[release-announce] neutron 15.0.2 (train)
no-reply at openstack.org
no-reply at openstack.org
Tue Feb 18 11:32:59 UTC 2020
We are satisfied to announce the release of:
neutron 15.0.2: OpenStack Networking
This release is part of the train stable release series.
The source is available from:
https://opendev.org/openstack/neutron
Download the package from:
https://tarballs.openstack.org/neutron/
Please report issues through:
https://bugs.launchpad.net/neutron/+bugs
For more details, please see below.
15.0.2
^^^^^^
Upgrade Notes
*************
* For users affected by bug 1853840
(https://launchpad.net/bugs/1853840) the hypervisor name now can be
set per physical network device in config option
"resource_provider_hypervisors" which is located in the "[ovs]" ini-
section for "ovs-agent" and "[sriov_nic]" ini-section for "sriov-
agent". Hypervisor names default to "socket.gethostname()" which
works out of the box with "libvirt" even when the "DEFAULT.host"
config option is set to a non-default value.
Bug Fixes
*********
* Bug https://bugs.launchpad.net/neutron/+bug/1732067 described a
flooding issue on the neutron-ovs-agent integration bridge. And bug
https://bugs.launchpad.net/neutron/+bug/1841622 proposed a solution
for it. The accepted egress packets will be taken care in the final
egress tables (61 when openflow firewall is not enabled, table 94
otherwise) with direct output flows for unicast traffic with a
minimum influence on the existing cloud networking. A new config
option "explicitly_egress_direct", with default value False, was
added for the aim of distinguishing clouds which are running the
network node mixed with compute services, upstream neutron CI should
be an example. In such situation, this "explicitly_egress_direct"
should be set to False, because there are numerous cases from HA
routers which can not be covered, particularly when you have
centralized floating IPs running in such mixed hosts. Otherwise, set
"explicitly_egress_direct" to True to avoid the flooding. One more
note is if your network nodes are for networing services only, we
recommand you disable all the security_group to get a higher
performance.
* Neutron now locates the root resource provider of the resource
provider tree it creates by using the hypervisor name instead of the
hostname. These are different in rare cases only. The hypervisor
name can be set per physical network device in config option
"resource_provider_hypervisors" which is located in the "[ovs]" ini-
section for "ovs-agent" and "[sriov_nic]" ini-section for "sriov-
agent". Hypervisor names default to "socket.gethostname()" which
works out of the box with "libvirt" even when the "DEFAULT.host"
config option is set to a non-default value. We believe this change
fixes bug 1853840 (https://launchpad.net/bugs/1853840).
* Owners of security groups now see all security group rules which
belong to the security group, even if the rule was created by the
admin user. Fixes bug 1824248
(https://bugs.launchpad.net/neutron/+bug/1824248).
Other Notes
***********
* When the "enable_distributed_routing" (DVR) configuration option
is set to "True" and tunneling is enabled, the "arp_responder"
option will be forced to "True" since it is now required in order
for ARP to work properly. For more information, see bug 1774459
(https://bugs.launchpad.net/neutron/+bug/1774459).
Changes in neutron 15.0.1..15.0.2
---------------------------------
503bbdab87 [OVS] Handle added/removed ports in the same polling iteration
3ddba37ccc Unnecessary routers should not be created
9db46c5794 Reset timeout exception in DietTestCase when retrying
1e59a9f6db Remove sleep command when retrieving OVS dp
967d3dea91 Check "security_group_rule" quota during security group creation
9e8bdef93c Randomize BaseFullStackTestCase._find_available_ips
c36f1fc292 Remove one of iptables_hybrid jobs
a618a26bf4 Ensure driver error preventing trunk port deletion is logged
79ea54b21d Allow to kill keepalived state change monitor process
6c1cf88667 Add accepted egress direct flow
135e37ea52 Fix bug number in release note
8ec0c2d865 Add retries to update trunk port
f5354f5343 [L3] Switch order of processing added and removed router ports
dc8c1deeee Force arp_responder to True when DVR and tunneling enabled
8680863ae9 Check mtu on network update
9a6766470e Locate RP-tree parent by hypervisor name
124680084c Use "via" in gateway dictionary in Linux Bridge agent
a1237df19e don't clear skb mark when ovs is hw-offload enabled
6d9aae2ab3 Cap hacking in test-requirements.txt
d1c4ba5810 Use constraints for docs tox target
a6b55d760b List SG rules which belongs to tenant's SG
Diffstat (except docs and test files)
-------------------------------------
.zuul.yaml | 7 -
.../contributor/testing/ci_scenario_jobs.rst | 5 -
etc/neutron/rootwrap.d/l3.filters | 16 +-
neutron/agent/common/ovs_lib.py | 14 +-
neutron/agent/common/placement_report.py | 61 +++---
neutron/agent/common/utils.py | 24 +++
neutron/agent/l3/router_info.py | 20 +-
neutron/agent/linux/ip_lib.py | 2 +-
.../agent/linux/openvswitch_firewall/firewall.py | 136 +++++++++++++-
neutron/agent/securitygroups_rpc.py | 4 +
.../plugins/ml2/drivers/mech_sriov/agent_common.py | 9 +
neutron/conf/plugins/ml2/drivers/ovs_conf.py | 21 ++-
neutron/conf/policies/security_group.py | 16 +-
neutron/db/l3_dvrscheduler_db.py | 10 +-
neutron/db/securitygroups_db.py | 24 ++-
.../linuxbridge/agent/linuxbridge_neutron_agent.py | 4 +-
.../drivers/mech_sriov/agent/sriov_nic_agent.py | 13 +-
.../drivers/openvswitch/agent/common/constants.py | 2 +
.../openvswitch/agent/openflow/native/br_int.py | 10 +-
.../openvswitch/agent/openflow/native/ofswitch.py | 5 +-
.../openvswitch/agent/ovs_dvr_neutron_agent.py | 56 +++---
.../drivers/openvswitch/agent/ovs_neutron_agent.py | 208 +++++++++++++++++----
neutron/plugins/ml2/plugin.py | 3 +-
neutron/policy.py | 3 +-
neutron/services/placement_report/plugin.py | 34 +++-
neutron/services/trunk/plugin.py | 16 +-
neutron/services/trunk/rpc/server.py | 44 +++--
.../unit/agent/common/test_placement_report.py | 54 +++++-
.../linux/openvswitch_firewall/test_firewall.py | 60 +++++-
.../agent/test_linuxbridge_neutron_agent.py | 2 +-
.../mech_sriov/agent/test_sriov_nic_agent.py | 14 +-
.../agent/openflow/native/test_br_int.py | 28 ++-
.../openvswitch/agent/test_ovs_neutron_agent.py | 161 +++++++++-------
.../drivers/openvswitch/agent/test_ovs_tunnel.py | 9 +-
.../unit/scheduler/test_l3_agent_scheduler.py | 5 +
.../unit/services/placement_report/test_plugin.py | 33 +++-
.../accepted_egress_direct-cc23873e213c6919.yaml | 20 ++
...rp-responder-true-for-dvr-5aabbfa51945dd5a.yaml | 8 +
...parent-by-hypervisor-name-3244ed87dc57f950.yaml | 23 +++
...-for-security-group-owner-6635dd3e4c6ab5ee.yaml | 6 +
test-requirements.txt | 2 +-
tox.ini | 5 +-
55 files changed, 1092 insertions(+), 301 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 3aaac91e36..c8f3f91857 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -4 +4 @@
-hacking>=1.1.0 # Apache-2.0
+hacking>=1.1.0,<1.2.0 # Apache-2.0
More information about the Release-announce
mailing list