We are psyched to announce the release of: neutron 13.0.4: OpenStack Networking This release is part of the rocky stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 13.0.4 ^^^^^^ Upgrade Notes ************* * The first address in an IPv6 network is now a valid, usable IP for routers. It had previously been reserved, but now can be assigned to a router so that an IPv6 address ending in "::" could be a valid default route. * During the dependency resolution procedure, the code that loads service plugins was refactored to not raise an exception if one plugin is configured multiple times, with the last one taking effect. This is a change from the previous behavior. Bug Fixes ********* * Adds the "router" service plugin to the "port_forwarding" service plugin required list. For more info see https://bugs.launchpad.net/neutron/+bug/1809238 Other Notes *********** * In order to improve heavy load ovs agent restart success rate, instead a retry or fullsync, the native driver "of_connect_timeout" and "of_request_timeout" are now set to 300s. The value does not have side effect for the regular pressure ovs agent. * If an instance port is under a dvr router, and the port already has binding port forwarding(s). Neutron will no longer allow binding a floating IP to that port again, because dvr floating IP traffic rules will break the existing port forwarding functionality. * A new option "[ovs] of_inactivity_probe" has been added to allow changing the inactivity probe interval when using the OVS ML2 agent with the native OpenFlow driver. Operators can increase this if they are experiencing OpenFlow timeouts. The default value is 10 seconds. * Neutron now supports having service plugins require other plugin(s) as dependencies. For example, the "port_forwarding" service plugin requires the "router" service plugin to achieve full functionality. A new list, "required_service_plugins", was added to each service plugin so the required dependencies of each service plugin can be initialized. If one service plugin requires another, but the requirement is not set in the config file, neutron will now initialize it to the plugin directory. Changes in neutron 13.0.3..13.0.4 --------------------------------- feab3462b2 Release notes for dns_domain behavioural changes b1b0937eb4 DVR: on new port only send router update on port's host 3842bb21af Reset MAC on unbinding direct-physical port 1146526304 Optimize the code that fixes the race condition of DHCP agent. b681fe6754 SRIOV agent: wait VFs initialization on embedded switch create 8ed443ca66 Switch to new engine facade for Route objects 3e55534795 Make OVS controller inactivity_probe configurable cace923951 improve dvr port update under large scale deployment c80598dd58 Revert "Pass network's dns_domain to dnsmasq conf" 1dd35515d4 Packets getting lost during SNAT with too many connections 6af5ea2afc [DVR] Block ARP to dvr router's port instead of subnet's gateway 5424bdc38b Use list instead of six.viewkeys to avoid py2 to py3 problems 7f8c446d5f Only store segmenthostmapping when enable segment plugin 1559c79594 Wait to ipv6 accept_ra be really changed by L3 agent b84b9f2dcc Add port_forwarding to devstack plugin 663c727f99 Allow first address in an IPv6 subnet as valid unicast 252d80058c Show all SG rules belong to SG in group's details 946faaf361 [DHCP] Don't resync network if same port is alredy in cache 9a498d993f Remove rootwrap configuration from neutron-keepalived-state-change d908227050 Use six.viewkeys instead of dict.keys to avoid py2 to py3 problems 2f91450fcf Ensure dvr ha router gateway port binding host 88a362df09 Async notify neutron-server for HA states 0bac076056 Fix handling of network:shared field in policy module 8e777c681f Fix creating policy rules from subattributes. 13cb3cd34c Keep HA ports info for HA router during entire lifecycle d3c757134d Don't count ports with inactive bindings as serviceable dvr ports cd53b51732 Use dynamic lazy mode for fetching security group rules 9b2dc84959 Not process port forwarding if no snat functionality 04e995be98 Revert iptables TCP checksum-fill code d9ff4aee20 Get ports query: extract limit and use it only at the end. d080a805c1 Move subnet postcommit out of transaction for bulk create 1214e59cc2 OpenDev Migration Patch c50bdf2329 Give some HA router case specific resources 8280d75723 Check master/backup router status in DVR functional tests 827d6434d7 Set HA failover bridges veth pair devices UP bdeae63365 neutron.conf needs lock_path set for router to operate This change is adding required configuration in neutron.conf to set the lock_path parameter, which was missing in compute-install-ubuntu.rst 5d705468de Do not call update_device_list in large sets fb0c062899 Avoid loading same service plugin more than once 2331e5fefc Add dependency for service plugin 087e8f6bee Prevent bind fip to port has port forwarding 21bbe03619 Make test service_plugins override simple ee2ed681c4 Choose random value for HA routes' vr_id f71767bd02 DVR: Correctly change MTU in fip namespace 14ed5515b9 Handle DBConnectionError in skip_if_timeout decorator 0e71c29155 Fix regression with SG read API with empty ruleset 8f93410716 Not set fip to ERROR if it exists on device ef8ecef922 Set router_id if floating IP has port_forwardings 26a9765afb Change default local ovs connection timeout Diffstat (except docs and test files) ------------------------------------- .gitreview | 2 +- .zuul.yaml | 42 +++--- devstack/lib/fip_port_forwarding | 4 + devstack/plugin.sh | 4 + etc/policy.json | 8 +- neutron/agent/common/ovs_lib.py | 7 + neutron/agent/dhcp/agent.py | 12 +- neutron/agent/l3/agent.py | 2 +- neutron/agent/l3/dvr_edge_ha_router.py | 2 +- neutron/agent/l3/dvr_edge_router.py | 13 +- neutron/agent/l3/dvr_fip_ns.py | 9 +- neutron/agent/l3/dvr_local_router.py | 7 +- neutron/agent/l3/extensions/port_forwarding.py | 4 + neutron/agent/l3/ha.py | 3 + neutron/agent/l3/ha_router.py | 22 ++- neutron/agent/l3/keepalived_state_change.py | 2 - neutron/agent/l3/router_info.py | 26 ++-- neutron/agent/linux/dhcp.py | 28 ++-- neutron/agent/linux/ip_lib.py | 1 + neutron/agent/linux/iptables_manager.py | 21 +++ neutron/agent/linux/keepalived.py | 2 + neutron/agent/metadata/driver.py | 10 -- neutron/agent/rpc.py | 29 +++- neutron/api/rpc/handlers/dhcp_rpc.py | 15 +- neutron/api/rpc/handlers/l3_rpc.py | 11 +- neutron/common/constants.py | 6 + neutron/common/utils.py | 7 + neutron/conf/plugins/ml2/drivers/ovs_conf.py | 9 +- neutron/db/db_base_plugin_v2.py | 12 +- neutron/db/ipam_backend_mixin.py | 11 +- neutron/db/ipam_pluggable_backend.py | 5 + neutron/db/l3_db.py | 21 +++ neutron/db/l3_dvrscheduler_db.py | 31 ++-- neutron/db/l3_hamode_db.py | 31 +++- neutron/db/models/securitygroup.py | 2 +- neutron/db/securitygroups_db.py | 6 +- neutron/ipam/utils.py | 27 ++-- neutron/manager.py | 76 ++++++---- neutron/objects/base.py | 54 ++++++- neutron/objects/common_types.py | 23 +++ neutron/objects/securitygroup.py | 4 +- neutron/objects/subnet.py | 2 + neutron/pecan_wsgi/hooks/policy_enforcement.py | 4 +- .../drivers/mech_sriov/agent/eswitch_manager.py | 50 ++++++- .../agent/openflow/native/ovs_bridge.py | 1 + .../openvswitch/agent/ovs_dvr_neutron_agent.py | 7 +- neutron/plugins/ml2/plugin.py | 21 ++- neutron/policy.py | 54 ++++++- .../services/portforwarding/common/exceptions.py | 6 + neutron/services/portforwarding/pf_plugin.py | 24 ++++ neutron/services/segments/db.py | 27 +++- .../l3_router/test_l3_dvr_router_plugin.py | 4 +- .../portforwarding/test_port_forwarding.py | 23 ++- .../agent/l3/extensions/test_port_forwarding.py | 16 +++ .../test_expose_port_forwarding_in_fip.py | 127 ++++++++++++++++- .../mech_sriov/agent/test_eswitch_manager.py | 56 ++++++++ .../agent/openflow/native/ovs_bridge_test_base.py | 9 +- .../openvswitch/agent/test_ovs_neutron_agent.py | 21 ++- .../unit/scheduler/test_l3_agent_scheduler.py | 15 +- .../legacy/neutron-fullstack-python35/run.yaml | 6 +- .../legacy/neutron-fullstack-with-uwsgi/run.yaml | 6 +- playbooks/legacy/neutron-fullstack/run.yaml | 6 +- .../legacy/neutron-functional-python35/run.yaml | 6 +- .../legacy/neutron-functional-with-uwsgi/run.yaml | 6 +- playbooks/legacy/neutron-functional/run.yaml | 6 +- .../legacy/neutron-grenade-dvr-multinode/run.yaml | 8 +- .../legacy/neutron-grenade-multinode/run.yaml | 8 +- playbooks/legacy/neutron-grenade/run.yaml | 8 +- .../neutron-tempest-dvr-ha-multinode-full/run.yaml | 6 +- playbooks/legacy/neutron-tempest-dvr/run.yaml | 6 +- .../neutron-tempest-iptables_hybrid/run.yaml | 6 +- .../legacy/neutron-tempest-linuxbridge/run.yaml | 6 +- .../legacy/neutron-tempest-multinode-full/run.yaml | 6 +- .../legacy/neutron-tempest-postgres-full/run.yaml | 6 +- .../neutron-tempest-with-ryu-master/run.yaml | 6 +- ...change-of-default-timeout-b09d11683526e27d.yaml | 7 + .../notes/dns_domain-6f0e628aeb3c650c.yaml | 14 +- .../fip-binding-limitation-1d2509950847b085.yaml | 7 + ...v6_first_ip_address_valid-cd94b47bdcc642cf.yaml | 6 + ...tivity-probe-configurable-39d669014d961c5c.yaml | 7 + ...service-plugin-dependency-c8bf620b2526b869.yaml | 22 +++ 108 files changed, 1719 insertions(+), 533 deletions(-)