neutron

Neutron connects to the OVN db in the prefork

Bug #1991579 reported by Jakub Libosvar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Jakub Libosvar

Bug Description

Connecting to the OVN database may be an expensive operation at scale. Doing this in pre-fork of OVN mechanism driver may slow up spawning of periodic and maintenance workers, that are essential for hash ring functionality. We shouldn't be using the short living connection for the DBs, that was a bad idea of mine.

Jakub Libosvar (libosvar)
Changed in neutron:
assignee: nobody → Jakub Libosvar (libosvar)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/860275

Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/860275
Committed: https://opendev.org/openstack/neutron/commit/50eee19723b2d762c2b5653e7a2c75e470f44cdf
Submitter: "Zuul (22348)"
Branch: master

commit 50eee19723b2d762c2b5653e7a2c75e470f44cdf
Author: Jakub Libosvar <email address hidden>
Date: Mon Oct 3 19:32:02 2022 +0000

    ovn: Use ovsdb-client to create neutron_pg_drop

    Previously we used short living OVN database connection to create
    neutron_pg_drop Port Group before workers were spawned. The
    pre_fork_initialize actually happens after the api workers are spawned
    anyways and it blocks spawning of other workers, such as maintenance,
    rpc or periodic. If the OVN database was large it may take several
    minutes to connect to the database at scale and this blocks spawning of
    other workers. That means connecting to OVN in pre_fork is not a good
    idea.

    This patch replaces the mechanism by using ovsdb-client to send a
    transaction without connecting to the database and downloading the whole
    content. The command does following, everything is on the server side:

     1) With timeout 0 it waits for neutron_pg_drop Port Group. If the PG is
        present, the transaction finishes and nothing happens.

     2) If the PG is not present, it times out immediately and commits new
        entries that effectivelly creates neutron_pg_drop Port Group with
        implicit ACLs to block ingress and egress traffic.

    Closes-Bug: #1991579
    Co-Authored-By: Terry Wilson <email address hidden>

    Change-Id: I27af495f96a3ea88dd31345dbfb55f1be8faabd6

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/860968

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/860968
Committed: https://opendev.org/openstack/neutron/commit/5deea002aa4da506dc7c931c97cfc2414e66868b
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 5deea002aa4da506dc7c931c97cfc2414e66868b
Author: Jakub Libosvar <email address hidden>
Date: Tue Oct 11 13:38:27 2022 -0400

    ovn: Use ovsdb-client to create neutron_pg_drop

    Previously we used short living OVN database connection to create
    neutron_pg_drop Port Group before workers were spawned. The
    pre_fork_initialize actually happens after the api workers are spawned
    anyways and it blocks spawning of other workers, such as maintenance,
    rpc or periodic. If the OVN database was large it may take several
    minutes to connect to the database at scale and this blocks spawning of
    other workers. That means connecting to OVN in pre_fork is not a good
    idea.

    This patch replaces the mechanism by using ovsdb-client to send a
    transaction without connecting to the database and downloading the whole
    content. The command does following, everything is on the server side:

     1) With timeout 0 it waits for neutron_pg_drop Port Group. If the PG is
        present, the transaction finishes and nothing happens.

     2) If the PG is not present, it times out immediately and commits new
        entries that effectivelly creates neutron_pg_drop Port Group with
        implicit ACLs to block ingress and egress traffic.

    Conflicts:
            neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py

    Closes-Bug: #1991579
    Co-Authored-By: Terry Wilson <email address hidden>

    Change-Id: I27af495f96a3ea88dd31345dbfb55f1be8faabd6
    (cherry picked from commit 50eee19723b2d762c2b5653e7a2c75e470f44cdf)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/865159

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/neutron/+/865161

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/865303

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/865159
Committed: https://opendev.org/openstack/neutron/commit/0d0e6cd47b7a0f53d9eb1549eed4e540f76508c9
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit 0d0e6cd47b7a0f53d9eb1549eed4e540f76508c9
Author: Jakub Libosvar <email address hidden>
Date: Tue Oct 11 13:38:27 2022 -0400

    ovn: Use ovsdb-client to create neutron_pg_drop

    Previously we used short living OVN database connection to create
    neutron_pg_drop Port Group before workers were spawned. The
    pre_fork_initialize actually happens after the api workers are spawned
    anyways and it blocks spawning of other workers, such as maintenance,
    rpc or periodic. If the OVN database was large it may take several
    minutes to connect to the database at scale and this blocks spawning of
    other workers. That means connecting to OVN in pre_fork is not a good
    idea.

    This patch replaces the mechanism by using ovsdb-client to send a
    transaction without connecting to the database and downloading the whole
    content. The command does following, everything is on the server side:

     1) With timeout 0 it waits for neutron_pg_drop Port Group. If the PG is
        present, the transaction finishes and nothing happens.

     2) If the PG is not present, it times out immediately and commits new
        entries that effectivelly creates neutron_pg_drop Port Group with
        implicit ACLs to block ingress and egress traffic.

    Conflicts:
            neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py
            neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py

    Closes-Bug: #1991579
    Co-Authored-By: Terry Wilson <email address hidden>

    Change-Id: I27af495f96a3ea88dd31345dbfb55f1be8faabd6
    (cherry picked from commit 50eee19723b2d762c2b5653e7a2c75e470f44cdf)
    (cherry picked from commit 5deea002aa4da506dc7c931c97cfc2414e66868b)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/865161
Committed: https://opendev.org/openstack/neutron/commit/798f05af4ef83ce496f0bcca848c61967e548b21
Submitter: "Zuul (22348)"
Branch: stable/xena

commit 798f05af4ef83ce496f0bcca848c61967e548b21
Author: Jakub Libosvar <email address hidden>
Date: Tue Oct 11 13:38:27 2022 -0400

    ovn: Use ovsdb-client to create neutron_pg_drop

    Previously we used short living OVN database connection to create
    neutron_pg_drop Port Group before workers were spawned. The
    pre_fork_initialize actually happens after the api workers are spawned
    anyways and it blocks spawning of other workers, such as maintenance,
    rpc or periodic. If the OVN database was large it may take several
    minutes to connect to the database at scale and this blocks spawning of
    other workers. That means connecting to OVN in pre_fork is not a good
    idea.

    This patch replaces the mechanism by using ovsdb-client to send a
    transaction without connecting to the database and downloading the whole
    content. The command does following, everything is on the server side:

     1) With timeout 0 it waits for neutron_pg_drop Port Group. If the PG is
        present, the transaction finishes and nothing happens.

     2) If the PG is not present, it times out immediately and commits new
        entries that effectivelly creates neutron_pg_drop Port Group with
        implicit ACLs to block ingress and egress traffic.

    Conflicts:
            neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py
            neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py

    Closes-Bug: #1991579
    Co-Authored-By: Terry Wilson <email address hidden>

    Change-Id: I27af495f96a3ea88dd31345dbfb55f1be8faabd6
    (cherry picked from commit 50eee19723b2d762c2b5653e7a2c75e470f44cdf)
    (cherry picked from commit 5deea002aa4da506dc7c931c97cfc2414e66868b)
    (cherry picked from commit 0d0e6cd47b7a0f53d9eb1549eed4e540f76508c9)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/865303
Committed: https://opendev.org/openstack/neutron/commit/55204f114cdb796a14ffab72016dc88503dd9b8b
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 55204f114cdb796a14ffab72016dc88503dd9b8b
Author: Jakub Libosvar <email address hidden>
Date: Tue Oct 11 13:38:27 2022 -0400

    ovn: Use ovsdb-client to create neutron_pg_drop

    Previously we used short living OVN database connection to create
    neutron_pg_drop Port Group before workers were spawned. The
    pre_fork_initialize actually happens after the api workers are spawned
    anyways and it blocks spawning of other workers, such as maintenance,
    rpc or periodic. If the OVN database was large it may take several
    minutes to connect to the database at scale and this blocks spawning of
    other workers. That means connecting to OVN in pre_fork is not a good
    idea.

    This patch replaces the mechanism by using ovsdb-client to send a
    transaction without connecting to the database and downloading the whole
    content. The command does following, everything is on the server side:

     1) With timeout 0 it waits for neutron_pg_drop Port Group. If the PG is
        present, the transaction finishes and nothing happens.

     2) If the PG is not present, it times out immediately and commits new
        entries that effectivelly creates neutron_pg_drop Port Group with
        implicit ACLs to block ingress and egress traffic.

    Conflicts:
            neutron/plugins/ml2/drivers/ovn/mech_driver/mech_driver.py
            neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/test_mech_driver.py

    Closes-Bug: #1991579
    Co-Authored-By: Terry Wilson <email address hidden>

    Change-Id: I27af495f96a3ea88dd31345dbfb55f1be8faabd6
    (cherry picked from commit 50eee19723b2d762c2b5653e7a2c75e470f44cdf)
    (cherry picked from commit 5deea002aa4da506dc7c931c97cfc2414e66868b)
    (cherry picked from commit 0d0e6cd47b7a0f53d9eb1549eed4e540f76508c9)
    (cherry picked from commit 798f05af4ef83ce496f0bcca848c61967e548b21)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 19.5.0

This issue was fixed in the openstack/neutron 19.5.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 22.0.0.0rc1

This issue was fixed in the openstack/neutron 22.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 20.3.0

This issue was fixed in the openstack/neutron 20.3.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 21.1.0

This issue was fixed in the openstack/neutron 21.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron wallaby-eom

This issue was fixed in the openstack/neutron wallaby-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.