We are pumped to announce the release of: neutron 20.0.0: OpenStack Networking This release is part of the yoga release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. Changes in neutron 19.0.0.0rc1..20.0.0 -------------------------------------- ca3e3bc49a ovn migration: Don't use executables in /tmp/ 833c394218 Log request IDs for matched Nova external events 80879049cf Ensure gateway is set for prefix delegated subnets 2a6a4ab5da Remove exception ``IpAddressAllocationNotFound`` bfae41a748 Enable sctp module in the fullstack Centos node 3be5afe66c Run configure_for_func_testing script after enable fips e61b117b33 Ensure no GARPs are sent for Load Balancer VIPs on tenant networks 6799e85e5d Update TOX_CONSTRAINTS_FILE for stable/yoga 72fe42a3f1 Update .gitreview for stable/yoga 46c49aedfa [OVN] Update VIP port host ID when traffic detected cdff281f64 [SR-IOV] Fix QoS extension to set min/max values 480c643dd9 [ovn-migration] Add debug information to create-resources.sh.j2 scripts c02916de4e Local IP: use LOCAL_IP_TABLE for back flows if no OVS fw 4a66adf94c Group execution of SQL functional tests 5ee94a5b9b [ OVN ][Migration] Reload systemctl daemon after removal 10caa1e101 Mock netutils.is_ipv6_enabled() method when testing 28df8470f6 Fix configure_for_func_testing script f430cd0072 Don't set HA ports down while L3 agent restart. 30c6092747 Fix typo in the third instruction paragraph of "Controller nodes" block 3ac4b0d634 Remove _standard_attr_segment_lib and use definition from neutron-lib 56774da426 Add port IDs in "RouterInUse" exception during router deletion a1c7e4cf57 Add devstack-enforce-scope job to our periodic queue 210148e708 Move FIPS jobs from the experimental to the periodic queue ce10c5189a Re enable update_router_admin_state scenario test 22f1c99453 Restructure layout for periodic, experimental and tox jobs a51aff743c [OVN][Cosmetic] Improve gen_router_port_options a98d96f4ef Switch to cirros uec image in ovn tempest jobs 63a8f96426 Revert "[Fullstack] Mark security groups test as unstable" ba4bfa8842 [Fullstack] Block until dhcp config is done b2421b01e5 [OVN] Handle RouterNotFound exception in set_gateway_mtu d5ac103329 Change OVS and OVN installation directories 0b6a95560e change skydive source to skydive-project b4a192a74c Bump python-neutronclient version to 7.8.0 47537e169e Update local ip doc e45501aee4 Switch TripleO jobs to CentOS 9 d603525ec9 Refactor back into common method in trunk tests 5a0a2b7847 Allow ovn_db_sync to continue on duplicate normalised CIDR 1aeef5a74e Add new class for Logging API methods 0c9c60d5ca [OVN] Off-path SmartNIC DPU Documentation 7d64d0c116 [OVN] Off-path SmartNIC DPU Port Binding with OVN 8217979fdc [fullstack] use noop fw driver for Local IP conntrack test 129760b84f Doc: Due to recent grafana upgrade change urls in doc 1f97069790 [OVN] Extend port binding parameter validation b5b519a4fa segments: fix scheduling duplicate segments 5fbd4f1a9d Add ndp proxy policy rules 0fe6c0b8ca Use the "connectivity" property of "MechanismDriver" 9829865073 Refactor session "is_active" handling for sqlalchemy-20 be7331c816 [ovn] Prevent stale ports in the OVN database 9cb06cff30 Doc: add back neutron-fwaas lieutenant 053a9d24ec Add table for pps limitaion 56dbfb7ac4 [OVN][Placement] Read the initial config in the maintenance worker 5bef868477 [OVN] Migrate "reside-on-redirect-chassis" for distributed FIP 084bb163f2 Add qos-pps-minimum-rule-alias API extension 0ddca28454 Make sure "dead vlan" ports cannot transmit packets ca8b40403f Update irrelevant-files to skip run of untouched jobs 9fcf42d3d5 [OVN] Check if exists trunk ports before cleanup 1c3d90e3da Add local_ip entrypoints 4be4511bec Re enable test_network_v6.TestGettingAddress f9d976de7e Re add ovs and ovn tempest slow jobs a0a25cb15c [Server Side] L3 router support ndp proxy 140bb63665 Wait longer before deleting DPDK vhu trunk bridges ce7f279538 [OVN][QoS] Add external_ids reference to port QoS registers ebca47365c "L3AgentExtensionsManager" check loaded extensions cde5657a50 [OVN] Sync QoS policies 507989fc62 Use a thread local variable to store the Nova Notifier enable flag 2d6b33445c Revert "Switch neutron-grenade-dvr-multinode to be non voting temporary" 654c3b796f OVN TestNBDbResources wait for NB_Global table to be present 8fd88fd223 Pass host parameter to the get_network_info method 0d23304120 [OVS] Add IPv6 ICMP RA to the default ingress rules 522837a97f [OVN] Fix overlapping security group objects not correctly applied 0fd168ae93 Use elevated context to update router's external gateway 722fca928d Update irrelevant-files for non scenario jobs 8dfe5cc95b [OVN] Implement floating IP network QoS inheritance 08bdc4ded1 Add "bound_drivers" information to port "vif_details" 94b961f179 Update dns_assignment attribute documentation 1c1814aa6b Fix reference before assignment error in the dhcp_rpc module a1a895a6e5 Add FIPS enabled scenario jobs d5b9a04bc2 Local IP internal documentation and release note 8b549533a6 Fix gerrit dashboards url's in docs 1a7f4d5b03 [OVN] Add unit test for binding profile validation fb1172ef05 Add diff log on mech_logger 15d6cfffc9 Ensure subports status is aligned with parent port 6ea6fdd874 Create a PeriodicWorker for DbQuotaNoLockDriver clean up ac718804de Add extra logs around enabling/disabling nova notifier code 2d099c4396 Update secure RBAC policies accordingly to the new guidelines 61d23fbe98 Remove installation of the ovs from the source in Devstack plugin 6636f65663 [OVN]Ensure gateway port is running after gateway chassis changed 729290357b [tests] Don't fail if kill cmd says that process don't exists 706e39681f Remove not used parameter from migrate_neutron_database_to_ovn function d033c9f933 Fix OVS OVSNeutronAgent.reclaim_local_vlan() 1562f9141b Call enable DHCP only if there are subnets with enabled DHCP in network 92b081145e Cosmetic: Change ._ovn to ._nb_ovn to match ._sb_ovn ddf0568f39 Make configure_for_func_testing compatible with e.g. Centos af46120f40 [Functional/fullstack] Remove tools from irrelevant list bbc5af1166 Register cleanup hooks for the object change handlers only when needed 5710d3407b Improve DHCP RPC handler b5a7dbc67d Revert "Make configure_for_func_testing compatible with e.g. Centos" 0ce584bd9a Add Local IP fullstack test cases cc0c60d3d8 Fix call to the compile_ovn function from Devstack ffa8e085be Add missing DHCP opts for genconfig ef97019c92 Add upgrade check for extra DHCP options 4c6c48956e Exclude router gw subnet ports from port list while port delete. 930ec1eca3 ml2 ovs: Deprecate unused [agent] veth_mtu ebe9e046c6 Create an index for "agents.host" column 58feb88853 [OVN] Check if OVN SB supports virtual ports 66d50cdbd7 Add devstack plugin support for Local IP 200b345429 Add Local IP policy rules 7aae31c9f9 Make the dead vlan actually dead 2a41b0e152 Local IP: skip ports with invalid ofport 3e71a45195 Allow to use static Local IP openflow rules 391726bd4c Make configure_for_func_testing compatible with e.g. Centos 5e036a6b28 Ensure subports transition to DOWN 553f462656 Ensure only the right events are processed f3e836217c [Functional] Add extra logs to the L3 HA router transitions 0256e494d0 Disable tracebacks of eventlet.wsgi.server 0255eb31e5 Fix a error when l3-agent gets filter id for ip 18ec0eb209 Fix placement allocation update for port with network QoS policy a47e9494c1 Check whether vxlan group and local addresses are IPv4 or IPv6 03d08dee38 keepalived "no_track" implemented in version 2.0.3 96a188f654 Inherit from neutron-lib "LinuxInterfaceDriver" class 0e1ec52118 Remove "PortBindingMixin" class and related DB table ce1a87057a [OVN] Check if OVN NB supports stateless NAT rules 2aa1bbabe3 [OVN] Prevent OVS to OVN migration if firewall "iptables_hybrid" f2e8a619c5 Delete MAC binding for LRP when the port is deleted 55afd9bc92 [OVN] Allow only one physical network per bridge 4a06685098 [OVN] Correctly set dns_server in dhcpv4/v6 options ecb0b428ee [FT] Workaround for "test_gateway_chassis_rebalance" test eee92f5eaf Sync rootwrap.conf from oslo.rootwrap 374aac1cbd Use TOX_CONSTRAINTS_FILE 0e6257606a remove unicode from code 34e560fad0 Add extra debug log with current and new port statuses in ML2 plugin bd38ba77dc Adopt rehomed QoS FIP extension from neutron-lib 2.18.0 5e62eac7a9 Reduce iptables version check from 1.6.2 to 1.6.0 10bb1baf66 Missing OvS DPDK nodes in ovn-controllers 636f33b16b [OVN] Add floating IP pools extension to OVN L3 82aabb0aa9 Allocate IPs in bulk requests in separate transactions 79037c9516 [OVN] Accept OVS system-id as non UUID formatted string da8d0eaeea Fix expected exception raised when new scope types are enforced 5b597d6e4e [OVN] Add reverse DNS records 6809bed632 Don't fail subnet validation if gw_ip is actually not changed dea2057479 Change tobiko CI job in the periodic queue 37d4195b51 Use Port_Binding up column to set Neutron port status 92a1646594 Tweak port metadata test to be more reliable c6a6c5ae12 [Functional] Fix expected number of the enqueue_state_change calls 19b9662837 Remove _safe_plug_new method from the interface driver 0ae8eba7e7 [OVN][Placement] Make the Placement reporter compatible with OVN a416f8b0ab Do not announce any DNS resolver if "0.0.0.0" or "::" provided 7b61adbb4a List ports when attempt to delete network with ports f929488ce4 Amend "network_vlan_ranges" configuration option help text 385b0ad203 Add wait event for metadataagent sb_idl 2dd3ffa271 Remove the expired reservations in a separate DB transaction 3233c97f99 Fix stackalytics' link 2e0e5d2698 Add logs for port_bound_to_host f9b1882380 Updating python testing as per Yoga testing runtime 1af63e8812 Add Chassis creation wait event in "TestAgentMonitor" 569bafbbd5 [OVN] Keep "connectivity" VIF details parameter in migration 16a793af19 When creating a VXLAN interface, a device is mandatory abfbe5d54d Do not block qos for direct-physical ports ef162fcf8e Provide a "priority" value to the OVN events 8a9b9211d1 Quota engine to accept --force parameter in limit update 6288dc7259 Keep binding:profile keys during placement allocation change e4c168b1fc Improve Router callback system's publish events 8813b0ed2d Replace "target_tenant" with "target_project" in RBAC OVOs and models 4e395c5d2b Fix links for Source code references 176503e610 Avoid writing segments to the DB repeatedly fa2179278f [OVN] Prevent deleting the only IP of a router port b1ecde9122 Add "update_network" implementation to "L3AgentExtension" child classes ef7f673098 Do no use "--strict" for OF deletion in TRANSIENT_TABLE 0152b43ee1 Allow modification of max retries in OVSNeutronAgent b871dabdf4 [OVN] Add the VIF details "connectivity" parameter c95ccf0a43 ovn: enable stateless-security-group api 278af85123 ovn: update ACL actions on stateful field change 68f3e21034 [OVN] Chassis name (OVS system-id) must be a UUID formatted string c686a2b555 Improve DHCP RPC handler b51d6958f3 Add Local IP L2 extension flows d3990468b9 Change signature of "sqlalchemy.events.ConnectionEvents.before_execute" 42f52a663b Add "quota-check-limit" extension to OVN extension list 4dfbad7dcd Move ARM64 jobs to the corresponding zuul queue a4ffd1a2f9 Set report_interval to 0 for ovs agent unit tests e68a283211 Update placement allocation of bound ports when network QoS policy is changed cf8fa0d42d Remove functions which enable Neutron's QoS service 0725533a6f [OVN] Fix gateway_mtu option should not always be set d7178927fd Add upgrade check for floating IP QoS inheritance from network e41d82e374 Bump lower-constraints for eventlet to 0.26.1 42cfa055c2 Add network QoS inheritance to floating IP 74aa86a976 Properly clean up ovn-northd in functional tests c8427c82da [OVN] Check new added segments in OVN mech driver 770b64b90e Fix tunnel_types in ml2 ovs sample config bedd24caff [Fullstack] Don't install OVN in the fullstack job d02fb560aa [OVN] Update check_for_mcast_flood_reports() to check for mcast_flood 07c4c80e8f Update OVN gap document b7ae945e33 Ignore warnings in the policies UT 6632a2fe93 Cleaning of the zuul's project.yaml file 23b99e2f12 ovn: Filter ACL columns when syncing the DB 836592a8bc Add functional and fullstack jobs with FIPS enabled 5357689002 Remove some scenario jobs from the check and gate queues 4909c8c18d Bump neutron-lib to 2.17.0 6c9bf1efbd Remove functions to enable Neutron's placement integration 6ead2ce5b7 Disable "TestObjectVersions.test_versions". ebc4766990 Check interface presence in new namespace 4511290b72 [OVN] Fix port disable security dead when run neutron-ovn-db-sync-util 83f57021d6 Remove run-devstack role from run_functional_job playbook 7e2f73350f [OVN] Fix deadlock in neutron_ovn_db_sync_util.py 7874c57601 [ovn] Add timeout option to ovsdb-client command 1222962767 Add Local IP L2 extension skeleton 662045f519 [OVN] Execute OVN migration transactions independently cd1d96863e Add Local IP Extension and DB 4f95794d22 Increase openstack-tox-py38 and openstack-tox-py39 timeouts 1248b36ddc [OVN][Placement] Add support for minimum bandwidth QoS rules 53000704f2 Remove todo's in Y release 5627c87137 [OVS][QOS] Dataplane enforcement is limited to min-bw egress direction 41159bd9a4 Cleanup router for which processing added router failed 34c909c9cb Doc: follow-up for recent job renames 3a9a17ad82 Add functional tests for ECMP routes 2bb54a9c46 Document the effects of admin_state_up cc93d65d62 Update Interop doc 4eada8932c Increase the timeout for arm64 jobs 32c1762c36 Create Keystone admin endpoint for Rally job 753693d315 Bump OVN version for functional job to 21.06 d9f31f5047 Do not set project_id for floating ip ports e68d89c3d4 Recheck irrelevant files 0e09bf8ce1 Don't enforce scopes in the API policies UT temporary cb022c1d5c Remove "get_logical_port_chassis_and_datapath" d1fa2f104d Use the DB object when listing the SG rules 77b3a1a774 Networking guide: Add Guaranteed Minimum Packet Rate 59b2ac0c2a Replace "tenant_id" with "project_id" in OVO base edf1d0c759 Replace "tenant_id" with "project_id" in metering service a6f975ac03 [OVN][Placement] Add a SB Chassis event to track changes in BW config 5a7a8db0d8 Check quota limits 7d552848c2 Set RPC timeout in PluginReportStateAPI to report_interval 507a61efba Networking guide: Add trunk limitation to min bandwidth 11d166be68 Don't setup bridge controller if it is already set 02b72f7c96 Unify the states format for address group payloads 0194856da1 [OVS] Workaround when OpenFlow controller restarts 0885018892 Enable min pps tempest tests bbdba95f40 Revert "[Fullstack] Mark TestHAL3Agent fip_qos test as unstable" 95c2801da8 Check subnet in "_remove_subnet_dhcp_options" f09c98bf8c Add "FLAVOR_NAME" to ovn migration resources creation 8127221479 Check a namespace existence by checking only its own directory e49485f2aa Replace "tenant_id" with "project_id" aada855f6d Enable QoS minimum packet rate rule for OVS backend d699a955cd Sanitize profile column of ml2_port_bindings table in the DB 8db15cb2f3 Add port-resource-request-groups extension 042de7e6bb Deprecate 'allow_overlapping_ips' config option b42c8afb4b Add "os-ken" project Lieutenant d4d90fb6d7 Improve "get_collection_count" calls d49ce1652d Fix OVN migration workload creation order 10f23398ce Support SB OVSDB connections to non-leader servers 501faef2bc [ovn]Get network availability_zones from Logical_Switch a278c5ba78 [OVN] Tune OVN routers to reduce the mem footprint for ML2/OVN 8a890ed29c Fix list of DNS extensions supported by OVN c32c0af9af [OVN] Metadata ports device_owner is "network:distributed" only 5d94a10a15 [OVN] Check if OVN NB supports "Port_Group" 21eabbcf03 [DVR] Fix update of the MTU in the DVR HA routers 110c62ce9f Doc: add ovsdbapp and os-ken to Sub-project table 5665fc437b Bump os-ken to 2.2.0 f6c3552769 [ovn] Stop monitoring the SB MAC_Binding table to reduce mem footprint 8acf7ff096 CI: add experimental jobs to be executed with n-lib master c2bc676183 Report pkt processing capacity on Neutron agent RP 76a99f9a14 Report CUSTOM_VNIC_TYPE_ traits on Neutron agent RP 744e906f87 [ovn] Add logs for ovs to ovn migration bf6831e0d2 [OVN Migration] Remove trunk's subports from the nodes 5092f3fb98 [OVN Migration] Remove qr and dhcp ports from the nodes 43bd3fa246 Fix OVN driver validating Geneve max_header_size b57fdf7038 Revert "Use 2 dhcp agents in TestLegacyL3Agent" 416b7fe2f7 [Fullstack] Don't use dhcp in L3 agent tests 4bd1c82213 Add shared field to SG API response and filter ec89cd23d1 [Fullstack] Mark TestHAL3Agent fip_qos test as unstable bd0ded15ca [OVN] Update the DHCP options when the metadata port is modified e6ed9bd0c8 [Docs] Small improvements to the IPv6 config guide b993ebb407 Fix dynamic segment allocation race condition 98c269e5a6 Remove trunk related functions from neutron devstack plugin 09019f1ffa Enhanced set of warnings if an answers file or a templates directory is used. 18c959bd24 Remove "_get_network_lock_id" compatibility method a18efdae26 Rename OVN's "master" branch to "main" 41f78c678b Delete log entries when SG or port is deleted efc0b7e5af Log OvsdbAppException as warnings dfcbb4cce0 Execute "migrate_neutron_database_to_ovn" inside the same DB ctx c20f2e5136 [HA] Do not add initial state change delay in HA router c4d4742a6d Doc: prerelease checklist 5e32dddc11 Fix "_sync_metadata_ports" with no DHCP subnets 603abeb977 Execute the quota reservation removal in an isolated DB txn f8c879ddbf Add new indexes to RBAC DB models f18edfdf45 [DVR] Check if SNAT iptables manager is initialized 84b6db3b05 [OVN] Allow IP allocation with different segments for OVN service ports 1ea26616b4 ovs-agent: Report pkt processing info in heartbeat 56044db26d Add API extension for QoS minimum pps rule 459f63439b Replace cirros 0.4.0 by 0.5.2 in ovn migration create-resources.sh.j2 21d25617ab Change to publish for security-group db tests 771fdc0b07 [DVR] Set arp entries only for IPs from the correct subnet b0e01c7df3 Revert "update subport status when trunk/subport create/delete is triggerred" 42fda206e9 Replace "Inspector.from_engine()" with "sqlalchemy.inspect()" 57629dc051 Add retry when executing OF commands if "InvalidDatapath" dc677682ca ovn: use stateless NAT rules for FIPs 7dcddeb0bd Replace "tenant_id" with "project_id" in Quota engine 201fc1254c Drop install_venv 0a92e9de6c [ovn] metadata functional tests don't support Chassis_Private 3d7929591c Open Yoga DB branch 5abd1fb610 Remove dhcp_extra_opt name after first newline character 781edc8f64 req: Bump some dependencies 056251be77 [Docs] Ovn backend now supports FIP QoS bandwdith limiting a383afa10f [Docs] Add info about how to use shared SG with VMs 0234aa6157 Fix _create_dvr_floating_gw_port missing payload field f546c11b33 doc: Change availability of QoS policy change 632ffa992f Add Python3 yoga unit tests 347fd599ae Update master for stable/xena f8f50397ca Rollback db session in case of error during releasing quota reservation ce3b86eef3 Use neutron-lib standard_attr 0634dcc6d0 [OVS][FW] Initialize ConjIdMap._max_id depending on the current OFs 1762ed8834 [OVN][FT] Check UNIX socket file before using it 48f4e05b6e [Policy] Set scope_types for BaseCheck rules b6d2f07782 doc: Remove references to dead VMWare NSX extensions 28f3017a90 [OVN] Set NB/SB "connection" inactivity probe Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + TESTING.rst | 2 +- bindep.txt | 7 +- devstack/lib/l2_agent | 10 - devstack/lib/l3_agent | 10 - devstack/lib/local_ip | 9 + devstack/lib/ml2 | 5 - devstack/lib/placement | 19 - devstack/lib/qos | 28 - devstack/lib/trunk | 7 - devstack/ml2-ovs-compute-local.conf.sample | 2 +- devstack/ml2-ovs-local.conf.sample | 3 + devstack/ovn-compute-local.conf.sample | 2 +- devstack/ovn-local.conf.sample | 2 +- devstack/plugin.sh | 30 +- .../contributor/internals/openvswitch_agent.rst | 8 + .../contributor/internals/openvswitch_firewall.rst | 9 +- .../contributor/internals/provisioning_blocks.rst | 2 +- .../contributor/internals/quality_of_service.rst | 5 + .../contributor/internals/security_group_api.rst | 10 +- .../contributor/internals/services_and_agents.rst | 2 +- .../contributor/policies/gate-failure-triage.rst | 4 +- .../contributor/policies/release-checklist.rst | 4 + .../contributor/testing/ci_scenario_jobs.rst | 48 +- .../contributor/testing/ml2_ovs_devstack.rst | 3 +- .../feature_classification_introduction.rst | 4 +- etc/rootwrap.conf | 3 + lower-constraints.txt | 32 +- neutron/agent/common/ovs_lib.py | 71 +- neutron/agent/common/placement_report.py | 68 +- neutron/agent/dhcp/agent.py | 63 +- neutron/agent/l2/extensions/local_ip.py | 362 ++++++ neutron/agent/l3/agent.py | 75 +- neutron/agent/l3/dvr_edge_ha_router.py | 22 +- neutron/agent/l3/dvr_edge_router.py | 16 +- neutron/agent/l3/dvr_local_router.py | 44 +- neutron/agent/l3/extensions/conntrack_helper.py | 3 + neutron/agent/l3/extensions/port_forwarding.py | 3 + neutron/agent/l3/extensions/qos/fip.py | 3 + neutron/agent/l3/extensions/qos/gateway_ip.py | 3 + neutron/agent/l3/ha.py | 20 +- neutron/agent/l3/ha_router.py | 10 +- neutron/agent/l3/l3_agent_extensions_manager.py | 54 +- neutron/agent/linux/dhcp.py | 20 +- neutron/agent/linux/interface.py | 38 +- neutron/agent/linux/ip_lib.py | 40 +- neutron/agent/linux/l3_tc_lib.py | 3 +- .../agent/linux/openvswitch_firewall/firewall.py | 111 +- neutron/agent/ovn/metadata/agent.py | 32 +- neutron/agent/ovn/metadata/ovsdb.py | 9 +- neutron/agent/rpc.py | 4 +- neutron/agent/securitygroups_rpc.py | 3 + neutron/api/converters.py | 37 + neutron/api/rpc/callbacks/resources.py | 3 + neutron/api/rpc/handlers/dhcp_rpc.py | 147 +-- neutron/api/v2/base.py | 11 +- neutron/api/v2/resource_helper.py | 13 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 4 +- neutron/cmd/runtime_checks.py | 2 +- .../sanitize_port_binding_profile_allocation.py | 87 ++ neutron/cmd/sanity/checks.py | 78 +- neutron/cmd/sanity_check.py | 40 + neutron/cmd/upgrade_checks/checks.py | 195 +++ neutron/common/_constants.py | 2 +- neutron/common/ovn/acl.py | 18 +- neutron/common/ovn/constants.py | 107 +- neutron/common/ovn/extensions.py | 18 +- neutron/common/ovn/utils.py | 124 +- neutron/common/utils.py | 41 +- neutron/conf/common.py | 4 +- neutron/conf/db/l3_ndpproxy_db.py | 27 + neutron/conf/plugins/ml2/drivers/driver_type.py | 4 +- neutron/conf/plugins/ml2/drivers/ovs_conf.py | 58 + neutron/conf/policies/__init__.py | 6 + neutron/conf/policies/address_group.py | 4 +- neutron/conf/policies/address_scope.py | 24 +- neutron/conf/policies/auto_allocated_topology.py | 8 +- neutron/conf/policies/floatingip.py | 20 +- neutron/conf/policies/floatingip_pools.py | 4 +- .../conf/policies/floatingip_port_forwarding.py | 16 +- neutron/conf/policies/l3_conntrack_helper.py | 16 +- neutron/conf/policies/local_ip.py | 102 ++ neutron/conf/policies/local_ip_association.py | 92 ++ neutron/conf/policies/metering.py | 24 +- neutron/conf/policies/ndp_proxy.py | 102 ++ neutron/conf/policies/network.py | 100 +- neutron/conf/policies/port.py | 119 +- neutron/conf/policies/qos.py | 247 +++- neutron/conf/policies/rbac.py | 40 +- neutron/conf/policies/router.py | 88 +- neutron/conf/policies/security_group.py | 28 +- neutron/conf/policies/service_type.py | 4 + neutron/conf/policies/subnet.py | 36 +- neutron/conf/policies/subnetpool.py | 40 +- neutron/conf/policies/trunk.py | 28 +- neutron/db/address_group_db.py | 6 +- neutron/db/agents_db.py | 4 +- neutron/db/agentschedulers_db.py | 13 +- neutron/db/db_base_plugin_common.py | 4 +- neutron/db/db_base_plugin_v2.py | 75 +- neutron/db/external_net_db.py | 18 +- neutron/db/ipam_backend_mixin.py | 5 +- neutron/db/ipam_pluggable_backend.py | 53 +- neutron/db/l3_db.py | 77 +- neutron/db/l3_dvr_db.py | 4 +- neutron/db/l3_dvrscheduler_db.py | 3 +- neutron/db/l3_fip_qos.py | 11 +- neutron/db/l3_gateway_ip_qos.py | 5 +- neutron/db/l3_gwmode_db.py | 9 +- neutron/db/l3_hamode_db.py | 3 +- neutron/db/local_ip_db.py | 300 +++++ neutron/db/metering/metering_db.py | 6 +- neutron/db/migration/__init__.py | 15 +- .../alembic_migrations/versions/EXPAND_HEAD | 2 +- .../2e5352a0ad4d_add_missing_foreign_keys.py | 4 +- ...6f5_add_unique_ha_router_agent_port_bindings.py | 2 +- .../7d9d8eeec6ad_rename_tenant_to_project.py | 3 +- .../89ab9a816d70_rename_ml2_network_segments.py | 4 +- .../030a959ceafa_uniq_routerports0port_id.py | 2 +- ...61a21bcfc_uniq_floatingips0floating_network_.py | 2 +- .../a9c43481023c_extend_ml2_port_bindings.py | 3 +- .../d72db3e25539_modify_uniq_port_forwarding.py | 3 +- .../expand/d8bdf05313f4_add_in_use_to_subnet.py | 3 +- .../ussuri/expand/f4b9654dd40c_ovn_backend.py | 3 +- ...0820fc498_add_unique_quotas_project_resource.py | 2 +- .../xena/expand/1bb3393de75d_add_qos_pps_rule.py | 5 + ...8d6f371_rbac_target_tenant_to_target_project.py | 130 ++ .../34cf8b009713_add_router_ndp_proxy_table.py | 71 ++ .../yoga/expand/76df7844a8c6_add_local_ip.py | 72 ++ .../8160f7a9cebb_drop_portbindingports_table.py} | 42 +- .../expand/ba859d649675_add_indexes_to_rbacs.py | 41 + .../c181bb1d89e4_qos_minimum_packet_rate_rules.py | 56 + .../cd9ef14ccf87_add_index_to_agents_host.py | 37 + ...76d3_add_networksegments_database_constraint.py | 37 + neutron/db/migration/cli.py | 3 +- neutron/db/models/address_group.py | 2 +- neutron/db/models/agent.py | 2 +- neutron/db/models/l3.py | 2 +- neutron/db/models/local_ip.py | 75 ++ neutron/db/models/loggingapi.py | 3 +- neutron/db/models/metering.py | 4 +- neutron/db/models/ndp_proxy.py | 62 + neutron/db/models/network_segment_range.py | 3 +- neutron/db/models/port_forwarding.py | 2 +- neutron/db/models/portbinding.py | 33 - neutron/db/models/provisioning_block.py | 3 +- neutron/db/models/securitygroup.py | 2 +- neutron/db/models/segment.py | 16 +- neutron/db/models/tag.py | 3 +- neutron/db/models_v2.py | 2 +- neutron/db/ovn_revision_numbers_db.py | 2 +- neutron/db/portbindings_base.py | 41 - neutron/db/portbindings_db.py | 111 -- neutron/db/provisioning_blocks.py | 3 +- neutron/db/qos/models.py | 34 +- neutron/db/quota/api.py | 218 +--- neutron/db/quota/driver.py | 195 +-- neutron/db/quota/driver_nolock.py | 48 +- neutron/db/rbac_db_mixin.py | 24 +- neutron/db/rbac_db_models.py | 25 +- neutron/db/securitygroups_db.py | 29 +- neutron/db/standard_attr.py | 23 - neutron/db/standardattrdescription_db.py | 3 +- neutron/exceptions/__init__.py | 0 neutron/exceptions/qos.py | 24 + neutron/extensions/l3_ext_ndp_proxy.py | 21 + neutron/extensions/l3_ndp_proxy.py | 74 ++ neutron/extensions/local_ip.py | 123 ++ neutron/extensions/port_resource_request_groups.py | 23 + neutron/extensions/qos.py | 1 + neutron/extensions/qos_fip.py | 44 +- neutron/extensions/qos_fip_network_policy.py | 20 + neutron/extensions/qos_pps_minimum_rule.py | 35 + neutron/extensions/qos_pps_minimum_rule_alias.py | 35 + neutron/extensions/quota_check_limit.py | 20 + neutron/extensions/quotasv2.py | 68 +- neutron/extensions/quotasv2_detail.py | 13 +- .../extensions/security_groups_shared_filtering.py | 21 + .../security_groups_shared_filtering_lib.py | 67 + neutron/extensions/segment.py | 129 +- neutron/extensions/standard_attr_segment.py | 2 +- neutron/extensions/stdattrs_common.py | 2 +- neutron/extensions/tagging.py | 2 +- neutron/ipam/drivers/neutrondb_ipam/driver.py | 10 +- neutron/ipam/exceptions.py | 2 + neutron/notifiers/nova.py | 29 +- neutron/objects/address_group.py | 7 +- neutron/objects/address_scope.py | 5 +- neutron/objects/base.py | 13 +- neutron/objects/local_ip.py | 112 ++ neutron/objects/ndp_proxy.py | 80 ++ neutron/objects/network.py | 6 +- neutron/objects/network_segment_range.py | 3 +- neutron/objects/ports.py | 18 + neutron/objects/qos/binding.py | 20 + neutron/objects/qos/policy.py | 47 +- neutron/objects/qos/qos_policy_validator.py | 31 + neutron/objects/qos/rule.py | 23 +- neutron/objects/qos/rule_type.py | 5 +- neutron/objects/rbac.py | 20 +- neutron/objects/rbac_db.py | 87 +- neutron/objects/router.py | 13 +- neutron/objects/securitygroup.py | 12 +- neutron/objects/stdattrs.py | 2 +- neutron/objects/subnet.py | 8 +- neutron/objects/subnetpool.py | 9 +- neutron/objects/tag.py | 2 +- neutron/objects/trunk.py | 12 + neutron/opts.py | 6 +- neutron/pecan_wsgi/hooks/quota_enforcement.py | 12 +- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 5 +- .../linuxbridge/mech_driver/mech_linuxbridge.py | 6 +- .../drivers/macvtap/mech_driver/mech_macvtap.py | 6 +- neutron/plugins/ml2/drivers/mech_agent.py | 67 +- .../drivers/mech_sriov/agent/eswitch_manager.py | 60 +- .../ml2/drivers/mech_sriov/agent/pci_lib.py | 18 +- .../drivers/mech_sriov/mech_driver/mech_driver.py | 9 +- .../drivers/openvswitch/agent/common/constants.py | 8 + .../agent/extension_drivers/qos_driver.py | 25 +- .../agent/openflow/native/br_dvr_process.py | 2 +- .../openvswitch/agent/openflow/native/br_int.py | 97 +- .../openvswitch/agent/openflow/native/br_tun.py | 23 - .../openvswitch/agent/openflow/native/ofswitch.py | 14 +- .../agent/openflow/native/ovs_bridge.py | 48 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 87 +- .../openvswitch/mech_driver/mech_openvswitch.py | 6 +- neutron/plugins/ml2/drivers/ovn/db_migration.py | 111 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 148 ++- .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 1 + .../ovn/mech_driver/ovsdb/extensions/placement.py | 273 +++++ .../ovn/mech_driver/ovsdb/extensions/qos.py | 151 ++- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 71 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 137 ++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 310 +++-- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 81 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 375 ++++-- neutron/plugins/ml2/managers.py | 69 +- neutron/plugins/ml2/ovo_rpc.py | 15 +- neutron/plugins/ml2/plugin.py | 136 ++- neutron/policy.py | 4 + neutron/privileged/agent/linux/ip_lib.py | 6 +- neutron/privileged/agent/linux/utils.py | 10 +- neutron/quota/__init__.py | 4 + neutron/quota/resource.py | 111 +- neutron/services/local_ip/__init__.py | 0 neutron/services/local_ip/local_ip_plugin.py | 48 + neutron/services/logapi/agent/l3/base.py | 3 + neutron/services/logapi/api_base.py | 86 ++ neutron/services/logapi/common/db_api.py | 26 +- neutron/services/logapi/common/sg_callback.py | 2 +- neutron/services/logapi/drivers/base.py | 3 +- .../logapi/drivers/openvswitch/ovs_firewall_log.py | 2 +- neutron/services/logapi/drivers/ovn/driver.py | 22 +- neutron/services/logapi/logging_plugin.py | 22 +- neutron/services/logapi/rpc/server.py | 12 +- neutron/services/metering/agents/metering_agent.py | 14 +- .../services/metering/drivers/abstract_driver.py | 4 +- .../metering/drivers/iptables/iptables_driver.py | 6 +- neutron/services/ndp_proxy/__init__.py | 0 neutron/services/ndp_proxy/exceptions.py | 65 + neutron/services/ndp_proxy/plugin.py | 386 ++++++ neutron/services/ovn_l3/plugin.py | 62 +- neutron/services/placement_report/plugin.py | 23 +- .../services/portforwarding/drivers/ovn/driver.py | 10 +- neutron/services/qos/constants.py | 30 - neutron/services/qos/drivers/manager.py | 3 +- neutron/services/qos/drivers/openvswitch/driver.py | 8 +- neutron/services/qos/drivers/ovn/driver.py | 7 +- neutron/services/qos/drivers/sriov/driver.py | 3 +- neutron/services/qos/qos_plugin.py | 509 ++++++-- neutron/services/revisions/revision_plugin.py | 2 +- neutron/services/segments/db.py | 10 +- neutron/services/tag/tag_plugin.py | 2 +- neutron/services/timestamp/timestamp_db.py | 2 +- .../drivers/openvswitch/agent/ovsdb_handler.py | 2 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 13 +- neutron/services/trunk/models.py | 2 +- neutron/services/trunk/plugin.py | 60 +- .../functional/agent/l3/test_legacy_router.py | 31 + .../functional/agent/linux/test_bridge_lib.py | 2 +- .../agent/ovn/metadata/test_metadata_agent.py | 27 +- .../test_c3e9d13c4367_add_binding_index_to_.py | 10 +- .../functional/pecan_wsgi/test_controllers.py | 75 +- .../mech_driver/ovsdb/extensions/test_placement.py | 188 +++ .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 25 +- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 19 +- .../ovn/mech_driver/ovsdb/test_ovn_db_resources.py | 28 + .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 203 ++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 169 ++- .../drivers/ovn/mech_driver/test_mech_driver.py | 367 +++++- .../l3_router/test_l3_dvr_router_plugin.py | 87 +- .../services/logapi/drivers/ovn/test_driver.py | 63 +- .../functional/services/ovn_l3/test_plugin.py | 40 +- .../openvswitch/agent/test_trunk_manager.py | 2 + .../unit/agent/common/test_placement_report.py | 120 +- .../agent/l2/extensions/test_fdb_population.py | 10 +- .../unit/agent/l2/extensions/test_local_ip.py | 344 ++++++ .../linux/openvswitch_firewall/test_firewall.py | 84 +- .../api/rpc/handlers/test_securitygroups_rpc.py | 4 +- .../conf/policies/test_auto_allocated_topology.py | 32 +- .../unit/conf/policies/test_availability_zone.py | 4 +- .../unit/conf/policies/{base.py => test_base.py} | 57 + .../unit/conf/policies/test_floatingip_pools.py | 9 +- .../policies/test_floatingip_port_forwarding.py | 80 +- .../unit/conf/policies/test_l3_conntrack_helper.py | 70 +- .../conf/policies/test_local_ip_association.py | 181 +++ .../conf/policies/test_network_ip_availability.py | 4 +- .../conf/policies/test_network_segment_range.py | 10 +- .../unit/conf/policies/test_security_group.py | 130 +- .../ipam/drivers/neutrondb_ipam/test_driver.py | 6 - .../plugins/ml2/drivers/l2pop/test_mech_driver.py | 12 +- .../agent/test_linuxbridge_neutron_agent.py | 14 +- .../mech_driver/test_mech_linuxbridge.py | 16 +- .../macvtap/mech_driver/test_mech_macvtap.py | 16 +- .../unit/plugins/ml2/drivers/mech_fake_agent.py | 8 + .../mech_sriov/agent/test_eswitch_manager.py | 118 +- .../ml2/drivers/mech_sriov/agent/test_pci_lib.py | 11 +- .../mech_driver/test_mech_sriov_nic_switch.py | 38 +- .../unit/plugins/ml2/drivers/mechanism_logger.py | 46 + .../unit/plugins/ml2/drivers/mechanism_test.py | 16 +- .../agent/extension_drivers/test_qos_driver.py | 32 + .../agent/openflow/native/ovs_bridge_test_base.py | 86 +- .../agent/openflow/native/test_br_int.py | 152 ++- .../agent/openflow/native/test_br_tun.py | 39 - .../openvswitch/agent/test_ovs_neutron_agent.py | 42 +- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 3 - .../mech_driver/test_mech_openvswitch.py | 101 +- .../mech_driver/ovsdb/extensions/test_placement.py | 234 ++++ .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 103 +- .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 4 +- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 77 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 153 ++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 122 ++ .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 2 + .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 355 +++--- .../drivers/ovn/mech_driver/test_mech_driver.py | 481 ++++++-- .../plugins/ml2/drivers/ovn/test_db_migration.py | 9 +- .../unit/plugins/ml2/test_tracked_resources.py | 62 +- .../unit/privileged/agent/linux/test_ip_lib.py | 15 +- .../unit/scheduler/test_dhcp_agent_scheduler.py | 6 +- .../unit/services/logapi/common/test_db_api.py | 117 +- .../drivers/openvswitch/test_ovs_firewall_log.py | 8 + .../unit/services/logapi/test_logging_plugin.py | 22 - .../metering/agents/test_metering_agent.py | 10 +- .../services/metering/drivers/test_iptables.py | 12 +- .../unit/services/metering/test_metering_plugin.py | 92 +- .../unit/services/placement_report/test_plugin.py | 80 ++ .../portforwarding/drivers/ovn/test_driver.py | 51 +- .../services/revisions/test_revision_plugin.py | 3 +- .../trunk/drivers/ovn/test_trunk_driver.py | 6 +- neutron/wsgi.py | 3 +- playbooks/configure_functional_job.yaml | 6 + playbooks/enable-fips.yaml | 5 + playbooks/run_functional_job.yaml | 2 - ...lapping_ips-config-option-0e33af8876bad28f.yaml | 8 + ...ce-driver-plug_new-method-3377ce0b776df6b2.yaml | 9 + ...ksegments-uniq-constraint-89e52b42ca2f7ec2.yaml | 8 + ...-shared-field-to-response-9ff6b49d36f4af4d.yaml | 7 + ...for-direct-physical-ports-32547cc133c122ef.yaml | 7 + .../notes/bug-817525-eef68687dafa97fd.yaml | 6 + .../deprecate-agent-veth_mtu-748ca450e32ea192.yaml | 6 + ...op-portbindingports-table-575c6d059c698bf0.yaml | 8 + .../fix-ovn-dns-extensions-d94ec25d20714b20.yaml | 6 + ...ove-router-callback-event-5ddd73679f23039b.yaml | 7 + ...rit-from-L3AgentExtension-12c8f1fe2af26379.yaml | 7 + releasenotes/notes/local_ip-de07013ea3e49c67.yaml | 12 + ...ew_QuotaDriverAPI_methods-ed76d167974d6f9d.yaml | 8 + ...-dns-servers-ipv6-subnets-f2d525abc70b01b3.yaml | 11 + ...it-one-physnet-per-bridge-188285955a5ea124.yaml | 4 + ...-smartnic-dpu-portbinding-dd0a16bac6d2e59f.yaml | 7 + ...rt-stateless-sg-mandatory-bdeb1bc626decc51.yaml | 5 + ...ovn-support-virtual-ports-3da6dc89937a63c7.yaml | 5 + .../ovn-supports-Port_Group-96fc1a89e2da163d.yaml | 7 + ...se-stateless-nat-for-fips-e764c4ece4024be1.yaml | 6 + .../pkt-processing-capacity-1c43fe49d7bb2193.yaml | 13 + ...t-resource-request-groups-516820eed2fc659b.yaml | 17 + .../notes/pps-config-ovs-036b5940694f786c.yaml | 15 + ...nheritance-support-in-ovn-1d68b54c42c865da.yaml | 7 + ...os-pps-minimum-rule-alias-dbd652445a033f31.yaml | 6 + .../qos_min_pps_rule_ovs-3fe3d73227980c53.yaml | 5 + .../qos_rule_type_min_pps-0cc3fe5b0ee5d596.yaml | 5 + ...tize-port-binding-profile-5b0cba2566f7f950.yaml | 9 + ...imeout-to-report_interval-1265a70b0728e08c.yaml | 5 + releasenotes/source/conf.py | 16 +- releasenotes/source/index.rst | 1 + releasenotes/source/xena.rst | 6 + requirements.txt | 24 +- roles/disable_selinux/tasks/main.yaml | 3 + setup.cfg | 10 + tools/configure_for_func_testing.sh | 47 +- tools/install_venv.py | 78 -- tools/install_venv_common.py | 170 --- .../templates/create-resources.sh.j2 | 23 +- .../tripleo_environment/ovn_migration.sh | 50 +- .../playbooks/ovn-migration.yml | 9 + .../roles/migration/tasks/activate-ovn.yml | 4 +- .../roles/migration/tasks/cleanup-dataplane.yml | 42 +- .../roles/migration/tasks/clone-dataplane.yml | 4 +- .../pre-checks/ovn-controllers/tasks/main.yml | 10 + .../roles/resources/create/defaults/main.yml | 1 + .../create/templates/create-resources.sh.j2 | 39 +- .../validate/templates/validate-resources.sh.j2 | 2 +- .../playbooks/roles/stop-agents/tasks/main.yml | 4 + tox.ini | 6 +- zuul.d/base.yaml | 63 +- zuul.d/grenade.yaml | 23 +- zuul.d/job-templates.yaml | 103 ++ zuul.d/project.yaml | 88 +- zuul.d/rally.yaml | 23 +- zuul.d/tempest-multinode.yaml | 42 +- zuul.d/tempest-singlenode.yaml | 99 +- zuul.d/tripleo.yaml | 14 +- 569 files changed, 21981 insertions(+), 8524 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 7b96f35325..24886b6c30 100644 --- a/requirements.txt +++ b/requirements.txt @@ -10,2 +10,2 @@ debtcollector>=1.19.0 # Apache-2.0 -decorator>=3.4.0 # BSD -eventlet>=0.25.1 # MIT +decorator>=4.1.0 # BSD +eventlet>=0.26.1 # MIT @@ -19,2 +19,2 @@ netifaces>=0.10.4 # MIT -neutron-lib>=2.15.0 # Apache-2.0 -python-neutronclient>=6.7.0 # Apache-2.0 +neutron-lib>=2.20.0 # Apache-2.0 +python-neutronclient>=7.8.0 # Apache-2.0 @@ -22 +22 @@ tenacity>=6.0.0 # Apache-2.0 -SQLAlchemy>=1.3.23 # MIT +SQLAlchemy>=1.4.23 # MIT @@ -26 +26 @@ alembic>=1.6.5 # MIT -stevedore>=1.20.0 # Apache-2.0 +stevedore>=2.0.1 # Apache-2.0 @@ -36 +36 @@ oslo.middleware>=3.31.0 # Apache-2.0 -oslo.policy>=3.7.0 # Apache-2.0 +oslo.policy>=3.10.1 # Apache-2.0 @@ -39 +39 @@ oslo.reports>=1.18.0 # Apache-2.0 -oslo.rootwrap>=5.8.0 # Apache-2.0 +oslo.rootwrap>=5.15.0 # Apache-2.0 @@ -41 +41 @@ oslo.serialization>=2.25.0 # Apache-2.0 -oslo.service>=1.31.0 # Apache-2.0 +oslo.service>=2.8.0 # Apache-2.0 @@ -43 +43 @@ oslo.upgradecheck>=1.3.0 # Apache-2.0 -oslo.utils>=4.5.0 # Apache-2.0 +oslo.utils>=4.8.0 # Apache-2.0 @@ -46 +46 @@ osprofiler>=2.3.0 # Apache-2.0 -os-ken>=2.0.0 # Apache-2.0 +os-ken>=2.2.0 # Apache-2.0 @@ -49 +49 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=1.11.0 # Apache-2.0 +ovsdbapp>=1.15.0 # Apache-2.0