We are happy to announce the release of: neutron 24.0.0: OpenStack Networking This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 24.0.0 ^^^^^^ New Features * Remote address group support was added to the iptables-based firewall drivers (IptablesFirewallDriver and OVSHybridIptablesFirewallDriver), Previously it was only available in the OVSFirewallDriver. For more information, see bug 2058138 (https://bugs.launchpad.net/neutron/+bug/2058138). Changes in neutron 23.0.0.0rc1..24.0.0 -------------------------------------- d683804dfa Check unspecified flavor in user defined driver 0eccc52f82 Enhance IptablesFirewallDriver with remote address groups fed96541c7 Fix making all user defined flavor routers HA 14f5d52fa7 Update TOX_CONSTRAINTS_FILE for stable/2024.1 0ed3ab9d80 Update .gitreview for stable/2024.1 2a196fefd4 Fix TestOVNMechanismDriver ipv6 tests b8953b543a [OVN] Enable "ha" API flag for OVN routers 33044d5e04 reno: Update master for unmaintained/xena 499988db7f reno: Update master for unmaintained/wallaby 63e976b620 reno: Update master for unmaintained/victoria cd1d191e33 Use the system-dependent string for IP protocol 4 fe31f4fe02 [OVN] Implement OVN agent metadata extension 09412db90b Exclude files from coverage check, improve overall result 06d48cb980 ``OvnDriver`` and ``DvrHaDriver`` to use "distributed_support" variable 8b007e6366 [FT] Check "Port_Binding" register exists before checking type b5aecfeff8 [OVN] Make mandatory the router name in the LRP.external_ids af91252646 Remove unneeded check in dhcp.py fa3223bb9d [OVN] Remove OVN_GATEWAY_INVALID_CHASSIS artifact cc1ff09b9e [ovn] Add support for enable_default_route_bfd attribute 743bd1ccef [ovn] Ensure OVN DB update on change of number of GW ports ae9749a5e3 [ovn] Ensure all routes are deleted when deleting ExtGw 86f51a4136 Explicitly set __tablename__ for Trunk 12ed429e7b [ovn] Document the OVN L3 scheduler: Anti-Affinity 793dfb04d0 Fix iptables mapping of 'ipip' protocol 8df5ee61d9 [ovn] Apply soft anti-affinity for LRs with multiple LRPs when scheduling 898498ca3b [ovn] Add helper for retrieving LR associated with LRP 0bae4b70b6 [ovn] Make scheduling of unhosted gateways aware of current transaction 63f690e6fd Make common Metadata Driver classes 47b4d14955 [OVN] Set MTU of the VETH interfaces between OVS and metadata f73a2515cb [OVN] Identify the LR GW port with "external_ids:neutron:is_ext_gw" 7ddbb6222c [OVN][FT] Check ``WaitForCreatePortBindingEvent`` wait result 0e833e3b20 Update ``PortNumaAffinityPolicyExtensionTestCase`` tested policies 981df94416 [OVN] Remove ``create_lrouter`` and ``delete_lrouter`` implementation 2f7f7c2fc2 Ensure that haproxy spawned by the metadata agents is active ebb7ec1eed ``IpLinkCommand.set_netns`` "is_ovs_port" parameter no longer needed 016f5187a5 Retry ``set|get_link_attribute(s)`` if the interface is not present e7154d748e Enable logging for scheduler functional tests 2ed9834047 Fix invalid IP address representation in unit test a644b3c62b [S-RBAC] Change policies for port's binding:profile field 7c21b776c6 Fix undefined-loop-variable warnings 352de7c42c Update some examples to use openstackclient d755c2551f [OVN] Add ``ProviderResourceAssociation`` to any ML2/OVN router 1e7baf2110 Fix misplaced-bare-raise warning 7f017d9c9c Fix unidiomatic-typecheck warnings 4d6a60b40e Fix import-outside-toplevel warnings 74555bceca Fix useless-else-on-loop warning e4cdfa3587 Fix unnecessary-comprehension warnings 2db6d45490 Fix pointless-string-statement warnings 5def8e9306 Fix a typo in parameter description 027ad4624d Fix wrong option name in release note d55c591ecd [OVN] A LRP in an external tunnelled network has no chassis 78e8f1dca0 Set minumum boundary for workers b38f72b212 Completely disable rpc workers when rpc_workers=0 cce872ead3 [Docs] Add info about incompatible PF configuration in ML2/OVN gaps a355d2a0d5 Log warning about port forwardings that won't work properly fa28c3c35c Allow HA routers to have automatic l3agent failover df24fbeb48 [OVN] Document the OVN L3 scheduler: AZs distribution 52662cad7a Change SG rules backref load method to "joined" babb63275d Use different process title for RpcReportsWorker and RpcWorker 188fe6c953 [OVN] Document the OVN L3 scheduler 542c2ff463 Update hacking version 4df5f2f41b [UT] Fix ``APIv2TestBase`` derived test classes ce53fb55ad [OVN] Warn about invalid OVN and FIP PF config during start of Neutron a097f363d1 reno: Update master for unmaintained/yoga 94ea289600 tox: Drop envdir c16463c866 dhcp: rename get_process_uuid as private b37c0f45c8 dhcp: fix usage of helper function to retrieve process name 5b49c507ba [OVN][CI] Update OVS_BRANCH to be compatible with ovn main 1600d54175 [OVN] Add ``subnetpool-prefix-ops`` extension to ML2/OVN mech driver 70e51eb2ba [OVN] Use elevated context to retrieve subnet in router port configuration a926aad434 Fix test_update_timestamp unit test failure c6ac441a51 [UT] Change number of ``utcnow`` call number in ``test_update_timpestamp`` bf83de893f Replace CRLF by LF a29ea3724e [ovn] AZs distribution in L3 port scheduler 4ccc296f56 [ovn] Honor `enable_default_route_ecmp` attribute 0bc9a71387 [ovn] Implement support for external-gateway-multihoming extension 27601f8eea Set trunk parent port as access port in ovs to avoid loop bf2f8342d7 python-3.12: do not use datetime.datetime.utcnow() 3ef02cc2fb Consume code from neutron-lib 64fddf4f2d [OVN][FT] Retry in case of timeout when executing "ovsdb-client". cd1eb7852d [OVN] Add a start method to the OVN agent extensions 9e74ea11e8 [OVN] The OVN agent exposes the ``load_config`` method. 1dbc373869 Update .pylintrc 49366ecada Router flavors and service type for OVN 3d5d82a197 ovn-l3: reschedule lower priorities b5f5f3def3 ovn-l3 scheduler: calculate load of chassis per priority e234a7aeab If method ``set_netns`` fails, restore previous device namespace 637e7a5007 Make get_ports RPC method common for the DHCP and Metadata agent 70f9dd926f update OVS_BRANCH to be compatible with ovn main branch f9e40971e9 Forbid the subnet gateway IP deletion if a router interface is attached baaf240ce3 [OVN] Add the bridge name and datapath type to the port VIF details d55b15bedc Fix unnecessary-list-index-lookup warning 5dfb742d71 Add firewall_v2 to extensions supported by ovn d2a50945bf Remove _use_db_facade() c05fa72915 Fix use-list-literal warnings 3d8460c222 Fix use-maxsplit-arg warnings 3e2ae14c07 Fix implicit-str-concat warnings e68a920c11 [OVN] Update lsp host id when virtual parent moves 8ac18a8ee1 Cleanup setup.py and requirements d1fe6a1c27 [FT] Add more information to ``IpRouteCommandTestCase`` if fails de40bfbafb Update exception conditions in ``_process_create_port`` 90ea96b290 Remove the "new_facade" parameter that is no longer needed 3eeb5d3e6a Add info about metering agent gap in the ML2/OVN backend 70eb4006c6 Not process security group for none active ports 4007cfa956 Remove deprecated OVN vif_type config option 712d000a7e Remove deprecated name quota_rbac_entry cf7e3b98ef dhcp: improving log level of cleanup stale devices 4d9482d8ec Update python classifier in setup.cfg 2f00111940 Disallow subnet cidr of :: without PD 566fea3fed fix netns deletion of broken namespaces 087df97449 [OVN] Remove backwards compatibility with OVN < v20.09 ver 2 d603b0fc2c [OVN] "description" property missing in ``NeutronAgent`` ff94b49ce5 doc: Drop description about old translation method b4d39fd6e5 [FT] Remove test "test_get_datapath_id" e45c403676 [UT] OVN fake resources factory method should return instance 86efc8be99 [OVN] OVN agent extensions correctly consume agent API fa46584af9 [OVN] Retrieve the OVN agent extensions correctly a641e8aec0 Handle creation of Port_Binding with chassis set 114ca0f1be Fix IGMP inconsistency across drivers d0fdda5530 [OVN] Fix UT assertion d9c8731af3 [ovn] Add support for IPv6 metadata 69308192f9 Remove check_router_mac_binding_options maintenance task 9a62bbc290 Remove _delete_default_ha_chassis_group maintenance task 58dcd30dbb [Fullstack] Double check that agent is dead when it should be dead 8935b7a133 [Fullstack] Consolidate segmentation_id update tests into single test ef15700055 [Fullstack] Remove SecurityGroupRulesTest.test_normalized_cidr_in_rule test fea0e7d0ae [Fullstack] Remove test_port_shut_down module c1a0ceb86c [Fullstack] Remove unnecessary tests 3fe59efd22 [Trivial] speed up l3_db floating IP port janitor DB query 41fd683663 Create an OVN metadata namespace prefix constant 37384a4705 FIP QoS: check policy id before blindly updating FIP a579e504e9 [OVN] Remove backwards compatibility with OVN < v20.09 bb1114c8b1 Make ``OVNMechanismDriver.post_fork_initialize`` callback cancellable b687414570 Fix consider-using-from-import warnings 3233407d77 Fix "use a generator" warnings 673e373b6f Fix assignment-from-none warnings e522d04668 Remove the SubresourceTest class 3e1a99f1c2 Fix consider-using-sys-exit warning c794227941 Remove some useless else statements 5943685c88 Fix consider-using-in warning bdeec3577c Fix simplifiable-if-expression warning 8d899c8d33 Fix deprecated-method warning 4b0d433472 Fix format-string-without-interpolation a246fd6567 Remove re-importation of uuid library ed0515737b Metadata: handle process exceptions dfb083657f Remove migrate_to_port_groups maintenance task 1fe3aefd4b Remove migrate_to_stateful_fips maintenance task 034fcb0f6d [OVN] Add baremetal support without Neutron DHCP agent for IPv6 656028f311 Remove logic for old LBaaS(v2) 62982a1ff4 Remove vnic_type_blacklist deprecated name 47d140d4d0 Replace network type names by constants ed07a430f5 Validate ip versions d8a2f212f7 Add [metadata_rate_limiting] options to example config files 0afa24d9af [DHCP agent] Fetch OVN Metadata port from plugin 1c13fb03d1 Remove ovs_integration_bridge configuration option 56172ed5ae [DHCP agent] Fix route to OVN metadata port for non-isolated networks efe530e0eb Fix releasenote location 241eb143f4 Remove segment_mtu configuration option 0dcebba676 Remove agent veth_mtu configuration option 0a554b4f29 Add support for OVN MAC_Binding aging eddde3522b Remove deprected and unused argument from update_port_status() 3aafeefc85 [OVN] DB sync host/physnet - filter on agent_type 56663edb20 Remove ovn_l3_mode configuration option 95b4e8f41d Make unit tests compatible with neutron-lib-3.9.0 78b5fe2ff4 [ML2/OVN] Add gateway_port support for FIP 407585f99f docs: update default value of metadata workers for ml2/ovn 2f91d330da Correctly validate subnet arguments when using a subnetpool 354205a423 Forbid updating vnic type on a bound port 8d7d6f154b [CI] Remove py310-with-sqlalchemy-master job fb9437ca25 Use py311 for all neutron jobs cd8816acd1 [OVN] Update the External Ports documentation 770914f98d [OVN] Enhanced external port scheduling f2a3020cf0 Ensure ovn loadbalancer FIPs are centralized upon neutron restarts 618478d304 Revert "Make job openstack-tox-py310-with-sqlalchemy-master non-voting temporary" 688c5e2a91 [Fullstack] Drop all linuxbridge scenarios from fullstack tests e13aea6b8c Fix modified-iterating-list pylint warning 9bab423bf3 [OVN] Remove logic for old localnet port naming e1b4a065c7 Make job openstack-tox-py310-with-sqlalchemy-master non-voting temporary a555a274e6 Validate [designate] ipvN_ptr_zone_prefix_size at config layer 46c1220b38 Remove deprecated [designate] admin_* parameters e4542bca80 ovn: Document fragmentation / pmtud gaps 29505104aa Update OVN client _get_port_options() code and utils 842f2f8e6c [Docs] Fix info about provider bridge name in the bridge_mappings 49b83c0561 Update job overrides for Caracal release c4d8868651 Remove deprecated get_floatingip_by_ips() 34f7a5805e doc: Fix wrong sections of ovs-agent config options 39a1f1e7fd [FT] Clear the idl lock in TestMaintenance tests 64b5787c32 get_hosts_mapped_with_segments add filter agt_type 2bcad25d34 doc: Stop configuring authtoken middleware in compute 2a637820eb doc: Remove remaining description about allow_overlapping_ips 1e9f50c736 Add support for FDB aging 4f0a35c28f Revert "Disable mysql gather performance in jobs" bd0fec95fa Use convert_version_to_tuple() throughout tree c3b855a100 Remove obsolete PID files before start 2fe08b23b7 l3_extra_gws: Add PRECOMMIT_UPDATE receiver 9d91415dc8 l3_extra_gws: Fix update_external_gateways handling 2ae623b2b4 l3_extra_gws: Fix KeyError when removing extra GW port 6d4c433cfc l3_extra_gws: Listing GW ports requires admin context 8219f3f61b Get default value for BFD/ECMP extra attributes from config f18c5426b0 Add note to avoid version checks in sanity checks 73cd6dca74 Update OVN db sync code log messages 3fc8d32383 Don't set port capabilities for OVS HW offloading 6a5859fc07 Fix python shebang b2e14b23f3 Add constant to identify OVN LB HM ports 1f1824397d [OVN] Populate the "router.distributed" flag in ML2/OVN aead4aa99d [OVN] Set the Neutron port status based on "lsp.up" and "lsp.enabled" 1879d92533 "ebtables-nft" MAC rule deletion failing 2919290c95 [OVN] Use the ``AgentCache`` deletion method 71a7abb498 Remove any IPAM allocation if port bulk creation fails f9b91289a5 Add policy enforcer for "tags" service plugin 3ec7f96cbb ovn: Spawn metadata resources on additional chassis event 1a9907756e Bump skip-level lower version to stable/2023.1 4e566b11d0 Introduce ovn_nb_global config section b0107bf40a Don't respawn a process that has been stopped f006d29251 Add dhcpagentscheduler API extension to the ML2/OVN extensions daa0d1c5a2 Restore the tempest nftables jobs in experimental and periodic queues 8aad094985 Drop unused tables from the Neutron database 96223931ca Create a policy rule to control if a rule belongs to the default SG 1aa1f2f9cb Missing SG rule default group extension in ``Ml2Plugin`` 78027da56c Remove the publish patch in SG rule BEFORE_DELETE and BEFORE_CREATE 294e1c60b4 [RBAC] Update the subnet policies e066cab875 Add a new extension "security-groups-rules-belongs-to-default-sg" 428f7a8418 [S-RBAC] Add service role in neutron policy 5245dcb467 [fullstack] Unify ``TestQoSPolicyIsDefault`` tests 90d06b387c [fullstack] Unify ``TestMTUScenarios`` tests a5e764c8c2 ovn: don't set (empty) requested-chassis= key for ports 0aa154b5ce Fix the ``log.setup`` method call with "fix_eventlet=False" acc6ff0580 Add "jammy" distribution release to the legacy ebtables installation d13967ccad [UT] Add chassis.external_ids dict in ``TestOvnSbIdlNotifyHandler`` 1e274d6762 functional: Enable test_fip_connection_for_address_scope test fed7060904 TestSegmentHostMappingNoStore class is missing config f51e215f71 Remove a print statement from the iptables unit test a76aa01977 [OVN] Add the default condition check in ``PortBindingChassisEvent`` 6801589510 ovn-metadata: Refactor events 3e6387edb8 ovn-trunk: Refactor event handling 6f2355f173 Fix the common/ovn functional tests 7e10a01874 Parameter filters may be None, which cannot be called with ** 1160aaa471 [OVN] Match LSP_TYPE_VIRTUAL in PortBindingUpdateVirtualPortsEvent 56821b6aea Register GMR with config 1d7e99bc0f Add has_lock_periodic decorator for OVN Maintenance 878ea0dfd5 Add a new option to enable signals b7201b9fbb Add router ID in HA router process() debug message 095a35fdd2 Use compiled OVN version v23.09.0 4c571cedbb Use is_ovn_metadata_port from the ovn utils 236f8d0b97 [OVN] Add a log message after the "post_fork_initialize" method c282077058 Fix pointless-string-statement pylint warning 1b034f8d62 Revert "[OVN][Trunk] Add port binding info on subport when parent is bound" 53d4a43251 Imported Translations from Zanata e63cdd216b Alphabetize some of the admin and contrib docs 67bd591c5b Use safer methods to get security groups on security group logging 2ec273cdc7 contributor docs: Architectural overview for metadata efd7199960 Update master for stable/2023.2 7e0ba8bcda Open the 2024.1 (Caracal) DB branch 82f2a21d1c [DHCP agent] Add route to OVN metadata port if exists 0611735715 Remove ovn.ini example file f163105158 Add release notes for l3-ext-gw-multihoming and adjacent features 25728955c9 Patch apidef for BFD/ECMP extra attributes 113f3f6689 Add missing extension classes for router BFD/ECMP extra attributes 16875b5f92 Catch non-existent entry failures better in ip_lib e897a62311 [OVN] Update release note section to "fixes" for LP#2036705 6b6abb9698 Improve the SG RPC callback ``security_group_info_for_ports`` 28059598d2 [ovn]Only synchronize non dynamic segments 2f637b2cb9 [OVN][FT] Make explicit the "publish" call check in "test_port_forwarding" 80f547ad1d Add a "port" child table "porthardwareoffloadtype" ccf2efdd3e Add more logging for lrp scheduling on gtws 994d6ace18 Remove some invalid text from the network component doc 1954290636 Add python3.10 support in testing runtime 48f2933060 Fix pylint "W" missing-timeout warnings 2c0e9cfa71 Create a single method to set the quota usage dirty bit 5c246e6b57 Support rarp protocol for egress table 08032e9cc6 Allow neutron managed ports to bypass PREROUTING chain Diffstat (except docs and test files) ------------------------------------- .coveragerc | 15 +- .gitreview | 1 + .pylintrc | 4 - HACKING.rst | 1 - ...g-bgp-floating-ip-over-l2-segmented-network.rst | 6 +- .../figures/neutron-metadata-dhcp-agent.dot | 105 ++++ .../figures/neutron-metadata-dhcp-agent.png | Bin 0 -> 119092 bytes .../figures/neutron-metadata-dhcp-agent.svg | 167 ++++++ .../figures/neutron-metadata-l3-agent.dot | 115 ++++ .../figures/neutron-metadata-l3-agent.png | Bin 0 -> 119977 bytes .../figures/neutron-metadata-l3-agent.svg | 180 +++++++ .../contributor/internals/address_scopes.rst | 2 +- .../contributor/internals/agent_extensions.rst | 2 +- .../contributor/internals/code_profiling.rst | 4 +- .../internals/external_dns_integration.rst | 4 +- .../contributor/internals/l2_agent_extensions.rst | 2 +- .../contributor/internals/l3_agent_extensions.rst | 2 +- .../contributor/internals/linuxbridge_agent.rst | 4 +- .../contributor/internals/openvswitch_agent.rst | 34 +- .../contributor/internals/ovn/native_dhcp.rst | 10 +- .../contributor/internals/provisioning_blocks.rst | 4 +- .../contributor/internals/security_group_api.rst | 4 +- .../contributor/internals/services_and_agents.rst | 2 +- .../contributor/internals/sriov_nic_agent.rst | 5 +- .../contributor/policies/gate-failure-triage.rst | 5 +- .../contributor/testing/ci_scenario_jobs.rst | 2 +- .../contributor/testing/ml2_ovn_devstack.rst | 6 +- .../contributor/testing/ml2_ovs_devstack.rst | 6 +- .../install/compute-install-option1-ubuntu.rst | 21 +- .../install/compute-install-option2-ubuntu.rst | 46 +- .../install/controller-install-option1-obs.rst | 21 +- .../install/controller-install-option1-rdo.rst | 21 +- .../install/controller-install-option1-ubuntu.rst | 21 +- .../install/controller-install-option2-obs.rst | 48 +- .../install/controller-install-option2-rdo.rst | 48 +- .../install/controller-install-option2-ubuntu.rst | 50 +- etc/oslo-config-generator/ml2_conf.ini | 1 + etc/oslo-config-generator/ovn.ini | 6 - neutron/__init__.py | 8 +- neutron/agent/common/async_process.py | 17 + neutron/agent/common/base_agent_rpc.py | 33 ++ neutron/agent/common/ovs_lib.py | 15 +- neutron/agent/dhcp/agent.py | 12 +- neutron/agent/l3/ha_router.py | 4 +- neutron/agent/l3/l3_agent_extensions_manager.py | 12 +- neutron/agent/linux/dhcp.py | 85 ++- neutron/agent/linux/external_process.py | 30 +- neutron/agent/linux/interface.py | 7 +- neutron/agent/linux/ip_lib.py | 44 +- neutron/agent/linux/iptables_firewall.py | 59 ++- neutron/agent/linux/iptables_manager.py | 5 + neutron/agent/linux/keepalived.py | 12 - .../agent/linux/openvswitch_firewall/firewall.py | 10 + neutron/agent/metadata/agent.py | 15 +- neutron/agent/metadata/driver.py | 302 ++--------- neutron/agent/metadata/driver_base.py | 283 ++++++++++ neutron/agent/metadata_agent.py | 3 - neutron/agent/ovn/agent/ovn_neutron_agent.py | 50 +- neutron/agent/ovn/extensions/extension_manager.py | 33 +- neutron/agent/ovn/extensions/metadata.py | 174 ++++++ neutron/agent/ovn/extensions/noop.py | 4 + neutron/agent/ovn/extensions/qos_hwol.py | 25 +- neutron/agent/ovn/metadata/agent.py | 486 +++++++++++------ neutron/agent/ovn/metadata/driver.py | 201 +------ neutron/agent/ovn/metadata/server.py | 30 +- neutron/agent/rpc.py | 4 +- neutron/agent/securitygroups_rpc.py | 3 + neutron/api/rpc/handlers/securitygroups_rpc.py | 10 +- neutron/api/v2/base.py | 13 + neutron/cmd/__init__.py | 28 - neutron/cmd/destroy_patch_ports.py | 2 + neutron/cmd/ovn/migration_mtu.py | 8 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 24 +- neutron/cmd/runtime_checks.py | 9 +- neutron/cmd/sanity/checks.py | 26 +- neutron/cmd/sanity_check.py | 18 +- neutron/cmd/upgrade_checks/checks.py | 128 +++++ neutron/common/_constants.py | 7 +- neutron/common/config.py | 2 +- neutron/common/metadata.py | 6 +- neutron/common/ovn/constants.py | 33 +- neutron/common/ovn/exceptions.py | 7 + neutron/common/ovn/extensions.py | 25 + neutron/common/ovn/utils.py | 313 ++++++++--- neutron/common/utils.py | 9 +- neutron/conf/agent/common.py | 6 - neutron/conf/agent/metadata/config.py | 10 +- neutron/conf/agent/ovn/metadata/config.py | 4 +- neutron/conf/agent/ovs_conf.py | 37 +- neutron/conf/common.py | 5 +- neutron/conf/plugins/ml2/config.py | 19 +- .../ml2/drivers/mech_sriov/mech_sriov_conf.py | 1 - .../ml2/drivers/openvswitch/mech_ovs_conf.py | 1 - neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py | 101 ++-- neutron/conf/plugins/ml2/drivers/ovs_conf.py | 7 - neutron/conf/policies/base.py | 14 +- neutron/conf/policies/floatingip.py | 38 ++ neutron/conf/policies/network.py | 41 ++ neutron/conf/policies/network_segment_range.py | 39 ++ neutron/conf/policies/port.py | 131 +++-- neutron/conf/policies/port_bindings.py | 8 +- neutron/conf/policies/router.py | 35 ++ neutron/conf/policies/security_group.py | 49 ++ neutron/conf/policies/segment.py | 36 ++ neutron/conf/policies/subnet.py | 53 +- neutron/conf/policies/subnetpool.py | 39 ++ neutron/conf/policies/trunk.py | 36 ++ neutron/conf/quota.py | 1 - neutron/conf/service.py | 9 +- neutron/conf/services/extdns_designate_driver.py | 68 ++- neutron/db/address_group_db.py | 1 + neutron/db/agents_db.py | 2 +- neutron/db/db_base_plugin_v2.py | 78 ++- neutron/db/l3_db.py | 40 +- neutron/db/l3_extra_gws_db.py | 97 ++-- neutron/db/migration/__init__.py | 1 + .../db/migration/alembic_migrations/script.py.mako | 12 +- .../expand/89c58a70ceba_ecmp_bfd_attributes.py | 5 + .../expand/054e34dbe6b4_drop_unused_tables.py | 150 ++++++ ...791_add_port_hardware_offload_extension_type.py | 44 ++ .../alembic_migrations/versions/EXPAND_HEAD | 2 +- .../alembic_migrations/versions/kilo_initial.py | 9 +- neutron/db/migration/cli.py | 3 +- neutron/db/models/port_hardware_offload_type.py | 38 ++ neutron/db/models/securitygroup.py | 41 +- neutron/db/ovn_l3_hamode_db.py | 39 ++ neutron/db/port_hardware_offload_type_db.py | 52 ++ neutron/db/quota/api.py | 33 +- neutron/db/securitygroups_db.py | 34 +- neutron/db/securitygroups_rpc_base.py | 25 +- neutron/extensions/ecmp_routes.py | 40 +- neutron/extensions/l3_enable_default_route_bfd.py | 30 ++ neutron/extensions/l3_enable_default_route_ecmp.py | 30 ++ .../port_hardware_offload_type.py} | 14 +- .../security_groups_rules_belongs_to_default_sg.py | 21 + neutron/extensions/securitygroup.py | 4 + neutron/extensions/tagging.py | 119 +++-- neutron/hacking/checks.py | 33 +- neutron/notifiers/ironic.py | 18 +- neutron/objects/base.py | 10 - neutron/objects/l3agent.py | 6 +- .../port/extensions/port_hardware_offload_type.py | 42 ++ .../port/extensions/port_numa_affinity_policy.py | 2 - neutron/objects/ports.py | 12 +- neutron/objects/router.py | 6 + neutron/objects/securitygroup.py | 56 +- neutron/objects/subnet.py | 11 + neutron/opts.py | 8 +- .../ml2/drivers/linuxbridge/agent/arp_protect.py | 4 +- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 2 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 12 +- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 50 +- neutron/plugins/ml2/drivers/ovn/db_migration.py | 31 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 90 +++- .../ml2/drivers/ovn/mech_driver/ovsdb/api.py | 144 ++--- .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 228 ++++++-- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 205 ++++--- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 435 +++++++++------ .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 588 +++++++++++++-------- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 388 ++++++-------- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 188 +++---- neutron/plugins/ml2/extensions/dns_integration.py | 14 +- .../ml2/extensions/port_hardware_offload_type.py | 47 ++ neutron/plugins/ml2/ovo_rpc.py | 7 +- neutron/plugins/ml2/plugin.py | 46 +- neutron/plugins/ml2/rpc.py | 3 +- neutron/privileged/agent/linux/ip_lib.py | 32 +- neutron/quota/resource.py | 3 +- neutron/scheduler/l3_ovn_scheduler.py | 170 ++++-- neutron/server/__init__.py | 19 + neutron/server/api_eventlet.py | 2 +- neutron/server/rpc_eventlet.py | 3 +- neutron/server/wsgi_eventlet.py | 2 +- neutron/service.py | 18 +- .../externaldns/drivers/designate/driver.py | 38 +- .../service_providers/driver_controller.py | 17 +- .../services/l3_router/service_providers/dvrha.py | 2 +- neutron/services/logapi/drivers/ovn/driver.py | 22 +- neutron/services/ovn_l3/plugin.py | 248 +++------ .../services/ovn_l3/service_providers/__init__.py | 0 .../ovn_l3/service_providers/driver_controller.py | 65 +++ neutron/services/ovn_l3/service_providers/ovn.py | 253 +++++++++ .../ovn_l3/service_providers/user_defined.py | 171 ++++++ neutron/services/placement_report/plugin.py | 2 +- .../services/portforwarding/drivers/ovn/driver.py | 62 ++- neutron/services/qos/qos_plugin.py | 3 +- neutron/services/segments/db.py | 37 +- .../drivers/openvswitch/agent/trunk_manager.py | 12 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 102 ++-- neutron/services/trunk/models.py | 2 + .../l2/extensions/test_ovs_agent_qos_extension.py | 2 +- .../agent/l3/bin/cmd_keepalived_state_change.py | 3 +- .../functional/agent/l3/test_legacy_router.py | 2 +- .../functional/agent/l3/test_metadata_proxy.py | 4 +- .../functional/agent/linux/bin/ipt_binname.py | 3 +- .../functional/agent/linux/test_bridge_lib.py | 7 + .../agent/ovn/agent/fake_ovn_agent_extension.py | 7 + .../agent/ovn/agent/test_ovn_neutron_agent.py | 67 ++- .../agent/ovn/extensions/test_qos_hwol.py | 16 +- .../agent/ovn/metadata/test_metadata_agent.py | 459 ++++++++++++---- .../mech_driver/ovsdb/extensions/test_placement.py | 3 +- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 319 ++++++++++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 312 ++++++++--- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 121 ++--- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 210 ++++++-- .../drivers/ovn/mech_driver/test_mech_driver.py | 213 +++++++- .../privileged/agent/linux/test_ip_lib.py | 80 ++- .../scheduler/test_dhcp_agent_scheduler.py | 16 +- .../scheduler/test_l3_agent_scheduler.py | 7 +- .../conntrack_helper/test_conntrack_helper.py | 3 +- .../functional/services/ovn_l3/test_plugin.py | 488 +++++++++++++---- .../openvswitch/agent/test_trunk_manager.py | 8 + .../trunk/drivers/ovn/test_trunk_driver.py | 44 +- .../unit/agent/common/test_placement_report.py | 1 - .../agent/common/test_resource_processing_queue.py | 5 +- .../metadata/test_host_metadata_proxy.py | 5 + .../agent/l2/extensions/test_fdb_population.py | 11 - .../linux/openvswitch_firewall/test_firewall.py | 12 +- .../unit/agent/linux/test_external_process.py | 34 +- .../unit/agent/linux/test_iptables_firewall.py | 144 ++++- .../unit/agent/linux/test_iptables_manager.py | 13 +- .../unit/api/rpc/handlers/test_resources_rpc.py | 2 +- .../conf/policies/test_auto_allocated_topology.py | 21 + .../unit/conf/policies/test_availability_zone.py | 13 + .../unit/conf/policies/test_floatingip_pools.py | 13 + .../policies/test_floatingip_port_forwarding.py | 43 ++ .../unit/conf/policies/test_l3_conntrack_helper.py | 31 ++ .../conf/policies/test_local_ip_association.py | 28 + .../conf/policies/test_network_ip_availability.py | 13 + .../conf/policies/test_network_segment_range.py | 82 +++ .../unit/conf/policies/test_security_group.py | 224 +++++++- .../extensions/test_network_ip_availability.py | 12 +- .../extensions/test_port_hardware_offload_type.py | 73 +++ .../extensions/test_port_numa_affinity_policy.py | 10 +- .../extensions/test_port_hardware_offload_type.py | 38 ++ .../unit/objects/test_network_segment_range.py | 2 +- .../openvswitch/agent/test_ovs_neutron_agent.py | 18 +- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 5 +- .../ml2/drivers/ovn/agent/test_neutron_agent.py | 16 +- .../ovn/mech_driver/ovsdb/schemas/ovn-nb.ovsschema | 130 ++++- .../ovn/mech_driver/ovsdb/schemas/ovn-sb.ovsschema | 154 +++++- .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 179 ++++--- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 94 +++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 267 ++++++---- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 101 +++- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 45 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 124 ++--- .../drivers/ovn/mech_driver/test_mech_driver.py | 547 +++++++++++++------ .../plugins/ml2/drivers/ovn/test_db_migration.py | 26 +- .../unit/plugins/ml2/drivers/test_type_flat.py | 3 +- .../plugins/ml2/extensions/test_dns_integration.py | 80 --- .../unit/plugins/ml2/test_tracked_resources.py | 14 +- .../unit/privileged/agent/linux/test_ip_lib.py | 11 + .../unit/scheduler/test_l3_agent_scheduler.py | 30 +- .../unit/services/conntrack_helper/test_plugin.py | 5 +- .../externaldns/drivers/designate/test_driver.py | 40 +- .../services/logapi/drivers/ovn/test_driver.py | 22 +- .../metering/agents/test_metering_agent.py | 16 +- .../services/metering/drivers/test_iptables.py | 1 - .../services/ovn_l3/service_providers/__init__.py | 0 .../service_providers/test_driver_controller.py | 59 +++ .../ovn_l3/service_providers/test_user_defined.py | 133 +++++ .../unit/services/placement_report/test_plugin.py | 2 +- .../portforwarding/drivers/ovn/test_driver.py | 80 ++- .../trunk/drivers/ovn/test_trunk_driver.py | 227 +++++--- .../Add-service-role-support-3e28b1bfcfc59c29.yaml | 10 + ...-require-centralized-FIPs-65864dfeb3edc9b1.yaml | 17 + ...ing-to-ARP-for-DOWN-ports-3620173f00089539.yaml | 11 + ...d-gw-port-support-for-FIP-fb97b85f5928740b.yaml | 15 + ...add-ovn-l3-router-flavors-5c2e14fca15723fa.yaml | 8 + .../notes/bug-2030741-f4c780df9cf3db4e.yaml | 6 + ...85-trunk-parent-vlan-mode-9280ff2d45403bde.yaml | 8 + .../notes/bug-2052484-9a80c1d035349879.yaml | 16 + ...rity-group-rules-policies-b6e350477c88edd8.yaml | 7 + ...p-agent-ovn-metadata-port-33a654ccb9554c65.yaml | 9 + .../notes/ecmp-routes-771ff34beafee370.yaml | 14 +- ...efault-route-bfd-and-ecmp-2cbb3be64ee25410.yaml | 8 + .../enable_signals-option-706167609c0a5fa7.yaml | 11 + .../external-port-scheduling-a5419ac51d863087.yaml | 14 + ...deletion-router-interface-072a18373f920ed9.yaml | 6 + .../notes/igmp-flood-f1b8aa5c799679ea.yaml | 31 ++ ...ort-remote-address-groups-89da589aad3c01d3.yaml | 8 + ...rt-in-the-ML2-OVN-backend-1b98dadb6ea30e60.yaml | 5 + .../l3-ext-gw-multihoming-99be481ddeaa3a6d.yaml | 6 + .../notes/min-workers-8705bf4f76c8b70d.yaml | 11 + ...ork_subnet_mtu_validation-c221f22efcfae927.yaml | 0 ...owner-for-ovn-lb-hm-ports-f5a648c4d948c5c8.yaml | 9 + ...ion-subnetpool-prefix-ops-9b2e4dbdcc174ede.yaml | 3 + ...physnet-filter-agent-type-9e22942bed304807.yaml | 10 + ...n-l3-router-ha-enablement-24c5a5f9fc763db1.yaml | 7 + ...cheduler-unbound-gw-ports-46ced10f810d845d.yaml | 13 + .../notes/ovn-metadata-v6-fe371854b09c8b56.yaml | 7 + ...n-router-distributed-flag-48a8e72c1b258e40.yaml | 12 + ...n-support-chassis_private-35192565e9ee2a00.yaml | 5 + ...ge-name-and-datapath-type-d2bd5b438118355f.yaml | 8 + ...l3_reschedules_lower_lrps-5b492131dab9040b.yaml | 6 + ...re-offload-type-extension-acd266f95c1d7d29.yaml | 11 + ..._ipamallocation_leftovers-9d72cc5f616f51e4.yaml | 7 + ...sed_on_lsp_up_and_enabled-31c062fc7089f62a.yaml | 9 + .../remove-agent-veth_mtu-9276f88cf8b43b8e.yaml | 6 + ...move-designate-admin-opts-f3f4fe1037dbd75a.yaml | 11 + ...ve-ovs_integration_bridge-583b8c395f6ba64e.yaml | 6 + .../notes/remove-segment_mtu-4a78b8d47830fb8a.yaml | 6 + .../resource-tags-policies-a2ffd52e57d7b4b8.yaml | 7 + .../notes/support-fdb-aging-b9ab82d75db81bbc.yaml | 14 + .../support-ovn-mac-aging-8a555c608ccf8b04.yaml | 9 + ...reports-worker-proc-title-09671cd397685403.yaml | 12 + .../notes/update-vnic-type-d2cb5b78d5ba1c32.yaml | 7 + releasenotes/source/2023.2.rst | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 5 +- .../source/locale/fr/LC_MESSAGES/releasenotes.po | 90 ++++ .../locale/ko_KR/LC_MESSAGES/releasenotes.po | 103 ++++ releasenotes/source/victoria.rst | 2 +- releasenotes/source/wallaby.rst | 2 +- releasenotes/source/xena.rst | 2 +- releasenotes/source/yoga.rst | 2 +- requirements.txt | 13 +- roles/legacy_ebtables/tasks/main.yaml | 3 +- roles/nftables/tasks/main.yaml | 6 + setup.cfg | 4 + setup.py | 9 - test-requirements.txt | 3 - tools/configure_for_func_testing.sh | 6 +- tox.ini | 25 +- zuul.d/base.yaml | 4 +- zuul.d/grenade.yaml | 19 +- zuul.d/job-templates.yaml | 50 +- zuul.d/rally.yaml | 8 +- zuul.d/tempest-multinode.yaml | 9 +- zuul.d/tempest-singlenode.yaml | 10 +- 537 files changed, 17073 insertions(+), 6596 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index cb72debe32..101d4f3d57 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,4 +3,0 @@ - -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. @@ -23 +19 @@ netifaces>=0.10.4 # MIT -neutron-lib>=3.7.0 # Apache-2.0 +neutron-lib>=3.9.0 # Apache-2.0 @@ -37 +33 @@ oslo.i18n>=3.20.0 # Apache-2.0 -oslo.log>=4.5.0 # Apache-2.0 +oslo.log>=5.3.0 # Apache-2.0 @@ -47 +43 @@ oslo.upgradecheck>=1.3.0 # Apache-2.0 -oslo.utils>=6.2.0 # Apache-2.0 +oslo.utils>=7.0.0 # Apache-2.0 @@ -53,2 +49 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=2.2.1 # Apache-2.0 -packaging>=20.4 # Apache-2.0 +ovsdbapp>=2.3.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index ab952537fc..cdf72fd136 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,3 +0,0 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later.