We jubilantly announce the release of: neutron 9.2.0: OpenStack Networking This release is part of the newton stable release series. Download the package from: https://tarballs.openstack.org/neutron/ For more details, please see below. 9.2.0 ^^^^^ New Features ************ * A new mechanism has been added to netns_cleanup to kill processes that are listening on any port/unix socket within the namespace. This will try to kill them gracefully via SIGTERM and, if they don't die, then a SIGKILL will be sent to the remaining processes to ensure a proper cleanup. Known Issues ************ * In kernels < 3.19 net.ipv4.ip_nonlocal_bind was not a per- namespace kernel option. L3 HA sets this option to zero to avoid sending gratuitous ARPs for IP addresses that were removed while processing. If this happens then gratuitous ARPs are going to be sent which might populate ARP caches of peer machines with the wrong MAC address. Deprecation Notes ***************** * The iptables firewall driver will no longer enable bridge firewalling in next versions of Neutron. If your distribution overrides the default value for any of relevant sysctl settings ("net.bridge.bridge-nf-call-arptables", "net.bridge.bridge-nf-call- ip6tables", and "net.bridge.bridge-nf-call-iptables") then make sure you set them back to upstream kernel default ("1") using /etc/sysctl.conf or /etc/sysctl.d/* configuration files. Bug Fixes ********* * A special case has been added to allow the creation of DHCP ports on Service Subnets that do not have the service type "network:dhcp", provided that the subnet has 'enable_dhcp' set to 'True'. This fixes the recurring error seen when neutron attempts to automatically create a DHCP port on a dhcp-enabled subnet after the subnet is created. See bug report 1636963 (https://bugs.launchpad.net/neutron/+bug/1636963) for more details. * Versions of keepalived < 1.2.20 don't send gratuitous ARPs when keepalived process receives SIGHUP signal. These versions are not packaged in some Linux distributions like RHEL, CentOS or Ubuntu Xenial. Not sending gratuitous ARPs may lead to peer ARP caches containing wrong information about floating IP addresses until the entry is invalidated. Neutron now sends gratuitous ARPs for all new IP addresses that appear on non-HA interfaces in router namespace which simulates behavior of new versions of keepalived. Changes in neutron 9.1.1..9.2.0 ------------------------------- 6ddddcb ovsfw: Support protocol numbers instead of just tcp and udp 9851426 Remove get_router_cidrs method of dvr_edge_ha router ff7c5c2 Add check for ha state 5ff38b7 Fix netns_cleanup interrupted on rwd I/O ae0a31d DHCP: enhance DHCPAgent startup procedure a1a0c91 Add filter check for quering 3a977cd Fix a bug in process_spawn binding on ports 51f9ea6 Check for unbound ports in L3 RPC handler 02c621e XenAPI: add support for conntrack with XenServer 2783c4b Add retry to _create_ha_port_binding 4055c0a Support alembic 0.8.9 in test_autogen_process_directives bc91bce Solve unexpected NoneType returned by _get_routers_can_schedule. 4f985fa Get rid of double-join to rbac_entries without filter 1cfc49c Make ovs functional tests mutually isolated cdfa780 Add fullstack test with OVS arp_responder 570f6e4 Add missing revises_on_change attribute 1c0f298 Unplug external device when delete snat namespace 1706f3d Kill neutron-keepalived-state-change gracefully 340e776 Kill processes when cleaning up namespaces a3e9a2e Remove iptables nat and mangle rules for security group f1cabc1 Handle label_id's DBReferenceError when creating label-rule 6cf3ebb Have qos object increment port/network revision dfb55ba Compare port_rule_masking() results with different approach 13af011 Use gate_hook to enable q-trunk for rally. 8f98999 Reduce IP link show calls for SR-IOV scan loop 5f74899 Account for unwire failures during OVS trunk rewiring operations 680e144 gate_hook: Add a no-op rally case 0753615 Delete related conntrack when delete vm efcd564 Optimize trunk details extension hook 3bc392b rally trunk port list ff1d93d Use subqueries for rbac_entries and subnets<->network 95d9349 DVR: Fix race condition in creation of fip gateway cfac3bc Fix DHCP Port Creation on Service Subnets 52f31b0 Update MTU on existing devices b4a596d Correctly print --limit value passed via API 9c79753 Add rally hook to neutron devstack plugin 52dae43 Add a trunk rally test d207361 Imported Translations from Zanata e15e94b Skip larger than /64 subnets in DHCP agent ceb1b95 Delete conntrack when remote ipset member removed c15aa7e Only send string values to OVSDB other_config column 151af89 SRIOV: don't block report_state with device count 49c2e14 Speed-up iptables_manager remove_chain() code 1ee3f58 Don't compile OVS kernel modules for functional job cd8b6d4 Migrate device_owner for router's interface e4890a3 ovs-agent: Close ryu app on all exceptions e41cf43 ovsdb: don't erase existing ovsdb managers 8692346 Changing arping command execute to accept 1 as extra OK code c0ef390 ovs-agent: Catch exceptions in agent_main_wrapper 6ede5f5 DVR: remove misleading error log 4371a4f iptables: fail to start ovs/linuxbridge agents on missing sysctl knobs 1529c03 callbacks: Make the value of FLOATING_IP match with api resource 69f94f4 Fixed functional iptables firewall tests for newer kernels 875eeca Allow to override Idl class in OVSDB Connection e8c0d7a l3-ha: Send gratuitous ARP when new floating IP is added Diffstat (except docs and test files) ------------------------------------- TESTING.rst | 13 ++ bin/neutron-rootwrap-xen-dom0 | 24 ++- devstack/lib/ovs | 14 +- etc/neutron/rootwrap.d/dhcp.filters | 4 +- etc/neutron/rootwrap.d/iptables-firewall.filters | 9 +- etc/neutron/rootwrap.d/l3.filters | 8 +- etc/neutron/rootwrap.d/netns-cleanup.filters | 12 ++ neutron/agent/common/ovs_lib.py | 9 + neutron/agent/dhcp/agent.py | 1 - neutron/agent/l3/agent.py | 4 + neutron/agent/l3/dvr_edge_ha_router.py | 3 - neutron/agent/l3/dvr_fip_ns.py | 111 +++++++++---- neutron/agent/l3/dvr_local_router.py | 9 +- neutron/agent/l3/dvr_snat_ns.py | 12 ++ neutron/agent/l3/ha.py | 32 +++- neutron/agent/l3/ha_router.py | 29 +++- neutron/agent/l3/keepalived_state_change.py | 50 +++++- neutron/agent/l3/router_info.py | 7 +- neutron/agent/linux/async_process.py | 14 +- neutron/agent/linux/dhcp.py | 5 + neutron/agent/linux/interface.py | 42 ++++- neutron/agent/linux/ip_lib.py | 71 ++++++-- neutron/agent/linux/ipset_manager.py | 9 +- neutron/agent/linux/iptables_firewall.py | 49 ++++-- neutron/agent/linux/iptables_manager.py | 18 +- .../agent/linux/openvswitch_firewall/constants.py | 6 - neutron/agent/linux/openvswitch_firewall/rules.py | 11 +- neutron/agent/linux/utils.py | 59 ++++++- neutron/agent/ovsdb/api.py | 30 ++++ neutron/agent/ovsdb/impl_idl.py | 9 + neutron/agent/ovsdb/impl_vsctl.py | 15 ++ neutron/agent/ovsdb/native/commands.py | 41 +++++ neutron/agent/ovsdb/native/connection.py | 5 +- neutron/agent/ovsdb/native/helpers.py | 12 +- neutron/agent/securitygroups_rpc.py | 2 +- neutron/api/api_common.py | 8 +- neutron/api/rpc/handlers/l3_rpc.py | 7 +- neutron/callbacks/resources.py | 2 +- neutron/cmd/netns_cleanup.py | 104 +++++++++++- neutron/cmd/sanity/checks.py | 11 ++ neutron/cmd/sanity_check.py | 22 +++ neutron/db/common_db_mixin.py | 7 +- neutron/db/db_base_plugin_common.py | 8 +- neutron/db/external_net_db.py | 1 + neutron/db/ipam_backend_mixin.py | 12 +- neutron/db/l3_attrs_db.py | 1 + neutron/db/l3_db.py | 7 + neutron/db/l3_dvr_db.py | 17 +- neutron/db/l3_hamode_db.py | 28 ++-- neutron/db/metering/metering_db.py | 32 ++-- neutron/db/models_v2.py | 8 +- neutron/db/portbindings_db.py | 1 + neutron/db/qos/models.py | 4 + neutron/locale/de/LC_MESSAGES/neutron.po | 128 +------------- neutron/locale/es/LC_MESSAGES/neutron.po | 122 +------------- neutron/locale/fr/LC_MESSAGES/neutron.po | 122 +------------- neutron/locale/it/LC_MESSAGES/neutron.po | 122 +------------- neutron/locale/ja/LC_MESSAGES/neutron.po | 120 +------------ neutron/locale/ko_KR/LC_MESSAGES/neutron.po | 130 ++------------- neutron/locale/pt_BR/LC_MESSAGES/neutron.po | 122 +------------- neutron/locale/ru/LC_MESSAGES/neutron.po | 120 +------------ neutron/locale/tr_TR/LC_MESSAGES/neutron.po | 40 +---- neutron/locale/zh_CN/LC_MESSAGES/neutron.po | 106 +----------- neutron/locale/zh_TW/LC_MESSAGES/neutron.po | 106 +----------- .../drivers/mech_sriov/agent/eswitch_manager.py | 12 +- .../ml2/drivers/mech_sriov/agent/pci_lib.py | 20 ++- .../drivers/mech_sriov/agent/sriov_nic_agent.py | 3 +- .../agent/openflow/native/ovs_ryuapp.py | 20 ++- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 7 - .../drivers/openvswitch/agent/ovs_neutron_agent.py | 6 +- .../agent/xenapi/etc/xapi.d/plugins/netwrap | 17 +- neutron/scheduler/l3_agent_scheduler.py | 2 +- neutron/services/segments/db.py | 1 + .../drivers/openvswitch/agent/ovsdb_handler.py | 12 +- neutron/services/trunk/plugin.py | 18 +- .../agent/l3/test_keepalived_state_change.py | 85 ++++++++++ .../unit/agent/linux/test_iptables_firewall.py | 93 ++++++++--- .../unit/agent/ovsdb/native/test_connection.py | 12 ++ .../unit/extensions/test_subnet_service_types.py | 23 ++- .../mech_sriov/agent/test_eswitch_manager.py | 38 +++-- .../ml2/drivers/mech_sriov/agent/test_pci_lib.py | 26 +-- .../mech_sriov/agent/test_sriov_nic_agent.py | 19 +++ .../openvswitch/agent/test_ovs_neutron_agent.py | 2 +- .../drivers/openvswitch/agent/test_ovs_tunnel.py | 4 +- .../unit/scheduler/test_l3_agent_scheduler.py | 7 +- .../services/revisions/test_revision_plugin.py | 36 +++- .../openvswitch/agent/test_ovsdb_handler.py | 13 ++ rally-jobs/extra/trunk_scenario.setup | 1 + rally-jobs/neutron-neutron.yaml | 17 +- rally-jobs/plugins/trunk_scenario.py | 61 +++++++ .../dhcp-for-service-subnets-06f03d902f2fb738.yaml | 10 ++ ...sysctl-bridge-firewalling-912f157b5671363f.yaml | 14 ++ .../netns_cleanup_kill_procs-af88d8c47c07dd9c.yaml | 8 + .../sending-garp-for-l3-ha-c118871833ad8743.yaml | 18 ++ setup.cfg | 1 + tools/configure_for_func_testing.sh | 3 + 135 files changed, 2764 insertions(+), 1794 deletions(-)