428 Commits

Author SHA1 Message Date
Bence Romsics
8bd5ecd4fc notification: Add 'status' to agent after_create/update
Make the same status information available to notification consumers
(resource==agent, event==after_create/after_update) as it was already
available where the notification is sent in class AgentDbMixin.

Change-Id: Ie74091da934c7e49fd29ae4c6f930a7eb47e14b2
Partial-Bug: #1578989
See-Also: https://review.openstack.org/502306 (nova spec)
See-Also: https://review.openstack.org/508149 (neutron spec)
2018-10-25 15:34:06 +02:00
Zuul
e5726c7bda Merge "sriov-agent: Report resource info in heartbeat" 2018-10-24 16:27:31 +00:00
Zuul
0fdec013de Merge "supported_vnic_type configurable for ovs" 2018-10-24 04:00:36 +00:00
Zuul
5273f85eec Merge "ovs-agent: Report resource info in heartbeat" 2018-10-22 20:03:06 +00:00
Lajos Katona
a85c5ed3fb supported_vnic_type configurable for ovs
Now supported_vnic_types is hardcoded to the mechanism drivers, but that
can depend on several factors, like type of the NIC, admin decision,
etc.
With this patch we put the right to decide which vnic types are
supported for ovs agent into the hands of the admin, by allowing
blacklisting items from the mechanism driver specific list.
Background: http://eavesdrop.openstack.org/meetings/neutron_qos/2018/
neutron_qos.2018-07-31-15.00.log.html#l-58

Change-Id: I63e562e2eccc5b02c1c767d6a2c28cb803131e99
Partial-Bug: #1578989
See-Also: https://review.openstack.org/502306 (nova spec)
See-Also: https://review.openstack.org/508149 (neutron spec)
2018-10-15 20:35:49 +02:00
Brian Haley
cf37563c83 Remove deprecated vsctl ovsdb_interface api
This was deprecated in https://review.openstack.org/#/c/503070/
so remove all the vsctl-related code, leaving just the native
ovsdb api.

Also removed renamed ovs_vsctl_timeout value, which was changed
to ovsdb_timeout in https://review.openstack.org/#/c/518391/

Change-Id: I50dfcea3deb41df1bd01fd06b76522453a6ba50b
2018-10-11 14:59:34 -04:00
Bence Romsics
d7d433f729 sriov-agent: Report resource info in heartbeat
Example config for sriov-agent:

sriov_agent.ini:
[sriov_nic]
physical_device_mappings = physnet0:ens5,physnet0:ens6
resource_provider_bandwidths = ens5:100000:100000,ens6:100000:100000

Agent configurations now includes 'resource_provider_bandwidths' and
'resource_provider_inventory_defaults'.

Change-Id: I1af798d404ed94cd30da3f92734bea911bbc3ac7
Co-Authored-By: Lajos Katona <lajos.katona@ericsson.com>
Depends-On: https://review.openstack.org/577220
Partial-Bug: #1578989
See-Also: https://review.openstack.org/502306 (nova spec)
See-Also: https://review.openstack.org/508149 (neutron spec)
2018-10-11 11:15:06 +02:00
Bence Romsics
f352f9faaa ovs-agent: Report resource info in heartbeat
Example config for ovs-agent:

ml2_conf.ini:
[ovs]
bridge_mappings = physnet0:br-test
resource_provider_bandwidths = br-test:100000:100000

Agent configurations now includes 'resource_provider_bandwidths' and
'resource_provider_inventory_defaults'.

Change-Id: Ib197573e5cdb60ef0db4e7a771c3179bf9d5bb95
Co-Authored-By: Lajos Katona <lajos.katona@ericsson.com>
Depends-On: https://review.openstack.org/577220
Partial-Bug: #1578989
See-Also: https://review.openstack.org/502306 (nova spec)
See-Also: https://review.openstack.org/508149 (neutron spec)
2018-10-11 11:08:07 +02:00
Shashank Kumar Shankar
cfec395b8f Integration of Port Binding Level OVO
This patch integrates Port Binding Level OVO in /plugin/ml2/db.py
and introduces context instead of session for usage in object
operations.

Change-Id: Ifa779f5f70a7502bd96b34d64a84d272af2a6886
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
Co-Authored-By: Anindita Das <anindita.das@intel.com>
Co-Authored-By: Slawek Kaplonski <slawek@kaplonski.pl>
2018-09-17 07:00:45 +00:00
Kim Bao Long
310bfa326f Fix incorrect log resources querying
This patch aims to fix a co-existence problem between security_group
and firewall_group log resources due to incorrect log querying from
database.

Change-Id: Ic60ad436e0fbb23cdae0e63eaeb73130ebf02089
Closes-Bug: #1787119
2018-08-29 08:12:56 +07:00
Zuul
b4b725ade9 Merge "Update metering driver to load interface driver" 2018-08-11 14:41:34 +00:00
Hongbin Lu
38309ca4dc Update metering driver to load interface driver
Currently the metering iptables driver is using the old method
to load the interface driver. This patch allows it to load
interface driver via stevedore aliases.

Change-Id: I9e3027c1ec695ec3a09db0c53a0388e406e4ced6
Related-Bug: #1504536
2018-08-10 15:44:50 +00:00
4d3e4542f4 Update reno for stable/rocky
Change-Id: I8e74912b46e7c8ebc1dec964f4598519d32c826e
2018-08-09 21:54:37 +00:00
Miguel Lavalle
66c8ed9c97 Add release note for port forwardings.
This patch adds a release note for the floating IPs port forwarding
functionality.

Change-Id: I2e0069148cd2551d4534d8a2fd8799f432ffb5e3
Partially-Implements: blueprint port-forwarding
Partial-Bug: #1491317
2018-08-05 19:54:59 -05:00
ZhaoBo
35d945e92f Add ext_parent policy check
Add common parent owner check for the resources which introduced by
service plugin.

Then port forwarding resource will share the same tenant_id with
floatingip. That means only the fip owner can create/update/get/delete
the associated port forwarding resource.

Partially-Implements: blueprint port-forwarding
Partial-Bug: #1491317
Change-Id: I450c674e55ca15e1d9a6a6224138f3305427da68
2018-08-01 02:45:42 +08:00
Zuul
ca13e651c9 Merge "Implement filter validation" 2018-07-24 15:11:07 +00:00
Miguel Lavalle
f7064f2b6c Add binding activation to the Linuxbridge agent
As part of the implementation of multiple port bindings [1], add binding
activation support to the linux bridge agent. This will enable the
execution with linux bridge agents of the complete sequence of steps
outlined in [1] during an instance migration:

1) Create inactive port bindings for destination host
2) Migrate the instance to the destination host and plug its VIFs
3) Activate the port bindings in the destination host
4) Delete the port bindings for the source host

[1] https://review.openstack.org/#/c/309416/

Change-Id: I2c937cc0a551e5ce0e8534c4dd4384ec2ca92da1
Partial-Bug: #1580880
2018-07-19 15:12:20 -05:00
Hongbin Lu
2b1d8ea4a2 Implement filter validation
Enforce validation on filter parameters on list requests.
If an API request contains an unknown or unsupported parameter,
the server will return a 400 response instead of silently ignoring
the invalid input.

In resource attributes map, all filter parameters are annotated by
the ``is_filter`` keyword. Attributes with is_filter set to True
are candidates for validation.

Enabling filter validation requires support from core plugin and
all service plugins so each plugin need to indicate if it supports
the validation by setting ``__filter_validation_support`` to True.
If this field is not set, the default is False and validation is
turned off. Right now, the ML2 plugin and all the in-tree service
plugin support filter validation. Out-of-tree plugins will have
filter validation disabled by default.

An API extension is introduced to allow API users to discover this
new API behavior. This feature can be disabled by cloud operators
if they choose to do that. If it is disabled, the extension won't
be presented.

Depends-On: Ic3ab5b3ffdc378d570678b9c967cb42b0c7a8a9b
Depends-On: I4397df1c35463a8b532afdc9c5d28b37224a37b4
Depends-On: I3f2e6e861adaeef81a1a5819a57b28f5c6281d80
Depends-On: I1189bc9a50308df5c7e18c329f3a1262c90b9e12
Depends-On: I057cd917628c77dd20c0ff7747936c3fec7b4844
Depends-On: I0b24a304cc3466a2c05426cdbb6f9d99f1797edd

Change-Id: I21bf8a752813802822fd9966dda6ab3b6c4abfdc
Partial-Bug: #1749820
2018-07-19 04:13:43 +00:00
Zuul
878ac9b463 Merge "Pass network's dns_domain to dnsmasq conf" 2018-07-02 16:53:43 +00:00
Zuul
f6ebd0c0ba Merge "Add support to regenerate port mac_address" 2018-06-29 23:36:14 +00:00
Harald Jensås
8361b8b5ae Routed Networks - peer-subnet/segment host-routes (2/2)
Ensure that host routes are maintained for each subnet within
a network. Subnets associated with different segments on the
same network get host_routes entries added/removed as subnets
are created, deleted or updated.

This change handle the host_routes for the peer subnets on the
same network when a subnet is created or deleted.

Also adds a shim api extension.

APIImpact: Host routes are now calculated for routed networks.
Closes-Bug: #1766380
Change-Id: Iafbabe6352283e7f1a535a7b147bd81fb32f0ed1
2018-06-28 10:48:06 +02:00
Harald Jensås
8f3a066b20 Add support to regenerate port mac_address
Passing 'null' (None) as the mac address in a port update
request causes the port's mac address to be re-generated
using the base MAC address Neutron uses for VIFs.

This change implementes a temporary lib api definition
with a new converter that will generate valid mac if the
data provided is None.

APIImpact: Port mac_addr regenerated if None passed on update.
Closes-Bug: #1768690
Change-Id: I7d04beea4810718c3b745de8ea97897b1323267e
2018-06-27 00:22:35 +02:00
Assaf Muller
137a6d6105 Pass network's dns_domain to dnsmasq conf
The Neutron API exposes the 'dns_domain' attribute on the
Network model. Presently, deployments using the DHCP
agent ignore this attribute when resolving DNS queries
between instances. This patch changes that so that
the DHCP agent will pass on the dns_domain to the
network's dnsmasq process, in turn passing it to
instances.

UpgradeImpact
Closes-Bug: 1774710
Change-Id: I6120d504959631f084d63458f6e9dada0dc5cbdf
2018-06-26 08:26:33 -04:00
Slawek Kaplonski
1f8378e0ac [OVS] Add mac-table-size to be set on each ovs bridge
By default number of MAC addresses which ovs stores in memory
is quite low - 2048.

Any eviction of a MAC learning table entry triggers revalidation.
Such revalidation is very costly so it cause high CPU usage by
ovs-vswitchd process.

To workaround this problem, higher value of mac-table-size
option can be set for bridge. Then this revalidation will happen
less often and CPU usage will be lower.
This patch adds config option for neutron-openvswitch-agent to allow
users tune this setting in bridges managed by agent.
By default this value is set to 50000 which should be enough for most
systems.

Change-Id: If628f52d75c2b5fec87ad61e0219b3286423468c
Closes-Bug: #1775797
2018-06-08 16:26:35 +02:00
Harald Jensas
b6d117fcd5 Allow setting network-segment on subnet update
To enable the possibility to migrate a non-routed network to a
routed network allow updating the segment_id of a subnet.

Only allow the operation if:
 - The network only has one segment
 - The network only has one subnet
 - The current segment_id == None

APIImpact: The segment_id attribute of subnets now allows put operation.
Closes-Bug: #1692490
Depends-On: Iffda823a149a1143f46ee9a05e9640b34bf42c51
Change-Id: I1aee29dfb59e9769ec0f1cb1f5d2933bc5dc0dc5
2018-05-24 01:09:02 +02:00
Hamdy Khader
59bc19c14a Use Param DHCP_OPT_CLIENT_ID_NUM
Ironic is sending 'client-id' as a number (61) to meet rfc4776 [1],
due to this change Neutron DHCP should support this option as well.

[1] 228a2a7885

Closes-Bug: #1770932
Change-Id: I9728354d5f9e08a0dc23900b2bc22b4a0aedb737
2018-05-17 10:25:28 +03:00
Hongbin Lu
a732bbf19e Support filter attribute with empty string
This will enable users to filter list of results with attributes
with empty value. For example, the request below will list
all unbound ports (unbound ports have blank device_id).

  GET "/ports?device_id="

APIImpact
Change-Id: I9001214de126eb888c2425b6a6275f59ec8478e7
Closes-Bug: #1749304
2018-05-02 20:05:11 +00:00
Zuul
fbdd2f3798 Merge "Add port_details to Floating IP" 2018-04-28 17:07:07 +00:00
Brian Haley
3ad91f61f2 Remove deprecated IVS interface driver
This was marked deprecated in Queens for removal in Rocky,
https://review.openstack.org/#/c/505401/

Change-Id: I77fa59ae1819e87ab8ccc1fa5f0db86de3b90e2e
2018-04-26 20:15:46 +00:00
Hongbin Lu
c760d4f26f Add port_details to Floating IP
If the floating IP is associated with a port, this attribute
will contain detailed information of the associated port. This allows
users to retrieve the floating IPs with information of its associated
port (if any) in one API call.

Other related patches:
* neutron-lib: https://review.openstack.org/#/c/534882/
* osc: https://review.openstack.org/#/c/533809/
* sdk: https://review.openstack.org/#/c/533811/
* tempest-plugin: https://review.openstack.org/#/c/561710/

APIImpact the API reference needs to be updated

Change-Id: I31e940d2986278d2fbee6fdfea4ff15f7c07ebaa
Partial-Bug: #1723026
2018-04-25 17:16:03 +00:00
Zuul
482a9ed880 Merge "Override ovsdb_timeout default value in ovs_cleanup tool" 2018-04-18 00:36:33 +00:00
Sławek Kapłoński
806d96cbbe Override ovsdb_timeout default value in ovs_cleanup tool
In case when there is a lot of ports to clean in bridge, default
ovsdb_timeout which is set for 10 seconds is not enough.
This patch overrides default 10 seconds timeout in neutron-ovs-cleanup
tool to 600 seconds.
600 seconds value was tested experimentally on my dev environment for
at least 10000 ports in bridge.

In case when user will have more ports to delete with this script,
it will be required to increase this ovsdb_timeout value in
configuration.

Change-Id: I79a554acdb1d6d61903be0c42d0215d302884e93
Closes-Bug: #1763604
2018-04-17 19:36:41 +00:00
Hongbin Lu
4d84c10ba4 Add standard attributes to segment resource
Standard attributes (i.e. revision_number, created_at, updated_at)
are missing in the segment resource. This is because the controller
doesn't process extensions on rendering the response. This patch
fixes it. In particular, this patch does the following:
* Process extensions when making the segment dict. This allows
  other extensions to add attributes to segment response.
* Make segment extension implement update_attributes_map.

Tempest test: https://review.openstack.org/#/c/558609/

APIImpact update api reference of segments

Closes-Bug: #1760902
Change-Id: I3c93818002c2d7753454547231ba08544b6fa1c0
2018-04-11 14:40:41 +00:00
Drew Thorstensen
b62d1bfdf7 Router should flip to standby if all L3 nodes down
A HA router should always be active unless all of the agents hosting
that router go down.  In that event, the router should switch to
standby.  This behavior changed with review:
  https://review.openstack.org/#/c/411784

That review seemed to be accounting for a flakey message bus.  This
change should account for that, but also revert to the original behavior
of the router state only changing when its backing agent hosts are down.

Change-Id: I89c3b2546382624f175f8de4de621c3e53adf527
Closes-Bug: 1682145
2018-04-04 23:43:00 +00:00
OpenStack Proposal Bot
f6179a8c7a Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Ia1ec4446c96b873564c77ed11f25f8b8f1e05288
2018-03-03 06:08:46 +00:00
YAMAMOTO Takashi
6f205a900b reno: Remove remote names from branch specifiers
Following the release script change. [1]
Copied from networking-midonet. [2]

[1] If85133edcc45d6fc9c7fcca6fc45c647ba5f20a1
[2] Idb5a5a31b60e67ec6ea9ec5bbf170d4147adc71d

Change-Id: Icb560f06d6945240e06d64d1cb67f936d0483680
2018-02-22 15:39:47 +09:00
Zuul
5d3abc524d Merge "Process conntrack updates in worker threads" 2018-02-16 23:44:16 +00:00
Zuul
91b07eabcc Merge "Imported Translations from Zanata" 2018-02-15 08:49:26 +00:00
Zuul
132e43bfc7 Merge "Filter port-list based on security_groups." 2018-02-12 14:03:40 +00:00
OpenStack Proposal Bot
ad17b599ab Imported Translations from Zanata
For more information about this automatic import see:
https://docs.openstack.org/i18n/latest/reviewing-translation-import.html

Change-Id: Iae96263f7ce96ccdc27f715c2cdb1a87ef35b98c
2018-02-11 07:29:12 +00:00
6b19f198ca Update reno for stable/queens
Change-Id: If9375e90a449855237d06c7696d1c20969c5a343
2018-02-09 16:36:32 +00:00
Tim Rozet
8806477abf Fixes using SSL OVSDB connection
When creating SSL OVSDB connection it is required to set the private
key, certificate, and the CA certificate in order to communicate with
OVSDB.  This patch configures these when an SSL connection URI is used.
The settings must be provided as part of neutron.conf under [ovs]
section.

Closes-Bug: 1745038

Change-Id: I19fd9dd0c72260835eb91e557a6029ec9d652179
Signed-off-by: Tim Rozet <trozet@redhat.com>
2018-02-09 04:50:10 +00:00
Brian Haley
65a81623fc Process conntrack updates in worker threads
With a large number of instances and/or security group rules,
conntrack updates when ports are removed or rules are changed
can take a long time to process.  By enqueuing these to a set
or worker threads, the agent can continue with other work while
they are processed in the background.

This is a change in behavior in the agent since it could
program a new set of security group rules before all existing
conntrack entries are deleted, but since the iptables or OVSfw
NAT rules will have been removed, it should not pose a
security issue.

Change-Id: Ibf858c7fdf7a822a30e4a0c4722d70fd272741b6
Closes-bug: #1745468
2018-02-06 12:25:59 -05:00
Ahmed Zaid
43d3e88a07 Filter port-list based on security_groups.
This patch allows users to filter ports depending on security groups.
In addition to that I added a unit test to verify this change.
TODO: move security_groups_port_filtering_lib.py into neutron-lib.

Closes-Bug: 1405057
Change-Id: I528719d895fc1d89f74e2ee85b9ddc470323c601
2018-02-06 09:55:34 +00:00
Zuul
2820c25e3a Merge "Adding DSCP mark and inheritance in OVS and LB tunnels outer header" 2018-01-18 03:14:07 +00:00
Ali Sanhaji
6bf0788da0 Adding DSCP mark and inheritance in OVS and LB tunnels outer header
Adding ability to set DSCP field in OVS tunnels outer header, or
inherit it from the inner header's DSCP value for OVS and linuxbridge.

Change-Id: Ia59753ded73cd23019605668e60cfbc8841e803d
Closes-Bug: #1692951
2018-01-17 10:54:46 +01:00
Zuul
1813f7c497 Merge "Support filtering port with IP address substring" 2018-01-17 05:30:38 +00:00
Hongbin Lu
5c601bebeb Support filtering port with IP address substring
Neutron currently supports filtering ports by matching the exact
IP address. This patch adds support for substring matching using
"LIKE" SQL operator.

This patch also added a new API extension to show whether or not
the substring matching capability is available.

APIImpact add IP address substring filtering on listing ports
API-ref: I97259b85a2dce5a54bb6ea2cb9d9779ec0a25504

Co-Authored-By: Zhenyu Zheng <zhengzhenyu@huawei.com>

Change-Id: I9549b2ba676e1bad0812682c3f3f3c97de15f5f6
Closes-Bug: #1718605
2018-01-12 18:22:06 +00:00
Zuul
569b51483b Merge "Use same instance of iptables_manager in L2 agent and extensions" 2018-01-05 19:19:57 +00:00
Sławek Kapłoński
cbee0f9f88 Use same instance of iptables_manager in L2 agent and extensions
This commit adds common_agent_extension class which is agent API
for L2 extension drivers used e.g. by Linuxbridge agent.
This is necessary to be able to use instance of iptables_manager
used in firewall driver also in L2 extension drivers (like qos).

This patch refactors little bit iptables_manager code to make possible
to initialize e.g. mangle or nat table on demand, even if iptables
is created as "state_less"

Change-Id: I3b66e49b7f176124e8aea3eb96d0d465f1ab1ea0
Closes-Bug: #1736674
2018-01-05 11:07:32 +01:00