For some reason, kilo_initial.py is triggering this warning,
so fix it by using comments instead of a docstring.
Also updated the template to use comments as well, so any
migrations created in the future use them, even though
none seem to be causing a similar warning right now.
Closes-bug: #2036763
Change-Id: I63b7ac83fdd3ebc6251979f1376daf2105489fdc
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I9c87c69e50379559771ce278039c0c5e822697d6
Default-security-group-rules-added release note had some
extra indentation, which rendered it with a "bar" in
front of the list of items. Remove the two spaces.
Also fixed other grammatical issues in the note.
Trivialfix
Change-Id: I5d4a2e3be9a86c29f75e131d677f288bfe3222d1
This patch adds just release note with the known issue to describe known
wrong configuration which cause FIP Port Forwarding to not work properly
in ML2/OVN backend and distributed FIPs enabled.
For more details, please check related bug.
Related-bug: #2028846
Change-Id: I48b5358f4c3ac492d68b00a4c0153370332e9249
The ovn.ini file is a hold-over from the networking-ovn
tree. The docs all reference configuring OVN (and OVS)
options in ml2_conf.ini, so remove the old file and add
the neutron.ml2.ovn namespace to
etc/oslo-config-generator/ml2_conf.ini.
Trivialfix
Change-Id: I26dedc80e07aedffb1713560d4431b7a334b70b5
The "tc qdisc" command to create an ingress qdisc does not require
to define a parent qdisc [1]. The ingress qdisc "differs from other
qdiscs in that it does not occupy the root of a device".
The previous command was replacing the default root egress qdisc:
root@dev20:~# ip netns exec ns01 tc qdisc show
qdisc noqueue 0: dev dummy root refcnt 2
This operation is now not permitted with the new kernel.
This patch is also changing how the TC funtional tests interact with
the namespace interface created. Now the interface is set to UP before
the test starts. That changes the "tc qdisc show" command because now
the default qdisc (see the aforementioned CLI output) is now present,
as it should be in a live environment (where the interfaces are UP).
Closes-Bug: #2034540
[1]https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.adv-qdisc.ingress.html
Change-Id: I2f8130dc3cf3244be2a44a4ecbdbaa9c7f865731
This reverts commit 7ed79c1f7890456488a4b44769ed84fea23c9a39.
Reason for revert: the port binding handling done in this patch is
incorrect and leads to issues during the cold migration process with
trunk ports in ML2/OVN.
Change-Id: I642c3eb1771463db73248a8c50c0db6f7467a6d5
Partial-Bug: #2033887
Since [1] OVN/OVS source deploy jobs running with
OVN_BRANCH=main fails to compile ovn as this now
requires newer ovs commits from branch-3.2.
[1] https://github.com/ovn-org/ovn/commit/558da0cd
Closes-Bug: #2034096
Change-Id: I5247ce2b1a8606bde807a1744ed37daff04438f1
With [1] included in alembic-1.12.0 the unit test
test_autogen_process_directives fails as it was
expecting 'type_' param in Autogenerated output.
But this is not included with 1.12.0 by default,
this patch enhances the regex to care only for relevant
parameters.
[1] https://github.com/sqlalchemy/alembic/commit/733197e
Closes-Bug: #2034016
Change-Id: I088cc4b260cccf6be2963d23a76a05f11cfccf2c
Right now, as per kernel limitation, the burst limit is not correctly
enforcing the rate and burst when using the ovn "log-related" option and
stateless security groups. We log exactly double the burst. Creating a
new meter that limits the rate and burst to half of the expected ones is
a workaround that solves the issue.
Closes-bug: #2032929
Signed-off-by: Elvira García <egarciar@redhat.com>
Change-Id: Ib0047d38c58bcebb23c8887e7934987ff8c8a432
We did unfortunately not make it into Bobcat, and will try again
to get it into Caracal.
Partial-Bug: #2002687
Change-Id: I5b4579a96152b8bdb1d34e59fb492c6f2a01b71e
This patch updates docs related to the Security Groups to add info about
possibility to change default set of rules created in every new security
group.
It also adds release note about this new API in Neutron.
Closes-Bug: #1983053
Change-Id: I0f6ecc5cf374a0090930e9786834ed7a1be3dc0b
Default SG rules created as template in the Neutron DB are now used to
create security group rules for each new default and non-default SG
created in Neutron.
Closes-bug: #1983053
Change-Id: Iaf27deb955c3844409fcd36239511478e9607a82
Until now neutron fullstack tests which were run by the same worker were
using same DB but after test content of the DB was cleaned.
This could cause problems e.g. for default security group rules which
weren't created properly in second test run by the same worker.
To fix that issue patch [1] was proposed and merged some time ago. But
this didn't solve the problem so this patch is effectively reverting [1]
and proposing another solution which will make each fullstack test to
use own DB and run db migration script.
As running DB migration before every test makes this jobs to run a bit
longer than it took before, this patch also increases timeout for the
fullstack job(s) to 3h (10800 seconds).
[1] https://review.opendev.org/c/openstack/neutron/+/891040
Related-bug: #1983053
Change-Id: Ia261b4c62db9a99ef6eb161acb4609520e45d101
This patch introduces a maintenance task that runs once a day and is
responsible for cleaning up Hash Ring nodes that haven't been updated in
5 days or more.
Change-Id: Ibed9e0d77500570c3d0f9f39bfe40cb9239d0d7a
Closes-Bug: #2033281
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The functional test "TestMaintenance.test_port_forwarding" is checking
the "registry.publish" call after calling
"delete_floatingip_port_forwarding". This patch makes this check
explicit for the expected call.
Closes-Bug: #2033387
Change-Id: I95074a0fe071e3ed8bf58c9210d63a2f30ee68a0
If a port receives a device ID and a binding profile host ID
fields update, at the same time, this is because Nova is trying
to bind the port to a VM (device ID) in a host (host ID). In
ML2/OVN, a virtual port cannot be bound to a VM.
NOTE:
* A virtual port can receive a host ID update. That happens when
the fixed IP port that has the virtual port IP address as
allowed address pair is bound.
* A virtual port can receive a devide ID update. Octavia uses
the devide ID to identify to what load balancer the virtual
port belongs.
This check was introduced in [1].
[1]https://review.opendev.org/c/openstack/neutron/+/882588
Closes-Bug: #2028651
Related-Bug: #2018529
Change-Id: I8784c6716f5a53b91d43323771e6f30fa8e8e506
When a HA router is created and the HA is not yet, before creating
the router, the Neutron server creates the HA network and the
corresponding subnet.
The HA network cannot be duplicated (see previous patches related to
this bug). But the subnet, that is created in another database
transaction, cannot be present when the router creation call tries
to create the HA port.
This patch adds a HA subnet check before creating the router and the
HA port. Even if the subnet check fails and the worker tries to
create this subnet, if the process fails with ``InvalidInput``, that
means other worker created the subnet before and the current one
fails because tries to create the same subnet with the same CIDR.
In this case, we dismiss the exception and continue with the router
creation.
Closes-Bug: #2016198
Change-Id: I82225fcc6248bb0fd68959ceb1daabff423d81ff
This patch implements the new network HA boolean field API extension.
This field is an input only parameter for POST operations (creation).
By default is "False". When enabled, the Neutron server will create
a ``ha_router_networks`` register in the same transaction of the
network creation.
If by any circumstance (a race condition, for example), another
``ha_router_networks`` exists in the same project, a
``DBDuplicateEntry`` exception will be raised and the transaction
will be rolled back.
Partial-Bug: #2016198
Change-Id: Ie42c13ecbe4abcad9229b71f6942e393fd0f2e4e