When a HA router is created and the HA is not yet, before creating
the router, the Neutron server creates the HA network and the
corresponding subnet.
The HA network cannot be duplicated (see previous patches related to
this bug). But the subnet, that is created in another database
transaction, cannot be present when the router creation call tries
to create the HA port.
This patch adds a HA subnet check before creating the router and the
HA port. Even if the subnet check fails and the worker tries to
create this subnet, if the process fails with ``InvalidInput``, that
means other worker created the subnet before and the current one
fails because tries to create the same subnet with the same CIDR.
In this case, we dismiss the exception and continue with the router
creation.
Closes-Bug: #2016198
Change-Id: I82225fcc6248bb0fd68959ceb1daabff423d81ff
This patch implements the new network HA boolean field API extension.
This field is an input only parameter for POST operations (creation).
By default is "False". When enabled, the Neutron server will create
a ``ha_router_networks`` register in the same transaction of the
network creation.
If by any circumstance (a race condition, for example), another
``ha_router_networks`` exists in the same project, a
``DBDuplicateEntry`` exception will be raised and the transaction
will be rolled back.
Partial-Bug: #2016198
Change-Id: Ie42c13ecbe4abcad9229b71f6942e393fd0f2e4e
If someone removes the port with device owner router_ha_interface,
then we can get unexpected router behavior like doubling
arp response packets. This patch prohibits removing such a port.
Closes-Bug: #2008270
Change-Id: Ief031801c1a3e3dd64e6cbf65e27f04f2bef9cba
Since [1] (in oslo.db>9.1.0), the ``Session.autocommit`` member
is removed and should not be considered. This patch removes this
dependency while keeping backwards compatibility. This code will
be removed in future releases.
Due to the neutron-lib dependency, this patch bumps the needed
library version to 3.1.0.
[1]https://review.opendev.org/c/openstack/oslo.db/+/804775
Depends-On: https://review.opendev.org/c/openstack/neutron-lib/+/851193
Closes-Bug: #1982818
Change-Id: Ibfcf9d5f6cd805f2d64fcd88049e2b43fedc3497
In case when HA router isn't active on any L3 agent,
_ensure_host_set_on_port method shouldn't try to update port's host to
the host from which there was an rpc message sent, as this can be host
on which router is in the "standby" mode.
This method should only update port's host to the router's "active_host"
if there is such active_host found already.
Depends-On: https://review.opendev.org/c/openstack/requirements/+/841489
Closes-Bug: #1973162
Closes-Bug: #1942190
Change-Id: Ib3945d294601b35f9b268c25841cd284b52c4ca3
When a router is deleted, the server checks first if there are ports
still attached. In this case, the exception "RouterInUse" is raised.
This patch adds the port IDs to the exception message.
Related-Bug: #1962167
Change-Id: I5b5e31677f81d7ba47a457044a6b58910ae41466
When I writing 'ndp_proxy' service plugin, I found I couldn't get enough
informations about router from the callback system (Such as: the origin
request body of user send). So, for write service plugin that related
router plugin more concisely I commit this patch.
This patch proposal two changes about router callback publish events:
1. Add 'request_body' parameter to some event's payload
2. add 'BEFORE_UPDATE' event for router gateway
Related-bug: #1877301
Change-Id: I5f6a4e6f0b7c5feb794ddb7efbd07d01bad91af8
Config option allow_overlapping_ips is deprecated to removal now and
will be removed in the Z cycle.
Default value for that option is now set to True as this is supported by
IPAM module in Neutron.
Related-Bug: #1942294
Change-Id: I17bf5e4483025e9cc4ee04dd3e7c925f7bddc3db
This patch switches over to callback payloads for ROUTER
AFTER_CREATE, AFTER_UPDATE and AFTER_DELETE events.
Change-Id: Ie818ffbb1a291faa80501157b46ff6671d5c26ba
Method _ensure_vr_id_and_network is not used in l3_hamode_db.py,
hence method and related tests can be removed.
Closes-Bug: #1715371
Change-Id: I9a64e683f060573195a88b3c4ee34abbd941fa44
Now that we are python3 only, we should move to using the built
in version of mock that supports all of our testing needs and
remove the dependency on the "mock" package.
This patch moves all references to "import mock" to
"from unittest import mock". It also cleans up some new line
inconsistency.
Fixed an inconsistency in the OVSBridge.deferred() definition
as it needs to also have an *args argument.
Fixed an issue where an l3-agent test was mocking
functools.partial, causing a python3.8 failure.
Unit tests only, removing from tests/base.py affects
functional tests which need additional work.
Change-Id: I40e8a8410840c3774c72ae1a8054574445d66ece
The tracked resources quota check is done at the beginning of an API
call to the Neutron server. The API call contains a resource and an
action over the resource. In case of creation, the server checks if
the number of items requested fits in the existing quota.
In case of security group creation, the tracked resource checked is
"security_group". But "SecurityGroupDbMixin.create_security_group"
method also creates several default rules for the new group and the
quota for "security_group_rule" is not enforced.
This patch checks the number of security group rules being created
("delta") and checks in the plugin method (not in the API method) if
there is enough room for those new rules (tracked resource
"security_group_rule").
Change-Id: I0a9b91b09d6260ff96fdba2f0a455de53bbc1f00
Closes-Bug: #1858680
The functionality within neutron.db.common_db_mixin is available via
neutron-lib APIs. This patch removes common_db_mixin and updates any
uses of it to use neutron-lib instead.
Depends-On: https://review.openstack.org/#/c/636159/
NeutronLibImpact
Change-Id: I2388f90b37abb09408809dda8c21da551bcd94bb
Today a number of classes define their supported_extension_aliases
using static strings rather than API definition ALIASes. This patch
switches them to use the ALIAS where applicable.
Change-Id: I716270c68a9fcd850c3c26de31bc13ea16def23d
All of the externally consumed variables from neutron.common.constants
now live in neutron-lib. This patch removes neutron.common.constants
and switches all uses over to lib.
NeutronLibImpact
Depends-On: https://review.openstack.org/#/c/647836/
Change-Id: I3c2f28ecd18996a1cee1ae3af399166defe9da87
Reduces E128 warnings by ~260 to just ~900,
no way we're getting rid of all of them at once (or ever).
Files under neutron/tests still have a ton of E128 warnings.
Change-Id: I9137150ccf129bf443e33428267cd4bc9c323b54
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Some L3 ports can directly modify the IP address now,
but there are some types of device_owner, for instance
network:router_centralized_snat, should not allow to
change the IP address, otherwise it will increase L3
agent code complexity.
Since router public gateway port is related to the
external network, and this port can be used for some
service, like VPN. So after this patch we will only
allow the gateway port to update the IP address
directly, aka device_owner network:router_gateway.
The following l3 router ports will not be allowed to
directly update the IP address:
network:ha_router_replicated_interface
network:router_centralized_snat
network:router_ha_interface
network:router_interface
network:router_interface_distributed
Remove one unit test case since it will not occur in
neutron.
Change-Id: I2890a71abc82cb781b601afb879bdcca10e39257
Closes-Bug: #1796824
During L3 agent restart, the dvr ha router gateway port
binding host may change because the multiple ha router
scheduled hosts.
After this patch, we return the 'master' ha binding host
directly during the gateway port create. And do not let
the original 'master' (current is backup) host override
the gateway port binding host.
Closes-Bug: #1793529
Change-Id: Icb2112c7f0bd42c4f4b1cf32d6b83b6d97f85ef7
After the addition of a new resource and related events with [1],
this patch adds the necessary notifications for l3 flavor,
resource(ROUTER_CONTROLLER) and events(PRECOMMIT_ADD_ASSOCIATION and
PRECOMMIT_DELETE_ASSOCIATIONS) so that l3 flavor driver can subscribe to
them when flavor is changed.
Apply callback priority to ensure that the ordering of callback the
following.
- l3_*_db callbacks to extend l3 extended attributes
This callbacks need to be called first so that rest callbacks can
see those extended attributes.
- l3 driver controller callbacks
- l3 flavor driver callbacks
extra routes/l3_gwmode/l3_hamode need care because they are
updated via update_router but within different db transaction.
[1] I1e72ee843851004d26410a90da4030ab3b024741
Closes-Bug: #1745633
Co-Authored-By: Manjeet Singh Bhatia<manjeet.s.bhatia@intel.com>
Change-Id: If20b11f0587f1ed30db72d97c15b20d4c6e87543
Depends-On: https://review.openstack.org/#/c/541766/
A HA router should always be active unless all of the agents hosting
that router go down. In that event, the router should switch to
standby. This behavior changed with review:
https://review.openstack.org/#/c/411784
That review seemed to be accounting for a flakey message bus. This
change should account for that, but also revert to the original behavior
of the router state only changing when its backing agent hosts are down.
Change-Id: I89c3b2546382624f175f8de4de621c3e53adf527
Closes-Bug: 1682145
There is a race condition in update_routers_states that may result in
some fixed ips incorrectly deallocated from router ports. This may
happen if update_routers_states fetches ports' state before another
thread updates the list; then update_routers_states passes port payloads
with old fixed ips into update_port, which results in ip address
deallocation. Among other things, l3 agent will detect the change and
remove the affected subnet prefix from radvd configuration file, since
it doesn't configure extra_subnets for RA.
There is no need to pass full port payload into update_port just to set
host. This patch replaces the payload with a dict of one key - host.
This allows core plugin to handle just this host field change, leaving
existing allocations (and other port attributes) intact.
Change-Id: Ib2c661d6e2cb8e34676fd83e19b6cf65c232545d
Closes-Bug: #1743658
Commit I81748aa0e48b1275df3e1ea41b1d36a117d0097d added the l3 extension
API definition to neutron-lib and commit
I2324a3a02789c798248cab41c278a2d9981d24be rehomed the l3 exceptions,
while Ifd79eb1a92853e49bd4ef028e7a7bd89811c6957 shims the l3
exceptions.
This patch consumes the l3 api def by:
- Removing the code from neutron that's now in lib.
- Using lib's version of the code where applicable.
- Tidying up the related unit tests as now that the l3 api def from lib
is used the necessary fixture is already setup in the parent chain when
setting up the unit test class.
NeutronLibImpact
Change-Id: If2e66e06b83e15ee2851ea2bc3b64ad366e675dd
Before this change, DVR_SNAT agents would get no routers when
asking for updates due to provisioning of DHCP ports on the
node they are running on. This means that there's no connectivity
between the DHCP port and the network gateway (that may be
hosted on a different node), and therefore things like DNS may
break when a VM attempts resolution when talking to the affected
DHCP port.
This change relaxed a conditional that prevents the right list of
routers to be compiled and returned from the server to the agent.
The agent on the other hand needs to make sure to allocate the
right type of router based on what is being returned from the server.
Closes-bug: #1733987
Change-Id: I6124738c3324e0cc3f7998e3a541ff7547f2a8a7
The l3 ext ha mode extension's API definition was rehomed into
neutron-lib with commit Ie407d56cdac6996133fcd855754185c74707e992
This patch consumes the API definition by removing/using the rehomed
code and using the APIExtensionDescriptor for the extension class.
NeutronLibImpact
Change-Id: I8f728c8707172ed7340fb90cce43b885c61938c2
The external network extension's API definition was rehomed into
neutron-lib with I9933b91d1e82db3891b3b72f06e94316e56a4f15. This patch
consumes it, switch over to neutron-lib's modules and removing the
rehomed code in neutron.
NeutronLibImpact
Change-Id: I696b52265b9528082cd2524f05febe2338376488
The neutron-lib commit I360545b6ee4291547e0c5c8e668ad03d3efa4725 moved
the externally consumed globals from neutron.common.constants into lib.
With the exception of PROVISIONAL_IPV6_PD_PREFIX all other constants
in neutron.common.constants should only be used in neutron, and will
hopefully remain that way. External consumers needing access to other
common constants should move them into lib first.
NeutronLibImpact
Change-Id: Ie4bcffccf626a6e1de84af01f3487feb825f8b65
When HA router is migrated to DVR, router's
DEVICE_OWNER_HA_REPLICATED_INT interface has to be updated
to DEVICE_OWNER_DVR_INTERFACE.
Similarly for DVR to HA migration, DEVICE_OWNER_DVR_INTERFACE
has to be updated to DEVICE_OWNER_HA_REPLICATED_INT.
Also, for Legacy to HA migration, DEVICE_OWNER_ROUTER_INTF
has to be updated to DEVICE_OWNER_HA_REPLICATED_INT.
Also added unit test cases for all possible migration cases.
Closes-Bug: 1714796
Change-Id: I23642b3f5fe8411d0c8c526750f6965caa71fc2f
When trying to add routerport as router OVO's synthetic field,
the routerport should be eagerly loaded in router db.
Router OVO creation PS: I6df6b9d90c6a7281edc39cfafd9ea33e9a7a0b34
Change-Id: I5dcf9dc358c1122b2b22a6c4f40ae0b170e2003c
This patch introduces and integrates OVO for L3 HA Router.
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Co-Authored-By: Vu Cong Tuan <tuanvc@vn.fujitsu.com>
Change-Id: I3463921dec415dd073503ab9470588193d08ce87
Partially-Implements: blueprint adopt-oslo-versioned-objects-for-db
In commit 500b255278 we are using
"get_router_ids" RPC to update HA network port status. But that
was needed to backport that commit to other branches.
As "get_router_ids" RPC is expected to fetch only router ids and
not to have any other processing, we are adding new RPC
"update_ha_network_port_status". L3 agent will call this new RPC
to set HA network port status to DOWN.
Related-bug: #1597461
Change-Id: I8f34c4f5178d2b422cfcfd082dfc9cf3f89a5d95
The well known service type constants are in
neutron_lib.plugins.constants, but for legacy reasons a few still exist
and are referenced from neutron_lib.constants that we'd like to remove.
This patch switches references over to neutron_lib's plugin constants.
Change-Id: I1861448cec303725b30cef8f42029f467f9e03a3
When l3 agent node is rebooted, if HA network port status is already
ACTIVE in DB, agent will get this status from server and then spawn
the keepalived (though l2 agent might not have wired the port),
resulting in multiple HA masters active at the same time.
To fix this, when the L3 agent starts up we can have it explicitly
set the port status to DOWN for all of the HA ports on that node.
Then we are guaranteed that when they go to ACTIVE it will be because
the L2 agent has wired the ports.
Closes-bug: #1597461
Change-Id: Ib0c8a71b6ff97e43a414f3db4882914b12170d53
The ports owned by a router_gateway need to get its host_id property
updated during the failover of a router. Otherwise the port connected
to the external network will always have its host_id set to the value
obtained during creation.
Change-Id: I5eca20e3cc64d7a9e52b0556a3cadd29eb4c821d
Closes-Bug: 1694337
The callback modules have been available in neutron-lib since commit [1]
and are ready for consumption.
As the callback registry is implemented with a singleton manager
instance, sync complications can arise ensuring all consumers switch to
lib's implementation at the same time. Therefore this consumption has
been broken down:
1) Shim neutron's callbacks using lib's callback system and remove
existing neutron internals related to callbacks (devref, UTs, etc.).
2) Switch all neutron's callback imports over to neutron-lib's.
3) Have all sub-projects using callbacks move their imports over to use
neutron-lib's callbacks implementation.
4) Remove the callback shims in neutron-lib once sub-projects are moved
over to lib's callbacks.
5) Follow-on patches moving our existing uses of callbacks to the new
event payload model provided by neutron-lib.callback.events
This patch implements #2 from above, moving all neutron's callback
imports to use neutron-lib's callbacks.
There are also a few places in the UT code that still patch callbacks,
we can address those in step #4 which may need [2].
NeutronLibImpact
[1] fea8bb64ba7ff52632c2bd3e3298eaedf623ee4f
[2] I9966c90e3f90552b41ed84a68b19f3e540426432
Change-Id: I8dae56f0f5c009bdf3e8ebfa1b360756216ab886
Neutron-lib 1.1.0 is now out and contains the portbindings
API definition (as per commit [1]). This patch moves neutron
references over to the neutron-lib version.
NeutronLibImpact
- Consumers using the public constants within neutron's
portbindings API extension must now use the values
from neutron-lib.
[1] 87e42f993c07ae320159d5123662ee9f3bd4d903
Change-Id: I669af9b4c712877772d91a03857ab108714001d4
Neutron-lib 1.1.0 is now out and contains the provider
network API definition (as per commit [1]). This patch
moves neutron references over to the neutron-lib
version.
NeutronLibImpact
- Consumers using the public constants within neutron's
providernet API extension must now use the values
from neutron-lib.
[1] cba0f9f0dd920b1f828c4bba3bd388d5b4eb9abf
Change-Id: I46390a159e93642901de87ea6604f2e7ffa03bad
This switches to the use of subqueries for 1-m relationships
which will result in a higher constant query factor but will
eliminate the potential for cross-product explosions.
Closes-Bug: #1649317
Change-Id: I6952c48236153a8e2f2f155375b70573ddc2cf0f
After deleting the router interfaces, another concurrent
process (e.g. HA port creation) could happen before the actual
router is deleted, which would lead to an SQLAlchemy error due
to the relationship being violated.
This patch fixes the issue by bumping the router revision before
deleting the router to check for concurrent interface additions.
A race will trigger a staledataerror which will be retried by
the decorator
Closes-Bug: #1655281
Change-Id: I465e9a2f9b216991afa26c16271854fb88068006