With the new engine facade in place, a context session can execute
one single transaction at once. Nested transactions are no longer
supported.
This patch also changes db related examples in the "retries" document
that they uses engine facade.
Partially-Implements blueprint: enginefacade-switch
Change-Id: I978a24c3b30c2bb0a3ea6aa25ebf91ca5c58b8c9
Co-authored-by: Slawek Kaplonski <skaplons@redhat.com>
In neutron CI queues we were running tempest-slow-py3 and
tempest-ipv6-only jobs which are defined in tempest repository and runs
all tests, e.g related to Swift or Cinder.
This patch defines new jobs: "neutron-tempest-slow-py3" and
"neutron-tempest-ipv6-only" which inherits from the tempest jobs but
disables Cinder and Swift services.
Additionally "neutron-tempest-ipv6-only" job now runs only
"integrated-networking" tox_envlist.
Change-Id: Icd376c144e1993ca84890c76743fda4196662d9b
As per the community goal of migrating the policy file
the format from JSON to YAML[1], we need to do two things:
1. Change the default value of '[oslo_policy] policy_file''
config option from 'policy.json' to 'policy.yaml' with
upgrade checks.
2. Deprecate the JSON formatted policy file on the project side
via warning in doc and releasenotes.
Also replace policy.json to policy.yaml ref from doc and tests.
[1]https://governance.openstack.org/tc/goals/selected/wallaby/migrate-policy-format-from-json-to-yaml.html
Change-Id: I0dbb8484e749e645627756e88ec79c1b26a6414a
Move out tempest related things from TESTING.rst to tempest.rst.
It also gives some basics on how to debug tempest in zuul and locally.
Change-Id: I46c282c865bfdf5e88e26ea8fc31b26cdd3f6b2e
As talked about in the CI meeting, some manual steps were not mentioned
and could cause some issues later (like running stable stadium CI
against master neutron). All steps should now be listed.
Also update some release names and URLs in the document
Change-Id: I06a5a1ba0523befbc136920efde3e717ef822856
This change is needed for enabling floating IP's on routed networks.
To be able to create a subnet that spans all segments of a routed network,
a special subnet service type of 'network:routed' is used to denote a
network that can span all segments of a routed network.
To create floating IP's on a routed network, the subnet must be created
with a service_type of 'network:routed'. After the subnet has been
created, floating IP's can be allocated and associated as before.
See the design spec https://review.opendev.org/#/c/486450/ for
reference.
One caveat for this approach is that it requires the underlying
infrastructure to be aware of and able to route /32 host routes
for the floating IP. This implies that in practice, use of the
'network:routed' service type should be done in conjunction with
one or both of the following:
1. Third-party SDN backend that handles this service type in its
own way
2. neutron-dynamic-routing and the BGP service plugin for announcing
the appropriate next-hops for floating IP's. This is compatible
with DVR and non-DVR environments.
Depends-On: Ibde33bdacba6bd1e9c41cc69d0054bf55e1e6454
Change-Id: I9ae9d193b885364d5a4d90538880d8e9fbc8df74
Co-Author: Thomas Goirand <zigo@debian.org>
Partial-Bug: #1667329
This patch moves detailed description about fullstack tests from
the general TESTING.rst document to the fullstack guide which is in
contributor/testing/fullstack.rst
It also adds new sections about running and debugging fullstack tests
locally and how to investigate failures which happens in the fullstack
jobs in the gate.
Change-Id: I2539420411e8fb2f54a5da9d9047171fd37bfb11
After [1] we are now testing neutron with uwsgi in the
neutron-tempest-plugin-api job so there is no need to run
neutron-tempest-with-uwsgi in the check and gate queue anymore.
[1] https://review.opendev.org/761611
Change-Id: I5308a5f51a5700394c6b743c44159f30b526c655
Prior to this patch the IGMP configuration for ML2/OVN was inconsistent
with the configuration option description and also the ML2/OVS driver
because it was flooding traffic to unregistered VMs [0].
The "igmp_snooping_enable" configuration option says:
"Setting this option to True will also enable Open vSwitch
mcast-snooping-disable-flood-unregistered flag. This option will disable
flooding of unregistered multicast packets to all ports."
But, in ML2/OVN that behavior was inconsistent prior to this patch
because it allowed traffic to flood to unregistered VMs. This patch
fixes it.
[0]
https://opendev.org/openstack/neutron/src/branch/master/neutron/conf/agent/ovs_conf.py#L36-L47
Change-Id: I5cbe09e26120905b29351d61bbadb30b5dd14938
Closes-Bug: #1904399
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This patch implements the last code bits pending to
conclude the new DB engine facade migration.
Due to the resultant interactions in the modified code, is
not possible to submit smaller patches; this code must be
migrated at once.
Partially-Implements blueprint: enginefacade-switch
Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
Co-Authored-By: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Change-Id: Id3f09b78c8d0a8daa7ec4fa6f5bf79f7d5ab8f8b
OVN doesn't implement the e/w traffic fragmentation and probably never
will. Add the gap to our docs.
Change-Id: Ib61279d49b460e8cc458d92795f4a73d0ac4bb5f
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
This patch removes jobs:
neutron-tempest-linuxbridge
neutron-tempest-iptables_hybrid
from the Neutron check and gate queues.
Most of the test run there are not backend dependent and they are run in
the neutron-tempest-multinode-full-py3 job too.
Some tests which may be impacted by different backend/firewall driver
are added to the neutron-tempest-plugin-scenario jobs now.
Additionally this patch removes also
neutron-tempest-plugin-dvr-multinode-scenario from the docs summary as
this job is not run in the check queue for some time now (it's moved to
the experimental queue).
Depends-On: https://review.opendev.org/#/c/761410/
Change-Id: Ica669e05f719568dad74c4e8bd69ddceadccea7e
This patch adds info about how multicast traffic is treated by
openvswitch and iptables based firewall drivers.
Patch [1] was trying to fix behaviour of OVS based driver to make
it similar to how iptables drivers works but it introduced bug [2]
which we wasn't able to fix without basically disabling what [1] did
for some ports on the compute nodes.
So based on that we decided to revert [1] - it is done in [3] and to
document different behaviour between those 2 firewall drivers which is
done by this patch.
[1] https://review.opendev.org/#/c/748719/
[2] https://bugs.launchpad.net/neutron/+bug/1899967
[3] https://review.opendev.org/#/c/759555/
Change-Id: If8a56579c62f58befdc57f5916a5763e9fb99531
Related-Bug: #1899967
Related-Bug: #1889631
Using veth to interconnect openvswitch bridges was deprecated
in Victoria cycle. Now it's time to remove it from the code.
In neutron-ovs-agent code, there is still kept piece of code which
migrates from the veth to the patch ports for bridges interconnection.
We will be able to remove that piece of code in X release.
Change-Id: I94545c3c3d9be46ac2062691f69663e5e59cd648
Closes-Bug: #1587296
This reverts commit b8be1a05facff2ba8b484902494ce1663e0aae7c.
As was reported in bug [1] this patch broke multicast traffic send
from ports with disabled port security. And that broke L3HA routers
as keepalived processes couldn't talk to each other.
During attempt to fix that issue with keepalived we found out another
corner cases which we may break and in fact to fix them, we would
effectively revert this change and allow multicast traffic for all
ports in e.g. networks with ports which have port security and ports
which don't have port security and are on same node.
As we also don't really know what other corner cases we may hit going
further with that, lets revert this patch.
As a follow up patch I will propose new patch which will document
differences in handling multicast traffic between iptables and
openvswitch based firewall drivers.
[1] https://bugs.launchpad.net/neutron/+bug/1899967
Change-Id: I37a8b33cf8e16d5bb5dc1966fc2dca6bb619026c
Closes-Bug: #1899967
Maciej no longer works on Openstack, so remove him, and add
Flavio Fernandes as a replacement. Also added contact into
to the neutron-teams page.
Change-Id: I2f43a389644afcfa5a42571b6c5c093fd21560f1
It just makes it simpler for the user to copy & paste a command to
obtain the port's UUID.
Change-Id: Ib839c8ed1e78f14d49690367a68f007a68c5cebe
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
By default, if any multicast traffic sent to 224.0.0.X is allowed
in the OVS firewall (that means there is a specific egress rule),
this traffic is sent, in table 73 (ACCEPT_OR_INGRESS_TABLE), to
a rule with action NORMAL.
As commented in the related bug, https://tools.ietf.org/html/rfc4541,
chapter 2.1.2, section (2):
"Packets with a destination IP (DIP) address in the 224.0.0.X range
which are not IGMP must be forwarded on all ports."
That means those packets will be forwarded to all ports regardless of
any ingress rule. This patch process this traffic separately, sending
those packets to table 102 (MCAST_RULES_INGRESS_TABLE). In this table
the ingress rules that have a defined protocol, will have an Open Flow
rule to output the traffic directly to those ports associated to this
rule.
For example, in the problem reported in the related bug, the VRRP
protocol (112), will be sent only to those ports that have this
ingress rule.
Change-Id: Ie271de144f78e364d938731ec9f5297e1a9d73f9
Closes-Bug: #1889631
This patch converts neutron-grenade-ovn job to be Zuulv3 native
and adds it as non-voting job to the check queue.
Depends-On: https://review.opendev.org/752412
Change-Id: Ie27f7c9313ff4b18eba739e40fdb136036652313
And add note about different handling of packets marked as INVALID
by both those drivers.
Change-Id: I3d436289073e95312e5f5077acabd136266b9e8a
Closes-Bug: #1896587
ML2/OVN currently doesn't support IPv6 prefix delegation. This patch
adds it to the list of gaps.
Change-Id: Icf23cb9113d48322a4ba0db13a55c370e2bb14a4
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Ryu Ishimoto was removed from the list of networking-midonet maintainers
as he is not active in the community anymore - thank You Ryu for all
Your work in the Neutron community.
Sam Morrison was added to the list as he recently stepped in to maintain
networking-midonet in the Neutron stadium. Welcome Sam and thanks for
Your help with this project.
Change-Id: I639fa5f69f56c96bc69873e6bcac555fff441ce2
Extend neutron metering agent to generate Granular metering data.
The rationale here is to have data (bytes and packets) not just in
a label basis, but also in tenant, router, and router-label, and tenant-label
basis. This allows operators to develop more complex network monitoring
solutions.
Moreover, I added documentation to explain what is the neutron metering agent,
its configs, and different message formats.
Change-Id: I7b6172f88efd4df89d7bed9a0af52f80c61acbe0
Implements: https://blueprints.launchpad.net/neutron/+spec/granular-metering-data
Closes-Bug: #1886949
