We are jubilant to announce the release of: neutron 7.1.0: OpenStack Networking This release is part of the liberty stable release series. For more details, please see below. 7.1.0 ^^^^^ Allowed address pairs can now be cleared by passing None in addition to an empty list. This is to make it possible to use the --action=clear option with the neutron client. neutron port-update <uuid> --allowed-address-pairs action=clear Support for MTU selection and advertisement. New Features ************ * Use the value of the network 'mtu' attribute for the MTU of virtual network interfaces such as veth pairs, patch ports, and tap devices involving a particular network. * Enable end-to-end support for arbitrary MTUs including jumbo frames between instances and provider networks by moving MTU disparities between flat or VLAN networks and overlay networks from layer-2 devices to layer-3 devices that support path MTU discovery (PMTUD). * When advertise_mtu is set in the config, Neutron supports advertising the LinkMTU using Router Advertisements. Upgrade Notes ************* * Does not change MTU for existing virtual network interfaces. * Actions that create virtual network interfaces on an existing network with the 'mtu' attribute containing a value greater than zero could cause issues for network traffic traversing existing and new virtual network interfaces. Bug Fixes ********* * Fixes bug 1537734 * Explicitly configure MTU of virtual network interfaces rather than using default values or incorrect values that do not account for overlay protocol overhead. * The Linuxbridge agent now supports the ability to toggle the local ARP responder when L2Population is enabled. This ensures compatibility with the allowed-address-pairs extension. Closes bug 1445089. Other Notes *********** * For details please read Blueprint mtu-selection-and-advertisement (https://specs.openstack.org/openstack/neutron-specs/specs/kilo/mtu- selection-and-advertisement.html). Changes in neutron 7.0.4..7.1.0 ------------------------------- 0991b19 Support MTU advertisement using IPv6 RAs 7560c84 Register RA and PD config options in l3-agent 92f40c5 Updated from global requirements df80a6e Enforce UUID of port/subnet ID for router interfaces 531b682 Restart dsnmasq on any network subnet change 13f7d19 Outerjoin to networks for port ownership filter c6f8188 RBAC: Fix port query and deletion for network owner fd240c1 Use correct session in update_allocation_pools 0ffab09 Add exponential back-off RPC client d29e2f7 DVR: Clear SNAT namespace when agent restarts after router move 69a384a Use admin context when removing DVR router on vm port deletion 7593e7f Clear DVR MAC on last agent deletion from host d32b852 Updated from global requirements 8d29f38 Cleanup stale OVS flows for physical bridges 1d1159b IPtables firewall prevent ICMPv6 spoofing 52430ce Mitigate restriction for fixed ips per dhcp port b33c16b OVS: Add mac spoofing filtering to flows 05de318 Delete fipnamespace when external net removed on DVR fa2c378 unbreak unit test caused by c5fa665de3173f3ad82cc3e7624b5968bc52c08d c55aba1 Make agent interface plugging utilize network MTU de5bdc9 Consume service plugins queues in RPC workers. 6b33c51 Only prevent l3 port deletion if router exists a46e008 Don't disconnect br-int from phys br if connected a38cb93 ML2: update port's status to DOWN if its binding info has changed 9d6a82f Updated from global requirements 996af44 Fix corrupted release note in Liberty fd5fd25 Iptables firewall prevent IP spoofed DHCP requests 275a171 Switched from fixtures to mock to mock out starting RPC consumers 8810a25 DVR: Increase the link-local address pair range a43b11e L3 agent: match format used by iptables 3a922a2 Don't drop 'protocol' from client supplied security_group_rule dict 90fb36f Split the FIP Namespace delete in L3 agent for DVR b392ad1 Don't delete br-int to br-tun patch on startup 0feecfe Delete metadata_proxy for network if it is not needed 36864b6 Adds base in-tree functional testing of the dhcp agent (OVS) 0186815 fix _validate_shared_update for dvr router ports c823e8c add arp_responder flag to linuxbridge agent 695335b Switches metering agent to stateless iptables 0e543db Fix setting peer to bridge interfaces 7175fde Refactor and fix dummy process fixture 6dea586 Remove obsolete keepalived PID files before start 761a1be Support Routes==2.3 d1618c9 port security: gracefully handle resources with no bindings 05e9044 Move test_extend_port_dict_no_port_security to where it belongs to c0d53a3 SG protocol validation to allow numbers or names d48c66b DVR: rebind port if ofport changes b57d9fa Linux Bridge: Add mac spoofing filtering to ebtables 5ad201c Change log level from error to warning e09c435 DHCP: Downgrade 'network has been deleted' logs 4848c71 Catch DBDuplicateEntry errors in RBAC code 8de5b03 Change the exception type from ValueError to IpamValueInvalid 92d58fc L3 agent: log traceback on floating ip setup failure a21da84 Update default gateway in the fip namespace after subnet-update eec85f3 Make run_ofctl check for socket error 82a6d2b Skip fullstack L3 HA test 4cb9062 lb: avoid doing nova VIF work plumbing tap to qbr e17f391 Remove test_external_network_visibility a86274e Check tap bridge timestamps to detect local changes 362896a Catch DB reference errors in binding DVR ports 48a6196 Move db query to fetch down bindings under try/except b90ca9f ML2: Downgrade 'no bound segment' warning a42b176 Close XenAPI sessions in neutron-rootwrap-xen-dom0 b30eb16 Add IPAllocation object to session info to stop GC 967d003 Allow address pairs to be cleared with None 1252c3f Downgrade "device not found" log message 52c34cb Downgrade network not found log in DHCP RPC 5dd0a91 Fix branch order when upgrading to alembic milestone 3b54294 Watch for 'new' events in ovsdb monitor for ofport d774e70 Removes host file contents from DHCP agent logs 8a1a21f Add VLAN tag info to port before applying SG initial setup. feaf9d3 Optimize and refactor router delete execution ec052cf radvd prefix configuration for DHCPV6_Stateful RA 0965953 Prevent PD subnets with incorrect IPv6 modes e1de91d Correct insufficient name for external process in manager log 1b10be8 Add network_update RPC into SR-IOV agent 54f8819 Separate the command for replace_port to delete and add 1e3ef49 Corrected wrong ethertype exception message 2db525d Add more log when dhcp agent sync_state. ccdfd17 Prevent binding IPv6 addresses to Neutron interfaces 3a22335 Do not remove router from dvr_snat agents on dvr port deletion 0bce029 Fix port relationship for DVRPortBinding d32d066 Decomposition phase2 for MidoNet plugin e1d177f Support rootwrap sysctl and conntrack commands for non-l3 nodes Diffstat (except docs and test files) ------------------------------------- bin/neutron-rootwrap-xen-dom0 | 13 +- etc/l3_agent.ini | 6 + etc/neutron/plugins/midonet/midonet.ini | 13 - etc/neutron/plugins/ml2/linuxbridge_agent.ini | 5 + etc/neutron/rootwrap.d/iptables-firewall.filters | 7 + neutron/agent/common/ovs_lib.py | 32 ++- neutron/agent/dhcp/agent.py | 33 ++- neutron/agent/l3/agent.py | 4 +- neutron/agent/l3/dvr.py | 6 + neutron/agent/l3/dvr_edge_router.py | 27 +- neutron/agent/l3/dvr_fip_ns.py | 74 +++-- neutron/agent/l3/dvr_local_router.py | 31 +- neutron/agent/l3/dvr_snat_ns.py | 19 +- neutron/agent/l3/ha_router.py | 7 +- neutron/agent/l3/item_allocator.py | 4 +- neutron/agent/l3/router_info.py | 70 ++++- neutron/agent/l3_agent.py | 4 + neutron/agent/linux/bridge_lib.py | 45 +-- neutron/agent/linux/dhcp.py | 8 +- neutron/agent/linux/external_process.py | 9 +- neutron/agent/linux/interface.py | 53 ++-- neutron/agent/linux/ip_lib.py | 45 +++ neutron/agent/linux/iptables_firewall.py | 42 ++- neutron/agent/linux/keepalived.py | 23 +- neutron/agent/linux/ovsdb_monitor.py | 8 + neutron/agent/linux/pd.py | 2 - neutron/agent/linux/ra.py | 38 ++- neutron/agent/metadata/driver.py | 10 +- neutron/api/extensions.py | 5 +- neutron/api/rpc/agentnotifiers/l3_rpc_agent_api.py | 34 ++- neutron/api/rpc/handlers/dhcp_rpc.py | 17 +- neutron/api/v2/base.py | 10 +- neutron/callbacks/resources.py | 1 + neutron/common/constants.py | 19 +- neutron/common/rpc.py | 86 +++++- neutron/db/agents_db.py | 7 +- neutron/db/agentschedulers_db.py | 13 +- neutron/db/db_base_plugin_common.py | 24 ++ neutron/db/db_base_plugin_v2.py | 21 +- neutron/db/dvr_mac_db.py | 31 ++ neutron/db/ipam_backend_mixin.py | 12 +- neutron/db/ipam_non_pluggable_backend.py | 2 +- neutron/db/ipam_pluggable_backend.py | 2 +- neutron/db/l3_agentschedulers_db.py | 23 +- neutron/db/l3_db.py | 83 +++++- neutron/db/l3_dvr_db.py | 36 ++- neutron/db/l3_dvrscheduler_db.py | 18 +- neutron/db/l3_hamode_db.py | 2 +- neutron/db/migration/cli.py | 7 +- neutron/db/models_v2.py | 3 +- neutron/db/portsecurity_db.py | 4 +- neutron/db/portsecurity_db_common.py | 41 ++- neutron/db/rbac_db_mixin.py | 16 +- neutron/db/securitygroups_db.py | 36 ++- neutron/extensions/allowedaddresspairs.py | 1 + neutron/extensions/portsecurity.py | 8 +- neutron/extensions/rbac.py | 4 + neutron/extensions/securitygroup.py | 7 + neutron/ipam/drivers/neutrondb_ipam/driver.py | 3 +- neutron/ipam/exceptions.py | 6 + neutron/ipam/requests.py | 10 +- neutron/plugins/midonet/__init__.py | 0 neutron/plugins/midonet/plugin.py | 52 ---- neutron/plugins/midonet/requirements.txt | 1 - neutron/plugins/ml2/drivers/l2pop/mech_driver.py | 34 +-- .../ml2/drivers/linuxbridge/agent/arp_protect.py | 59 ++++ .../ml2/drivers/linuxbridge/agent/common/config.py | 6 + .../linuxbridge/agent/linuxbridge_neutron_agent.py | 171 +++++++---- .../drivers/mech_sriov/agent/sriov_nic_agent.py | 53 +++- .../drivers/openvswitch/agent/common/constants.py | 3 + .../openvswitch/agent/openflow/native/br_int.py | 41 ++- .../openvswitch/agent/openflow/native/br_phys.py | 1 - .../openvswitch/agent/openflow/ovs_ofctl/br_int.py | 35 ++- .../agent/openflow/ovs_ofctl/br_phys.py | 1 - .../openvswitch/agent/ovs_dvr_neutron_agent.py | 6 + .../drivers/openvswitch/agent/ovs_neutron_agent.py | 56 +++- neutron/plugins/ml2/extensions/port_security.py | 12 +- neutron/plugins/ml2/models.py | 2 +- neutron/plugins/ml2/plugin.py | 43 +-- neutron/plugins/ml2/rpc.py | 6 +- neutron/plugins/opencontrail/contrail_plugin.py | 16 +- neutron/policy.py | 13 +- neutron/service.py | 20 +- neutron/services/l3_router/l3_router_plugin.py | 6 +- .../metering/drivers/iptables/iptables_driver.py | 1 + neutron/services/metering/metering_plugin.py | 9 +- .../api/admin/test_shared_network_extension.py | 14 +- .../functional/agent/linux/test_bridge_lib.py | 42 +++ .../functional/agent/linux/test_keepalived.py | 31 ++ .../agent/linux/test_linuxbridge_arp_protect.py | 36 ++- .../functional/agent/linux/test_ovsdb_monitor.py | 16 ++ .../l3_router/test_l3_dvr_router_plugin.py | 134 ++++++++- .../unit/agent/linux/test_iptables_firewall.py | 87 ++++-- .../plugins/ml2/drivers/l2pop/test_mech_driver.py | 22 +- .../agent/test_linuxbridge_neutron_agent.py | 223 ++++++++++----- .../mech_sriov/agent/test_sriov_nic_agent.py | 107 +++++++ .../agent/openflow/native/test_br_int.py | 8 +- .../agent/openflow/native/test_br_phys.py | 1 - .../agent/openflow/ovs_ofctl/test_br_int.py | 4 +- .../agent/openflow/ovs_ofctl/test_br_phys.py | 1 - .../openvswitch/agent/test_ovs_neutron_agent.py | 133 +++++++-- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 69 ++++- .../plugins/ml2/extensions/test_port_security.py | 39 +++ .../unit/plugins/ml2/test_ext_portsecurity.py | 4 +- .../plugins/oneconvergence/test_nvsd_plugin.py | 2 +- .../plugins/opencontrail/test_contrail_plugin.py | 5 + .../unit/scheduler/test_dhcp_agent_scheduler.py | 8 + .../unit/scheduler/test_l3_agent_scheduler.py | 61 +--- .../services/metering/drivers/test_iptables.py | 9 + ...d-address-pairs-with-none-4757bcca78076c9e.yaml | 9 + .../notes/end-to-end-mtu-00345fc4282cb8fb.yaml | 20 ++ ...ridge_vxlan_arp_responder-e9ea91552e1b62a7.yaml | 7 + ...lection-and-advertisement-ab29f9ec43140224.yaml | 9 + requirements.txt | 6 +- setup.cfg | 2 - test-requirements.txt | 2 +- tools/configure_for_func_testing.sh | 5 + 158 files changed, 4057 insertions(+), 1128 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index c309417..bfba811 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,2 +8,2 @@ PasteDeploy>=1.5.0 -Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7' -Routes!=2.0,>=1.12.3;python_version!='2.7' +Routes!=2.0,!=2.1,!=2.3.0,>=1.12.3;python_version=='2.7' # MIT +Routes!=2.0,!=2.3.0,>=1.12.3;python_version!='2.7' # MIT @@ -24 +24 @@ WebOb>=1.2.3 -python-keystoneclient!=1.8.0,>=1.6.0 +python-keystoneclient!=1.8.0,<3.0.0,>=1.6.0 diff --git a/test-requirements.txt b/test-requirements.txt index f181106..50bfa12 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -6 +6 @@ hacking<0.11,>=0.10.0 -cliff>=1.14.0 # Apache-2.0 +cliff!=1.16.0,!=1.17.0,>=1.14.0 # Apache-2.0