1. Create bridges with datapath_type=netdev parameter so that neutron
ovs-agent wouldn't recreate it dropping all the custom settings
2. Delete --no-wait flag to make sure a bridge/port was in fact created
by ovs-vswitchd in order to prevent further commands from failing
Change-Id: I3ad5b63a0813761a23573166c5024e17d87f775d
- Openvswitch agent init script skips attaching
interface if it does not exist. And the compute-kit.sh
deploys neutron with
auto_bridge_add: {"br-ex": "provider1"}
where "provider1" is a tap interface that is going
to be created while deploying the test env.
- Heat test script checks only public endpoints
- Add 1+2 nodes nodeset. The primary node is used
as a client node and not a member of K8s cluster.
Change-Id: If7c8763dd619dec31f9d141f21399d159395049a
metadata_port value used in queens version and changed
in rocky version to metadata_listen_port
story: 2011052
task: 49616
Change-Id: I106f50f620c2594b1f8ea7dc516d2e254c6af479
When i40e driver performs 'vf <n> trust on' it actually resets the device.
Intel recommends to check if the command actually finished by running
'ip link show' to avoid race-condition with too early start of
openvswitch-dpdk which will use its own dpdk-based driver for VF and which
will also try to reset the VF. Double reset of VF sometimes causes
very strange behavior including completely non-functional VF interface..
Change-Id: I28c162a63f89b3cdfe857e00651572bbbaa36748
Running dpdk test job on a sinlge node env
does not require a real hardware dpdk interfaces
to be attached to the tunnel bridge. Let's
make the list of dpdk interfaces empty which
will allow us to test the Openvswitch in user space
but not touch real hardware.
Change-Id: I2f9d954258451f64eb87d03affc079b71b00f7bd
Co-Authored-By: Arina Stebenkova <astebenkova@mirantis.com>
mountPropagation:
`None`(default) - This volume mount will not receive any subsequent mounts that are mounted to this volume or any of its subdirectories by the host.
Change-Id: I51500c406a3cae879d01dfff92ca91f30bbcb29f
DVR with OVN floating ip is currently unstable and caused us a lot
of network connectivity issues.
This propose disable it as the default value (False) for
`enable_distributed_floating_ip`.
Change-Id: Ibcf49c331482336e1cbae76dfc2bde86962e350e
With these missing flags, the Helm deploy would finish
but the services would not be functional, causing the
jobs to fail.
Change-Id: If0f6447945552fe6aedace45562e27efcab9a534
We recently re-worked all the deployment jobs
so they use `deploy-env` Ansible role which works
for both multi-node and single-node environments.
This means there is no need to have diffrent sets
of scripts for these two cases.
Also when we deploy Openstack components it is better
to have values overrides for different scenarios but
not different sets of scripts. Here we remove unused
deployment scripts which in many cases duplicated
the code base.
We will be cleaning up the code base even further to
provide excelent user experience.
Change-Id: Iacda03964a4dd0e60873593df9f590ce20504f2f
The template contains extra backslashes which can cause the start function
to contain extra backslashes, ie:
function start () {
exec neutron-server \
--config-file /etc/neutron/neutron.conf \ \
--config-file /etc/neutron/taas_plugin.ini \ \
--config-file /etc/neutron/plugins/ml2/sriov_agent.ini \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
}
With this change the function templates correctly.
Change-Id: I9f8ceb203a0039a83ee49c76d6891f7380a6cc08
drive-by changes
- Use the same node selector for ovn metadata agent as ovs
because both should be run on the same nodes
- fix ovn_metadata_agent endpoint config
Change-Id: I81402d6f877a469a6f4beeb5550bbb8f9e75cb43
This makes the OVN support more robust, refactors certain shared
components with the normal metadata agent, fixes proper init
container handling and much more(tm).
Depends-On: https://review.opendev.org/c/openstack/openstack-helm-infra/+/889187
Change-Id: I09512c89f44a78796353a12c61f075a181fa8cd5
- Also run last two test scripts in compute-kit job
sequentially. This is handy since it allows to see
what is happening during the test run. Both these
test scripts usually take just few minutes. But if
we run them using ansible async feature and one of
the scripts fails then we are forced to wait for
a long timeout.
Change-Id: I75b8fde3ec4e3355319b1c3f257e2d76c36f6aa4
This change removes duplicated argument from neutron-ovs-agent-liveness.sh in neutron when running health-probe.py
story: 2010803
task: 48286
Change-Id: Ia362fc27c2fc250e4747941400bfa82eead5e99c
oslo_messaging.RPCClient and get_transport is deprecated in antelop version (2023.1).This change moves the health prove to use get_rpc_client and get_rpc_transport instead.
story: 2010792
task: 48229
Change-Id: I870619626e1bfe6f40f293c01835dac6157947d7
Also a new nodeset was temporarily added.
The aio compute-kit jobs for recent releases require
a huge node to work reliably. We'll remove the temporary nodeset
once this is merged
https://review.opendev.org/c/openstack/openstack-helm-infra/+/884989
Change-Id: I7572fc39a8f6248ff7dac44f20076ba74a3499fc
It appears that readiness probe may not pass
but liveness probe passes in some rare cases and
it would be nice to restart the pod if readiness
probe doesn't pass for a long time.
Change-Id: I12049e4e84e2bc7d5ad90334ecdf91e25c61e575
If application credentials with access rules are required,
an OpenStack service using keystonemiddleware to authenticate
with keystone, needs to define service_type in its configuration
file.
Change-Id: I7034e82837d724f12d57969857f79d67c962cebe
When using ovn as neutron plugin, the health probe failed with "RabbitMQ
sockets not Established" error, because it still check TCP connection to
Rabbitmq while OVN metadata agent doesn't use Rabbitmq. This patch adds
a condition check to avoid tcp socket state check for ovn metadata agent.
Story: #2010686
Change-Id: Ic35c1b4bb3c4d1cff7b633e6f69d5269cc23eeef
OpenStack services already moved to use policy in code.
No need to have policy file at this point, at least no need to put
default policy rule to policy.yaml file anymore.
To put in duplicate rules, will cause unnecessay logs and process.
Also not healthy for policy in code maintain as the `default` rules in
openstack-helm might override actual default rules in code which we
might not even mean to change it at all.
Change-Id: I29ea57aa80444ed64673818e597c9ca346ba7b2f
We dropped train support a long time ago now, and our latest efforts
are to drop ussuri/bionic images. This change removes any leftover
train overrides as well as any ussuri overrides. This also changes
any image defaults to use wallaby.
Change-Id: I818a3a79faa631ec1b7de625f2113c6f19610760
port number in neutron
Now binding ports of service and pod spec are configured using
internal endpoint values.
To support reverse proxy for internalUrl, need to distinguish
between binding ports and internal endpoint ports.
I added `service` section in endpoint items apart from admin,public
,internal and default.
Change-Id: I38dca50a8462faa4e9a7eeed56839b1b996eae06
Strictly speaking, open socket doesn't mean working API.
We experienced API stopped responding and the socket was still
open so API was unhealthy actually but kubernetes did not restart.
HTTP probe will fix this issue.
Change-Id: I95bb3ad3123d8a4a784d260477f037fa5506d290
This allows neutron to consume TLS openstack endpoints.
Jobs consume openstack endpoints, typically identity endpoints.
And neutron itself interact with other openstack services via
endpoints.
Change-Id: I204b8a1a5a1fb253ea4207f5f5d76d47fac41bef
Based on spec
support-OCI-image-registry-with-authentication-turned-on.rst
Each Helm chart can configure an OCI image registry and
credentials to use. A Kubernetes secret is then created with this
info. Service Accounts then specify an imagePullSecret specifying
the Secret with creds for the registry. Then any pod using one
of these ServiceAccounts may pull images from an authenticated
container registry.
Related OSH-infra change:
https://review.opendev.org/c/openstack/openstack-helm-infra/+/848142
Change-Id: I54540f14fed29622bc5af8d18939afd06d65e2d8
This will add a value override for neutron_netns_cleanup_cron release image so that we don't use stein release images by default in the respective Openstack release jobs.
Change-Id: Ie856090ac3ed2f8c60afeacc2ed729c36b7d3372
By default, hostPath does not specify type. Instead, it creates a directory. If the Neutron container starts earlier than CNI(Calico), Calico may fail.
Change-Id: I56498a91461214bf591c7dfe6f9445ffe2e6d7d0
This change adds the overrides needed to run both the Xena and
Yoga releases in the OSH zuul jobs.
Change-Id: I65e016a4cb3fd52707ab29c37f025818fcb6c405
Tadas Sutkaitis