Nova compute service plugs VIF on service init, it triggers
rules reinitialization for iptables filter. But it breaks
traffic in case isolate_vif is used by assigning dead VLAN
to the port. This patch prevents dead VLAN assingment
for ports that exists.
Co-Authored-By: aarefiev@mirantis.com
Closes-Bug: #2023300
Change-Id: Ib1b7467fce9facfbfcd698bf6e9f950c0cead650
This change modifies the os-vif ovs plugin to set a default
tc qdisc on ovs interface when the host os is not windows
and the system datapath is used.
This change fixes a "silent" bug in the functional test code due
to a change in an ovsdbapp function signiture to accpet a new paramater.
Closes-Bug: #2017868
Change-Id: Id9ef7074634a0f23d67a4401fa8fca363b51bb43
* removed skipdist=True to make sure os-vif is available in the virtual
env
* removed basepython = python3 as we assume all developer switched to
python3 in their env already
* removed ignore_basepython_conflict = True as without the basepython
definition generative targets now work without conflict
Also squashed in the commit fixing the functional target as both fix is
needed to unblock the gate:
add CAP_DAC_OVERRIDE to test privsep contexts
This change modifes the privsep contexts used by the test
code to create inteface without using the os-vif plugins.
The os-vif functional tests actully create ovs and linux
brdiges and dummy netdevs. to ensure the drier work correctly
the functional tests have a simpler test only version of the
port/brige management commands that are used to prepare
and validate the test env. The simpler implementation uses
standard linux commandline tools like "ip" or "ovs-vsctl"
which on ubuntu 22.04 require the addtion of CAP_DAC_OVERRIDE
to work around socket/file ownership issues.
To avoid adding capablities at runtime that are not required
this change modifes the existing test only context in
the os_vif.tests.functional.privsep module and add a new test
context for the vif_plug_ovs plugin
Change-Id: Ide357cb64a8d128ff8ad978abae6a039e814d8a9
os-vif currently set the requested mtu as part of separate request
to the port add command. As a result the port is initially created
with mbufer pool for the jumboframe size, which results in an
error in openvswitch-vswitch logs.
This change moves the mtu update request into ovsdb transaction.
Closes-Bug: #1959586
Change-Id: I1acd74efc100c6f949b5c72525c455aebfa2c50e
During the Zed PTG it was decided that to solve the race condition
between os-vif and Neutron when deleting trunk bridges, os-vif will be
responsible of both the creation and the deletion of the bridge (see Day
2 first topic at [1]). This change adds the code to delete trunk
bridges.
[1] https://lists.openstack.org/pipermail/openstack-discuss/2022-April/028164.html
Change-Id: I7d834a0c31c801e96002f42f86409ba274c234e6
There is a cold migration scenario that leaves some interfaces behind in
case port binding changes from hybrid to direct plugging between the
nodes. This patch adds functionality that checks presence of
intermediate linux bridge and clears things up properly if found.
Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Change-Id: Ic5b38a0467b3c18e38bec005d80cd1f5f0e66b28
When a VM is rebooted and it has a port in a Neutron trunk with DPDK and
vhostuserclient mode, Nova will delete the OVS port and then recreate it
when the VM reboots. This quick transition can create a race condition
whereby Neutron deletes the trunk's bridge between the interface removal
and addition by os-vif, so the latter operation fails because the bridge
doesn't exist anymore. To fix this, ensuring the bridge existance and
the vif addition becomes an atomic operation from the point of view of
the OVSDB transaction.
This change is associated to [1] on the Neutron side.
[1] https://review.opendev.org/c/openstack/neutron/+/829139
Partial-Bug: #1869244
Change-Id: Id7ece4ebc9239d9776c43b8d7f9e82b0319a08c6
This change limits the tables registered in the native driver
to the set actully used by os-vif. This will shorten the inital
startup time and reconnection time if the ovs db connection is dropped.
as a result this will help mitigate bug #1929446 where on reconnection
the nova compute agent can stall until reconnection is completed.
Change-Id: I635dff2b4fcff905ca8f431eb7e928265200f92a
Partial-Bug: #1929446
Ultimately, this is something that should be fixed in python-ovs,
but setting the SO_KEEPALIVE socket option benefits the client by
removing the need to send 'echo' requests, which can time out on
an overloaded ovsdb-server, which causes a disconnection which then#
adds even more load on the ovsdb-server as it has to send the entire
db contents over the wire after the connection is restored.
This patch ports the optimisation form neutron to reduce the likelyhood
of a reconnection which can cause the nova compute agent to hang
temporarily while the connection is reestablished.
Change-Id: I984ec62730276f8ee60d71a02a98fbfc4c37f7d8
Related-Bug: #1930926
Partial-Bug: #1929446
This patch add a new configuration option to use
per port bridge when hybrid_plug is false.
This can be used with OVN to reduce packet loss
during a live migration.
OVN can only install openflow rules when a port both has
external_ids set and an ofport-id assigned.
Since the ofport-id is only assigned when a netdev matching
the port name exists connected to the dataplane, OVN cannot
install the flows until libvirt create the tap on the destination
host during a live migration.
On loaded systems this can result in multiple seconds of packet loss.
To address this we introduce per port bridges which are connencted
to the integration brige by a patch port pair. Since the patch port
will exist on the dataplane during pre live migration OVN can install
the flows on the integration bridge before we begin the migration reducing
or avoiding packet loss.
Change-Id: I0d55ccbef5b585330b5512e67e442b80304a2e73
Depends-On: https://review.opendev.org/c/openstack/nova/+/797428
Closes-Bug: #1933517
These were moved in Python 3.3 and the aliases are going away in 3.10.
Preempt that change.
Change-Id: Id09b52ac5e746d8e4818cb4218422fe36f5e72f4
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Till kernel 5.7 PF and VF representors are exposed as virtual device.
They are not linked to its parent PCI device like how uplink
representor is linked.
Starting from kernel 5.8 due to new change [1] the PF and VF representors are
linked to their parent PCI device, and so "get_ifname_by_pci_address" fails
to get the correct UpLink Representor.
This patch modifys the behviour of "get_ifname_by_pci_address" to
check the physical port name of the netdev in
vf_pci_addr_path/physfn/net to match the formart for the uplink "p\d+".
[1] https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=123f0f53dd64b67e34142485fe866a8a581f12f1
Closes-Bug: #1892132
Change-Id: I49f6ae3f0e6bfbf555c8284bfd70371ce90da0c7
The patch adds new functions '_get_phys_port_name' for reading physical
port name of the SR-IOV port and '_get_phys_switch_id' for reading
physical port switch ID of the SR-IOV port, in addition to refactoring
'get_representor_port' to use the new functions and decrease calls for
"_get_pf_func" and netdevs associated with the PF will now be processed
in the loop, however it will not be matching 'phys_port_name' which
ensures the correct behaviour.
In addition to updating the unit test for linux_net and remove not
needed mocks
Related-Bug: #1892132
Change-Id: I3fdbea4f48cb79ebfd03a4da21e2232ccafb7a76
The native ovsdb backend was added in stein with the
intent of making it the default in train and removing
the vsctl backend in ussuri.
The default was never changed and the deprecation was
not done so this change now does both.
Change-Id: Iaeeb7eaa656611b3ae571c391d51fcbfd2b59670
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I67fcc16530f1c46eecb62e27eb7b88d1dee6f9df
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
Now that we no longer support py27, we can remove six.
Change-Id: Ie3ff2b7f5e8a5ff1357d6147ab1eb481f562aba3
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
Most of these were either unnecessary or trivial to resolve.
Change-Id: I2952e4906a511f6ffc6c53dc1c582464000e22de
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found by updated hacking version.
Change-Id: I8d4a0fc1b7c4e0c1e474a707aa900d09181ba11f
it seems that relevant OVS patches still did not land [1][2].
I think we should revert and wait for the patches to merge first,
then we can go ahead and merge in os-vif with release note that states
the exact OVS version required.
[1] https://patchwork.ozlabs.org/patch/1186896/
[2] https://patchwork.ozlabs.org/patch/1215075/
This reverts commit 399e355088.
Change-Id: I7cd6112b3b35a6971d3d354abae7652344ed1c97
Pass VF MAC address to ovs to set in case of netdev VIFHostDevice.
In case of DPDK representor port, Nova will pass through the VF PCI
as a hostdev and os-vif should pass the MAC to ovs as it would be
responsible for setting its MAC.
Moreover, when not using dpdk, libvirt does the mac cleanup,
since the VF is managed by libvirt, but when using DPDK,
libvirt does not manage the VF so we need to cleanup MAC address
in os-vif.
Change-Id: I5368c318cc0cfd7b5644d3da0dccbce7a48d6a85
Closes-Bug: #1829734
The mac ageing configuration on linux bridges is now
conditional and caller controlled. By default mac ageing
is unspecified and will use the kernel's default of 300
seconds. For ovs with hybrid plug we override this to
0 to prevent packet loss issue during some migration
edgecases. This change reverts disabling mac ageing
for the linux bridge plugin which was accidentally
introduced during the brctl removal via inheriting the
ovs plugin's default behavior when the bridge create
code became shared.
Change-Id: I95612352de6cdb47de98eb80c208dd1a74499d41
Closes-bug: #1837252
Adds support for OVS DPDK port representors[1], a direct
port on a netdev datapath is considered a DPDK representor port.
Using VIFHostDevice object with netdev in its profile means the port is
a DPDK representor port.
[1] http://docs.openvswitch.org/en/latest/topics/dpdk/phy/#representors
Closes-Bug: #1829734
Change-Id: I78e7dadfa44ac7e0ba6c9f31b3070011e783589f
Remove IP proxy methods in os_vif.internal.command.ip.__init__.py. Both
Windows and Linux IP implementations have the same interface, IpCommand.
Method calls (set, add, delete, exists) must be the same for both IP
classes, making those proxy calls unnecessary.
Removed a nesting level for internal IP commands. Now those commands are
located in os_vif.internal.ip.
Change-Id: Id8b71172fb06b435cf169a7e55c11233f22fa65b
Closes-Bug: #1817940
The functional base test class should be implemented under os-vif.
Other projects will inherit from this project to implement functional
test cases.
Change-Id: Ib5873687032bfb55d1847d4948f6e9679cf6d31e
Closes-Bug: #1817938
Added native implementation OVSDB API. Both APIs may be enabled
via configuration file. The default one is the CLI vsctl.
A new configuration variable, ``ovsdb_connection``, is added to
define the connection string for the OVSDB backend.
Added functional tests to vif_plug_ovs. This commit also includes
the base functions to execute functional tests and a set of them
to test the OVSDB APIs: native and ovs-vsctl.
Closes-Bug: #1666917
Change-Id: I86fbf8c67572e51889eb091d7bff7f9350b52481
- This change extends the ip_command interface set function
to accept a master as a parent device for a given interface.
- This change extends the impl_pyroute2 add function to
support creating linux bridges.
- This change replaces calls to brctl with calls to the ip_command api.
- This change removes the use of tee to disable ipv6 in the ovs plugin.
Change-Id: I8308e8840e20b0a72d00880c1a7996b4c73f6a83
Partial-Bug: #1801919
In case of Smart NIC, os-vif is used to plug the representor port to the
integration bridge, so the Neutron agent that runs on the Smart NIC must
behave like libvirt and do plug/unplug for the representor port.
Change-Id: Ic2c3c88ad0c3865dae96c717b5d137f1ea18326f
From the Python 3.6 release notes:
A backslash-character pair that is not a valid escape sequence now
generates a DeprecationWarning. Although this will eventually become a
SyntaxError, that will not be for several Python releases. (Contributed
by Emanuel Barry in bpo-27364.) [1]
This patch converts the remaining regexes in the ovs plugin to raw.
[1]: https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior
Change-Id: I640d636cb602de543e942ad7f2339e63a487a43b
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
As part of resolving bug #1734320 the os-vif ovs plugin
was modified to always plug the vif to ovs in all code paths.
This change reverts that behavior as it has been determined
that libvirt will recreate the port which introduces new
issues for neutron and breaks the intent of the os-vif change.
Change-Id: I76a2de2e8077d8a931af0056690dad4a569e228a
Related-Bug: #1728600
Related-Bug: #1808171
Related-Bug: #1811405
- This change add a new isolate_vif config
option to the OVS plugin.
- The isolate_vif option defaults to False
for backwards compatiblity with SDN-based
deployments.
- This change is a partial mitigation of bug
1734320, when isolate_vif is set to True
os-vif will assign VIFs to the neutron
l2 agent dead VLAN 4095. This should only
be set when using the ml2/ovs neutron
backend.
Change-Id: I87ee9626cc6b4a01465a6b1908bc66bc7be0a4bc
Partial-Bug: #1734320
- This change modifies the ovs plugin to always
create the ovs interface in the ovs db.
- This change enables the neutron l2 agent to configure
the ovs interface by assigning a vlan tag and
installing openflow rules as appropriate.
- This change will reduce the live migration
time for kernel ovs ports with hybrid plug false
by creating the ovs port as part of plug before
the migration starts.
- This change adds the privsep decorator
to delete_net_dev to account for it new usage
via _unplug_vif_generic and address bug #1801072
Change-Id: Iaf15fa7a678ec2624f7c12f634269c465fbad930
Partial-Bug: #1734320
Closes-Bug: #1801072
The current ovs unplug codepath for Windows triggers an OVSDB port
delete command, which is applicable, and a linux netdev delete command,
which is not. This changes the unplug logic to skip the delete step.
Change-Id: Id7f81ae174d354e593d919813bdf7b3b97cbcd8b
Closes-Bug: #1798051
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
https://review.openstack.org/#/c/476612/ introduced an abstract
OVSDB API, but it seems the gate is randomly calling linux_net utils in
the context of Windows plug and unplug.
This was because one of the tests set sys.platform to Windows, resulting
in random failures, depending on the order in which the tests ran.
Change-Id: I7e2a548fa4edc743d913f71dde48f613a7a5a8df
Partial-Bug: #1798051
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>