daec34b309c266e2f81979
2022-02-24 08:28:53 +00:00
Zuul
60897ddb4b Merge "Update local ip doc" 2022-02-22 17:24:28 +00:00
Nurmatov Mamatisa
47537e169e Update local ip doc
Updated local ip documentation according to OSC patch [1]

1)
https://review.opendev.org/c/openstack/python-openstackclient/+/830342

Change-Id: If5fbd2058747d6630a6577f726ecc8f5ee8c040b
2022-02-22 16:56:01 +03:00
Zuul
e1966ff3d7 Merge "Doc: Due to recent grafana upgrade change urls in doc" 2022-02-21 12:01:33 +00:00
Zuul
ce96e502fa Merge "Add table for pps limitaion" 2022-02-17 18:49:21 +00:00
elajkat
129760b84f Doc: Due to recent grafana upgrade change urls in doc
grafana urls contain uuid, include that to links.

Change-Id: Ib4810d746c94e05ea75c44fa828b097a88985fe7
2022-02-15 11:33:49 +01:00
elajkat
9cb06cff30 Doc: add back neutron-fwaas lieutenant
Add lieutenant to neutron-fwaas as Inspur arrived to help maintaining
and developing it.

Change-Id: I6230d2b7027dbfee66a6c637b9b2e4699f16c607
2022-02-09 15:02:25 +01:00
LIU Yulong
053a9d24ec Add table for pps limitaion
Table 59 will be used for pps limitation, the pipeline change is:
all original flows with ``goto table 60`` will be changed to
``goto table 59``, while table 59 has a default rule is goto
table 60. Then we can add pps flows to table 59 for all ports.

Basic limit pipeline is:
Ingress: packets get into br-int table 0, before send to table 60,
in table 59, check the destanation MAC and local_vlan ID, if the
dest is resident in this host, do the meter pps action and send
to table 60.
Egress: match src MAC and in_port, before send to table 60,
in table 59, do the meter pps action and send to table 60.

Why table 59? Because for ovs-agent flow structure, all packets
will be send to table 60 to do next actions such as security group.
Between table 0 and table 60, there are tables for ARP poison/spoofing
prevention rules and MAC spoof filtering. We want similar security
checks to take effect first, so it can drop packets before filling
our limit queues (pps limitation based on data forwarding queue).
And we do not want packets go through the long march of security group
flows, in case of performance side effect when there are large amount
of packets try to send, so limit it before goto security group flows.

Partially-Implements: bp/packet-rate-limit
Related-Bug: #1938966
Related-Bug: #1912460
Change-Id: I943f610c3b6bcf05e2e752ca3b57981f523f88a8
2022-02-08 17:13:13 +08:00
Zuul
473f4db1d6 Merge "Local IP internal documentation and release note" 2022-01-26 11:28:27 +00:00
Oleg Bondarev
d5b9a04bc2 Local IP internal documentation and release note
Closes-Bug: #1930200
Change-Id: I6745afad159270c5ccd9be2e68f96d8dafc1dc04
2022-01-26 10:59:16 +00:00
Miguel Lavalle
8b549533a6 Fix gerrit dashboards url's in docs
Dashboard urls syntax changed after the latest Gerrit upgrades. This
change fixes the urls to the correct latest syntax in the
documentation.

Change-Id: I8883eac81c6db4d6bcd96d08c072d8378b07e6e6
2022-01-25 19:29:02 -06:00
elajkat
3233c97f99 Fix stackalytics' link
stackalytics was recently moved and the link is stackalytics.io.

Change-Id: I9fab40d789849f90673323ce4782ffb5273c1dcb
2021-12-14 14:01:01 +01:00
4e395c5d2b Fix links for Source code references
These are leftover from opendev migration and
without this fix the links results into Not Found.

Mainly need to use "src" in place of "tree" to
get these links working with opendev.org.

Also used git tags where line references are used
as branched references do not persist. And for line
references use #L in place of #n as that's where it
get's redirected.

Also update references for zuul and use of
devstack-vm-gate-wrap.sh in neutron functional jobs.

Change-Id: I92d11c99a17dab80d4b91da49f341f9ba202bcfe
2021-12-02 20:12:34 +05:30
770b64b90e Fix tunnel_types in ml2 ovs sample config
Without this port binding fails with below error:-

Network <nw> is type of vxlan but agent <host> or mechanism
driver only support ['gre', 'local', 'flat', 'vlan'].

Also fix permissions of /opt/stack/devstack in ml2 ovs testing
documentation and added these files to irrelevant-files to skip
running functional jobs as these files are not used in those jobs.

Related-Bug: #1934466
Change-Id: I3ca2ea19bf5e316e580669caab4c607447034a11
2021-11-23 20:52:01 +05:30
Slawek Kaplonski
5357689002 Remove some scenario jobs from the check and gate queues
After discussing this topic again during the PTG I spent some time
checking our scenario jobs which runs in the check and gate queues.
After analysis this patch proposes to:

* remove neutron-ovs-tempest-slow job from both check and gate queue as
  slow tests are already run also in the
  neutron-ovs-tempest-multinode-full job,
* remove neutron-ovn-tempest-slow job from both check and gate queue as
  slow tests are already run also in the
  neutron-ovn-tempest-ipv6-only job - of course this job is using IPv6
  instead of IPv4 but I don't really think it's big issue in that case,
  neutron-ovn-tempest-slow job was multinode job, unfortunately
  neutron-ovn-tempest-ipv6-only is single node job and for now it isn't
  possible to make ipv6-only job to be multinode job so we will keep it
  like single node job and hopefully move to be multinode job when zuul
  will provide required data in the job's inventory,
* move neutron-ovn-tempest-ovs-release and
  neutron-ovn-tempest-ovs-release-ipv6-only jobs to periodic queue - I
  think that running those tests once per day should be enough.

Additionally this patch removes definition of the neutron-ovs-tempest-slow
and neutron-ovn-tempest-slow jobs are those jobs aren't used anywhere now.

Change-Id: I657881c319d425470277885545240d6a8b66a1f6
2021-11-17 11:46:17 +01:00
elajkat
34c909c9cb Doc: follow-up for recent job renames
[0] made job names represent the backend they use, like add ovs or ovn
to job names. This patch changes the documentation accordingly (see [1])

[0]: https://review.opendev.org/c/openstack/neutron/+/797051
[1]: https://docs.openstack.org/neutron/latest/contributor/testing/ci_scenario_jobs.html

Change-Id: I81e0db3059096c1e5d6073a905646d730f2101e4
2021-11-08 14:15:24 +01:00
Rodolfo Alonso Hernandez
b42c8afb4b Add "os-ken" project Lieutenant
Change-Id: I062ec2bb4e57843920ab5755a42dfc36433d3a2c
2021-10-18 14:08:52 +00:00
Zuul
f8d461c445 Merge "Doc: add ovsdbapp and os-ken to Sub-project table" 2021-10-18 13:15:52 +00:00
Zuul
280036f070 Merge "CI: add experimental jobs to be executed with n-lib master" 2021-10-18 13:15:47 +00:00
elajkat
110c62ce9f Doc: add ovsdbapp and os-ken to Sub-project table
Change-Id: I333d059d981f86d183ad6847c01e0655c22ce8ff
2021-10-13 11:33:55 +02:00
elajkat
8acf7ff096 CI: add experimental jobs to be executed with n-lib master
Add the following jobs to the experimental queue to test with
neutron-lib master:
- neutron-ovs-tempest-with-neutron-lib-master
- neutron-fullstack-with-uwsgi-with-neutron-lib-master
- neutron-functional-with-uwsgi-with-neutron-lib-master

Change-Id: I12c2381eef365f1249a3779685112cb682d752ee
2021-10-11 15:47:09 +00:00
elajkat
c4d4742a6d Doc: prerelease checklist
Add item to prerelease checklist to check API extension list in devstack
and link to QA checklist.

Change-Id: I5ff1c6e873b325f081e2380b4a2bd088ef427c29
2021-10-01 11:05:15 +02:00
Zuul
79c2b5f05d Merge "Add API extension for QoS minimum pps rule" 2021-09-30 11:17:24 +00:00
Przemyslaw Szczerbik
56044db26d Add API extension for QoS minimum pps rule
This patch implements support for CRUD operations for QoS minimum
packet rate, for example:

DELETE /qos/policies/$POLICY_ID/minimum_packet_rate_rules/$RULE_ID

Placement or dataplane enforcement is not implemented yet.

Partial-Bug: #1922237
See-Also: https://review.opendev.org/785236
Change-Id: Ie994bdab62bab33737f25287e568519c782dea9a
2021-09-29 12:27:30 +02:00
Rodolfo Alonso Hernandez
7dcddeb0bd Replace "tenant_id" with "project_id" in Quota engine
This is part of the remaining technical debt of the specs
https://specs.openstack.org/openstack/neutron-specs/specs/newton/moving-to-keystone-v3.html

Blueprint: https://blueprints.launchpad.net/neutron/+spec/keystone-v3

Change-Id: I1faf520d3cdafe2de873525c8ebe1fa2114bdcd7
2021-09-22 08:27:10 +00:00
Zuul
96f1ea140e Merge "Remove `ConfDriver` code" 2021-08-16 17:36:13 +00:00
Brian Haley
caa05f9c56 Update team ownership
As I will not be maintaining the ovn-octavia-provider, I
am removing my name from the list. Also, since I have
not been as active in L3 recently, update that as well.

Change-Id: Ie883044f3bedc09ff19c58ce90ab9fdc09b92e29
2021-07-28 18:51:21 -04:00
Rodolfo Alonso Hernandez
ad31c58d60 Remove `ConfDriver` code
The quota driver ``ConfDriver`` was deprecated in Liberty release.

``NullQuotaDriver`` is created for testing although it could be used
in production if no quota enforcement is needed. However, because
the Quota engine is not plugable (is an extension always loaded), it
could be interesting to make it plugable as any other plugin.

This patch also creates a Quota engine driver API class that should be
used in any Quota engine driver. Currently it is used in the three
in-tree drivers implemented: ``NullQuotaDriver``, ``DbQuotaDriver``
and ``DbQuotaNoLockDriver``.

Change-Id: Ib4af80e18fac52b9f68f26c84a215415e63c2822
Closes-Bug: #1928211
2021-07-26 15:00:32 +00:00
Slawek Kaplonski
02c0b47d22 Promote neutron-ovn-tempest-slow job to be voting and gating
This jobs is almost the same as tempest-slow-py3 since we switched
OVN to be default backend in Neutron. And that tempest-slow-py3 job
is used by many projects. So to avoid potential breaks of the gate for
other projects (like we did recently, see related bug for details)
let's make this job voting and gating.
As it is really used in many different projects as voting and gating
job already I don't think there is any issue with doing the same in
the Neutron gate.

Related-bug: #1936983
Related-bug: #1930402

Change-Id: I85d3830e9cc65162db846e4858871e1db547a04b
2021-07-21 08:57:43 +00:00
LIU Yulong
ca15099cde Add devstack local.conf sample for ML2 OVS
Since devstack had set OVN as the default backend for Neutron.
Then the minimum local.conf [1] for ML2 ovs will not work at
all. For some local testing of ML2 OVS, it is not right deployment
for users to test the ML2 OVS related cases.

This patch adds a sample local.conf for ml2 ovs to install a small
all in one environment for Neutron testing.

Sample tested OS:
1. CentOS Stream 8
2. CentOS Linux 8

[1] https://docs.openstack.org/devstack/latest/#create-a-local-conf

Closes-Bug: #1934466
Change-Id: Ie7bac1d2819c332a94a0ff308a300638c17f1b1f
2021-07-07 08:53:34 +08:00
Zuul
e431c09438 Merge "Allow to parse keywords in dns labels" 2021-06-22 13:31:32 +00:00
Jens Harbott
1e2088abbe Fix priority review dashboard
The URL was containing quoted quotations, using e.g. %2528 instead of just
%28 for a "(", fix this.

Change-Id: I5d0fa7da847b72015aa82e5ca3f75206f0f45b2b
2021-06-22 07:30:27 +02:00
Zuul
60c20b2bab Merge "[ovn][metadata] Remove metadata readiness mechanism" 2021-06-09 09:20:02 +00:00
Zuul
afcaf6805d Merge "New Quota driver `DbQuotaNoLockDriver`" 2021-06-04 23:19:37 +00:00
Daniel Alvarez Sanchez
36ba1cc319 [ovn][metadata] Remove metadata readiness mechanism
Prior to this patch, the metadata agent was writing into SB
database when a network had been provisioned with metadata
on a particular chassis.

Then, neutron-server would wait for that event to happen with
a 15s timeout before sending the vif-plugged event to Nova.

By removing this mechanism:

1) We'll save writes to OVN SB database which, in highly loaded
systems and at scale reduces significantly the load on ovsdb-server.

2) Ignoring healthchecks (that still requires write to the SB DB),
we can make OVN metadata agent to connect to slave instances when
using active-backup OVN databases since writes are not needed.

3) There's a chance that the VM boots very fast and requests
metadata before the service is ready but since the timeout was
15 seconds, we can safely rely on the the cloud-init retries.

Signed-off-by: Daniel Alvarez Sanchez <dalvarez@redhat.com>
Change-Id: Ia6cd7a9a3b9662a9a8ce106e01a93c357c255956
2021-06-03 16:09:31 +00:00
Slawek Kaplonski
c4fb1d1711 [Doc] Update Freenode to OFTC as our IRC server
Change-Id: I4e4d819e271495fa650a275246df8925ef84fd25
2021-05-31 21:54:08 +02:00
Rodolfo Alonso Hernandez
e135a8221d New Quota driver `DbQuotaNoLockDriver`
This new quota driver, ``DbQuotaNoLockDriver``, does not create a lock
per (resource, project_id) but retrieves the instant (resource,
project_id) usage and the current (resource, project_id) reservations.
If the requested number of resources fit the available quota, a new
``Reservation`` register is created with the amount of units requested.

All those operations are done inside a DB transaction context. That
means the amount of resources and reservations is guaranteed inside
this transaction (depending on the DB backend isolation level defined)
and the new reservation created will not clash with other DB transation.
That will guarantee the number of resources and instant reservations
never exceed the quota limits defined for this (resource, project_id).

NOTES:
- This change tries to be as unobtrusive as possible. The new driver
  uses the same ``DbQuotaDriver`` dabatase tables (except for
  ``QuotaUsage``) and the same Quota engine API, located in
  ``neutron.quota``. However, the Quota engine resources implements some
  particular API actions like "dirty", that are not used in the new
  driver.
- The Pecan Quota enforcement hooks,
  ``neutron.pecan_wgsi.hooks.quota_enforcement``, execute actions like
  "resync", "mark_resources_dirty" or "set_resources_dirty", that has
  no meaning in the new driver.
- The isolation between the Quota engine and the Pecan hook, and the
  driver itself is not clearly defined. A refactor of the Quota engine,
  Quota service, Quota drivers and a common API between the driver and
  the engine is needed.
- If ``DbQuotaDriver`` is deprecated, ``CountableResource`` and
  ``TrackedResource`` will be joined in a single class. This resource
  class will have a count method (countable) or a hard dependency on a
  database table (tracked resource). The only difference will be the
  "count" method implementation.

Closes-Bug: #1926787

Change-Id: I4f98c6fcd781459fd7150aff426d19c7fdfa98c1
2021-05-20 07:55:59 +00:00
Slawek Kaplonski
ef1d33e754 Update Neutron's Liuetenants
This patch updates list of the Neutron's stadium's projects lieutenants
and the list of the bugs' contact persons.

In details this patch:
- sets Rodolfo Alonso Hernandez as contact person for db and qos
  related issues,
- adds Oleg Bondarev as "loadimpact" bugs,
- removes Matt Riedemann as contact person for "logging" bugs,
- sets PTL/Drivers team as conctact for "troubleshooting" related bugs,

It also sets Lajos Katona as "Testing" lieutenant.

Finally it removes networking-ovn and neutron-fwaas from the list of
stadium projects and removes tag "fwaas" from the list of bug tags.
Neutron-fwaas was deprecated and isn't part of the stadium since long
time and networking-ovn is now one of the Neutron in-tree drivers.

Change-Id: Id4b928e077ed684c67d4b5054f12653d63f70788
2021-05-04 11:02:19 +02:00
Zuul
2cd305788f Merge "Remove networking-midonet from our docs" 2021-04-21 18:36:50 +00:00
Slawek Kaplonski
e4008fec1e Remove networking-midonet from our docs
It was deprecated in the Wallaby cycle due to lack of maintainers.
This patch removes networking-midonet as an stadium project from the
official Neutron docs.

Change-Id: I5cd3da80d78d98ec4b2a49574efc0ec075e75959
2021-04-20 14:19:06 +02:00
elajkat
b70247eeb9 Doc: add section about OVS filtering tables
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/785590
Change-Id: Iaf360714f25defecbc5dd28515fba75e8c966b59
2021-04-16 08:49:58 +02:00
Bernard Cafarelli
0be52e91e4
Add grafana dashboards step to major release checklist
These dashboards are checked in CI meeting and should always point to
latest and previous stable releases.

Change-Id: Ied2a0d9adbc33b9a41820667d961c1ce9fe72656
2021-03-30 17:18:43 +02:00
Zuul
d42ddcb6eb Merge "doc: Remove fwaas references from docs" 2021-03-11 08:46:44 +00:00
Gregoire Mahe
7727fc07e6 Allow to parse keywords in dns labels
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>

Related-Bug: #1843218
Change-Id: Ie8b6eb88e046c172d99212f966bdee327f42ed37
2021-03-10 17:03:12 +01:00
elajkat
bce27811df doc: Remove fwaas references from docs
FWaaS was retired with [1], so it's time to remove the misleading
references from doc as well.

[1]: https://review.opendev.org/c/openstack/neutron-fwaas/+/735829

Change-Id: Ic098263b7450c09308eeff4ef6dd2f8097c0a449
2021-03-10 06:16:33 +00:00
Slawek Kaplonski
9d04b8d479 Update ci_scenario_jobs document
neutron-tempest-plugin single node scenario jobs were switched
to use L3HA routers by default in [1] and this patch reflects that
change in our docs.

[1] https://review.opendev.org/721805

Depends-On: https://review.opendev.org/721805
Change-Id: Ib3c6be059dc4f3e62a9c5d25588d44ed4a3df971
2021-03-09 09:14:35 +01:00
Zuul
2952fa27a3 Merge "[OVN] security group logging support (1 of 2)" 2021-03-03 20:37:11 +00:00
Zuul
d7b7e19792 Merge "[OVS FW] Allow egress ICMPv6 only for know addresses" 2021-02-26 20:19:12 +00:00
Flavio Fernandes
85fc3d3610 [OVN] security group logging support (1 of 2)
This is patchset 1 of 2 for OVN driver handling of security-group-logging.
It includes the design documentation for this feature.

Changed a few lines in doc/source/admin/ovn/features.rst, so the extensions
are sorted in alphabetical order.

Related-Bug: 1914757
Partially-implements: https://review.opendev.org/c/openstack/neutron-specs/+/203509

Change-Id: I95d57613cef3b6892d3a0dd5705e2e8f3386a3a2
2021-02-24 10:37:43 -05:00
Zuul
c84de3574c Merge "Update doc for upgrading to openvswitch firewall" 2021-02-22 16:32:42 +00:00