We are satisfied to announce the release of: neutron 15.0.2: OpenStack Networking This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 15.0.2 ^^^^^^ Upgrade Notes ************* * For users affected by bug 1853840 (https://launchpad.net/bugs/1853840) the hypervisor name now can be set per physical network device in config option "resource_provider_hypervisors" which is located in the "[ovs]" ini- section for "ovs-agent" and "[sriov_nic]" ini-section for "sriov- agent". Hypervisor names default to "socket.gethostname()" which works out of the box with "libvirt" even when the "DEFAULT.host" config option is set to a non-default value. Bug Fixes ********* * Bug https://bugs.launchpad.net/neutron/+bug/1732067 described a flooding issue on the neutron-ovs-agent integration bridge. And bug https://bugs.launchpad.net/neutron/+bug/1841622 proposed a solution for it. The accepted egress packets will be taken care in the final egress tables (61 when openflow firewall is not enabled, table 94 otherwise) with direct output flows for unicast traffic with a minimum influence on the existing cloud networking. A new config option "explicitly_egress_direct", with default value False, was added for the aim of distinguishing clouds which are running the network node mixed with compute services, upstream neutron CI should be an example. In such situation, this "explicitly_egress_direct" should be set to False, because there are numerous cases from HA routers which can not be covered, particularly when you have centralized floating IPs running in such mixed hosts. Otherwise, set "explicitly_egress_direct" to True to avoid the flooding. One more note is if your network nodes are for networing services only, we recommand you disable all the security_group to get a higher performance. * Neutron now locates the root resource provider of the resource provider tree it creates by using the hypervisor name instead of the hostname. These are different in rare cases only. The hypervisor name can be set per physical network device in config option "resource_provider_hypervisors" which is located in the "[ovs]" ini- section for "ovs-agent" and "[sriov_nic]" ini-section for "sriov- agent". Hypervisor names default to "socket.gethostname()" which works out of the box with "libvirt" even when the "DEFAULT.host" config option is set to a non-default value. We believe this change fixes bug 1853840 (https://launchpad.net/bugs/1853840). * Owners of security groups now see all security group rules which belong to the security group, even if the rule was created by the admin user. Fixes bug 1824248 (https://bugs.launchpad.net/neutron/+bug/1824248). Other Notes *********** * When the "enable_distributed_routing" (DVR) configuration option is set to "True" and tunneling is enabled, the "arp_responder" option will be forced to "True" since it is now required in order for ARP to work properly. For more information, see bug 1774459 (https://bugs.launchpad.net/neutron/+bug/1774459). Changes in neutron 15.0.1..15.0.2 --------------------------------- 503bbdab87 [OVS] Handle added/removed ports in the same polling iteration 3ddba37ccc Unnecessary routers should not be created 9db46c5794 Reset timeout exception in DietTestCase when retrying 1e59a9f6db Remove sleep command when retrieving OVS dp 967d3dea91 Check "security_group_rule" quota during security group creation 9e8bdef93c Randomize BaseFullStackTestCase._find_available_ips c36f1fc292 Remove one of iptables_hybrid jobs a618a26bf4 Ensure driver error preventing trunk port deletion is logged 79ea54b21d Allow to kill keepalived state change monitor process 6c1cf88667 Add accepted egress direct flow 135e37ea52 Fix bug number in release note 8ec0c2d865 Add retries to update trunk port f5354f5343 [L3] Switch order of processing added and removed router ports dc8c1deeee Force arp_responder to True when DVR and tunneling enabled 8680863ae9 Check mtu on network update 9a6766470e Locate RP-tree parent by hypervisor name 124680084c Use "via" in gateway dictionary in Linux Bridge agent a1237df19e don't clear skb mark when ovs is hw-offload enabled 6d9aae2ab3 Cap hacking in test-requirements.txt d1c4ba5810 Use constraints for docs tox target a6b55d760b List SG rules which belongs to tenant's SG Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 7 - .../contributor/testing/ci_scenario_jobs.rst | 5 - etc/neutron/rootwrap.d/l3.filters | 16 +- neutron/agent/common/ovs_lib.py | 14 +- neutron/agent/common/placement_report.py | 61 +++--- neutron/agent/common/utils.py | 24 +++ neutron/agent/l3/router_info.py | 20 +- neutron/agent/linux/ip_lib.py | 2 +- .../agent/linux/openvswitch_firewall/firewall.py | 136 +++++++++++++- neutron/agent/securitygroups_rpc.py | 4 + .../plugins/ml2/drivers/mech_sriov/agent_common.py | 9 + neutron/conf/plugins/ml2/drivers/ovs_conf.py | 21 ++- neutron/conf/policies/security_group.py | 16 +- neutron/db/l3_dvrscheduler_db.py | 10 +- neutron/db/securitygroups_db.py | 24 ++- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 4 +- .../drivers/mech_sriov/agent/sriov_nic_agent.py | 13 +- .../drivers/openvswitch/agent/common/constants.py | 2 + .../openvswitch/agent/openflow/native/br_int.py | 10 +- .../openvswitch/agent/openflow/native/ofswitch.py | 5 +- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 56 +++--- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 208 +++++++++++++++++---- neutron/plugins/ml2/plugin.py | 3 +- neutron/policy.py | 3 +- neutron/services/placement_report/plugin.py | 34 +++- neutron/services/trunk/plugin.py | 16 +- neutron/services/trunk/rpc/server.py | 44 +++-- .../unit/agent/common/test_placement_report.py | 54 +++++- .../linux/openvswitch_firewall/test_firewall.py | 60 +++++- .../agent/test_linuxbridge_neutron_agent.py | 2 +- .../mech_sriov/agent/test_sriov_nic_agent.py | 14 +- .../agent/openflow/native/test_br_int.py | 28 ++- .../openvswitch/agent/test_ovs_neutron_agent.py | 161 +++++++++------- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 9 +- .../unit/scheduler/test_l3_agent_scheduler.py | 5 + .../unit/services/placement_report/test_plugin.py | 33 +++- .../accepted_egress_direct-cc23873e213c6919.yaml | 20 ++ ...rp-responder-true-for-dvr-5aabbfa51945dd5a.yaml | 8 + ...parent-by-hypervisor-name-3244ed87dc57f950.yaml | 23 +++ ...-for-security-group-owner-6635dd3e4c6ab5ee.yaml | 6 + test-requirements.txt | 2 +- tox.ini | 5 +- 55 files changed, 1092 insertions(+), 301 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 3aaac91e36..c8f3f91857 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -4 +4 @@ -hacking>=1.1.0 # Apache-2.0 +hacking>=1.1.0,<1.2.0 # Apache-2.0