We high-spiritedly announce the release of: neutron 13.0.5: OpenStack Networking This release is part of the rocky stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/null/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 13.0.5 ^^^^^^ Security Issues *************** * The OVS Firewall blocks traffic that does not have either the IPv4 or IPv6 ethertypes at present. This is a behavior change compared to the iptables_hybrid firewall, which only operates on IP packets and thus does not address other ethertypes. There is now a configuration option in the neutron openvswitch agent configuration file for permitted ethertypes and then ensures that the requested ethertypes are permitted on initialization. Bug Fixes ********* * Fixes an issue where deletion of a provider network could result in ML2 mechanism drivers not being passed information about the network's provider fields. The consequences of this depend on the mechanism driver in use, but could result in the event being ignored, leading to an incorrectly configured network. See bug 1841967 for details. * When updating the fixed-ips of a port residing on a routed provider network the port update would always fail if *host* was not set. See bug: 1844124 (https://bugs.launchpad.net/tripleo/+bug/1844124). Changes in neutron 13.0.4..13.0.5 --------------------------------- f57e0e6029 Handle ports assigned to routers without routerports 885351c825 fixed_configured=True when Add/Remove port IPs ffee956d44 raise priority of dead vlan drop f88d703efe OVS flows for custom ethertypes must be on EGRESS 8bda3c2ed3 DVR: Cleanup ml2 dvr portbindings on migration 58f290c81e Avoid unnecessary operation of ovsdb and flows f050abab45 Fix creation of vlan network with segmentation_id set to 0 255ef89793 Add info log about ready DHCP config for ports d140750fe4 Check the namespace is ready in test_mtu_update tests 42d9106ee5 Increase timeouts for OVSDB in functional tests f913394d70 Create _mech_context before delete to avoid race e3133d8ae9 ML2 plugin: extract and postpone limit in port query 3d249a8016 Use created subnet in port generator in "test_port_ip_update_revises" 68077a4cc9 Increase TestDhcpAgentHA.agent_down_time to 30 seconds 1199207e7d Increase number of retries in _process_trunk_subport_bindings df8621af0d Remove experimental openSUSE 42.3 job f9473566d5 Initialize phys bridges before setup_rpc 09b7b2e1ea Populate binding levels when concurrent ops fail d581cf07cd Clear skb mark on encapsulating packets cd216c2c76 Stop OVS agent before starting it again 56cd50e9d2 Make sure the port still in port map when prepare_port_filter 5c1afcaf2b [DVR] Add lock during creation of FIP agent gateway port 9fea420c2d Fix sort issue in test_dhcp_agent_scheduler.test_filter_bindings 3ba9c03c05 Check for agent restarted after checking for DVR port b4e544fa9a fix update port bug 80389bb4ee Retry trunk status updates failing with StaleDataError 41db09c434 Don't crash ovs agent during reconfigure of phys bridges 12861e3940 Filter placement API endpoint by type too 00df9b0a85 Use --bind-dynamic with dnsmasq instead of --bind-interfaces eabd114a9b Yield control to other greenthreads while processing trusted ports 56c070c5a3 Ignore first local port update notification f9f6ae9c98 Limit max ports per rpc for dhcp_ready_on_ports() 55a503b4c9 Add custom ethertype processing 9b7ba672d2 Treat networks shared by RBAC in same way as shared with all tenants efd09e6295 Turn CIDR in query filter into proper subnet 9749fd270c Prevent create port forwarding to port which has binding fip Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 12 -- neutron/agent/common/ovs_lib.py | 1 + neutron/agent/dhcp/agent.py | 11 +- neutron/agent/linux/dhcp.py | 8 +- neutron/agent/linux/ip_lib.py | 16 ++- .../agent/linux/openvswitch_firewall/firewall.py | 31 ++++- neutron/agent/resource_cache.py | 17 ++- neutron/agent/rpc.py | 18 ++- neutron/conf/agent/securitygroups_rpc.py | 8 +- neutron/db/db_base_plugin_common.py | 6 + neutron/db/ipam_pluggable_backend.py | 2 +- neutron/db/l3_db.py | 73 ++++------ neutron/db/l3_dvr_db.py | 89 +++++++----- neutron/objects/ports.py | 71 ++++++++-- .../drivers/openvswitch/agent/common/constants.py | 2 + .../openvswitch/agent/openflow/native/br_int.py | 3 + .../openvswitch/agent/openflow/ovs_ofctl/br_int.py | 3 + .../drivers/openvswitch/agent/ovs_neutron_agent.py | 45 ++++++- neutron/plugins/ml2/drivers/type_vlan.py | 4 +- neutron/plugins/ml2/plugin.py | 39 +++++- neutron/plugins/ml2/rpc.py | 20 +-- neutron/policy.py | 6 +- neutron/privileged/agent/linux/ip_lib.py | 7 + .../services/portforwarding/common/exceptions.py | 7 + neutron/services/portforwarding/pf_plugin.py | 16 +++ neutron/services/segments/placement_client.py | 1 + neutron/services/trunk/rpc/server.py | 22 ++- .../portforwarding/test_port_forwarding.py | 40 ++++++ .../linux/openvswitch_firewall/test_firewall.py | 1 + .../agent/openflow/native/test_br_int.py | 7 + .../agent/openflow/ovs_ofctl/test_br_int.py | 2 + .../openvswitch/agent/test_ovs_neutron_agent.py | 78 ++++++++++- .../unit/plugins/ml2/drivers/test_type_vlan.py | 21 ++- .../unit/scheduler/test_dhcp_agent_scheduler.py | 8 +- .../unit/services/portforwarding/test_pf_plugin.py | 41 +++++- .../services/revisions/test_revision_plugin.py | 2 +- .../notes/custom_ethertypes-eae3fcab3293e3a1.yaml | 9 ++ .../fix-net-delete-race-f2fa5bac3ab35a5b.yaml | 9 ++ ...-routed-provider-networks-c54a54844d9a3926.yaml | 7 + 60 files changed, 1163 insertions(+), 185 deletions(-)