Synchronise yoga with upstream #49
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
This patch changes all RBAC relationship method to "joined". This change
enforces that the RBAC associated registers are loaded along with the
parent resource. The rationale of this change is to be able to control
the SQL query executed; the subquery cannot be directly managed by
Neutron.
It is very usual to create the RBAC rules from one single project that
is usually the adminitrator project. That means all RBAC rules will
belong to it. Before this change, the SQL subquery performed to
retrieve the RBAC entries was this (from a network query):
SELECT networks.id AS networks_id
FROM networks LEFT OUTER JOIN networkrbacs ON networks.id =
networkrbacs.object_id
WHERE networks.project_id = 'bd133e2c499c4bf8aeb16206e31c3c20'
OR networkrbacs.action = 'access_as_external'
AND networkrbacs.target_project = 'bd133e2c499c4bf8aeb16206e31c3c20'
OR networkrbacs.target_project = '*'
OR networks.project_id = 'bd133e2c499c4bf8aeb16206e31c3c20'
OR networkrbacs.action IN ('access_as_shared', 'access_as_readonly')
AND (networkrbacs.target_project = 'bd133e2c499c4bf8aeb16206e31c3c20'
OR networkrbacs.target_project = '*');
This SQL result has a very low cardinality; that means there are many
duplicated registers. For example, with 10 external network, 1000
projects and 2500 RBAC rules, this query returns 1.4 million rows.
Instead if a "GROUP BY resource_id" (in this case network_id) clause is
added, the number of rows is reduced to 10 (considering this project
has a RBAC per network).
In order to introduce this "GROUP BY" clause, this patch is changing
the loading method. The clause is added in a neutron-lib patch [1].
This change by itself does not improve the query performance. The
neutron-lib patch is needed too. Although this patch does not modify
que SQL query results, the tests added will prove that the neutron-lib
patch does not introduce any regression.
[1]https://review.opendev.org/c/openstack/neutron-lib/+/884878
Closes-Bug: #1918145
Change-Id: Ic6001bd5a57493b8befdf81a41eb0bd1c8022df3
(cherry picked from commit e9da29d)
A recent change suppressed the IPv6 DAD failure and removed the address when multiple DHCP agents were configured on the same network, https://review.opendev.org/c/openstack/neutron/+/880957 But it also changed the behavior to not enable IPv4 metadata in this case. Restore the old behavior by not returning early in the DAD failure case. The callback that builds the config file was moved until after the address was bound to make the two steps more obvious. Conflicts: neutron/tests/unit/agent/metadata/test_driver.py Related-bug: #1953165 Change-Id: I8436c6c9da9a2533ca27ff7312f5b2c7ea41e94f (cherry picked from commit 846003c) (cherry picked from commit e7f85ab) (cherry picked from commit 1a711f3)
In some corner cases, like when db_sync is performed after OVS to OVN migration, an implicit metadata port creation on a network with depleted IP pool can raise IP allocation error. Just catch and log this error such that the db_sync tool can finish syncing. Change-Id: Ibb32ec5492c4fe00b9dac510f7e69160982992dd (cherry picked from commit a86e300)
If the BACKUP_MIGRATION_IP is set to a different IP outside of the default nets[1] set in the “openstack overcloud backup” playbook setup_nfs role[2]. Then the NFS will fail to mount directories during the backup, because they will not be reachable | permitted. This change simply adds a new variable BACKUP_MIGRATION_CTL_PLANE_CIDRS into the ovn_migration script to allow the user to overwrite the extra-var used for Openstack overcloud backup --setup-nfs command. [1] https://opendev.org/openstack/tripleo-ansible/src/commit/e281ae7624774d71f22fbb993af967ed1ec08780/tripleo_ansible/roles/backup_and_restore/defaults/main.yml#L47 [2] https://opendev.org/openstack/tripleo-ansible/src/commit/e281ae7624774d71f22fbb993af967ed1ec08780/tripleo_ansible/roles/backup_and_restore/tasks/setup_nfs.yml#L127 Change-Id: I160dfc4e893b93ac7a40e19b3dd6b89750dac57d (cherry picked from commit b677d65)
…" into stable/yoga
github-actions
bot
added
automated
markgoddard
approved these changes
Jun 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains a snapshot of yoga from upstream.