Commit Graph

367 Commits

Author SHA1 Message Date
Slawek Kaplonski ce53fb55ad [OVN] Warn about invalid OVN and FIP PF config during start of Neutron
In case when port_forwarding service plugin is enabled and vlan or flat
network (provider network types) is configured as one of the
tenant_network_types in the ML2 config there is an issue with
centralized and distributed traffic.
FIP port forwarding in ovn backend are implemented as OVN Load balancers
thus are always centralized but if "enable_distributed_floating_ip" is
set to True, FIPs are distributed. And in such case it won't work as
expected as either it tries to send FIP PF's traffic as distributed when
"reside-on-redirect-chassis" for LRP is set to "false" or
tries to centralized everything (even FIP which should be distributed)
when "reside-on-redirect-chassis" is set to "true".

It's not really easy to avoid that issue from the code so this patch
adds warning in the upgrade checks and also log warning about it during
start of the neutron server process to at least warn cloud admin that
such potential issue may happen in the cloud.

Related-Bug: #2028846
Change-Id: I398f3f676c59dc794cf03320fa45efc7b22fc003
2024-02-06 14:46:48 +00:00
Lucas Alvares Gomes 114ca0f1be Fix IGMP inconsistency across drivers
Prior to this patch, ML2/OVS and ML2/OVN had inconsistent IGMP
configurations. Neutron only exposed one configuration option for IGMP:
igmp_snooping_enabled.

Other features such as IGMP flood, IGMP flood reports and IGMP flood
unregistered were hardcoded differently on each driver (see LP#2044272
for a more details).

These hardcoded values has led to many changes over the years tweaking
them to work on different scenarios but they were never final because
the fix for one case would break the other.

This patch introduces 3 new configuration options for these other IGMP
features that can be enabled or disabled on both backends. Operators
can now fine tune their deployments in the way that will work for them.

As a consequence of the hardcoded values for each driver we had to break
some defaults and, in the case of ML2/OVS, if operators want to keep
things as they were before this patch they will need to enable the new
mcast_flood and mcast_flood_unregistered configuration options.

That said, the for ML2/OVS there was also an inconsistency with the help
string of igmp_snooping_enabled configuration option as it mentioned
that enabling snooping would disable flooding to unregistered ports but
that was not true anymore after the fix [0].

[0] https://bugs.launchpad.net/neutron/+bug/1884723

Closes-Bug: #2044272
Change-Id: Ic4dde46aa0ea2b03362329c87341c83b24d32176
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2023-12-15 09:05:19 +00:00
Zuul 0bb22b355e Merge "[OVN] Add baremetal support without Neutron DHCP agent for IPv6" 2023-12-12 03:32:18 +00:00
Zuul a0ef04d3b7 Merge "[OVN] Remove backwards compatibility with OVN < v20.09" 2023-12-08 22:08:24 +00:00
Zuul 46ba0fa339 Merge "Register GMR with config" 2023-12-08 18:32:17 +00:00
Rodolfo Alonso Hernandez a579e504e9 [OVN] Remove backwards compatibility with OVN < v20.09
This patch removes the compatibility with OVN under v20.09. That
implies the OVN Southbound definition has "Chassis_Private" table.
Any previous check is removed from the code.

This patch also adds a sanity check, testing that the OVN Southbound
database definition is greater or equal to 2.9.0 [1].

The testing OVN NB and SB schemas are updated to the files contained in
OVN v22.09. The new testing NB schema version is 6.3.9; the new testing
SB schema version is 20.25.0.

[1]4adc10f581

Closes-Bug: #2002839
Change-Id: Iec8854749a1df81eb6a7154d3f951e176c69156d
2023-12-04 09:20:57 +00:00
Slawek Kaplonski 034fcb0f6d [OVN] Add baremetal support without Neutron DHCP agent for IPv6
Support for the required DHCPv6 options was recently added in core
OVN with [1].
This patch adds support for that in ML2/OVN backend also and by that
closing one of the gaps between ML2/OVN and ML2/OVS backends.

This patch also adds upgrade check to check used ovn version and warn
operators if native OVN DHCP is used for BM provisioning and OVN version
is older than 23.06.0.
Unfortunately there is no easy way to check used version of OVN so check
relies on the ovnnb schema version.

[1] c5fd51bd15

Closes-Bug: #2030520
Change-Id: Iaa3ff8e97021e44f352e5a9a370714bf5f1d77b8
2023-11-29 09:36:27 +01:00
Takashi Kajinami 47d140d4d0 Replace network type names by constants
Each network type name is defined as a constant in neutron-lib. This
replaces the remaining string by the common constants.

This change ignores tests code because updating all test code brings
little gain while it touches huge number of lines.

Change-Id: I26ee715209d7d3f12c39c9e05d4fb9953b9b9537
2023-11-28 16:06:13 +09:00
Zuul 5c3f1cd02f Merge "Update OVN db sync code log messages" 2023-11-20 15:25:46 +00:00
Zuul 0f3cbde095 Merge "Use convert_version_to_tuple() throughout tree" 2023-10-30 11:37:32 +00:00
Brian Haley bd0fec95fa Use convert_version_to_tuple() throughout tree
Most code uses convert_version_to_tuple() from
oslo_utils.versionutils to determine minimum version
numbers, but there were two places that used the
packaging.version class instead. Change to always
use the same code throughout the tree.

Also added a flake8 enforcement check for it so we
don't regress.

TrivialFix

Change-Id: Ida4dcd504562646f0a450160e57680a44c387b1d
2023-10-20 18:03:21 -04:00
Zuul dad8c3fecc Merge "Fix python shebang" 2023-10-20 21:48:21 +00:00
Zuul 1d9e9e01e7 Merge "Add note to avoid version checks in sanity checks" 2023-10-19 19:39:30 +00:00
Terry Wilson f18c5426b0 Add note to avoid version checks in sanity checks
Change-Id: I71be7929a3ed9c0bcec350a35f054b8faddbeea7
2023-10-18 14:20:34 +00:00
Brian Haley 73cd6dca74 Update OVN db sync code log messages
When running the OVN db sync tool, the log messages are
inconsistent between functions, attempt to sanitize them
so the output is a little more structured by:

1) Always logging a start/end time for each major section

2) Always use LOG.warning when fixing inconsistencies

3) Be consistent using 'OVN NB/SB DB' in messages

4) Try to use full name of object being updated, for example,
   'floating IP' not 'fip'

Also fixed the following:

1) Only drop into blocks if in SYNC_MODE_REPAIR and there
   is work to be performed

2) Random text fix-ups

Functionally the code is unchanged.

Trivialfix

Change-Id: I6060745aff0f5bc0037fb74568d81d27f3d91313
2023-10-17 18:21:06 -04:00
Takashi Kajinami 6a5859fc07 Fix python shebang
The current shebang requires /usr/bin/python which is not available in
Ubuntu Jammy by default.

This also fixes some unnecessary/missing shebangs.

Change-Id: Ib25a0a7f39f68f43622609391710dd3b1abc2d00
2023-10-17 16:02:25 +00:00
Rodolfo Alonso Hernandez 0aa154b5ce Fix the ``log.setup`` method call with "fix_eventlet=False"
Since [1], present in oslo.log 5.3.0, the ``log.setup`` method is
unpatching the evenlet thread module. That is causing several problems
in some Neutron services, in particular the keepalived-state-change
service.

Within this oslo.log version, the patch [2] is provided to call this
method without unpatching any eventlet module.

This patch is also bumping the minimum required version of oslo.log
to 5.3.0, in order to call the ``log.setup`` method with the kwarg
"fix_eventlet=False".

[1]https://review.opendev.org/c/openstack/oslo.log/+/852443
[2]I4bbcfe7db6d75188e61b9084cb02b2dd2aaa0c76

Closes-Bug: #2037239

Change-Id: Iea77d20bec330b692e3e8c9e38b3a62e2047b4f4
2023-10-05 13:16:21 +00:00
Arnaud Morin 56821b6aea Register GMR with config
As an operator, we want to set oslo_reports/file_event_handler because
when running behind a wsgi server, GMR cannot register the Signal to be
trigger.
The parameter file_event_handler has been designed for this specific use
case but it was not used correctly by neutron.

Closes-Bug: #2021814

Change-Id: Id13de1a3f9ea2eaaa7521eedf905aa0dd993ff89
Signed-off-by: Arnaud Morin <arnaud.morin@ovhcloud.com>
2023-09-26 14:56:06 +00:00
Lucas Alvares Gomes 9e8e3a7867 [OVN] Hash Ring: Better handle Neutron worker failures
This patch implements a more resilient approach to handle the case
where Neutron API workers are killed and restarted. Instead of marking
all nodes for that host as offline, this patch tries to remove the
worker that was killed from the Hash Ring leaving all others nodes for
that host online.

In case the we fail to remove the node and another entry is added upon the
restart of the worker this patch also logs a clear critical log message to
alert the operator that there are more Hash Ring nodes than API workers
(it's expect to be the same) and that OVSDB events could go missing if
they are routed to the previous node that failed to be removed from the
ring.

Closes-Bug: #2024205
Change-Id: I4b7376cf7df45fcc6e487970b068d06b4e74e319
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2023-08-01 10:05:36 +01:00
yatinkarel 36db70a718 Add sanity check for dnsmasq 2.86
dnsmasq 2.86 has a known issue where it segfaults
with configuration refresh. 2.87 has the fix included.

This patch adds a sanity check to warn users if running
a buggy version.

Related-Bug: #2026757
Change-Id: Id4f26c8a9aa6c18b9471349131a5a2b63d375772
2023-07-20 14:41:06 +05:30
Lucas Alvares Gomes f2e3ab3805 [OVN] Hash Ring: Set nodes as offline upon exit
This patch implements the proposed solution from LP #2024205 where upon
a Neutron being killed, it could trigger the deletion of the entries
from the ovn_hash_ring table that matches the server hostname. When
this happens on all controllers this could lead to the ovn_hash_ring
being rendered empty which will result in ML2/OVN not processing any
OVSDB events.

Instead of removing the nodes from the ovn_hash_ring table at exit, this
patch changes the code to just mark them as offline instead. That way,
the nodes will remain registered in the table and the heartbeat thread
will set them as online again on the next beat. If the service is
stopped properly there won't be any heartbeat anymore and the nodes will
be seeing as offline by the Hash Ring Manager (same as if they were
deleted).

For more info see LP #2024205.

Closes-Bug: #2024205
Change-Id: I052841c87651773c4988fcf39f9f978094297704
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2023-06-21 15:20:35 +01:00
Rodolfo Alonso Hernandez 6a2ccfac32 Make "project_id" in "L3HARouterNetwork" unique constraint
There could be just only one HA network per project. This database
enforcement guarantees this limitation.

Partial-Bug: #2016198
Change-Id: Ieb8aac6244d384b0af522f9ba145e9367de2c8ef
2023-05-10 09:15:05 +02:00
Rodolfo Alonso Hernandez 98ac1fa31a [sqlalchemy-20] Add the transaction context to the upgrade checks methods
In ``cmd.upgrade_checks.checks``, there are some methods that access to
the database. The queries are now inside a database context (reader or
writer depending on the query).

Closes-Bug: #2019119

Change-Id: I35b1311576bcf1681ab4932f0baeb4cd3099301c
2023-05-10 09:12:16 +02:00
Rodolfo Alonso Hernandez a9963e90d9 ``_get_ovn_version`` returns a 3 element tuple
The output of this method should be compared to a 3 element
tuple.

This patch changes the minimum versions of the supported
features to have 3 elements too. This are the version changes
and their justifications:
* OVN_NB_DB_SCHEMA_GATEWAY_CHASSIS = '5.7.0'
  Version reported in LP#2008077
* OVN_NB_DB_SCHEMA_PORT_GROUP = '5.11.0'
  Version reported in LP#1946023
* OVN_NB_DB_SCHEMA_STATELESS_NAT = '5.17.0'
  Version reported in LP#1949494
* OVN_SB_DB_SCHEMA_VIRTUAL_PORT = '2.5.0'
  Version reported in LP#1949496
* OVN_LOCALNET_LEARN_FDB = '22.09.0'
  Version reported in LP#1946023. In fact, the version
  supporting this feature is older.

Closes-Bug: #2017878
Change-Id: Idc19b30e2453b4d68473b488dba226dc48be9efe
2023-04-28 18:34:21 +02:00
Luis Tomas Bolivar 7dfbdf65a7 Add support for localnet_learn_fdb OVN option
In OVN 22.09, the option "localnet_learn_fdb" was added so that
localnet ports can learn MAC addresses and store them in the FDB
table. This avoids flooding issues for VMs on provider networks
when port security is disabled

Closes-Bug: #2012069
Change-Id: I93574b4fe9a79b649bfe755cf7e0697ccc7eb83a
2023-04-13 12:01:18 +02:00
Rodolfo Alonso Hernandez 999116126e Add full support for OVN NB "Gateway_Chassis" table
This table is supported since OVN v20.03.

Closes-Bug: #2008077
Change-Id: I3022f6cb2ecb2d342f6fcb43835f378308c3cb96
2023-03-02 17:35:18 +00:00
Zuul 8255228fae Merge "Enable qos extension_driver in ovn_db_sync" 2023-02-17 22:12:39 +00:00
Rodolfo Alonso Hernandez 47fef55e25 Add a method to retrieve and register "rpc_workers" config knob
This new method retrieves the config option "rpc_workers" from the
configuration. If this option is not loaded, the method registers
the ``neutron.conf.service.SERVICE_OPTS`` options before reading
the knob again.

Closes-Bug: #2004656
Related-Bug: #1889737

Change-Id: I1f99cb32f33cc91141136cb4e3fbd33715530c59
2023-02-08 11:48:48 +01:00
Jake Yip 8be42f6d72 Enable qos extension_driver in ovn_db_sync
In Change Ib597b62017b56b41009dd4d7359e169f424272b0, the 'qos'
service_plugin is enabled when doing an ovn_db_sync. However, if the
'qos' extension_driver is not installed, it will error out.

Append 'qos' extension_driver when using sync to fix this issue.

Closes-Bug: #1988577
Change-Id: I422d86b8e5650ced4e2cc722cea9cc30061905b4
2023-02-03 01:39:39 +00:00
Rodolfo Alonso Hernandez d0c7bb653a [OVN] Implementation of OVN Neutron Agent
This patch implements the OVN Neutron Agent executable, the extension
manager engine, the agent extension abstract class and the configuration
section.

Related-Bug: #1998608
Change-Id: I94bb98217e03f9ac314cb9723da277a23368649c
2023-01-26 07:41:38 +01:00
Zuul 22c973ee59 Merge "Delete the PB level registers when deleting the duplicated PB" 2023-01-16 14:43:14 +00:00
Deepak Tiwari 02030f037a ovs-dpdk support in neutron-sanity-check
While creating bridges, pass the optional argument 'datapath_type'.
This parameter is read from openvswitch.ini conf file.

Closes-Bug: #1842517

Change-Id: I05f0484636e4da6290c750a1eabd5f9d09588008
2023-01-04 16:54:17 -05:00
Rodolfo Alonso Hernandez 572185e1fd Delete the PB level registers when deleting the duplicated PB
The ``neutron-remove-duplicated-port-bindings`` script removes the
duplicated port binding registers ("ml2_port_bindings" table) that
have status=INACTIVE.

This patch also removes the corresponding port binding levels
("ml2_port_binding_levels" table) associated to those inactive port
bindings.

Closes-Bug: #2000078

Change-Id: I12fa0764cd0ff509f1859b61060d64cc5a54a7b9
2023-01-02 11:05:12 +00:00
Vasyl Saienko be0776d647 Add sanity check for keepalived gar on SIGHUP support
This patch adds keepalived version check is newer than 1.2.20.
Prior version contained a bug [1] which was fixed only after
1.2.20 version.
The code that sends additional garp was reverted at [2].

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1391553
[2] https://review.opendev.org/c/openstack/neutron/+/752360

Related-Bug: #1639315
Change-Id: Ib976d614e3977e10b36cfcbf348f4ee37393aaa1
2022-12-27 13:24:43 +00:00
Brian Haley 86badcfe2d Fix some pylint indentation warnings
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
some remaining ones in miscellaneous directories.

Also cleanup any remaining code that I missed in this
series, or has changed since I started.

Trivialfix

Change-Id: I17b4779020a7bfb369c3e721ab6638cd4a6ab50c
2022-12-12 11:48:25 -05:00
Zuul 970f9fbafa Merge "db: add segment_index to the unique constraint" 2022-11-24 10:23:22 +00:00
Sahid Orentino Ferdjaoui eeff5b3c81 db: add segment_index to the unique constraint
For multi segments support we have update the unique contraint so
`segment_index` will be part of it.

Related-Bug: #1791233
Partial-Bug: #1956435
Partial-Bug: #1764738
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ic564131dcd7525fc5f24c3282688e3584cd2e2e0
2022-11-23 08:43:21 +01:00
Sebastian Lohff 9a483f02be Make MechanismDriverContext plugin_context public
MechanismDriverContext has an attribute _plugin_context, which carries
the current context with it. This is used by many ml2 drivers, as it is
the only way for them to get the current context. We now make this a
public API by adding a property to MechanismDriverContext that returns
_plugin_context as a read-only attribute.

Change-Id: If9b05655286f42081cf26c90c563429ca2e63244
2022-11-17 11:03:44 +01:00
Rodolfo Alonso Hernandez c5b76a8393 Script to remove duplicated port bindings
A new script to remove the duplicated port bindings was added. This
script will list all ``ml2_port_bindings`` records in the database,
finding those ones with the same port ID. Then the script removes
those ones with status=INACTIVE. This script is useful to remove
those leftovers that remain in the database after a failed live
migration.

"dry_run" mode is possible if selected in "[cli_script] dry_run"
boolean config option. The duplicated port bindings are printed in
the shell but not deleted.

Related-Bug: #1979072

Change-Id: I0de5fbb70eb852f82bd311616557985d1ce89bbf
2022-08-18 08:13:56 +00:00
Rajesh Tailor 8ab5ee1d17 Fix remaining typos in comments and tests
Change-Id: I872422cffd1f9a2e59b5e18a86695e5cb6edc2cd
2022-07-06 21:20:27 +05:30
Brian Haley 58b1df699d Fix some pylint indentation warnings
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
some of them, about 10%.

Feel free to reject if we think it will cause too much
trouble with cherry-picks, else I'll slowly work my way
through the rest of the tree.

Trivialfix

Change-Id: I3d484d11e273cb8ee617f9445a069887e7b2b89f
2022-07-01 17:52:59 -04:00
Rajesh Tailor 732c1dcbc2 Fix typos in error/log messages
This change fixes some typos in ERROR and LOG messages.

Change-Id: I4ec5b10cdd38bb8734b70d459b2afe99275cd8bd
2022-06-29 15:59:22 +05:30
Slawek Kaplonski a22d6d6a95 Use ovs constants from neutron-lib
Ovs constants were moved from neutron to neutron_lib some time ago.
This patch switches to use them from neutron-lib already.

That decision was agreed during the Neutron team meeting. See [1] for
details.

[1] https://meetings.opendev.org/meetings/networking/2021/networking.2021-11-09-14.00.log.html#l-83

Requires: https://review.opendev.org/c/openstack/neutron-lib/+/834908

Change-Id: I2fd1954bec6a52856195190441d77ac8b7d97055
2022-06-17 10:36:44 +05:30
Rajesh Tailor 18b1b61401 Fix typos in log/error messages
This change fixes some of the typos in LOG and ERROR
messages, comments and variable names.

Change-Id: I26ebf751b7d187399e8b3d8089e09b9d51ba3625
2022-06-01 21:17:29 +05:30
Rodolfo Alonso Hernandez eb99c22213 Remove "distutils" library
Library "distutils" will be marked as deprecated in Python 3.10:
https://peps.python.org/pep-0386/

This patch does the following replacements, that provide the same
functionality and API:
- distutils.version.StrictVersion -> packaging.version.Version
- distutils.spawn.find_executable -> shutil.which

Closes-Bug: #1973780
Change-Id: Iad96ad3e7055f71c629efbe80070adbe297cd7aa
2022-05-12 23:50:07 +00:00
elajkat 701900ac33 FUP: remove convert_to_sanitized_binding_profile_allocation
convert_to_sanitized_binding_profile_allocation was added to Neutron
temporarily before [1] was merged and released in neutron-lib.

[1]: https://review.opendev.org/c/openstack/neutron-lib/+/813650
Related-Bug: #1922237

Change-Id: I953b96d97076cd6a80fff6e97e2fd956da737d46
2022-05-09 15:18:31 +02:00
Zuul c956e3497e Merge "Avoid register config options on imports" 2022-05-06 15:14:46 +00:00
Fernando Royo 227c5f8568 Avoid register config options on imports
Continue similar approach following in [1], where some project imports
collide with config options.

As part of the change, a wrapped decorator has been implemented to cover
those functions that include any of the ovn config options as value to
the decorators arguments (e.g. tenacity retry). This way we avoid
requiring the options to be registered as soon as the module is imported,
where they have not yet been registered by a main process.

[1] https://review.opendev.org/c/openstack/neutron/+/837392

Co-authored-by: Jakub Libosvar <libosvar@redhat.com>
Co-authored-by: Fernando Royo <froyo@redhat.com>

Change-Id: I4bccb094ee7f690cbc352c38b5b39d505e6ea460
2022-05-05 07:55:42 +00:00
labedz dcbc4beb9e Use monkey_patch for neutron API server.
Neutron API server was not using eventlet monkey patch
thus eventlet threads couldn't be properly yielded.

This patch set API neutron server like other monkey patched
neutron services: neutron-server and neutron-rpc-server.

NOTE: this change needs apache service restart. Apache
mod_wsgi auto reload can lead to SSL RecursionError.

Co-Authored-By: Szymon Wroblewski <szymon.wroblewski@ovhcloud.com>
Closes-Bug: 1970216
Change-Id: Ib62c049cc521a548ab7e7e9584b19bdaa67b1c9d
2022-04-28 13:34:36 +00:00
Jakub Libosvar 4d3a274765 Don't register config options on imports
Importing some modules lead to registering config options that may
collide with config options from a project that calls the import. This
patch wraps the side effect that registers config options into a
function that needs to be called in case the caller wants to register
the options.

This solution is also not perfect as it guards the common options to be
registered only once even if the function is called multiple times. This
is to solve problems in unittests, ideally we should always call the
function just once even in our testing suites.

Resolves-Bug: #1968606
Change-Id: Ic1532eb8de887ff1b1085206df11f53e22f7f524
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-04-13 05:49:15 +00:00