[release-announce] neutron 13.0.3 (rocky)
no-reply at openstack.org
no-reply at openstack.org
Fri Apr 12 23:42:16 UTC 2019
We are delighted to announce the release of:
neutron 13.0.3: OpenStack Networking
This release is part of the rocky stable release series.
The source is available from:
https://git.openstack.org/cgit/openstack/neutron
Download the package from:
https://tarballs.openstack.org/neutron/
Please report issues through:
https://bugs.launchpad.net/neutron/+bugs
For more details, please see below.
13.0.3
^^^^^^
Critical Issues
***************
* The neutron-openvswitch-agent can sometimes spend too much time
handling a large number of ports, exceeding its timeout value,
"agent_boot_time", for L2 population. Because of this, some flow
update operations will not be triggerred, resulting in lost flows
during agent restart, especially for host-to-host vxlan tunnel
flows, causing the original tunnel flows to be treated as stale due
to the different cookie IDs. The agent's first RPC loop will also do
a stale flow clean-up procedure and delete them, leading to a loss
of connectivity. Please ensure that all neutron-server and neutron-
openvswitch-agent binaries are upgraded for the changes to take
effect, after which the L2 population "agent_boot_time" config
option will no longer be used.
Bug Fixes
*********
* Fixes bug 1501206
(https://bugs.launchpad.net/neutron/+bug/1501206). This ensures that
DHCP agent instances running dnsmasq as a DNS server can no longer
be exploited as DNS amplifiers when the tenant network is using
publicly routed IP addresses by adding an option that will allow
them to only serve DNS requests from local networks.
* Fixes an issue causing IP allocation on port update to fail when
the initial IP allocation was deferred due to lack of binding info.
If both the port mac_address and binding info (binding_host_id) were
updated in the same request, the fixed_ips field was added to the
request internally. The code to complete the deferred allocation
failed to execute in that case. (For more information see bug
1811905 (https://bugs.launchpad.net/neutron/+bug/1811905).)
* The neutron-openvswitch-agent was changed to notify the neutron-
server in its first RPC loop that it has restarted. This signals
neutron-server to provide updated L2 population information to
correctly program FDB entries, ensuring connectivity to instances is
not interrupted. This fixes the following bugs: 1794991
(https://bugs.launchpad.net/neutron/+bug/1794991), 1799178
(https://bugs.launchpad.net/neutron/+bug/1799178), 1813703
(https://bugs.launchpad.net/neutron/+bug/1813703), 1813714
(https://bugs.launchpad.net/neutron/+bug/1813714), 1813715
(https://bugs.launchpad.net/neutron/+bug/1813715).
Changes in neutron 13.0.2..13.0.3
---------------------------------
279c99ab7d Don't pass None arg to neutron-keepalived-state-change
056e049e2b Improve port dhcp Provisioning
1d81086f55 Try to enable dnsmasq process several times
289f66bd74 [Functional tests] Change way how conntrack entries are checked
7590f3f591 Specify tenant_id in TestRevisionPlugin objects
f7262f5280 [OVS] Exception message when retrieving bridge-id and is not present
97bf23244d Fix slow SG api calls when limiting fields
6b9d8bf308 OVS agent: always send start flag during initial sync
004caf773a Change ovs version we use in fullstack tests
6494fcc2e4 Divide-and-conquer security group beasts
8f8c899c69 Rename router processing queue code to be more generic
eb6cacb16c Set lower addr to avoid IP out of range
e096e2427c Remove conntrack rule when FIP is deleted
cc49ab5501 More accurate agent restart state transfer
e7788ed0c8 Fix QoS rule update
af67d516a5 Divide-and-conquer local bridge flows beasts
569b3fddab Fix KeyError in OVS firewall
836d5eca4f Check if process' cmdline is "space separarated"
96b0b90b89 Add enforcer logic for neutron policy
344495f1a8 Replace openstack.org git:// URLs with https://
8b7955dade Add rootwrap filters to kill state change monitor
e5202b9fb1 [Functional] Don't assert that HA router don't have IPs configured
e813fc8d05 Improve invalid port ranges error message
570f6086c0 Fix fullstack test_dscp_marking_packets test
c07e6a5ea8 Enable ipv6_forwarding in HA router's namespace
56c591996b Set initial ha router state in neutron-keepalived-state-change
ce037876a7 Do not release DHCP lease when no client ID is set on port
558a977902 When converting sg rules to iptables, do not emit dport if not supported
bc828851ab Spawn metadata proxy on dvr ha standby routers
3c66b1c453 DVR-HA: Unbinding a HA router from agent does not clear HA interface
28a7dd12fe Delete port binding level for deleted bindings
c620b3c91e DVR edge router: avoid accidental centralized floating IP remove
e6f22ce81c Add new test decorator skip_if_timeout
5bf56bde87 Fix notification about arp entries for dvr routers
964dd28a95 Switch isolated metadata proxy to bind to 169.254.169.254
679e8ee6cc Fix update of ports cache in router_info class
b7796f6c91 DHCP: fix default dns search name
0465269554 Ensure dnsmasq is down before enabling it in restart method
f8a192e22e Fix performance regression adding rules to security groups
50a7a74e97 Always fill UDP checksums in DHCPv6 replies
b3f32e1900 Fix port update deferred IP allocation with host_id + new MAC
a7afd6e86d Secure dnsmasq process against external abuse
777dc929dd Change duplicate OVS bridge datapath-ids
1e6ce6f963 Remove a bare raise noticed by the linter
b92ecfc615 Update neutron files for new over-indentation hacking rule (E117)
18f2cea730 Remove IPv6 addresses in dnsmasq leases file
573b0be3e8 Add lock_path in installation guide
e04ee2c5b6 Clear residual qos rules after l2-agent restarts.
9f003cf497 Use status_code instead of status in requests
8294bcf92e protect DHCP agent cache out of sync
0f14e30fa4 Check port VNIC type when associating a floating IP
886782c177 [DVR] Allow multiple subnets per external network
025e767b94 Add kill_timeout to AsyncProcess
684b10234e Don't modify global variables in unit tests
dfedafe5f6 Enable 'all' IPv6 forwarding knob correctly
6a56d38798 Do state report after setting start_flag on OVS restart
eb8d4e3383 Block port update from unbound DHCP agent
25ab89f7d3 Do not delete trunk bridges if service port attached
fea4365500 Fix the bug about DHCP port whose network has multiple subnets.
ae2ef68140 Force all fdb entries update after ovs-vswitchd restart
2c11424178 Reinitialize ovs firewall after ovs-vswitchd restart
8f3fd6815c Imported Translations from Zanata
115a9f5558 Get centralized FIP only on router's snat host
3206492a3b Update docs for disabling DNS server announcement
7ce626b407 DVR: Centralized FloatingIPs are not cleared after migration.
35033083b9 Fix connection between 2 dvr routers
bbb60c0d69 DevStack: OVS: Only install kernel-* packages when needed
6dd6980eb2 Wait to ipv6 forwarding be really changed by L3 agent
9882c79398 Add missing step for ovs deploy guides
0fa1d46979 Verify port_forwarding subnet and IP address both
c039f0f1c4 iptables-restore wait period cannot be zero
Diffstat (except docs and test files)
-------------------------------------
devstack/lib/ovs | 12 +-
.../install/controller-install-option1-obs.rst | 12 +
.../install/controller-install-option1-ubuntu.rst | 12 +
.../install/controller-install-option2-obs.rst | 12 +
.../install/controller-install-option2-ubuntu.rst | 12 +
etc/neutron/rootwrap.d/l3.filters | 13 +-
neutron/agent/common/ovs_lib.py | 19 +-
.../resource_processing_queue.py} | 127 ++++----
neutron/agent/dhcp/agent.py | 267 +++++++++++------
neutron/agent/l2/extensions/qos.py | 6 +
neutron/agent/l3/agent.py | 188 ++++++++----
neutron/agent/l3/dvr_edge_ha_router.py | 7 +-
neutron/agent/l3/dvr_edge_router.py | 31 +-
neutron/agent/l3/dvr_fip_ns.py | 46 +--
neutron/agent/l3/dvr_local_router.py | 15 +-
neutron/agent/l3/dvr_snat_ns.py | 2 +-
neutron/agent/l3/ha.py | 37 ++-
neutron/agent/l3/ha_router.py | 13 +-
neutron/agent/l3/keepalived_state_change.py | 22 ++
neutron/agent/l3/router_info.py | 59 ++--
neutron/agent/linux/async_process.py | 34 ++-
neutron/agent/linux/dhcp.py | 77 +++--
neutron/agent/linux/interface.py | 32 +-
neutron/agent/linux/ip_lib.py | 21 +-
neutron/agent/linux/iptables_firewall.py | 20 +-
neutron/agent/linux/iptables_manager.py | 2 +-
.../agent/linux/openvswitch_firewall/firewall.py | 24 +-
neutron/agent/linux/openvswitch_firewall/rules.py | 16 +-
neutron/agent/linux/utils.py | 15 +-
neutron/agent/metadata/agent.py | 3 +-
neutron/agent/metadata/driver.py | 21 +-
neutron/agent/rpc.py | 5 +-
neutron/agent/securitygroups_rpc.py | 16 +-
.../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 54 +++-
neutron/api/rpc/handlers/dhcp_rpc.py | 15 +-
neutron/cmd/sanity/checks.py | 15 +
neutron/cmd/sanity_check.py | 15 +
neutron/common/constants.py | 15 +
neutron/db/ipam_pluggable_backend.py | 10 +-
neutron/db/l3_db.py | 58 +++-
neutron/db/l3_dvr_db.py | 127 +++++++-
neutron/db/l3_dvr_ha_scheduler_db.py | 9 +-
neutron/db/l3_dvrscheduler_db.py | 170 ++++++++---
.../a8b517cff8ab_add_routerport_bindings_for_ha.py | 7 +-
neutron/db/securitygroups_db.py | 178 ++++++-----
neutron/extensions/securitygroup.py | 5 +-
neutron/locale/de/LC_MESSAGES/neutron.po | 79 +----
neutron/locale/es/LC_MESSAGES/neutron.po | 79 +----
neutron/locale/fr/LC_MESSAGES/neutron.po | 80 +----
neutron/locale/it/LC_MESSAGES/neutron.po | 79 +----
neutron/locale/ja/LC_MESSAGES/neutron.po | 82 +-----
neutron/locale/ko_KR/LC_MESSAGES/neutron.po | 107 ++-----
neutron/locale/pt_BR/LC_MESSAGES/neutron.po | 78 +----
neutron/locale/ru/LC_MESSAGES/neutron.po | 74 +----
neutron/locale/tr_TR/LC_MESSAGES/neutron.po | 63 +---
neutron/locale/zh_CN/LC_MESSAGES/neutron.po | 72 +----
neutron/locale/zh_TW/LC_MESSAGES/neutron.po | 72 +----
neutron/objects/base.py | 43 ++-
neutron/objects/qos/qos_policy_validator.py | 24 +-
neutron/objects/securitygroup.py | 6 +-
neutron/plugins/ml2/drivers/l2pop/mech_driver.py | 7 +-
.../drivers/openvswitch/agent/common/constants.py | 36 +++
.../agent/extension_drivers/qos_driver.py | 23 +-
.../openvswitch/agent/openflow/native/br_int.py | 2 +
.../openvswitch/agent/openflow/native/br_phys.py | 1 +
.../openvswitch/agent/openflow/native/br_tun.py | 1 +
.../openvswitch/agent/openflow/native/ofswitch.py | 15 +-
.../drivers/openvswitch/agent/ovs_neutron_agent.py | 66 ++++-
neutron/plugins/ml2/plugin.py | 6 +-
neutron/plugins/ml2/rpc.py | 30 +-
neutron/policy.py | 22 ++
neutron/privileged/agent/linux/ip_lib.py | 14 +-
neutron/services/qos/qos_plugin.py | 3 +-
.../drivers/openvswitch/agent/ovsdb_handler.py | 14 +
.../agent/l3/test_keepalived_state_change.py | 30 +-
.../functional/agent/linux/test_netlink_lib.py | 8 +-
.../l3_router/test_l3_dvr_router_plugin.py | 14 +-
.../portforwarding/test_port_forwarding.py | 37 ++-
.../openvswitch/agent/test_ovsdb_handler.py | 8 +
.../test_resource_processing_queue.py} | 65 +++--
.../linux/openvswitch_firewall/test_firewall.py | 11 +
.../agent/linux/openvswitch_firewall/test_rules.py | 13 +-
.../unit/agent/linux/test_iptables_firewall.py | 14 +
.../rpc/agentnotifiers/test_dhcp_rpc_agent_api.py | 37 ++-
.../test_expose_port_forwarding_in_fip.py | 89 +++++-
.../plugins/ml2/drivers/l2pop/test_mech_driver.py | 23 +-
.../agent/test_linuxbridge_neutron_agent.py | 18 +-
.../macvtap/agent/test_macvtap_neutron_agent.py | 11 +-
.../mech_driver/test_mech_sriov_nic_switch.py | 28 +-
.../agent/extension_drivers/test_qos_driver.py | 4 +-
.../openvswitch/agent/test_ovs_neutron_agent.py | 52 +++-
.../drivers/openvswitch/agent/test_ovs_tunnel.py | 13 +-
.../unit/scheduler/test_l3_agent_scheduler.py | 46 ++-
.../service_providers/test_driver_controller.py | 4 +-
.../services/revisions/test_revision_plugin.py | 1 +
.../openvswitch/agent/test_ovsdb_handler.py | 4 +-
.../legacy/neutron-fullstack-python35/run.yaml | 2 +-
.../legacy/neutron-fullstack-with-uwsgi/run.yaml | 2 +-
playbooks/legacy/neutron-fullstack/run.yaml | 2 +-
.../legacy/neutron-functional-python35/run.yaml | 2 +-
.../legacy/neutron-functional-with-uwsgi/run.yaml | 2 +-
playbooks/legacy/neutron-functional/run.yaml | 2 +-
.../legacy/neutron-grenade-dvr-multinode/run.yaml | 2 +-
.../legacy/neutron-grenade-multinode/run.yaml | 2 +-
playbooks/legacy/neutron-grenade/run.yaml | 2 +-
.../neutron-tempest-dvr-ha-multinode-full/run.yaml | 2 +-
playbooks/legacy/neutron-tempest-dvr/run.yaml | 2 +-
.../neutron-tempest-iptables_hybrid/run.yaml | 2 +-
.../legacy/neutron-tempest-linuxbridge/run.yaml | 2 +-
.../legacy/neutron-tempest-multinode-full/run.yaml | 2 +-
.../legacy/neutron-tempest-postgres-full/run.yaml | 2 +-
.../neutron-tempest-with-ryu-master/run.yaml | 2 +-
.../dnsmasq-local-service-c8eaa91894a7d6d4.yaml | 8 +
...e-request-as-binding-data-2a01c1ed1a8eff66.yaml | 10 +
...cise-agent-state-transfer-67c771cb1ee04dd0.yaml | 27 ++
.../source/locale/fr/LC_MESSAGES/releasenotes.po | 90 ------
.../source/locale/ja/LC_MESSAGES/releasenotes.po | 301 -------------------
.../locale/ko_KR/LC_MESSAGES/releasenotes.po | 103 -------
setup.cfg | 2 +
168 files changed, 3640 insertions(+), 2485 deletions(-)
More information about the Release-announce
mailing list