These test randomly fails with NetworkInterfaceNotFound
from quite some time. Until the issue is fixed added unstable_test
decorator so the job do not fail for these.
Related-Bug: #1961740
Change-Id: I1a352526aac72b417f93f51ba50c3359359c240d
Change non-harmful stack trace errors for dns_exc.DNSDomainNotFound and
dns_exc.DuplicateRecordSet to error log messages. This prevents the logs
from filling with stack traces where error messages would have been
sufficient enough.
Closes-Bug: #2042925
Change-Id: Icf1fff28bb560c506392f16c579de6d92cd56c23
OVS-agent wants to clean flows table by table during restart,
but actually it does not. If one table has same cookie with
other tables, all related flows will be clean at once.
This patch adds the table_id param to the related call
to limit the flow clean on one table at once.
Closes-Bug: #2060587
Change-Id: I266eb0f5115af718b91f930d759581616310999d
When an external tunnelled network is used as gateway network in an
OVN router, the "Logical_Router_Port" is not bound to any chassis and
the "Logical_Router" is pinned to a gateway chassis, using the list
provided in a "HA_Chassis_Group".
This patch attends to any change in the "HA_Chassis" list of the
"HA_Chassis_Group" to update the "Logical_Router" chassis assigned.
This provides HA functionality in case that the bound chassis
(chassis pinned) fails.
Closes-Bug: #2052821
Change-Id: Ia3d4271d015386fbec3c3f2276a7f62c2f8ad5dd
Pin a "Logical_Router" to a chassis when the gateway network (external
network) is tunnelled. When the external network is tunnelled, the
"Logical_Router_Port" acting as gateway port is not bound to any
chassis (the network has no physical provider network defined).
In that case, the router is pinned to a chassis instead. A
"HA_Chassis_Group" is created per router. The highest "HA_Chassis" of
this group is assigned to the router. If the gateway port is deleted,
the pinned chassis is removed from the "options" field. If the
router is deleted, the "HA_Chassis_Group" is deleted too.
NOTE: in the a chassis belonging to the router "HA_Chassis_Group"
changes, the list of "HA_Chassis" will be updated in
``ChassisEvent.handle_ha_chassis_group_changes``. However, a
"HA_Chassis_Group" change is handled by OVN, when assiged.
But in this case we are using this artifact, as commented before,
to "manually assign" (from core OVN point of view) the highest
priority "HA_Chassis" to the router (this upcoming funcionality
will be implemented in core OVN). A new follow-up patch will be
pushed to provide HA functionality and update the "HA_Chassis"
assigned to the "Logical_Router" when the chassis list changes.
Partial-Bug: #2052821
Change-Id: I33555fc8a8441149b683ae68f1f10548ffb662a6
The IntOpt class supports choices argument since oslo.config 9.4.0[1].
[1] 83bbc0df4316e8a17b8417d02c80cd0cf5a8568e
Change-Id: I27b825d7b65b6c40692785b50c8a8ccc3ca80b73
This decorator allows to create a new OVN database transaction or
use the existing one in a method. It is needed to pass the transaction
object (if any) and the IDL (Northbound or Southbound).
Related-Bug: #2052821
Change-Id: I925c1d745197edd08a62ced66b275c7b1dad1d6a
Remove B303 (md5, sha1 for python<3.9) and
remove B311 (Standard pseudo-random generators are
not suitable for security/cryptographic purpose) from
the skip list of bandit execution.
Change-Id: I6e9e61e7f94dc9ca339942529af8997adef45e38
In this change, we add the ability to create high availability
user defined router flavors under the ML2/OVN L3 service
plugin.
Closes-Bug: #2020823
Change-Id: I0d26f672d6239d840d3cf817a2553a06ef00a854
If the Nova metadata service is unavailable, the requests.request()
function may raise a ConnectionError. This results in the upper code
returning a 500 HTTP status code to the user along with a traceback.
Let's handle this scenario and instead return a 503 HTTP status code
(service unavailable).
If the Nova service is down and is behind another proxy (such as
Nginx), then instead of a ConnectionError, the request may result in
receiving a 502 or 503 HTTP status code. Let's also consider this
situation and add support for an additional 504 code.
Closes-Bug: #2059032
Change-Id: I16be18c46a6796224b0793dc385b0ddec01739c4
In order to decide whether to process a router related
request, the user defined router flavor OVN driver needs to
check the flavor_id specified in the request. This change adds
the code to test the case when the API passed the flavor_id as
unspecified.
Change-Id: I4d7d9d5582b97246cad63ef7f5511b159d6c6791
Closes-Bug: #2059051
This patch updates the list of the Neutron stadium
projects lieutenants and the list of the bugs' contact
person(s).
In detail this patch:
- sets Slawek Kaplonski as contact for RBAC issues
- sets Fernando Royo as contact for 'ovn-octavia-provider' issues,
removing Flavio and myself
- adds new 'ovn-bgp-agent' item with Luis Tomas Bolivar and
Lucas Alvares Gomes as contacts
Change-Id: Iaf344ee30a3500c18ae7facd9010d75af39e995f
Previously, the code used to clean up old DHCP processes for a network
before creating new ones supporting multiple segments per network
could potentially not be executed first. Since disabling applies to
cleaning the namespace, this could have led to the network setup being
destroyed after being done.
This change moves the part that cleans up the old DHCP setup to ensure
it is executed first.
Closes-bug: #2049615
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Iecdb2d81ee077c9b9057d0708c5c88e159970039
Based on [0] only py39, py311 and py312 (non-voting) jobs
are in the testing runtime for 2024.2, updated relevant
files accordingly. Added timeout override for py312
similar to other versions.
[0] https://review.opendev.org/c/openstack/governance/+/908862
Change-Id: I6c3e94a88b7ef50b1fc74abe0ef4640ce3a68be3
This new extension adds a new parameter to the NUMA affinity policy
list: "socket". The "socket" NUMA affinity policy has been supported
in Nova since [1].
[1]https://review.opendev.org/c/openstack/nova/+/773792
Closes-Bug: #2052786
Change-Id: Iad2d4c461a2aceef6ed2d5e622cce38362d79687
This change enhances the IptablesFirewallDriver with support for remote
address groups. Previously, this feature was only available in the
OVSFirewallDriver. This commit harmonizes the capabilities across both
firewall drivers, and by inheritance also to OVSHybridIptablesFirewallDriver.
Background -
The Neutron API allows operators to configure remote address groups [1],
however the OVSHybridIptablesFirewallDriver and IptablesFirewallDriver do
not implement these remote group restrictions. When configuring security
group rules with remote address groups, connections get enabled
based on other rule parameters, ignoring the configured remote address
group restrictions.
This behaviour undocumented, and may lead to more-open-than-configured network
access.
Closes-Bug: #2058138
Change-Id: I76b3cb46ee603fa5e829537af41316bb42a6f30f
Since [1] was merged, user defined flavor routers with the HA
attribute set to False cannot be created. This change fixes
it.
Closes-Bug: #2057983
[1] https://review.opendev.org/c/openstack/neutron/+/910889
Change-Id: Ic72979cfe535c1bb8cba77fb82a380c167509060
Add an item to the instructions on iptables to OVS
firewall migration that the admin should cleanup
any stale iptables rules after completion. It is
out of scope of our documents on how exactly an
adminstrator might do that.
Closes-bug: #1864374
Change-Id: Ie1bf6b82e57a00f61640a131a29d897a9cde4629