[release-announce] neutron 21.2.0 (zed)

23 Nov 2023

      We are thrilled to announce the release of:

neutron 21.2.0: OpenStack Networking

This release is part of the zed stable release series.

The source is available from:

    https://opendev.org/openstack/neutron

Download the package from:

    https://tarballs.openstack.org/neutron/

Please report issues through:

    https://bugs.launchpad.net/neutron/+bugs

For more details, please see below.

21.2.0
^^^^^^

Known Issues
************

* When using ML2/OVN, during an upgrade procedure, the OVS system-id
  stored value can be changed. The ovn-controller service will create
  the "Chassis" and "Chassis_Private" registers based on this OVS
  system-id. If the ovn-controller process is not gracefully stopped,
  that could lead to the existence of duplicated "Chassis" and
  "Chassis_Private" registers in the OVN Southbound database.

Bug Fixes
*********

* [bug 2022914 (https://bugs.launchpad.net/neutron/+bug/2022914)]
  Neutron-API supports using relays as the southbound connection in a
  ML2/OVN setup. Before the maintenance worker of the API required a
  leader_only connection, which was removed.

* Fixed the scenario where the DHCP agent is deployed in conjunction
  with the OVN metadata agent in order to serve metadata for baremetal
  nodes. In this scenario, the DHCP agent would not set the route
  needed for the OVN metadata agent service resulting in baremetal
  nodes not being able to query the metadata service. For more
  information see bug 1982569
  (https://bugs.launchpad.net/neutron/+bug/1982569).

* For OVN versions v22.09.0 and above, the "mcast_flood_reports"
  option is now set to "false" on all ports except "localnet" types.
  In the past, this option was set to "true" as a workaround for a bug
  in core OVN multicast implementation.

* Now the ML2/OVN trunk driver prevents a trunk creation if the
  parent port is already bound. In the same way, if a parent port
  being used in a trunk is bound, the trunk cannot be deleted.

* During the port bulk creation, if an IPAM allocation fails (for
  example, if the IP address is outside of the subnet CIDR), the other
  IPAM allocations already created are deleted before raising the
  exception. Fixes bug 2039550 (https://launchpad.net/bugs/2039550).

* A new OVN maintenance method "remove_duplicated_chassis_registers"
  is added. This method will periodically check the OVN Southbound
  "Chassis" and "Chassis_Private" tables looking for duplicated
  registers. The older ones (based on the
  "Chassis_Private.nb_cfg_timestamp" value) will be removed when more
  than one register has the same hostname, that should be unique.

Other Notes
***********

* The external_mac entry in the NAT table is used to
  distribute/centralize the traffic to the FIPs. When there is an
  external_mac set the traffic is distributed (DVR). When it is empty
  it is centralized through the gateway port (no DVR). Upon port
  status transition to down, the external_mac was removed regardless
  of DVR being enabled or not, leading to centralize the FIP traffic
  for DVR -- though it was for down ports that won't accept traffic
  anyway.

* Adds a maintenance task that runs once a day and is responsible
  for cleaning up Hash Ring nodes that haven't been updated in 5 days
  or more. See LP #2033281 for more information.

* Added the missing extension "uplink-status-propagation" to the
  ML2/OVN mechanism driver. This extension is used by the ML2/SR-IOV
  mechanism driver, that could be loaded with ML2/OVN. Now it is
  possible to create ports with the "uplink-status-propagation" flag
  defined.

Changes in neutron 21.1.2..21.2.0
---------------------------------

15d5db0d6e Ensure ovn loadbalancer FIPs are centralized upon neutron restarts
0e38f2ab9a [Fullstack] Drop all linuxbridge scenarios from fullstack tests
67c1b0df24 [Stable Only] Fix parent for nftables job
66a55a2844 Restore the tempest nftables jobs in experimental and periodic queues
d869affee8 [DHCP agent] Add route to OVN metadata port if exists
d1e3446133 Send ovn heatbeat more often.
a7e91a84aa Spread OVN metadata agent heartbeat response in time
85b25009af "ebtables-nft" MAC rule deletion failing
717eb38991 Remove any IPAM allocation if port bulk creation fails
6476edc986 Add dhcpagentscheduler API extension to the ML2/OVN extensions
d9596fd18f [stable-only] Replace cirros image versions not cached in the CI
d3001b6f63 Parameter filters may be None, which cannot be called with **
373d8ee969 Use safer methods to get security groups on security group logging
3152bc14f8 [OVN] Fix rate and burst for stateless security groups
3597474477 [OVN] Add the default condition check in ``PortBindingChassisEvent``
0364f18848 [OVN] Match LSP_TYPE_VIRTUAL in PortBindingUpdateVirtualPortsEvent
904db03f3e Revert "[OVN][Trunk] Add port binding info on subport when parent is bound"
d25c129ec2 Reduce lock contention on subnets
86bc3761d1 [PostgreSQL] Subnet entity with ServiceType grouped by both tables
e27a4af2b1 Add 3 secs to wait for keepalived state change
52b8d5cf0c Use HasStandardAttributes as parent class for Tags DB model
a48f34022d Switch fullstack/functional fips jobs to 9-stream
40c2afc2dc Functional: assert multiple calls for update_virtual_port_host
37d09f95cd Call the "tc qdisc" command for ingress qdisc without parent
f3409f6b6c Revert "[OVN][Trunk] Set the subports correct host during live migration"
810c813adf Improve the ``PortBindingUpdateVirtualPortsEvent`` match filter
d08194bbb7 [FT] Make explicit the "publish" call check in "test_port_forwarding"
850da2af84 [OVN] Cleanup old Hash Ring node entries
e369dbf32e [OVN] Add the 'uplink-status-propagation' extension to ML2/OVN
1ce5ef7f83 [OVN][Trunk] Set the subports correct host during live migration
6a9990dba1 [OVN] Skip the port status UP update during a live migration
9a537fdf6c Fix ovn-metadata agent sync of unused namespaces
7da91baa25 [OVN] Disable the mcast_flood_reports option for LSPs
bc71377ba7 [OVN] ovn-db-sync check for router port differences
7364c5527f hash-ring: Retry all DB operations if inactive
3729df1181 [OVN] Retry retrieving LSP hosting information
2e50aef67a [UT] Create network to make lazy loading in the models_v2 possible
b96dc966ce dvr: Avoid installing non-dvr openflow rule on startup
ebd19805b8 [OVN] Hash Ring: Better handle Neutron worker failures
a34549294c [neutron-api] remove leader_only for sb connection
a131686abf Fix ACL sync when default sg group is created
4f2de74171 [OVN][L3] Optimize FIP update operation
bfdc1bf25a Set result when lswitch port exist
b9b819d766 Ensure traffic is not centralized if DVR is enabled
1fe05c561c Don't allow deletion of the router ports without IP addresses
a03a60e89d Disable pool recycle in tests
4d09a6f7de Delete sg rule which remote is the deleted sg
984193b0dc [OVN] Expose chassis hosting information in LSP
0d499808f1 [OVN] Prevent Trunk creation/deletion with parent port bound
7972c1e224 Load FIP information during initialize not init
ad78bd4ca2 [OVN] Hash Ring: Set nodes as offline upon exit
b4f7c9dff4 [OVN] Improve Hash Ring logs
f1d7dbc3e7 [qos] _validate_create_network_callback return in no network
a1547abb99 [OVN] Remove SB "Chassis"/"Chassis_Private" duplicated registers

Diffstat (except docs and test files)
-------------------------------------

neutron/agent/l3/dvr_local_router.py               |   3 +
neutron/agent/linux/dhcp.py                        |  64 +++++---
neutron/agent/ovn/metadata/agent.py                |  44 ++++--
neutron/api/rpc/handlers/securitygroups_rpc.py     |   7 +
neutron/cmd/ovn/neutron_ovn_db_sync_util.py        |   8 +-
neutron/common/ovn/constants.py                    |   1 +
neutron/common/ovn/exceptions.py                   |   7 +-
neutron/common/ovn/extensions.py                   |   4 +
neutron/common/ovn/hash_ring_manager.py            |   9 +-
neutron/common/ovn/utils.py                        |   7 +
neutron/common/utils.py                            |  16 ++
neutron/db/address_group_db.py                     |   1 +
neutron/db/db_base_plugin_v2.py                    |   2 +-
neutron/db/ipam_backend_mixin.py                   |   2 +-
neutron/db/l3_db.py                                |   9 --
neutron/db/l3_dvr_db.py                            |  15 +-
neutron/db/models/tag.py                           |   2 +-
neutron/db/models_v2.py                            |  52 +++++--
neutron/db/ovn_hash_ring_db.py                     |  78 ++++++++--
neutron/objects/subnet.py                          |   9 ++
.../ml2/drivers/linuxbridge/agent/arp_protect.py   |   4 +-
.../openvswitch/agent/openflow/native/br_tun.py    |  16 +-
.../openvswitch/agent/ovs_dvr_neutron_agent.py     |  18 ++-
.../drivers/openvswitch/agent/ovs_neutron_agent.py |   3 +-
.../ml2/drivers/ovn/mech_driver/mech_driver.py     |  42 ++++--
.../ml2/drivers/ovn/mech_driver/ovsdb/commands.py  |   1 +
.../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py  |   4 +
.../drivers/ovn/mech_driver/ovsdb/maintenance.py   | 128 ++++++++++++++--
.../drivers/ovn/mech_driver/ovsdb/ovn_client.py    | 163 +++++++++++++++++----
.../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py   |  77 ++++++++--
.../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py |  63 ++++----
neutron/plugins/ml2/plugin.py                      |  17 ++-
neutron/services/logapi/drivers/ovn/driver.py      |  37 ++++-
neutron/services/ovn_l3/plugin.py                  |   2 +-
neutron/services/qos/qos_plugin.py                 |   4 +-
neutron/services/trunk/drivers/ovn/trunk_driver.py |  39 +++--
neutron/services/trunk/plugin.py                   |   5 +-
.../agent/l3/test_keepalived_state_change.py       |   2 +-
.../ovn/mech_driver/ovsdb/test_maintenance.py      |  86 +++++++++--
.../ovn/mech_driver/ovsdb/test_ovn_client.py       |  18 +++
.../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py    |  98 ++++++++++++-
.../privileged/agent/linux/test_tc_lib.py          |  37 +++--
.../services/logapi/drivers/ovn/test_driver.py     |   6 +
.../trunk/drivers/ovn/test_trunk_driver.py         |  75 ++++++----
.../api/rpc/handlers/test_securitygroups_rpc.py    |  50 ++++++-
.../agent/openflow/native/test_br_tun.py           |  33 ++++-
.../drivers/openvswitch/agent/test_ovs_tunnel.py   |   9 +-
.../drivers/ovn/mech_driver/ovsdb/test_commands.py |   2 +-
.../ovn/mech_driver/ovsdb/test_maintenance.py      |  83 ++++++++++-
.../ovn/mech_driver/ovsdb/test_ovn_client.py       | 132 ++++++++++++++++-
.../ovn/mech_driver/ovsdb/test_ovn_db_sync.py      |  42 ++++++
.../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py    |  17 ++-
.../drivers/ovn/mech_driver/test_mech_driver.py    |  41 ++++--
.../services/logapi/drivers/ovn/test_driver.py     |  41 ++++--
.../trunk/drivers/ovn/test_trunk_driver.py         |   2 -
.../notes/bug-2022914-edbf1ea3514596b8.yaml        |   7 +
...p-agent-ovn-metadata-port-33a654ccb9554c65.yaml |   9 ++
.../notes/dvr-external-mac-934409413e515eb2.yaml   |  10 ++
.../notes/hash-ring-cleanup-1079d2375082cebe.yaml  |   6 +
...uplink-status-propagation-4c232954f8b4f0ef.yaml |   7 +
.../ovn-mcast_flood_reports-4eee20856ccfc7d7.yaml  |   7 +
...n-trunk-check-parent-port-eeca2eceaca9d158.yaml |   6 +
..._ipamallocation_leftovers-9d72cc5f616f51e4.yaml |   7 +
...ve_duplicated_ovn_chassis-df12fb6233ea3d3e.yaml |  17 +++
roles/nftables/tasks/main.yaml                     |   6 +
zuul.d/base.yaml                                   |  22 +--
zuul.d/job-templates.yaml                          |   4 +-
zuul.d/tempest-multinode.yaml                      |  24 +--
zuul.d/tempest-singlenode.yaml                     |  12 +-
95 files changed, 1789 insertions(+), 496 deletions(-)

[release-announce] neutron 21.2.0 (zed)

no-reply＠openstack.org