Synchronise master with upstream#299
Open
github-actions[bot] wants to merge 64 commits into
Open
Conversation
Closes-Bug: #2112446 Change-Id: I4fe91d759c430c4d64cd22a940bd1c17cfa76d5b Signed-off-by: Dai, Dang Van <daikk115@gmail.com>
The caller ``update_router()`` already computes ``ovn_router_ext_gw_lrps`` by filtering ``ovn_router.ports`` for gateway LRPs. Pass this list into ``_check_external_ips_changed`` so the no-subnet edge case can use the already-fetched LRP objects instead of re-querying OVN NB via ``get_lrouter_port()``. This eliminates one OVN NB round-trip per gateway port in the no-subnet edge case during router update. The LRP external_ids already contain the network name needed for the comparison. Assisted-By: Claude Opus 4.6 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: Ibf5bbce04c469524ea4284b7662f599605c27943
When deleting a non-virtual port, ``_delete_port()`` fetched the Logical_Switch via ``ls_get().execute()``, which created a separate read transaction nested inside the existing write transaction. This is unnecessary since the IDL maintains an in-memory replica of the OVN NB database. Replace ``ls_get().execute()`` with a direct ``lookup()`` call, which performs an O(1) in-memory IDL access using the name index, eliminating the command/transaction overhead on every port deletion. Assisted-By: Claude Opus 4.6 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: I1fd990d2d447e947ef23fdc0fe2f48aae2d4adec
``update_lsp_host_info()`` first called ``lookup()`` to check whether the Logical_Switch_Port exists, discarding the returned row, then called ``lsp_get_up().execute()`` which internally looked up the same LSP again inside a separate read transaction. Reuse the row already returned by ``lookup()`` and read the ``up`` column directly from the in-memory IDL replica, removing the redundant ``lsp_get_up().execute()`` round-trip on every port status change. Assisted-By: Claude Opus 4.6 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: I6f825d9ff1b678d29650a0544635bacceb9b0f1c
This adds a generic RangeAllocator that uses the DB to select an unused integer value from a gap in the existing rows. It should work across all supported DBs. On top of this, a VNIVLANAllocator pairs a VNI and VLAN allocation together through a mapping table, providing a single interface for allocating and deallocating VNI/VLAN pairs scoped by physical network. The EVPN plugin uses VNIVLANAllocator via EVPNDbHelper to manage per-router VNI/VLAN assignments. The schema uses RESTRICT FKs from the mapping to allocations and CASCADE from evpn_l3_instances to the mapping, ensuring clean lifecycle management. Co-Authored-By: Jakub Libosvar <jlibosva@redhat.com> Assisted-By: Claude Opus 4.6 Change-Id: I62da7a1263aaf605b295af0c3e019754b4e4ecda Signed-off-by: Terry Wilson <twilson@redhat.com>
The OVN maintenance worker and the BGP topology reconciler used ``not idl.is_lock_contended`` to determine whether the current process holds the OVSDB lock. This is incorrect because ``is_lock_contended`` and ``has_lock`` are two independent boolean flags in the OVS IDL, not complementary ones. When the lock has been requested but the server has not yet replied, both flags are ``False``, so ``not is_lock_contended`` evaluates to ``True`` even though the lock is not held. During neutron-server startup or OVSDB reconnection, this race window could allow maintenance tasks (configured with ``run_immediately=True``) or BGP topology synchronization to be processed by a worker that does not actually own the lock, potentially causing duplicate or conflicting operations against the OVN Northbound DB. Replace all occurrences with ``idl.has_lock``, which is only ``True`` when the server has explicitly confirmed lock ownership. This is consistent with the approach already used in the BGP service IDL (``neutron/services/bgp/ovn.py``) and with the semantics documented in the upstream OVS IDL class. Closes-Bug: #2155155 Assisted-By: Claude Opus 4.6 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: I80e74a399b7c3420baf49e0cbc50ddfee0a070e0
... to detect unsupported values early. Also use the native interface to document available choices. Change-Id: I43848aebddc1819101f969a452560b5b37dc839b Signed-off-by: Takashi Kajinami <kajinamit@oss.nttdata.com>
Previously, PUT responses would input the old values of pvlan, pvlan_type and pvlan_community. The cause of this is that in plugin.py, _make_port_dict is calling _extend_port_pvlan before the DB is actually updated, so the old values are the ones being used. The modification of the desired state solves this timing issue. Closes-Bug: #2155636 Assisted-By: Claude Opus 4.6 Change-Id: I0d2b10a2ad8ece4738a4c2225dee42ad55740003 Signed-off-by: Elvira Garcia <egarciar@redhat.com>
Those base check strings were moved to neutron-lib with patch [1]. [1] https://review.opendev.org/c/openstack/neutron-lib/+/983214 Related-bug: #2143895 Change-Id: Ifaf22a010911de9c1dc7ccef6fd2aaaf73875b1d Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
This is a followup patch to I78fec86595fb358880b306ec1fe014adad007d87 The patch moves Netlink specific constants from evpn to netlink module. It moves the EVPN specific naming convention out of the Svd class and creates a new EvpnSvd that is used by the evpn-ovn driver. It adds back the functional tests from the patch it depends on, now that the Svd is generic and doesn't use same device names, we can test its integration because the device names can be generated and will not collide in a parallel run. Depends-On: https://review.opendev.org/c/openstack/neutron/+/989626 Related-Bug: #2144617 Assited-By: Claude Opus 4.6 Co-Authored-By: Helen Chen <ichen@redhat.com> Change-Id: I95fe3a93da6a8ec353c4f8de05ab6b281f5df6ec Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
This old module was just left overs from the dark old ages before Zuul v3 and jobs defined in its native way. Migration to zuul v3 was done many years ago and those scripts which were in neutron.tests.contrib are not used anymore. The only exception is `testing.filters` file which contains rootwrap filters to use in the CI jobs like e.g. functional tests. This file is now moved to the `tools/rootwrap/testing.filters` location which is "closer" to the scripts which actually are using it. Change-Id: I9199596a06c84d6f6b84ff43bc95d04a31074685 Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
Add DevStack configuration to load the PVLAN service plugin when neutron-pvlan is enabled. This is required for neutron-tempest-plugin OVN jobs that exercise PVLAN scenario tests. Assisted-By: Cursor-composer-2-fast Related-Bug: #2138746 Change-Id: Ic6e8bbccbd6695eadb007952241c275a694f19c0 Signed-off-by: Fiorella Yanac <fyanac@redhat.com>
The patch implements resource creation for an EVPN router, its deletion and advertise-host option for the LSP associated with an EVPN router. Assisted-By: Claude Opus 4.6 Related-Bug: #2144617 Change-Id: I66c59707006b4351f637a14fee38f5fd3ebfd22d Signed-off-by: Jakub Libosvar <libosvar@redhat.com>
Change-Id: I55d86d7a86eb4e65bfef884ff8822fb241c6bce6 Signed-off-by: Winicius Silva <winiciusab12@gmail.com>
OVN Agent EVPN Extension now creates an SVD at start up. The SVD consists of a Linux bridge with a name based on the pattern evpn.constants.EVPN_LB_NAME_PREFIX and a vxlan interface with a name based on the pattern evpn.constants.EVPN_VXLAN_IFNAME. Since the current plan is to create only one SVD per OVN Agent, the index for the Linux bridge and vxlan interface is the default 0. When an EVPN instance's finite state machine advances to the evpn.fsm.Evpn.ADVERTISING state, a vlan:vni mapping is added to the SVD and a vlan interface with its name based on the pattern evpn.constants.EVPN_VLAN_IFNAME_PATTERN is also created. Similarly, when the EVPN instance's finite state machine advances away from evpn.fsm.Evpn.ADVERTISING, the vlan:vni mapping is removed from the SVD and the vlan interface is deleted. Related-Bug: #2144617 Assisted-By: Claude Opus 4.6 Change-Id: Ia9aeb47a6b06b003b2ff3c65c525603a1b760bb9 Signed-off-by: Helen Chen <ichen@redhat.com>
Add EVPN_LRP_VLAN_EXT_ID_KEY constant and pass vid to fsm.advance() for port binding create events to support SVD vni:vlan mapping. Change-Id: Ibd06716a98e1e4addb00a616d3d8e46ad22d1aca Signed-off-by: Terry Wilson <twilson@redhat.com>
Provides common interface via EVPNRouterDriver class. This is so we can implement other evpn drivers in the future. E.g. frr gRPC driver. This patch Implements `FrrVtyshDriver` which uses python subprocess to call into vtysh on the system to configure a evpn driver. The configuration file is generated based on templates in templates.py. For now, there is no way for the operator to add their own custom frr configuration. Fortunately, FrrCommandBuilder can be extended with a new "loader" to allow overwrite files in future. Follow up patches: - Hook up FrrVtyshDriver to the EVPN state machine Assisted-By: Claude Opus 4.6 Change-Id: I746e30c2b2ab36ad706bff6f411790d27d85be1b Signed-off-by: Miro Tomaska <mtomaska@redhat.com> Related-Bug: #2144617
This patch adds `write memory` for each configuration it applies. Adds restart method and exposes start+stop methods in FrrFixture Adds tests which confirm that running config is used on reboots or explicit stop and starts. Related-Bug: #2144617 Change-Id: I5973492fc538946462d0fec0b1b93db73a032854 Signed-off-by: Miro Tomaska <mtomaska@redhat.com>
When a service plugin package (e.g. neutron-fwaas, neutron-vpnaas,
networking-sfc) is installed but its service plugin is not configured
in ``service_plugins``, the quota details API endpoint
(GET /v2.0/quotas/{project_id}/details) returns a 500 Server Error.
The installed package registers quota resources (e.g. firewall_group,
firewall_policy, firewall_rule) at import time via
``resource_helper.build_resource_info(register_quota=True)``. When the
quota details endpoint iterates over all registered resources to
count usage, it calls ``_count_resource()`` which looks for a plugin
that provides ``get_<collection>_count`` or ``get_<collection>``.
Since the service plugin is not loaded, no plugin supports counting
those resources, and a ``NotImplementedError`` is raised.
Catch the ``NotImplementedError`` in
``DbQuotaDriver.get_detailed_project_quotas()`` and skip the resource
instead of letting the exception propagate as a 500 error. Also
guard the project-specific limit update loop against skipped
resources.
Closes-Bug: #2155846
Assisted-By: Claude Opus 4.6
Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com>
Change-Id: I923e90279edf3de3fa85c83fd46e1b5dec0468de
When a VIF port is picked up by the OVS agent ``rpc_loop`` before OVS has assigned it a valid ofport (the underlying TAP device may not yet exist), ``port_alive()`` and ``port_dead()`` pass the invalid value (``[]`` or ``-1``) through to ``uninstall_flows()`` / ``drop_port()``. The resulting OpenFlow FlowMod with ``in_port=None`` causes os-ken's ``send_msg`` to hang until the ``of_request_timeout`` (300 s) fires, blocking the ``rpc_loop`` for the entire duration and preventing all subsequent port processing. Guard ``port_alive()``, ``port_dead()`` and ``treat_vif_port()`` so they return early when the ofport is unassigned or invalid. ``treat_vif_port()`` returns False so the port is not marked as bound; the OVSDB monitor will detect the ofport change on a later iteration and re-trigger processing. Closes-Bug: #2155883 Assisted-By: Claude Opus 4.6 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: Ic137f8a2862794c3c7ac670e643ca532873e474b
The operation for these actions is PUT, not POST. Closes-Bug: #2156054 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: Iec4b8ddf3717ddc781acfb46ada81839f853bdea
Adds RandomRangeAllocator as a subclass of RangeAllocator that selects a uniformly random unoccupied value rather than the minimum. The algorithm scans the set of allocated values using a LAG window function to identify contiguous gaps, computes the total number of free slots, then maps a Python-generated random float (rand_val) to a position within the free set via cumulative gap arithmetic. rand_val is supplied as a bound parameter rather than using SQL random() for two reasons: non-materialized CTEs can re-evaluate random() independently for each referencing row, producing inconsistent values between the SELECT column and WHERE clause; and SQL random() differs across databases — SQLite returns a 64-bit integer, PostgreSQL and MySQL/ MariaDB return a float, and MySQL spells it rand() — making a single portable expression impractical. The query is O(K) in allocated values and guaranteed to find a free slot in a single round-trip if one exists, regardless of range density. Related-Bug: #2144617 Change-Id: I68567ccf5da19110435c6d3afe9dd00c6f9de95f Signed-off-by: Terry Wilson <twilson@redhat.com>
Setting LSP.tag has been documented as something only northd is supposed to do. The CMS is supposed to set tag_request. A recent patch to OVN will clear tags that do not have a tag_request. A previous patch to unbreak the gate sets both tag and tag_request in a case that was breaking the funcitonal tests, but this patch changes another place that was setting tag directly and adapts the Add/Set commands for LSPs to convert any passed 'tag' to a 'tag_request'. Only test code read tag after setting it, and in that case we now wait for northd to set the tag before reading. Related-Bug: #2155789 Change-Id: I3bf0c45a233e692f5b6905d72d943556dd9e61e1 Signed-off-by: Terry Wilson <twilson@redhat.com>
The Idl.set_lock() call sets the lock name on the Idl class and sends a request to ovsdb-server requesting a lock. It does not wait for a reply. This creates a window where we run without yet receiving the lock, and tasks might fire and fail and have to be retried. If set_lock() is called prior to connection, the reply that contains the initial database dump wil aslo have the reply to the set_lock request, so we eliminate that window. Related-Bug: #2155155 Change-Id: Iaefe1e2cc86ddd55c9053fde66353b2a333e1e98 Signed-off-by: Terry Wilson <twilson@redhat.com>
frrinit.sh is located at /usr/libexec/frr/frrinit.sh on CentOS, so also need to consider that. Closes-Bug: #2156315 Signed-off-by: Yatin Karel <ykarel@redhat.com> Change-Id: Ib20016775b49d36e9aafa5dc01459a39ba1363f0
This patch creates new FrrvtyshDriver adapter (FsmFrrVtyshDriver) which is adopted to operated with EVPN finite state machine(fsm), where vrf is handled by the fsm. It also adopts to fact that FSM only needs static bgp-router-id and asn for each instance. This patch also creates config.py for evpn extension in order to keep configurations for the evpn extension separate from the OVN agent configs. ovn-evpn-local-ip from Open_vswitch table is used as the bgp router-id that will be configured by the frr driver. Related-Bug: #2144617 Assiste-By: Claude Opus 4.6 Change-Id: I037110ce0bc9b2569147cab7c44a02063b108e5c Signed-off-by: Miro Tomaska <mtomaska@redhat.com>
Explain that the ``uwsgi`` module is injected at runtime by the uWSGI server and is used by ``neutron.common.wsgi_utils`` for options such as ``start-time`` and ``uwsgi.worker_id()``. Assisted-By: Composer 2.5 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: Ia28d1febaac93b9339deda8d9cf1721b131ffa63
When a port is inserted into OVS, the kernel may transiently assign ``ofport=-1`` (``INVALID_OFPORT``) before settling on a valid value. Previously, ``_process_port`` only deferred ports with ``UNASSIGNED_OFPORT`` (``[]``), so a port arriving with ``ofport=-1`` was immediately added to the processing pipeline. Patch [1] then correctly skipped OF operations in ``treat_vif_port`` for such ports but never re-queued them, which meant the ``network-vif-plugged`` event was never sent to Nova, causing a 300 s VIF-plug timeout. Extend the ``_process_port`` check to also defer ``INVALID_OFPORT`` ports via the existing ``ports_not_ready_yet`` mechanism. On the next ``rpc_loop`` iteration the port attributes are re-read from OVS; if the ofport is now valid the port is processed normally, otherwise it is deferred again. [1]https://review.opendev.org/c/openstack/neutron/+/992423 Closes-Bug: #2155883 Assisted-By: Claude Opus 4.6 Signed-off-by: Rodolfo Alonso Hernandez <ralonsoh@redhat.com> Change-Id: I9fbc8f75f8084461901a004dfcb07e42f76db62b
The PVLAN service plugin did not have the needed policies for the management of the new network and port attributes. It is needed to have the policies in order to have consistent permissions across the different roles and users in a deployment. Assisted-by: Claude Opus 4.6 Related-Bug: 2138746 Change-Id: If4583d20f43e960fd858bc867ab6a59b3b74b397 Signed-off-by: Elvira Garcia <egarciar@redhat.com>
github-actions
Bot
added
automated
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
12 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains a snapshot of master from upstream master.