Commit Graph

417 Commits

Author SHA1 Message Date
Jakub Libosvar 095a35fdd2 Use compiled OVN version v23.09.0
This is the latest stable OVN release. As per the git submodule
command the required OVS version is v3.2.0-20-g1d78a3f31. This OVN
version contains additional_chassis column it its schema that is
required for functional testing of [1].

[1] https://review.opendev.org/c/openstack/neutron/+/895402

Change-Id: Idb564c589bd8f790bfcacd1b665780834b8fc686
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2023-09-25 10:10:38 -04:00
Zuul ad81687e29 Merge "gate: bump ovn to the latest LTS release (22.03)" 2023-06-06 18:34:27 +00:00
Ihar Hrachyshka 1f5f8965c3 gate: bump ovn to the latest LTS release (22.03)
21.03 is no longer supported upstream. We should try to stick to LTS
releases of OVN if possible.

The patch locks the version as the latest git commit in branch-22.03
(ovs is also locked to the corresponding submodule version). This is
done to include a just merged fix for protocols used for ipv6 address
configuration (ra, na, mld*).

Once 22.03.3 is tagged in OVN repo, we can switch to it.

Depends-On: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
Change-Id: I2a633741d5e95f0e46a6b33198903f0f44d449b6
2023-06-02 13:10:10 +00:00
Zuul 4bc538d7ea Merge "[OVN][Migration] Enable settings backup subnet for NFS clients" 2023-05-29 18:35:03 +00:00
Miro Tomaska b677d65b2d [OVN][Migration] Enable settings backup subnet for NFS clients
If the BACKUP_MIGRATION_IP is set to a different IP outside of
the default nets[1] set in the “openstack overcloud backup”
playbook setup_nfs role[2]. Then the NFS will fail to mount
directories during the backup, because they will not be
reachable | permitted.
This change simply adds a new variable
BACKUP_MIGRATION_CTL_PLANE_CIDRS into the ovn_migration script
to allow the user to overwrite the extra-var used for
Openstack overcloud backup --setup-nfs command.

[1] e281ae7624/tripleo_ansible/roles/backup_and_restore/defaults/main.yml (L47)
[2] e281ae7624/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml (L127)

Change-Id: I160dfc4e893b93ac7a40e19b3dd6b89750dac57d
2023-05-19 19:18:32 +00:00
Zuul 81b982b669 Merge "Update url and package name" 2023-04-13 13:38:39 +00:00
WeiLingfei 33c4a2d97e Update url and package name
The package name and url need to update.

- Update package from "python-neutron-ovn-migration-tool" and
"python-neutron" to "openstack-neutron-ovn-migration-tool" and
"openstack-neutron".
- Update url from "github" to "opendev"

Change-Id: I41ba7d6929b28317622dbf868f265eab4c6fd84e
2023-03-28 06:59:20 +00:00
Slawek Kaplonski efab60c0bf Try to optimize Mysql server mem usage on some CI jobs
Those settings in devstack were introduced by [1] and it seems to be
working fine so far.
Lets try to use it in the Neutron scenario, functional and fullstack
jobs to save some memory.

[1] https://review.opendev.org/c/openstack/devstack/+/873646

Change-Id: Idb1422acc7d23c6d8f9777ec5ebd9b040c99717a
2023-03-09 14:08:22 +00:00
Rodolfo Alonso Hernandez c93c31852b Adapt deploy_rootwrap filters path for tox4
This patch also fixes the issue of the deploy_rootwrap.sh script related
to the rootwrap filters path. This path checks if the path is absolute
(tox3) or relative (tox4) and makes it absolute in the second case.

[1]https://github.com/tox-dev/tox/issues/2730

Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/866943

Closes-Bug: #1999558
Change-Id: I7a4a30268cb352f25bad7983b94690c0b681e5fa
2023-02-03 22:18:39 +01:00
Jakub Libosvar feb9f2b21c ovn-migration: Stop neutron server while running db sync
The patch stops all running neutron-server processes before syncing
database from Neutron to OVN. Then it creates a new container to execute
the sync in and after it is done the container is removed.

Change-Id: Ifa439a536572efb72ccefde128fa186fc2f73bef
2023-01-18 17:07:16 -05:00
Zuul 537ecce96c Merge "Remove deprecated "list_moved_globals" script" 2022-12-23 15:55:55 +00:00
Zuul 9792ad1338 Merge "Rename setup-mtu-t1 argument because it is misleading" 2022-12-22 17:28:00 +00:00
Zuul d250c83f23 Merge "Use same ovs/ovn versions in local test setups" 2022-12-12 15:29:16 +00:00
Rodolfo Alonso Hernandez 44ad4bb517 Remove deprecated "list_moved_globals" script
This script was deprecated in 2016 [1].

[1]https://review.opendev.org/c/openstack/neutron/+/394201

Change-Id: I926d2a3ac0149c3e43dd14918521b088494afae8
2022-12-11 19:58:29 +01:00
Miro Tomaska c2fb0b16b6 Rename setup-mtu-t1 argument because it is misleading
setup-mtu-t1 argument name is misleading as it suggest that
it will do something with the MTU value, but it really just reduces
DHCP agent t1 timer. The fact that this commnad will have a side
effect of getting a new MTU value from DHCP should not be part
of the argument name. This is based on customer's feedback.
I am keeping backward compatibility for setup-mtu-t1 argument
in order not to break any existing tools that might depend on it.

Change-Id: I939b21fa998c80cf921efeae3e8fa8c2b4ef4f50
2022-12-09 21:05:30 -06:00
Zuul a9f26e1f9f Merge "Fix homedir permissions" 2022-12-09 16:03:50 +00:00
yatinkarel 135daae62d Use same ovs/ovn versions in local test setups
Currently we using different defaults in CI and
local run, also defaults in local run using ovs
master branch which is broken currently. Let's
use same version by definining defaults in
configure_for_func_testing.sh rather than at job
level, jobs can override these only when really
needed.

Drop unneeded source of functions, this was wrongly
detecting ovs/ovn versions. Anything required
should be sourced as part of configure_for_func_testing.sh.

Related-Bug: #1999154
Change-Id: I04a2b0b974d11a525c850b1e641a19749dee93f6
2022-12-09 19:06:50 +05:30
Rodolfo Alonso Hernandez aaae079883 Fix homedir permissions
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.

This patch fixes the homedir permissions for local (non-gate)
installations, using the devstack patch as reference.

Check patch [1] for more information.

[1]https://review.opendev.org/c/openstack/devstack/+/838645

Related-Bug: #1966858
Change-Id: I9f701e1015fc7cfa954eba12e55fd3544a4d95d2
2022-12-09 10:04:45 +00:00
Dr. Jens Harbott 3b1fd52b41 Exclude neutron-dynamic-routing from abandon script
We managed to have no backlog of open patches for the
neutron-dynamic-routing project currently. If new patches arrive, they
may take longer to be reviewed though due to scarceness of reviewers. So
do not handle this project by the script for auto-abandoning reviews.

Change-Id: I8a8de62d75927fd6def7e31068f9a5741bb39ba4
2022-11-23 21:40:35 +00:00
Arnau Verdaguer de18dd2c2e [ovn migration] Use ecsda ssh key instead of rsa
Cirros won't work with an rsa key, ensure that the key
used is an ecsda key.

Change-Id: If1a8e60ccd26da3d75f6ca29ce81bdcee60eeb26
2022-10-03 09:38:06 +02:00
Zuul 4b83bf462d Merge "Migration revert plan" 2022-08-31 16:40:35 +00:00
Rodolfo Alonso Hernandez 0b20fa66b7 Migrate "download_gerrit_change" to use "cliff"
Partial-Bug: #1985049
Change-Id: I3bf3f80967ccffc02f3b937725c7363461dab29f
2022-08-10 09:59:32 +02:00
Rodolfo Alonso Hernandez 8bf3eba101 Migrate "migrate_names" to use "cliff"
Partial-Bug: #1985049
Change-Id: Ia03f5c983acd8354adfa2f5f42e6a3e91e940618
2022-08-10 09:58:11 +02:00
Arnau Verdaguer 7003817b69 Migration revert plan
As a failsave the migration code can create a backup of
the controllers to use in case that the migration fails
and leaves the environment on a unusable state.

The revert plan has two stages:
1- Backup stage: included on the current ovn-migration.yml.
   Can be configured using the env variable CREATE_BACKUP
   (True by default). This stage will run the new ansible
   role, recovery-backup.
   It will store the backup on `/ctl_plane_backup` on the host
   where the BACKUP_MIGRATION_IP belongs to (can be modified by
   modifing the env var).
   In order to restore the controllers, boot them using the iso created
   by ReaR (stored in /ctl_plane_backup) and perform `automatic recover`
2- Revert stage: this stage has its own ansible playbook (revert.yml)
   This playbook will clean the environment from all the OVN ressources
   that could had been created (breaking the data plane connectivity)
   to leave the environment in a stage where an overcloud deploy with
   the OVS templates can be run.

Note: If the user creates new resources after running the backup stage
and then performs the recovery of the controllers, those resources will
be lost.

Change-Id: I7093f6a5f282b06fb2267cf2c88c533c1eae685d
2022-07-29 13:25:01 +02:00
Zuul 095d0bc79b Merge "ovn-migration: Remove second tripleo-update call" 2022-06-28 13:41:54 +00:00
Jakub Libosvar 60fade43de ovn-migration: Remove second tripleo-update call
The second tripleo-update call was there only to update back integration
bridge variable. However the action did the whole deploy for all nodes
in the environment, which can take hours to finish. This patch relies on
other patch in THT that sets br-int as default value. This way once
ovn-extras.yml is not used and the integration bridge is not overriden,
we no longer need to update tripleo about the value so it's safe to
remove the second call.

Depends-On: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/847402
Change-Id: I7455852898bb6e9698ecf5261d4401bc5077c506
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-06-23 15:16:16 -04:00
Zuul af0dd9bcb5 Merge "migration: Remove patch port between br-int and br-tun" 2022-06-22 06:43:24 +00:00
Jakub Libosvar fd6adb3e5b migration: Remove restarting OVS
There was a code that worked around a bug in openvswitch. The bug was
fixed in openvswitch 2.13 and we no longer use that version. It's safe
to be removed now.

Change-Id: I8d0e1dac4f6a6d201e29863cc76db3f1ff8595ae
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-06-13 16:14:51 -04:00
Zuul db9300ed11 Merge "migration: Fail task if executed script failed" 2022-06-08 00:03:27 +00:00
Jakub Libosvar d93cd7d0c0 migration: Delete also SGRs for IPv6
IPv4 and IPv6 have different utility in iptables. This patch adds use of
ip6tables the same way as previously used iptables.

Change-Id: I1e8ef2749ac5705563e539a5e9f02c63347b5dbe
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-06-01 17:22:33 -04:00
Jakub Libosvar 1f0708b352 migration: Remove patch port between br-int and br-tun
After migration there is one side of patch port on the integration
bridge. It has no impact on functionality but it's better to remove it.

Change-Id: Icfa2d94e123268679cf152e00e2e3d45162f10b1
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-06-01 16:20:40 -04:00
Jakub Libosvar ab62f17409 migration: Fail task if executed script failed
Previously the migration playbook continued even if tripleo deploy
failed which damaged the environment even more. This patch will make the
task fail if deploy fails too. There are also other commands which
return code was ignored.

Change-Id: Ib27fa676e126503eacb97b24e95aa7cd2982adab
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-05-11 17:23:12 -04:00
Arnau Verdaguer 2869d008e2 [OVN][Migration] More robust checks on stop-agents
On OSP17 there are some ml2 ovs services that are not
present on some computes eventhought is defined on the
ansible service facts.

This patch will ensure that only those services that are
actually running will be stopped.

Change-Id: I94f0832d09d263837262ada109a567e864915a1a
2022-04-27 10:07:33 +02:00
Zuul 720a1c3de9 Merge "ovn migration: Turn validations off by default" 2022-04-25 12:54:39 +00:00
Zuul da44b19aac Merge "ovn migration: Fix check for stack name" 2022-04-22 14:29:02 +00:00
Jakub Libosvar 5f2eaadf40 [ovn][migration] Support migration to OVN from iptables firewall
Before this patch, when migrating from ML2/OVS to ML2/OVN, we
removed the VIF details that are not used by OVN. However, this
changes how the VIFs are plugged if the hybrid iptables firewall
was used.

In order to not break the migration, we want to keep whatever
plugging was used in ML2/OVS. For this reason, this patch is
leaving the VIF details untouched.

The consequence is that, after migration, whatever workloads
used the hybrid plugging will remain like that. Newly created
VIFs will be plugged to the OVS bridge directly. As a result,
the migration to OVN won't require moving to the OVS firewall
first while in ML2/OVS.

This patch is also removing the constraint that prevented the
migration if the hybrid firewall was used.

Signed-off-by: Daniel Alvarez Sanchez <dalvarez@redhat.com>
Change-Id: Iad4fae7af54cc502ac0ba02a911cdd4fefa13535
2022-04-19 18:41:09 +00:00
yatinkarel ccf8e71efa ovn migration: Fix check for stack name
[1] Updated the migration script to check for config-download
directory instead of stack, but missed update the Error
message.

check_stack function is renamed to check_source_inventory
as now it only checks for source inventory instead of heat
stack.
If source inventory file doesn't exist the script
will report Error message and exit.

This is follow up of [1].

[1] https://review.opendev.org/c/openstack/neutron/+/834925

Related-Bug: #1966099
Change-Id: I2416fba50fc495da4d59a3f335f33d831ca6e91d
2022-04-12 17:13:37 +05:30
yatinkarel 9bc447077b Enable dstat and memory_tracker in functional/fullstack jobs
This Will help in troubleshooting failures related to high
memory or cpu usage.

Related-Bug: #1966394
Change-Id: I74b0d53bfc54b71d3e8b2d46739a944e5f5a6b6f
2022-04-11 06:02:34 +00:00
Zuul 808972410a Merge "ovn migration: Remove usage of tripleo-ansible-inventory" 2022-03-25 18:50:49 +00:00
Zuul 1aa36e7a3c Merge "[OVN][migration] Clean sg- and fg- interfaces" 2022-03-23 18:49:33 +00:00
Jakub Libosvar 0baf8841ee ovn migration: Turn validations off by default
The validation is intended mostly for tests and don't make much sense
when running the migration in production because likely there are
already running workloads. This patch changes the default to False so
migration validation must be explicitly asked for.

Change-Id: I5470f61a5e0b55bf682526208c3f57dc0ca6ffd5
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-03-23 13:35:21 -04:00
Jakub Libosvar 5b2fd1f830 ovn migration: Remove usage of tripleo-ansible-inventory
tripleo-ansible-inventory stopped working in Wallaby. However, TripleO
now stores the needed ansible-inventory on the undercloud filesystem.
This patch switches from dynamic generation of the Ansible inventory to
use of the already existing inventory file. Fortunately, the format of
the file remained the same as the generated one, so no other changes in
parsing are required.

Closes-Bug: #1966099

Change-Id: I3bdf878617fbe962d56ebb66d59ae7edeb9b7c38
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-03-23 12:28:45 -04:00
Jakub Libosvar 0529ccdf71 ovn migration: Don't use executables in /tmp/
It's a common practice to have /tmp/ mounted separately with noexec
option. This effectively means no scripts can be executed from the
filesystem mounted to /tmp.

This patch explicitly calls sh binary to execute scripts from /tmp and
removes the executable flag from the scripts.

Closes-Bug: #1965183

Change-Id: I2f9cd67979a8a75848fcdd7a8c3bb56dd3590473
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
2022-03-16 20:44:20 +00:00
Arnau Verdaguer 25350b2492 [OVN][migration] Clean sg- and fg- interfaces
During the clone-br-int the interfaces sg- (SNAT)
and the interfaces fg- (FIP) are cloned. But this
is not necessary, since this kind of interfaces
are useless on OVN (OVN uses OpenFlow).

Change-Id: I3cd74d1d4fca9add50b0700a82b8e8a16140f085
2022-03-16 15:33:31 +01:00
Slawek Kaplonski 99855543e1 Enable sctp module in the fullstack Centos node
It is required to use ncat with "--sctp" flag in the fullstack
security group tests.

Change-Id: Id19ee90a1838dbb142b20dae954fbb5c3f0a1370
2022-03-11 15:03:35 +00:00
Zuul ff2e3928e2 Merge "Fix configure_for_func_testing script" 2022-03-07 19:42:40 +00:00
Eduardo Olivares 480c643dd9 [ovn-migration] Add debug information to create-resources.sh.j2 scripts
Port status, server status and server console log output are printed
when the create-resources.sh script fails during the OVN migration
Example: OVN migration fails because SSH connection is not possible,
after ping successfully replied - probably a metadata issue and having
the console logs could help to identify it

Change-Id: I83e55203907526caf44ba34cd38241eccf70adb3
2022-03-04 08:58:05 +00:00
Arnau Verdaguer 5ee94a5b9b [ OVN ][Migration] Reload systemctl daemon after removal
After stopping and deleting the services if this role is runned
again it could fail bc systemd has still some ovs services loaded
(eventhough the service is stopped) this will cause that ansible
will try to delete again and fail while trying to disable and
delete the service.

Change-Id: If51d7f25375768f8c60492c84d84e91d91886025
2022-03-02 12:35:42 +01:00
yatinkarel 28df8470f6 Fix configure_for_func_testing script
Following fixes are done in the script:-
- Use openstack_citest as db user as done in CI[1] as
  with root as db user it fails configure it.
- Use MYSQL_USER var instead of hardcoded root user
- Fix Syntax Error in CREATE USER psql command by using
  quotes for DATABASE_PASSWORD
- Swith to root user for running psql command as without
  it, it asks for stack user password which is not configured,
  same is done in devstack[2].
- Create variable DATABASE_NAME for database name and use
  at all required places.

[1] https://review.opendev.org/c/openstack/neutron/+/814009/
[2] https://opendev.org/openstack/devstack/src/branch/master/lib/databases/postgresql#L90

Change-Id: Ieb523e3afdf69fff87ea9062ed857c37a8d56f5c
2022-03-01 21:19:19 +05:30
Rodolfo Alonso Hernandez d5ac103329 Change OVS and OVN installation directories
Change OVS and OVN installation directiories when building from
source, in order to sync with [1].

[1]https://review.opendev.org/c/openstack/devstack/+/828877

Depends-On: https://review.opendev.org/c/openstack/devstack/+/828877

Change-Id: I38775450de7d671febd07ead98f6eb4c70fc7d1e
Related-Bug: #1960514
2022-02-23 09:31:21 +00:00