We contentedly announce the release of: neutron 22.1.0: OpenStack Networking This release is part of the antelope release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 22.1.0 ^^^^^^ Known Issues ************ * When using ML2/OVN, during an upgrade procedure, the OVS system-id stored value can be changed. The ovn-controller service will create the "Chassis" and "Chassis_Private" registers based on this OVS system-id. If the ovn-controller process is not gracefully stopped, that could lead to the existence of duplicated "Chassis" and "Chassis_Private" registers in the OVN Southbound database. Bug Fixes ********* * [bug 2022914 (https://bugs.launchpad.net/neutron/+bug/2022914)] Neutron-API supports using relays as the southbound connection in a ML2/OVN setup. Before the maintenance worker of the API required a leader_only connection, which was removed. * Fixed the scenario where the DHCP agent is deployed in conjunction with the OVN metadata agent in order to serve metadata for baremetal nodes. In this scenario, the DHCP agent would not set the route needed for the OVN metadata agent service resulting in baremetal nodes not being able to query the metadata service. For more information see bug 1982569 (https://bugs.launchpad.net/neutron/+bug/1982569). * For OVN versions v22.09.0 and above, the "mcast_flood_reports" option is now set to "false" on all ports except "localnet" types. In the past, this option was set to "true" as a workaround for a bug in core OVN multicast implementation. * Now the ML2/OVN trunk driver prevents a trunk creation if the parent port is already bound. In the same way, if a parent port being used in a trunk is bound, the trunk cannot be deleted. * During the port bulk creation, if an IPAM allocation fails (for example, if the IP address is outside of the subnet CIDR), the other IPAM allocations already created are deleted before raising the exception. Fixes bug 2039550 (https://launchpad.net/bugs/2039550). * A new OVN maintenance method "remove_duplicated_chassis_registers" is added. This method will periodically check the OVN Southbound "Chassis" and "Chassis_Private" tables looking for duplicated registers. The older ones (based on the "Chassis_Private.nb_cfg_timestamp" value) will be removed when more than one register has the same hostname, that should be unique. Other Notes *********** * The external_mac entry in the NAT table is used to distribute/centralize the traffic to the FIPs. When there is an external_mac set the traffic is distributed (DVR). When it is empty it is centralized through the gateway port (no DVR). Upon port status transition to down, the external_mac was removed regardless of DVR being enabled or not, leading to centralize the FIP traffic for DVR -- though it was for down ports that won't accept traffic anyway. * Adds a maintenance task that runs once a day and is responsible for cleaning up Hash Ring nodes that haven't been updated in 5 days or more. See LP #2033281 for more information. * Added the missing extension "uplink-status-propagation" to the ML2/OVN mechanism driver. This extension is used by the ML2/SR-IOV mechanism driver, that could be loaded with ML2/OVN. Now it is possible to create ports with the "uplink-status-propagation" flag defined. * A ML2/OVN virtual port cannot be bound to a virtual machine. If a port IP address is assigned as an allowed address pair into another port, the first one is considered a virtual port. If the second port (non-virtual) is bound to ML2/OVN, the virtual port cannot be bound to a virtual machine; a virtual port is created only to reserve a set of IP addresses to be used by other ports. The OVN mechanism driver prevents that a virtual port has a device ID; a device ID is provided when the port is being bound. Changes in neutron 22.0.2..22.1.0 --------------------------------- fb99b7bfac Ensure ovn loadbalancer FIPs are centralized upon neutron restarts 2b611b77a6 [Fullstack] Drop all linuxbridge scenarios from fullstack tests 07c3eb49c5 [DHCP agent] Add route to OVN metadata port if exists a680d580e8 [Stable Only] Fix parent for nftables job 591cf6c35c Restore the tempest nftables jobs in experimental and periodic queues 1bc5068c7e [FT] Clear the idl lock in TestMaintenance tests a4c03671f2 Remove any IPAM allocation if port bulk creation fails 3123df2672 Add dhcpagentscheduler API extension to the ML2/OVN extensions 50fb47b10c "ebtables-nft" MAC rule deletion failing b9a0bf0b01 Parameter filters may be None, which cannot be called with ** ec588b0bc0 Fix intermittent failures in finding metada port in SB DB 9ae6cdf0ae Revert "[stable-only] Disable "neutron-tempest-plugin-jobs-2023-1" temporarily" cc209f44d1 Add "jammy" distribution release to the legacy ebtables installation 27a19fb88a [stable-only] Disable "neutron-tempest-plugin-jobs-2023-1" temporarily 7066974509 Use safer methods to get security groups on security group logging 226220ac3c [OVN] Fix rate and burst for stateless security groups de329d2828 [OVN] Add the default condition check in ``PortBindingChassisEvent`` 2319e7c35f [OVN] Match LSP_TYPE_VIRTUAL in PortBindingUpdateVirtualPortsEvent 93f223f8c0 Revert "[OVN][Trunk] Add port binding info on subport when parent is bound" c89d028a95 Reduce lock contention on subnets 96267a2582 [PostgreSQL] Subnet entity with ServiceType grouped by both tables b92fc1ad6c Use HasStandardAttributes as parent class for Tags DB model b7a59a5132 Switch fullstack/functional fips jobs to 9-stream 4adbc85de7 Check the device ID and host ID during virtual port binding 4a7e7f2d25 Functional: assert multiple calls for update_virtual_port_host e16a249611 Call the "tc qdisc" command for ingress qdisc without parent 7f51901d47 Revert "[OVN][Trunk] Set the subports correct host during live migration" fbda749de7 Improve the ``PortBindingUpdateVirtualPortsEvent`` match filter 234a098d7b [FT] Make explicit the "publish" call check in "test_port_forwarding" adfe0659c6 [OVN] Cleanup old Hash Ring node entries 4f707101d9 [OVN] Add the 'uplink-status-propagation' extension to ML2/OVN cd6171a6eb [OVN] Disable the mcast_flood_reports option for LSPs 6dc93c5072 [OVN][Trunk] Set the subports correct host during live migration f0923f4b50 [OVN] Skip the port status UP update during a live migration be0cb0690e Fix ovn-metadata agent sync of unused namespaces 98c4ae595b Send ovn heatbeat more often. 04541b0720 [OVN] ovn-db-sync check for router port differences 36f78ee7dc hash-ring: Retry all DB operations if inactive ddbb29afa4 [OVN] Retry retrieving LSP hosting information f0dec9fa8d [UT] Create network to make lazy loading in the models_v2 possible 6f8dc124c4 dvr: Avoid installing non-dvr openflow rule on startup fbaf313bab [OVN] Hash Ring: Better handle Neutron worker failures f0abced1c9 [neutron-api] remove leader_only for sb connection c1f5bac4a2 Fix ACL sync when default sg group is created e0c387f4e0 [2023.1 Only] Switch to 2023.1 neutron-tempest-plugin jobs ad4c50db38 [OVN][L3] Optimize FIP update operation d9eb4ff47c Set result when lswitch port exist 43cfe839eb [OVN] Prevent binding a virtual type port 3c0e54faf7 Move ``determine_bind_host`` to ``ovn.utils`` c8376e2a01 Implement ``get_port_type_virtual_and_parents`` method 133af425fa Implement ``get_subnets_address_scopes`` method fc29d62267 Ensure traffic is not centralized if DVR is enabled 8546131674 Don't allow deletion of the router ports without IP addresses cd8035306f Disable pool recycle in tests 287f4231a0 Delete sg rule which remote is the deleted sg 82e94208bc [OVN] Expose chassis hosting information in LSP 88d00e698f [FT] Move ``BaseOVSTestCase`` class to concurrency 1 executor 2f48c24d41 [OVN] Prevent Trunk creation/deletion with parent port bound 06694e336e Load FIP information during initialize not init df412885d1 [OVN] Hash Ring: Set nodes as offline upon exit 52cc01532b Improve Hash Ring logs 4462c1a3e0 [qos] _validate_create_network_callback return in no network 31a79f155e Delete network namespace on last port deletion 7fc12decdf [OVN] Remove SB "Chassis"/"Chassis_Private" duplicated registers Diffstat (except docs and test files) ------------------------------------- neutron/agent/l3/dvr_local_router.py | 3 + neutron/agent/linux/dhcp.py | 103 ++++++--- neutron/agent/ovn/metadata/agent.py | 25 ++- neutron/api/rpc/handlers/securitygroups_rpc.py | 7 + neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 8 +- neutron/common/ovn/constants.py | 1 + neutron/common/ovn/exceptions.py | 7 +- neutron/common/ovn/extensions.py | 4 + neutron/common/ovn/hash_ring_manager.py | 9 +- neutron/common/ovn/utils.py | 157 +++++++++++++ neutron/common/utils.py | 16 ++ neutron/db/address_group_db.py | 1 + neutron/db/db_base_plugin_v2.py | 2 +- neutron/db/ipam_backend_mixin.py | 2 +- neutron/db/l3_db.py | 9 - neutron/db/l3_dvr_db.py | 15 +- neutron/db/models/tag.py | 2 +- neutron/db/models_v2.py | 52 +++-- neutron/db/ovn_hash_ring_db.py | 78 ++++++- neutron/objects/subnet.py | 8 + .../ml2/drivers/linuxbridge/agent/arp_protect.py | 4 +- .../openvswitch/agent/openflow/native/br_tun.py | 16 +- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 18 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 3 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 49 ++-- .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 1 + .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 4 + .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 130 +++++++++-- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 250 ++++++++++++--------- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 77 ++++++- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 63 +++--- neutron/plugins/ml2/plugin.py | 17 +- neutron/services/logapi/drivers/ovn/driver.py | 33 ++- neutron/services/ovn_l3/plugin.py | 2 +- neutron/services/qos/qos_plugin.py | 4 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 39 ++-- neutron/services/trunk/plugin.py | 5 +- .../agent/ovn/metadata/test_metadata_agent.py | 26 ++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 88 +++++++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 18 ++ .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 98 +++++++- .../privileged/agent/linux/test_tc_lib.py | 44 ++-- .../services/logapi/drivers/ovn/test_driver.py | 6 + .../trunk/drivers/ovn/test_trunk_driver.py | 75 ++++--- .../api/rpc/handlers/test_securitygroups_rpc.py | 50 ++++- .../agent/openflow/native/test_br_tun.py | 33 ++- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 9 +- .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 2 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 83 ++++++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 208 +++++++++-------- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 42 ++++ .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 17 +- .../drivers/ovn/mech_driver/test_mech_driver.py | 67 ++++-- .../services/logapi/drivers/ovn/test_driver.py | 41 +++- .../trunk/drivers/ovn/test_trunk_driver.py | 2 - .../notes/bug-2022914-edbf1ea3514596b8.yaml | 7 + ...p-agent-ovn-metadata-port-33a654ccb9554c65.yaml | 9 + .../notes/dvr-external-mac-934409413e515eb2.yaml | 10 + .../notes/hash-ring-cleanup-1079d2375082cebe.yaml | 6 + ...uplink-status-propagation-4c232954f8b4f0ef.yaml | 7 + .../ovn-mcast_flood_reports-4eee20856ccfc7d7.yaml | 7 + ...n-trunk-check-parent-port-eeca2eceaca9d158.yaml | 6 + ...tual-port-prevent-binding-50efba5521e8a28e.yaml | 10 + ..._ipamallocation_leftovers-9d72cc5f616f51e4.yaml | 7 + ...ve_duplicated_ovn_chassis-df12fb6233ea3d3e.yaml | 17 ++ roles/legacy_ebtables/tasks/main.yaml | 3 +- roles/nftables/tasks/main.yaml | 6 + tox.ini | 4 +- zuul.d/base.yaml | 22 +- zuul.d/job-templates.yaml | 4 +- zuul.d/project.yaml | 2 +- 98 files changed, 2242 insertions(+), 665 deletions(-)