We are thrilled to announce the release of: neutron 15.1.0: OpenStack Networking This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 15.1.0 ^^^^^^ New Features ************ * Adds support for configuring a list of IPv6 addresses for a dhcp- host entry in the dnsmasq DHCP agent driver. For a port with multiple IPv6 fixed-ips in the same subnet a single dhcp-host entry including all the addresses are written to the dnsmasq dhcp- hostsfile. Reserving multiple addresses for a host eases problems related to network and chain-booting where each step in the boot process requests an address using different DUID/IAID combinations. With a single address, only one gets the "static" address and the boot process will fail on the following steps. By reserving enough addresses for all the stages of the boot process this problem is resolved. (See bug: #1861032 (https://bugs.launchpad.net/neutron/+bug/1861032)) Note: This requires dnsmasq version 2.81 or later. Some distributions may backport this feauture to earlier dnsmasq version as part of the packaging, check the distributions releasenotes.Since the new configuration format is invalid in previous versions of dnsmasq this feauture is *disabled* by default. To *enable* the feature set the option "dnsmasq_enable_addr6_list" in DHCP agent configuration to "True". Upgrade Notes ************* * SR-IOV agent code no longer supports old kernels (<3.13) for MacVtap ports. This change is not expected to affect existing deployments since most OS distributions already have the relevant kernel patches. In addition, latest major release of all Supported distributions already have a newer kernel. Deprecation Notes ***************** * Abstract method "plug_new" from the neutron.agent.linux.interface.LinuxInterfaceDriver class now accepts an optional parameter "link_up". Usage of this method, which takes from 5 to 9 positional arguments, without "link_up" is now deprecated and will not be possible starting in the W release. Third-party drivers which inherit from this base class should update the implementation of their "plug_new" method. Security Issues *************** * A change was made to the metadata proxy to not allow a user to override header values, it will now always insert the correct information and remove unnecessary fields before sending requests to the metadata agent. For more information, see bug 1865036 (https://bugs.launchpad.net/neutron/+bug/1865036). Bug Fixes ********* * Fixed an issue where the client on a dual-stack (IPv4 + IPv6) network failed to get configuration from the dnsmasq DHCP server. See bug: 1876094 (https://launchpad.net/bugs/1876094). * Fixed an issue where IP allocation for IPv6 stateless subnets would allocate on invalid subnets when segments are used. Auto- addressing now filters on segment ids when allocating IP addresses. See bugs: #1864225 (https://bugs.launchpad.net/neutron/+bug/1864225), #1864333 (https://bugs.launchpad.net/neutron/+bug/1864333), #1865138 (https://bugs.launchpad.net/neutron/+bug/1865138). * Fixes an issue that the OVS firewall driver does not configure security group rules using remote group properly when a corresponding remote group has no port on a local hypervisor. For more information see bugs: 1862703 (https://bugs.launchpad.net/neutron/+bug/1862703) and 1854131. Changes in neutron 15.0.2..15.1.0 --------------------------------- 9c242a0329 Allow usage of legacy 3rd-party interface drivers 8b22d2b6b4 Add Rocky milestone tag for alembic migration revisions 965be1b00b Report L3 extensions enabled in the L3 agent's config 00dca13b66 Use dhcp-host tag support when supported 528a9ce0a0 Use effective MAC address for macvtap assigned VFs fa3e1c629f SR-IOV: macvtap assigned vf check using sysfs ebae3602e7 Cap pycodestyle to be < 2.6.0 25efa34a8a Router synch shouldn't return unrelated routers c19b9d8ad6 Adding LOG statements to debug 1838449 9cae1e4660 Monkey patch original current_thread _active b019821abd Use dict .get() to avoid a KeyError in the segment plugin 4ef96cafa3 Replace ctype.CDLL by ctypes.PyDLL in linux.ip_lib c945e5ccba Workaround in NetworkSegmentRange OVO until "project_id" migration afd6b2f5ae Avoid raising NetworkInterfaceNotFound exception in DHCP agent logs f900561550 Set a default IP route metric in ip_lib.list_ip_routes 56cf98d52e Filter subnet by segment ID or None f2d234e459 [L3 HA] Add "no_track" option to VIPs in keepalived config a57feaf936 Load the glibc library only once for Pyroute2 b1811dc1bb Increase log information when a RootHelperProcess fails 222beb3a8d Default (shared) network segment range is not mandatory f23fa9af8b Improve port retrieval when validating auto address 476bb78067 "keepalived_state_change" needs to use threading to send arping 026790adf9 Add rootwrap filter rule for radvd-kill script 478e20a61f Replace "ip monitor" command with Pyroute2 implementation d3905264b7 Filter by owner SGs when retrieving the SG rules 62cbdfbaa2 Check tc_lib.add_tc_policy_class input parameters c368674874 Ensure netlink.nla_slot tuple key is a string 7ce6a5c740 Fix return correct cache when reusing port 92f1521353 Increase waiting time for network rescheduling 1bf64726fa Prioritize port create and update ready messages 8657983c6d Use threads insted of greethreads in IP monitor fe62f4db26 Do not link up HA router gateway in backup node c09f191419 Neutron ovs agent: Removing SmartNIC OVS representor port on instance tear down and resync d71d5e1f8d Add trunk subports to be one of dvr serviced device owners 92b2d9c25a Wait before deleting trunk bridges for DPDK vhu a8e526bb0f Revert "Switch to use cast method in dhcp_ready_on_ports method" 22df469504 [OvS] Handle re_added multi ports 141bbe5e2f [DVR] Don't populate unbound ports in router's ARP cache b38dc02d74 Use rally-openstack 1.7.0 for stable/train 4991325054 ovsdb monitor: handle modified ports 26ddb076b8 Reno only - Make stateless allocation segment aware 259049e25e Deny delete last slaac subnet with allocation on segment c4264b7ded subnet create - segment aware auto-addr allocation 16687e39b6 Filter subnets on fixed_ips segment 842d6318c9 Register DNSMASQ_OPTS in functional sanity tests 03e88cd72a DHCPv6 - Use addr6_list in dnsmasq bbe401aaf9 Fix queries to retrieve allocations with network_segment_range 651eb12bec Improve VLAN allocations synchronization 8166b1be44 Add "project_id" filter when changing the network segmentation ID bcc4f98a3d Remove extra header fields in proxied metadata requests a025723e8a Ensure that default SG exists during list of SG rules API call a56f11222a Do not initialize snat-ns twice 13f2e1344a Re-use existing ProcessLauncher from wsgi in RPC workers fb06c497a6 Check SG members instead of ports to skip flow update bc0ab0fcd7 ovs agent: signal to plugin if tunnel refresh needed e894904a7d dhcp-agent: equalize port create_low/update/delete priority Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 3 +- etc/neutron/rootwrap.d/l3.filters | 1 + neutron/agent/common/ovsdb_monitor.py | 16 +- neutron/agent/dhcp/agent.py | 44 ++- neutron/agent/l3/agent.py | 3 +- neutron/agent/l3/dvr_edge_ha_router.py | 8 +- neutron/agent/l3/dvr_edge_router.py | 10 +- neutron/agent/l3/ha.py | 9 + neutron/agent/l3/ha_router.py | 46 +++- neutron/agent/l3/keepalived_state_change.py | 93 ++++--- neutron/agent/l3/router_info.py | 20 +- neutron/agent/linux/dhcp.py | 151 +++++++--- neutron/agent/linux/interface.py | 51 +++- neutron/agent/linux/ip_lib.py | 58 ++-- neutron/agent/linux/ip_monitor.py | 86 ------ neutron/agent/linux/keepalived.py | 22 +- .../agent/linux/openvswitch_firewall/firewall.py | 2 +- neutron/agent/linux/tc_lib.py | 50 +++- neutron/agent/metadata/agent.py | 39 ++- neutron/agent/metadata/driver.py | 7 +- .../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 4 +- neutron/api/rpc/handlers/l3_rpc.py | 7 + neutron/cmd/runtime_checks.py | 11 + neutron/cmd/sanity/checks.py | 16 ++ neutron/common/_constants.py | 3 + neutron/common/cache_utils.py | 26 +- neutron/common/eventlet_utils.py | 6 + neutron/common/utils.py | 4 +- neutron/conf/agent/dhcp.py | 3 + neutron/db/db_base_plugin_v2.py | 18 +- neutron/db/ipam_backend_mixin.py | 5 +- neutron/db/ipam_pluggable_backend.py | 23 +- neutron/db/l3_dvr_db.py | 16 +- neutron/db/l3_dvrscheduler_db.py | 16 +- .../rocky/expand/867d39095bf4_port_forwarding.py | 5 + neutron/db/models/plugins/ml2/geneveallocation.py | 8 + .../models/plugins/ml2/gre_allocation_endpoints.py | 8 + neutron/db/models/plugins/ml2/vlanallocation.py | 8 + neutron/db/models/plugins/ml2/vxlanallocation.py | 8 + neutron/db/securitygroups_db.py | 13 + neutron/objects/network_segment_range.py | 97 ++++++- neutron/objects/plugins/ml2/base.py | 42 +++ neutron/objects/plugins/ml2/flatallocation.py | 4 +- neutron/objects/plugins/ml2/geneveallocation.py | 9 +- neutron/objects/plugins/ml2/greallocation.py | 9 +- neutron/objects/plugins/ml2/vlanallocation.py | 37 ++- neutron/objects/plugins/ml2/vxlanallocation.py | 9 +- neutron/objects/ports.py | 7 + neutron/objects/securitygroup.py | 20 ++ neutron/objects/subnet.py | 45 ++- neutron/plugins/ml2/drivers/helpers.py | 142 +++------- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 3 +- .../drivers/mech_sriov/agent/common/exceptions.py | 6 +- .../drivers/mech_sriov/agent/eswitch_manager.py | 93 ++++--- .../ml2/drivers/mech_sriov/agent/pci_lib.py | 40 +-- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 126 ++++++--- neutron/plugins/ml2/drivers/type_vlan.py | 53 ++-- neutron/plugins/ml2/managers.py | 4 +- neutron/privileged/agent/linux/ip_lib.py | 47 +++- neutron/server/wsgi_eventlet.py | 2 +- neutron/service.py | 17 +- neutron/services/segments/exceptions.py | 4 + neutron/services/segments/plugin.py | 51 +++- .../drivers/openvswitch/agent/ovsdb_handler.py | 3 + .../agent/l3/bin/cmd_keepalived_state_change.py | 22 ++ .../agent/l3/test_keepalived_state_change.py | 215 ++++++++------- .../functional/agent/linux/test_ip_monitor.py | 67 ----- .../openvswitch/agent/test_ovsdb_handler.py | 3 +- .../linux/openvswitch_firewall/test_firewall.py | 19 +- .../objects/plugins/ml2/test_geneveallocation.py | 6 +- .../unit/objects/plugins/ml2/test_greallocation.py | 6 +- .../objects/plugins/ml2/test_vlanallocation.py | 6 +- .../objects/plugins/ml2/test_vxlanallocation.py | 6 +- .../unit/objects/test_network_segment_range.py | 206 ++++++++++++-- .../agent/test_linuxbridge_neutron_agent.py | 3 +- .../mech_sriov/agent/test_eswitch_manager.py | 159 ++++++----- .../ml2/drivers/mech_sriov/agent/test_pci_lib.py | 40 +-- .../mech_sriov/agent/test_sriov_nic_agent.py | 18 -- .../openvswitch/agent/test_ovs_neutron_agent.py | 306 ++++++++++++++------- .../unit/plugins/ml2/drivers/test_type_vlan.py | 18 ++ .../unit/privileged/agent/linux/test_ip_lib.py | 9 +- neutron/wsgi.py | 6 + ...without-link_up-parameter-27f8310eb1e1910a.yaml | 10 + ...p-host-addr6-list-support-45d104b3f7ce220e.yaml | 25 ++ ...k-issue-with-dnsmasq-2.81-c95a46e4f4459bd1.yaml | 6 + ...-allocation-with-segments-b90e99a30d096c9d.yaml | 9 + ...ity-group-no-port-on-host-9177e66d4b16e90c.yaml | 8 + ...roxy-header-vulnerability-60c44eb7c76d560c.yaml | 8 + ...rnel-3.13-removed-support-8bb00902dd607746.yaml | 8 + test-requirements.txt | 2 +- 119 files changed, 2925 insertions(+), 1152 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index c8f3f91857..9f87ab69c4 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -10 +10 @@ flake8-import-order==0.12 # LGPLv3 -pycodestyle>=2.0.0 # MIT +pycodestyle>=2.0.0,<2.6.0 # MIT