After some interface operations (in particular the
``IpLinkCommand.set_ns`` operation), the network interface is
temporarily not present in the destination namespace. This patch
retries the interface "ip link set|show" command in that case.
Related-Bug: #1961740
Change-Id: I5a57cfc71ad59f1fe9ea65e19b1a32314d798729
The privileged/agent/linux/ip_lib.py code was not always
catching "entry does not exist" type errors when deleting
entries, and most of the callers were not catching it either,
which could lead to random failures.
Add code in the IP route, rule and bridge fdb code to catch
these errors and not raise on them, other exceptions will
still be raised.
Also fixed delete_neigh_entry() to not raise when the
given namespace does not exist to make it like all the
other calls in the file.
Added or modified functional tests for above cases.
Change-Id: I083649ab1b9a9057ee276a7f3ba069eb667db870
Closes-bug: #2030804
If get_link_devices() is called with 'index' in kwargs, pass the
argument to ip.get_links() correctly
Closes-Bug: #1953139
Change-Id: I6ae2d8c2a27aef548dd186e495c8998bf4086a20
This patch also removes the pylint disablement message control
statements and imports NetNS and IPRoute from the new locations
in pyroute2.
Trivial-Fix
Change-Id: I298a7da767473c236ddf03c5702a2904d4870284
Added ``devlink.get_port`` method that provides information about
a devlink port [1]. It is used to retrieve information about a port
representor connected to a local OVS instance (aka: hardware offloaded
ports). This method reports the PF PCI address, the PF index, the VF
index and the PF name; the PF name will be used to enforce the QoS
policies on the SR-IOV parent device (similar to what is done in the
ML2/SRIOV agent).
[1]https://www.kernel.org/doc/html/latest/networking/devlink/devlink-port.html
Related-Bug: #1998608
Change-Id: I34daf554cabcf17cb6371d510d5827457012516d
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
some remaining ones in miscellaneous directories.
Also cleanup any remaining code that I missed in this
series, or has changed since I started.
Trivialfix
Change-Id: I17b4779020a7bfb369c3e721ab6638cd4a6ab50c
Created new add_ip_addresses privileged function
which takes an iterable of cidrs and adds them
in one privileged call. This is so we dont have to
take on additional priv overhead when calling
add_ip_address in a loop.
For parity, performed the same change on the
delete_ip_address function.
Closes-Bug: #1987281
Partial-Bug: #1981113
Change-Id: Ib1278af20c3b3b057712453cb249aba34b684a21
Running with a stricter .pylintrc generates a lot of
C0330 warnings (hanging/continued indentation). Fix
the ones in neutron/agent and neutron/privileged/agent.
Trivialfix
Change-Id: Ib94257481e62b99b3d7648ae5137af5411b4867a
When a new IP route is created, before passing the route protocol,
find if it is a string and if this string is on the pyroute2 defined
protocols. In this case, pass the protocol number.
In the same way, when the IP route is returned, if the protocol is a
number, convert it to the corresponding protocol string.
Closes-Bug: #1988037
Change-Id: I4ca66d86705a55b2b63083c229629c16b6136283
"pyroute2" methods can include some objects that don't implement
any serialization method (e.g.: "nla_slot" [1]). In those methods
that require an output ("get_*", "list_*", etc.), the Neutron
IP library formats the output inside the privsep context only to
contain serializable objects.
However this library is also returning the blobs returned from
the "pyroute2" library, without parsing and formatting, from
methods that don't require an output ("set_*", "add_*", "delete_*",
etc.). This patch removes the "return" statement from those methods
because the output is not required and to avoid issues like those
reported in the related bug.
[1]8716b9b5c0/pyroute2/netlink/__init__.py (L1754)
Closes-Bug: #1986644
Change-Id: I491dbdabfda0ca010ca56355b71dfe150ed71a71
Fixed "ip route" commands to work with pyroute2 >= 0.6.10, that
introduces APIv2 for link, neighbour and route [1].
[1]bc0f5e2209
Closes-Bug: #1979031
Change-Id: Id2239b6827485a4d466b0916947428ceabef9139
pyroute 0.6.6 introduced a new exception NetlinkDumpInterrupted which
is raised when NLM_F_DUMP_INTR is set in the flags during dump of
devices.
The suggestion from pyroute developers is to retry in case of this
exception (see [1]).
[1]: https://github.com/svinota/pyroute2/issues/874#issuecomment-1063139555
Closes-Bug: #1962608
Change-Id: Ie195ad596fd148708fc30946bde964d52444afee
"ip link" commands allow to define VF rates independently.
That means, first "rate" (max BW) can be set and in a second
command "min" (min BW) (check LP bug description).
However Pyroute2 command to set the VF rates requires to set both.
If one value is missing ("min_tx_rate", "max_tx_rate"), the library
sets this value to 0; in other words, the value is deleted.
The Pyroute2 structures are built depending on the parameter names.
In this case, {'vf': {'rate': ...}} will create a "vf_rate" [1]
nla structure, that requires "min_tx_rate" and "max_tx_rate".
This is part of the full structure passed to the "iproute" library
[2].
This is an example of code that only sets the "max_tx_rate" for
the 15th VF of "enp196s0f0":
$ from neutron.plugins.ml2.drivers.mech_sriov.agent import pci_lib
pci = pci_lib.PciDeviceIPWrapper("enp196s0f0")
pci.set_vf_rate(15, {'max_tx_rate': 10})
The "msg" [3] (structure passed to "iproute" library) is this:
https://paste.opendev.org/show/b2FZBOebGOCHMrYhPr6X/. The
"min_tx_rate" is set to the default value 0.
This patch reads first the existing rates ("min_tx_rate",
"max_tx_rate") and populates the command parameters accordingly.
[1]a9564dff8e/pyroute2.core/pr2modules/netlink/rtnl/ifinfmsg/__init__.py (L712-L717)
[2]c8d9d92544/ip/ipaddress.c (L454-L470)
[3]a9564dff8e/pyroute2.core/pr2modules/iproute/linux.py (L1499)
Closes-Bug: #1962844
Change-Id: Ibbb6d938355440c42850812e368224b76b1fce19
To check the existance of a namespace, instead of listing the
namespaces directory (by default "/var/run/netns"), this patch
directly checks the existence of the namespace directory, using
"os.path.exists".
This check is faster than listing the whole directory and avoids
timeout problems as reported in the related bug.
Closes-Bug: #1947974
Change-Id: I558d50d28378beb3710d98a2113ff9549c82ae17
This new context will have only two capabilities: CAP_NET_ADMIN
and CAP_SYS_ADMIN (for operations inside namespaces).
Change-Id: If9273db1a7ccdce3a81f68fce78408830e9c3d42
In order to dig the real action of a ResourceUpdate, add logs for:
1. add/update router
2. delete router
3. delete namespace
4. agent extension router add/delete/update actions
Change-Id: I5c0ff485cd0c966afe535f8063deca6e410e012d
Related-bug: #1881995
Since version 0.6.2, pyroute2 library dynamically imports the needed
modules when loaded. A static analysis will fail when checking the
import references.
Change-Id: I5aaf9494a2d5c2533199e6b92d4df8fe785f83a3
Closes-Bug: #1930750
"get_routing_table" uses "pyroute2.IPDB" that has been deprecated.
"list_ip_routes" has been improved to be able to read multipath
routes.
Closes-Bug: #1926476
Change-Id: I0299fa11a7afefbd2999f81cd4ed3beed572009c
Implement the "kill" method (send a signal to a process) using the
Python native library "os".
In functional tests, "RootHelperProcess.kill" method should not fail if
the process does not exist.
Closes-Bug: #1843446
Closes-Bug: #1843418
Change-Id: Iee97a83779dd3e20eb3a223fb8557a94b8f15dc0
This is a leftover of the "ip route" command migration to Pyroute2.
A new paremeter, "proto", is added to the IP route add and list
commands. The default protocol used is "static".
Story: #2007686
Task: #41284
Related-Bug: #1492714
Change-Id: I319fd0611d3e8a3a09d6d4e077a17a622f74f51c
Since [1], Pyroute forks the namespace creation to avoid calling
destructive routine "libc.unshare(CLONE_NEWNET)" from the main
process. This implementation uses sockets between both processes
to return any error feedback sent from the child process.
This patch implements the same fork without any communication. If
the child process raises an exception other than "OSError(EEXIST)",
the child process returns 1 that is read by the the main process,
that raises a "RuntimeError" exception.
Related-Bug: #1917487
[1]81db2c98a1
Change-Id: I0294586335a71d0757803843f675124bfb450967
It was marked that this try..except.. block can be removed when we will
be using pyroute2 >= 0.5.13. Now we have 0.5.13 in the lower-constraints
already so it's time to remove it.
Change-Id: Ic15361e34a2a9c371954d2f0851d230b8f9feb1f
Replace rootwrap execution with privsep context execution.
This series of patches will progressively replace any
rootwrap call.
This patch replaces some "IpNetnsCommand" command execution
methods.
Change-Id: Ic5fdf221a2a2cd0951539b0e040d2a941feee287
Story: #2007686
Task: #41558
The main idea of the commit is to fix code
according with the latest oslo.i18n requirements
https://docs.openstack.org/oslo.i18n/latest/
1. removed log translation if log is not seen by users
in raised exception or api call response.
2. keep translated log if it's used in raised exception.
3. removed log message 'Error while reading %s'
which was "dead" (unused) code in the function
"_get_value_from_conf_file"
of module "agent/linux/dhcp.py".
Partial-Bug: 1600788
Change-Id: Ifb5455336b06c2c87a930b816c90b4a766856b1e
Both files cannot be deleted with the default permissions because
those files are created by the "root" user.
Change-Id: I73dd37b3104fac8d3172f520f71cffd85d040c4b
Closes-Bug: #1907695
This command is executed from scripts and in sanity checks, but not
from any Neutron service.
Change-Id: If82e89bf7b233559513ab44eadebb445648f0684
Story: #2007686
Task: #41282
Appending a string to a list results in each character being appended
as list items, this results in an invalid release command.
This change appends the client_id string to the list instead.
Change-Id: I71a114308e3b68f6daf6e1a202a47b6a453bb81a
Closes-Bug: #1896850
As spotted in Focal testing patch [0], pep8 test fails with many
C0321 false-positives, reported in pylint as current version does not
support python 3.8 [1]
Use a newer version of pylint and astroid, fixing or disabling some of
the new checks: no-else-*, unnecessary-comprehension, import-outside-toplevel
[0] https://review.opendev.org/#/c/738163/
[1] https://github.com/PyCQA/pylint/issues/2737
Change-Id: Ie646b7093aa8634fd950c136a0eba9adcf56591c
Since [1], pyroute2 0.5.13 is supported.
In this new version, "link_lookup" do not raise a NetlinkError
exception if the device does not exist; instead returns an empty
list.
This patch handles both implementations.
[1]https://review.opendev.org/#/c/743277/
Change-Id: I77ef374ecb776966ea13499755777e2d763d884b
Closes-Bug: #1890353
Since [1], it's possible to specify the shared library to be used
when creating a Pyroute2 namespace context.
As commented in [2], "privsep" library makes use of eventlet to
implement multitasking. If the method executed returns the GIL,
nothing guarantees that the "eventlet" executor will return it
again to this task. This could lead to timeouts during the
execution of those methods.
From https://docs.python.org/3.6/library/ctypes.html#ctypes.PyDLL:
"Instances of this class behave like CDLL instances, except that
the Python GIL is not released during the function call, and
after the function execution the Python error flag is checked."
[1]https://github.com/svinota/pyroute2/issues/702
[2]https://review.opendev.org/#/c/717017/
Change-Id: I6c9f9adba8b4433cc96704bb69dd4e0d4b154ebd
Related-Bug: #1870352
That method could be used outside the library where currently is
implemented. This patch relocates it in a common place for all
privileged.agent.linux libraries.
Change-Id: I5a6124eca3b57ee36479c106b62d101f538c12eb
Story: #2007686
Task: #40047