We are psyched to announce the release of: neutron 22.2.0: OpenStack Networking This release is part of the antelope release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 22.2.0 ^^^^^^ Prelude ******* The OVN changed support for NAT rules including a new column and auto- discovery logic to know about logical router gateway ports for NAT on a Logical Router. New Features ************ * A new OVN driver Northbound DB column has been added to allow configuring gateway port for NAT rule. If the OVN backend supports the *gateway_port* column in the Northbound DB NAT table, the gateway port uuid will be configured to any floating IP to prevent North/South traffic issues. Previously created FIP rules will be updated only once during the maintenance task to include the gateway_port reference (if OVN backend supports it). In case all FIP entries are already configured no maintenance action will be performed. * A new ovn-cms-options option called "enable-chassis-as-extport- host" is now recognized by ML2/OVN and is used to identify nodes that are eligible for scheduling OVN's external ports. This feature is backward compatible and if no nodes contain this new option the external ports will continue to be scheduled using the "enable- chassis-as-gw" option as before. This change also introduces a limit to the number of members for each HA Chassis Group to 5, matching the limit of gateway router port replicas. This is because OVN uses BFD to monitor the connectivity of each member and having an unlimited number of members could potentially put a lot of stress in OVN. * Remote address group support was added to the iptables-based firewall drivers (IptablesFirewallDriver and OVSHybridIptablesFirewallDriver), Previously it was only available in the OVSFirewallDriver. For more information, see bug 2058138 (https://bugs.launchpad.net/neutron/+bug/2058138). Known Issues ************ * The fix of bug 2048785 (https://bugs.launchpad.net/neutron/+bug/2048785) only fixes newly created trunk parent ports. If the fix of already existing trunks is needed, then either delete and re-create the affected trunks or set tpt ports' vlan_mode and tag manually: "ovs-vsctl set Port tpt-... vlan_mode=access tag=0" Upgrade Notes ************* * In ML2/OVN, any new router gateway port (OVN logical router port) will be scheduled only on those chassis configured as gateway. Any existing router gateway port will preserve the current chassis assignation. Bug Fixes ********* * The config option "agent_down_time" is now limited to a maximum value of *2147483*, as neutron-server will fail to start if it is configured higher. See bug 2028724 (https://bugs.launchpad.net/neutron/+bug/2028724) for more information. * [bug 2036423 (https://bugs.launchpad.net/neutron/+bug/2036423)] Now it is not possible to delete a subnet gateway IP if that subnet has a router interface; the subnet gateway IP modification was already forbidden. * When synchronizing the OVN databases, either when running the migration command or during startup, the code responsible for synchronization will only clean up segment-to-host mappings for hosts with agent_type "OVN Controller agent". Before, the synchronization would clean up (delete) segment-to-host mappings for non-OVN hosts. Fixes bug: 2040172 (https://bugs.launchpad.net/neutron/+bug/2040172). * [bug 2045889 (https://bugs.launchpad.net/neutron/+bug/2045889)] The ports bound to ML2/OVN now contain the OVS bridge name and datapath type in the VIF details dictionary. NOTE: in the ML2/OVS to ML2/OVN migration, the local host OVN bridge (integration bridge) per port is not known; "br-int" will be used by default (that value is rarely changed). * [bug 2036705 (https://bugs.launchpad.net/neutron/+bug/2036705)] The Neutron "port.status" field ("ACTIVE", "DOWN") is now set based on the ML2/OVN Logical Switch Port "up" and "enabled" flags. The user can now set the "port.admin_state_up", that is replicated in the "lsp.enabled" flag, to enable or disable the port. If the port is disabled, the traffic is stopped and the "port.status" is set to "DOWN". Other Notes *********** * When the following configuration is enabled at the same time: * OVN L3 service plugin ("ovn-router") * Port forwarding service plugin ("port_forwarding") * "vlan" or "flat" network types configured in the ML2 configuration variable "tenant_network_types" * The OVN floating IP traffic is distributed ("enable_distributed_floating_ip" = "True") the Neutron server will report a warning during plugin initialization because this is an invalid configuration matrix. Floating IPs need to always be centralized in such a case. For more details see bug report (https://bugs.launchpad.net/neutron/+bug/2028846). * The new value for 'device_owner' for OVN loadbalancer health monitor ports (ovn-lb-hm:distributed) is now supported by Neutron, providing a LOCALPORT behavior to these ports. The responsibility to define these ports with the new value instead of the old one (network:distributed) is under the OVN-Octavia Provider driver, which will take care of database conversion for these ports. * Added extension "subnetpool-prefix-ops" to the ML2/OVN mechanism driver. Changes in neutron 22.1.0..22.2.0 --------------------------------- 27eee0b9e8 Checking pci_slot to avoid changing staus to BUILD forever 603f388ae9 [FT] Add a timeout for the NB/SB connection stop method 182b5acbdf Add the port "fixed_ips" information in the DHCP RPC 46dbdcf3f2 Change to use selectin for RBACs in SubnetPool DB load strategy 14dca0116e Return empty BpInfo if missing binding:profile d32fa358c5 Increase timeout in test_get_all_devices() 65be5a940b Add debug information to ``MacvtapAgentTestCase.test_get_all_devices`` 9de68a7408 Cleanup before executing "test_get_all_devices" 498eaa16a0 [2023.1 Only][OVN] Add the bridge name and datapath type to the port VIF details 0fb74dbbe1 [OVN] Sanitize the classless-static-route DHCP option 114f68fa59 [FT] Run test_periodic_sync_routers_task tests serially 1045985c76 Add a default goto table=94 for openvswitch fw 27869542aa [OVN] Bump revision number after update_virtual_port_host cbcfa692fc [OVN] Fix virtual parent match for PortBindingUpdateVirtualPortsEvent ebd52b0df3 [OVN] Update lsp host id when virtual parent moves 4f5c023279 Revert "Use HasStandardAttributes as parent class for Tags DB model" 961a7a304c [ML2/OVN] Add gateway_port support for FIP cd92d42cfa [stable only] Fix KeyError in set_gateway_mtu fde31034ae [functional tests] compatibility with ovsdbapp>=2.2.2 da8f6ef4dd [stable only] Do not fail on missing logical router ports 75eefdbc69 Return both project_id when validating auto allocate network c190408171 [stable/2023.1 only] Fix missing test fix for ext gw 0fe6b7cec0 Don't update revision number if object was not modified 2ec0ef0909 Fix KeyError failure in _sync_subnet_dhcp_options() 872c6ad2cd Enhance IptablesFirewallDriver with remote address groups 0a421118f2 [OVN] The L3 scheduler does not use all chassis by default 9bb37523a5 [stable/2023.1 only] Fix incorrect cherry-pick for ext gw a8bf8cdaa6 Fix TestOVNMechanismDriver ipv6 tests 10af328885 Use the system-dependent string for IP protocol 4 d17b1a6abb Fix iptables mapping of 'ipip' protocol 5ffec5d17a [OVN] Set MTU of the VETH interfaces between OVS and metadata 0673a9bb23 [stable-only][OVN] Set VETH interface MAC address before up 0dfe8dedd6 Ensure that haproxy spawned by the metadata agents is active b34911a6c9 [OVN] A LRP in an external tunnelled network has no chassis 1d2a1c68c0 Retry ``set|get_link_attribute(s)`` if the interface is not present 475a25259f [Docs] Add info about incompatible PF configuration in ML2/OVN gaps bd6595ddb8 Log warning about port forwardings that won't work properly c40f637bde [OVN] Warn about invalid OVN and FIP PF config during start of Neutron 45acc0c53b Disallow subnet cidr of :: without PD c019a42086 [OVN] Add ``subnetpool-prefix-ops`` extension to ML2/OVN mech driver 331f6ae240 Unmaintained-Only: change stable/yoga to unmaintained 3dec91ec58 Change SG rules backref load method to "joined" 68542c04a1 [OVN] Use elevated context to retrieve subnet in router port configuration fd0eabcf36 dhcp: fix usage of helper function to retrieve process name 2f678b980c [OVN][FT] Retry in case of timeout when executing "ovsdb-client". f8628b5c04 [Fullstack] Consolidate segmentation_id update tests into single test e5c743b820 [Fullstack] Remove SecurityGroupRulesTest.test_normalized_cidr_in_rule test 37367c1092 [Fullstack] Remove test_port_shut_down module 1226d6adcd [Fullstack] Remove unnecessary tests 17d15db7f4 Set trunk parent port as access port in ovs to avoid loop 09c1c61677 Make get_ports RPC method common for the DHCP and Metadata agent 20ba447787 Make ``OVNMechanismDriver.post_fork_initialize`` callback cancellable 3eddcd970d If method ``set_netns`` fails, restore previous device namespace 643dbbbf6b [OVN] OVN agent extensions correctly consume agent API a991b097c1 [OVN] Retrieve the OVN agent extensions correctly 5ff38217c7 Mark "test_port_creation_and_deletion" as unstable a72b44a3a9 Forbid the subnet gateway IP deletion if a router interface is attached bd1927028e Register Chassis_Private table in BaseOvnSbIdl c5e70ad716 Add sleep before checking if ovs port is in the namespace 69c49c4ef2 fix netns deletion of broken namespaces 94cf7a4c28 Add max limit to agent_down_time 696b2f4d4b Increase port name size and type to internal b992d639b9 Handle creation of Port_Binding with chassis set 63c16672a5 Metadata: handle process exceptions 11b977ca39 [UT] OVN fake resources factory method should return instance 29d5570ab3 Improve the SG RPC callback ``security_group_info_for_ports`` 1d7d489b3a [ovn][ipv6] Add some more tests to skiplist a7cff2d286 [ovn][ipv6] Skip test_update_router_admin_state 0aeb703db7 Make unit tests compatible with neutron-lib 3.4.2 b9ffa5aa13 [OVN] Add update event to ``OVSInterfaceEvent`` class 7c7a99acb8 Remove obsolete PID files before start 6205158831 ovn-metadata: Refactor events 8f0ac0a201 Update the External Ports documentation 1dbe4248bb Enhanced external port scheduling d69d8688b8 Reintroduce agent bridge resync test c4b322597b [OVN][FT] Make explicit the "publish" call check in "test_port_forwarding" cc642431f0 Fix the common/ovn functional tests 8c26736027 Improve "sync_ha_chassis_group" method 877e85e5a8 [OVN] DB sync host/physnet - filter on agent_type f2ec3a6cec Correctly validate subnet arguments when using a subnetpool a28ec9ed3c [Fullstack] Double check that agent is dead when it should be dead fd06c73665 For hosts in DVR mode, only fetch bound FIPs ae90f380a8 [DHCP agent] Fetch OVN Metadata port from plugin d235f65516 get_hosts_mapped_with_segments add filter agt_type f81549c0e5 [DHCP agent] Fix route to OVN metadata port for non-isolated networks de0755232f Add constant to identify OVN LB HM ports 458915e56f docs: update default value of metadata workers for ml2/ovn 87f7b9a46c Catch non-existent entry failures better in ip_lib ba8335375a Don't set port capabilities for OVS HW offloading 37bdb9e7d5 Add scope ID to the "GROUP BY" clause in ``get_scoped_floating_ips`` f96691b208 Remove duplicate rows in MySQL query output 1514fbe1f8 [OVN] Set the Neutron port status based on "lsp.up" and "lsp.enabled" 0de8e70d29 [OVN] Add a log message after the "post_fork_initialize" method Diffstat (except docs and test files) ------------------------------------- .../contributor/internals/openvswitch_agent.rst | 34 +- .../contributor/internals/openvswitch_firewall.rst | 13 + neutron/agent/common/base_agent_rpc.py | 33 ++ neutron/agent/dhcp/agent.py | 12 +- neutron/agent/linux/dhcp.py | 19 +- neutron/agent/linux/external_process.py | 30 +- neutron/agent/linux/interface.py | 7 +- neutron/agent/linux/ip_lib.py | 39 +- neutron/agent/linux/iptables_firewall.py | 20 +- neutron/agent/linux/keepalived.py | 12 - .../agent/linux/openvswitch_firewall/firewall.py | 24 ++ neutron/agent/metadata/agent.py | 12 +- neutron/agent/metadata/driver.py | 11 +- neutron/agent/ovn/agent/ovn_neutron_agent.py | 6 +- neutron/agent/ovn/extensions/extension_manager.py | 7 +- neutron/agent/ovn/extensions/noop.py | 4 + neutron/agent/ovn/extensions/qos_hwol.py | 29 +- neutron/agent/ovn/metadata/agent.py | 228 ++++++---- neutron/agent/ovn/metadata/driver.py | 8 +- .../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 1 + neutron/api/rpc/handlers/securitygroups_rpc.py | 10 +- neutron/cmd/upgrade_checks/checks.py | 31 ++ neutron/common/_constants.py | 3 + neutron/common/ovn/constants.py | 19 + neutron/common/ovn/exceptions.py | 7 + neutron/common/ovn/extensions.py | 2 + neutron/common/ovn/utils.py | 271 +++++++++++- neutron/conf/agent/database/agents_db.py | 5 + neutron/conf/agent/metadata/config.py | 2 +- neutron/conf/plugins/ml2/drivers/ovs_conf.py | 6 +- neutron/db/db_base_plugin_v2.py | 78 ++-- neutron/db/l3_db.py | 9 +- neutron/db/l3_dvr_db.py | 11 +- neutron/db/models/securitygroup.py | 6 +- neutron/db/models/tag.py | 2 +- neutron/db/models_v2.py | 2 +- neutron/db/securitygroups_rpc_base.py | 25 +- neutron/objects/router.py | 40 +- neutron/objects/securitygroup.py | 7 + .../drivers/mech_sriov/agent/sriov_nic_agent.py | 42 +- .../openvswitch/agent/openflow/native/br_int.py | 2 +- neutron/plugins/ml2/drivers/ovn/db_migration.py | 26 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 62 ++- .../ml2/drivers/ovn/mech_driver/ovsdb/api.py | 22 + .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 24 ++ .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 34 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 97 ++++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 241 ++++++----- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 19 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 106 +++-- neutron/privileged/agent/linux/ip_lib.py | 32 +- neutron/scheduler/l3_ovn_scheduler.py | 23 +- neutron/services/auto_allocate/db.py | 4 +- neutron/services/ovn_l3/plugin.py | 2 +- .../services/portforwarding/drivers/ovn/driver.py | 62 ++- neutron/services/revisions/revision_plugin.py | 6 +- neutron/services/segments/db.py | 37 +- .../drivers/openvswitch/agent/trunk_manager.py | 12 +- .../functional/agent/linux/test_bridge_lib.py | 7 + .../agent/ovn/agent/fake_ovn_agent_extension.py | 4 + .../agent/ovn/agent/test_ovn_neutron_agent.py | 10 +- .../agent/ovn/extensions/test_qos_hwol.py | 65 +-- .../agent/ovn/metadata/test_metadata_agent.py | 220 +++++----- .../macvtap/agent/test_macvtap_neutron_agent.py | 25 +- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 90 +++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 92 +++- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 50 +++ .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 128 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 134 +++++- .../privileged/agent/linux/test_ip_lib.py | 78 ++-- .../functional/services/ovn_l3/test_plugin.py | 42 +- .../openvswitch/agent/test_trunk_manager.py | 8 + .../linux/openvswitch_firewall/test_firewall.py | 7 +- .../unit/agent/linux/test_external_process.py | 34 +- .../unit/agent/linux/test_iptables_firewall.py | 58 +++ .../rpc/agentnotifiers/test_dhcp_rpc_agent_api.py | 1 + .../mech_sriov/agent/test_sriov_nic_agent.py | 30 ++ .../agent/openflow/native/test_br_int.py | 2 +- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 52 ++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 155 ++++++- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 15 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 115 ++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 480 +++++++++++++++------ .../plugins/ml2/drivers/ovn/test_db_migration.py | 26 +- .../unit/privileged/agent/linux/test_ip_lib.py | 11 + .../portforwarding/drivers/ovn/test_driver.py | 80 +++- .../services/revisions/test_revision_plugin.py | 5 +- ...-require-centralized-FIPs-65864dfeb3edc9b1.yaml | 17 + ...d-gw-port-support-for-FIP-fb97b85f5928740b.yaml | 15 + .../agent_down_time_max-af3b62763aaa2fe5.yaml | 6 + ...85-trunk-parent-vlan-mode-9280ff2d45403bde.yaml | 8 + .../external-port-scheduling-a5419ac51d863087.yaml | 14 + ...deletion-router-interface-072a18373f920ed9.yaml | 6 + ...ort-remote-address-groups-89da589aad3c01d3.yaml | 8 + ...owner-for-ovn-lb-hm-ports-f5a648c4d948c5c8.yaml | 9 + ...ion-subnetpool-prefix-ops-9b2e4dbdcc174ede.yaml | 3 + ...physnet-filter-agent-type-9e22942bed304807.yaml | 10 + ...eduler-only-on-gw-chassis-33c22c1f5f7a73d4.yaml | 6 + ...ge-name-and-datapath-type-d2bd5b438118355f.yaml | 8 + ...sed_on_lsp_up_and_enabled-31c062fc7089f62a.yaml | 9 + requirements.txt | 4 +- tox.ini | 4 +- zuul.d/grenade.yaml | 4 +- zuul.d/tempest-singlenode.yaml | 5 +- 146 files changed, 4350 insertions(+), 1820 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2b2d62fbb9..58531dea3c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -23 +23 @@ netifaces>=0.10.4 # MIT -neutron-lib>=3.4.0 # Apache-2.0 +neutron-lib>=3.4.2 # Apache-2.0 @@ -53 +53 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=1.16.0 # Apache-2.0 +ovsdbapp>=2.2.1 # Apache-2.0