Skip to content

Synchronise 2025.1 with upstream #243

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
github-actions wants to merge 18 commits into
base: stackhpc/2025.1
Choose a base branch
from
Open

Synchronise 2025.1 with upstream #243

github-actions wants to merge 18 commits into from

Conversation

@github-actions
Copy link

@github-actions github-actions bot commented Dec 8, 2025

This PR contains a snapshot of 2025.1 from upstream stable/2025.1.

ralonsoh and others added 18 commits November 17, 2025 14:41
@ralonsoh
[OVN] The OVS IDL connection is global for all tests
4fb3d6f 
In the functional tests, the OVN databases are created per test and
removed at the end. That leaves no trace the local OVN databases if
running in a system running OpenStack. But the OVS database is global
and shared with all the tests and running processes. It is needed to
use the OVS IDL ``api_factory`` method that returns a global object
for all tests.

Closes-Bug: #2119453
Signed-off-by: Rodolfo Alonso Hernandez <[email protected]>
Change-Id: I7b438ba76e6f95d533d8d7bc4aaeeba0007551e3
(cherry picked from commit 23994f6)
@brianphaley
Remove false-positive ACLs in OVN DB sync
fc1039f 
If there are two (or more) security group rules that have
the same normalized cidr, only one of them will match the
OVN ACL exactly. The other will match everything except
the rule ID. Go through any items found a second time,
ignoring the rule ID to remove the false-positives.

Closes-bug: #2087822
Change-Id: Ia5a76973f80be1369753ebf42fba2fc19690a229
Signed-off-by: Brian Haley <[email protected]>
(cherry picked from commit 1c3eac5)
@ralonsoh
[OVN] Initialize OVN agent in start method
cf83a59 
The ``OVNAgentExtensionAPI`` and ``OVNAgentExtensionManager`` instances
create different threads instances. Now the OVN agent is using the
``oslo.service`` threading implementation (that uses ``cotyledon``).
This library creates a fork of the main process to execute the
``ServiceWrapper`` instance, where the agent is running. Any thread
should be created in the child process, at the
``oslo_service.service.Service.start`` method.

Closes-Bug: #2131540

Signed-off-by: Rodolfo Alonso Hernandez <[email protected]>
Change-Id: I97d52e8fd2236b7d9210174d05f01c81a2edcd0d
(cherry picked from commit 5e92bbf)
@elvgarrui
[SGL] Ignore port groups that don't come from SGs
53c2c8d 
Previously, OVN logapi driver only considered that Port Groups and
ACLs were created by Security Groups. This is not true, since the
FWaaS plugin does also manage ACLs and Port Groups to apply its rules.
This means that port groups do not necessarily need to have a security
group ID referenced on their external IDs.

Closes-Bug: #2131209

Change-Id: I7f85077ce344d4d0e46190674fc79c42a9eeae9a
Signed-off-by: Elvira Garcia <[email protected]>
(cherry picked from commit c0f6145)
@openstack-gerrit
Merge "[OVN] The OVS IDL connection is global for all tests" into sta…
55f6e07 
…ble/2025.1
@openstack-gerrit
Merge "[OVN] Initialize OVN agent in start method" into stable/20…
5c6576b 
…25.1
@skraynev
Replace response body in after hook for 404 error
72165d0 
Closes-Bug: 2130972

Change-Id: I662b3eb7fb8c17d0ad30b10e8537d4a142003256
Signed-off-by: Sergey Kraynev <[email protected]>
(cherry picked from commit d95e3e5)
@openstack-gerrit
Merge "Remove false-positive ACLs in OVN DB sync" into stable/2025.1
d8775ea
@ralonsoh
[OVN] Add 'qos-bw-minimum-ingress' ML2 extension
f3a3997 
Closes-Bug: #2132982
Signed-off-by: Rodolfo Alonso Hernandez <[email protected]>
Change-Id: I86ed1aa473a41ece4478e19b1e0f37aadaf93238
(cherry picked from commit 45b8dfe)
@brianphaley @karelyatin
Fix incorrect log message in ovn_client
c121981 
String contained %s but had no argument, added port id.

Closes-bug: #2132088
Change-Id: I36d3c036c9795603d93b01bfd94d2ae80dc2ec7b
Signed-off-by: Brian Haley <[email protected]>
(cherry picked from commit 807e6a5)
@openstack-gerrit
Merge "[SGL] Ignore port groups that don't come from SGs" into stable…
167a5b8 
…/2025.1
@openstack-gerrit
Merge "Fix incorrect log message in ovn_client" into stable/2025.1
92cdf1d
Append content-encoding header
7360e1f 
webob does not automatically detect and add content-encoding
header if body is compressed. Instead, this header
needs to be passed to webob.Response as a headerlist argument.

Only in this case `decode_content()`  performs decompression. However,
Nova does not add 'content-encoding' in response, and even
if it would - only selected headers are currenly consumed by agent.

Thus, we generalize approach for handling headers and ensure that
'content-encoding' is present in case we detect
magic file signature at the beginning of data.

Closes-Bug: #2120723
Change-Id: I45d99e2bae3768f2258f39c9b92e7c2cbd080e7c
Signed-off-by: Dmitriy Rabotyagov <[email protected]>
(cherry picked from commit 67969c1)
@openstack-gerrit
Merge "[OVN] Add 'qos-bw-minimum-ingress' ML2 extension" into stable/…
91857ed 
…2025.1
@slawqo
Don't prevent setting CIDRs as allowed_address_pair for port
abfca72 
Previously with [1] we blocked possiblility to set as allowed address
pair for port any IP or CIDR which contains IP address assigned to the
distributed metadata IP address in same network. It was done that way
because setting distributed metadata IP address as allowed address pair
for any port in the network breaks metadata service for all of the ports
in that network.

But this restriction was too strict as it also prevented to set CIDRs
bigger then /32 or /128 in the allowed_address_pair if CIDR contained
distributed metadata port IP. For example:
- distributed metadata port IP address 10.0.0.2
- allowed address pairs set for port in that network:
  - 10.0.0.3 - allowed
  - 10.0.0.1/26 - not allowed as 10.0.0.2 belongs to that CIDR.

In such case however, when CIDR is set as
allowed_address_pair, it is not set in OVN as Virtual IP so it won't
break connectivity to the metadata service as was reported in [2]
thus we should allow that.
This patch is reducing that restriction. Now CIDRs can be set as
allowed_address_pair for the port even if it includes IP assigned for
the distributed metadata port.
It is only forbidden to set as allowed_address_pair same, single IP
address as set for the distributed metadata port.

Closes-Bug: #2131928

[1] https://review.opendev.org/c/openstack/neutron/+/955757
[2] https://bugs.launchpad.net/neutron/+bug/2116249

Change-Id: Ieb98a126b6d380894456ed892c0a19787e7fbb04
Signed-off-by: Slawek Kaplonski <[email protected]>
(cherry picked from commit 71ae26e)
@ralonsoh
[FT] Wait for the manager to be created (2)
607c3c4 
This patch reuses the `WaitEvent` created in [1], to check that
the expected `Manager` register is created before checking it.

[1]https://review.opendev.org/c/openstack/neutron/+/966673

Related-Bug: #2131024
Signed-off-by: Rodolfo Alonso Hernandez <[email protected]>
Change-Id: I0b6568ca6c3844bd32892a2ebb8c36e1fec144c9
(cherry picked from commit 31b78bf)
@openstack-gerrit
Merge "Append content-encoding header" into stable/2025.1
1fe30fd
@openstack-gerrit
Merge "[FT] Wait for the manager to be created (2)" into stable/2025.1
8116c1f
@github-actions github-actions bot requested a review from a team as a code owner December 8, 2025 06:23
@github-actions github-actions bot added automated Automated action performed by GitHub Actions synchronisation labels Dec 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

automated Automated action performed by GitHub Actions synchronisation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ralonsoh @brianphaley @elvgarrui @skraynev @slawqo