Merge pull request #52 from stackhpc/upstream/yoga-2023-07-10

Synchronise yoga with upstream

Author: markgoddard

neutron/agent/l3/dvr_local_router.py

@@ -47,6 +47,9 @@ def __init__(self, host, *args, **kwargs):
         self.rtr_fip_connect = False
         self.fip_ns = None
         self._pending_arp_set = set()
+
+    def initialize(self, process_monitor):
+        super().initialize(process_monitor)
         self._load_used_fip_information()
 
     def _load_used_fip_information(self):

neutron/api/rpc/handlers/securitygroups_rpc.py

@@ -303,6 +303,13 @@ def _clear_child_sg_rules(self, rtype, event, trigger, payload):
         for rule in self.rcache.get_resources('SecurityGroupRule', filters):
             self.rcache.record_resource_delete(context, 'SecurityGroupRule',
                                                rule.id)
+        # If there's a rule which remote is the deleted sg, remove that also.
+        rules = self.rcache.match_resources_with_func(
+            'SecurityGroupRule',
+            lambda sg_rule: sg_rule.remote_group_id == existing.id)
+        for rule in rules:
+            self.rcache.record_resource_delete(context, 'SecurityGroupRule',
+                                               rule.id)
 
     def _handle_sg_rule_delete(self, rtype, event, trigger, payload):
         existing = payload.states[0]

neutron/common/ovn/constants.py

@@ -51,6 +51,7 @@
 OVN_LIVENESS_CHECK_EXT_ID_KEY = 'neutron:liveness_check_at'
 METADATA_LIVENESS_CHECK_EXT_ID_KEY = 'neutron:metadata_liveness_check_at'
 OVN_PORT_BINDING_PROFILE = portbindings.PROFILE
+OVN_HOST_ID_EXT_ID_KEY = 'neutron:host_id'
 
 MIGRATING_ATTR = 'migrating_to'
 OVN_ROUTER_PORT_OPTION_KEYS = ['router-port', 'nat-addresses',

neutron/db/l3_db.py

@@ -1730,15 +1730,6 @@ def prevent_l3_port_deletion(self, context, port_id, port=None):
             return
         if port['device_owner'] not in self.router_device_owners:
             return
-        # Raise port in use only if the port has IP addresses
-        # Otherwise it's a stale port that can be removed
-        fixed_ips = port['fixed_ips']
-        if not fixed_ips:
-            LOG.debug("Port %(port_id)s has owner %(port_owner)s, but "
-                      "no IP address, so it can be deleted",
-                      {'port_id': port['id'],
-                       'port_owner': port['device_owner']})
-            return
         # NOTE(kevinbenton): we also check to make sure that the
         # router still exists. It's possible for HA router interfaces
         # to remain after the router is deleted if they encounter an

neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py

@@ -1040,7 +1040,7 @@ def get_workers(self):
         # See doc/source/design/ovn_worker.rst for more details.
         return [worker.MaintenanceWorker()]
 
-    def _update_dnat_entry_if_needed(self, port_id, up=True):
+    def _update_dnat_entry_if_needed(self, port_id):
         """Update DNAT entry if using distributed floating ips."""
         if not self.nb_ovn:
             self.nb_ovn = self._ovn_client._nb_idl
@@ -1061,9 +1061,9 @@ def _update_dnat_entry_if_needed(self, port_id, up=True):
                                {ovn_const.OVN_FIP_EXT_MAC_KEY:
                                 nat['external_mac']})).execute()
 
-        if up and ovn_conf.is_ovn_distributed_floating_ip():
-            mac = nat['external_ids'][ovn_const.OVN_FIP_EXT_MAC_KEY]
-            if nat['external_mac'] != mac:
+        if ovn_conf.is_ovn_distributed_floating_ip():
+            mac = nat['external_ids'].get(ovn_const.OVN_FIP_EXT_MAC_KEY)
+            if mac and nat['external_mac'] != mac:
                 LOG.debug("Setting external_mac of port %s to %s",
                           port_id, mac)
                 self.nb_ovn.db_set(
@@ -1118,6 +1118,8 @@ def set_port_status_up(self, port_id):
                                                 const.PORT_STATUS_ACTIVE)
             elif self._should_notify_nova(db_port):
                 self._plugin.nova_notifier.notify_port_active_direct(db_port)
+
+            self._ovn_client.update_lsp_host_info(admin_context, db_port)
         except (os_db_exc.DBReferenceError, n_exc.PortNotFound):
             LOG.debug('Port not found during OVN status up report: %s',
                       port_id)
@@ -1129,7 +1131,7 @@ def set_port_status_down(self, port_id):
         # to prevent another entity from bypassing the block with its own
         # port status update.
         LOG.info("OVN reports status down for port: %s", port_id)
-        self._update_dnat_entry_if_needed(port_id, False)
+        self._update_dnat_entry_if_needed(port_id)
         admin_context = n_context.get_admin_context()
         try:
             db_port = ml2_db.get_port(admin_context, port_id)
@@ -1146,6 +1148,9 @@ def set_port_status_down(self, port_id):
                     None)
                 self._plugin.nova_notifier.send_port_status(
                     None, None, db_port)
+
+            self._ovn_client.update_lsp_host_info(
+                admin_context, db_port, up=False)
         except (os_db_exc.DBReferenceError, n_exc.PortNotFound):
             LOG.debug("Port not found during OVN status down report: %s",
                       port_id)

neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/commands.py

@@ -124,6 +124,7 @@ def run_idl(self, txn):
                                          'Logical_Switch_Port', 'name',
                                          self.lport, None)
             if port:
+                self.result = port.uuid
                 return
 
         port = txn.insert(self.api._tables['Logical_Switch_Port'])

neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_client.py

@@ -271,6 +271,36 @@ def determine_bind_host(self, port, port_context=None):
                     ovn_const.VIF_DETAILS_CARD_SERIAL_NUMBER]).hostname
         return ''
 
+    def update_lsp_host_info(self, context, db_port, up=True):
+        """Update the binding hosting information for the LSP.
+
+        Update the binding hosting information in the Logical_Switch_Port
+        external_ids column. See LP #2020058 for more information.
+
+        :param context: Neutron API context.
+        :param db_port: The Neutron port.
+        :param up: If True add the host information, if False remove it.
+                   Defaults to True.
+        """
+        cmd = []
+        if up:
+            if not db_port.port_bindings:
+                return
+            host = db_port.port_bindings[0].host
+
+            ext_ids = ('external_ids',
+                       {ovn_const.OVN_HOST_ID_EXT_ID_KEY: host})
+            cmd.append(
+                self._nb_idl.db_set(
+                    'Logical_Switch_Port', db_port.id, ext_ids))
+        else:
+            cmd.append(
+                self._nb_idl.db_remove(
+                    'Logical_Switch_Port', db_port.id, 'external_ids',
+                    ovn_const.OVN_HOST_ID_EXT_ID_KEY, if_exists=True))
+
+        self._transaction(cmd)
+
     def _get_port_options(self, port):
         context = n_context.get_admin_context()
         binding_prof = utils.validate_and_get_data_from_binding_profile(port)
@@ -426,7 +456,12 @@ def _get_port_options(self, port):
                         # a RARP packet from it to inform network about the new
                         # location of the port
                         options['activation-strategy'] = 'rarp'
-            options[ovn_const.LSP_OPTIONS_REQUESTED_CHASSIS_KEY] = chassis
+
+            # Virtual ports can not be bound by using the
+            # requested-chassis mechanism, ovn-controller will create the
+            # Port_Binding entry when it sees an ARP coming from the VIP
+            if port_type != ovn_const.LSP_TYPE_VIRTUAL:
+                options[ovn_const.LSP_OPTIONS_REQUESTED_CHASSIS_KEY] = chassis
 
         # TODO(lucasagomes): Enable the mcast_flood_reports by default,
         # according to core OVN developers it shouldn't cause any harm

neutron/tests/functional/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovn_client.py

@@ -66,3 +66,21 @@ def check_metadata_port(enable_dhcp):
             # because it checks first if the metadata port exists.
             ovn_client.create_metadata_port(self.context, network)
             check_metadata_port(enable_dhcp)
+
+    def test_create_port(self):
+        with self.network('test-ovn-client') as net:
+            with self.subnet(net) as subnet:
+                with self.port(subnet) as port:
+                    port_data = port['port']
+                    nb_ovn = self.mech_driver.nb_ovn
+                    lsp = nb_ovn.lsp_get(port_data['id']).execute()
+                    # The logical switch port has been created during the
+                    # port creation.
+                    self.assertIsNotNone(lsp)
+                    ovn_client = self.mech_driver._ovn_client
+                    port_data = self.plugin.get_port(self.context,
+                                                     port_data['id'])
+                    # Call the create_port again to ensure that the create
+                    # command automatically checks for existing logical
+                    # switch ports
+                    ovn_client.create_port(self.context, port_data)

neutron/tests/unit/agent/l3/test_dvr_local_router.py

@@ -287,6 +287,15 @@ def test__load_used_fip_information(self, mock_add_ip_rule):
         self.assertEqual(sorted(ret, key=lambda ret: ret[0]),
                          fip_rule_prio_list)
 
+    @mock.patch.object(router_info.RouterInfo, 'initialize')
+    def test_initialize_dvr_local_router(self, super_initialize):
+        ri = self._create_router()
+        self.mock_load_fip.assert_not_called()
+
+        ri.initialize(self.process_monitor)
+        super_initialize.assert_called_once_with(self.process_monitor)
+        self.mock_load_fip.assert_called_once()
+
     def test_get_floating_ips_dvr(self):
         router = mock.MagicMock()
         router.get.return_value = [{'host': HOSTNAME},

neutron/tests/unit/api/rpc/handlers/test_securitygroups_rpc.py

@@ -15,6 +15,7 @@
 from unittest import mock
 
 import netaddr
+from neutron_lib.callbacks import events
 from neutron_lib import context
 from oslo_utils import uuidutils
 
@@ -120,13 +121,14 @@ def _make_address_group_ovo(self, *args, **kwargs):
                        return_value=False)
     def _make_security_group_ovo(self, *args, **kwargs):
         attrs = {'id': uuidutils.generate_uuid(), 'revision_number': 1}
+        r_group = kwargs.get('remote_group_id') or attrs['id']
         sg_rule = securitygroup.SecurityGroupRule(
             id=uuidutils.generate_uuid(),
             security_group_id=attrs['id'],
             direction='ingress',
             ethertype='IPv4', protocol='tcp',
             port_range_min=400,
-            remote_group_id=attrs['id'],
+            remote_group_id=r_group,
             revision_number=1,
             remote_address_group_id=kwargs.get('remote_address_group_id',
                                                None),
@@ -198,6 +200,52 @@ def test_sg_member_update_events(self):
         self.sg_agent.security_groups_member_updated.assert_called_with(
             {s1.id})
 
+    def test_sg_delete_events_with_remote(self):
+        s1 = self._make_security_group_ovo(remote_group_id='')
+        s2 = self._make_security_group_ovo(remote_group_id=s1.id)
+        rules = self.rcache.get_resources(
+            'SecurityGroupRule',
+            filters={'security_group_id': (s1.id, s2.id)})
+        self.assertEqual(2, len(rules))
+        self.assertEqual(s1.id, rules[0].remote_group_id)
+
+        self.shim._clear_child_sg_rules(
+            'SecurityGroup', 'after_delete', '',
+            events.DBEventPayload(
+                context=self.ctx,
+                states=[s1]
+            )
+        )
+        rules = self.rcache.get_resources(
+            'SecurityGroupRule',
+            filters={'security_group_id': (s1.id, s2.id)})
+        self.assertEqual(0, len(rules))
+
+    def test_sg_delete_events_without_remote(self):
+        s1 = self._make_security_group_ovo()
+        s2 = self._make_security_group_ovo()
+        rules = self.rcache.get_resources(
+            'SecurityGroupRule',
+            filters={'security_group_id': (s1.id, s2.id)})
+        self.assertEqual(2, len(rules))
+        self.assertEqual(s1.id, rules[0].remote_group_id)
+
+        self.shim._clear_child_sg_rules(
+            'SecurityGroup', 'after_delete', '',
+            events.DBEventPayload(
+                context=self.ctx,
+                states=[s1]
+            )
+        )
+        s1_rules = self.rcache.get_resources(
+            'SecurityGroupRule',
+            filters={'security_group_id': (s1.id, )})
+        self.assertEqual(0, len(s1_rules))
+        s2_rules = self.rcache.get_resources(
+            'SecurityGroupRule',
+            filters={'security_group_id': (s2.id, )})
+        self.assertEqual(1, len(s2_rules))
+
     def test_get_secgroup_ids_for_address_group(self):
         ag = self._make_address_group_ovo()
         sg1 = self._make_security_group_ovo(remote_address_group_id=ag.id)