We are chuffed to announce the release of: neutron 19.0.0: OpenStack Networking This release is part of the xena release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 19.0.0 ^^^^^^ New Features * Added two new API methods to "QuotaDriverAPI" class. "get_resource_usage" returns the current resource usage. "quota_limit_check" checks the current resource usage of several resources against a set of deltas (a dictionary of resource names and resource counters). Changes in neutron 18.0.0.0rc1..19.0.0 -------------------------------------- 23f956ab37 Execute the quota reservation removal in an isolated DB txn 317ccb6111 [stable/xena] Drop -master jobs 5fbd86fd8f Replace cirros 0.4.0 by 0.5.2 in ovn migration create-resources.sh.j2 98f644e7d8 [ovn] metadata functional tests don't support Chassis_Private e227b0e976 Revert "update subport status when trunk/subport create/delete is triggerred" e471a40a41 Add retry when executing OF commands if "InvalidDatapath" 8549419b17 Lower-constraints removal follow up 1cdcd57c9c [Docs] Ovn backend now supports FIP QoS bandwdith limiting 25ce1102aa Dropping lower constraints testing (stable Xena) 8d6cc1fc57 Remove dhcp_extra_opt name after first newline character 78cba51af3 Rollback db session in case of error during releasing quota reservation 1b1847ae96 Update TOX_CONSTRAINTS_FILE for stable/xena e3f6e694af Update .gitreview for stable/xena 421dc2195c Redefine "neutron-ovn-tempest-ovs-master-fedora" CI job 43871e0654 Rename notify to publish b8ef8e722a [Functional] Wait for the initial state of ha router before test 101ccbaeb3 update subport status when trunk/subport create/delete is triggerred 7f06322355 Delete SG log entries when SG is deleted 34acbd6ff8 Replace deprecated assertDictContainsSubset e610a5eb9e Don't use singleton in routes.middleware.RoutesMiddleware 27edf6b6d3 Ensure net dict has provider info on precommit delete 20a13391a2 Use lookup() instead of iterating over table 82f72896db Add pagging and sorting support for "network_ip_availability" d0c871df19 Rename notify to publish in unit tests c178a37615 Add port status to information dictionary in agent RPC dc4a57d966 Make OVN driver validate Geneve max_header_size e08b571f04 Use "objects_exist" in PortForwardingPlugin 3c305bf6ae Skip FIP check if VALIDATE_MIGRATION is not True 76ee64f4a8 Fix neutron_pg_drop-related startup issues 5b8889ad7f [Doc] Fix link to the Mellanox documentation in SR-IOV doc 1221cf1b24 Agent RPC step size in config. b0bb49a8f8 [doc]Correcting broken link 9cffd7b322 [OVN] Change ControllerAgent type dinamically df891f0593 Remove dhcp_extra_opt value after first newline character 92c636d8b2 Use payload callback for RPC resource_cache b5dd6efdca [DVR] Fix update of the MTU in the SNAT namespace 89be2951f6 Remove IDL classes implemented in ovsdbapp 903e66e8e7 ovn: Consider all router ports in is_lsp_router_port() b01844be21 Fix typos in agent policy names 19375b3e78 [DVR] Set arp entries only for single IPs given as allowed addr pair db4753b6ef use payload for OVSDB_RESOURCE e4566031d6 Enable QoS min bw tempest in neutron-ovs-tempest-multinode-full 701214481f Use more pythonic approach 1146a4d091 Do not fail when releasing a quota reservation 668b1cc652 Do not fail if the agent load is not bumped 0bb9c99d50 Fix gate for neutron-lib v2.14 31c09cd3b7 Bump os-resource-classes lib to 1.1.0 21986f2be5 Remove shim in trunk/rpc/backend.py d6b1dd4a93 Include oslo.cache options in neutron.conf efbe2d3142 neutron-lib: Skip functional tests for changes in unit tests code 344fc0c8d2 Revert "[L3][HA] Retry when setting HA router GW status." 3640ffa0c6 Handle all portbinding attrs in case of bulk port creation 9ee5722c04 Remove shim in securitygroups_db db7887cafd Add limitation about QoS min bw for PF less SRIOV platforms 4e325088d3 [OVN] Document Network Availability Zones 781500daa5 [OVN] Make external ports aware of network AZs a177249731 Improve content of FloatingIP AFTER callbacks b488fb8e22 Use payloads for FloatingIP AFTER callbacks c75df16e50 Add missing options to generated neutron.conf 7988ab5df0 "default_availability_zones" need to be considered when validate az eb430e052d Use neutron-lib payloads for PORT_FORWARDING 9e0c075bf1 ovn: Don't fail db-sync if port binding changes 82fd968011 [L3HA] Add extra logs to the process of ha state changes 223e89c950 Make neutron-ovs-tempest-dvr-ha-multinode-full voting 57cfc57da6 use payloads for FLOATING_IP c267125e20 functional: Add debug messages around OVN services ef83719da2 Use payloads for ROUTER AFTER_ callbacks 5ee9325fcc Bump neutron-lib to 2.13.0 8ac9e2fe6d [OVN] Fix Router Availability Zones for segmented networks e6c3686cd8 Use elevated context when getting default SG for tenant ca2885889f Add devstack plugin to enable ovs distributed dhcp service 63a2a65bbe Skip DVR binding for ports with invalid OFPORT 40c8f60ee3 Use payloads for ROUTER callbacks 2356f0eb87 Bump oslo.log to version 4.5.0 d4b1b4a072 Fix typo in OVN SUPPORTED_DHCP_OPTS_MAPPING dictionary (ia-addr) fafcabdbe0 Wait until workers have been launched a27bb19e74 Reduce the fullstack concurrency to 2 caa05f9c56 Update team ownership cbef6cda98 Add "network_id" to "_after_router_interface_deleted" payload 2e6f6c9ec3 Ensure only one worker creates neturon_pg_drop ad31c58d60 Remove ``ConfDriver`` code e7c61d3eba use payloads for PORT and FLOATING_IP 8e30639452 [QoS] Add rule type packet per second (pps) 8261b67b6e bw-limit: Pass int parameters to Open vSwitch 45a33dcb0a doc: Do not use dvr_snat on computes 02c0b47d22 Promote neutron-ovn-tempest-slow job to be voting and gating c3b99a64fc Revert "[OVN][Placement] Add a SB Chassis event to track changes in BW config" f8ca735e5f Move mech driver VNIC validation to SimpleAgentMechanismDriverBase df5cb28737 [OVN][Placement] Add a SB Chassis event to track changes in BW config 923284fc37 Use explicit select condition in SQL query in "_port_filter_hook" e961c6d473 Import ABC classes from collection.abc 899953de6b Add a privsep context only for link commands e5f19a29dc [OVN] Fix ML2/OVN + Neutron DHCP agent use case e71ba8d2d1 Revert "Config option to enable OVN IDL on other workers" 1eabf046f3 Remove "_protect_original_resources" workaround 90980f496c Add wait for the post-fork event to nb/sb objects 9b2983743b L3 router support ECMP e0ea4a51ba [L2] no provisioning block for internal service port 3cae410b30 use payloads for PORT AFTER_DELETE events 827cca2ed7 Sanitize MAC addresses a03c240ef4 Populate self.floating_ips_dict using "ip rule" information 6ce48c30bd [L3] Use processing queue for network update events 129b823a8b use payloads for PORT AFTER_UPDATE events ee67a8412d Remove orphaned event_lock_name attribute 26b06d246a Use os-resource-classes lib for resource classes names 1f3762b0fb [OVN] "ControllerAgent" should accept Chassis and Chassis_Private ca15099cde Add devstack local.conf sample for ML2 OVS 838b1d29c9 Use IP_VERSION_{4,6} constants in ovn_client module f637a1f60e Remove SG RPC "use_enhanced_rpc" check. ec550f5f52 Add fake_project_id middleware for noauth 3b46df4847 Change fullstack dhclient lease file to tmp folder be7d0bb6ab Update arp entry of snat port on qrouter ns f6c3747cae Use elevated context to get default SG from database 6d570dfd7d Notify ROUTER_GATEWAY event for router gw mode 6a74cd76fd [OVN] Do not fail when processing SG rule deletion 5c9a7fe1b4 Add extra logs to the network update callback in L3 agent cde0f68f9e [OVN] Add binding-extended to the ML2_SUPPORTED_API_EXTENSIONS 1a99adb530 Refactor DHCP common config options 31c0ef9dbe Correctly label port as SubPort in SubPortNotFound 9ae22b1fef Fix ObjectChangeHandler thread usage 4b22eea4be Add fullstack test case for OVS DHCP extension b05a9186d1 use callback payloads for SECURITY_GROUP b189b0f322 Use OVS backend for testing os-ken library d7ca286e6c Make explicit the network backend used in the CI jobs db2207f32d [ML2] Change way how list of supported API extensions is made bc82a664b6 Move dns-integration extension to the ML2_SUPPORTED_API_EXTENSIONS list 6bc1c00d66 Copy existing IPv6 leases to generated lease file 5fb5653ffe Check router routes connectivity when GW port is updated 0af8497076 Improve Port list and show 56e8498a4d Add agent extension 'dhcp' for ovs agent cd8c4f7e30 use callback payloads for SUBNET dbfa1b5d92 Remove tox_install_siblings=False from the functional job's definition 324a35a3d0 use payloads for PORT BEFORE_UPDATE events 0cd01edc9c [OVN] Add subnet-service-types as supported by OVN mech driver 953eb92a4f [OVN] Disable mcast_flood on localnet ports 941be42a61 use callback payloads for SECURITY_GROUP_RULE 66ac943b64 Config option to enable OVN IDL on other workers 1e2088abbe Fix priority review dashboard 2ea7d66216 Bump neutron-lib to 2.12.0 ac1597d009 [L3] Add some logs for router processing b74a272bba Add CONTEXT_WRITER decorator to delete_floatingip_agent_gateway_port 8cc7c0cf7a Remove FIP agent's gw port when L3 agent is deleted 5b5bc483ae Fix devstack path in plugin.sh 976cba6133 Force to close http connection after notify about HA router status 8954b33576 Bump minimal ovsdbapp version to 1.11.0 95d80a2757 [OVN] neutron-ovn-metadat-agent add retry logic for sb_idl 39bc84cfb2 Add localport const and refactor c7e1de09e1 [Docs] Add info about vlan transparent networks' MTU 8f656aab7c Fix QoS dscp rule permissions in documentation d7371e13e4 Revert "Set system_scope='all' in elevated context" 4df01d6eaa Add policy rules for extraroute-atomic API 577217c52d Make default hypervisor hostname compatible with libvirt a2e5daccb3 Add support for OVN allow-stateless ACLs 68d62fa18d Enable tls-proxy support in the tempest jobs 817d807e9d Load Linux Bridge Trunk extension if service plugin configured 6ada912414 Set trunk sub-port when bind profile is created e3bb98c7e7 Bump os-ken to 2.0.0 48af145d95 Add "nova:live_migration_events" flag to subnode in multinode CI job da760973be Use "multiprocessing.Queue" for "TestNeutronServer" related tests 4173fb6ca3 [Doc] Remove one of the known DVR HA limitations a292bea168 Add the DHCPReponder for IPv6 cc3dc7c850 Add CONTEXT_READER decorator to "get_ha_router_port_bindings" c0846c6518 Fix "config-routed-networks" document errors a1ca4980da Remove timeout skip guard for LP#1687027 730117ddb0 Switch neutron multinode jobs to ML2/OVS 437a311eca Using 31-Bit and 32-Bit prefixes for IPv4 reasonably 07337f9e99 Use 2 dhcp agents in TestLegacyL3Agent 07c64d8384 Payloads for PORT: BEFORE_CREATE and PRECOMMIT_CREATE 95656a5893 Update handler for PORT AFTER_CREATE 13994d2327 Mark fullstack test_l2_agent_restart as unstable cfd8232cd3 Added dnsmasq for opensuse installation a660f77d38 Remove "mitogen" library installation from "docs" job 6afdff8494 Bump lower version of evenlet to 0.25.1 c915b93e76 Bump alembic to 1.6.5 be43141a5f Provide the rpc_response_max_timeout parameter to sriov-agent 1e8197fee5 Add tests for service_type API's new policy rules 962d2539a1 Change API policy for service_type to be available for all readers 6fb2f513da [OVN] Add 'port-mac-address-regenerate' to the supported extensions 7d8a5eb5a7 [OVN] Add availability zone to the ML2_SUPPORTED_API_EXTENSIONS list fd8b88ef54 Do a quick FIP check on port delete 65cce351d7 Use TCP keepalives for ovsdb connections 96b2926671 Add CONTEXT_READER to "get_reservations_for_resources" 383f209b50 [DHCP] Fix cleanup_deleted_ports method 074c131b57 Disable pep8 import check for pyroute2 library c9fce3a8b6 use payloads for PORT AFTER_CREATE events 4ab699e5cd use payloads for ROUTER_INTERFACE events 17adb4c3fb Use payloads for ADDRESS_GROUP callback events 36ba1cc319 [ovn][metadata] Remove metadata readiness mechanism 05ee23ea15 Follow up for replacing assertItemsEqual 77ac42d2ee SR-IOV agent can handle ports with same MAC addresses 05ce5a1f94 VLAN "allocate_partially_specified_segment" can return any physnet d0b16473d8 [FT] Remove skip guard from SQL tests 2244af771f Add "filter-validation" support for "OVNL3RouterPlugin" f450886ff9 Allow the use of legacy routers within RPN segments a98fe51b83 Set "floatingip.fixed_port" as viewonly 4de350a54a Switch neutron-rally-task job to ML2/OVS and skip "test_models_sync" 4cd11f4dee Use local and ip address to create vxlan interface c4fb1d1711 [Doc] Update Freenode to OFTC as our IRC server b141aed512 Remove leading zeroes from an IP address 7f0ca67ed6 Remove the devstack/lib/ovs in favour of "ovs_source" from DevStack edc3852c83 Fix phys network lost after reconfigure f83c77bb12 Add tests for port API's new policy rules 444ef49bea Add test cases for concurrently Object delete f52280287f Improve Subnet create performance bdd50ffcde Improve Subnet delete performance ab0895fdf4 Change minversion of tox to 3.18.0 028c544b05 Add script to aid in using ovn-trace with OpenStack a75fc891bc Add mitogen to the docs requirements 951a3f0eb3 Deprecate and remove "get_agents_db" 54420d04dd Skip "test_keepalived_spawns_conflicting_*" tests e135a8221d New Quota driver ``DbQuotaNoLockDriver`` 9e6b7a2284 Install "pyroute2" as a doc job depedency 2a4074918c Remove call to "fixup_ubuntu" 7b59b5069b [DVR] Send allowed address pairs info to the L3 agents c540f789af [OVN] Re-enable dstat for the OVN jobs f9bda4b1e4 Set the default ``Backend.lookup`` timeout to 2 seconds ddf0fef28b Add a single option to override the default hypervisor name fa7c7282f0 Make phynet paramter also is optional when network_segment_range enabled f192153b44 HA-non-DVR router don't need manually add static route 4e3f65ceef Fix wrong assertion methods in a unit test 2c192b78a2 setup.cfg: Replace dashes with underscores adfd853267 Deprecate [designate] admin_* parameters 89fd50d0f9 Adding placement auth options to oslo.config entry_points 4aa5de254d use payloads for NETWORK callback events 2321339ee6 Fix SQLAlchemy warnings with view only relationships dcd277f4f1 Add physnet name case sensitivity limitation to the qos doc a77a97371e [ovn] Clean-up unused ACL method for DHCP 2d97f3edb2 use payloads for SEGMENT events 317407fe61 [OVN] Check for lock in check_for_mcast_flood_reports ef1d33e754 Update Neutron's Liuetenants 0aab51c9f8 ovn: Don't use dict.remove() for filtering dhcp ports in db-sync c511964d70 Replace "get_routing_table" with "list_ip_routes" 69ef824069 Use payloads for TRUNK and SUBPORTS callbacks 2cf4314553 Implement multipath routing in route commands ca1c6fd69b designate: allow PTR zone creation to fail ddc8e625f7 [OVN] Fix: Disabling snat after it was enabled de295f036d Do not include dynamically loaded values into OVO testing 9911d414c6 Improve "objects.db.api.count" method 97e34498f7 Fix "nftables" ansible role 28cd6c82e9 Added common config and SR-IOV agent config to sanity check c16f88d148 Report ExternalDNSOverQuota exception for recordset quota error 87a7a5e32e [Fullstack] Add segmentation_id update test 8b39060ddf Fix SQLAlchemy backref warnings for viewonly columns 4d61903bb8 [OVN] Add "filter-validation" extension to supported list ce2c0010b9 [OVN] MetadataProxyHandler to conditionally monitor both Chassis's tables 25d1f9b948 Clean up the deprecated options for Xen API support 9144444b79 Add tests for Security Groups API's new policy rules 47038c27c5 Add missing "system" scope in some of the new API policies ca2091d5a9 Change wrong "admin" scope in floatingip_pools to correct "system" 43c10aae86 [OVN] External network ports (SR-IOV) QoS is handled by SR-IOV agent 1a3fa2206d ovn: Add functional tests for get_network_port_bindings_by_ip 32e938e698 [OVN] Only account for bound ports in metadata agent 947e8a041c Remove SRIOV attach limitation from the doc 456acdeb8f ovn-migration: Delete FIP agent gateway ports 39ccc0d6d6 Don't ever give up trying to connect to OVN DBs 02a6ddaa86 Add neutron-tempest-with-neutron-lib-master to the periodic queue e4008fec1e Remove networking-midonet from our docs e8909a65d4 Improve Subnet update performance cd4d96a4f7 Use exceptions and resources from neutron-lib 466a6f98ed Update OVN docs 5b66259bb8 Remove unused method "get_ovsdb_connection" 662cd60075 [OVN] Fix FDB table not registered in OvnSbIdl ce19fc9493 Remove check if set_extra_attr_value is run in the transaction b70247eeb9 Doc: add section about OVS filtering tables 1483b63ffa Add enable_dhcp filter in get_network_info rpc 80eddc4039 Improve Network delete performance 088f1298f2 Initialize privsep library in Neutron commands 1dfbf5b345 Initialize privsep library for neutron-ovs-cleanup 02f4eca1ae Pass existing DB obj to save DB requests ca7822e210 [ovs fw] Restrict IPv6 NA and DHCP(v6) IP and MAC source addresses ba3d78099f Remove unused method _ensure_vr_id_and_network() 282dc73e12 Get only FIP ID on network delete 960f3694f4 Improve AddressScope.get_bound_tenant_ids method b221a4af33 Improve port delete performance 44670f88dd Revert "Cache default security group IDs in memory" fcc8d5358e Unit tests for Agent API secure-rbac-policies 3b331b31f2 Add tests for metering API's new policy rules 26e0d47cc5 Allow system_scope personas (SYSTEM_ADMIN) to create router 89a31185cb Unit tests for Quotas API's secure-rbac-policies 5d4f5e4645 Add tests for L3 conntrack helper API's new policy rules d8305c34e1 Add tests for FIPs port forwarding API's new policy rules f6483ee9ec Add tests for network segment range API's new policy rules f7d2c3608d Add periodic jobs to test "nftables" binaries 109faeac7e trivial: Make driver_controller's _attrs_to_driver py3 compatible 888f914df1 [ovn]: Remove unwanted IP addresses from OVN ports f616f84e95 Implement conntrack command privsep context 3cee5f7201 Implement namespace operations privsep context f946773d1f Configure branch on which tripleo jobs should be run 0a931391d8 Make ARP protection commands compatible with "ebtables-nft" e5ccfee6cf Always use absolute path for custom kill-scripts 130655cdb9 DHCP notification optimization 7326fd622f Group execution of SQL functional tests 960b810eac Document Linux Bridge compatibility with "nftables" 2c386638ba trivial: Reduce duplication in project network tests e96fcd0532 trivial: Reduce duplication in network policy tests 6533337716 [Functional] Fix mocks of the create_dhcp_port method 07cf942015 [OVN] Re-enable test_port_security_macspoofing_port for slow jobs ecaa7a1b48 Check there are no min BW QoS in "BaseOVSTestCase" 4494e728ac Add tests for trunk API's new policy rules ee0029d682 Add tests for subnet API's new policy rules be881b9b30 Add tests for subnetpool API's new policy rules 4ff3ae3235 Add tests for segments API's new policy rules 7b93c0ea77 Add tests for router API's new policy rules ba8aff6307 Add tests for RBAC API's new policy rules 10411d786b Add tests for FIPs API's new policy rules de69a55378 Fix new API policies for RBAC cca2b8de2c Fix "_get_sg_members" method 98a7768994 Add tests for QoS API's new policy rules 8522628f2f Remove FT "test_has_offline_migrations_*" tests 48bce78d1a Remove class "Timer" 433deed0b7 Cache default security group IDs in memory ae78e812d1 ovn-migration: Introduce migrate mode to DB sync tool be6ee6f397 Remove not needed rootwrap filters cabf19a984 Fix API policy rules for new personas 2bc1572740 Fix create_port new API policy roles bde437e6d3 Add tests for network API's new policy rules 83a6418d68 Fix new Network API policy rules 1785b211a0 Add tests for Network IP availability API's new policy rules 6dc5a869b1 Add tests for logging API's new policy rules dd6cd3fb8a Fix Floating IP policy rules 6655f7d623 Add tests for floatingip pools API's new policy rules becb42b92e Migrate "ovs-ofctl" to oslo.privsep 19b9ed3ce7 Add tests for flavors API's new policy rules 7ca896cfe3 "OvnNbApiIdlImpl.qos_del" supports "if_exists" parameter f6682b6b55 Unit tests for auto_allocated_topology API policies 89a9c18ab8 Use user_id instead of deprecated user in the policy unit tests f700660b6b [OVN] External ports (SR-IOV) QoS is handled by SR-IOV agent af3c1b8442 Add locks for setting iptables rules in l3 and metadata agents c1ade52fda Read keepalived initial state in parallel to interface monitoring 0be52e91e4 Add grafana dashboards step to major release checklist b0022c51fe Add the DHCPReponder for IPv4 35c7999ebd Allow 255 character strings in tags 5c744b23f0 Mark "test_keepalived_spawns_conflicting_pid_*" tests as unstable ca8f1a20c5 Open Xena DB branch b91ab3924e Add Python3 xena unit tests 83405d54c1 Update master for stable/wallaby 7f35e4e857 Physical NIC RP should be child of agent RP 24dcbcbe09 Block metadata requests to not go out from the router fd6ee70c3d Migrate address-group API to the new secure rbac rules d4147072f8 Modify create address scope policy rule and add UT for that API 94bea77fd7 migration: Remove crudini when migrating tunnels 1c2b7e1a58 [OVN] Add single node tempest job with OVN master branch (exp. pipeline) 6eaa6d83d7 Randomize segmentation ID assignation ae07a9d9f6 [CI] Enable debugging iptables rule in the L3 agent 92a4db01fe [OVN][FT] Mech driver stop accessing DB at exit 7727fc07e6 Allow to parse keywords in dns labels eb56747851 Implement namespace creation method 43c60d6216 Syncing neutron db with ovn does not provide external_ids for static routes 95ee3bfeaf [ovn] Add 'address_group' extension to OVN 3347e11572 Update version of doc8 62729d4e74 Replace assertItemsEqual with assertCountEqual Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + HACKING.rst | 1 + TESTING.rst | 6 +- devstack/lib/distributed_dhcp | 4 + devstack/lib/dns | 2 +- devstack/lib/ovs | 213 ---- devstack/ml2-ovs-compute-local.conf.sample | 70 + devstack/ml2-ovs-local.conf.sample | 86 ++ devstack/plugin.sh | 10 +- .../internals/external_dns_integration.rst | 163 +++ .../contributor/internals/openvswitch_agent.rst | 13 + .../contributor/internals/ovn/metadata_api.rst | 28 +- .../contributor/policies/release-checklist.rst | 3 + .../contributor/testing/ci_scenario_jobs.rst | 12 +- .../{ovn_devstack.rst => ml2_ovn_devstack.rst} | 2 +- .../contributor/testing/ml2_ovs_devstack.rst | 134 ++ .../general_feature_support_matrix.ini | 27 +- .../provider_network_support_matrix.ini | 15 +- .../install/controller-install-option2-obs.rst | 2 +- etc/api-paste.ini | 5 +- etc/neutron/rootwrap.d/debug.filters | 12 - etc/neutron/rootwrap.d/dhcp.filters | 21 - etc/neutron/rootwrap.d/dibbler.filters | 16 - etc/neutron/rootwrap.d/ipset-firewall.filters | 12 - etc/neutron/rootwrap.d/l3.filters | 32 - etc/neutron/rootwrap.d/linuxbridge-plugin.filters | 13 - etc/neutron/rootwrap.d/openvswitch-plugin.filters | 18 - .../{privsep.filters => rootwrap.filters} | 26 + etc/oslo-config-generator/neutron.conf | 6 + lower-constraints.txt | 138 -- neutron/agent/common/ovs_lib.py | 13 +- neutron/agent/common/placement_report.py | 10 +- neutron/agent/common/utils.py | 40 +- neutron/agent/dhcp/agent.py | 7 +- neutron/agent/firewall.py | 7 +- neutron/agent/l2/extensions/dhcp/base.py | 4 +- neutron/agent/l2/extensions/dhcp/extension.py | 155 +++ neutron/agent/l2/extensions/dhcp/ipv4.py | 213 ++++ neutron/agent/l2/extensions/dhcp/ipv6.py | 336 +++++ neutron/agent/l2/extensions/fdb_population.py | 3 +- neutron/agent/l3/agent.py | 189 ++- neutron/agent/l3/dvr_edge_router.py | 17 + neutron/agent/l3/dvr_local_router.py | 107 +- neutron/agent/l3/fip_rule_priority_allocator.py | 3 + neutron/agent/l3/ha.py | 8 +- neutron/agent/l3/ha_router.py | 29 +- neutron/agent/l3/keepalived_state_change.py | 54 +- neutron/agent/l3/l3_agent_extensions_manager.py | 6 + neutron/agent/l3/router_info.py | 99 +- neutron/agent/linux/bridge_lib.py | 3 +- neutron/agent/linux/dhcp.py | 57 +- neutron/agent/linux/external_process.py | 5 +- neutron/agent/linux/interface.py | 15 +- neutron/agent/linux/ip_lib.py | 43 +- neutron/agent/linux/iptables_firewall.py | 3 +- .../agent/linux/openvswitch_firewall/firewall.py | 65 +- neutron/agent/linux/pd.py | 12 +- neutron/agent/linux/tc_lib.py | 8 +- neutron/agent/metadata/driver.py | 48 +- neutron/agent/ovn/metadata/agent.py | 33 +- neutron/agent/ovn/metadata/ovsdb.py | 15 +- neutron/agent/ovn/metadata/server.py | 29 +- neutron/agent/ovsdb/api.py | 4 +- neutron/agent/ovsdb/impl_idl.py | 14 - neutron/agent/resource_cache.py | 19 +- neutron/agent/rpc.py | 45 +- neutron/agent/securitygroups_rpc.py | 60 +- neutron/api/extensions.py | 7 +- .../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 65 +- neutron/api/rpc/agentnotifiers/l3_rpc_agent_api.py | 10 +- .../rpc/agentnotifiers/metering_rpc_agent_api.py | 5 +- neutron/api/rpc/handlers/dhcp_rpc.py | 16 +- neutron/api/rpc/handlers/securitygroups_rpc.py | 32 +- neutron/api/v2/base.py | 14 +- neutron/auth.py | 15 + neutron/cmd/ipset_cleanup.py | 1 + neutron/cmd/ovn/ml2ovn_trace.py | 287 +++++ neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 15 +- neutron/cmd/ovs_cleanup.py | 1 + neutron/cmd/sanitize_port_mac_addresses.py | 55 + neutron/cmd/sanity/checks.py | 3 +- neutron/cmd/sanity_check.py | 7 + neutron/cmd/upgrade_checks/checks.py | 35 + neutron/common/ovn/acl.py | 69 +- neutron/common/ovn/constants.py | 7 +- neutron/common/ovn/extensions.py | 14 + neutron/common/ovn/utils.py | 92 +- neutron/common/utils.py | 136 +- neutron/conf/agent/common.py | 10 + neutron/conf/agent/database/agents_db.py | 7 + neutron/conf/agent/dhcp.py | 8 +- neutron/conf/agent/l3/config.py | 1 + neutron/conf/agent/xenapi_conf.py | 47 - neutron/conf/plugins/ml2/drivers/driver_type.py | 17 +- .../plugins/ml2/drivers/mech_sriov/agent_common.py | 9 +- neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py | 10 +- neutron/conf/plugins/ml2/drivers/ovs_conf.py | 19 +- neutron/conf/policies/address_group.py | 18 +- neutron/conf/policies/address_scope.py | 2 +- neutron/conf/policies/agent.py | 4 +- neutron/conf/policies/floatingip.py | 8 +- neutron/conf/policies/floatingip_pools.py | 2 +- neutron/conf/policies/network.py | 12 +- neutron/conf/policies/port.py | 6 +- neutron/conf/policies/rbac.py | 6 +- neutron/conf/policies/router.py | 38 +- neutron/conf/policies/service_type.py | 2 +- neutron/conf/policies/subnetpool.py | 2 +- neutron/conf/policies/trunk.py | 2 +- neutron/conf/quota.py | 6 +- neutron/conf/services/extdns_designate_driver.py | 20 + neutron/core_extensions/qos.py | 5 +- neutron/db/address_group_db.py | 91 +- neutron/db/agents_db.py | 14 +- neutron/db/allowedaddresspairs_db.py | 12 + neutron/db/availability_zone/router.py | 14 +- neutron/db/db_base_plugin_common.py | 5 +- neutron/db/db_base_plugin_v2.py | 132 +- neutron/db/extraroute_db.py | 38 +- neutron/db/ipam_backend_mixin.py | 19 +- neutron/db/ipam_pluggable_backend.py | 10 +- neutron/db/l3_attrs_db.py | 4 - neutron/db/l3_db.py | 438 ++++--- neutron/db/l3_dvr_db.py | 296 +++-- neutron/db/l3_dvrscheduler_db.py | 48 +- neutron/db/l3_fip_pools_db.py | 3 +- neutron/db/l3_gwmode_db.py | 3 +- neutron/db/l3_hamode_db.py | 75 +- neutron/db/l3_hascheduler_db.py | 8 +- neutron/db/migration/__init__.py | 2 + .../alembic_migrations/versions/EXPAND_HEAD | 2 +- ...5a7bd4425_add_rbac_support_for_address_group.py | 4 + .../xena/expand/1bb3393de75d_add_qos_pps_rule.py | 55 + ...d2c0e_increase_tag_elements_from_60_to_255_.py} | 32 +- neutron/db/migration/cli.py | 3 +- neutron/db/models/l3.py | 6 +- neutron/db/models/l3ha.py | 4 +- neutron/db/models/tag.py | 5 +- neutron/db/models_v2.py | 3 +- neutron/db/qos/models.py | 29 +- neutron/db/quota/api.py | 225 +++- neutron/db/quota/driver.py | 35 +- neutron/db/quota/driver_nolock.py | 83 ++ neutron/db/securitygroups_db.py | 230 ++-- neutron/db/securitygroups_rpc_base.py | 8 +- neutron/db/segments_db.py | 11 +- .../extensions/dns_integration_domain_keywords.py | 20 + neutron/extensions/ecmp_routes.py | 20 + neutron/extensions/network_ip_availability.py | 5 +- neutron/extensions/qos.py | 9 +- neutron/extensions/qos_pps_rule.py | 60 + neutron/extensions/quotasv2.py | 2 +- neutron/extensions/quotasv2_detail.py | 11 +- neutron/extensions/segment.py | 4 + neutron/extensions/tagging.py | 2 +- neutron/hacking/checks.py | 10 + neutron/ipam/utils.py | 17 +- neutron/notifiers/ironic.py | 9 +- neutron/objects/address_scope.py | 5 +- neutron/objects/base.py | 16 +- neutron/objects/db/api.py | 15 +- neutron/objects/network_segment_range.py | 6 +- neutron/objects/plugins/ml2/base.py | 10 +- .../objects/port/extensions/allowedaddresspairs.py | 10 + neutron/objects/ports.py | 25 + neutron/objects/qos/policy.py | 15 +- neutron/objects/qos/rule.py | 23 +- neutron/objects/qos/rule_type.py | 7 +- neutron/objects/quota.py | 4 +- neutron/objects/rbac_db.py | 12 +- neutron/objects/router.py | 9 + neutron/objects/subnet.py | 10 +- neutron/objects/subnetpool.py | 4 +- neutron/opts.py | 106 +- neutron/pecan_wsgi/controllers/utils.py | 11 - neutron/pecan_wsgi/hooks/quota_enforcement.py | 15 +- neutron/plugins/ml2/common/constants.py | 30 + neutron/plugins/ml2/db.py | 11 +- neutron/plugins/ml2/drivers/helpers.py | 12 +- .../ml2/drivers/linuxbridge/agent/arp_protect.py | 54 +- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 4 + neutron/plugins/ml2/drivers/mech_agent.py | 25 +- .../drivers/mech_sriov/agent/eswitch_manager.py | 4 +- .../drivers/mech_sriov/agent/sriov_nic_agent.py | 111 +- .../drivers/mech_sriov/mech_driver/mech_driver.py | 36 +- .../drivers/openvswitch/agent/common/constants.py | 6 + .../openvswitch/agent/openflow/native/br_int.py | 93 +- .../openvswitch/agent/openflow/native/ofswitch.py | 14 +- .../openvswitch/agent/ovs_agent_extension_api.py | 4 +- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 7 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 30 +- .../openvswitch/mech_driver/mech_openvswitch.py | 24 +- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 32 +- neutron/plugins/ml2/drivers/ovn/db_migration.py | 90 ++ .../ml2/drivers/ovn/mech_driver/mech_driver.py | 285 ++--- .../ml2/drivers/ovn/mech_driver/ovsdb/api.py | 8 +- .../ovn/mech_driver/ovsdb/extensions/qos.py | 17 +- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 134 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 72 +- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 196 ++- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 82 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 158 ++- .../plugins/ml2/extensions/dns_domain_keywords.py | 46 + neutron/plugins/ml2/extensions/dns_integration.py | 37 +- neutron/plugins/ml2/ovo_rpc.py | 125 +- neutron/plugins/ml2/plugin.py | 315 +++-- neutron/plugins/ml2/rpc.py | 44 +- neutron/policy.py | 4 +- neutron/privileged/__init__.py | 25 + neutron/privileged/agent/linux/ip_lib.py | 152 +-- neutron/privileged/agent/linux/netlink_lib.py | 4 +- neutron/privileged/agent/linux/tc_lib.py | 3 +- neutron/quota/__init__.py | 134 +- neutron/quota/resource.py | 65 +- neutron/scheduler/base_resource_filter.py | 4 + neutron/scheduler/l3_agent_scheduler.py | 6 +- neutron/services/auto_allocate/db.py | 17 +- .../externaldns/drivers/designate/driver.py | 24 +- .../service_providers/driver_controller.py | 21 +- neutron/services/logapi/common/db_api.py | 14 +- neutron/services/logapi/common/sg_callback.py | 11 +- neutron/services/logapi/drivers/manager.py | 2 +- neutron/services/logapi/drivers/ovn/driver.py | 2 + neutron/services/logapi/logging_plugin.py | 15 + neutron/services/ovn_l3/plugin.py | 46 +- neutron/services/placement_report/plugin.py | 16 +- .../services/portforwarding/drivers/ovn/driver.py | 45 +- neutron/services/portforwarding/pf_plugin.py | 76 +- neutron/services/qos/constants.py | 30 + neutron/services/qos/drivers/manager.py | 3 +- neutron/services/qos/qos_plugin.py | 70 +- neutron/services/segments/db.py | 35 +- neutron/services/segments/plugin.py | 67 +- neutron/services/trunk/callbacks.py | 34 - neutron/services/trunk/drivers/base.py | 2 +- .../trunk/drivers/linuxbridge/agent/driver.py | 4 +- .../trunk/drivers/openvswitch/agent/driver.py | 5 +- .../drivers/openvswitch/agent/ovsdb_handler.py | 8 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 25 +- neutron/services/trunk/exceptions.py | 2 +- neutron/services/trunk/plugin.py | 84 +- neutron/services/trunk/rpc/backend.py | 34 +- neutron/services/trunk/rpc/server.py | 3 +- neutron/services/trunk/rules.py | 4 +- neutron/services/trunk/utils.py | 19 +- .../agent/l3/test_keepalived_state_change.py | 19 + .../functional/agent/l3/test_legacy_router.py | 48 +- .../functional/agent/linux/test_keepalived.py | 2 + .../agent/ovn/metadata/test_metadata_agent.py | 29 +- .../functional/cmd/test_linuxbridge_cleanup.py | 5 +- .../functional/objects/plugins/ml2/__init__.py | 0 .../functional/objects/plugins/ml2/test_base.py | 90 ++ .../objects/plugins/ml2/test_geneveallocation.py | 26 + .../objects/plugins/ml2/test_greallocation.py | 26 + .../objects/plugins/ml2/test_vlanallocation.py | 26 + .../objects/plugins/ml2/test_vxlanallocation.py | 26 + .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 47 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 17 +- .../ovn/mech_driver/ovsdb/test_ovn_db_resources.py | 16 +- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 171 ++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 43 +- .../drivers/ovn/mech_driver/test_mech_driver.py | 28 +- .../privileged/agent/linux/test_ip_lib.py | 49 +- .../scheduler/test_dhcp_agent_scheduler.py | 8 +- .../l3_router/test_l3_dvr_router_plugin.py | 63 +- .../functional/services/ovn_l3/test_plugin.py | 10 +- .../trunk/drivers/ovn/test_trunk_driver.py | 2 +- .../unit/agent/common/test_placement_report.py | 8 +- .../unit/agent/l2/extensions/dhcp/test_base.py | 6 +- .../agent/l2/extensions/dhcp/test_extension.py | 96 ++ .../unit/agent/l2/extensions/dhcp/test_ipv4.py | 124 ++ .../unit/agent/l2/extensions/dhcp/test_ipv6.py | 221 ++++ .../linux/openvswitch_firewall/test_firewall.py | 15 +- .../linux/openvswitch_firewall/test_iptables.py | 2 +- .../agent/linux/openvswitch_firewall/test_rules.py | 2 +- .../unit/agent/linux/test_external_process.py | 3 +- .../unit/agent/linux/test_iptables_firewall.py | 16 + .../rpc/agentnotifiers/test_dhcp_rpc_agent_api.py | 52 +- .../unit/api/rpc/handlers/test_resources_rpc.py | 2 +- .../conf/policies/test_auto_allocated_topology.py | 133 ++ .../unit/conf/policies/test_floatingip_pools.py | 85 ++ .../policies/test_floatingip_port_forwarding.py | 244 ++++ .../unit/conf/policies/test_l3_conntrack_helper.py | 216 ++++ .../conf/policies/test_network_ip_availability.py | 79 ++ .../conf/policies/test_network_segment_range.py | 130 ++ .../unit/conf/policies/test_security_group.py | 368 ++++++ .../unit/extensions/test_availability_zone.py | 34 +- .../extensions/test_network_ip_availability.py | 31 + .../extensions/test_router_availability_zone.py | 20 +- .../unit/objects/test_network_segment_range.py | 80 +- .../drivers/linuxbridge/agent/test_arp_protect.py | 51 +- .../agent/test_linuxbridge_neutron_agent.py | 1 + .../mech_sriov/agent/test_eswitch_manager.py | 71 +- .../mech_sriov/agent/test_sriov_nic_agent.py | 395 ++---- .../mech_driver/test_mech_sriov_nic_switch.py | 22 +- .../unit/plugins/ml2/drivers/mechanism_test.py | 3 +- .../agent/openflow/native/test_br_int.py | 39 +- .../openvswitch/agent/test_ovs_neutron_agent.py | 37 +- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 5 +- .../drivers/openvswitch/agent/test_vlanmanager.py | 4 +- .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 44 + .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 92 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 92 +- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 251 +++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 74 +- .../drivers/ovn/mech_driver/test_mech_driver.py | 522 +++++--- .../plugins/ml2/drivers/ovn/test_db_migration.py | 183 +++ .../unit/plugins/ml2/drivers/test_type_vlan.py | 17 +- .../ml2/extensions/test_dns_domain_keywords.py | 226 ++++ .../unit/plugins/ml2/test_ext_portsecurity.py | 3 + .../unit/plugins/ml2/test_tracked_resources.py | 20 + .../unit/privileged/agent/linux/test_ip_lib.py | 4 +- .../unit/scheduler/test_l3_agent_scheduler.py | 403 +++--- .../service_providers/test_driver_controller.py | 48 +- .../unit/services/logapi/common/test_db_api.py | 6 +- .../services/logapi/common/test_sg_callback.py | 12 +- .../unit/services/logapi/test_logging_plugin.py | 22 + .../unit/services/metering/test_metering_plugin.py | 2 +- .../portforwarding/drivers/ovn/test_driver.py | 108 +- .../unit/services/portforwarding/test_pf_plugin.py | 26 +- .../trunk/drivers/ovn/test_trunk_driver.py | 58 +- playbooks/install_nftables.yaml | 3 + ...nalDNSOverQuota-exception-8728f055d4f1d43c.yaml | 6 + ...h-work-without-project-id-f92fac5df37810f0.yaml | 7 + .../notes/bug-1868137-5bf3354d016c988b.yaml | 6 + .../notes/bug-1921150-c02692e548a3750e.yaml | 17 + .../notes/bug-1926693-55406915708d59ec.yaml | 7 + ...tensions-are-filtered-out-b4449e690cb64480.yaml | 13 + .../clean_up_xenapi_support-44694e3f9c29b8be.yaml | 5 + ...bnet-with-prefixlen-31-32-4cf8c9417325721a.yaml | 7 + ...ecate-designate-auth-opts-c2b1050a0360981c.yaml | 13 + .../dhcp_ext_for_ovs_agent-ee895747687c7b58.yaml | 9 + .../dns-domain-per-tenant-59b8a368fa06f81d.yaml | 15 + .../notes/ecmp-routes-771ff34beafee370.yaml | 7 + ...ars-in-dhcp-extra-options-bf86d30371556d63.yaml | 6 + ...n-for-rpc-agent-step-size-dd9595875de2b885.yaml | 8 + .../notes/lb-nftables-8252105fb23ec75d.yaml | 7 + ...river-DbQuotaNoLockDriver-5f8a44915ec16a1b.yaml | 11 + ...ew_QuotaDriverAPI_methods-ed76d167974d6f9d.yaml | 8 + .../notes/ovn-network-az-c4ee9a4089872818.yaml | 10 + .../ovn-support-stateless-sg-849170c5d320487e.yaml | 6 + .../notes/qos_rule_type_pps-27254b90f26c10b6.yaml | 6 + ...ovider_default_hypervisor-b92cff207dfb94c0.yaml | 9 + ...sanitize-port-mac-address-732f451942483e21.yaml | 11 + ...gent-duplicated-mac-ports-a861b0ff800c3172.yaml | 20 + ...-increased-from-60-to-255-e98455525b865333.yaml | 6 + ...date-router-gw-and-routes-af45c89c52612028.yaml | 6 + releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 6 + requirements.txt | 17 +- roles/nftables/tasks/main.yaml | 45 + setup.cfg | 16 +- tools/bug-1921150-re-parent-device-rps.sql | 52 + tools/configure_for_func_testing.sh | 2 - .../templates/create-resources.sh.j2 | 6 +- .../tripleo_environment/ovn_migration.sh | 1 + .../playbooks/ovn-migration.yml | 9 - .../templates/delete-neutron-resources.sh.j2 | 3 + .../playbooks/roles/migration/tasks/sync-dbs.yml | 4 +- .../roles/prepare-controllers/defaults/main.yml | 2 - .../roles/prepare-controllers/tasks/main.yml | 20 - .../create/templates/create-resources.sh.j2 | 6 +- tox.ini | 29 +- zuul.d/base.yaml | 24 +- zuul.d/grenade.yaml | 24 +- zuul.d/project.yaml | 53 +- zuul.d/rally.yaml | 18 +- zuul.d/tempest-multinode.yaml | 207 +-- zuul.d/tempest-singlenode.yaml | 151 +-- 512 files changed, 22240 insertions(+), 6817 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index bf410a9387..7b96f35325 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11 +11 @@ decorator>=3.4.0 # BSD -eventlet>=0.22.1 # MIT +eventlet>=0.25.1 # MIT @@ -19 +19 @@ netifaces>=0.10.4 # MIT -neutron-lib>=2.10.1 # Apache-2.0 +neutron-lib>=2.15.0 # Apache-2.0 @@ -22 +22 @@ tenacity>=6.0.0 # Apache-2.0 -SQLAlchemy>=1.2.0 # MIT +SQLAlchemy>=1.3.23 # MIT @@ -25 +25 @@ keystoneauth1>=3.14.0 # Apache-2.0 -alembic>=0.9.6 # MIT +alembic>=1.6.5 # MIT @@ -33 +33 @@ oslo.i18n>=3.20.0 # Apache-2.0 -oslo.log>=4.3.0 # Apache-2.0 +oslo.log>=4.5.0 # Apache-2.0 @@ -46 +46,2 @@ osprofiler>=2.3.0 # Apache-2.0 -os-ken >= 0.3.0 # Apache-2.0 +os-ken>=2.0.0 # Apache-2.0 +os-resource-classes>=1.1.0 # Apache-2.0 @@ -48 +49 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=1.7.0 # Apache-2.0 +ovsdbapp>=1.11.0 # Apache-2.0 @@ -51 +52 @@ psutil>=5.3.0 # BSD -pyroute2>=0.5.13;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2) +pyroute2>=0.6.4;sys_platform!='win32' # Apache-2.0 (+ dual licensed GPL2)