We are tickled pink to announce the release of: neutron 19.5.0: OpenStack Networking This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 19.5.0 ^^^^^^ New Features ************ * Address scope is now added to all OVN LSP port registers in the northbound. Northd then writes the address scope from the northbound to the southbound so it can be used there by the ovn-bgp-agent. * After the port is considered as provisioned, the Nova port binding update could have not been received, leaving the port as not bound. Now the port provisioning method has an active wait that will retry several times, waiting for the port binding update. If received, the port status will be set as active if the admin state flag is set. * A new script to remove the duplicated port bindings was added. This script will list all "ml2_port_bindings" records in the database, finding those ones with the same port ID. Then the script removes those ones with status=INACTIVE. This script is useful to remove those leftovers that remain in the database after a failed live migration. It is important to remark that this script should not be executed during any live migration process. * Add "use_random_fully" setting to allow an operator to disable the iptables random-fully property on an iptable rules. Known Issues ************ * If the "use_random_fully" setting is disabled, it will prevent random fully from being used and if there're 2 guests in different networks using the same source_ip and source_port and they try to reach the same dest_ip and dest_port, packets might be dropped in the kernel do to the racy tuple generation . Disabling this setting should only be done if source_port is really important such as in network firewall ACLs and that the source_ip are never repeating within the platform. Upgrade Notes ************* * The default value for the "metadata_workers" configuration option has changed to 0 for the ML2/OVN driver. Since [OVN] Allow to execute "MetadataProxyHandler" in a local thread (https://review.opendev.org/c/openstack/neutron/+/861649), the OVN metadata proxy handler can be spawned in the same process of the OVN metadata agent, in a local thread. That reduces the number of OVN SB database connections to one. Bug Fixes ********* * Fixes an issue in the ML2/OVN driver where the network segment tag was not being updated in the OVN Northbound database. For more information, see bug 1944708 (https://bugs.launchpad.net/neutron/+bug/1944708). Other Notes *********** * Since OVN 20.06, the "Chassis" register configuration is stored in the "other_config" field and replicated into "external_ids". This replication is stopped in OVN 22.09. The ML2/OVN plugin tries to retrieve the "Chassis" configuration from the "other_config" field first; if this field does not exist (in OVN versions before 20.06), the plugin will use "external_ids" field instead. Neutron will be compatible with the different OVN versions (with and without "other_config" field). Changes in neutron 19.4.0..19.5.0 --------------------------------- fc62d1ea8e Use common wait_until_ha_router_has_state method everywhere 6e6ffa31c1 Never raise an exception in notify() a94143d4fd [Trunk] Update the trunk status with the parent status 1353ef8a7a Increase fullstack job's timeout 44f95a48fc Improve agent provision performance for large networks 70e179e9b7 Since OVN 20.06, config is stored in "Chassis.other_config" 70f947e052 Fix handling the restart of ovn-controllers eb114872c4 [ovn]neutron agent show real heartbeat_timestamp ddb40f9d6d Allow multiple IPv6 ports on router from same network ml2/ovs+dvr 538712635c [ovn]support read chassis update time from nb_cfg_timestamp 8bd833185d [OVN] Fix availability zones changes check b5da174aa3 Limit tox version to <4 779f647fc3 [Fullstack] Wait 10 seconds to ensure that MAC address is configured ffd7496895 Fix bulk create without mac d64da06f74 Add address scope to the OVN LSP port registers 9a2fbd5102 [stable-only] Load config options importing ``common_config`` 037ba074f0 Check if port exists in ``update_port_virtual_type`` method 74618128bc Dont raise RouterInterfaceNotFound on overlap check router ports 4716449325 Enable dstat and memory_tracker in functional/fullstack jobs a591f6c897 Increase the timeout for arm64 jobs 4b374965dd Set bigger swap in the functional and fullstack jobs 7e6ac2b437 Fix behaviour of enable/disable in OVN network log 7559a2ea82 Fix duplicated routes exceptions 798f05af4e ovn: Use ovsdb-client to create neutron_pg_drop c95d541518 Delete MAC binding for LRP when the port is deleted 510beec629 Avoid register config options on imports c5a3ea4a10 ovn: first tear down old metadata namespaces, then deploy new a036317775 Mark functional L3ha tests as unstable 9cdd3cc8bb OVN: Add support for DHCP option "domain-search" for IPv4 6c36bada05 Always create a "router_extra_attributes" register per router 26db7326c4 [stable-only] Add "tempest-integrated-networking" job to experimental 789a46df61 Check subnet overlapping after add router interface 652d8da392 Update the Ethernet card information 0556938248 Allow shared net to be added on router a2df23ac90 Port provisioning should retry only for VM ports 88a5e8e44a Update documentation link for openSUSE index. 40254f7235 [OVN] Set the default OVN metadata worker number to 0 71d4c68eb4 update the nova host aggregates links 5dac0105c2 Disable in-band management for bridges before setting up controllers 921713cbdc [OVN] Avoid deadlock when cleaning hash ring nodes d44fa77319 [L3HA] Don't update HA router's ports if router isn't active on agents 1d3ae69e3b Fix ipam_pluggable_backend unit tests module 55df77f92c Execute "IpMonitorTestCase" tests always inside a namespace d89b9b13c6 Split Hash Ring probing from the maintenance task 560ea25085 [OVN] Allow to execute ``MetadataProxyHandler`` in a local thread 6c94585b8c Allow to pass EUI64 IP address as fixed ip for the port 99bce9d055 [stable-only] Add writer DB context to "add_provisioning_component" 9f3bec03fd Accept a port deletion with missing port binding information d033ab6eb6 Script to remove duplicated port bindings 9a48e866b9 fix: Fix url of Floodlight a54a800659 Migration revert plan 794860eb75 Use "OVNMechDriver" instance in "TestOvn[Nb|Sb]IdlNotifyHandler" fd7993cfe0 Handle several dhcp agents for metadata over ipv6 717e3e0955 Do not allow a tenant to create a default SG for another one 564e836358 [OVN] Rate limit the "Disallow caching" log from hash ring 3f146db5a7 Fix indentation issue in wait_for_change override ff6705d1b6 Revert "[OVN] Set NB/SB "connection" inactivity probe" 3de47d284e Retry connections to Nova 1eeb5126c1 Add an active wait during the port provisioning event 423c92814b [ovn] Specify port type if it's a router port when updating 0fe77594c5 Bump revision number of objects when description is changed 9985e7ddaf Allow operator to disable usage of random-fully 3f0ea85bec [OVN] Remove ACLs with remote SG during deletion of SG 1850646b41 [OVN] Remove session check in ``update_network_postcommit`` 6f92ba9280 ovn: Don't fail db sync if new IP allocation fails for metadata 8e953bd349 Mellanox_eth.img url expires, remove the mellanox_eth.img node 9a0539fcda [OVN] Fix updating network segmentation ID 8c98d7bd20 Clean up db residual record from dvr port cfb0672ab7 [ovn]Change LogicalSwitchPortUpdateUpEvent old conditions ec831cdf12 Add workaround for eventlet.greendns bug 14ff8dca34 Port update will trigger less notifications to the DHCP agents 6ad3aab29c Implement specific tracked resource count method per quota driver ff9c7cf1a2 Test: mock out _check_netfilter_for_bridges in unit tests a11b4f49e7 ovn: Wait for northd in functional tests 429fbae1d0 [OVN] Sync QoS policies 22f231fd8b Partially revert "Do not link up HA router gateway in backup node" Diffstat (except docs and test files) ------------------------------------- .../contributor/internals/live_migration.rst | 21 ++ neutron/agent/common/ovs_lib.py | 19 +- neutron/agent/common/utils.py | 54 +++- neutron/agent/dhcp/agent.py | 2 +- neutron/agent/l3/dvr_edge_ha_router.py | 4 +- neutron/agent/l3/ha.py | 9 - neutron/agent/l3/ha_router.py | 32 +- neutron/agent/l3/router_info.py | 20 +- neutron/agent/linux/interface.py | 50 +-- neutron/agent/linux/iptables_manager.py | 4 + neutron/agent/linux/keepalived.py | 5 + neutron/agent/ovn/metadata/agent.py | 237 ++++++++------ neutron/agent/ovn/metadata/ovsdb.py | 11 +- neutron/agent/ovn/metadata/server.py | 14 +- neutron/agent/ovn/metadata_agent.py | 2 + .../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 27 +- neutron/api/rpc/handlers/l3_rpc.py | 17 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 2 + neutron/cmd/remove_duplicated_port_bindings.py | 70 +++++ neutron/common/config.py | 3 + neutron/common/ovn/constants.py | 6 + neutron/common/ovn/hash_ring_manager.py | 15 +- neutron/common/ovn/utils.py | 154 +++++++-- neutron/conf/agent/common.py | 3 + neutron/conf/common.py | 13 + neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py | 6 +- neutron/db/availability_zone/router.py | 3 +- neutron/db/ipam_pluggable_backend.py | 14 +- neutron/db/l3_attrs_db.py | 18 +- neutron/db/l3_db.py | 152 ++++++--- neutron/db/l3_dvr_db.py | 7 +- neutron/db/l3_dvrscheduler_db.py | 15 +- neutron/db/l3_hamode_db.py | 6 +- neutron/db/provisioning_blocks.py | 1 + neutron/db/quota/driver.py | 13 +- neutron/db/quota/driver_nolock.py | 4 + neutron/db/securitygroups_db.py | 4 + neutron/extensions/quotasv2.py | 4 +- neutron/notifiers/nova.py | 12 + neutron/objects/ports.py | 8 + neutron/objects/router.py | 12 + neutron/plugins/ml2/db.py | 18 ++ .../agent/openflow/native/ovs_bridge.py | 34 +- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 38 ++- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 184 ++++------- .../ovn/mech_driver/ovsdb/extensions/qos.py | 86 +++-- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 19 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 74 ++++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 124 ++++++-- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 43 ++- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 174 ++++------- neutron/plugins/ml2/plugin.py | 237 ++++++++------ neutron/quota/resource.py | 4 +- neutron/services/logapi/drivers/ovn/driver.py | 50 ++- neutron/services/revisions/revision_plugin.py | 33 +- neutron/services/trunk/plugin.py | 10 +- .../agent/ovn/metadata/test_metadata_agent.py | 17 +- .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 25 +- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 12 +- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 196 +++++++++++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 87 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 287 ++++++++++------- .../services/logapi/drivers/ovn/test_driver.py | 56 ++++ .../functional/services/ovn_l3/test_plugin.py | 11 +- .../unit/agent/l2/extensions/dhcp/test_ipv6.py | 15 +- .../linux/openvswitch_firewall/test_iptables.py | 16 +- .../rpc/agentnotifiers/test_dhcp_rpc_agent_api.py | 40 ++- .../unit/common/ovn/test_hash_ring_manager.py | 11 +- .../agent/openflow/native/ovs_bridge_test_base.py | 7 +- .../openvswitch/agent/test_ovs_neutron_agent.py | 5 +- .../ml2/drivers/ovn/agent/test_neutron_agent.py | 2 +- .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 36 ++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 85 ++++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 150 +++++---- .../drivers/ovn/mech_driver/test_mech_driver.py | 204 ++++++++---- .../services/revisions/test_revision_plugin.py | 16 + playbooks/configure_functional_job.yaml | 4 +- playbooks/run_functional_job.yaml | 4 +- ...he-OVN-LSP-port-registers-1f45e34815c3896d.yaml | 6 + ...d-port-provisioning-retry-8edf16a258b164a0.yaml | 8 + .../ovn-chassis-other-config-7db15b9d10bf7f04.yaml | 10 + .../ovn-metadata-workers-fa8a2019f34bd572.yaml | 9 + .../notes/ovn-update-vlan-id-749d8f17999243f5.yaml | 7 + ...-duplicated-port-bindings-83b58060f3adb403.yaml | 10 + .../notes/use_random_fully-527b20bc524c308a.yaml | 15 + requirements.txt | 2 +- setup.cfg | 1 + tools/configure_for_func_testing.sh | 15 + .../tripleo_environment/ovn_migration.sh | 35 ++- .../playbooks/ovn-migration.yml | 17 + .../tripleo_environment/playbooks/revert.yml | 4 + .../roles/recovery-backup/defaults/main.yml | 12 + .../playbooks/roles/recovery-backup/tasks/main.yml | 68 ++++ .../playbooks/roles/revert/tasks/main.yml | 29 ++ tox.ini | 43 +-- zuul.d/base.yaml | 5 +- zuul.d/job-templates.yaml | 44 +++ 140 files changed, 4208 insertions(+), 1409 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 0c567bc9bc..b52a4016df 100644 --- a/requirements.txt +++ b/requirements.txt @@ -49 +49 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=1.12.1 # Apache-2.0 +ovsdbapp>=1.12.2 # Apache-2.0