We are jazzed to announce the release of: neutron 19.2.0: OpenStack Networking This release is part of the xena stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 19.2.0 ^^^^^^ Bug Fixes ********* * Enforce policy for 'qos_policy_id' attribute of Floating IP so only authorized users can set/unset it. For more info see bug LP#1957175 (https://bugs.launchpad.net/bugs/1957175). * Changes the API behaviour while using OVN driver to enforce that it's not possible to delete all the IPs from a router port. For more info see bug LP#1948457 (https://bugs.launchpad.net/neutron/+bug/1948457) * For IPv4 subnets when dns_nameservers is not set in the subnet, servers defined in 'ovn/dns_servers' config option or system's resolv.conf are used, but for IPv6 subnets these are not used. The same will now be used for IPv6 subnets too. Additionally dns servers added in 'ovn/dns_servers' config option or system's resolv.conf will be filtered as per the subnet's IP version. For more info see the bug report 1951816 (https://bugs.launchpad.net/neutron/+bug/1951816). Other Notes *********** * OVN mechanism driver allows only to have one physical network per bridge. Changes in neutron 19.1.0..19.2.0 --------------------------------- c43013487c [OVN] Keep "connectivity" VIF details parameter in migration 05923cde9d Retry port_update in the OVN if revision mismatch during live-migration 68e14f0b99 Also add B324 to bandit skip list for python3.9+ 909f3bd3c5 [API] Return 403 for POST requests when user is not authorized 0c18f80f5c [L3][QoS] L3 agent QoS extension to handle duplicated FIPs 5573230d30 Fix ingress bandwidth limit in the openvswitch agent 18e05b5b2a Clean duplicated QoS bandwidth related methods in ovs_lib module 7c67460b16 Repeat few times put new interface in the namespace af0828e5e0 [OVN][migration] Clean sg- and fg- interfaces 342e0c3b78 Use python3-devel in bindep for rpm distros 0c96b2134f ovn migration: Remove usage of tripleo-ansible-inventory e05b095300 ovn: Retry port binding on deadlock when migrating to ovn afe3ba73ea Force security_group_id uuid validation of sg rules 40c3671339 Change set_device_rate calls according to new signature 4fc70c09ae ovn migration: Don't use executables in /tmp/ 37c028e3d7 Log request IDs for matched Nova external events 64c29bcaf3 Ensure gateway is set for prefix delegated subnets 7342d11427 Ensure that re_added ports are DOWN before set back to UP d2b1e3edaa Remove exception ``IpAddressAllocationNotFound`` 22baee56f0 Enable sctp module in the fullstack Centos node fc71f63a4f Run configure_for_func_testing script after enable fips 391af6c158 Ensure no GARPs are sent for Load Balancer VIPs on tenant networks bf308a12a1 Allow ovn_db_sync to continue on duplicate normalised CIDR c6d3f90bee Check whether vxlan group and local addresses are IPv4 or IPv6 ceaed57f42 Fix a error when l3-agent gets filter id for ip 6b6abd0718 [OVN] Update VIP port host ID when traffic detected 0c9e9b2752 [SR-IOV] Fix QoS extension to set min/max values 6ea9463838 Support SB OVSDB connections to non-leader servers 9da226fe30 Switch to cirros uec image in ovn tempest jobs c9de2e89df [ OVN ][Migration] Reload systemctl daemon after removal bd738eadd1 [OVN][Cosmetic] Improve gen_router_port_options b0b17dad0a Restructure layout for periodic, experimental and tox jobs c0c292efbc [OVN] Handle RouterNotFound exception in set_gateway_mtu b96d46fe42 Add FIPS enabled scenario jobs 9d233ab712 Add functional and fullstack jobs with FIPS enabled 691496c365 segments: fix scheduling duplicate segments 2104bbdddc Make configure_for_func_testing compatible with e.g. Centos eba283a4c4 Remove run-devstack role from run_functional_job playbook 6695f64f5f Use Port_Binding up column to set Neutron port status ac4aa7ef7e Wait longer before deleting DPDK vhu trunk bridges d67b05ddea [ovn] Prevent stale ports in the OVN database f20a015886 [OVN] Migrate "reside-on-redirect-chassis" for distributed FIP 78c63d4ec6 Make sure "dead vlan" ports cannot transmit packets 8dc7db2608 Create a PeriodicWorker for DbQuotaNoLockDriver clean up 35eedf91f5 [OVN] Check if exists trunk ports before cleanup d317bedb7d Update irrelevant-files for non scenario jobs 25e8ec0c56 Update irrelevant-files to skip run of untouched jobs 68458c369e Use a thread local variable to store the Nova Notifier enable flag 0c2af0f6e7 [Stable Only] Enforce policy for qos_policy_id attribute 19d26228ac [Xena Only] Switch to xena neutron-tempest-plugin jobs 64b06e12d6 [OVN] Fix overlapping security group objects not correctly applied 08a35203de Ensure subports status is aligned with parent port 6be2df7eb5 [OVN] Add the VIF details "connectivity" parameter fb50dc2a10 [stable-only] Update Placement allocation when min bw rule direction is changed ff45fce495 Properly clean up ovn-northd in functional tests 328c5740c5 [OVN][FT] Check UNIX socket file before using it 5025a6a727 Make the dead vlan actually dead 88dfbcc8a9 [OVN] Correctly set dns_server in dhcpv4/v6 options 2f8002b506 [Stable Xena Only] Drop TripleO periodic jobs bde4724980 [OVN] Prevent OVS to OVN migration if firewall "iptables_hybrid" 30a7618e6f [OVN] Check new added segments in OVN mech driver a43972ab9f [Functional] Add extra logs to the L3 HA router transitions 97180b0183 Register cleanup hooks for the object change handlers only when needed eb582be329 Fix OVS OVSNeutronAgent.reclaim_local_vlan() 488a68cb49 Exclude router gw subnet ports from port list while port delete. 1dc99e93fe When creating a VXLAN interface, a device is mandatory 795a19bf35 [OVN] Allow only one physical network per bridge 876e42eb78 Add wait event for metadataagent sb_idl 5b30b14ad7 [OVN] Add reverse DNS records 09f713d5d5 [OVN] Update check_for_mcast_flood_reports() to check for mcast_flood ca06a2e62b [OVN] Prevent deleting the only IP of a router port 56d2bda51d Allocate IPs in bulk requests in separate transactions 6265ab319e [Functional] Fix expected number of the enqueue_state_change calls 666562a258 ovn: enable stateless-security-group api Diffstat (except docs and test files) ------------------------------------- bindep.txt | 9 +- neutron/agent/common/ovs_lib.py | 351 +++++++++---------- neutron/agent/l3/extensions/qos/base.py | 42 +-- neutron/agent/l3/extensions/qos/fip.py | 195 ++++++----- neutron/agent/linux/dhcp.py | 3 +- neutron/agent/linux/interface.py | 70 +++- neutron/agent/linux/ip_lib.py | 25 +- neutron/agent/linux/l3_tc_lib.py | 3 +- neutron/agent/ovn/metadata/agent.py | 17 + neutron/agent/ovn/metadata/ovsdb.py | 9 +- neutron/cmd/sanity/checks.py | 4 +- neutron/common/ovn/constants.py | 15 +- neutron/common/ovn/extensions.py | 2 + neutron/common/ovn/utils.py | 16 +- neutron/db/agentschedulers_db.py | 7 +- neutron/db/db_base_plugin_common.py | 2 +- neutron/db/db_base_plugin_v2.py | 7 - neutron/db/ipam_backend_mixin.py | 3 - neutron/db/ipam_pluggable_backend.py | 50 ++- neutron/db/l3_dvrscheduler_db.py | 3 +- neutron/db/quota/api.py | 4 + neutron/db/quota/driver.py | 4 + neutron/db/quota/driver_nolock.py | 25 +- neutron/extensions/qos_fip.py | 1 + neutron/extensions/securitygroup.py | 4 +- neutron/ipam/drivers/neutrondb_ipam/driver.py | 10 +- neutron/ipam/exceptions.py | 2 + neutron/notifiers/nova.py | 29 +- neutron/pecan_wsgi/hooks/policy_enforcement.py | 10 +- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 5 +- neutron/plugins/ml2/drivers/mech_agent.py | 2 + .../drivers/mech_sriov/agent/eswitch_manager.py | 64 ++-- .../ml2/drivers/mech_sriov/agent/pci_lib.py | 18 +- .../drivers/mech_sriov/mech_driver/mech_driver.py | 3 + .../agent/extension_drivers/qos_driver.py | 9 +- .../openvswitch/agent/openflow/native/br_int.py | 9 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 41 ++- neutron/plugins/ml2/drivers/ovn/db_migration.py | 8 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 68 +++- .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 1 + .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 6 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 55 ++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 68 +++- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 2 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 373 ++++++++++++++------- neutron/plugins/ml2/ovo_rpc.py | 12 +- neutron/plugins/ml2/plugin.py | 108 ++++-- neutron/privileged/agent/linux/ip_lib.py | 6 +- neutron/services/logapi/drivers/ovn/driver.py | 22 +- neutron/services/ovn_l3/plugin.py | 25 +- neutron/services/qos/qos_plugin.py | 70 ++-- .../drivers/openvswitch/agent/ovsdb_handler.py | 2 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 13 +- .../functional/agent/linux/test_bridge_lib.py | 2 +- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 11 +- .../ovn/mech_driver/ovsdb/test_ovn_db_resources.py | 14 + .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 7 + .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 96 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 28 +- .../services/logapi/drivers/ovn/test_driver.py | 63 +++- .../openvswitch/agent/test_trunk_manager.py | 2 + .../unit/agent/l3/extensions/qos/test_base.py | 12 +- .../agent/l3/extensions/qos/test_gateway_ip.py | 4 +- .../ipam/drivers/neutrondb_ipam/test_driver.py | 6 - .../agent/test_linuxbridge_neutron_agent.py | 14 +- .../mech_driver/test_mech_linuxbridge.py | 16 +- .../macvtap/mech_driver/test_mech_macvtap.py | 16 +- .../mech_sriov/agent/test_eswitch_manager.py | 125 +++---- .../ml2/drivers/mech_sriov/agent/test_pci_lib.py | 11 +- .../mech_driver/test_mech_sriov_nic_switch.py | 34 +- .../agent/extension_drivers/test_qos_driver.py | 11 +- .../agent/openflow/native/test_br_int.py | 2 +- .../openvswitch/agent/test_ovs_neutron_agent.py | 30 +- .../mech_driver/test_mech_openvswitch.py | 28 +- .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 4 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 71 +++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 333 +++++++++--------- .../drivers/ovn/mech_driver/test_mech_driver.py | 233 ++++++++++++- .../plugins/ml2/drivers/ovn/test_db_migration.py | 4 +- .../unit/privileged/agent/linux/test_ip_lib.py | 15 +- .../trunk/drivers/ovn/test_trunk_driver.py | 6 +- playbooks/configure_functional_job.yaml | 6 + playbooks/enable-fips.yaml | 5 + playbooks/run_functional_job.yaml | 2 - .../notes/bug-1957175-764bc9c73b8d46e9.yaml | 6 + .../notes/bug-817525-eef68687dafa97fd.yaml | 6 + ...-dns-servers-ipv6-subnets-f2d525abc70b01b3.yaml | 11 + ...it-one-physnet-per-bridge-188285955a5ea124.yaml | 4 + roles/disable_selinux/tasks/main.yaml | 3 + tools/configure_for_func_testing.sh | 24 +- .../tripleo_environment/ovn_migration.sh | 11 +- .../playbooks/ovn-migration.yml | 9 + .../roles/migration/tasks/activate-ovn.yml | 4 +- .../roles/migration/tasks/cleanup-dataplane.yml | 27 +- .../roles/migration/tasks/clone-dataplane.yml | 4 +- .../roles/migration/templates/clone-br-int.sh.j2 | 2 +- .../pre-checks/ovn-controllers/tasks/main.yml | 10 + .../playbooks/roles/stop-agents/tasks/main.yml | 4 + tox.ini | 5 +- zuul.d/base.yaml | 30 ++ zuul.d/grenade.yaml | 15 + zuul.d/job-templates.yaml | 61 ++++ zuul.d/project.yaml | 54 +-- zuul.d/rally.yaml | 15 + zuul.d/tempest-multinode.yaml | 15 + zuul.d/tempest-singlenode.yaml | 77 ++++- zuul.d/tripleo.yaml | 69 ---- 142 files changed, 3240 insertions(+), 1337 deletions(-)