When a load balancer pool has a Health Monitor associated with it,
an OVN LB Health Monitor port is created for each backend member
subnet added.
When removing backend members, the OVN LB Health Monitor port is
cleaned up only if no more members are associated with the Health
Monitor pool. However, this assumption is incorrect. This patch
corrects this behavior by checking instead if there are more members
from the same subnet associated with the pool. It ensures that the
OVN LB Health Monitor port is deleted only when the last member from
the subnet is deleted. If the port is being used by another different
LB Health Monitor, `_clean_up_hm_port` will handle it.
Closes-Bug: #2062965
Change-Id: I4c35cc5c6af14bb208f4313bb86e3519df0a30fa
After [1] the IPv6 backend members health checks are supported,
they are mapping into field ip_port_mappings of the OVN LB entity
and translated to OVN SB DB Service_Monitor entries, same way
for IPv4 ones.
However, IPv6 backend members require being enclosed in [ ], and
this was not occurring, causing it not to translate into entries
in the Service_Monitor table. This patch fixes this issue.
Furthermore, a one-time maintenance task has been developed to fix
those existing IPv6 Health Monitors directly upon the startup of
the ovn-octavia-provider component without requiring any action
by the administrator/user.
[1] 40a686e8e7
Closes-Bug: #2055876
Change-Id: I9b97aa9e6c8d601bc9e465e6aa8895dcc2666568
Due to some events received among different tests in the
same worker, this patch add '--isolated' tag to stestr
to run every test on a unique worker and in a different stestr
process.
Closes-Bug: #2058400
Change-Id: I9ff255c110774590f53811162572eef596ff9a04
Add file to the reno documentation build to show release notes for
stable/2024.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2024.1.
Sem-Ver: feature
Change-Id: I11c406fa7677c5ac2b6192a8319a7c4d00ec22f2
As per [1], the gateway neutron-ovn-invalid-chassis previously
used for the CR-LRP gateway_chassis has been removed. However,
it is necessary to determine whether a Logical Router Port (LRP)
is a gateway port or not to appropriately assign the Load
Balancer (LB) to the Logical Switch (LS) associated with tenant
and provider networks.
This patch modifies the logic within the LogicalRouterPortEvent
to examine the external_ids and determine if the port is a
gateway port or not, regardless of whether gateway_chassis is
included or not.
[1] https://review.opendev.org/c/openstack/neutron/+/909305
Closes-Bug: #2056537
Change-Id: I05bc97362e45a0239cf9206ba8539fcfb10a1151
Following the steps done in [1] additional retries have added after
decompose in a soft refactor main methods that call to Neutron.
To clarify the refactor, the following changes have been made in FT
base methods:
- The method _create_subnet_from_net was previously responsible for
creating subnet, ports, and attaching to the router. Now, these three
actions are individual methods.
- FT calls to base methods are sorted in the following sequence:
- Create net
- Create subnet
- Create port
- Create router
- Attach router to subnet
- Retry mechanisms have been added to all methods that make calls to
the L3_plugin for creation of resources.
As this way every small method can be cover by retry in case Neutron
reports a exception.
NOTE: due to a cross depedency with fix done in [2], some tests have
been skipped, but it will be restored in [2].
[1] https://review.opendev.org/c/openstack/ovn-octavia-provider/+/883662
[2] https://review.opendev.org/c/openstack/ovn-octavia-provider/+/911701
Related-Bug: #2020195
Change-Id: I98aad143556ff0ec7ecb365de99fd58a6dcb734e
tox now always recreates an env although the env is shared using envdir
options.
~~~
$ tox -e genpolicy
genpolicy: recreate env because env type changed from
{'name': 'genconfig', 'type': 'VirtualEnvRunner'} to
{'name': 'genpolicy', 'type': 'VirtualEnvRunner'}
~~~
According to the maintainer of tox, this functionality is not intended
to be supported.
https://github.com/tox-dev/tox/issues/425#issuecomment-1011944293
Change-Id: I2f82337223a936a3ed89f43e249a06e86d0f141b
Fix a few incorrectly called assertions:
not_called -> assert_not_called
has_calls -> assert_has_calls
Fix a failing test as a result of the assertion actually being made.
Change-Id: Ia57ff2374ba9ecdede28f4651c3caa638db0da46
The current pattern does not match the target path so git still picks
up the file as a change which can be included.
Change-Id: I8a4c0781ecba4c7b2686213623bb312c523b41ac
When creating a load balancer with both IPv4 and IPv6 protocols
for the LB VIP and additional_vips field, it is essential to
allow the mixing of IPv4 and IPv6 backend members.
This patch enables this use case and ensures that the 'vips'
field in the OVN NB DB associates IPv4-type LB VIPs with IPv4
members and IPv6-type LB VIPs with IPv6 members exclusively.
Closes-Bug: 2047055
Change-Id: I173a6456e8a5f776cac207390e670afa34f83d7c
The ceilometer services were removed from core devstack a long ago[1].
Unless the additional plugins are installed, overriding status of
the ceilometer services is just useless.
[1] e9a4750fe1b111eeb457378c26ca9eea1b5e0085
Change-Id: I236f809f7866d719acee8231536d2c26d2456447
Some changes require updating the existing entities in a
clear and transparent way for the user.
This patch adds a mechanism to create separate tasks that
can run periodically or just once in order to update or
modify existing entities that require changes after a new
patch or RFE.
As an example, a first task has been included for updating
existing OVN LB HM ports, changing their device_owner, and
adding their device_id.
Closes-Bug: 2038091
Change-Id: I0d4feb1e5c128d5a768d1b87deb2dcb3ab6d1ea1
To differentiate OVN LB HM (Load Balancer Health Monitor) ports
from Neutron ovn-metadata ports, a new constant will be used for
the 'device_owner' field in OVN LB HM ports.
This change ensures that these ports are not managed by some Neutron
tasks that assume only one port per network should have a 'device_owner'
value of 'network:distributed'.
Partially-Closes: 2038091
Depends-On: https://review.opendev.org/c/openstack/neutron/+/897345
Change-Id: I9a9a55d919fc215bf9a593a894e678c84e395e82
When LB or member is created, driver looks for the Logical Router which
is plugged to the Logical Switch. As there can be more than one address
on the port, we should iterate over them to be compared with the gateway
IP.
This patch modifies code to do not crash if more than one address is
found in neutron:cidrs external_ids field.
Closes-Bug: 2036620
Change-Id: I17b2c2577a4d99455c30ca1e10632a7004d7c084
Add file to the reno documentation build to show release notes for
stable/2023.2.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.2.
Sem-Ver: feature
Change-Id: I5acf5babe7f81123d3b883ae91e75ae86e198d92
When a HM is attached to a pool and a backend member in that pool
is a fake member (e.g. due to a typo on creation) the member remains
in ONLINE status. Basically this is due to the fact that there
isn't any LSP attached to that member and no Service_Monitor entries
will take care of it.
This patch checks inmediatelly after creation the member and update
the whole LB status to reflect this fake member that could help to
the user to identify quickly those fake members.
Closes-Bug: 2034522
Change-Id: I72b2d9c5f454f9b156414bf91ca7deb7f0e9d8b0
It is needed to enforce the correct versions of both projects due
to incompatibilities with previous version. The Neutron Bobcat beta
3 should work with neutron-lib 3.8.0.
Change-Id: I1b7e35c92b01c15c9c236861f60d13bc5098330f
Since [1] OVN/OVS source deploy jobs running with
OVN_BRANCH=main fails to compile ovn as this now
requires newer ovs commits from branch-3.2.
[1] https://github.com/ovn-org/ovn/commit/558da0cd
Change-Id: Ia546671f0d7be3e893eb2c7de67c82287bc53f52
When a LogicalSwitchPortUpdate event is triggered after removing
FIP from LB VIP, the event received include the port affected,
but the FIP related is not passing to the handler method.
This patch includes the FIP into the info passed to the handler
method, simplifying the current handler logic and providing
future support for the new multi-vip feature. Also added a match
for only manage events including external_id updates.
Closes-Bug: #2028161
Change-Id: Ibee3906e8e9575fba7811e989e3e111a026ce45b
Currently when a FIP is attached to LB VIP after a HM is already
created, the LB_HC created for the new FIP is not including the
port in the vip field. At this way, when a member is in ERROR
operating status, request over the FIP are still distribute
to the ERROR'ed members.
This patch add the port when the FIP is associated to the LB VIP.
Related-Bug: #1997418
Change-Id: Iefe5d67b5a8fc47972b14c4247c381d625efcc09
When a HM is deleted, Octavia API will block the related
pool with a provision_status to PENDING_UPDATE, waiting
for the new status after finishing the HM deletion on the
provider. When multiple pools are attached to a LB, this
status is sent for the first pool obtained, keeping the
related pool in PENDING_UPDATE.
This patch ensures that the update status sent by the ovn
provider is referencing the correct pool id.
Closes-Bug: 2024912
Change-Id: Ie5d01ce291409383558b3dd7c4d2fe91fd657255
This patch adds support to configure ovn loadbalancer
affinity_timeout option based on the pool session persistence
timeout.
Change-Id: I07c8f3492e62576f66008e8ea1ef9846bed8c6fa
Traffic to member, if they have FIPs gets centralized when they
are part of a loadbalancer. However, when the loadbalancer gets
deleted, the traffic should be distributed again (if DVR was
enabled). To do that this patch also considers the cascade deletion
Closes-Bug: #2025637
Change-Id: Ie4b44c9f15fc9e33a68f9aacd766590b974c63fd
If a new member is added with the admin_state_up set to False,
they should not participate in load balancing requests over
the LB VIP. However, the member still receives requests, even
though the Octavia API applies the member's operation_status correctly,
This patch fixes this issue by not adding the member to the vips
(at OVN NB) so that request over LB VIP are not taking into account
that member.
Closes-Bug: 2016862
Change-Id: Iec7f6b1da8548a29eb9cc0e2544e77e1a6c6fb1e
An out of sync has been identified between the changes applied
over the OVN NB DB and Octavia DB when a batch-update-members
includes some unsupported option for any of the member to be
modified.
To prevent such inconsistencies, this patch rejects the entire
request if any of the proposed changes are identified as
unsupported. The user will be notified of the reason for the
rejection.
Closes-Bug: 2017216
Change-Id: I6e132ab5c23c9c53176612f74bb500e46c89024f
After a thorough review of the issue, it looks like that the problem
does not originate from the base code of ovn-octavia-provider or
neutron. Other projects are also experiencing this problem,
indicating that it likely stems from a different source or set of
libraries [1].
To minimize the need for extensive rechecks on future patches, this
patch introduces a retry mechanism, utilizing tenacity, to the
affected methods.
Once the root cause of the problem '(sqlite3.InterfaceError) Cursor
needed to be reset because of commit/rollback and can no longer be
fetched from,' is identified and resolved, this patch should be
reverted.
[1] https://opensearch.logs.openstack.org/_dashboards/app/discover/?security_tenant=global#/?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-30d,to:now))&_a=(columns:!(_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'94869730-aea8-11ec-9e6a-83741af3fdcd',key:build_status,negate:!f,params:(query:FAILURE),type:phrase),query:(match_phrase:(build_status:FAILURE)))),index:'94869730-aea8-11ec-9e6a-83741af3fdcd',interval:auto,query:(language:kuery,query:'message:%22Cursor%20needed%20to%20be%20reset%20because%20of%20commit%2F%22'),sort:!())
Related-Bug: #2020195
Change-Id: Ia7a9b5230f9cf56de8278b736022240a780130d6
python-neutronclient has been deprecated and Octavia has already removed
it in the dependend change below. These are the respective changes on
ovn-octavia-provider side and they are in line with changes in Octavia
itself:
- Replaced code that uses the deprecated `python-neutronclient` library
with code that uses `openstacksdk` and removed `python-neutronclient`
as a dependency.
- Marked certain configuration options that were related to Keystone
authentication as deprecated for removal. In future releases
authentication options options need to be added to the [neutron]
section of the configuration.
Note: After [1] some calls to neutron test_db_base_plugin_v2 had added
a new param 'as_admin' that need to be included in the calls from
ovn-provider functional tests. Squashed with patch [2] to solve
cross dependency.
[1] https://review.opendev.org/c/openstack/neutron/+/879827
[2] https://review.opendev.org/c/openstack/ovn-octavia-provider/+/882715
Depends-On: https://review.opendev.org/c/openstack/octavia/+/866327
Change-Id: I985b24e4a6db962b1e73eeae69a8c96f4b0760ae
Clarify that HM type is not supported for SCTP because OVN
health checks is just supporting TCP and UDP-CONNECT.
Change-Id: Ice771ae36a521baad792c935fd2481602548a24d
With [1] OVN main branch compilation fails, until
main branch is fixed to work with ovs master, let's
pin OVS_BRANCH to working commit.
[1] https://github.com/openvswitch/ovs/commit/07cf5810de
Related-Bug: #2015728
Change-Id: Icdd1affc944de6c1e00da9539e13a8d698cfc0e6
LB ip_port_mapping is updated just adding and deleting every member
after any related operation over the LB-HM, this operation was done
in two steps, a db_clear and a db_set.
This patch takes ovsdbapp specific commands for add/del backends to
the ip_port_mapping in a more appropiate way, reducing any further
operation from OVN DBs not related to the member added/deleted. Also
taking care about the possibility of the same backend_ip could be
pointed by other member, under a different HM.
ovsdbapp bumps to 2.1.0 to be able to use those new functionalities [1]
[1] f3c5da5402
Closes-Bug: 2007835
Change-Id: I5705c490bcd36e7e2edcc62954a3ffa0ff645519
With the latest version of bandit (1.7.5), a new lint rule has been
introduced that checks the inclusion of the timeout parameter for
every "requests" call [1].
So B113 lint rule[2] needs to be skipped or code adapted, this patch
add the timeout parameter to the put/get requests.
[1] 5ff73ff8ff
[2] https://bandit.readthedocs.io/en/latest/plugins/b113_request_without_timeout.html
Closes-bug: #2011573
Change-Id: I341faedbf7e237eed176e0d3ed3586b8d2c2cbb8
Add file to the reno documentation build to show release notes for
stable/2023.1.
Use pbr instruction to increment the minor version number
automatically so that master versions are higher than the versions on
stable/2023.1.
Sem-Ver: feature
Change-Id: I4b12eeeb72bdbc301540564005e476672bfd1012