After we switch to 'local' capacity scope, each host will call
kuryr to create a subnetpool. To handle this, we create the
subnetpool at the first call, and return the existing subnetpool
at subsequent calls.
Change-Id: I987dba992fa5fe590c17a8ee49d14d03bcc08dd3
tox.ini started failing with Tox4 which had some
incompatible changes.
Fixing tox.ini for tox4 changes.
The latest version of docker broke kuryr-libnetwork since
it removes external k/v support. We have to hardcode
to an older version of docker to workaround.
The CI failed to delete subnetpool since the subnet haven't
been deleted yet. This commit also fixed it.
Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-container/+/875113
Change-Id: Id48bb7d92f2f5d9d08b44acf651dbba3bf2e924e
* When libnetwork requests the IP address of the gateway
(via /IpamDriver.RequestAddress) and the neutron subnet has gateway
as None, return '0.0.0.0/0' as a placeholder.
* Disable default docker gateway via the 'DisableGatewayService' flag
(see https://github.com/moby/libnetwork/pull/778).
Change-Id: I3033d28eb268a01de8cf038b1ed20110ca9a31ea
Closes-Bug: #1881910
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Change-Id: I71b869fc509cb46b55b1e88fae20422bcba085f7
Now that we no longer support py27, we can use the standard library
unittest.mock module instead of the third party mock lib.
Change-Id: I9357128c04f2fe0284432c1f6a543d63309efda3
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Listing neutron extensions is part of the startup process.
During system reboot, kuryr-libnetwork process might start before
the neutron processes, which leads to failure on listing neutron
extensions thus failing the kuryr process.
We need to be robust on startup. This commit will retry a few
times on listing extensions to handle this case.
Change-Id: I18a2a6c057225e30ba7e03e1377ab88884d8d2bd
Related-Bug: #1850936
The api documentation is now published on docs.openstack.org instead
of developer.openstack.org. Update all links that are changed to the
new location. This also updates some ancient links.
Note that redirects will be set up as well but let's point now to the
new location.
For details, see:
http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007828.html
Change-Id: I1465f265e631c7f3c55cc0634ec3516b40d5bc83
This allows external service pre-create a neutron port with
'binding:host_id' populated before passing the port to kuryr.
This is important because setting 'binding:host_id' is slow.
This blocks the docker daemon for serving other requests,
which blocks the whole system.
We want to have this field pre-populated so that the docker
daemon won't be blocked by this API call.
This commit also allows the 'device_owner' field to be
customized if users choose to pre-populate the 'binding:host_id'
field. In addition, this commit skips the API call to update the
neutron port if the 'binding:host_id' is pre-populated
and 'admin_state_up' and 'mac_address' fields are unchanged.
Closes-Bug: #1809306
Change-Id: I09c4a51410dffaec21ab0bb3db85df8c776c92e5
In before, we renamed existing neutron ports in order to make
the ports searchable by using endpoint_id.
However, user experience is bad on such renaming because the original
name is lost. This commit proposes to use tagging approach instead.
In particular, we tag the endpoint_id to the existing ports so that
the ports are still searchable by using tags.
Closes-Bug: #1810219
Change-Id: I9930f3bcc3a6dbf4b23bf8488f08655bc43b5ba8
On removing a tag to a resource (port/subnet/subnetpool/network),
if the resource doesn't have the tag, skip the neutron API call to
remove_tag because the tags will be unchanged.
This will avoid one or two Neutron API calls and optimize the
performance a bit.
Partial-Bug: #1809306
Change-Id: Iffa5fbf27c64f1aad0a9bb97da9c4e7c5015a196
On adding a tag to a resource (port/subnet/subnetpool/network),
if the resource already has the tag, skip the neutron API call to
add_tag because the tags will be unchanged.
This will avoid one or two Neutron API calls and optimize the
performance a bit.
Partial-Bug: #1809306
Change-Id: I8a181d6af5228007d36fa8b217fec7f766dd37fd
Kuryr update pre-created neutron port twice. The first one is in
'ipam_request_address' and it updates the following attributes:
* name
* admin_state_up
* mac_address
The second port update is in 'network_driver_create_endpoint' and
several attributes are written including name and mac_address.
This commit remove the first port update to optimize the performance.
The update of admin_state_up will be moved to the second port update.
Change-Id: I743b2088366d910902775cabefa43be2865e37c5
Partial-Bug: #1809306
This is because the neutron DVR scheduler expects both
'binding:host_id' and 'device_owner' to be changed as an indicator
to send notification to agent to create the qrouters namespace.
Right now, kuryr changes 'binding:host_id' and 'device_owner' in
separated API requests, which confuses the DVR scheduler and
cause the missing of the notification.
Change-Id: Ifb22cc50f284dfd46eb7ba1999cd9c2c0b25a2c6
Closes-Bug: #1802163
In the case of dual-stack network, users might create a container
with existing neutron port. In before, kuryr assumes the
existing port is a dual-port (with both v4 and v6 addresses)
but this assumption is not always true. In face, it is
possible to create a v4 only port in a dual-stack network and
use it as an existing port.
This commit handle the case that the container is created from
a dual-net with a specified v4-only port. In this case, kuryr
will create a v6 port in ipam_request_address as a place holder.
The v6 port will be removed at network_driver_create_endpoint.
Related-Bug: #1800375
Change-Id: Id988abf1b6560332b18a60d99658a8768d46c343
On ipam_request_address, it will try to find existing Neutron
ports if any. If there is no existing Neutron ports, kuryr will
create one. Kuryr will search ports with matching IP address first.
If the first search is not successful, it will do a second search
to find ports with matching mac address.
This commit improve the second search by matching the subnet_id
as well as the mac address. This is because things will go wrong
if the port is in a different subnet (e.g. an ipv6 address is
requested while the port is in a v4 subnet).
Change-Id: I1eaa9c87079f1c57babbe08ae52ed69a44cfa9aa
Related-Bug: #1800375
The population of mac address on creating port is unnecessary
because the mac address will be updated on creating endpoint.
Related-Bug: #1800375
Change-Id: Iee23b16fd4905e3ce21ff8a463253641dc191541
On ipam_release_address, kuryr unset all the neutron ports with
the released IP address. This is incorrect because IP address
is not unique across an OpenStack deployment.
This patch adds a check for verifying the subnet of a port
before reseting the port. If the port's subnet doesn't
match the subnet of the pool, the port is not the target and
won't be reset.
In order to identify the subnet given a pool ID. This patch
tags each kuryr created subnet with the pool ID.
Change-Id: I8f85ae53c924aa1f4ff877f52a56d267f984dbf5
Closes-Bug: #1782947
Related-Bug: #1782942
The endpoints 'network_driver_program_external_connectivity'
and 'network_driver_revoke_external_connectivity' will dynamically
create security group and security group rules to open the ports
exposed by the docker container. However, such processing invokes
too much neutron API calls thus significantly slowing down the
container start/stop. However, such processing is not mandatory
because users can manually configure the SGs to achieve the
equivalent.
This patch make the processing of exposed ports configurable.
As a result, it can be disabled if users want a better performance.
Change-Id: I6d6d176512e6b30bb7372408aec1a7bac12335ab
`tag` and `tag-ext` Neutron extensions are deprecated and scheduled for
removal in Rocky. Those are replaced by `standard-attr-tag` extensions
and this commit implements its support in kuryr-libnetwork.
Change-Id: I295a5b84eb7fa3439561fa009b7499f94d8df4d2
Closes-Bug: 1756305
if port with device_id has been created by user,
kuryr should not release it.
Change-Id: Ia6c8d673b29fea653c034684e846d8104d570d2d
Closes-bug: #1753357
* Introduce a new config 'enabled_port_drivers'. This config allows
operators to specify multiple port drivers to enable. This enables
Kuryr to dynamically choose from a list of port drivers (Veth or
SRIOV).
* Introduce a new SRIOV port driver for performing SRIOV port binding
* Choose port driver according to the type of the port. If the neutron
port has SRIOV vnic type, choose the SRIOV port driver. Otherwise,
choose the normal port driver (i.e. veth).
* To use this feature, users are supposed to pre-create a SRIOV port
and have the binding:profile populated. Furthermore, users should
pass the SRIOV port to Kuryr (i.e. using --mac-address <port_mac>
and/or --ip <port_ip> on 'docker run') so that Kuryr will choose
the right driver.
Implements: blueprint sriov-support
Change-Id: I0d6552ce4a2c50edb164aff3de802e6239671c2c
Right now, we use libnetwork endpoint ID as the device_id of
neutron port. However, if the neutron port is pre-created by users,
users might want to customize the value of device_id. A use case is
to set the device_id as the ID of the container so that users can
list ports belonging to a specific container.
This patch proposes to perserve the device_id of existing neutron
ports if the device_id is not empty.
Change-Id: I9cdfdb0b0db6bf9ab0983144a0d7f0dc5ecbd05f
Change generic KuryrException to the specfic one - ConflictConfigOption
Depends-On: I448cf979fb87de7fe57325cca579b47b43c37f36
Change-Id: I90a961d5b9dc825a4ea933a69ded1c8b57ade7e9
Subnetpools related to the shared neutron network should be shared
as well.
Change-Id: I7a0907a6af91b27c4dcc2b543346814182e94ddb
Needed-By: I9e84acc294ac891f3d4e65866dd2cf415309ed01
Implements: blueprint shared-kuryr-subnetpool
We have debug statement for request data which is helpful. It is
even better to have debug statement for response data as well.
Change-Id: Id92df0c18259c4c829ffbd15878458c685353721
Kuryr currently supports running container with existing neutron
port with matched IP address(es). This patch adds support for
searching existing neutron port with matching MAC address as
alternative.
End-users have two options to pass existing neutron port to kuryr:
* Use --ip and/or --ip6 to specify the IP address(es) of the
existing neutron port
* Use --mac-address to specify the MAC address of the existing port.
If both IP and MAC address are specified, kuryr will search with IP
first, then search with MAC. If both searches are missed, kuryr
will create a new port with the specified IP and MAC address.
Implements: blueprint existing-port-by-mac
Change-Id: I1bca7d25aa951d218e579e160a4f18b00b7c14f6
Currently, we rely on user-provided cidr to select the subnet from which the
port creates. This approach has some limitations, i.e. overlapping cidr. This
BP proposes to introduce driver-specific options (e.g. neutron.subnet.uuid) to
allow users to specify a specific subnet. To identify the right subnetpools
has the same prefixes. The approach is to use tagging, tag subnetpool with the
uuid of the specified subnet.
For e.x - Need both ipam-option *and* option:
docker network create ... --ipam-opt neutron.subnet.uuid=xxx -o
neutron.subnet.uuid=xxx (User can pass neutron.subnet.name also)
Change-Id: I01223e9c7668ba083a90d86e007cc5ff16af84e3
Implement: blueprint existing-subnet
New os-testr uses stestr under the hood, which creates .stestr but not
.testrepository directory in the current dir. Other than that, it
doesn't seem like there is any difference in the format or names of
files generated in the directory.
Change-Id: Iead2b550fc2c3accf25e450db0eb0a56603fc571
Closes-Bug: #1716746
Change kuryr config file dir from /etc/kuryr to /etc/kuryr-libnetwork.
This is because the gate expects the location as /etc/<project-name>.
If the location is wrong, the config files won't be copied over
at the end of the gate.
Change-Id: Icce77b8cfb2885e7e8a625913773dbc97d223876
In before, the existing net tag is static. This doesn't work well
if there are two docker network creating from the same neutron net.
In this senario, each docker network will tag the neutron net on
creation and untag the neutron net on deletion. Neutron net will
be tag/untag multiple times with the same value which leads to bugs.
This commit enhance the existing net tag. It makes each tag unique
by appending the first 12 chars of the docker network id. If there
are two docker networks, they will have a different tag. Each tag
will be cleanup on the deletion of its corresponsing network.
Change-Id: I4fe8a7e13832202dae026b0b4df788f95c41de3c
Closes-Bug: #1695682
Fixed network ID schema to allow new network ID pattern, [0-9a-z]{25},
used in Docker Swarm mode.
Change-Id: I047a575852c580b43a2881f905e3831dc68d1fa3
Closes-Bug: 1706527
This commit removes almost all the pep8 rules from ignore list. Most of
these rules only required minor changes or were redundant and could be
enabled without any changes.
The only rule exclusion left active is E128 to keep the commit small
enough.
Change-Id: Iec4f00cff9e023515082caae525207054341b94b
Hongbin Lu