* Update neutron from branch 'master'
to 35daa2d8684888798b974487d1f7468dc1ca1e9e
- Merge "Optimize deletion of static routes"
- Optimize deletion of static routes
Instead of having a separate OVN command for deletion of each
static route, send out the deletion as a single command.
Which significantly improves the performance. Previously
deletion of 1000 routes took >1m30s and >6m30s for 2000 routes,
with this change it takes ~5s and ~8s, respectivily.
Closes-Bug: #2060054
Change-Id: Iaa5204e2e48795c31c502160041bd128189eef5a
* Update neutron from branch 'master'
to a3d0fb6673db9ac5b127aea2c4e4f58c5887564c
- tests: Don't use neutron object where db model is expected
Change-Id: I5f99153c105e7f86638356a75a955504ed42e288
* Update neutron from branch 'master'
to 5795c192b840ae327bc9e32d5183f177daa9b55b
- Don't update revision number if object was not modified
If there were not changes made to data in the database there is no
reason to bump revision numbers because the underlying drivers won't
change too. This saves cycles in case empty updates are incoming to the
API.
Co-Authored-By: Ihar Hrachyshka <ihar@redhat.com>
Closes-bug: #2065094
Change-Id: Ib74fdab7a8927ef9cc24ef7810e9cf2c264941eb
* Update neutron from branch 'master'
to cdb644574a59fb8668240cc02cabd590c65ead5d
- Remove info about QoS and L3 meetings from the contributing guide
We don't have those meetings anymore.
Change-Id: I9957124609114540812b0141b09cd41026801f03
* Update neutron from branch 'master'
to 7f56084c8844be70d4b69f85e7fb18ab06483800
- Merge "Start trunk plugin RPC via service framework"
- Start trunk plugin RPC via service framework
Instead of each individual driver setting up the RPC server (and setting
the _rpc_backend attribute on the TrunkPlugin) we now check in the
TrunkPlugin if any driver requires the RPC backend to be started.
Additionally, we only start it when this is requested by Neutron via
start_rpc_listeners(). This is required when running neutron-server and
neutron-rpc-server separately to run RPC only in neutron-rpc-server.
As we still need the notifiers of ServerSideRpcBackend to be
created/started, we separate TrunkSkeleton (which is the RPC server
implementation) and ServerSideRpcBackend (which is essentially only a
notifier). In case RPC is required by a driver, we always start the
notifier, but the RPC server only when requested via
start_rpc_listeners().
Change-Id: I2c6362b3320e534a6e65bd7701b5ac2feca42a49
Closes-Bug: #2015275
Closes-Bug: #2062009
* Update neutron from branch 'master'
to 305d9ea0c74da7953f6ddb78ed86a2ed44f7d72b
- Merge "Add tox.ini testenv descriptions"
- Add tox.ini testenv descriptions
Add descriptions for each test that can be run.
TrivialFix
Change-Id: I7314e4c1ee82182cdd6ae12734e8a5f9cadae0e2
* Update neutron from branch 'master'
to a35858b05347adcc354b622a08ae8b676d93717b
- reno: Update master for unmaintained/zed
Update the zed release notes configuration to build from
unmaintained/zed.
Change-Id: I4f862c25bc4f6b7181b1e84a3128d93aca0c9d01
* Update neutron from branch 'master'
to a69bd0dd6040adbd0b6c0383b670c4c6ea79c1ec
- Make it explicit ovs_firewall operates with ip, mac pairs
The semantics changed since I2e3aa7c400d7bb17cc117b65faaa160b41013dde
but the code was not updated to reflect it explicitly.
This patch modifies _update_flows_for_vlan_subr.
Change-Id: Id5e0d8bcc379f19dc85b23b4602be4e0e82f3d00
* Update neutron from branch 'master'
to ae704369b5390d939db653c9bb0cbc965f7a761a
- tests: fix invalid `addr` mock values in ovs firewall suite
The tests were passing a string of IPv4 address where the actual code
was expecting a tuple of (IPv4 address, MAC address). The type of the
`addr` changed from a string to a tuple in:
I2e3aa7c400d7bb17cc117b65faaa160b41013dde
but the names of variables and the test cases were not.
Tests still didn't fail till recently because addr[0] resulted in the
first character of the IPv4 address string (e.g. `1`), and was then
interpreted by `netaddr` library as an address. This worked until
`netaddr>=1.0` started to enforce proper formats for passed IPv4
addresses - which broke the tests.
Closes-Bug: #2054435
Change-Id: Ib9594bc0611007efdbaf3219ccd44bbb37cfc627
* Update neutron from branch 'master'
to 22a3384194e14ed2e7a2f3888cf5f107d0ecdb42
- Merge "Fix assignment-from-no-return error"
- Fix assignment-from-no-return error
test_delete_conntrack_helper() was not properly testing
the conntrack code, relying on the return value (of None)
to be success. Call delete_router_conntrack_helper() to
verify the entry has been removed (will trigger exception).
TrivialFix
Change-Id: I69cce5fe9c836e5346e4bb7999f9a4599540d100
* Update neutron from branch 'master'
to 484b04cf019e9e5fcc2b429ef916c54211c3e38c
- Merge "Register root_helper config for state change"
- Register root_helper config for state change
Add config options for neutron-keepalived-state-change python bin
daemon. And it will be possible to not run root neutron-rootwrap-daemon
for it after fix of
https://review.opendev.org/c/openstack/neutron/+/653378
Related-Bug: #2052367
Change-Id: I15060c9c6b1c2c11b3a7d692f945e27ffec9e854
* Update neutron from branch 'master'
to 72c8ce2c1a95e1c5505f4aec5fa512cd11c28ddf
- Merge "Start logging plugin RPC via service framework"
- Start logging plugin RPC via service framework
Instead of the LoggingServiceDriverManager starting the RPC if any
driver needs it, we now only start it when this is requested by neutron
via start_rpc_listeners(). This is required when running neutron-server
and neutron-rpc-server separately to run RPC only in neutron-rpc-server.
Change-Id: I8d185cdc807e94098c137314bcaa2317a2f85ebe
Partial-Bug: #2062009
* Update neutron from branch 'master'
to a02b46b5b77bbdc3b0ccc54f5129420b99f0d4c5
- Merge "dhcp: fix auto_scheduler_network understanding dhcp_agents_per_network"
- dhcp: fix auto_scheduler_network understanding dhcp_agents_per_network
When using routed provided network, the condition is bypassing
dhcp_agents_per_network which results that in a env with 3 agents and
dhcp_agents_per_network=2, for a given network already well handled
by 2 agents. If restarting the third agent It will start to handle the
network also which will result to have 3 agents handling the
network.
Closes-bug: #2058908
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Ia05a879b0ed88172694bd6bffc6f7eb0d36bb6b0
* Update neutron from branch 'master'
to c21a9169c69ad612e9d468e943ae822d64c86b61
- Merge "Bandit: Remove bandit B604 from skip list"
- Bandit: Remove bandit B604 from skip list
Remove B604 (any_other_function_with_shell_equals_true),
so use subprocess.Popen with the default shell=False,
thus removing the shell parameter of common.utils.subprocess
Popen method.
Depends-On: https://review.opendev.org/c/915991
Change-Id: I1857e982211c4de29b3e24ec2485ea9c17c98b10
* Update neutron from branch 'master'
to 34a0e88dced2de7753222aa9592600e8c7bf5d8a
- Merge "Bandit: Remove bandit B324 from skip list"
- Bandit: Remove bandit B324 from skip list
Remove B324 (prohibit list calls: md5, sha1 for python>=3.9)
from bandit skip list, for this replace sha1 with blake2b.
Change-Id: Iafe571ad0de0408414ed321f4b9e9588916a873d
* Update neutron from branch 'master'
to 135cfa321549f04bc248dbcece45075fc59cfa67
- Merge "Ensure [designate] url is a valid URI"
- Ensure [designate] url is a valid URI
... using the native URIOpt in oslo.config.
Change-Id: I2753ce0bccbb2607327137d6c1bbc0c2a3276f34
* Update neutron from branch 'master'
to 890bb3904d9a5c51a9455fe9749a05b960a035ff
- Merge "Switch to cirros uec image in singlenode jobs"
- Switch to cirros uec image in singlenode jobs
Seen couple of kernel panic issues in these jobs
even with libvirt_disable_apic=True workaround set.
switch to cirros uec image to avoid these issues.
Related-Bug: #1939108
Change-Id: Ib7f50f53368e2aea86ec47f73a1f8f50d9aac3be
* Update neutron from branch 'master'
to 4ce6cc87926dd4902a6c0341aca1ee98ae50492f
- Merge "Replace bare Opt by PortOpt"
- Replace bare Opt by PortOpt
The placement_port option in fullstack tests can be implemented by
the native PortOpt instead of defining a specific type.
Change-Id: Iedf50249080d3f631942febb1f5e089f06f43db0
* Update neutron from branch 'master'
to 9a5e1a8a42998c26372880fe44a98b8cbccd595c
- Merge "Fix keyword-arg-before-vararg warnings"
- Fix keyword-arg-before-vararg warnings
The correct usage when using keyword and varargs is
def func(arg1, *args, arg2=None, **kwargs):
Otherwise you can end up in having multiple values passed
for the parameters in case the method is called with
keyword arguments.
Fixed two calls to _get_ports_query() that were not
passing the 'filters' argument correctly.
Start enforcing this as well.
TrivialFix
Change-Id: Id9d6d841133241bbc87a589117468c4e699c310a
* Update neutron from branch 'master'
to febc39733ed110742702ee424fce7cc3157caa1b
- Merge "Fix global-variable-not-assigned warnings"
- Fix global-variable-not-assigned warnings
There were some globals in the IP monitor functional tests
that were only used and never assigned, there is no need
to define them as such in this case. No functional change.
TrivialFix
Change-Id: I0f8e630538ea5ae21537a9a72faf0cdd34096f11
* Update neutron from branch 'master'
to 78f157ca32b17a0aba3ba5409f64a15058e723e7
- Merge "[OVN] Optimize ``HAChassisGroupRouterEvent`` code"
- [OVN] Optimize ``HAChassisGroupRouterEvent`` code
This patch is addressing some comments made in the previous patch [1]
and optimizing the code of ``HAChassisGroupRouterEvent`` class.
Related-Bug: #2052821
[1]https://review.opendev.org/c/openstack/neutron/+/909437
Change-Id: Ibc4afce16e95ea7d48737c254cd11431e9994704
* Update neutron from branch 'master'
to f2342e0d1787b41afe430987aca46bd44a1f1ce6
- Merge "Use native IntOpt for overlay_ip_version"
- Use native IntOpt for overlay_ip_version
The IntOpt class supports choices argument since oslo.config 9.4.0[1].
[1] 83bbc0df4316e8a17b8417d02c80cd0cf5a8568e
Change-Id: I27b825d7b65b6c40692785b50c8a8ccc3ca80b73
* Update neutron from branch 'master'
to 73608c24a941820353795e1d8d0d90c84329a548
- Merge "More precise flow table cleaning"
- More precise flow table cleaning
OVS-agent wants to clean flows table by table during restart,
but actually it does not. If one table has same cookie with
other tables, all related flows will be clean at once.
This patch adds the table_id param to the related call
to limit the flow clean on one table at once.
Closes-Bug: #2060587
Change-Id: I266eb0f5115af718b91f930d759581616310999d
* Update neutron from branch 'master'
to 234d7d42385d6297a079c1a71b8768ac3296177f
- Merge "Mark L3HA dvr tests unstable"
- Mark L3HA dvr tests unstable
These test randomly fails with NetworkInterfaceNotFound
from quite some time. Until the issue is fixed added unstable_test
decorator so the job do not fail for these.
Related-Bug: #1961740
Change-Id: I1a352526aac72b417f93f51ba50c3359359c240d
* Update neutron from branch 'master'
to 019294c71d94b788c14b23dc1da3c21f51bcdb0b
- Merge "[OVN] Provide HA functionality to "Logical_Router" chassis pinning"
- [OVN] Provide HA functionality to "Logical_Router" chassis pinning
When an external tunnelled network is used as gateway network in an
OVN router, the "Logical_Router_Port" is not bound to any chassis and
the "Logical_Router" is pinned to a gateway chassis, using the list
provided in a "HA_Chassis_Group".
This patch attends to any change in the "HA_Chassis" list of the
"HA_Chassis_Group" to update the "Logical_Router" chassis assigned.
This provides HA functionality in case that the bound chassis
(chassis pinned) fails.
Closes-Bug: #2052821
Change-Id: Ia3d4271d015386fbec3c3f2276a7f62c2f8ad5dd
* Update neutron from branch 'master'
to 4e9f00078badd80ec4345593a2d99938260a4272
- Merge "[OVN] "Logical_Router" pinned to chassis, OVN L3 scheduler"
- [OVN] "Logical_Router" pinned to chassis, OVN L3 scheduler
Pin a "Logical_Router" to a chassis when the gateway network (external
network) is tunnelled. When the external network is tunnelled, the
"Logical_Router_Port" acting as gateway port is not bound to any
chassis (the network has no physical provider network defined).
In that case, the router is pinned to a chassis instead. A
"HA_Chassis_Group" is created per router. The highest "HA_Chassis" of
this group is assigned to the router. If the gateway port is deleted,
the pinned chassis is removed from the "options" field. If the
router is deleted, the "HA_Chassis_Group" is deleted too.
NOTE: in the a chassis belonging to the router "HA_Chassis_Group"
changes, the list of "HA_Chassis" will be updated in
``ChassisEvent.handle_ha_chassis_group_changes``. However, a
"HA_Chassis_Group" change is handled by OVN, when assiged.
But in this case we are using this artifact, as commented before,
to "manually assign" (from core OVN point of view) the highest
priority "HA_Chassis" to the router (this upcoming funcionality
will be implemented in core OVN). A new follow-up patch will be
pushed to provide HA functionality and update the "HA_Chassis"
assigned to the "Logical_Router" when the chassis list changes.
Partial-Bug: #2052821
Change-Id: I33555fc8a8441149b683ae68f1f10548ffb662a6
* Update neutron from branch 'master'
to 031aad583d4ec43cd0526daf743dcf5d37768b7b
- Merge "Change exception messages to error log messages for DNS integration."
- Change exception messages to error log messages for DNS integration.
Change non-harmful stack trace errors for dns_exc.DNSDomainNotFound and
dns_exc.DuplicateRecordSet to error log messages. This prevents the logs
from filling with stack traces where error messages would have been
sufficient enough.
Closes-Bug: #2042925
Change-Id: Icf1fff28bb560c506392f16c579de6d92cd56c23
* Update neutron from branch 'master'
to 4cad0eda59dbbd8c31b790edd5e42a4437f578b5
- Merge "Fix KeyError failure in _sync_subnet_dhcp_options()"
- Fix KeyError failure in _sync_subnet_dhcp_options()
If the netron-ovn-db-sync-util is run while neutron-server
is active (which is not recommended), it can randomly fail
if there are active API calls in flight to create networks
and/or subnets.
Skip the subnet and log a warning if detected.
Closes-bug: #2045811
Change-Id: Ic5d9608277dd5c4881b3e4b494e1864be0bed1b4
* Update neutron from branch 'master'
to 8d0c4b92fc2fae77080ca752fc418f506c55e7b1
- Merge "Add note on iptables cleanup after OVS firewall migration"
- Add note on iptables cleanup after OVS firewall migration
Add an item to the instructions on iptables to OVS
firewall migration that the admin should cleanup
any stale iptables rules after completion. It is
out of scope of our documents on how exactly an
adminstrator might do that.
Closes-bug: #1864374
Change-Id: Ie1bf6b82e57a00f61640a131a29d897a9cde4629
* Update neutron from branch 'master'
to 59bee68b1db20638b622038f4c13815ee2c23093
- Merge "dhcp: ensure that cleaning DHCP process with one segment happens first"
- dhcp: ensure that cleaning DHCP process with one segment happens first
Previously, the code used to clean up old DHCP processes for a network
before creating new ones supporting multiple segments per network
could potentially not be executed first. Since disabling applies to
cleaning the namespace, this could have led to the network setup being
destroyed after being done.
This change moves the part that cleans up the old DHCP setup to ensure
it is executed first.
Closes-bug: #2049615
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@industrialdiscipline.com>
Change-Id: Iecdb2d81ee077c9b9057d0708c5c88e159970039
* Update neutron from branch 'master'
to 2db8620523fef3d78e8a5c5411576e5cd4f395da
- Merge "[OVN] Create an OVN DB transaction context decorator"
- [OVN] Create an OVN DB transaction context decorator
This decorator allows to create a new OVN database transaction or
use the existing one in a method. It is needed to pass the transaction
object (if any) and the IDL (Northbound or Southbound).
Related-Bug: #2052821
Change-Id: I925c1d745197edd08a62ced66b275c7b1dad1d6a
* Update neutron from branch 'master'
to 38a53ea6ed99a78cd7c2b5c77da8e8f19f0b0927
- Merge "Bandit: Remove bandit B311, B303 from skip list"
- Bandit: Remove bandit B311, B303 from skip list
Remove B303 (md5, sha1 for python<3.9) and
remove B311 (Standard pseudo-random generators are
not suitable for security/cryptographic purpose) from
the skip list of bandit execution.
Change-Id: I6e9e61e7f94dc9ca339942529af8997adef45e38
* Update neutron from branch 'master'
to f08c967dd26e90aaecddaedc03ebd0f269de79bc
- Merge "Update Neutron Liuetenants"
- Update Neutron Liuetenants
This patch updates the list of the Neutron stadium
projects lieutenants and the list of the bugs' contact
person(s).
In detail this patch:
- sets Slawek Kaplonski as contact for RBAC issues
- sets Fernando Royo as contact for 'ovn-octavia-provider' issues,
removing Flavio and myself
- adds new 'ovn-bgp-agent' item with Luis Tomas Bolivar and
Lucas Alvares Gomes as contacts
Change-Id: Iaf344ee30a3500c18ae7facd9010d75af39e995f
* Update neutron from branch 'master'
to 076d9ad47f42c18cdb7fc8d9a0a0f3c43a66f945
- Merge "Enable HA for OVN router flavors"
- Enable HA for OVN router flavors
In this change, we add the ability to create high availability
user defined router flavors under the ML2/OVN L3 service
plugin.
Closes-Bug: #2020823
Change-Id: I0d26f672d6239d840d3cf817a2553a06ef00a854
* Update neutron from branch 'master'
to bcf1f707bc9169e8f701613214516e97f039d730
- Merge "Disable skip-level jobs in check queue"
- Disable skip-level jobs in check queue
During this release (non-SLURP), these jobs are now executed in the
"periodic" and "experimental" queues, but not the "check" queue.
Change-Id: If317cc0292e26339475192ce3bcca49ac5033e88
* Update neutron from branch 'master'
to e7ef689e9b3b225a93cec06b3abb792c87a94cce
- Merge "Update jobs based on testing runtime for 2024.2"
- Update jobs based on testing runtime for 2024.2
Based on [0] only py39, py311 and py312 (non-voting) jobs
are in the testing runtime for 2024.2, updated relevant
files accordingly. Added timeout override for py312
similar to other versions.
[0] https://review.opendev.org/c/openstack/governance/+/908862
Change-Id: I6c3e94a88b7ef50b1fc74abe0ef4640ce3a68be3
* Update neutron from branch 'master'
to 01a6684dd09e1f435f0468c789c957bee9a82014
- Merge "Don't delete already deleted extra router routes"
- Don't delete already deleted extra router routes
When handling the deletion of extra routes we need to handle the case
that the route is already deleted by another call in the time we have
fetched the extra routes and try to delete it. This is a classic race
condition when two calls try to update the routes of a router at the
same time. The default MariaDB/MySQL transaction isolation level does
not suffice to prevent this scenario. Directly deleting the route
without fetching it solves this problem.
Change-Id: Ie8238310569eb7c1c53296195800bef5c9cb92a3
Closes-Bug: #2057698
* Update neutron from branch 'master'
to 0590bcda689403e9fe1f53767006c11a801e4327
- Merge "Fixing the 500 HTTP code in the metadata service if Nova is down"
- Fixing the 500 HTTP code in the metadata service if Nova is down
If the Nova metadata service is unavailable, the requests.request()
function may raise a ConnectionError. This results in the upper code
returning a 500 HTTP status code to the user along with a traceback.
Let's handle this scenario and instead return a 503 HTTP status code
(service unavailable).
If the Nova service is down and is behind another proxy (such as
Nginx), then instead of a ConnectionError, the request may result in
receiving a 502 or 503 HTTP status code. Let's also consider this
situation and add support for an additional 504 code.
Closes-Bug: #2059032
Change-Id: I16be18c46a6796224b0793dc385b0ddec01739c4
* Update neutron from branch 'master'
to 73d647a7dd1a9d5b31b4130cb195021faa8f7ef1
- Merge "Check unspecified flavor in user defined driver"
- Check unspecified flavor in user defined driver
In order to decide whether to process a router related
request, the user defined router flavor OVN driver needs to
check the flavor_id specified in the request. This change adds
the code to test the case when the API passed the flavor_id as
unspecified.
Change-Id: I4d7d9d5582b97246cad63ef7f5511b159d6c6791
Closes-Bug: #2059051
* Update neutron from branch 'master'
to e003fd73f6ba17328f3e15a2cc2d199a630229ca
- Merge "Clean up state VRRP PID file"
- Clean up state VRRP PID file
Change Id62bf18067d0b144c3e8825c7603cc1e51dca052 removes explicit
PID files clean up for keepalived and brings regression as
there is no 'process enable' for VRRP.
Always delete stale PID file if exists
Related-Bug: 1561046
Change-Id: I95a004a3acbe6a9160a19053a37fc0dd2b1875a5
* Update neutron from branch 'master'
to 4e9d03d29fc87c5f9730d55b59b0ddd0201a85e6
- Merge "Fix used-before-assignment warnings"
- Fix used-before-assignment warnings
Moved some code around to avoid the warning.
No functional change.
TrivialFix
Change-Id: I5451e411dccf639dcab50ed10edf0cf57edeac45
* Update neutron from branch 'master'
to 70ddf4eef579653c327067f05496f735970e7944
- Add "socket" NUMA affinity policy
This new extension adds a new parameter to the NUMA affinity policy
list: "socket". The "socket" NUMA affinity policy has been supported
in Nova since [1].
[1]https://review.opendev.org/c/openstack/nova/+/773792
Closes-Bug: #2052786
Change-Id: Iad2d4c461a2aceef6ed2d5e622cce38362d79687
* Update neutron from branch 'master'
to e5d0877045cf3f52599b9638458fbfadcb1f7696
- Merge "Enhance IptablesFirewallDriver with remote address groups"
- Enhance IptablesFirewallDriver with remote address groups
This change enhances the IptablesFirewallDriver with support for remote
address groups. Previously, this feature was only available in the
OVSFirewallDriver. This commit harmonizes the capabilities across both
firewall drivers, and by inheritance also to OVSHybridIptablesFirewallDriver.
Background -
The Neutron API allows operators to configure remote address groups [1],
however the OVSHybridIptablesFirewallDriver and IptablesFirewallDriver do
not implement these remote group restrictions. When configuring security
group rules with remote address groups, connections get enabled
based on other rule parameters, ignoring the configured remote address
group restrictions.
This behaviour undocumented, and may lead to more-open-than-configured network
access.
Closes-Bug: #2058138
Change-Id: I76b3cb46ee603fa5e829537af41316bb42a6f30f
* Update neutron from branch 'master'
to 4c9962e2805886f2c2d46fbd8a3782b93dd044ed
- Merge "Fix making all user defined flavor routers HA"
- Fix making all user defined flavor routers HA
Since [1] was merged, user defined flavor routers with the HA
attribute set to False cannot be created. This change fixes
it.
Closes-Bug: #2057983
[1] https://review.opendev.org/c/openstack/neutron/+/910889
Change-Id: Ic72979cfe535c1bb8cba77fb82a380c167509060