Commit Graph

101 Commits

Author SHA1 Message Date
Vasyl Saienko 0a0dec37e4 Don't break traffic if port already exists
Nova compute service plugs VIF on service init, it triggers
rules reinitialization for iptables filter. But it breaks
traffic in case isolate_vif is used by assigning dead VLAN
to the port. This patch prevents dead VLAN assingment
for ports that exists.

Co-Authored-By: aarefiev@mirantis.com

Closes-Bug: #2023300

Change-Id: Ib1b7467fce9facfbfcd698bf6e9f950c0cead650
2023-06-08 15:52:50 +00:00
Sean Mooney c0d101aa81 set default qos policy
This change modifies the os-vif ovs plugin to set a default
tc qdisc on ovs interface when the host os is not windows
and the system datapath is used.

This change fixes a "silent" bug in the functional test code due
to a change in an ovsdbapp function signiture to accpet a new paramater.

Closes-Bug: #2017868
Change-Id: Id9ef7074634a0f23d67a4401fa8fca363b51bb43
2023-05-09 20:02:48 +01:00
Rodolfo Alonso Hernandez 15e1327dc3 Implement "BaseCommand" result property
``ovsdbapp.api.Command`` abstract class will declare the "result"
property in [1]. This should be available in the next library
release.

Related-Bug: #1995078

[1]https://review.opendev.org/c/openstack/ovsdbapp/+/871836/11/ovsdbapp/api.py

Change-Id: I98fd0be0b7d3ca8dd631b00b75515b1ad0d61f3c
2023-01-26 02:57:27 +01:00
Balazs Gibizer 2f31947393 Make tox.ini tox 4.0.0 compatible
* removed skipdist=True to make sure os-vif is available in the virtual
  env
* removed basepython = python3 as we assume all developer switched to
  python3 in their env already
* removed ignore_basepython_conflict = True as without the basepython
  definition generative targets now work without conflict

Also squashed in the commit fixing the functional target as both fix is
needed to unblock the gate:

add CAP_DAC_OVERRIDE to test privsep contexts

This change modifes the privsep contexts used by the test
code to create inteface without using the os-vif plugins.

The os-vif functional tests actully create ovs and linux
brdiges and dummy netdevs. to ensure the drier work correctly
the functional tests have a simpler test only version of the
port/brige management commands that are used to prepare
and validate the test env. The simpler implementation uses
standard linux commandline tools like "ip" or "ovs-vsctl"
which on ubuntu 22.04 require the addtion of CAP_DAC_OVERRIDE
to work around socket/file ownership issues.

To avoid  adding capablities at runtime that are not required
this change modifes the existing test only context in
the os_vif.tests.functional.privsep module and add a new test
context for the vif_plug_ovs plugin

Change-Id: Ide357cb64a8d128ff8ad978abae6a039e814d8a9
2023-01-09 12:30:15 +01:00
Rajesh Tailor 2f55e9ea06 Move mtu update request into ovsdb transaction
os-vif currently set the requested mtu as part of separate request
to the port add command. As a result the port is initially created
with mbufer pool for the jumboframe size, which results in an
error in openvswitch-vswitch logs.

This change moves the mtu update request into ovsdb transaction.

Closes-Bug: #1959586
Change-Id: I1acd74efc100c6f949b5c72525c455aebfa2c50e
2022-09-19 16:39:39 +05:30
Zuul 18bd440bbe Merge "Check for hybrid plugging in OVS" 2022-06-30 16:04:54 +00:00
Miguel Lavalle 75b290fb2a Delete trunk bridges to avoid race with Neutron
During the Zed PTG it was decided that to solve the race condition
between os-vif and Neutron when deleting trunk bridges, os-vif will be
responsible of both the creation and the deletion of the bridge (see Day
2 first topic at [1]). This change adds the code to delete trunk
bridges.

[1] https://lists.openstack.org/pipermail/openstack-discuss/2022-April/028164.html

Change-Id: I7d834a0c31c801e96002f42f86409ba274c234e6
2022-05-26 14:27:52 -05:00
Jakub Libosvar 9ace551db2 Check for hybrid plugging in OVS
There is a cold migration scenario that leaves some interfaces behind in
case port binding changes from hybrid to direct plugging between the
nodes. This patch adds functionality that checks presence of
intermediate linux bridge and clears things up properly if found.

Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Change-Id: Ic5b38a0467b3c18e38bec005d80cd1f5f0e66b28
2022-04-25 18:32:39 +00:00
Miguel Lavalle 21b076e7df Fix race with DPDK and vhostuserclient mode
When a VM is rebooted and it has a port in a Neutron trunk with DPDK and
vhostuserclient mode, Nova will delete the OVS port and then recreate it
when the VM reboots. This quick transition can create a race condition
whereby Neutron deletes the trunk's bridge between the interface removal
and addition by os-vif, so the latter operation fails because the bridge
doesn't exist anymore. To fix this, ensuring the bridge existance and
the vif addition becomes an atomic operation from the point of view of
the OVSDB transaction.

This change is associated to [1] on the Neutron side.

[1] https://review.opendev.org/c/openstack/neutron/+/829139

Partial-Bug: #1869244
Change-Id: Id7ece4ebc9239d9776c43b8d7f9e82b0319a08c6
2022-02-20 18:36:57 -06:00
Zuul 7f9e9b8a74 Merge "Fix typos" 2022-01-05 12:24:28 +00:00
ericxiett 4b4f291545 Fix typos
Change-Id: I605bcdde50a3e4427af74ba616887c15c787a40a
2021-09-21 09:33:29 +08:00
Sean Mooney e4dc8b5664 only register tables used by os-vif
This change limits the tables registered in the native driver
to the set actully used by os-vif. This will shorten the inital
startup time and reconnection time if the ovs db connection is dropped.
as a result this will help mitigate bug #1929446 where on reconnection
the nova compute agent can stall until reconnection is completed.

Change-Id: I635dff2b4fcff905ca8f431eb7e928265200f92a
Partial-Bug: #1929446
2021-08-23 13:25:41 +01:00
Sean Mooney 09c0629bb7 Use TCP keepalives for ovsdb connections
Ultimately, this is something that should be fixed in python-ovs,
but setting the SO_KEEPALIVE socket option benefits the client by
removing the need to send 'echo' requests, which can time out on
an overloaded ovsdb-server, which causes a disconnection which then#
adds even more load on the ovsdb-server as it has to send the entire
db contents over the wire after the connection is restored.

This patch ports the optimisation form neutron to reduce the likelyhood
of a reconnection which can cause the nova compute agent to hang
temporarily while the connection is reestablished.

Change-Id: I984ec62730276f8ee60d71a02a98fbfc4c37f7d8
Related-Bug: #1930926
Partial-Bug: #1929446
2021-08-23 12:39:25 +01:00
Sean Mooney b837c1a74f add configurable per port bridges
This patch add a new configuration option to use
per port bridge when hybrid_plug is false.
This can be used with OVN to reduce packet loss
during a live migration.

OVN can only install openflow rules when a port both has
external_ids set and an ofport-id assigned.
Since the ofport-id is only assigned when a netdev matching
the port name exists connected to the dataplane, OVN cannot
install the flows until libvirt create the tap on the destination
host during a live migration.

On loaded systems this can result in multiple seconds of packet loss.
To address this we introduce per port bridges which are connencted
to the integration brige by a patch port pair. Since the patch port
will exist on the dataplane during pre live migration OVN can install
the flows on the integration bridge before we begin the migration reducing
or avoiding packet loss.

Change-Id: I0d55ccbef5b585330b5512e67e442b80304a2e73
Depends-On: https://review.opendev.org/c/openstack/nova/+/797428
Closes-Bug: #1933517
2021-07-12 19:12:01 +00:00
Stephen Finucane 7b54dec878 Drop use of deprecated collections classes
These were moved in Python 3.3 and the aliases are going away in 3.10.
Preempt that change.

Change-Id: Id09b52ac5e746d8e4818cb4218422fe36f5e72f4
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-02-01 11:02:08 +00:00
Zuul cb21c4ed8d Merge "Fix - os-vif fails to get the correct UpLink Representor" 2020-10-22 04:49:08 +00:00
Mamduh Alassi b37de19c58 Fix - os-vif fails to get the correct UpLink Representor
Till kernel 5.7 PF and VF representors are exposed as virtual device.
They are not linked to its parent PCI device like how uplink
representor is linked.

Starting from kernel 5.8 due to new change [1] the PF and VF representors are
linked to their parent PCI device, and so "get_ifname_by_pci_address" fails
to get the correct UpLink Representor.

This patch modifys the behviour of "get_ifname_by_pci_address" to
check the physical port name of the netdev in
vf_pci_addr_path/physfn/net to match the formart for the uplink "p\d+".

[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=123f0f53dd64b67e34142485fe866a8a581f12f1

Closes-Bug: #1892132
Change-Id: I49f6ae3f0e6bfbf555c8284bfd70371ce90da0c7
2020-10-21 10:35:22 +03:00
Zuul cc15462308 Merge "Refactor code of linux_net to more cleaner and increase performace" 2020-10-05 16:10:27 +00:00
Mamduh 76f7565b99 Refactor code of linux_net to more cleaner and increase performace
The patch adds new functions '_get_phys_port_name' for reading physical
port name of the SR-IOV port and '_get_phys_switch_id' for reading
physical port switch ID of the SR-IOV port, in addition to refactoring
'get_representor_port' to use the new functions and decrease calls for
"_get_pf_func" and netdevs associated with the PF will now be processed
in the loop, however it will not be matching 'phys_port_name' which
ensures the correct behaviour.

In addition to updating the unit test for linux_net and remove not
needed mocks

Related-Bug: #1892132
Change-Id: I3fdbea4f48cb79ebfd03a4da21e2232ccafb7a76
2020-09-03 21:22:18 +03:00
Sean Mooney d7928102d6 deprecate ovs-vsctl driver and make native the default
The native ovsdb backend was added in stein with the
intent of making it the default in train and removing
the vsctl backend in ussuri.

The default was never changed and the deprecation was
not done so this change now does both.

Change-Id: Iaeeb7eaa656611b3ae571c391d51fcbfd2b59670
2020-09-01 19:04:26 +00:00
Takashi Natsume ee0b34eb3e Use unittest.mock instead of third party mock
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.

Change-Id: I67fcc16530f1c46eecb62e27eb7b88d1dee6f9df
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
2020-05-25 06:41:16 +00:00
Takashi Natsume 727d8da342 Remove six
Now that we no longer support py27, we can remove six.

Change-Id: Ie3ff2b7f5e8a5ff1357d6147ab1eb481f562aba3
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
2020-05-02 18:28:47 +09:00
Stephen Finucane ba9d4ca956 trivial: Remove some rules from flake8 ignore list
Most of these were either unnecessary or trivial to resolve.

Change-Id: I2952e4906a511f6ffc6c53dc1c582464000e22de
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2020-03-31 11:05:27 +01:00
Andreas Jaeger d57a5f39ed Update hacking for Python3
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.

Fix problems found by updated hacking version.

Change-Id: I8d4a0fc1b7c4e0c1e474a707aa900d09181ba11f
2020-03-31 06:44:56 +00:00
Rodolfo Alonso Hernandez d5b61d1065 [OVS] VLAN tag should be set in the Port register
In OVS, the VLAN tag for a device is set in the Port register,
not the Interface [1][2]. Method "BaseOVS.create_ovs_vif_port"
should implement it.

[1] http://docs.openvswitch.org/en/latest/faq/configuration/
[2] 1d354f7577/neutron/agent/common/ovs_lib.py (L346-L347)

Change-Id: Iaebd42af6d5b8e3165cf10e269addae0ff3665fb
Closes-Bug: #1860329
2020-01-30 12:19:51 +00:00
Adrian Chiris bb5e51309e Revert "[Follow Up] OVS DPDK port representors support"
it seems that relevant OVS patches still did not land [1][2].
I think we should revert and wait for the patches to merge first,
then we can go ahead and merge in os-vif with release note that states
the exact OVS version required.

[1] https://patchwork.ozlabs.org/patch/1186896/
[2] https://patchwork.ozlabs.org/patch/1215075/

This reverts commit 399e355088.

Change-Id: I7cd6112b3b35a6971d3d354abae7652344ed1c97
2020-01-22 14:39:55 +00:00
Hamdy Khader 399e355088 [Follow Up] OVS DPDK port representors support
Pass VF MAC address to ovs to set in case of netdev VIFHostDevice.

In case of DPDK representor port, Nova will pass through the VF PCI
as a hostdev and os-vif should pass the MAC to ovs as it would be
responsible for setting its MAC.
Moreover, when not using dpdk, libvirt does the mac cleanup,
since the VF is managed by libvirt, but when using DPDK,
libvirt does not manage the VF so we need to cleanup MAC address
in os-vif.

Change-Id: I5368c318cc0cfd7b5644d3da0dccbce7a48d6a85
Closes-Bug: #1829734
2020-01-15 20:42:50 +00:00
Sean Mooney 655c83d706 only disable mac ageing for ovs hybrid plug
The mac ageing configuration on linux bridges is now
conditional and caller controlled. By default mac ageing
is unspecified and will use the kernel's default of 300
seconds. For ovs with hybrid plug we override this to
0 to prevent packet loss issue during some migration
edgecases. This change reverts disabling mac ageing
for the linux bridge plugin which was accidentally
introduced during the brctl removal via inheriting the
ovs plugin's default behavior when the bridge create
code became shared.

Change-Id: I95612352de6cdb47de98eb80c208dd1a74499d41
Closes-bug: #1837252
2019-08-07 18:54:47 +01:00
Hamdy Khader 8883e3f305 OVS DPDK port representors support
Adds support for OVS DPDK port representors[1], a direct
port on a netdev datapath is considered a DPDK representor port.

Using VIFHostDevice object with netdev in its profile means the port is
a DPDK representor port.

[1] http://docs.openvswitch.org/en/latest/topics/dpdk/phy/#representors

Closes-Bug: #1829734
Change-Id: I78e7dadfa44ac7e0ba6c9f31b3070011e783589f
2019-06-11 16:16:30 +03:00
Hamdy Khader 1eef2d8a58 Fix mock of built in "open" function in unit tests
Closes-Bug: #1832352
Change-Id: I37ac054bf8a7ae78492f2c1923ff9dad6a702d9d
2019-06-11 16:16:30 +03:00
Zuul 6f08a3b4f8 Merge "Prevent "qbr" Linux Bridge from replying to ARP messages" 2019-05-05 02:53:29 +00:00
Rodolfo Alonso Hernandez ecc3620758 Remove unused vif_plug_ovs.i18n module
Change-Id: Ic5cc124a743eade30636cd1c615aebb0bb7c1adf
Closes-Bug: #1827393
2019-05-02 17:16:35 +00:00
Rodolfo Alonso Hernandez 9ad9b84839 Prevent "qbr" Linux Bridge from replying to ARP messages
The Linux Bridge in between the VM TAP interface and OVS should [1][2]:
- Reply only if the target IP address is local address configured
  on the incoming interface.
- Always use the best local address.

[1]http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP
[2]http://linux-ip.net/html/ether-arp.html#ether-arp-flux

Change-Id: I8721b680bbd9f59a67bd8e6855ffb291c208cdb8
Closes-Bug: #1825888
2019-04-26 09:19:55 +00:00
Rodolfo Alonso Hernandez ee124d2e98 Remove IP proxy methods
Remove IP proxy methods in os_vif.internal.command.ip.__init__.py. Both
Windows and Linux IP implementations have the same interface, IpCommand.
Method calls (set, add, delete, exists) must be the same for both IP
classes, making those proxy calls unnecessary.

Removed a nesting level for internal IP commands. Now those commands are
located in os_vif.internal.ip.

Change-Id: Id8b71172fb06b435cf169a7e55c11233f22fa65b
Closes-Bug: #1817940
2019-04-25 13:43:34 +00:00
Rodolfo Alonso Hernandez c63366d67c Refactor functional base test classes
The functional base test class should be implemented under os-vif.
Other projects will inherit from this project to implement functional
test cases.

Change-Id: Ib5873687032bfb55d1847d4948f6e9679cf6d31e
Closes-Bug: #1817938
2019-04-11 17:14:12 +00:00
Rodolfo Alonso Hernandez 1546d349b1 Add native implementation OVSDB API
Added native implementation OVSDB API. Both APIs may be enabled
via configuration file. The default one is the CLI vsctl.

A new configuration variable, ``ovsdb_connection``, is added to
define the connection string for the OVSDB backend.

Added functional tests to vif_plug_ovs. This commit also includes
the base functions to execute functional tests and a set of them
to test the OVSDB APIs: native and ovs-vsctl.

Closes-Bug: #1666917
Change-Id: I86fbf8c67572e51889eb091d7bff7f9350b52481
2019-02-26 18:15:14 +00:00
Zuul 2493f6a518 Merge "remove brctl from vif_plug_ovs" 2019-02-25 13:02:58 +00:00
Sean Mooney 5027ce833c remove brctl from vif_plug_ovs
- This change extends the ip_command interface set function
  to accept a master as a parent device for a given interface.
- This change extends the impl_pyroute2 add function to
  support creating linux bridges.
- This change replaces calls to brctl with calls to the ip_command api.
- This change removes the use of tee to disable ipv6 in the ovs plugin.

Change-Id: I8308e8840e20b0a72d00880c1a7996b4c73f6a83
Partial-Bug: #1801919
2019-02-21 14:21:10 +00:00
Rodolfo Alonso Hernandez 0c6a21c064 Add function "has_table_columns" to OVSDB implementation API
Change-Id: Ide8ffcc99a05edf15ce511b1bd4a9b1552dad5d1
Closes-Bug: #1814577
2019-02-21 14:11:12 +00:00
Zuul 3869596374 Merge "Convert hardcoded regexes to raw strings for py36" 2019-02-20 04:12:12 +00:00
Hamdy Khader 9611f04722 Add create_port field in VIFPortProfileOpenVSwitch profile
In case of Smart NIC, os-vif is used to plug the representor port to the
integration bridge, so the Neutron agent that runs on the Smart NIC must
behave like libvirt and do plug/unplug for the representor port.

Change-Id: Ic2c3c88ad0c3865dae96c717b5d137f1ea18326f
2019-02-19 15:31:43 +02:00
Jan Gutter 2259967e3c Convert hardcoded regexes to raw strings for py36
From the Python 3.6 release notes:

A backslash-character pair that is not a valid escape sequence now
generates a DeprecationWarning. Although this will eventually become a
SyntaxError, that will not be for several Python releases. (Contributed
by Emanuel Barry in bpo-27364.) [1]

This patch converts the remaining regexes in the ovs plugin to raw.

[1]: https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior

Change-Id: I640d636cb602de543e942ad7f2339e63a487a43b
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
2019-02-06 10:18:54 +02:00
Sean Mooney 86ad3cb242 do not always plug ovs ports.
As part of resolving bug #1734320 the os-vif ovs plugin
was modified to always plug the vif to ovs in all code paths.
This change reverts that behavior as it has been determined
that libvirt will recreate the port which introduces new
issues for neutron and breaks the intent of the os-vif change.

Change-Id: I76a2de2e8077d8a931af0056690dad4a569e228a
Related-Bug: #1728600
Related-Bug: #1808171
Related-Bug: #1811405
2019-01-18 19:10:58 +00:00
ZhijunWei 751f519358 Update hacking version
Use latest release 1.1.0 and compatible changes w.r.t pep8

Change-Id: Ic5014f443b9093d6168c824ad66151cd1c489b74
2019-01-07 11:04:24 +08:00
Zuul 5fa14f8372 Merge "add isolate_vif config option" 2018-12-07 21:13:42 +00:00
Zuul 5d8d1742bd Merge "always create ovs port during plug" 2018-12-07 13:33:35 +00:00
Sean Mooney d291213f1e add isolate_vif config option
- This change add a new isolate_vif config
  option to the OVS plugin.

- The isolate_vif option defaults to False
  for backwards compatiblity with SDN-based
  deployments.

- This change is a partial mitigation of bug
  1734320, when isolate_vif is set to True
  os-vif will assign VIFs to the neutron
  l2 agent dead VLAN 4095. This should only
  be set when using the ml2/ovs neutron
  backend.

Change-Id: I87ee9626cc6b4a01465a6b1908bc66bc7be0a4bc
Partial-Bug: #1734320
2018-12-07 12:21:44 +00:00
Sean Mooney 165ed32591 always create ovs port during plug
- This change modifies the ovs plugin to always
  create the ovs interface in the ovs db.
- This change enables the neutron l2 agent to configure
  the ovs interface by assigning a vlan tag and
  installing openflow rules as appropriate.
- This change will reduce the live migration
  time for kernel ovs ports with hybrid plug false
  by creating the ovs port as part of plug before
  the migration starts.
- This change adds the privsep decorator
  to delete_net_dev to account for it new usage
  via _unplug_vif_generic and address bug #1801072

Change-Id: Iaf15fa7a678ec2624f7c12f634269c465fbad930
Partial-Bug: #1734320
Closes-Bug: #1801072
2018-11-21 20:17:57 +00:00
Jan Gutter c5fda08d40 Do not call linux_net.delete_net_dev on Windows
The current ovs unplug codepath for Windows triggers an OVSDB port
delete command, which is applicable, and a linux netdev delete command,
which is not. This changes the unplug logic to skip the delete step.

Change-Id: Id7f81ae174d354e593d919813bdf7b3b97cbcd8b
Closes-Bug: #1798051
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
2018-10-16 17:33:39 +02:00
Jan Gutter 330051a702 Fix random test_unplug_ovs failures
https://review.openstack.org/#/c/476612/ introduced an abstract
OVSDB API, but it seems the gate is randomly calling linux_net utils in
the context of Windows plug and unplug.

This was because one of the tests set sys.platform to Windows, resulting
in random failures, depending on the order in which the tests ran.

Change-Id: I7e2a548fa4edc743d913f71dde48f613a7a5a8df
Partial-Bug: #1798051
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
2018-10-16 17:32:33 +02:00