[release-announce] neutron 14.2.0 (stein)
no-reply at openstack.org
no-reply at openstack.org
Wed May 27 11:41:10 UTC 2020
We are ecstatic to announce the release of:
neutron 14.2.0: OpenStack Networking
This release is part of the stein stable release series.
The source is available from:
https://opendev.org/openstack/neutron
Download the package from:
https://tarballs.openstack.org/neutron/
Please report issues through:
https://bugs.launchpad.net/neutron/+bugs
For more details, please see below.
14.2.0
^^^^^^
Deprecation Notes
*****************
* Abstract method "plug_new" from the
neutron.agent.linux.interface.LinuxInterfaceDriver class now accepts
an optional parameter "link_up". Usage of this method, which takes
from 5 to 9 positional arguments, without "link_up" is now
deprecated and will not be possible starting in the W release.
Third-party drivers which inherit from this base class should update
the implementation of their "plug_new" method.
Security Issues
***************
* A change was made to the metadata proxy to not allow a user to
override header values, it will now always insert the correct
information and remove unnecessary fields before sending requests to
the metadata agent. For more information, see bug 1865036
(https://bugs.launchpad.net/neutron/+bug/1865036).
Bug Fixes
*********
* Bug https://bugs.launchpad.net/neutron/+bug/1732067 described a
flooding issue on the neutron-ovs-agent integration bridge. And bug
https://bugs.launchpad.net/neutron/+bug/1841622 proposed a solution
for it. The accepted egress packets will be taken care in the final
egress tables (61 when openflow firewall is not enabled, table 94
otherwise) with direct output flows for unicast traffic with a
minimum influence on the existing cloud networking. A new config
option "explicitly_egress_direct", with default value False, was
added for the aim of distinguishing clouds which are running the
network node mixed with compute services, upstream neutron CI should
be an example. In such situation, this "explicitly_egress_direct"
should be set to False, because there are numerous cases from HA
routers which can not be covered, particularly when you have
centralized floating IPs running in such mixed hosts. Otherwise, set
"explicitly_egress_direct" to True to avoid the flooding. One more
note is if your network nodes are for networing services only, we
recommand you disable all the security_group to get a higher
performance.
* Fixes an issue that the OVS firewall driver does not configure
security group rules using remote group properly when a
corresponding remote group has no port on a local hypervisor. For
more information see bugs: 1862703
(https://bugs.launchpad.net/neutron/+bug/1862703) and 1854131.
* Add a new match rule based on physical VLAN tag for OpenFlow
firewall traffic identifying mechanism to the TRANSIENT table. This
fixes the distributed router east-west traffic between VLAN type
networks. For more information, see bug 1831534
(https://bugs.launchpad.net/neutron/+bug/1831534).
Changes in neutron 14.1.0..14.2.0
---------------------------------
bc8c38bda8 Allow usage of legacy 3rd-party interface drivers
acb5fba408 Only notify nova of port status changes if configured
5f02ac5445 Add Rocky milestone tag for alembic migration revisions
0b035c910f Cap pycodestyle to be < 2.6.0
3ed429019b Router synch shouldn't return unrelated routers
90d17e4e85 Adding LOG statements to debug 1838449
98ec672e81 Report L3 extensions enabled in the L3 agent's config
8adac1ac3e Default (shared) network segment range is not mandatory
3796c03fd1 Fix queries to retrieve allocations with network_segment_range
5f7b55424a move neutron only common constants to private module
bdfdb812a2 Improve VLAN allocations synchronization
995018d754 Workaround in NetworkSegmentRange OVO until "project_id" migration
ff607c3f22 Check "security_group_rule" quota during security group creation
3e64388bb6 Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs
2d319eeadc Check project_id when creating and updating NetworkSegmentRange
13f01238b6 [L3 HA] Add "no_track" option to VIPs in keepalived config
5af25c8591 Kill all processes running in a namespace before deletion
bf05b63f1b Implement "list_ns_pids" inside Neutron
383d238548 Add rootwrap filter rule for radvd-kill script
61dc621c1b Filter by owner SGs when retrieving the SG rules
a10413eb3f Change ovs-agent iteration log level to INFO
551464dd77 Ensure netlink.nla_slot tuple key is a string
9dc499da2b Configure keepalived interfaces according to config file
5f83713571 Increase waiting time for network rescheduling
e2f01c65d9 Prioritize port create and update ready messages
b9a2968100 Do not link up HA router gateway in backup node
08f3633990 Add trunk subports to be one of dvr serviced device owners
355f454747 Wait before deleting trunk bridges for DPDK vhu
914cd7e15a [DVR] Don't populate unbound ports in router's ARP cache
2d0adf4a05 Optimize DVR related port DB query
f1ef0d2337 Use rally-openstack 1.7.0 for stable/stein
5a28141fc8 Unnecessary routers should not be created
4dc0a61cd5 Remove extra header fields in proxied metadata requests
c12ccd1b8f Ensure that default SG exists during list of SG rules API call
5578c7073f Add accepted egress direct flow
eec11491c3 Add VLAN type conntrack direct flow
c37f5bd4b9 Random IP for concurrent create pf and update_port
01d0612a3a Do not initialize snat-ns twice
aee87e72b1 ovs agent: signal to plugin if tunnel refresh needed
1e70b1cdff Mock check if ipv6 is enabled in L3 agent unit tests
4916bbc5f3 Re-use existing ProcessLauncher from wsgi in RPC workers
4193c6ca0e Check SG members instead of ports to skip flow update
5a0c3e1fdd dhcp-agent: equalize port create_low/update/delete priority
6376391b45 [OVS] Handle added/removed ports in the same polling iteration
Diffstat (except docs and test files)
-------------------------------------
.zuul.yaml | 3 +-
.../contributor/internals/openvswitch_firewall.rst | 2 +
etc/neutron/rootwrap.d/debug.filters | 6 +-
etc/neutron/rootwrap.d/l3.filters | 1 +
neutron/agent/dhcp/agent.py | 37 ++-
neutron/agent/l3/agent.py | 3 +-
neutron/agent/l3/dvr_edge_ha_router.py | 8 +-
neutron/agent/l3/dvr_edge_router.py | 10 +-
neutron/agent/l3/ha.py | 9 +
neutron/agent/l3/ha_router.py | 38 ++-
neutron/agent/l3/router_info.py | 20 +-
neutron/agent/linux/interface.py | 51 +++-
neutron/agent/linux/ip_lib.py | 17 +-
neutron/agent/linux/iptables_firewall.py | 5 +-
neutron/agent/linux/keepalived.py | 22 +-
.../agent/linux/openvswitch_firewall/firewall.py | 196 ++++++++++++-
neutron/agent/metadata/agent.py | 7 +
neutron/agent/metadata/driver.py | 7 +-
neutron/agent/securitygroups_rpc.py | 4 +
.../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 4 +-
neutron/api/rpc/handlers/l3_rpc.py | 11 +-
neutron/common/_constants.py | 45 +++
neutron/common/constants.py | 22 --
neutron/common/utils.py | 4 +-
neutron/conf/plugins/ml2/drivers/ovs_conf.py | 8 +-
neutron/db/db_base_plugin_common.py | 11 +-
neutron/db/dvr_mac_db.py | 41 ++-
neutron/db/l3_dvr_db.py | 23 ++
neutron/db/l3_dvrscheduler_db.py | 26 +-
.../rocky/expand/867d39095bf4_port_forwarding.py | 5 +
neutron/db/models/plugins/ml2/geneveallocation.py | 8 +
.../models/plugins/ml2/gre_allocation_endpoints.py | 8 +
neutron/db/models/plugins/ml2/vlanallocation.py | 8 +
neutron/db/models/plugins/ml2/vxlanallocation.py | 8 +
neutron/db/securitygroups_db.py | 30 +-
neutron/objects/network_segment_range.py | 112 +++++++-
neutron/objects/plugins/ml2/base.py | 42 +++
neutron/objects/plugins/ml2/flatallocation.py | 4 +-
neutron/objects/plugins/ml2/geneveallocation.py | 9 +-
neutron/objects/plugins/ml2/greallocation.py | 9 +-
neutron/objects/plugins/ml2/vlanallocation.py | 37 ++-
neutron/objects/plugins/ml2/vxlanallocation.py | 9 +-
neutron/objects/securitygroup.py | 20 ++
neutron/plugins/ml2/drivers/helpers.py | 142 +++------
.../drivers/openvswitch/agent/common/constants.py | 2 +
.../openvswitch/agent/openflow/native/br_int.py | 10 +-
.../openvswitch/agent/ovs_dvr_neutron_agent.py | 21 ++
.../drivers/openvswitch/agent/ovs_neutron_agent.py | 320 ++++++++++++++-------
neutron/plugins/ml2/drivers/type_vlan.py | 53 ++--
neutron/plugins/ml2/rpc.py | 8 +-
neutron/privileged/__init__.py | 3 +-
neutron/privileged/agent/linux/ip_lib.py | 56 +++-
neutron/server/wsgi_eventlet.py | 2 +-
neutron/service.py | 17 +-
.../drivers/openvswitch/agent/ovsdb_handler.py | 3 +
.../functional/agent/linux/test_keepalived.py | 5 +-
.../privileged/agent/linux/test_ip_lib.py | 35 +++
.../portforwarding/test_port_forwarding.py | 21 +-
.../linux/openvswitch_firewall/test_firewall.py | 172 ++++++++++-
.../objects/plugins/ml2/test_geneveallocation.py | 6 +-
.../unit/objects/plugins/ml2/test_greallocation.py | 6 +-
.../objects/plugins/ml2/test_vlanallocation.py | 6 +-
.../objects/plugins/ml2/test_vxlanallocation.py | 6 +-
.../unit/objects/test_network_segment_range.py | 236 +++++++++++++--
.../agent/openflow/native/test_br_int.py | 28 +-
.../openvswitch/agent/test_ovs_neutron_agent.py | 106 ++++---
.../drivers/openvswitch/agent/test_ovs_tunnel.py | 9 +-
.../unit/plugins/ml2/drivers/test_type_vlan.py | 18 ++
.../unit/privileged/agent/linux/test_ip_lib.py | 9 +-
.../unit/scheduler/test_l3_agent_scheduler.py | 5 +
neutron/wsgi.py | 6 +
...without-link_up-parameter-27f8310eb1e1910a.yaml | 10 +
.../accepted_egress_direct-cc23873e213c6919.yaml | 20 ++
...ity-group-no-port-on-host-9177e66d4b16e90c.yaml | 8 +
...roxy-header-vulnerability-60c44eb7c76d560c.yaml | 8 +
...lan-type-conntrack-direct-d3d544f8471ed4ff.yaml | 8 +
test-requirements.txt | 2 +-
101 files changed, 2348 insertions(+), 559 deletions(-)
Requirements updates
--------------------
diff --git a/test-requirements.txt b/test-requirements.txt
index 7f71cfda0c..e4e6d09c69 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -10 +10 @@ flake8-import-order==0.12 # LGPLv3
-pycodestyle>=2.0.0 # MIT
+pycodestyle>=2.0.0,<2.6.0 # MIT
More information about the Release-announce
mailing list