This updates the exception with a log message informing that
multi-segments is supported by OVS only at that point.
This also add fullstack tests that validates multisegs deployment on a
physnet.
Closes-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: I3811a4ca28906dd29100c602de7fa4a3595393ab
The test:
- creates 3 VMs in the same network on 2 hosts
- creates Local IP and associates first VM's port with it
- pings first VM from the second one (same host) by
local IP address and checks pings are ok
- pings first VM from the third one (diff host) by
local IP and verifies local IP is not accessible
Second test does the same but with openvswitch security groups
enabled on hosts and with static NAT rules for Local IPs.
Partial-Bug: #1930200
Change-Id: I27a57170b88eda951ff3ef1d5320cb8c692a074a
This patch will create two fake VMs to verify the DHCP R/R
for its NIC. Ping 4/6 will be run after the interface request
and config the IP address via DHCPv4/6 by using dhclient.
For fullstack test fake environment, setting enable_traditional_dhcp
to False means enable DHCP extension for OVS agent automatically.
Partially-Implements: bp/distributed-dhcp-for-ml2-ovs
Closes-Bug: #1900934
Change-Id: I40d6464953fbc4d4ca2c05a6051eba43cd05fedd
Now is possible to define a gateway IP when creating a subnet using a
subnet pool. The IPAM subnet generator retrieves the available IP
ranges in the subnet pool and generates a list of candidate subnets
with the prefix lenght defined. If the gateway IP can be allocated in
one of those candidate subnets, the IPAM returns a valid IpamSubnet
that will be used to create a Neutron subnet.
Closes-Bug: #1904436
Change-Id: Ib1d1f591c4d0f59ebff3ddcb3be7b10b0b5e67dc
Minimum bandwidth QoS rule is only applicable for the network which is
backed by physical networks.
It will raise exception when you want to set Minimum bandwidth QoS rule
or update rule on network without ports.
Closes-Bug: #1913180
Change-Id: I6ab945086b13730ad60957760bbc2eb5c321aca2
Segment delete can fail if the subnet related to the segment is deleted.
Related-Bug: #1878632
Depends-On: https://review.opendev.org/727796
Change-Id: I9a656cee769d2ba515d00d2acbd28a3c2f641ff7
The tracked resources quota check is done at the beginning of an API
call to the Neutron server. The API call contains a resource and an
action over the resource. In case of creation, the server checks if
the number of items requested fits in the existing quota.
In case of security group creation, the tracked resource checked is
"security_group". But "SecurityGroupDbMixin.create_security_group"
method also creates several default rules for the new group and the
quota for "security_group_rule" is not enforced.
This patch checks the number of security group rules being created
("delta") and checks in the plugin method (not in the API method) if
there is enough room for those new rules (tracked resource
"security_group_rule").
Change-Id: I0a9b91b09d6260ff96fdba2f0a455de53bbc1f00
Closes-Bug: #1858680
When a subnet is created and allocated, the gateway IP is created
based on the subnet CIDR. In case of IPv6 prefix delegation, this
CIDR is a temporary one. In this case the gateway IP cannot be
assigned yet and the value stored in the DB should be "None".
IpamBackendMixin._gateway_ip_str must read properly the IP version
stored in the "subnet" variable, under the key "ip_version"
instead of "version".
Closes-Bug: #1856726
Closes-Bug: #1856675
Change-Id: I9313c880cc458f08dc3a1b0ff13187b764ba7042
When a router gateway is updated and the subnet changes,
we need to use the admin context in order for the operation
to succeed. Since the target network has already been
verified to be external, this is OK. The other operations
in this area such as create and delete already do the
same thing.
Added a fullstack test that moves a gateway between subnets
and verifies it's reachable afterwards.
Change-Id: Iead87ba6182d633f0f808032166e02e767fcffae
Closes-bug: #1812118
When router admin-state is down or removed, fip-qos and gateway-ip-qos
extension should delete the router IPs' QoS rate limit cache. Then if
the router is up again the router floating IPs QoS can be reconfigured.
This patch achives these:
1. make sure floating IP or gateway IP QoS cache removed.
2. floating IP QoS can be re-configured to snat device when router
doing admin_state down/up.
Closes-Bug: #1826695
Change-Id: I24fcecd9686ad17fa50093bb8bccab0d6c711298
Add minimum egress bandwidth support for Open vSwitch.
The scope of this implementation is reduced to N/S traffic.
There is no QoS applied on traffic between VMs.
The QoS rules are aplied to exit ports in bridges other than
br-int; that means all physical bridges. No tunneled traffic
will be shaped. This feature will be implemented in a following
patch.
Partial-Bug: #1560963
Change-Id: I0a2ef52b13151a39e678e9a3e6f75babb47298d0
If directly change router gateway port IP address, the gateway IP
does not changed in router related namespace in l3 agent side. This
patch adds a method to catch a 'PORT' IP change event, and notify
the L3 agent.
Closes-Bug: #1795222
Change-Id: If276a7613c156f8c826967c9c8cbd6f2a8d32674
Since Queens, the security group logging has been merged. But there
is no fullstack test for this feature. So this patch add fullstack
test to avoid regression as https://review.openstack.org/#/c/587681
Co-Authored-By: Yushiro FURUKAWA <y.furukawa_2@jp.fujitsu.com>
Change-Id: Id9bbedc96e399338ea568556bdb17923392512b4
Partially-implements: blueprint security-group-logging
MTU check can be skipped during deletion of Networks.
The MTU check doesn't provide any additional support during deletion
of the networks.
Also, if a network is created with MTU 'X' and the
global_mtu later on is decreased to 'Y', the created
network cannot be deleted due to the MTU check.
Change-Id: Ia838d2a661c5098f90b58b2cb31557f2ebf78868
Closes-Bug: #1713499
Some QoS tests tried to list ports by attribute qos_policy_id
but this attribute is not a valid filter. In before, the tests
passed because neutron ignored the invalid filter and returned
all the ports which happened to be the correct set. However,
using qos_policy_id as filter is incorrect and this patch fixes it.
Change-Id: Ic3ab5b3ffdc378d570678b9c967cb42b0c7a8a9b
Related-Bug: #1749820
This patch makes L3 agent to update its ports' MTU when it's changed on
core plugin side.
Related-Bug: #1671634
Change-Id: I4444da6358e8b8420a3a365e1107b02f5bb1161d
In reviews we usually check import grouping but it is boring.
By using flake8-import-order plugin, we can avoid this.
It enforces loose checking so it sounds good to use it.
This flake8 plugin is already used in tempest.
Note that flake8-import-order version is pinned to avoid unexpected
breakage of pep8 job.
Setup for unit tests of hacking rules is tweaked to disable
flake8-import-order checks. This extension assumes an actual file exists
and causes hacking rule unit tests.
Change-Id: Ib51bd97dc4394ef2b46d4dbb7fb36a9aa9f8fe3d
Add support for QoS ingress bandwidth limiting in
openvswitch agent.
It uses default ovs QoS policies on bandwidth limiting
mechanism.
DocImpact: Ingress bandwidth limit in QoS supported by
Openvswitch agent
Change-Id: I9d94e27db5d574b61061689dc99f12f095625ca0
Partial-Bug: #1560961
This patch implements the "default" behaviour for QoS policies.
If this flag is enabled for a QoS policy in a project, all
new networks created will have this QoS policy assigned by default.
If a new QoS policy is created or updated with this flag and another
QoS policy in the same project is set as the default policy, the new
one won't be created or updated. To set another QoS policy as default,
the current one must be unset.
DocImpact: A "default" flag is introduced for QoS policies. If this flag
is enabled in a QoS policy (attached to a project), then all
networks created in this project would have this QoS policy
assigned, unless an explicit policy is specified.
APIImpact
Closes-Bug: #1639220
Change-Id: If5ff2b00fa828f93aa089e275ddbd1ff542b79d4
Neutron-lib 1.1.0 is now out and contains the portbindings
API definition (as per commit [1]). This patch moves neutron
references over to the neutron-lib version.
NeutronLibImpact
- Consumers using the public constants within neutron's
portbindings API extension must now use the values
from neutron-lib.
[1] 87e42f993c07ae320159d5123662ee9f3bd4d903
Change-Id: I669af9b4c712877772d91a03857ab108714001d4
Adding two tests:
* A test that for native ovs-ofctl interface verifies that stopping the
ovs-neutron-agent does not disrupt network traffic. Stopping the agent
means also stopping the OVS bridge controller, hence OVS can decide to
take over management of OpenFlow rules, clear them up, and this way
cause network traffic disruption.
* A test that creates two ports in a single network, then starts
pinging one from the other while restarting OVS agents. The test verifies
that no packet is lost during OVS agent restarts.
Change-Id: I2cd1195fc0622c8c8d614f00e9dd6884ad388d69
Related-Bug: 1514056
Related-Bug: 1607787
Patch tests basic life-cycle of a trunk associated with a port. Test
creates a trunk with one subport - this tests interaction between
agent and ovsdb handler that calls via RPC to server.
Later a new subport is added which tests RPC interaction between
server and agent. Then deletes the first created subport. Finally trunk
is removed and checked that no patch ports remain on the integration
bridge.
Future work:
- Run this test with linuxbridge
- Test re-using port associated with trunk.
- Test re-using subports.
- Test with OVS firewall.
Partially-implements: blueprint vlan-aware-vms
Change-Id: Ie79a010e6751c1f1c2be5b1bf52511b9e100ad20
neutron-sanity-check tool was importing neutron.tests.base module, which
may be not present on some systems (f.e. RDO splits neutron/tests/
subtree in a separate python-neutron-tests package). It made the tool
not usable in some setups.
https://bugzilla.redhat.com/show_bug.cgi?id=1374282
This is not the first time when we by mistake import from
neutron.tests.* and break distributions. It's time to stop it by
proactively forbidding that pattern via a new hacking check.
Some functions were moved from neutron.tests.base to
neutron.common.utils to fulfill the need requirement. They were moved
using debtcollector, no current consumers should be affected.
Closes-Bug: #1621782
Change-Id: I790777ddcbd1b02218b3db54ae3d5c931d72d4fa
This patch introduces fullstack testing for the QoS/DSCP
Open vSwitch implementation. It depends on the python-neutronclient
patches, therefore it could not be merged in the main patch.
Co-Authored-By: Miguel Angel Ajo <majopela@redhat.com>
Change-Id: I0ab6a1a0d1430c5791fea1d5b54106c6cc93b937
Closes-Bug: #1468353
Depends-On: I25ad60c1b9a66e568276a772b8c496987d9f8299
Fullstack test to test snat and floatingip through legacy router.
This test creates external network and boots a vm with external
network's gateway and connected to central-external-br.
Tenant vm is booted on internal network.
Tenant Router is connected to internal and external networks.
To test SNAT, it pings external vm from tenant vm.
To test floatingip, a new floatingip is assigned to tenant vm
and tests pinging to tenant vm's floatingip from external vm.
Partial-Bug: #1583028
Change-Id: I1f30c240419ec93a26368ed1623bb2ede595e3d1
This patch makes use of the constant defined in the extension.
In addition to this having value of debing defined in one place it
also enables the caller to understand that the portbindings
extension is required.
Note: the constant is not used in the API tests. This has import
issues so it is not relevant.
TrivialFix
Change-Id: I7bfe2528dbbd8017ddbdcf949dbb6264ce1eb5d8
Test the qos policy and rule CRUD lifecycle with port. Future plans are
to add similar testing with ports belonging to network with set qos
policy.
Change-Id: Iebe9b3e9d612d3533381a8cf4d0b9c587f8fda42
* Full stack tests' fake VMs are represented via a namespace,
MAC, IP address and default gateway. They're plugged to an OVS
bridge via an OVS internal port. As opposed to the current
fake machine class used in functional testing, this new fake
machine also creates a Neutron port via the API and sets the
IP and MAC according to it. It also sets additional attributes
on the OVS port to allow the OVS agent to do its magic.
* The functional fake machine and the full stack fake machine
should continue to share commonalities.
* The fullstack fake machine currently takes the IP address
from the port and statically assigns it to the namespace
device. Later when I'll add support for the DHCP agent
in full stack testing this assignment will look for the dhcp
attribute of the subnet and either assign the IP address
via 'ip' or call a dhcp client.
* Added a basic L2 connectivity test between two such machines
on the same Neutron network.
* OVSPortFixture now uses OVSInterfaceDriver to plug the port
instead of replicate a lot of the code. I had to make a
small change to _setup_arp_spoof_for_port since all OVS ports
are now created with their external-ids set.
Change-Id: Ib985b7e742f58f1a6eb6fc598df3cbac31046951
If we explicitly remove resource in the test we don't need to fail in
safe_client during cleanup phase.
Change-Id: Ia3b0756b7aa9b159de1949889ae03ca5248bc5fa
Closes-Bug: 1486081
* Created a 'resources' subdir and moved all fixture files
to it.
* Split ML2ConfigFixture to the server-side ml2 configuration
fixture, and the OVS agent configuration fixture.
* Neutron process logs were using H:M:S format as their file name,
but when starting multiple agents of the same type my machine
was fast enough to do that in the same second so that different
processes were outputting to the same log file. No good!
Added ms to the log name format. I also changed the log time
from UTC to local timezone.
* Renamed and moved 'FullstackFixture' to neutron/tests/fullstack/
resources/environment.Environment
* Added a 'Host' abstraction that groups agents that report with
the same 'host' value. Hosts may be interconnected by the
environment via shared bridges.
* The 'Environment' class will accept global
attributes (This will be later filled with stuff like tunneling,
l2pop or other environment-level flags), and in this patch accepts
a list of host attributes (Configuration that may differ between
hosts like the l3 agent mode [legacy, dvr, dvr_snat]).
* Made OVS agent and L3 agent fixtures expose their bridges
so that I could interconnect them.
* Added a super simple L3 HA test to show that this entire thing
works.
Change-Id: Ie64de9f35bd6ab7cbad494061613ecf5e0ccd806
Sahid Orentino Ferdjaoui