This function is private. This commit also adds missing unit tests.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I6d3e75fb61a90358cf7afbe165181d3da6363bfb
Usage of the helper function which retrieves the name of the process
based on the usage of the segments was missing for unregister which
leads an issue when disabling dhcp agent for a network.
Closes-Bug: #2051690
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ic6e999214210383f17c29982bf5673eea1bb55c0
All of these exceptions and constants have been in
neutron-lib for a while, start using them.
While looking for other things to consume found an old
neutron-lib TODO that did not apply anymore, so removed.
TrivialFix
Change-Id: I9431075a50ba05be872db422125e6af6266ccb99
This patch is the initial implementation on the suggestion
from this patch[1].
The DHCP agent can query the existing `get_ports` RPC method because
this method is already exposed in the MetadataRpcCallback(server side)
which runs under the same topic(PLUGIN) and namespace(None). The benefit
here is that there is no change needed to the API, however it does
go against how we historically setup the RPC layer between a server and client.
[1] https://review.opendev.org/c/openstack/neutron/+/903572/comments/3d4e0453_4b4d2ab6
Related-Bug: #1982569
Change-Id: Icd7c55d2a5103bdbd90907b1dbfb9ccfe34c020a
Process of cleaning stale devices is now logged at an informational
level, not just for debugging as operator should be aware of any
action on its platform. Also, the removal of stale devices which
should never occur, is marked as a warning. This change aids operators
in identifying unusual behavior on their platform.
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I8f878e50983cf0664a80ff8dbdfb0b6db68b6cd3
OVN metadata port from NetworkCache is being used and fixed_ips
for it were not available at the time network was added into
the cache. So let's re fetch it if it is available in the cache.
Related-Bug: #1982569
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2213862
Change-Id: Ie0ec43566fa2b3e13b4917493336ce1519c9b6bb
Update the code to use the new is_ovn_metadata_port from utils.
Update the test such that mock port objects are subscriptable. This
is required for the `is_ovn_metadata_port`. I have utilized already
existing `Dictable` class. However, I have removed `__class__` as I
dont think this correct intention of this class. It was introduced
here [1] feel free to disagree.
[1]https://review.opendev.org/c/openstack/neutron/+/205181
Change-Id: Ie9598e6801b093b80d736b313941695c3ed52c02
When DHCP agent is deployed with ml2/ovn for baremetal
ports, ovn metadata route is not added.
This patch adds route via ovn metadata port if exists
so baremetal nodes can fetch metadata.
Closes-Bug: #1982569
Related-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2213862
Change-Id: I12e496d70bb6db707b317d0aeb6e4edd6c43571e
After updating pylint, it started emitting additional "E"
warnings in some cases, fix them.
unsubscriptable-object,
unsupported-delete-operation
These were associated with the OVN AgentCache code. Instead
of using a subscript, create get/delete methods to do the
same thing.
used-before-assignment
Re-factor some code so it's clear to pylint variables are
being assigned properly.
Trivialfix
Change-Id: I4a5ccb7f33465705e59b5274c41db3c371862b1e
Since a DHCP agent can handle multiple networks, each with
their own unique network namespace, we must track in-use
ports by network ID, so we delete the namespace when the
last port on that network is removed. If we group all the
ports together then we could have stale, empty namespaces
until we either delete all the ports (unlikely) or the
dhcp-agent is restarted and does cleanup.
Regression introduced by
https://review.opendev.org/c/openstack/neutron/+/840421
Closes-bug: #2015388
Change-Id: I36991328cabcbd6fa473b8d1d140ba88c774fb23
IPv4 DAD is non-existent in Linux or its failure is silent, so we
never needed to catch and ignore it. On the other hand IPv6 DAD
failure is explicit, hence comes this change.
This of course leaves the metadata service dead on hosts where
duplicate address detection failed. But if we catch the
DADFailed exception and delete the address, at least other
functions of the dhcp-agent should not be affected.
With this the IPv6 isolated metadata service is not redundant, which
is the best we can do without a redesign.
Also document the promised service level of isolated metadata.
Added additional tests for the metadata driver as well.
Change-Id: I6b544c5528cb22e5e8846fc47dfb8b05f70f975c
Partial-Bug: #1953165
Exception[1] is seen in periodic_resync of
dhcp, this patch fixes it.
[1] TypeError: DhcpLocalProcess.clean_devices() missing 1 \
required positional argument: 'network'
Related-Bug: #1764738
Related-Bug: #1956435
Change-Id: Ie265b864718d9eaaea2f688649fcff24e47520b6
Since [1], this method is called with an extra argument "network_id".
Instead of filtering out this parameter when the driver method is
called, the method signature now accepts other kwargs.
[1]https://review.opendev.org/c/openstack/neutron/+/865823
Closes-Bug: #2007553
Change-Id: I0c14a73699702b9af828a5703a8f9fe8b87d3e67
This updates the exception with a log message informing that
multi-segments is supported by OVS only at that point.
This also add fullstack tests that validates multisegs deployment on a
physnet.
Closes-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I3811a4ca28906dd29100c602de7fa4a3595393ab
When talking to dnsmasq using DNS over tcp dnsmasq will fork out for
TCP connections. Forked processes will stay until all connections have
been closed, meaning that dangling connections will keep the processes
and with that will also keep the tcp/53 port in listening state. On
dnsmasq restart (e.g. on network update, subnet create, ...) the parent
process is killed with SIGKILL and a new process is started. This new
process cannot listen on tcp/53, as it is still in use by the old child
with the dangling connection.
To prevent dangling dnsmasq connections on tcp we need to properly
shutdown the child. This is done by first sending SIGTERM and only send
a SIGKILL if the process is not shutting down properly. With that we
get proper cleanup of all children and tcp will come up after a restart.
Change-Id: Ie633148c512f5124e978648c50a4c6318c61baa8
Closes-bug: #1998621
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
the ones in neutron/agent and neutron/privileged/agent.
Trivialfix
Change-Id: Ib94257481e62b99b3d7648ae5137af5411b4867a
This change makes the DHPC agent to handle multiple segmentation per
network.
For each segmentation a DHCP Process will be started, this has the
benefit to keep the current logic of building a DHCP service per
network domain.
Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I88264ce2303cbaed983d437203232bd1459d58b2
This is adding new API for the dhcp driver to clean stale
devices. Previously it was not necessary since a dhcp port was related
to a nemaspace and when the namespace got deleted, the device was also
removed.
Now with multisegments we can have more than one dhcp port per
namespace based on segmenation id so we should ensure to remove the
stale device.
Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I4a46b034a5feabb914bc6fd121d68e20278230b5
This change makes device manager action to clean device a bit smarter
by comparing port registered for a given network with device in live.
Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I0b6f9b59b94cf05996e4217b5d232b69ad775502
With [1] gateway is no longer set for subnet created
with prefix delegation, but when adding the subnet
to the router it fails as it expects gateway to be
set.
This patch ensures gateway is set temporary to the first IP
of the subnet as it used to be just like the temporary CIDR.
Also need to ensure dhcp configuration is skipped to avoid the
original issue[2].
[1] https://review.opendev.org/c/openstack/neutron/+/699465
[2] https://bugs.launchpad.net/neutron/+bug/1856675
Closes-Bug: #1962306
Related-Bug: #1856675
Change-Id: I512f7d98ac99bb0ef06fd2acba09482e3436d18d
The DHCP server should not announce any DNS resolver at all on the
subnet if "0.0.0.0" (IPv4) or "::" (IPv6) are configured as DNS
name servers in any subnet.
https://docs.openstack.org/neutron/latest/admin/config-dns-res.html
Closes-Bug: #1950686
Change-Id: I78dd012764c7bd7a29aeb8d97c00b627d7723aeb
Passing newline as extra dhcp option name to the DHCP agent causes
issues with configuration of the dnsmasq process for the network.
This patch removes everything what is after first newline character
in the dhcp_extra_opt's name before building dnsmasq's config.
Closes-bug: #1943930
Change-Id: Iab2832e750ff5ef09c5dcacae4dbff4f9e62bc2d
Passing newline to the dnsmasq may cause security issues, especially
that in case of Neutron that dhcp options' values are controlled by
cloud users.
This patch removes everything what is after first newline character
in the dhcp_extra_opt's values before passing them to dnsmasq.
Closes-Bug: #1939733
Change-Id: Ifeaf258f0b5ea86f25620ac4116d618980a7272e
Because the DHCP agent does not know the IAID (identity association
identifier) of assigned IPv6 addresses it's not possible to generate the
lease file including IPv6 leases. Because of this IPv6 addresses are
excluded when generating the lease file in case of DHCP agent restarts.
This causes DHCPv6 clients to fail to RENEW their lease and to go
through a full address discovery cycle with possible short connectivity
disruption.
This commit copies the existing IPv6 leaes from an already existing
lease file if present. While this does not allow for DHCP agent
failover, this is still better than just skipping the IPv6 addresses.
A lease file without the IPv6 addresses is still generated if an agent
is migrated to a different host.
This commit complements the fix implemented in
Ib1b2f284ab81f1c4af7b08b5257b45a3f6e79c3e which just skips the IPv6
leases as otherwise the lease file would be invalid and all leases would
be lost. It does not change the behavior for still valid IPv4 leases.
With this issue fixed an additional fix is required to not loose DHCPv6
leases when the agent restarts dnsmasq. Currently the DHCP agent
regenerates all configuration files on restart. This means that DHCPv6
leases are lost as they can't be regenerated. This changes the agent to
only delete the config files if the agent's ports are also removed.
Closes-Bug: #1722126
Related-Change: Ib1b2f284ab81f1c4af7b08b5257b45a3f6e79c3e
Change-Id: I40761b30563749251b9d74731bbe7a80a124da89
Ports with device_owner like:
* floating_ip,
* DHCP,
* some types of router ports, like: HA interface interface,
* distributed ports,
don't need to be configured in the dnsmasq file.
So there is no need to reload dnsmasq every time when such port is
added/updated to the network.
This patch adds skip in such case which should improve load on the
Neutron DHCP agent.
Closes-Bug: #1913269
Change-Id: I63221507713b941c261cdf88781133149da8ab8d
The main idea of the commit is to fix code
according with the latest oslo.i18n requirements
https://docs.openstack.org/oslo.i18n/latest/
1. removed log translation if log is not seen by users
in raised exception or api call response.
2. keep translated log if it's used in raised exception.
3. removed log message 'Error while reading %s'
which was "dead" (unused) code in the function
"_get_value_from_conf_file"
of module "agent/linux/dhcp.py".
Partial-Bug: 1600788
Change-Id: Ifb5455336b06c2c87a930b816c90b4a766856b1e
"@abc.abstractproperty" is deprecated since 3.3. Now it's possible
to use "@property" on top of "@abstractmethod".
Change-Id: I0cca37b626a94a05fb983a8528c22a660e89e673
Passing --conf-file= with no value has no effect on the dnsmasq
process. Intended effect here is for the default system dnsmasq.conf
file not to be read and included in configuring the process. For
that to happen some value has to be passed to --conf-file. Passing
/dev/null will invoke the desired outcome to skip the system
default conf file.
Closes-Bug: #1896945
Change-Id: I22570a44f84d14a792633747c04d7426ab231009
Send IPv6 metadata traffic (dst=fe80::a9fe:a9fe) to the metadata-agent.
When running on IPv6 enabled system bind haproxy (i.e. the
metadata-proxy) to 169.254.169.254 and to fe80::a9fe:a9fe also.
We do not introduce new config options. The usual config options
(enable_isolated_metadata, force_metadata, enable_metadata_proxy)
now control the metadata service over both IPv4 and IPv6.
This change series only affects the guests' access to the metadata
service (over tenant networks). They change nothing about how the
metadata-agent talks to Nova's metadata service.
Metadata access over IPv6 is supposed to work both on dual-stack and
v6-only networks.
In order to enable the metadata service on pre-existing isolated
networks during an upgrade, this change makes each dhcp-agent restart
trigger a quick restart of dhcp-agent-controlled metadata-proxies,
so they can pick up their new config making them also bind to
fe80::a9fe:a9fe.
Change-Id: If35f00d1fc9e4ab7e232660362410ce7320c45ba
Partial-Bug: #1460177
This pep8 error ocurrs sporadically, as reported in related bug.
The creation of a new DictModel class empty object during the
deepcopy process only needs the class type only.
Change-Id: Iba4f2ea700f01fd153104741614eec4855d0f387
Closes-Bug: #1893316
As spotted in Focal testing patch [0], pep8 test fails with many
C0321 false-positives, reported in pylint as current version does not
support python 3.8 [1]
Use a newer version of pylint and astroid, fixing or disabling some of
the new checks: no-else-*, unnecessary-comprehension, import-outside-toplevel
[0] https://review.opendev.org/#/c/738163/
[1] https://github.com/PyCQA/pylint/issues/2737
Change-Id: Ie646b7093aa8634fd950c136a0eba9adcf56591c
Version 2.4.0 of neutron-lib has the DHCP port numbers
correct, so start using them.
Also updated other code in linux/dhcp.py to use the
constants as well, instead of re-defining them.
Closes-bug: #1882588
Change-Id: I5dc1d8e7bcc94efd1fab68d980d60e3130d5e5bc
There are places where we need to use a metadata address
in different forms:
169.254.169.254
- when binding to an address, used with a port
169.254.169.254/32
- when configuring an address on an interface
- when adding a route
169.254.0.0/16
- when checking if a metadata subnet is present
We were not always using them correctly in either the
DHCP or OVN code, try and correct the usage. This will
make it easier to update the code when adding support
for metadata over IPv6.
Change-Id: I1780aa99204cc24e668d9798f4a5111eae83ecdb