DVR routers attached to shared networks aren't being unscheduled from a compute node after deleting the VMs using the shared net

Fix proposed to branch: master
Review: https://review.openstack.org/159296

Explanation of why this problem is happening.

In this case, the VM created by non-admin tenant. The VM is using a shared network created by the admin tenant. The subnet's interface is tied to an admin-created router. So the qr-port device is also owned by the admin. When a tenant creates a VM using the shared network, the tenant owns the VM's port. So in this case, a VM's port and the qr ports don't have the same tenant ids.

If the VM is created by the admin, the qrouter namespace on the compute node is removed when the VM is removed. However, when the VM is created by a non-admin user, the qrouter namespace stays on the compute node. This show that the neutron api server is running as the owner of the VM, not the admin, during the VM port deletion.
The decision to delete a namespace is made in dvr_deletens_if_no_port. It makes 5 database queries to make the decision. The first query is to get_dvr_routers_by_portid to retrieve the ids of routers affected by the VM port removal. To do this, it has to find the ports on the subnet whose owner is 'network:router_interface_distributed'. In this case, the owner of router-interface port is the admin. Because the context is only the VM owner, no such port is found, so the router list is empty. So no routers needs to be removed from any node. So this is the reason, the admin context is needed to return the true situation.

The admin context is also needed for the other queries made by dvr_deletens_if_no_port. To determine whether a namespace on a compute node needs to be deleted, it needs to find out whether there are other ports using the same network and subnet on the compute node. Because the network is shared, other tenants also may have VMs using the same network on the compute node. Without the admin context, it will only return the ports used by only the tenant. Since the tenant has already deleted the port, the namespace could be removed. For this reason, the following test failed, if the other database queries in the dvr_deletens_if_no_port doesn't have admin context as well:

On a cloud setup with only 1 compute node, given that dvr_deletens_if_no_port calls get_dvr_routers_by_portid using admin context, but the other queries are called without having admin context:

  0. Create the shared network subnet, and router as described in the description.

  1. As tenant 1, create a VM using the shared network. When the VM boots up assign a floating IP to the VM
  2. As tenant 2, repeat (1).
  3. As tenant 2, ping the VM using the floating IP assigned to tenant 2's VM using the FIP. Ping should work. Continue to ping.
  4. As tenant 1, delete the VM.
  5. Now the pings to tenant 2's VM fails.

The reason for the ping failure after step 4 is that the router namespace on the compute node was deleted as a result deleting tenant 1's VM for the reason described above.

Reviewed: https://review.openstack.org/159296
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=edbade486102a219810137d1c6b916e87475d477
Submitter: Jenkins
Branch: master

commit edbade486102a219810137d1c6b916e87475d477
Author: Stephen Ma <email address hidden>
Date: Tue Feb 24 23:31:33 2015 +0000

    Router is not unscheduled when the last port is deleted

    When checking for ports that are still in use on a DVR router,
    the L3 agent scheduler makes the assumption that a port's
    network must be owned by the same tenant. This isn't always
    true as the admin could have created a shared network that
    other tenants may use. The result of this assumption is that
    the router associated with the shared network may not be
    unscheduled from a VM host when the last VM (created by a
    non-admin tenant) using the shared network is deleted from
    the compute node.

    The owner of a VM may not own all the ports of a shared
    network. Other tenants may have VMs using the same shared
    network running on the same compute node. Also the VM owner
    may not own the router ports. In order to check whether a
    router can be unscheduled from a node has to be run with
    admin context so all the ports associated with router are
    returned from database queries.

    This patch fixes this problem by using the admin context to
    make the queries needed for the DVR scheduler to make the
    correct unschedule decision.

    Change-Id: I45477713d7ce16f2451fa6fbe04c610388b06867
    Closes-bug: #1424096

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/176612

Fix proposed to branch: stable/kilo
Review: https://review.openstack.org/177825

Reviewed: https://review.openstack.org/176612
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=036133f932dd86f8d34d1e99c8ad2d25db44bd07
Submitter: Jenkins
Branch: stable/juno

commit 036133f932dd86f8d34d1e99c8ad2d25db44bd07
Author: Stephen Ma <email address hidden>
Date: Tue Feb 24 23:31:33 2015 +0000

    Router is not unscheduled when the last port is deleted

    When checking for ports that are still in use on a DVR router,
    the L3 agent scheduler makes the assumption that a port's
    network must be owned by the same tenant. This isn't always
    true as the admin could have created a shared network that
    other tenants may use. The result of this assumption is that
    the router associated with the shared network may not be
    unscheduled from a VM host when the last VM (created by a
    non-admin tenant) using the shared network is deleted from
    the compute node.

    The owner of a VM may not own all the ports of a shared
    network. Other tenants may have VMs using the same shared
    network running on the same compute node. Also the VM owner
    may not own the router ports. In order to check whether a
    router can be unscheduled from a node has to be run with
    admin context so all the ports associated with router are
    returned from database queries.

    This patch fixes this problem by using the admin context to
    make the queries needed for the DVR scheduler to make the
    correct unschedule decision.

    (cherry picked from commit edbade486102a219810137d1c6b916e87475d477)

    Conflicts:
        neutron/db/l3_dvrscheduler_db.py

    Closes-bug: #1424096
    Change-Id: I45477713d7ce16f2451fa6fbe04c610388b06867

Fix proposed to branch: neutron-pecan
Review: https://review.openstack.org/185072

Reviewed: https://review.openstack.org/177825
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1813da49aded224e273e0a33a90dca902fa05b75
Submitter: Jenkins
Branch: stable/kilo

commit 1813da49aded224e273e0a33a90dca902fa05b75
Author: Stephen Ma <email address hidden>
Date: Tue Feb 24 23:31:33 2015 +0000

    Router is not unscheduled when the last port is deleted

    When checking for ports that are still in use on a DVR router,
    the L3 agent scheduler makes the assumption that a port's
    network must be owned by the same tenant. This isn't always
    true as the admin could have created a shared network that
    other tenants may use. The result of this assumption is that
    the router associated with the shared network may not be
    unscheduled from a VM host when the last VM (created by a
    non-admin tenant) using the shared network is deleted from
    the compute node.

    The owner of a VM may not own all the ports of a shared
    network. Other tenants may have VMs using the same shared
    network running on the same compute node. Also the VM owner
    may not own the router ports. In order to check whether a
    router can be unscheduled from a node has to be run with
    admin context so all the ports associated with router are
    returned from database queries.

    This patch fixes this problem by using the admin context to
    make the queries needed for the DVR scheduler to make the
    correct unschedule decision.

    Change-Id: I45477713d7ce16f2451fa6fbe04c610388b06867
    Closes-bug: #1424096
    (cherry picked from commit edbade486102a219810137d1c6b916e87475d477)

I faced the bug while reworking unit tests into functional tests: when performing steps described in the description I get:
 2015-12-15 17:41:23,484 ERROR [neutron.callbacks.manager] Error during notification for neutron.db.l3_dvrscheduler_db._notify_port_delete port, after_delete
    Traceback (most recent call last):
      File "neutron/callbacks/manager.py", line 141, in _notify_loop
        callback(resource, event, trigger, **kwargs)
      File "neutron/db/l3_dvrscheduler_db.py", line 485, in _notify_port_delete
        context, router['agent_id'], router['router_id'])
      File "neutron/db/l3_dvrscheduler_db.py", line 439, in remove_router_from_l3_agent
        router = self.get_router(context, router_id)
      File "neutron/db/l3_db.py", line 451, in get_router
        router = self._get_router(context, id)
      File "neutron/db/l3_db.py", line 137, in _get_router
        raise l3.RouterNotFound(router_id=router_id)
    RouterNotFound: Router 7d52836b-8fe5-4417-842f-3cbe0920c89c could not be found

and router is not removed from host which has no more dvr serviceable ports.

Looks like we also need admin context in order to remove admin router from a host when non-admin tenant removes last dvr serviceable port on a shared network.

Fix proposed to branch: master
Review: https://review.openstack.org/257938

Reviewed: https://review.openstack.org/257938
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=96ba199d733944e5b8aa3664a04d9204fd66c878
Submitter: Jenkins
Branch: master

commit 96ba199d733944e5b8aa3664a04d9204fd66c878
Author: Oleg Bondarev <email address hidden>
Date: Tue Dec 15 17:58:51 2015 +0300

    Use admin context when removing DVR router on vm port deletion

    In case non-admin tenant removes last VM on a shared network (owned
    by admin) connected to a DVR router (also owned by admin) we need
    to remove the router from the host where there are no more dvr
    serviceable ports. Commit edbade486102a219810137d1c6b916e87475d477
    fixed logic that determines routers that should be removed from host.
    However in order to actually remove the router we also need admin
    context.

    This was not caught by unit tests and one reason for that is so called
    'mock everything' approach which is evil and generally useless.
    This patch replaces unit tests with functional tests that we able
    to catch the bug.

    Closes-Bug: #1424096
    Change-Id: Ia6cdf2294562c2a2727350c78eeab155097e0c33

This issue was fixed in the openstack/neutron 8.0.0.0b2 development milestone.

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/296851

Reviewed: https://review.openstack.org/296851
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=69a384a9af4f0fe3112d98b2eb766a8417359e1c
Submitter: Jenkins
Branch: stable/liberty

commit 69a384a9af4f0fe3112d98b2eb766a8417359e1c
Author: Oleg Bondarev <email address hidden>
Date: Tue Dec 15 17:58:51 2015 +0300

    Use admin context when removing DVR router on vm port deletion

    In case non-admin tenant removes last VM on a shared network (owned
    by admin) connected to a DVR router (also owned by admin) we need
    to remove the router from the host where there are no more dvr
    serviceable ports. Commit edbade486102a219810137d1c6b916e87475d477
    fixed logic that determines routers that should be removed from host.
    However in order to actually remove the router we also need admin
    context.

    This was not caught by unit tests and one reason for that is so called
    'mock everything' approach which is evil and generally useless.
    This patch replaces unit tests with functional tests that we able
    to catch the bug.

    Closes-Bug: #1424096
    Change-Id: Ia6cdf2294562c2a2727350c78eeab155097e0c33
    (cherry picked from commit 96ba199d733944e5b8aa3664a04d9204fd66c878)

This issue was fixed in the openstack/neutron 7.1.0 release.