[release-announce] neutron 12.0.6 (queens)
no-reply at openstack.org
no-reply at openstack.org
Fri Apr 12 23:52:00 UTC 2019
We are tickled pink to announce the release of:
neutron 12.0.6: OpenStack Networking
This release is part of the queens stable release series.
The source is available from:
https://git.openstack.org/cgit/openstack/neutron
Download the package from:
https://tarballs.openstack.org/neutron/
Please report issues through:
https://bugs.launchpad.net/neutron/+bugs
For more details, please see below.
12.0.6
^^^^^^
Critical Issues
***************
* The neutron-openvswitch-agent can sometimes spend too much time
handling a large number of ports, exceeding its timeout value,
"agent_boot_time", for L2 population. Because of this, some flow
update operations will not be triggerred, resulting in lost flows
during agent restart, especially for host-to-host vxlan tunnel
flows, causing the original tunnel flows to be treated as stale due
to the different cookie IDs. The agent's first RPC loop will also do
a stale flow clean-up procedure and delete them, leading to a loss
of connectivity. Please ensure that all neutron-server and neutron-
openvswitch-agent binaries are upgraded for the changes to take
effect, after which the L2 population "agent_boot_time" config
option will no longer be used.
Bug Fixes
*********
* Previously a network's dns_domain attribute was ignored by the
DHCP agent. With this release, OpenStack deployments using Neutron's
DHCP agent will be able to specify a per network dns_domain and have
instances configure that domain in their dns resolver configuration
files (Linux's /etc/resolv.conf) to allow for local partial DNS
lookups. The per-network dns_domain value will override the DHCP
agent's default dns_domain configuration value. Note that it's also
possible to update a network's dns_domain, and that new value will
be propogated to new instances or when instances renew their DHCP
lease. However, existing leases will live on with the old dns_domain
value.
* Fixes bug 1501206
(https://bugs.launchpad.net/neutron/+bug/1501206). This ensures that
DHCP agent instances running dnsmasq as a DNS server can no longer
be exploited as DNS amplifiers when the tenant network is using
publicly routed IP addresses by adding an option that will allow
them to only serve DNS requests from local networks.
* Fixes an issue causing IP allocation on port update to fail when
the initial IP allocation was deferred due to lack of binding info.
If both the port mac_address and binding info (binding_host_id) were
updated in the same request, the fixed_ips field was added to the
request internally. The code to complete the deferred allocation
failed to execute in that case. (For more information see bug
1811905 (https://bugs.launchpad.net/neutron/+bug/1811905).)
* The neutron-openvswitch-agent was changed to notify the neutron-
server in its first RPC loop that it has restarted. This signals
neutron-server to provide updated L2 population information to
correctly program FDB entries, ensuring connectivity to instances is
not interrupted. This fixes the following bugs: 1794991
(https://bugs.launchpad.net/neutron/+bug/1794991), 1799178
(https://bugs.launchpad.net/neutron/+bug/1799178), 1813703
(https://bugs.launchpad.net/neutron/+bug/1813703), 1813714
(https://bugs.launchpad.net/neutron/+bug/1813714), 1813715
(https://bugs.launchpad.net/neutron/+bug/1813715).
Changes in neutron 12.0.5..12.0.6
---------------------------------
44d34170cc Add enforcer logic for neutron policy
21387750a9 Don't pass None arg to neutron-keepalived-state-change
9aafd5f131 Fix slow SG api calls when limiting fields
55fa2d7ed4 OVS agent: always send start flag during initial sync
cc1412f76a Specify tenant_id in TestRevisionPlugin objects
195c137831 Divide-and-conquer security group beasts
810774b352 Try to enable dnsmasq process several times
dfd1af8e68 [OVS] Exception message when retrieving bridge-id and is not present
19912a30bd [Functional tests] Change way how conntrack entries are checked
2eda4ef62e Remove conntrack rule when FIP is deleted
5ffca49668 More accurate agent restart state transfer
5a11b24f37 Fix QoS rule update
e4bfc7d50e Divide-and-conquer local bridge flows beasts
9751ebd36d Fix KeyError in OVS firewall
93197576fa Check if process' cmdline is "space separarated"
93589f81f4 Replace openstack.org git:// URLs with https://
12c928b77c ovs: survive errors from check_ovs_status
cff6a2db88 ovs: raise RuntimeError in _get_dp if id is None
6f3620aa88 Add rootwrap filters to kill state change monitor
b0c8dde359 [Functional] Don't assert that HA router don't have IPs configured
eb857c8e9d Improve invalid port ranges error message
270912a8c7 Enable ipv6_forwarding in HA router's namespace
5bcca13f4a Set initial ha router state in neutron-keepalived-state-change
54dfbd94a6 Do not release DHCP lease when no client ID is set on port
b88ab58daf When converting sg rules to iptables, do not emit dport if not supported
3658c71556 Spawn metadata proxy on dvr ha standby routers
2e033b3b0d DVR-HA: Unbinding a HA router from agent does not clear HA interface
bf8a2c879e DVR edge router: avoid accidental centralized floating IP remove
8bf3a905e7 Add new test decorator skip_if_timeout
8554a72b6f Fix notification about arp entries for dvr routers
1e76ddf711 Fix port update deferred IP allocation with host_id + new MAC
13d23ba363 Switch isolated metadata proxy to bind to 169.254.169.254
48749c2788 Fix update of ports cache in router_info class
757129b49c Ensure dnsmasq is down before enabling it in restart method
de9f813928 Add lock_path in installation guide
c7031e2cd3 Change duplicate OVS bridge datapath-ids
3e0f090b5b Update neutron files for new over-indentation hacking rule (E117)
026f24a94d Fix performance regression adding rules to security groups
f920dfea8c Always fill UDP checksums in DHCPv6 replies
f599c15e33 Secure dnsmasq process against external abuse
828daf9f13 Remove IPv6 addresses in dnsmasq leases file
81d51ae876 Clear residual qos rules after l2-agent restarts.
88528d191f protect DHCP agent cache out of sync
1c573bb8b9 Check port VNIC type when associating a floating IP
8d99593adb [DVR] Allow multiple subnets per external network
a5fe490e49 Enable 'all' IPv6 forwarding knob correctly
44441bee0b Don't modify global variables in unit tests
b5a0401472 Add kill_timeout to AsyncProcess
282eadc68f Do state report after setting start_flag on OVS restart
b9f9c021c9 Block port update from unbound DHCP agent
e459b20fb5 Do not delete trunk bridges if service port attached
ce2ddcbf3f Fix the bug about DHCP port whose network has multiple subnets.
dd6a52529e Force all fdb entries update after ovs-vswitchd restart
02bcbf6fce Reinitialize ovs firewall after ovs-vswitchd restart
968dba2aaa Get centralized FIP only on router's snat host
d28237afa1 Fix neutron-openvswitch-agent Windows support
ac490d7d99 Update docs for disabling DNS server announcement
fb9d25eb53 DevStack: OVS: Only install kernel-* packages when needed
3466832b99 Include all rootwrap filters when building wheels
184dcfa89b DVR: Centralized FloatingIPs are not cleared after migration.
c801dd8ea1 Fix connection between 2 dvr routers
94f5e7d408 Wait to ipv6 forwarding be really changed by L3 agent
d50654234e Add missing step for ovs deploy guides
28b90f6c14 Pass network's dns_domain to dnsmasq conf
4bfed2b169 iptables-restore wait period cannot be zero
Diffstat (except docs and test files)
-------------------------------------
devstack/lib/ovs | 12 +-
.../install/controller-install-option1-obs.rst | 12 +
.../install/controller-install-option1-ubuntu.rst | 12 +
.../install/controller-install-option2-obs.rst | 12 +
.../install/controller-install-option2-ubuntu.rst | 12 +
etc/neutron/rootwrap.d/l3.filters | 13 +-
neutron/agent/common/ip_lib.py | 2 +
neutron/agent/common/ovs_lib.py | 19 +-
neutron/agent/common/utils.py | 4 +
neutron/agent/dhcp/agent.py | 88 +++---
neutron/agent/l2/extensions/qos.py | 6 +
neutron/agent/l3/agent.py | 126 +++++++--
neutron/agent/l3/dvr_edge_ha_router.py | 7 +-
neutron/agent/l3/dvr_edge_router.py | 31 ++-
neutron/agent/l3/dvr_fip_ns.py | 46 ++--
neutron/agent/l3/dvr_local_router.py | 15 +-
neutron/agent/l3/dvr_snat_ns.py | 2 +-
neutron/agent/l3/ha.py | 37 ++-
neutron/agent/l3/ha_router.py | 13 +-
neutron/agent/l3/keepalived_state_change.py | 22 ++
neutron/agent/l3/router_info.py | 59 ++--
neutron/agent/l3/router_processing_queue.py | 17 +-
neutron/agent/linux/async_process.py | 41 ++-
neutron/agent/linux/dhcp.py | 87 ++++--
neutron/agent/linux/interface.py | 32 ++-
neutron/agent/linux/ip_lib.py | 21 +-
neutron/agent/linux/iptables_firewall.py | 20 +-
neutron/agent/linux/iptables_manager.py | 6 +-
.../agent/linux/openvswitch_firewall/firewall.py | 24 +-
neutron/agent/linux/openvswitch_firewall/rules.py | 16 +-
neutron/agent/linux/utils.py | 31 ++-
neutron/agent/metadata/driver.py | 21 +-
neutron/agent/rpc.py | 5 +-
neutron/agent/securitygroups_rpc.py | 16 +-
neutron/agent/windows/ip_lib.py | 6 +
neutron/agent/windows/utils.py | 61 ++++-
neutron/api/rpc/handlers/dhcp_rpc.py | 18 +-
neutron/cmd/sanity/checks.py | 15 +
neutron/cmd/sanity_check.py | 15 +
neutron/common/constants.py | 15 +
neutron/common/exceptions.py | 6 +
neutron/db/ipam_pluggable_backend.py | 10 +-
neutron/db/l3_db.py | 25 ++
neutron/db/l3_dvr_db.py | 127 ++++++++-
neutron/db/l3_dvr_ha_scheduler_db.py | 9 +-
neutron/db/l3_dvrscheduler_db.py | 170 +++++++++---
.../a8b517cff8ab_add_routerport_bindings_for_ha.py | 7 +-
neutron/db/securitygroups_db.py | 178 ++++++------
neutron/extensions/securitygroup.py | 5 +-
neutron/objects/base.py | 43 ++-
neutron/objects/qos/qos_policy_validator.py | 24 +-
neutron/objects/securitygroup.py | 6 +-
neutron/plugins/ml2/drivers/l2pop/mech_driver.py | 7 +-
.../drivers/openvswitch/agent/common/constants.py | 36 +++
.../agent/extension_drivers/qos_driver.py | 23 +-
.../openvswitch/agent/openflow/native/br_int.py | 2 +
.../openvswitch/agent/openflow/native/br_phys.py | 1 +
.../openvswitch/agent/openflow/native/br_tun.py | 1 +
.../openvswitch/agent/openflow/native/ofswitch.py | 15 +-
.../agent/openflow/native/ovs_bridge.py | 8 +-
.../drivers/openvswitch/agent/ovs_neutron_agent.py | 74 ++++-
neutron/plugins/ml2/rpc.py | 30 +-
neutron/policy.py | 22 ++
neutron/services/qos/qos_plugin.py | 3 +-
.../drivers/openvswitch/agent/ovsdb_handler.py | 14 +
.../agent/l3/test_keepalived_state_change.py | 30 +-
.../functional/agent/linux/test_netlink_lib.py | 8 +-
.../l3_router/test_l3_dvr_router_plugin.py | 14 +-
.../openvswitch/agent/test_ovsdb_handler.py | 8 +
.../linux/openvswitch_firewall/test_firewall.py | 11 +
.../agent/linux/openvswitch_firewall/test_rules.py | 13 +-
.../unit/agent/linux/test_iptables_firewall.py | 14 +
.../unit/agent/linux/test_iptables_manager.py | 4 +-
.../plugins/ml2/drivers/l2pop/test_mech_driver.py | 23 +-
.../agent/test_linuxbridge_neutron_agent.py | 12 +-
.../macvtap/agent/test_macvtap_neutron_agent.py | 11 +-
.../mech_driver/test_mech_sriov_nic_switch.py | 28 +-
.../agent/extension_drivers/test_qos_driver.py | 4 +-
.../agent/openflow/native/test_ovs_bridge.py | 5 +
.../openvswitch/agent/test_ovs_neutron_agent.py | 60 +++-
.../drivers/openvswitch/agent/test_ovs_tunnel.py | 13 +-
.../unit/scheduler/test_l3_agent_scheduler.py | 46 +++-
.../service_providers/test_driver_controller.py | 4 +-
.../services/revisions/test_revision_plugin.py | 1 +
.../openvswitch/agent/test_ovsdb_handler.py | 4 +-
playbooks/legacy/neutron-fullstack/run.yaml | 2 +-
playbooks/legacy/neutron-functional/run.yaml | 2 +-
.../legacy/neutron-grenade-dvr-multinode/run.yaml | 2 +-
.../legacy/neutron-grenade-multinode/run.yaml | 2 +-
playbooks/legacy/neutron-grenade/run.yaml | 2 +-
playbooks/legacy/neutron-rally-neutron/run.yaml | 24 +-
.../neutron-tempest-dvr-ha-multinode-full/run.yaml | 2 +-
playbooks/legacy/neutron-tempest-dvr/run.yaml | 2 +-
.../legacy/neutron-tempest-linuxbridge/run.yaml | 2 +-
.../legacy/neutron-tempest-multinode-full/run.yaml | 2 +-
playbooks/legacy/neutron-tempest-ovsfw/run.yaml | 2 +-
.../notes/dns_domain-6f0e628aeb3c650c.yaml | 13 +
.../dnsmasq-local-service-c8eaa91894a7d6d4.yaml | 8 +
...e-request-as-binding-data-2a01c1ed1a8eff66.yaml | 10 +
...cise-agent-state-transfer-67c771cb1ee04dd0.yaml | 27 ++
setup.cfg | 14 +-
148 files changed, 3365 insertions(+), 997 deletions(-)
More information about the Release-announce
mailing list