Fix useless-else-on-loop, no-else-raise warnings and
no-else-continue in some test files. Noticed while
making another change.
TrivialFix
Change-Id: I9f3100ab2fe97275906e52a764a5023039622728
There are some logic left which checks device owner values set by
LBaaS v1 or v2, but LBaaS was already retired in favor of Octavia.
Change-Id: Ieca7a29a45f0686babe68619ff9da133edd89dec
This patch imitates the ML2/OVS Trunk driver behaviour. When the
trunk parent port is bound:
* A new trunk cannot be created using this parent port.
* If the port is assigned as parent port of a trunk, this
trunk cannot be deleted.
Closes-Bug: #2022059
Change-Id: I8cfa7e67524a42224cbb4b3c3cec3cfa49b795fd
When I writing 'ndp_proxy' service plugin, I found I couldn't get enough
informations about router from the callback system (Such as: the origin
request body of user send). So, for write service plugin that related
router plugin more concisely I commit this patch.
This patch proposal two changes about router callback publish events:
1. Add 'request_body' parameter to some event's payload
2. add 'BEFORE_UPDATE' event for router gateway
Related-bug: #1877301
Change-Id: I5f6a4e6f0b7c5feb794ddb7efbd07d01bad91af8
Change Ia462ca4b340cd3d9a27341632b24926c3290a4b2 modified some
notification payload field names.
Because of that _create_dvr_floating_gw_port fails with missing
'fixed_port_id' field since it's now 'port_id'.
Closes-Bug: #1943846
Change-Id: I37d8722c74dfc122030175f54404703780c4d8b2
Use same FIP field names for all notifications.
Move association_event field into Payload metadata.
Closes-Bug: #1933502
Change-Id: Ia462ca4b340cd3d9a27341632b24926c3290a4b2
Change FloatingIP AFTER_ notifications in l3_db to use publish calls.
Move association_event field into Payload metadata.
Closes-Bug: #1933502
Change-Id: Ie4c0f4a63a87c32026c49b03068e5f461deb38b6
This patch switches over to callback payloads for ROUTER
BEFORE_CREATE, PRECOMMIT_CREATE, BEFORE_UPDATE and
PRECOMMIT_DELETE events.
Change-Id: I4a52c773d3f753c918df0986f1d261083156651c
Floating IP agent gateway ports are created for each external network
for each node where DVR L3 agent is running and where there is some FIP
from the ext_net.
But even, if L3 agent is removed (e.g. when scaling down the cluster),
such floating IP gateway port is never removed so it consumes IP address
from the external network.
With this patch when the DVR L3 agent is deleted, all such fip gateway
ports owned by that agent will be deleted.
When new L3 agent is created (registered in the DB), Neutron will check
if there are any floating IPs on that host and will recreate such FIP
gateway ports for it.
Closes-Bug: #1891360
Change-Id: If6ef990baf039c556d7420962ac4c54608711f06
This reverts commit 062336e59b.
Now, we have proper fix for the system_scope='all' in elevated context
in the neutron-lib so we can revert temporary fix made at the end of the
Wallaby cycle.
Related-Bug: #1920001
Conflicts:
neutron/api/rpc/agentnotifiers/dhcp_rpc_agent_api.py
neutron/common/utils.py
neutron/db/address_group_db.py
neutron/services/segments/db.py
Change-Id: Ife9b647b403bdd76a8a99984ea8858bf95c96bc3
When new dvr router is going to be created on the node, L3 agent
asks server for list of ports plugged to the subnets, to populate
arp entries for all fixed IPs from those ports.
There was missing info about allowed address pairs there, so those
IPs were not populated in the qrouter namespace.
Now it's added and L3 agent can add those arp entries to the qrouter
namespaces too.
Closes-Bug: #1928466
Change-Id: I5d6c72c271ff450d9e43b3e33a99dd59d727882d
In case when enforce_new_defaults is set to True and new policy rules
are used, context.is_admin flag isn't really working as it was with old
rules.
But in case when elevated context is needed, it means that we need
context which has full rights to the system. So we should also set
"system_scope" parameter to "all" to be sure that system scope queries
can be done with such elevated context always.
It is needed e.g. when elevated context is used to get some data from
db. In such case we need to have db query which will not be scoped to
the single project_id and with new defaults to achieve that system_scope
has to be set to "all".
Proper fix for that should be done in neutron-lib and it is proposed
in [1] already but as we are have frozen neutron-lib version for
stable/wallaby already this patch for neutron is temporary fix for that
issue.
We can revert that patch as soon as we will be in Xena development cycle
and [1] will be merged and released.
[1] https://review.opendev.org/c/openstack/neutron-lib/+/781625
Related-Bug: #1920001
Change-Id: I0068c1de09f5c6fae5bb5cd0d6f26f451e701939
assertItemsEqual was removed from Python's unittest.TestCase in
Python 3.3 [1][2]. We have been able to use them since then, because
testtools required unittest2, which still included it. With testtools
removing Python 2.7 support [3][4], we will lose support for
assertItemsEqual, so we should switch to use assertCountEqual.
NOTE(dmllr): added hacking check
[1] - https://bugs.python.org/issue17866
[2] - https://hg.python.org/cpython/rev/d9921cb6e3cd
[3] - testing-cabal/testtools#286
[4] - testing-cabal/testtools#277
Change-Id: I7c20fec08e5dc9f67b34100c925ea6724bbd25f0
This patch implements the last code bits pending to
conclude the new DB engine facade migration.
Due to the resultant interactions in the modified code, is
not possible to submit smaller patches; this code must be
migrated at once.
Partially-Implements blueprint: enginefacade-switch
Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
Co-Authored-By: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Change-Id: Id3f09b78c8d0a8daa7ec4fa6f5bf79f7d5ab8f8b
This is the code behavior aligning for dvr related logical. The
L3 dvr DB will remove all related FIP agent gateway port after there
is no real use of it. But the DvrFipGatewayPortAgentBindings remain,
it will cause the issue of new floating IP failed to bind. This
patch adds the binding deleting action.
Related-bug: #1883089
Change-Id: I62c29e172bc8705dade11d37bb347241ef8ad5f8
In patch [1] it introduced a binding of DB uniq constraint for L3
agent gateway. In some extreme case the DvrFipGatewayPortAgentBinding
is in DB while the gateway port not. The current code path only checks
the binding existence which will pass a "None" port to the following
code path that results an AttributeError. This patch adds a simple check
for that gateway port, if it is not created, new one.
[1] https://review.opendev.org/#/c/702547/
Closes-Bug: #1883089
Change-Id: Ia90f2ee435b0a3476dbea028d3200cefe11e35e4
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This patch moves all references to "import mock" to
"from unittest import mock". It also cleans up some new line
inconsistency.
Fixed an inconsistency in the OVSBridge.deferred() definition
as it needs to also have an *args argument.
Fixed an issue where an l3-agent test was mocking
functools.partial, causing a python3.8 failure.
Unit tests only, removing from tests/base.py affects
functional tests which need additional work.
Change-Id: I40e8a8410840c3774c72ae1a8054574445d66ece
When user is using keepalived on their instances, he often creates
additional port in Neutron to allocate some IP address which will
be then used as VIP in keepalived and will be configured in
allowed_address_pair of other ports plugged to instances with
keepalived.
This is e.g. Octavia's use case.
This together with DVR caused problems with connectivity to such VIP
as it was populated in router's arp cache with MAC address from
Neutron db.
As this port isn't bound, it is only Neutron db entry so there is no
need to set it in arp cache of the router.
This patch is doing exactly that to filter such "unbound" and
"binding_failed" ports from the list.
Change-Id: Ia885ce00dbb5f2968859e8d0850bc511016f0846
Closes-Bug: #1869887
In [1] there was introduced new db table which stored information about
which DVR L3 agent has got already floating ip gateway port. It was to
avoid race conditions and ensure that there is always only one such port
per network and per agent (host).
Unfortunately in [1] there was no added removal of correct record from
this db table so it was causing problems when such port had to be
recreated after it was already on the host and was deleted.
This patch adds removal of such entry from db when needed.
Closes-Bug: #1866336
[1] https://review.opendev.org/#/c/702547/
Change-Id: I56efd1b9f09c0449ce531a185fcf4db353f99fe1
In patch [1] there was introduced simple lock for creation of
DVR agent's floating IP gateway ports for network to avoid races
and creation of duplicated ports for one agent and one network.
This fix from [1] works in simple examples with only one neutron-server,
so it helped e.g. in CI but it wasn't proper fix for production
deployments which are much bigger and have more neutron server api
workers.
So this patch introduces constraint on database level so this works even
across cluster with multiple neutron-server api workers.
[1] https://review.opendev.org/#/c/673331/
Change-Id: Id55b8a21d6ecf5e029d1ca267b2cbd2ed91cca4c
Closes-Bug: #1830763
This patch will remove all the control plane
arp updates for DVR routers. Based on the recent
patch that merged[1], DVR routers will no longer
require the control plane ARP update but will
depend on the ARP Responder for ARP updates.
[1] https://review.opendev.org/#/c/651905/
Change-Id: I538aa6d68fbb5ff8431f82ba76601ee34c1bb181
Implement the Floating IP association logic only in one single place,
L3_NAT_dbonly_mixin._update_fip_assoc(). The dictionary returned will
include a new key, "association_event", with values:
- None: there is no association event. The internal port does not
change.
- True: a new internal port is added to the FIP register. An
association event can imply a disassociation event if the FIP register
had an existing internal port.
- False: the previous internal port is removed and no one is added.
Change-Id: I775aee178cf56f842b3c0a375eda01577840e227
Related-Bug: #1842327
When a DVR router is migrated from distributed to
centralized, we are unbinding the router from the
agents, but the ml2 distributed portbindings for
the router port still remains intact.
This patch will fix the issue by deleting the
binding entry for multiple hosts.
Closes-Bug: #1718345
Change-Id: If139790eb336ff13b07b094151946af30322ad3e
Removed E125 (continuation line does not distinguish itself
from next logical line) from the ignore list and fixed all
the indentation issues. Didn't think it was going to be
close to 100 files when I started.
Change-Id: I0a6f5efec4b7d8d3632dd9dbb43e0ab58af9dff3
Enforce that a user updates the admin state of a router before modifying
the distributed state. The API currently allows setting admin state to
false concurrently with changing the distributed state.
This is fine for a transition of centralized->distributed, but the
distributed->centralized transition could leave other nodes configured
as distributed until an audit is performed.
Commit adds shim api extension which should be replaced by neutron-lib
shim extension once https://review.openstack.org/#/c/634509/ is merged.
New method 'is_admin_state_down_necessary' checks that shim extension
is loaded.
Set extension as standard by adding to _supported_extension_aliases in
neutron/services/l3_router/l3_router_plugin.py
Closes-Bug: #1811166
Co-Authored-By: Allain Legacy <allain.legacy@windriver.com>
Co-Authored-By: Enyinna Ochulor <enyinna.ochulor@intel.com>
Change-Id: Ie624aeb3f3aeb4db176d2ca0b22020208d4b408a
Signed-off-by: Matt Welch <matt.welch@intel.com>
This prevents agent gw ports created in cases where the fip is not
serviced by a dvr enable router. Also, when the router is not DVR
enabled, deleting the gw port becomes a problem even after the router
attachments to the external network are deleted. This fix creates the
agent gw port only if the router associated with the fip is distributed.
Closes-Bug: #1810349
Co-Authored-By: Allain Legacy <allain.legacy@windriver.com>
Co-Authored-By: Matt Peters <Matt.Peters@windriver.com>
Co-Authored-By: Matt Welch <matt.welch@intel.com>
Change-Id: Ibcf087136e30535678c7600bac6ce4d621afe830
Signed-off-by: Enyinna Ochulor <enyinna.ochulor@intel.com>
The functionality within neutron.db.common_db_mixin is available via
neutron-lib APIs. This patch removes common_db_mixin and updates any
uses of it to use neutron-lib instead.
Depends-On: https://review.openstack.org/#/c/636159/
NeutronLibImpact
Change-Id: I2388f90b37abb09408809dda8c21da551bcd94bb
In method _generate_arp_table_and_notify_agent in neutron.db.l3_dvr_db
module notifiations about arp table was send only to one router
connected to subnet.
Now it will check if subnet is connected to more than one
dvr router and will send same notification to all such routers.
Closes-Bug: #1815913
Change-Id: I6a7d7f6645a8a7b5219788d51e17d54844d145bc
Some L3 ports can directly modify the IP address now,
but there are some types of device_owner, for instance
network:router_centralized_snat, should not allow to
change the IP address, otherwise it will increase L3
agent code complexity.
Since router public gateway port is related to the
external network, and this port can be used for some
service, like VPN. So after this patch we will only
allow the gateway port to update the IP address
directly, aka device_owner network:router_gateway.
The following l3 router ports will not be allowed to
directly update the IP address:
network:ha_router_replicated_interface
network:router_centralized_snat
network:router_ha_interface
network:router_interface
network:router_interface_distributed
Remove one unit test case since it will not occur in
neutron.
Change-Id: I2890a71abc82cb781b601afb879bdcca10e39257
Closes-Bug: #1796824
When associating a floating IP to a port and the router is distributed,
the VNIC type of this port must be "normal" only. In any other case,
the floating IP can't be assigned. For example, a SR-IOV can have a
floating IP if the router is distributed (the router is in the same
host of the port).
Closes-Bug: #1566951
Change-Id: I4944041df81e24683bc612560808bcdcc2db6bf2
During L3 agent restart, the dvr ha router gateway port
binding host may change because the multiple ha router
scheduled hosts.
After this patch, we return the 'master' ha binding host
directly during the gateway port create. And do not let
the original 'master' (current is backup) host override
the gateway port binding host.
Closes-Bug: #1793529
Change-Id: Icb2112c7f0bd42c4f4b1cf32d6b83b6d97f85ef7
If router gateway info update, in l3_dvr_db will receive events,
We will get subnets from router attached DVR port, if exists
multiple IPv6 slaac-enabled subnets, previous code will create
csnat port form one of the IPv6 subnets.
This is inconsistency with router interface
udpate in _update_snat_v6_addrs_after_intf_update.
This patch adds all IPv6 subnets if the distributed
router port have multiple IPv6 subnets.
Change-Id: I02ffed238897ebc91b96aebb7f94ed90b7613769
Closes-Bug: #1786169
Commit I81748aa0e48b1275df3e1ea41b1d36a117d0097d added the l3 extension
API definition to neutron-lib and commit
I2324a3a02789c798248cab41c278a2d9981d24be rehomed the l3 exceptions,
while Ifd79eb1a92853e49bd4ef028e7a7bd89811c6957 shims the l3
exceptions.
This patch consumes the l3 api def by:
- Removing the code from neutron that's now in lib.
- Using lib's version of the code where applicable.
- Tidying up the related unit tests as now that the l3 api def from lib
is used the necessary fixture is already setup in the parent chain when
setting up the unit test class.
NeutronLibImpact
Change-Id: If2e66e06b83e15ee2851ea2bc3b64ad366e675dd
This is an additional test for deleting csnat port when
migrating DVR router to HA router.
Change-Id: I4a2365fe3a64b65034280558ffe6312d8dabd600
Partial-Bug: #1714251
With a recent change to the neutron server code, the server was
processing floating IPs that were not bound to the respective
agent during fullsync operation.
Change to always initialize floating IP host info so callers
can determine if info should be sent to an agent or not.
Also changed the logic that decides when the server should
send a floating IP to an agent to be easier to understand.
Closes-bug: #1713927
Change-Id: Ic916225e0a11c3fb8cd94437ca063e0d3295a569
When trying to add routerport as router OVO's synthetic field,
the routerport should be eagerly loaded in router db.
Router OVO creation PS: I6df6b9d90c6a7281edc39cfafd9ea33e9a7a0b34
Change-Id: I5dcf9dc358c1122b2b22a6c4f40ae0b170e2003c
Zuul