diff --git a/0001-Create-executable-for-removing-patch-ports.patch b/0001-Create-executable-for-removing-patch-ports.patch deleted file mode 100644 index 47f23fd..0000000 --- a/0001-Create-executable-for-removing-patch-ports.patch +++ /dev/null @@ -1,198 +0,0 @@ -From 9238592fcb2238bfd34d9c0b414573cb6f3d9582 Mon Sep 17 00:00:00 2001 -From: Jakub Libosvar -Date: Thu, 12 Oct 2017 15:19:31 +0000 -Subject: [PATCH] Create executable for removing patch ports - -Nodes using provider bridges for internal traffic like amqp can cause an -ARP storm when at least two nodes were shutdown ungracefully and are -brought up at once. It's caused by having patch-ports between provider -bridges and integration bridge, hence the integration bridge passes ARP -broadcast packets from one provider bridge to another. - -This patch introduces a cleanup script that scans Neutron config and -removes patch ports from integration bridge and bridges defined in -bridge_mappings option. Such script can be executed when node is booted. - -Resolves: rhbz#1490281 -Closes-bug: #1720766 - -Change-Id: I774cefac2951343a30f882791abf12598bc99603 ---- - neutron/cmd/destroy_patch_ports.py | 77 ++++++++++++++++++++ - .../functional/cmd/test_destroy_patch_ports.py | 83 ++++++++++++++++++++++ - 2 files changed, 160 insertions(+) - create mode 100644 neutron/cmd/destroy_patch_ports.py - create mode 100644 neutron/tests/functional/cmd/test_destroy_patch_ports.py - -diff --git a/neutron/cmd/destroy_patch_ports.py b/neutron/cmd/destroy_patch_ports.py -new file mode 100644 -index 0000000..d6fb4b3 ---- /dev/null -+++ b/neutron/cmd/destroy_patch_ports.py -@@ -0,0 +1,77 @@ -+# Copyright 2017 Red Hat, Inc. -+# All Rights Reserved. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); you may -+# not use this file except in compliance with the License. You may obtain -+# a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -+# License for the specific language governing permissions and limitations -+# under the License. -+ -+import sys -+ -+from neutron_lib.utils import helpers -+from oslo_config import cfg -+from oslo_log import log as logging -+ -+from neutron.agent.common import ovs_lib -+from neutron.common import config as common_config -+from neutron.conf.plugins.ml2.drivers import ovs_conf -+from neutron.plugins.common import utils as p_utils -+from neutron.plugins.ml2.drivers.openvswitch.agent.common import constants -+ -+LOG = logging.getLogger(__name__) -+ -+ -+def get_patch_port_names(bridge_name): -+ int_if_name = p_utils.get_interface_name( -+ bridge_name, prefix=constants.PEER_INTEGRATION_PREFIX) -+ phys_if_name = p_utils.get_interface_name( -+ bridge_name, prefix=constants.PEER_PHYSICAL_PREFIX) -+ -+ return int_if_name, phys_if_name -+ -+ -+class PatchPortCleaner(object): -+ def __init__(self, config): -+ mappings = helpers.parse_mappings(config.OVS.bridge_mappings) -+ self.bridges = [ovs_lib.OVSBridge(bridge) -+ for bridge in mappings.values()] -+ self.int_br = ovs_lib.OVSBridge(config.OVS.integration_bridge) -+ -+ def destroy_patch_ports(self): -+ if not self.int_br.bridge_exists(self.int_br.br_name): -+ # integration bridge hasn't been created by agent yet, nothing to -+ # clean -+ return -+ for bridge in self.bridges: -+ try: -+ self._remove_patch_ports_from_int_br(bridge) -+ except Exception as e: -+ LOG.error("Failed to remove patch port from bridge %s: %s", -+ bridge.br_name, e) -+ -+ def _remove_patch_ports_from_int_br(self, bridge): -+ int_if_name, phys_if_name = get_patch_port_names( -+ bridge.br_name) -+ int_type = self.int_br.db_get_val( -+ "Interface", int_if_name, "type", log_errors=False) -+ if int_type == 'patch': -+ self.int_br.delete_port(int_if_name) -+ bridge.delete_port(phys_if_name) -+ -+ -+def main(): -+ common_config.init(sys.argv[1:]) -+ ovs_conf.register_ovs_agent_opts() -+ port_cleaner = PatchPortCleaner(cfg.CONF) -+ port_cleaner.destroy_patch_ports() -+ -+ -+if __name__ == "__main__": -+ main() -diff --git a/neutron/tests/functional/cmd/test_destroy_patch_ports.py b/neutron/tests/functional/cmd/test_destroy_patch_ports.py -new file mode 100644 -index 0000000..9c92edf ---- /dev/null -+++ b/neutron/tests/functional/cmd/test_destroy_patch_ports.py -@@ -0,0 +1,83 @@ -+# Copyright 2017 Red Hat, Inc. -+# All Rights Reserved. -+# -+# Licensed under the Apache License, Version 2.0 (the "License"); you may -+# not use this file except in compliance with the License. You may obtain -+# a copy of the License at -+# -+# http://www.apache.org/licenses/LICENSE-2.0 -+# -+# Unless required by applicable law or agreed to in writing, software -+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -+# License for the specific language governing permissions and limitations -+# under the License. -+ -+from neutron_lib import constants as n_const -+from oslo_config import cfg -+ -+from neutron.cmd import destroy_patch_ports -+from neutron.common import utils -+from neutron.conf.plugins.ml2.drivers import ovs_conf -+from neutron.plugins.ml2.drivers.openvswitch.agent.common import constants -+from neutron.tests.common import net_helpers -+from neutron.tests.functional import base -+ -+ -+class TestDestroyPatchPorts(base.BaseSudoTestCase): -+ def setUp(self): -+ super(TestDestroyPatchPorts, self).setUp() -+ self.int_br = self.useFixture(net_helpers.OVSBridgeFixture()).bridge -+ bridge_mappings = {} -+ self.bridges = [] -+ for network in ('foo', 'bar'): -+ bridge = self.useFixture(net_helpers.OVSBridgeFixture()).bridge -+ self._create_patch_ports_to_int_br(bridge) -+ self.bridges.append(bridge) -+ bridge_mappings[network] = bridge.br_name -+ self.config = self._create_config_file(bridge_mappings) -+ -+ def _create_config_file(self, bridge_mappings): -+ config = cfg.ConfigOpts() -+ ovs_conf.register_ovs_agent_opts(config) -+ config.set_override('integration_bridge', self.int_br.br_name, "OVS") -+ config.set_override( -+ 'bridge_mappings', -+ ','.join(["%s:%s" % (net, br) -+ for net, br in bridge_mappings.items()]), -+ "OVS") -+ -+ return config -+ -+ def _create_patch_ports_to_int_br(self, bridge): -+ int_if_name, phys_if_name = destroy_patch_ports.get_patch_port_names( -+ bridge.br_name) -+ self.int_br.add_patch_port( -+ int_if_name, constants.NONEXISTENT_PEER) -+ bridge.add_patch_port( -+ phys_if_name, constants.NONEXISTENT_PEER) -+ self.int_br.set_db_attribute( -+ 'Interface', int_if_name, 'options', {'peer': phys_if_name}) -+ bridge.set_db_attribute( -+ 'Interface', phys_if_name, 'options', {'peer': int_if_name}) -+ -+ def _has_patch_ports(self, bridge): -+ int_if_name, phys_if_name = destroy_patch_ports.get_patch_port_names( -+ bridge.br_name) -+ return (bridge.port_exists(phys_if_name) and -+ self.int_br.port_exists(int_if_name)) -+ -+ def test_destroy_patch_ports(self): -+ self.assertTrue(all(self._has_patch_ports(bridge) -+ for bridge in self.bridges)) -+ cleaner = destroy_patch_ports.PatchPortCleaner(self.config) -+ cleaner.destroy_patch_ports() -+ self.assertFalse(any(self._has_patch_ports(bridge) -+ for bridge in self.bridges)) -+ -+ def test_destroy_patch_ports_no_int_br(self): -+ name = utils.get_rand_name( -+ max_length=n_const.DEVICE_NAME_MAX_LEN) -+ self.config.set_override('integration_bridge', name, "OVS") -+ cleaner = destroy_patch_ports.PatchPortCleaner(self.config) -+ cleaner.destroy_patch_ports() diff --git a/0002-Destroy-patch-ports-only-if-canary-flow-is-not-prese.patch b/0002-Destroy-patch-ports-only-if-canary-flow-is-not-prese.patch deleted file mode 100644 index 6b4ef68..0000000 --- a/0002-Destroy-patch-ports-only-if-canary-flow-is-not-prese.patch +++ /dev/null @@ -1,81 +0,0 @@ -From 20e704e066c5b6beed78828e662f8562a6db1e63 Mon Sep 17 00:00:00 2001 -From: Jakub Libosvar -Date: Fri, 10 Nov 2017 16:12:10 +0000 -Subject: [PATCH] Destroy patch ports only if canary flow is not present - -Because of containers management do not have any dependency system, -we need to call destroy-patch-ports command before -neutron-openvswitch-agent process is started in the container. This -patch adds functionality to avoid destroying the patch ports in case -canary flow is present on the integration bridge. This is to avoid cases -where container is stopped and started, which would cause a data plane -disruption due to removing patch ports when it's not necessary. Patch -ports are needed to be removed only in cases where node was ungracefully -taken down. - -Change-Id: I5ef0f54741abce40bedd0c958befc9cb39cd21c4 -Resolves: rhbz/1511988 ---- - neutron/cmd/destroy_patch_ports.py | 12 +++++++++--- - neutron/tests/functional/cmd/test_destroy_patch_ports.py | 12 +++++++++++- - 2 files changed, 20 insertions(+), 4 deletions(-) - -diff --git a/neutron/cmd/destroy_patch_ports.py b/neutron/cmd/destroy_patch_ports.py -index d6fb4b3..8c3ea98 100644 ---- a/neutron/cmd/destroy_patch_ports.py -+++ b/neutron/cmd/destroy_patch_ports.py -@@ -45,9 +45,10 @@ class PatchPortCleaner(object): - self.int_br = ovs_lib.OVSBridge(config.OVS.integration_bridge) - - def destroy_patch_ports(self): -- if not self.int_br.bridge_exists(self.int_br.br_name): -- # integration bridge hasn't been created by agent yet, nothing to -- # clean -+ if (not self.int_br.bridge_exists(self.int_br.br_name) or -+ self.flows_configured()): -+ # integration bridge hasn't been created by agent yet or it's been -+ # already configured by the agent - return - for bridge in self.bridges: - try: -@@ -65,6 +66,11 @@ class PatchPortCleaner(object): - self.int_br.delete_port(int_if_name) - bridge.delete_port(phys_if_name) - -+ def flows_configured(self): -+ """Return True if the integration bridge has flows already configured. -+ """ -+ return bool(self.int_br.dump_flows_for(table=constants.CANARY_TABLE)) -+ - - def main(): - common_config.init(sys.argv[1:]) -diff --git a/neutron/tests/functional/cmd/test_destroy_patch_ports.py b/neutron/tests/functional/cmd/test_destroy_patch_ports.py -index 9c92edf..b53f1b8 100644 ---- a/neutron/tests/functional/cmd/test_destroy_patch_ports.py -+++ b/neutron/tests/functional/cmd/test_destroy_patch_ports.py -@@ -67,9 +67,12 @@ class TestDestroyPatchPorts(base.BaseSudoTestCase): - return (bridge.port_exists(phys_if_name) and - self.int_br.port_exists(int_if_name)) - -- def test_destroy_patch_ports(self): -+ def _assert_has_all_ports(self): - self.assertTrue(all(self._has_patch_ports(bridge) - for bridge in self.bridges)) -+ -+ def test_destroy_patch_ports(self): -+ self._assert_has_all_ports() - cleaner = destroy_patch_ports.PatchPortCleaner(self.config) - cleaner.destroy_patch_ports() - self.assertFalse(any(self._has_patch_ports(bridge) -@@ -81,3 +84,10 @@ class TestDestroyPatchPorts(base.BaseSudoTestCase): - self.config.set_override('integration_bridge', name, "OVS") - cleaner = destroy_patch_ports.PatchPortCleaner(self.config) - cleaner.destroy_patch_ports() -+ -+ def test_destroy_patch_ports_canary_flow_on_int_br(self): -+ self.int_br.add_flow(table=constants.CANARY_TABLE, actions="drop") -+ self._assert_has_all_ports() -+ cleaner = destroy_patch_ports.PatchPortCleaner(self.config) -+ cleaner.destroy_patch_ports() -+ self._assert_has_all_ports() diff --git a/0003-use-plugin-utils-from-neutron-lib.patch b/0003-use-plugin-utils-from-neutron-lib.patch deleted file mode 100644 index 3dc0cd5..0000000 --- a/0003-use-plugin-utils-from-neutron-lib.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 91ebd644ed9811cc822d773914590d5b4659bed4 Mon Sep 17 00:00:00 2001 -From: yatin -Date: Tue, 17 Jul 2018 10:17:44 +0530 -Subject: [PATCH] use plugin utils from neutron-lib - -Upstream switched to neutron_lib usage in -https://review.openstack.org/#/c/565284/. - -Change-Id: I88672f7ddd05ab277281772787666206f45e45ca ---- - neutron/cmd/destroy_patch_ports.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/neutron/cmd/destroy_patch_ports.py b/neutron/cmd/destroy_patch_ports.py -index 8c3ea98c1..76d9ebff8 100644 ---- a/neutron/cmd/destroy_patch_ports.py -+++ b/neutron/cmd/destroy_patch_ports.py -@@ -15,6 +15,7 @@ - - import sys - -+from neutron_lib.plugins import utils as p_utils - from neutron_lib.utils import helpers - from oslo_config import cfg - from oslo_log import log as logging -@@ -22,7 +23,6 @@ from oslo_log import log as logging - from neutron.agent.common import ovs_lib - from neutron.common import config as common_config - from neutron.conf.plugins.ml2.drivers import ovs_conf --from neutron.plugins.common import utils as p_utils - from neutron.plugins.ml2.drivers.openvswitch.agent.common import constants - - LOG = logging.getLogger(__name__) --- -2.17.1 - diff --git a/0004-Adjust-logging-for-removing-patch-ports.patch b/0004-Adjust-logging-for-removing-patch-ports.patch deleted file mode 100644 index fe02b54..0000000 --- a/0004-Adjust-logging-for-removing-patch-ports.patch +++ /dev/null @@ -1,34 +0,0 @@ ---- a/neutron/cmd/destroy_patch_ports.py -+++ b/neutron/cmd/destroy_patch_ports.py -@@ -39,6 +39,7 @@ - - class PatchPortCleaner(object): - def __init__(self, config): -+ LOG.debug("Get OVS bridge mappings") - mappings = helpers.parse_mappings(config.OVS.bridge_mappings) - self.bridges = [ovs_lib.OVSBridge(bridge) - for bridge in mappings.values()] -@@ -52,6 +53,7 @@ - return - for bridge in self.bridges: - try: -+ LOG.debug("Remove patch port from bridge %s", bridge.br_name) - self._remove_patch_ports_from_int_br(bridge) - except Exception as e: - LOG.error("Failed to remove patch port from bridge %s: %s", -@@ -69,12 +71,15 @@ - def flows_configured(self): - """Return True if the integration bridge has flows already configured. - """ -+ LOG.debug("Get configured flows for integration bridge %s", -+ self.int_br.br_name) - return bool(self.int_br.dump_flows_for(table=constants.CANARY_TABLE)) - - - def main(): - common_config.init(sys.argv[1:]) - ovs_conf.register_ovs_agent_opts() -+ common_config.setup_logging() - port_cleaner = PatchPortCleaner(cfg.CONF) - port_cleaner.destroy_patch_ports() - diff --git a/neutron-17.0.0.tar.gz b/neutron-17.0.0.tar.gz deleted file mode 100644 index 20d012a..0000000 Binary files a/neutron-17.0.0.tar.gz and /dev/null differ diff --git a/neutron-17.0.0.tar.gz.asc b/neutron-17.0.0.tar.gz.asc deleted file mode 100644 index 82bd240..0000000 --- a/neutron-17.0.0.tar.gz.asc +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQGzBAABCgAdFiEEvCbTqNBmXIf3vt8qwSuOc7MPL8gFAl+G0l4ACgkQwSuOc7MP -L8jEJAwAlTz1nvUXE+8eYzkQbtQoVSohnLCVm7IDaVaSmPwSVROTn922rXnr+lJ3 -ZT973r2yeLuWKcwJgHkiCyEetnl6nEu5jpCetEmhefPb8T+czZmPC3Ex5NrMp6Om -jkWi6uPYzLxM1xIpFfpJv2zxIpdvYT2UKIg77wCmS9HRapk+Br7+KOIqmiZCD46s -W4dX3BGL9pyghykBf8zd4zsZx+yQzyo+DsnF9KzbyE3m+iFySdmUcg0sfDOcft/4 -+gutZPPoyHlQLCzlsQ6WnkEKyyaJUFOLv1+zQ5ZWKWkv1K8buSnswXImXgS78Fs7 -KT6Z16fQ1IrJKTtGLenr2qvSx7Kg2DPa/x+DX8aiBzJekaO1SR/FOPURylp3g+JH -x0ckdF1lafH6gIe1cI4NQWV7r51wLnhWUGEofRuUuycpnLZlxaLXjQKsDrJHpIYX -WFIKvIKwZ/2vGnJGZweDWAyHVx3phb69ag3OK2Tm18uqY9rSPVKJNWdblR0Vuk9X -BPw3NY/Z -=LJ57 ------END PGP SIGNATURE----- diff --git a/openstack-neutron-17.0.0-1.el8.src.rpm b/neutron-18.1.0.tar.gz similarity index 60% rename from openstack-neutron-17.0.0-1.el8.src.rpm rename to neutron-18.1.0.tar.gz index 9c67417..b8d3111 100644 Binary files a/openstack-neutron-17.0.0-1.el8.src.rpm and b/neutron-18.1.0.tar.gz differ diff --git a/openstack-neutron.spec b/openstack-neutron.spec index e655d39..8acb574 100644 --- a/openstack-neutron.spec +++ b/openstack-neutron.spec @@ -7,14 +7,25 @@ for pid in $(ps -f --ppid 1 | awk '/.*neutron-rootwrap-daemon/ { print $2 }'); d done \ %nil -Name: openstack-neutron -Version: 17.0.0 +%global common_desc \ +Neutron is a virtual network service for Openstack. Just like \ +OpenStack Nova provides an API to dynamically request and configure \ +virtual servers, Neutron provides an API to dynamically request and \ +configure virtual networks. These networks connect "interfaces" from \ +other OpenStack services (e.g., virtual NICs from Nova VMs). The \ +Neutron API supports extensions to provide advanced network \ +capabilities (e.g., QoS, ACLs, network monitoring, etc.) + +Name: openstack-%{service} +Version: 18.1.0 Release: 1 -Epoch: 1 Summary: OpenStack Networking Service -License: Apache-2.0 -URL: http://launchpad.net/neutron/ -Source0: https://tarballs.openstack.org/neutron/neutron-%{upstream_version}.tar.gz + +License: ASL 2.0 +URL: http://launchpad.net/%{service}/ + +Source0: https://tarballs.openstack.org/%{service}/%{service}-%{upstream_version}.tar.gz + Source1: %{service}.logrotate Source2: %{service}-sudoers Source10: neutron-server.service @@ -35,18 +46,17 @@ Source31: conf.README Source32: neutron-linuxbridge-cleanup.service Source33: neutron-enable-bridge-firewall.sh Source34: neutron-l2-agent-sysctl.conf +# We use the legacy service to load modules because it allows to gracefully +# ignore a missing kernel module (f.e. br_netfilter on earlier kernels). It's +# essentially because .modules files are shell scripts. Source35: neutron-l2-agent.modules Source36: neutron-destroy-patch-ports.service Source37: neutron-ovn-metadata-agent.service - -Patch0001: 0001-Create-executable-for-removing-patch-ports.patch -Patch0002: 0002-Destroy-patch-ports-only-if-canary-flow-is-not-prese.patch -Patch0003: 0003-use-plugin-utils-from-neutron-lib.patch -Patch0004: 0004-Adjust-logging-for-removing-patch-ports.patch +# Required for tarball sources verification BuildArch: noarch -BuildRequires: git +BuildRequires: git-core BuildRequires: openstack-macros BuildRequires: python3-devel BuildRequires: python3-babel @@ -54,7 +64,6 @@ BuildRequires: python3-keystoneauth1 >= 3.14.0 BuildRequires: python3-keystonemiddleware BuildRequires: python3-neutron-lib BuildRequires: python3-novaclient -BuildRequires: python3-os-xenapi BuildRequires: python3-oslo-cache BuildRequires: python3-oslo-concurrency BuildRequires: python3-oslo-config @@ -76,26 +85,53 @@ BuildRequires: python3-pecan >= 1.3.2 BuildRequires: python3-tenacity >= 4.4.0 BuildRequires: python3-os-vif BuildRequires: systemd -BuildRequires: python3-pip -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} + +Requires: openstack-%{service}-common = %{version}-%{release} + +# dnsmasq is not a hard requirement, but is currently the only option +# when neutron-dhcp-agent is deployed. Requires: dnsmasq >= 2.76 Requires: dnsmasq-utils >= 2.76 + +# radvd is not a hard requirement, but is currently the only option +# for IPv6 deployments. Requires: radvd + +# dibbler is not a hard requirement, but is currently the default option +# for IPv6 prefix delegation. Requires: dibbler-client + +# conntrack is not a hard requirement, but is currently used by L3 agent +# to immediately drop connections after a floating IP is disassociated Requires: conntrack-tools + +# keepalived is not a hard requirement, but is currently used by DVR L3 +# agent Requires: keepalived + +# haproxy implements metadata proxy process Requires: haproxy >= 1.5.0 + +# Those are not hard requirements, ipset is used by ipset-cleanup in the subpackage, +# iptables is used by the l3-agent which currently is not in a separate package, +# iputils provides tools like arping which are used by l3-agent and iproute-tc +# (or iproute in case of CentOS 7 and RHEL 7), provides tc binary which is +# used by e.g. l3-agent and openvswitch-agent when QoS extension is enabled +# in agent's config. Requires: ipset Requires: iptables Requires: iputils Requires: iproute-tc + %{?systemd_ordering} + %description -OpenStack Networking (Neutron) +%{common_desc} + %package -n python3-%{service} Summary: Neutron Python libraries @@ -103,69 +139,72 @@ Summary: Neutron Python libraries Requires: python3-alembic >= 0.9.6 Requires: python3-debtcollector >= 1.19.0 Requires: python3-designateclient >= 2.7.0 -Requires: python3-eventlet >= 0.21.0 +Requires: python3-eventlet >= 0.22.1 Requires: python3-greenlet >= 0.4.10 -Requires: python3-futurist >= 1.10.0 +Requires: python3-futurist >= 1.2.0 Requires: python3-jinja2 >= 2.10 Requires: python3-keystoneauth1 >= 3.14.0 -Requires: python3-keystonemiddleware >= 4.17.0 +Requires: python3-keystonemiddleware >= 5.1.0 Requires: python3-netaddr >= 0.7.18 Requires: python3-neutronclient >= 6.7.0 -Requires: python3-neutron-lib >= 2.6.0 +Requires: python3-neutron-lib >= 2.9.0 Requires: python3-novaclient >= 9.1.0 Requires: python3-os-vif >= 1.15.1 -Requires: python3-os-xenapi >= 0.3.1 Requires: python3-oslo-cache >= 1.26.0 Requires: python3-oslo-concurrency >= 3.26.0 -Requires: python3-oslo-config -Requires: python3-oslo-context >= 2.20.0 +Requires: python3-oslo-config >= 8.0.0 +Requires: python3-oslo-context >= 2.22.0 Requires: python3-oslo-db >= 4.44.0 Requires: python3-oslo-i18n >= 3.20.0 -Requires: python3-oslo-log >= 4.2.1 +Requires: python3-oslo-log >= 4.3.0 Requires: python3-oslo-messaging >= 7.0.0 Requires: python3-oslo-middleware >= 3.31.0 -Requires: python3-oslo-policy >= 1.30.0 +Requires: python3-oslo-policy >= 3.6.2 Requires: python3-oslo-privsep >= 2.3.0 Requires: python3-oslo-reports >= 1.18.0 Requires: python3-oslo-rootwrap >= 5.8.0 Requires: python3-oslo-serialization >= 2.25.0 -Requires: python3-oslo-service >= 1.24.0 -Requires: python3-oslo-upgradecheck >= 0.1.0 -Requires: python3-oslo-utils >= 4.4.0 +Requires: python3-oslo-service >= 1.31.0 +Requires: python3-oslo-upgradecheck >= 1.3.0 +Requires: python3-oslo-utils >= 4.5.0 Requires: python3-oslo-versionedobjects >= 1.35.1 Requires: python3-osprofiler >= 2.3.0 -Requires: python3-ovsdbapp +Requires: python3-ovsdbapp >= 1.7.0 Requires: python3-pecan >= 1.3.2 Requires: python3-pbr >= 4.0.0 -Requires: python3-psutil >= 3.2.2 +Requires: python3-psutil >= 5.3.0 Requires: python3-pyroute2 >= 0.5.13 -Requires: python3-requests >= 2.14.2 +Requires: python3-requests >= 2.18.0 Requires: python3-tenacity >= 6.0.0 Requires: python3-routes >= 2.3.1 -Requires: python3-os-ken >= 0.3.1 +Requires: python3-os-ken >= 0.3.0 Requires: python3-sqlalchemy >= 1.2.0 Requires: python3-stevedore >= 1.20.0 Requires: python3-tooz >= 1.58.0 Requires: python3-webob >= 1.8.2 Requires: python3-openstacksdk >= 0.31.2 Requires: python3-pyOpenSSL >= 17.1.0 +Requires: python3-packaging >= 20.4 + Requires: python3-httplib2 >= 0.9.1 Requires: python3-netifaces >= 0.10.4 -Requires: python3-paste +Requires: python3-paste >= 2.0.2 Requires: python3-paste-deploy >= 1.5.0 Requires: python3-decorator >= 3.4.0 -Provides: python3-networking-ovn = %{epoch}:%{version}-%{release} +Provides: python3-networking-ovn = %{version}-%{release} %description -n python3-%{service} -OpenStack Networking (Neutron) +%{common_desc} + This package contains the Neutron Python library. + %package -n python3-%{service}-tests Summary: Neutron tests %{?python_provide:%python_provide python3-%{service}-tests} -Requires: python3-%{service} = %{epoch}:%{version}-%{release} +Requires: python3-%{service} = %{version}-%{release} Requires: python3-ddt >= 1.0.1 Requires: python3-fixtures >= 3.0.0 Requires: python3-mock >= 2.0 @@ -178,24 +217,34 @@ Requires: python3-oslotest >= 1.10.0 Requires: python3-os-testr >= 0.7.0 Requires: python3-PyMySQL >= 0.6.2 Requires: python3-tempest >= 12.1.0 + Requires: python3-webtest >= 2.0 + + +# pstree is used during functional testing to ensure our internal +# libraries managing processes work correctly. Requires: psmisc +# nfs-utils is needed because it creates user with uid 65534 which +# is required by neutron functional tests. Requires: nfs-utils + %description -n python3-%{service}-tests -OpenStack Networking (Neutron) +%{common_desc} + This package contains Neutron test files. %package common Summary: Neutron common files Requires(pre): shadow-utils -Requires: python3-%{service} = %{epoch}:%{version}-%{release} +Requires: python3-%{service} = %{version}-%{release} Requires: sudo %description common -OpenStack Networking (Neutron) +%{common_desc} + This package contains Neutron common files. @@ -205,33 +254,44 @@ Requires: ebtables Requires: ipset Requires: iproute Requires: iptables +# kmod is needed to get access to /usr/sbin/modprobe needed by +# neutron-enable-bridge-firewall.sh triggered by the service unit file Requires: kmod -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} %description linuxbridge -OpenStack Networking (Neutron) +%{common_desc} + This package contains the Neutron agent that implements virtual networks using VLAN or VXLAN using Linuxbridge technology. %package macvtap-agent Summary: Neutron macvtap agent -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} %description macvtap-agent -OpenStack Networking (Neutron) +%{common_desc} + This package contains the Neutron agent that implements macvtap attachments for libvirt qemu/kvm instances. %package ml2 Summary: Neutron ML2 plugin -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} +# needed for brocade and cisco drivers +#(TODO) ncclient is not in reuirement projects so it should be requirement in neutron +# plugin packages, not in main neutron. Remove this lines completely if everythin keeps +# working. +#Requires: python3-ncclient + %description ml2 -OpenStack Networking (Neutron) +%{common_desc} + This package contains a Neutron plugin that allows the use of drivers to support separately extensible sets of network types and the mechanisms for accessing those types. @@ -239,16 +299,21 @@ for accessing those types. %package openvswitch Summary: Neutron openvswitch plugin -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} +# We require openvswitch when using vsctl to access ovsdb; +# but if we use native access, then we just need python bindings. +# since we don't know what users actually use, we depend on both. Requires: ipset Requires: iptables Requires: openvswitch -Requires: python3-openvswitch >= 2.8.0 +Requires: python3-openvswitch >= 2.10.0 +# kmod is needed to get access to /usr/sbin/modprobe needed by +# neutron-enable-bridge-firewall.sh triggered by the service unit file Requires: kmod %description openvswitch -OpenStack Networking (Neutron) +%{common_desc} This package contains the Neutron plugin that implements virtual networks using Open vSwitch. @@ -257,33 +322,36 @@ networks using Open vSwitch. %package metering-agent Summary: Neutron bandwidth metering agent Requires: iptables -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} %description metering-agent -OpenStack Networking (Neutron) +%{common_desc} + This package contains the Neutron agent responsible for generating bandwidth utilization notifications. %package rpc-server Summary: Neutron (RPC only) Server -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} %description rpc-server -OpenStack Networking (Neutron) +%{common_desc} + This package contains an alternative Neutron server that handles AMQP RPC workload only. %package sriov-nic-agent Summary: Neutron SR-IOV NIC agent -Requires: openstack-%{service}-common = %{epoch}:%{version}-%{release} +Requires: openstack-%{service}-common = %{version}-%{release} %description sriov-nic-agent -OpenStack Networking (Neutron) +%{common_desc} + This package contains the Neutron agent to support advanced features of SR-IOV network cards. @@ -291,9 +359,9 @@ SR-IOV network cards. %package ovn-metadata-agent Summary: OVN metadata agent BuildRequires: systemd -Requires: python3-%{service} = %{epoch}:%{version}-%{release} -Requires: openvswitch >= 2.8.0 -Provides: python3-networking-ovn-metadata-agent = %{epoch}:%{version}-%{release} +Requires: python3-%{service} = %{version}-%{release} +Requires: openvswitch >= 2.10.0 +Provides: python3-networking-ovn-metadata-agent = %{version}-%{release} %{?systemd_requires} %description ovn-metadata-agent @@ -305,8 +373,8 @@ can retrieve metadata from OpenStack Nova. %package ovn-migration-tool Summary: networking-ovn ML2/OVS to OVN migration tool -Requires: python3-%{service} = %{epoch}:%{version}-%{release} -Provides: python3-networking-ovn-migration-tool = %{epoch}:%{version}-%{release} +Requires: python3-%{service} = %{version}-%{release} +Provides: python3-networking-ovn-migration-tool = %{version}-%{release} %description ovn-migration-tool @@ -315,21 +383,26 @@ OpenStack to OVN based backend. %prep -%autosetup -n %{service}-%{upstream_version} -S git +%autosetup -n %{service}-%{upstream_version} -S git sed -i 's/\/usr\/bin\/python/\/usr\/bin\/python3/' %{SOURCE36} find %{service} -name \*.py -exec sed -i '/\/usr\/bin\/env python/{d;q}' {} + +# Let's handle dependencies ourseleves %py_req_cleanup +# Kill egg-info in order to generate new SOURCES.txt rm -rf neutron.egg-info %build export SKIP_PIP_INSTALL=1 %{py3_build} +# Generate i18n files +# (amoralej) we can remove '-D neutron' once https://review.openstack.org/#/c/485070/ is merged %{__python3} setup.py compile_catalog -d build/lib/%{service}/locale -D neutron +# Generate configuration files PYTHONPATH=. for file in `ls etc/oslo-config-generator/*`; do oslo-config-generator --config-file=$file @@ -342,6 +415,13 @@ do mv ${filename} ${filedir}/${file} done +# Loop through values in neutron-dist.conf and make sure that the values +# are substituted into the neutron.conf as comments. Some of these values +# will have been uncommented as a way of upstream setting defaults outside +# of the code. For notification_driver, there are commented examples +# above uncommented settings, so this specifically skips those comments +# and instead comments out the actual settings and substitutes the +# correct default values. while read name eq value; do test "$name" && test "$value" || continue if [ "$name" = "notification_driver" ]; then @@ -354,17 +434,21 @@ done < %{SOURCE30} %install %{py3_install} +# Remove unused files rm -rf %{buildroot}%{python3_sitelib}/bin rm -rf %{buildroot}%{python3_sitelib}/doc rm -rf %{buildroot}%{python3_sitelib}/tools +# Move rootwrap files to proper location install -d -m 755 %{buildroot}%{_datarootdir}/%{service}/rootwrap mv %{buildroot}/usr/etc/%{service}/rootwrap.d/*.filters %{buildroot}%{_datarootdir}/%{service}/rootwrap +# Move config files to proper location install -d -m 755 %{buildroot}%{_sysconfdir}/%{service} mv %{buildroot}/usr/etc/%{service}/* %{buildroot}%{_sysconfdir}/%{service} mv %{buildroot}%{_sysconfdir}/%{service}/api-paste.ini %{buildroot}%{_datadir}/%{service}/api-paste.ini +# The generated config files are not moved automatically by setup.py install -d -m 755 %{buildroot}%{_sysconfdir}/%{service}/plugins/ml2 mv etc/%{service}.conf %{buildroot}%{_sysconfdir}/%{service}/%{service}.conf @@ -378,17 +462,24 @@ do mv etc/%{service}/plugins/ml2/${file}.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/ml2/${file}.ini done +# (TODO) Backwards compatibility for networking-ovn-metadata-agent.ini + install -d -m 755 %{buildroot}%{_sysconfdir}/neutron/plugins/networking-ovn ln -s /etc/neutron/neutron_ovn_metadata_agent.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/networking-ovn/networking-ovn-metadata-agent.ini +# (TODO) Backwards compatibility for ovn.ini ln -s /etc/neutron/ovn.ini %{buildroot}%{_sysconfdir}/%{service}/plugins/networking-ovn/networking-ovn.ini +# (TODO) Backwards compatibility for networking-ovn-metadata-agent executable ln -s %{_bindir}/neutron-ovn-metadata-agent %{buildroot}%{_bindir}/networking-ovn-metadata-agent +# Install logrotate install -p -D -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/logrotate.d/openstack-%{service} +# Install sudoers install -p -D -m 440 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudoers.d/%{service} +# Install systemd units install -p -D -m 644 %{SOURCE10} %{buildroot}%{_unitdir}/neutron-server.service install -p -D -m 644 %{SOURCE11} %{buildroot}%{_unitdir}/neutron-linuxbridge-agent.service install -p -D -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/neutron-openvswitch-agent.service @@ -405,31 +496,42 @@ install -p -D -m 644 %{SOURCE32} %{buildroot}%{_unitdir}/neutron-linuxbridge-cle install -p -D -m 644 %{SOURCE36} %{buildroot}%{_unitdir}/neutron-destroy-patch-ports.service install -p -D -m 644 %{SOURCE37} %{buildroot}%{_unitdir}/neutron-ovn-metadata-agent.service +# (TODO) - Backwards compatibility for systemd unit networking-ovn-metadata-agent ln -s %{_unitdir}/neutron-ovn-metadata-agent.service %{buildroot}%{_unitdir}/networking-ovn-metadata-agent.service +# Install helper scripts install -p -D -m 755 %{SOURCE33} %{buildroot}%{_bindir}/neutron-enable-bridge-firewall.sh +# Install sysctl and modprobe config files to enable bridge firewalling +# NOTE(ihrachys) we effectively duplicate same settings for each affected l2 +# agent. This can be revisited later. install -p -D -m 644 %{SOURCE34} %{buildroot}%{_sysctldir}/99-neutron-openvswitch-agent.conf install -p -D -m 644 %{SOURCE34} %{buildroot}%{_sysctldir}/99-neutron-linuxbridge-agent.conf install -p -D -m 755 %{SOURCE35} %{buildroot}%{_sysconfdir}/sysconfig/modules/neutron-openvswitch-agent.modules install -p -D -m 755 %{SOURCE35} %{buildroot}%{_sysconfdir}/sysconfig/modules/neutron-linuxbridge-agent.modules +# Install README file that describes how to configure services with custom configuration files install -p -D -m 755 %{SOURCE31} %{buildroot}%{_sysconfdir}/%{service}/conf.d/README +# Setup directories install -d -m 755 %{buildroot}%{_datadir}/%{service} install -d -m 755 %{buildroot}%{_sharedstatedir}/%{service} install -d -m 755 %{buildroot}%{_localstatedir}/log/%{service} install -d -m 755 %{buildroot}%{_localstatedir}/run/%{service} install -d -m 755 %{buildroot}%{_sysconfdir}/%{service}/kill_scripts +# Install dist conf install -p -D -m 640 %{SOURCE30} %{buildroot}%{_datadir}/%{service}/%{service}-dist.conf +# Create and populate configuration directory for L3 agent that is not accessible for user modification mkdir -p %{buildroot}%{_datadir}/%{service}/l3_agent ln -s %{_sysconfdir}/%{service}/l3_agent.ini %{buildroot}%{_datadir}/%{service}/l3_agent/l3_agent.conf +# Create dist configuration directory for neutron-server (may be filled by advanced services) mkdir -p %{buildroot}%{_datadir}/%{service}/server +# Create configuration directories for all services that can be populated by users with custom *.conf files mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/common for service in server rpc-server ovs-cleanup netns-cleanup linuxbridge-cleanup macvtap-agent; do mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/%{service}-$service @@ -438,11 +540,13 @@ for service in linuxbridge openvswitch dhcp l3 metadata metering sriov-nic ovn-m mkdir -p %{buildroot}/%{_sysconfdir}/%{service}/conf.d/%{service}-$service-agent done +# Install i18n .mo files (.po and .pot are not required) install -d -m 755 %{buildroot}%{_datadir} rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*/LC_*/%{service}*po rm -f %{buildroot}%{python3_sitelib}/%{service}/locale/*pot mv %{buildroot}%{python3_sitelib}/%{service}/locale %{buildroot}%{_datadir}/locale +# Find language files %find_lang %{service} --all-name %pre common @@ -511,13 +615,20 @@ exit 0 %systemd_post neutron-destroy-patch-ports.service if [ $1 -ge 2 ]; then + # We're upgrading + + # Detect if the neutron-openvswitch-agent is running ovs_agent_running=0 systemctl status neutron-openvswitch-agent > /dev/null 2>&1 && ovs_agent_running=1 || : + # If agent is running, stop it [ $ovs_agent_running -eq 1 ] && systemctl stop neutron-openvswitch-agent > /dev/null 2>&1 || : + # Search all orphaned neutron-rootwrap-daemon processes and since all are triggered by sudo, + # get the actual rootwrap-daemon process. %cleanup_orphan_rootwrap_daemons + # If agent was running, start it back with new code [ $ovs_agent_running -eq 1 ] && systemctl start neutron-openvswitch-agent > /dev/null 2>&1 || : fi @@ -624,6 +735,8 @@ fi %files common -f %{service}.lang %license LICENSE %doc README.rst +# though this script is not exactly needed on all nodes but for ovs and +# linuxbridge agents only, it's probably good enough to put it here %{_bindir}/neutron-enable-bridge-firewall.sh %{_bindir}/neutron-rootwrap %{_bindir}/neutron-rootwrap-daemon @@ -646,9 +759,7 @@ fi %{_datarootdir}/%{service}/rootwrap/debug.filters %{_datarootdir}/%{service}/rootwrap/dhcp.filters %{_datarootdir}/%{service}/rootwrap/dibbler.filters -%{_datarootdir}/%{service}/rootwrap/ebtables.filters %{_datarootdir}/%{service}/rootwrap/ipset-firewall.filters -%{_datarootdir}/%{service}/rootwrap/iptables-firewall.filters %{_datarootdir}/%{service}/rootwrap/l3.filters %{_datarootdir}/%{service}/rootwrap/privsep.filters @@ -737,5 +848,9 @@ fi %{_datadir}/ansible/neutron-ovn-migration/ %changelog +* Fri Jul 23 2021 liksh 1:18.1.0-1 +- Update to 18.1.0 + * Fri Jan 15 2021 joec88 1:17.0.0-1 - openEuler build release +