We are glad to announce the release of: neutron 23.2.0: OpenStack Networking This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 23.2.0 ^^^^^^ Prelude ******* The OVN changed support for NAT rules including a new column and auto- discovery logic to know about logical router gateway ports for NAT on a Logical Router. New Features ************ * A new OVN driver Northbound DB column has been added to allow configuring gateway port for NAT rule. If the OVN backend supports the *gateway_port* column in the Northbound DB NAT table, the gateway port uuid will be configured to any floating IP to prevent North/South traffic issues. Previously created FIP rules will be updated only once during the maintenance task to include the gateway_port reference (if OVN backend supports it). In case all FIP entries are already configured no maintenance action will be performed. * A new ovn-cms-options option called "enable-chassis-as-extport- host" is now recognized by ML2/OVN and is used to identify nodes that are eligible for scheduling OVN's external ports. This feature is backward compatible and if no nodes contain this new option the external ports will continue to be scheduled using the "enable- chassis-as-gw" option as before. This change also introduces a limit to the number of members for each HA Chassis Group to 5, matching the limit of gateway router port replicas. This is because OVN uses BFD to monitor the connectivity of each member and having an unlimited number of members could potentially put a lot of stress in OVN. * Remote address group support was added to the iptables-based firewall drivers (IptablesFirewallDriver and OVSHybridIptablesFirewallDriver), Previously it was only available in the OVSFirewallDriver. For more information, see bug 2058138 (https://bugs.launchpad.net/neutron/+bug/2058138). * Added the tags policies for the following resources: network, subnet, port, router, floating IP, network segment, network segment range, security group and security group rule. The policies control the creation, the update and the deletion of the resource tags. Known Issues ************ * The fix of bug 2048785 (https://bugs.launchpad.net/neutron/+bug/2048785) only fixes newly created trunk parent ports. If the fix of already existing trunks is needed, then either delete and re-create the affected trunks or set tpt ports' vlan_mode and tag manually: "ovs-vsctl set Port tpt-... vlan_mode=access tag=0" Bug Fixes ********* * [bug 2036423 (https://bugs.launchpad.net/neutron/+bug/2036423)] Now it is not possible to delete a subnet gateway IP if that subnet has a router interface; the subnet gateway IP modification was already forbidden. * When synchronizing the OVN databases, either when running the migration command or during startup, the code responsible for synchronization will only clean up segment-to-host mappings for hosts with agent_type "OVN Controller agent". Before, the synchronization would clean up (delete) segment-to-host mappings for non-OVN hosts. Fixes bug: 2040172 (https://bugs.launchpad.net/neutron/+bug/2040172). * [bug 2045889 (https://bugs.launchpad.net/neutron/+bug/2045889)] The ports bound to ML2/OVN now contain the OVS bridge name and datapath type in the VIF details dictionary. NOTE: in the ML2/OVS to ML2/OVN migration, the local host OVN bridge (integration bridge) per port is not known; "br-int" will be used by default (that value is rarely changed). * [bug 2036705 (https://bugs.launchpad.net/neutron/+bug/2036705)] The Neutron "port.status" field ("ACTIVE", "DOWN") is now set based on the ML2/OVN Logical Switch Port "up" and "enabled" flags. The user can now set the "port.admin_state_up", that is replicated in the "lsp.enabled" flag, to enable or disable the port. If the port is disabled, the traffic is stopped and the "port.status" is set to "DOWN". Other Notes *********** * When the following configuration is enabled at the same time: * OVN L3 service plugin ("ovn-router") * Port forwarding service plugin ("port_forwarding") * "vlan" or "flat" network types configured in the ML2 configuration variable "tenant_network_types" * The OVN floating IP traffic is distributed ("enable_distributed_floating_ip" = "True") the Neutron server will report a warning during plugin initialization because this is an invalid configuration matrix. Floating IPs need to always be centralized in such a case. For more details see bug report (https://bugs.launchpad.net/neutron/+bug/2028846). * The new value for 'device_owner' for OVN loadbalancer health monitor ports (ovn-lb-hm:distributed) is now supported by Neutron, providing a LOCALPORT behavior to these ports. The responsibility to define these ports with the new value instead of the old one (network:distributed) is under the OVN-Octavia Provider driver, which will take care of database conversion for these ports. * Added extension "subnetpool-prefix-ops" to the ML2/OVN mechanism driver. Changes in neutron 23.0.0.0b1..23.2.0 ------------------------------------- 1da102e402 Checking pci_slot to avoid changing staus to BUILD forever 45318c2c2f [FT] Add a timeout for the NB/SB connection stop method 94a1baa63d Add the port "fixed_ips" information in the DHCP RPC a73ef23e3f Change to use selectin for RBACs in SubnetPool DB load strategy 0019e448d8 Reorder subnet RBAC policy check strings 11cfa25d13 Add policy enforcer for "tags" service plugin 2842023327 [RBAC] Update the subnet policies aec330bafe Return empty BpInfo if missing binding:profile f6ec99d1b8 [OVN] Sanitize the classless-static-route DHCP option f5bc50787a [FT] Run test_periodic_sync_routers_task tests serially fc7fa9cf30 Add a default goto table=94 for openvswitch fw 8d4eeee135 [OVN] Bump revision number after update_virtual_port_host 5b61b842ad [OVN] Fix virtual parent match for PortBindingUpdateVirtualPortsEvent 88419c31d7 [OVN] Update lsp host id when virtual parent moves 2614e77bd1 Revert "Use HasStandardAttributes as parent class for Tags DB model" 4c56dfded1 [stable only] Fix KeyError in set_gateway_mtu 72b64013e2 [ML2/OVN] Add gateway_port support for FIP d1c5eac0a8 [functional tests] compatibility with ovsdbapp>=2.4.2 cbfb4349a1 [stable only] Do not fail on missing logical router ports de0e7341a9 Return both project_id when validating auto allocate network 12bb563ae7 [stable/2023.2 only] Fix incorrect cherry-pick for ext gw ac2ceb63cf Don't update revision number if object was not modified 9685c7f5cf [stable/2023.2 only] Update grenade_from_branch to unmaintained/zed e34c95c4b9 Fix KeyError failure in _sync_subnet_dhcp_options() 377e1f6838 Enhance IptablesFirewallDriver with remote address groups 8db03d65e8 Fix TestOVNMechanismDriver ipv6 tests 6925391e96 Use the system-dependent string for IP protocol 4 44c113651b Fix iptables mapping of 'ipip' protocol 101898fde8 [OVN] Set MTU of the VETH interfaces between OVS and metadata ac63999b66 [stable-only][OVN] Set VETH interface MAC address before up 32af674783 Ensure that haproxy spawned by the metadata agents is active a512e5c624 Retry ``set|get_link_attribute(s)`` if the interface is not present a68369b65a [OVN] A LRP in an external tunnelled network has no chassis 09e007c1ae Disallow subnet cidr of :: without PD 8748557738 [Docs] Add info about incompatible PF configuration in ML2/OVN gaps 3eaa326a7a Log warning about port forwardings that won't work properly 37c53085ff [OVN] Warn about invalid OVN and FIP PF config during start of Neutron 00a9525370 [OVN] Add ``subnetpool-prefix-ops`` extension to ML2/OVN mech driver aad8dd8677 Change SG rules backref load method to "joined" b1d7df2c17 [OVN] Use elevated context to retrieve subnet in router port configuration 0b5ffd1e1b dhcp: fix usage of helper function to retrieve process name 0526fb868e [OVN][FT] Retry in case of timeout when executing "ovsdb-client". 4aa2a773ab [Fullstack] Consolidate segmentation_id update tests into single test 3d13945734 [Fullstack] Remove SecurityGroupRulesTest.test_normalized_cidr_in_rule test da39dff8dd [Fullstack] Remove test_port_shut_down module 39cf91d8f7 [Fullstack] Remove unnecessary tests 1e5ba78870 Set trunk parent port as access port in ovs to avoid loop 3b6e642a67 Make get_ports RPC method common for the DHCP and Metadata agent 2c797b107b If method ``set_netns`` fails, restore previous device namespace 2c567e002c [OVN] OVN agent extensions correctly consume agent API f61b6f81af [OVN] Add the bridge name and datapath type to the port VIF details debeab272a Forbid the subnet gateway IP deletion if a router interface is attached d5945fcaa5 Make ``OVNMechanismDriver.post_fork_initialize`` callback cancellable f07cc43964 fix netns deletion of broken namespaces e9cf2fd6cc Handle creation of Port_Binding with chassis set 60eb15ed30 Register Chassis_Private table in BaseOvnSbIdl 6dfeab9a0a [UT] OVN fake resources factory method should return instance ac465e9ef6 Improve the SG RPC callback ``security_group_info_for_ports`` 496db46e32 Make unit tests compatible with neutron-lib 3.8.1 ac0f6774cf [OVN] Retrieve the OVN agent extensions correctly 76a58448e5 [OVN][FT] Make explicit the "publish" call check in "test_port_forwarding" e552aba974 [OVN] Fix UT assertion de248d2826 [OVN] DB sync host/physnet - filter on agent_type 4b4bea6059 [OVN] Update the External Ports documentation cd9366b9ba Correctly validate subnet arguments when using a subnetpool 9fcec1d59b [Fullstack] Double check that agent is dead when it should be dead 14a830fb36 Metadata: handle process exceptions e6d150ef7d [OVN] Enhanced external port scheduling 81c78e2929 ovn-metadata: Refactor events 95b6ad36d0 Fix the common/ovn functional tests e536483b9b [DHCP agent] Fetch OVN Metadata port from plugin 242508cd4b get_hosts_mapped_with_segments add filter agt_type 0edb776c6a [DHCP agent] Fix route to OVN metadata port for non-isolated networks 2200101f9f docs: update default value of metadata workers for ml2/ovn d5a049ef07 Add constant to identify OVN LB HM ports a7aeec703d Remove obsolete PID files before start 9196b612de Catch non-existent entry failures better in ip_lib c03d76a41d Ensure ovn loadbalancer FIPs are centralized upon neutron restarts 80b50732e9 [Fullstack] Drop all linuxbridge scenarios from fullstack tests 7daf61a0af Don't set port capabilities for OVS HW offloading 15814a4623 [Stable Only] Fix parent for nftables job 6a33b2d5c5 Restore the tempest nftables jobs in experimental and periodic queues 2ecb7084fe [DHCP agent] Add route to OVN metadata port if exists 54122203f4 [FT] Clear the idl lock in TestMaintenance tests 7225322f66 [fullstack] Unify ``TestQoSPolicyIsDefault`` tests 2a2c62ddfb [fullstack] Unify ``TestMTUScenarios`` tests 28d69eaef4 [stable/2023.2 only] Drop -master jobs c6f5ea61c8 [2023.2 Only] Switch to 2023.2 neutron-tempest-plugin jobs f797f8bc2e Add dhcpagentscheduler API extension to the ML2/OVN extensions 5485a19356 "ebtables-nft" MAC rule deletion failing 59e3b22d14 Remove any IPAM allocation if port bulk creation fails aaa8f18d11 Parameter filters may be None, which cannot be called with ** de121943ee Fix the ``log.setup`` method call with "fix_eventlet=False" 4266dce979 Add "jammy" distribution release to the legacy ebtables installation 61f94ab449 [OVN] Add the default condition check in ``PortBindingChassisEvent`` 04e9b063ad [OVN] Match LSP_TYPE_VIRTUAL in PortBindingUpdateVirtualPortsEvent d28bcf0fe1 Revert "[OVN][Trunk] Add port binding info on subport when parent is bound" f1638bb6d1 Use safer methods to get security groups on security group logging 05aed84c2a Update TOX_CONSTRAINTS_FILE for stable/2023.2 74bca8052a Update .gitreview for stable/2023.2 0ca6953194 Fix wrong indentation in release note b2ceb8b854 Add release note with known issue with FIP PFs and vlan tenant networks 8cba9a2ee8 Call the "tc qdisc" command for ingress qdisc without parent 34e441e06c Revert "[OVN][Trunk] Set the subports correct host during live migration" c930196dd8 [CI] Bump OVS_BRANCH in ovs/ovn source deploy jobs f7489abaf8 [UT] Adjust autogen_process_directives for alembic-1.12.0+ a3a113aedb [OVN] Fix rate and burst for stateless security groups b250b85770 [UT] Reduce the binding retry loop in ``L3HATestFramework`` c6b6ecc751 Drop release notes for l3-ext-gw-multihoming and adjacent features 5c2f54ca03 Default SG rules template - Update related docs and add release note a4c8392209 Default SG rules - use new rules templates to create rules for SGs 78bc33d300 [Fullstack] Use new DB for each running test 7f777c223e [OVN] Cleanup old Hash Ring node entries d9eb04478e [FT] Make explicit the "publish" call check in "test_port_forwarding" fa130f29f7 Update QoS config document: use YAML config examples 0545f40a04 [OVN] Add the 'uplink-status-propagation' extension to ML2/OVN a3b00768d6 Check the device ID and host ID during virtual port binding 0e5c91c499 Add some more known issues to the OVN gap document e6fb32e27d Fix race condition when creating two routers without HA network 4109ee9bb4 Use the new network HA parameter aad82233eb Prevent internal IP change for floating IP 87b2f34a98 Fix ovn-metadata agent sync of unused namespaces 7ed79c1f78 [OVN][Trunk] Set the subports correct host during live migration e1f887ca9f [OVN] Skip the port status UP update during a live migration d084f2724d [OVN] Set the Neutron port status based on "lsp.up" and "lsp.enabled" 7848eb0bf9 Add "openstack-tox-py310-with-sqlalchemy-master" to check queue 24a645d1d7 Fix bindep for Debian bookworm 72b5120ac2 Remove local CI job "tox-py311" superseded by "openstack-tox-py311" dd3ba9a6cf [OVN] Add a log message after the "post_fork_initialize" method 06dbc5227b [OVN] Disable the mcast_flood_reports option for LSPs 4295598261 Use SQLAlchemy expression "select" 85d3fff97e Use HasStandardAttributes as parent class for Tags DB model 49fcd2f515 Force DB migration script to be run before some fullstack tests 43b4c9ebc5 [sqlalchemy-20] TableClause.insert constructs Insert object 3044b938b9 [OVN] Retry retrieving LSP hosting information afcce6d749 Initialize logger for rpc-server and wsgi script 4693836a1b [OVN] ovn-db-sync check for router port differences 395dd237d1 Fix missing oslo.versionedobjects library option 6fef1e6525 Add max limit to agent_down_time 0741a0d5a5 Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules 5b7031841e Create is_ovn_metadata_port() method a505ff7dbb hash-ring: Retry all DB operations if inactive 14b2f4f60f [UT] Create network to make lazy loading in the models_v2 possible 4757b46646 Fix some new pylint "W" warnings 9e8e3a7867 [OVN] Hash Ring: Better handle Neutron worker failures 019d3421f2 Update Cirros to 0.6.2 ba6f7bf83e dvr: Avoid installing non-dvr openflow rule on startup 89702218db Add extra router attributes for ECMP and BFD 6c513217c2 ovs-agent: React to DB down just like to server down 36db70a718 Add sanity check for dnsmasq 2.86 321182980d Follow up on a small nit from patch 875989 [1] 96fd203a14 For hosts in DVR mode, only fetch bound FIPs 5db57734aa Initialize config in DietTestCase class 929b383743 Fix some new pylint "R" warnings aeb8036393 [sqlalchemy-20] Replace Query.get() with Session.get() c831771053 [PostgreSQL] Subnet entity with ServiceType grouped by both tables cc38cb0cee [sqlalchemy-20] Use the correct OVO field type c94fb2bb88 [sqlalchemy-20] Define one DB model per "FromClause.join" clause a9c8bf5c06 [neutron-api] remove leader_only for sb connection 32121ee638 Add unit tests periodic jobs to the experimental queue b2f1cc724a Add "openstack-tox-py310-with-sqlalchemy-master" CI job 49b68d36a0 [Docs] Add recommendation about usage of cache in the neutron-metadata-agent 67be07fd5b Add new DEFAULT option named "my_ipv6" e41fae522b Default SG api rules template - DB and OVO models 670675dd17 [sqlalchemy-20] Network "repr" should be tested with any order 02b12b0917 Refactor for ovs qos driver meter limit features 65bbbcee76 Set result when lswitch port exist 26a2266cf4 [FT] Move ``BaseOVSTestCase`` class to concurrency 1 executor 80ad28e696 Define the port "fixed_ips" in the creation call 68ecae5ff9 [OVN] Prevent binding a virtual type port b4eb5d71ab Drop redundant index on ports table 42ae944870 Switch fullstack/functional fips jobs to 9-stream f2dd2d3cac doc: fix typo in metering-agent.rst 4a71a7f82f Remove unused method from OVN L3 plugin 833a6d82cd [OVN] Prevent Trunk creation/deletion with parent port bound 28926957d6 [OVN] Expose chassis hosting information in LSP b92d133de6 [OVN] Read the necessary configuration options in the OVN agent load c8c74f12e0 Load FIP information during initialize not init 0090572b93 Ensure traffic is not centralized if DVR is enabled 024704625a Add missing port_binding policies 39e167ab27 Add neutron-tempest-plugin-linuxbridge job to the periodic queue 4a97429e7f [OVN] Improve ovn_l3/plugin.py exception logging add2a6eb8c [ovn][ipv6] Add some more tests to skiplist b084213382 Add more debugging to common agent code 8cd949fc9b Increase timeout in test_get_all_devices() 22ace8a752 [OVS] Check the datapath ID set by the creation method 6632420675 Revert "Use ``TextClause`` to define the DB model "server_default"" 7b85f9c244 [OVN][L3] Optimize FIP update operation 32d589f03e Don't allow deletion of the router ports without IP addresses 576c468b71 Disable pool recycle in tests 67a0b07287 Delete sg rule which remote is the deleted sg a174467639 Explicitly define the subnet creating a new port 08fe84f443 [sqlalchemy-20] Remove redundant indexes from some tables 126d54badc Fix some new pylint "E" warnings dfe29e6760 Delete network namespace on last port deletion 9d9f47c20c [OVN] Remove SB "Chassis"/"Chassis_Private" duplicated registers 8887cdf5d3 Imported Translations from Zanata 955e621167 [OVN][Trunk] Add port binding info on subport when parent is bound f2e3ab3805 [OVN] Hash Ring: Set nodes as offline upon exit 6e3525188f [S-RBAC] Fix policies for CUD subnets APIs ec4bfb91f0 [qos] _validate_create_network_callback return in no network 593278550a Functional: assert multiple calls for update_virtual_port_host 0c66dfaed8 [OVN] The all() and count() methods should be inside a DB txn 8b0c7d2c8d Return back the test_dvr_ha_router_interface_mtu_update test case 57e860ca19 Return back the test_dvr_router_interface_mtu_update test case afa20faec3 [OVN] Improve Hash Ring logs 0c09dbdb2a Subnet now inherit the sRBAC perm. from the parent resource Network 9ca0e34a5e Delete the "Chassis_Private" register when deleting an agent 5e0c102830 Send ovn heatbeat more often. 15fb672641 dhcp/agent: add more detail to a todo note regarding call_driver a9323f0325 dhcp/agent: fix 'get_metadata_bind_interface' driver call 050536c66e Stop the RPC connections when the agent exits ce12b6ac19 Do not query neutron-rpc for sg rules upon sg deletion 1f5f8965c3 gate: bump ovn to the latest LTS release (22.03) 2a8c7ff4f0 [ovn][ipv6] Skip test_update_router_admin_state f9be5d886d Fix 'consider-using-with' warning f070ba6f9d Revert "[OVN] Remove backwards compatibility with OVN < v20.09" e8cd39b3d7 Make DB migration creating indexes in RBACs conditional 61b358b6b5 [S-RBAC] Add API policies for get and activate port bindings b6ce722324 Raise the timeout of "neutron-ovn-rally-task" to 9000 e9da29d16c Change RBAC relationship loading method to "joined" 37dda9bc69 Move ``determine_bind_host`` to ``ovn.utils`` ac24dbed1c Implement ``get_port_type_virtual_and_parents`` method a22b1dedc2 Implement ``get_subnets_address_scopes`` method 9f6f6d5082 Return 409 Conflict to tenant user deleting port attached to FIP 2fbfe3855e Improve the ``PortBindingUpdateVirtualPortsEvent`` match filter 413044f253 [OVN] The L3 scheduler does not use all chassis by default 1b9a16c956 Add description field to the security_group_default_rules resource a72e97ddff Update api extension for default sg rules API a221764751 Allow Multiple External Gateways 0b67da59c6 [sqlalchemy-20] Open a connection to execute a command ac231c8174 Improve "sync_ha_chassis_group" method 35cb164ea5 [ovn]disable security group notifier 9e6675ec06 Increase the waiting period to receive a port creation event 43ef447a57 SG rule dict method allows DB object and Neutron OVO 846003c437 Start metadata proxy even if IPv6 DAD fails 452973c0db Revert "Use a writer context for the online alembic migrations" f42d86cc0d Bump neutron-lib to 3.6.1 ebc0658d55 Revert "Delete sg rule which remote is the deleted sg" e0a2427a2f [ovn] Avoid unwanted ACL_NOT_FOUND error when deleting log objects b677d65b2d [OVN][Migration] Enable settings backup subnet for NFS clients 6fa3d8019f Use ``TextClause`` to define the DB model "server_default" 1d0335810d Disable mysql gather performance in jobs 10ff1caaca Fix some new pylint "C" warnings ed274efcf7 Update pylint version 5f4a41326d Add rate-limiting to metadata agents 43c756d728 [alembic] Alembic operations require keywords only arguments 0959e452d3 [sqlalchemy-20] Retrieve the ``URL`` string with the password a86e300a0b Handle no more IP addresses available during a network sync a612346146 Fix not working use_random_fully config option a06b44e12d Imported Translations from Zanata 01af4b2cda Remove the neutron-debug tool 3b7699bc66 Add scope ID to the "GROUP BY" clause in ``get_scoped_floating_ips`` 01de74dedf [S-RBAC] Get QoS rule types API available for READER role 7573fca58c Notify neutron-server ovs is restarted d409296bde docs: Deindent code blocks 043a8ecad9 [OVN] Use the API context in ``OVNClient._add_router_ext_gw`` method 363c690529 Replace "tenant_id" with "project_id" in address scope 6a2ccfac32 Make "project_id" in "L3HARouterNetwork" unique constraint 98ac1fa31a [sqlalchemy-20] Add the transaction context to the upgrade checks methods 3e65ef863c Mark "ipv6_pd_enabled" as deprecated and experimental. 4edff4fe8d [S-RBAC] Fix new policies for FIP PFs APIs be0dc09d52 [S-RBAC] Fix new policies for get QoS rules APIs 97d658c4ce port-hint-ovs-tx-steering: shim extension 6b55589ae0 port-hint-ovs-tx-steering: agent side 0390ada97c port-hints: api extension c3602ac19b [OVN] Update ovn meter when neutron server reloads be4e150de9 [OVN] Remove backwards compatibility with OVN < v20.09 dde1d69c78 Add host metadata haproxy manager c0af5b3b5e Reduce lock contention on subnets 256297fc7f rbacs: clean-up to use defined constants ACCESS_* 6eb7006801 Drop retries in tests for TimeoutException 78dbe55f19 Add extra log to help figuring out OVS events 30c0e5699e Fix doc links for networking option 2 adaba13bdb Add new DEFAULT option named "my_ip" b1cc242fad Add a method to retrieve router gateway ports 7a59cf0eb9 Correct planned removal for maintenance function 2be53b1719 [functional] Fix db_set use in test_cascading_del_in_txn a9963e90d9 ``_get_ovn_version`` returns a 3 element tuple 4ad979a534 Mark "test_port_creation_and_deletion" as unstable 9ac59e4b4a Avoid retrieving ports if network list is empty 4bac350f68 Remove "neutron-ovn-tempest-ovs-release-ubuntu-old" job b19b55909d Don't set and remove immediately DEAD VLAN tag in tests 88ce859b56 Change API to validate network MTU minimums 9f22dc1d3a Doc: Add FWaaS v2 install details 853dc2570d Add py39 jobs to tox override template 39d252da7c Deprecated support for Windows OS 82029c2c51 Use a writer context for the online alembic migrations 2cafe0a9c4 Revert "Move to python3.9 as minimal python version" f93c9be1c1 Move to python3.9 as minimal python version 4e27e27ae2 Replace context decorators with context managers dd184c5c10 Fix Loki tempest jobs b31453af47 [OVN] Admin procedure for duplicated or deleted OVN agents 872b53f618 Fix functional tests modules which are using PluginFixture 670cc383e0 [S-RBAC] Switch to new policies by default d757c530bc Update QoS documentation a84567b8d6 Remove the ``OVNSqlFixture`` class workaround 05ba4257de Remove creation of DHCP port in the OVN metadata unit test f23d7af8d7 Use explicit inner join for networks in port query 43829301f3 Handle "no such process" during keepalived process cleanup 34ea8988d6 [OVN] Add update event to ``OVSInterfaceEvent`` class a5e26408d2 Fix dns_integration and ml2 plugin unit tests modules 5db17654b9 Fix servicetype unit tests module f92d6fa72a Fix segments unit tests module 6b5acb5835 [S-RBAC] Get availability zone API available for READER role 340fd3cfe7 Run master jobs only on master branch 706a0e0268 Fix parent of neutron-ovn-tempest-with-uwsgi-loki 28961c8b76 Fix network_segment_range unit tests module 73ac4510c7 [grenade] Collect ovn services logs 2364327bd1 Run periodic jobs in experimental queue too 9d51633013 Fix intermittent failures in finding metada port in SB DB 267efd2984 OVN: Always try and create a metadata port on subnets c7ef824941 Do not check the context object in ``TestMeteringPlugin`` 5510cdab92 [ovn] OVNClient._get_router_ports: Drop unused parameter e5d4499672 [ovn] Drop use of LR OVN_GW_NETWORK_EXT_ID_KEY d67d1c2736 [ovn] Drop use of OVN_GW_PORT_EXT_ID_KEY 69f30c92ef [sqlalchemy-20] Add reader context to ``get_ports_on_host_by_subnet`` 7dfbdf65a7 Add support for localnet_learn_fdb OVN option e374b82d8f [CI][fullstack/functional] Report slowest tests 8eecccfeae [S-RBAC] Allow network owners to get ports from that network 95c19c8868 Checkout "sqlalchemy/alembic" main branch in sqlalchmey-master jobs 3de8ebebd8 Pin OVS_BRANCH to working commit a06fe7cfd9 Fix NoSuchOptError error in Ipam unit tests 5a17f2b24a Pass physical bridge informations to OVS agent extension API 33cf2cdc83 Fix ACL sync when default sg group is created 7828acaf4f [ovn] Add end to end test for QosExtension 2aee961ab6 Suppress IPv6 metadata DAD failure and delete address ade2a9f893 Mark "test_multiple_agents_for_network" as unstable fa172ab7dc rbacs: fix typo, s/cxt/ctx e6de524555 rbacs: filter out model that are already owned by context 7073410be3 Bump skip-level lower version to stable/zed 775d5de9f1 Add debug information to ``MacvtapAgentTestCase.test_get_all_devices`` 0ec04dd638 Ensure redirect-type=bridged not used for geneve networks d4654e3011 Filter out unsatisfied routers in SQL 33c4a2d97e Update url and package name 3cc28a004a Add plugin.spec to irrelevant-files b777aa57b2 Update the quota guide examples cfe38a0014 Change name of ``_TestIsSessionActive`` test case. 5c60d697c3 OVN agent: Stop registering unused options 27b3eacd3d Revert "Ensure vlan network traffic is not centralized" e4da60740b [sqlalchemy-20] Do not use strings for aatribute names in loader options 0a69dd5e3d [sqlalchemy-20] query.join should define one table/column per call 4b8e484e1d Increase port name size and type to internal 2ccf1e1e90 [OVN] OVN agent should register "Chassis_Private" by default f42f1cfa69 [sqlalchemy-20] Provide SQL "case" expression correct input paremeters 831ac3152d Fix a number of configuration typos 5b4ed5b117 Fix concurrent port binding activate 1646e5b28d Add neutron-lib project to the SQLAlchemy master branch CI jobs 0220236c63 Cleanup before executing "test_get_all_devices" 6e1dbe9781 Add oslo.db project to the SQLAlchemy master branch CI jobs 97aa84b69a Open the 2023.2 (Bobcat) DB branch c97dcfd03f doc: state that O flag can be 0 in dhcpv6-stateful 6358495720 Delete sg rule which remote is the deleted sg 04d3f889ef Fix metadata agent intermittent test failures 9704dca84e [OVN] Explicitly define the fixed IPs for the metadata port dea48cfc0a Only create a frozen Row on matching events 711fbb9820 Imported Translations from Zanata 8ea2a9c128 Fix typo in unit test 442b437a81 Change external process manager tests to clean temp files efab60c0bf Try to optimize Mysql server mem usage on some CI jobs 745497a112 [OVN] Remove "update_port_qos_with_external_ids_reference" 5c98d9e8d1 [OVS] Parse the "permitted_ethertypes" at the FW initialization bffa642b35 [OVN] Method ``get_port_qos`` should always return 2 values 008277b8c1 [OVS] Allow custom ethertype traffic in the ingress table b9567033fc [OVN] Use the BW values retrieved from ``get_port_qos`` 08eb8e2498 Use neutron-lib policy rules c8ccf2ffbb [OVN] Change oslo config options entry point for the OVN agent cf96bd8bdf ovs: fix regression when vlan mapping is not already registered d44f164f4d ovn_idl_impl: fix a logic bug in get_sg_port_groups d9358b67bd functional: set dns_domain config option after its registration 8946684fb2 Remove duplicate rows in MySQL query output 5d2086c698 Add 2023.1 release name in routed networks doc b6bc4c8a66 Add Lajos Katona to Client and Doc areas as lieutenant d4a85833a7 [sqlalchemy-20] The Session.begin.subtransactions flag is deprecated 0a214b0437 Imported Translations from Zanata 999116126e Add full support for OVN NB "Gateway_Chassis" table 4254ccd1bc Update master for stable/2023.1 8e3bddbf8b Ensure vlan network traffic is not centralized 39b65575cd Change the release tag to use the release identification 44ac03de14 Fix policy unit test deprecation warnings ebcde41fc8 [OVN] Add ``get_gateway_chassis_az_hints`` method to OVN API 2af5fd889b Add sleep before checking if ovs port is in the namespace 12093015de Add Jens Harbott as Lieutenants in Infra area 75e8360224 Reintroduce agent bridge resync test 3cf4899cf0 [OVN] Adding support for VNIC type virtio-forwarder. f3c743d090 Do not update static routes in snat-ns for dvr router with ha Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .pylintrc | 26 +- bindep.txt | 9 +- ...g-bgp-floating-ip-over-l2-segmented-network.rst | 420 +++++----- .../shared/deploy-selfservice-initialnetworks.txt | 7 + .../contributor/internals/openvswitch_agent.rst | 34 +- .../contributor/internals/openvswitch_firewall.rst | 13 + .../internals/ovn/ovn_network_logging.rst | 114 +-- .../contributor/internals/ovn/port_forwarding.rst | 110 +-- .../contributor/testing/ci_scenario_jobs.rst | 23 - .../install/compute-install-option2-ubuntu.rst | 4 +- etc/oslo-config-generator/neutron.conf | 1 + neutron/agent/common/base_agent_rpc.py | 33 + neutron/agent/common/ip_lib.py | 9 + neutron/agent/common/ovsdb_monitor.py | 12 + neutron/agent/dhcp/agent.py | 24 +- .../l2/extensions/metadata}/__init__.py | 0 .../l2/extensions/metadata/host_metadata_proxy.py | 200 +++++ neutron/agent/l3/agent.py | 7 +- neutron/agent/l3/dvr_edge_ha_router.py | 4 + neutron/agent/l3/dvr_edge_router.py | 19 +- neutron/agent/l3/dvr_local_router.py | 3 + neutron/agent/l3/router_info.py | 7 +- neutron/agent/l3_agent.py | 3 + neutron/agent/linux/dhcp.py | 120 ++- neutron/agent/linux/external_process.py | 30 +- neutron/agent/linux/interface.py | 7 +- neutron/agent/linux/ip_lib.py | 47 +- neutron/agent/linux/iptables_firewall.py | 26 +- neutron/agent/linux/iptables_manager.py | 14 +- neutron/agent/linux/keepalived.py | 12 - .../agent/linux/openvswitch_firewall/firewall.py | 67 +- neutron/agent/linux/tc_lib.py | 2 +- neutron/agent/metadata/agent.py | 12 +- neutron/agent/metadata/driver.py | 73 +- neutron/agent/metadata_agent.py | 3 + neutron/agent/ovn/agent/ovn_neutron_agent.py | 8 +- neutron/agent/ovn/agent/ovsdb.py | 9 +- neutron/agent/ovn/extensions/extension_manager.py | 7 +- neutron/agent/ovn/extensions/noop.py | 4 + neutron/agent/ovn/extensions/qos_hwol.py | 35 +- neutron/agent/ovn/metadata/agent.py | 246 +++--- neutron/agent/ovn/metadata/driver.py | 31 +- neutron/agent/ovn/metadata_agent.py | 2 + neutron/agent/ovn/ovn_neutron_agent.py | 6 +- neutron/agent/rpc.py | 3 +- .../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 1 + neutron/api/rpc/callbacks/version_manager.py | 9 +- neutron/api/rpc/handlers/securitygroups_rpc.py | 25 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 10 +- neutron/cmd/sanity/checks.py | 54 +- neutron/cmd/sanity_check.py | 25 + neutron/cmd/upgrade_checks/checks.py | 176 +++-- neutron/common/_constants.py | 10 + neutron/common/config.py | 2 +- neutron/common/metadata.py | 67 ++ neutron/common/ovn/constants.py | 28 +- neutron/common/ovn/exceptions.py | 14 +- neutron/common/ovn/extensions.py | 10 + neutron/common/ovn/hash_ring_manager.py | 9 +- neutron/common/ovn/utils.py | 432 ++++++++++- neutron/common/utils.py | 40 +- neutron/conf/agent/common.py | 11 +- neutron/conf/agent/database/agents_db.py | 21 +- neutron/conf/agent/database/agentschedulers_db.py | 9 +- neutron/conf/agent/dhcp.py | 14 +- neutron/conf/agent/l3/config.py | 29 +- neutron/conf/agent/metadata/config.py | 47 +- neutron/conf/agent/ovn/metadata/config.py | 6 +- neutron/conf/agent/ovs_conf.py | 8 +- neutron/conf/agent/ovsdb_api.py | 4 +- neutron/conf/agent/securitygroups_rpc.py | 8 +- neutron/conf/common.py | 44 +- neutron/conf/db/dvr_mac_db.py | 8 +- neutron/conf/db/l3_agentschedulers_db.py | 4 +- neutron/conf/db/l3_dvr_db.py | 2 +- neutron/conf/db/l3_extra_gws_db.py | 36 + neutron/conf/db/l3_hamode_db.py | 16 +- neutron/conf/db/l3_ndpproxy_db.py | 2 +- neutron/conf/experimental.py | 5 + neutron/conf/extensions/conntrack_helper.py | 2 +- neutron/conf/plugins/ml2/drivers/agent.py | 6 +- neutron/conf/plugins/ml2/drivers/linuxbridge.py | 16 +- .../ml2/drivers/mech_sriov/mech_sriov_conf.py | 2 +- neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py | 50 +- neutron/conf/plugins/ml2/drivers/ovs_conf.py | 20 +- neutron/conf/policies/__init__.py | 4 + neutron/conf/policies/address_group.py | 8 +- neutron/conf/policies/address_scope.py | 18 +- neutron/conf/policies/agent.py | 23 +- neutron/conf/policies/auto_allocated_topology.py | 5 +- neutron/conf/policies/availability_zone.py | 11 +- neutron/conf/policies/base.py | 64 +- .../conf/policies/default_security_group_rules.py | 91 +++ neutron/conf/policies/flavor.py | 23 +- neutron/conf/policies/floatingip.py | 49 +- neutron/conf/policies/floatingip_pools.py | 3 +- .../conf/policies/floatingip_port_forwarding.py | 25 +- neutron/conf/policies/l3_conntrack_helper.py | 17 +- neutron/conf/policies/local_ip.py | 9 +- neutron/conf/policies/local_ip_association.py | 13 +- neutron/conf/policies/logging.py | 11 +- neutron/conf/policies/metering.py | 13 +- neutron/conf/policies/ndp_proxy.py | 9 +- neutron/conf/policies/network.py | 97 ++- neutron/conf/policies/network_ip_availability.py | 3 +- neutron/conf/policies/network_segment_range.py | 48 +- neutron/conf/policies/port.py | 326 ++++---- neutron/conf/policies/port_bindings.py | 75 ++ neutron/conf/policies/qos.py | 77 +- neutron/conf/policies/quotas.py | 7 +- neutron/conf/policies/rbac.py | 21 +- neutron/conf/policies/router.py | 112 ++- neutron/conf/policies/security_group.py | 63 +- neutron/conf/policies/segment.py | 45 +- neutron/conf/policies/service_type.py | 5 +- neutron/conf/policies/subnet.py | 94 ++- neutron/conf/policies/subnetpool.py | 64 +- neutron/conf/policies/trunk.py | 51 +- neutron/conf/quota.py | 16 +- neutron/conf/service.py | 2 +- neutron/conf/services/extdns_designate_driver.py | 4 +- neutron/db/address_group_db.py | 1 + neutron/db/address_scope_db.py | 7 +- neutron/db/agents_db.py | 22 +- neutron/db/db_base_plugin_common.py | 11 +- neutron/db/db_base_plugin_v2.py | 170 +++- neutron/db/dvr_mac_db.py | 1 + neutron/db/external_net_db.py | 24 +- neutron/db/ipam_backend_mixin.py | 2 +- neutron/db/l3_agentschedulers_db.py | 4 +- neutron/db/l3_attrs_db.py | 10 +- neutron/db/l3_db.py | 102 ++- neutron/db/l3_dvr_db.py | 26 +- neutron/db/l3_dvrscheduler_db.py | 2 +- neutron/db/l3_extra_gws_db.py | 577 ++++++++++++++ neutron/db/l3_hamode_db.py | 89 ++- neutron/db/migration/__init__.py | 6 +- ...53938cdc1_update_segment_networks_constraint.py | 3 + .../0aefee21cd87_remove_dedundant_indexes.py | 65 ++ ...19773d7_create_l3harouternetwork_project_id_.py | 40 + .../2023.2/expand/6f1145bff34c_port_hints.py | 45 ++ .../expand/89c58a70ceba_ecmp_bfd_attributes.py | 39 + .../93f394357a27_remove_in_use_on_subnets.py | 42 + .../b1199a3adbef_de_duplicate_indices_for_ports.py | 54 ++ .../c33da356b165_security_group_default_rules.py | 130 ++++ .../alembic_migrations/versions/EXPAND_HEAD | 2 +- .../liberty/expand/45f955889773_quota_usage.py | 2 +- .../2b4c2465d44b_dvr_sheduling_refactoring.py | 29 +- .../mitaka/contract/4ffceebfcdc_standard_desc.py | 11 +- .../8a6d8bdae39_migrate_neutron_resources_table.py | 23 +- ...tributes_to_support_external_dns_integration.py | 15 +- ...86_add_binding_index_to_routerl3agentbinding.py | 19 +- .../7bbb25278f53_device_owner_ha_replicate_int.py | 21 +- .../7d9d8eeec6ad_rename_tenant_to_project.py | 2 +- .../8fd3918ef6f4_add_segment_host_mapping.py | 5 +- .../newton/contract/97c25b0d2353_add_name_desc.py | 25 +- .../a84ccf28f06a_migrate_dns_name_from_port.py | 21 +- .../a8b517cff8ab_add_routerport_bindings_for_ha.py | 29 +- ...12a3ef66e62_add_standardattr_to_qos_policies.py | 27 +- .../62c781cb6192_add_qos_policies_default_table.py | 1 - .../804a3c76314c_add_data_plane_status_to_port.py | 2 +- ...2437bf41_add_propagate_uplink_status_to_port.py | 2 +- ...454a9655_add_dns_publish_fixed_ip_to_subnets.py | 3 +- .../expand/86274d77933e_change_mtu_to_not_null.py | 11 +- .../Ibac91d24da2_port_forwarding_description.py | 19 +- .../expand/c3e9d13c4367_add_binding_index_to_.py | 17 +- .../fd6107509ccd_ovn_distributed_device_owner.py | 9 +- ...766_add_standard_attributes_to_address_group.py | 21 +- ...8d6f371_rbac_target_tenant_to_target_project.py | 2 +- .../expand/ba859d649675_add_indexes_to_rbacs.py | 26 +- .../I43e0b669096_port_forwarding_port_ranges.py | 27 +- neutron/db/migration/cli.py | 5 +- neutron/db/models/address_group.py | 2 +- neutron/db/models/address_scope.py | 2 +- neutron/db/models/data_plane_status.py | 2 +- neutron/db/models/dns.py | 12 +- neutron/db/models/l3_attrs.py | 6 + neutron/db/models/l3ha.py | 5 + neutron/db/models/port_hints.py | 35 + neutron/db/models/securitygroup.py | 8 +- neutron/db/models/securitygroup_default_rules.py | 47 ++ neutron/db/models/segment.py | 2 - neutron/db/models/uplink_status_propagation.py | 2 +- neutron/db/models_v2.py | 60 +- neutron/db/ovn_hash_ring_db.py | 78 +- neutron/db/ovn_revision_numbers_db.py | 18 +- neutron/db/port_hints_db.py | 53 ++ neutron/db/qos/models.py | 4 +- neutron/db/quota/models.py | 4 +- neutron/db/securitygroups_db.py | 301 ++++++-- neutron/db/securitygroups_rpc_base.py | 37 +- neutron/debug/README | 38 - neutron/debug/commands.py | 130 ---- neutron/debug/debug_agent.py | 176 ----- neutron/debug/shell.py | 92 --- neutron/exceptions/mtu.py | 28 + neutron/extensions/l3_extra_gws.py | 22 + neutron/extensions/network_ha.py | 21 + neutron/extensions/network_ip_availability.py | 6 +- neutron/extensions/port_hint_ovs_tx_steering.py | 21 + neutron/extensions/port_hints.py | 20 + .../extensions/security_groups_default_rules.py | 76 +- neutron/extensions/tagging.py | 119 ++- neutron/locale/de/LC_MESSAGES/neutron.po | 452 +---------- neutron/locale/es/LC_MESSAGES/neutron.po | 411 +--------- neutron/locale/fr/LC_MESSAGES/neutron.po | 415 +--------- neutron/locale/it/LC_MESSAGES/neutron.po | 409 +--------- neutron/locale/ja/LC_MESSAGES/neutron.po | 404 +--------- neutron/locale/ko_KR/LC_MESSAGES/neutron.po | 372 +-------- neutron/locale/pt_BR/LC_MESSAGES/neutron.po | 400 +--------- neutron/locale/ru/LC_MESSAGES/neutron.po | 401 +--------- neutron/locale/zh_CN/LC_MESSAGES/neutron.po | 348 +-------- neutron/locale/zh_TW/LC_MESSAGES/neutron.po | 352 +-------- neutron/objects/db/api.py | 18 +- neutron/objects/l3agent.py | 4 +- neutron/objects/port/extensions/port_hints.py | 53 ++ neutron/objects/port_forwarding.py | 13 +- neutron/objects/ports.py | 9 +- neutron/objects/router.py | 74 +- neutron/objects/securitygroup.py | 7 + neutron/objects/securitygroup_default_rules.py | 58 ++ neutron/objects/subnet.py | 19 + neutron/opts.py | 9 +- neutron/pecan_wsgi/hooks/policy_enforcement.py | 3 +- neutron/plugins/ml2/driver_context.py | 2 +- neutron/plugins/ml2/drivers/agent/_common_agent.py | 15 +- .../ml2/drivers/linuxbridge/agent/arp_protect.py | 4 +- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 2 +- .../drivers/mech_sriov/agent/sriov_nic_agent.py | 42 +- .../agent/extension_drivers/qos_driver.py | 156 ++-- .../openvswitch/agent/openflow/native/br_int.py | 91 ++- .../openvswitch/agent/openflow/native/br_tun.py | 16 +- .../openvswitch/agent/ovs_agent_extension_api.py | 17 +- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 18 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 104 ++- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 10 +- neutron/plugins/ml2/drivers/ovn/db_migration.py | 26 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 139 +++- .../ml2/drivers/ovn/mech_driver/ovsdb/api.py | 31 + .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 40 +- .../ovn/mech_driver/ovsdb/extensions/qos.py | 11 - .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 56 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 382 +++++++-- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 716 ++++++++++------- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 104 ++- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 174 +++-- .../ml2/extensions/port_hint_ovs_tx_steering.py | 35 + neutron/plugins/ml2/extensions/port_hints.py | 45 ++ neutron/plugins/ml2/plugin.py | 34 +- neutron/policy.py | 23 +- neutron/privileged/agent/linux/ip_lib.py | 32 +- neutron/profiling/profiled_decorator.py | 63 +- neutron/scheduler/l3_agent_scheduler.py | 17 +- neutron/scheduler/l3_ovn_scheduler.py | 23 +- neutron/server/__init__.py | 1 + neutron/service.py | 5 +- neutron/services/auto_allocate/db.py | 4 +- neutron/services/l3_router/l3_router_plugin.py | 5 +- neutron/services/logapi/common/db_api.py | 11 +- .../logapi/drivers/openvswitch/ovs_firewall_log.py | 2 +- neutron/services/logapi/drivers/ovn/driver.py | 86 +-- neutron/services/loki/loki_plugin.py | 4 +- neutron/services/network_ip_availability/plugin.py | 4 +- neutron/services/ovn_l3/plugin.py | 35 +- .../services/portforwarding/drivers/ovn/driver.py | 62 +- neutron/services/qos/qos_plugin.py | 8 +- neutron/services/revisions/revision_plugin.py | 6 +- neutron/services/segments/db.py | 37 +- neutron/services/tag/tag_plugin.py | 3 + .../trunk/drivers/openvswitch/agent/driver.py | 5 +- .../drivers/openvswitch/agent/ovsdb_handler.py | 7 +- .../drivers/openvswitch/agent/trunk_manager.py | 12 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 25 +- neutron/services/trunk/plugin.py | 7 +- .../agent/l3/test_keepalived_state_change.py | 2 +- .../functional/agent/l3/test_metadata_proxy.py | 173 ++++- .../functional/agent/linux/test_bridge_lib.py | 7 + .../functional/agent/linux/test_keepalived.py | 17 +- .../agent/ovn/agent/fake_ovn_agent_extension.py | 4 + .../agent/ovn/agent/test_ovn_neutron_agent.py | 10 +- .../agent/ovn/extensions/test_qos_hwol.py | 65 +- .../agent/ovn/metadata/test_metadata_agent.py | 230 +++--- .../debug => functional/common/ovn}/__init__.py | 0 .../test_ba859d649675_add_indexes_to_rbacs.py | 55 ++ .../test_c3e9d13c4367_add_binding_index_to_.py | 29 +- .../macvtap/agent/test_macvtap_neutron_agent.py | 25 +- .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 202 ++++- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 90 ++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 225 +++++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 86 +++ .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 90 ++- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 244 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 226 +++++- .../privileged/agent/linux/test_ip_lib.py | 78 +- .../privileged/agent/linux/test_tc_lib.py | 44 +- .../scheduler/test_l3_agent_scheduler.py | 6 + .../l3_router/test_l3_dvr_ha_router_plugin.py | 13 +- .../l3_router/test_l3_dvr_router_plugin.py | 78 +- .../services/logapi/drivers/ovn/test_driver.py | 9 +- .../functional/services/ovn_l3/test_plugin.py | 82 +- .../portforwarding/test_port_forwarding.py | 7 +- .../openvswitch/agent/test_trunk_manager.py | 8 + .../trunk/drivers/ovn/test_trunk_driver.py | 37 +- .../unit/agent/l2/extensions/metadata/__init__.py | 0 .../metadata/test_host_metadata_proxy.py | 109 +++ .../linux/openvswitch_firewall/test_firewall.py | 29 +- .../unit/agent/linux/test_external_process.py | 141 ++-- .../unit/agent/linux/test_iptables_firewall.py | 58 ++ .../unit/agent/linux/test_iptables_manager.py | 34 + .../rpc/agentnotifiers/test_dhcp_rpc_agent_api.py | 1 + .../api/rpc/handlers/test_securitygroups_rpc.py | 114 ++- .../unit/conf/policies/test_availability_zone.py | 6 - .../policies/test_default_security_group_rules.py | 133 ++++ .../policies/test_floatingip_port_forwarding.py | 347 +++++---- .../conf/policies/test_network_segment_range.py | 51 ++ .../unit/conf/policies/test_security_group.py | 110 ++- .../unit/extensions/test_availability_zone.py | 21 +- .../unit/extensions/test_data_plane_status.py | 12 +- .../unit/extensions/test_default_subnetpools.py | 8 +- .../test_expose_port_forwarding_in_fip.py | 22 +- .../extensions/test_floating_ip_port_forwarding.py | 31 +- .../unit/extensions/test_l3_conntrack_helper.py | 21 +- .../extensions/test_network_ip_availability.py | 86 ++- .../unit/extensions/test_network_segment_range.py | 36 +- .../test_security_groups_default_rules.py | 484 ++++++++++++ .../unit/extensions/test_subnet_service_types.py | 5 +- .../unit/extensions/test_subnetpool_prefix_ops.py | 4 +- .../objects/port/extensions/test_port_hints.py | 33 + .../objects/test_securitygroup_default_rules.py | 27 + .../ml2/drivers/agent/test__common_agent.py | 11 +- .../plugins/ml2/drivers/l2pop/test_mech_driver.py | 68 +- .../mech_sriov/agent/test_sriov_nic_agent.py | 30 + .../agent/extension_drivers/test_qos_driver.py | 34 +- .../agent/openflow/native/test_br_int.py | 49 +- .../agent/openflow/native/test_br_tun.py | 33 +- .../agent/test_ovs_agent_extension_api.py | 8 + .../openvswitch/agent/test_ovs_neutron_agent.py | 122 +++ .../drivers/openvswitch/agent/test_ovs_tunnel.py | 9 +- .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 24 +- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 137 +++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 439 +++++++++-- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 269 ++++--- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 57 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 132 +++- .../drivers/ovn/mech_driver/test_mech_driver.py | 854 +++++++++++++++------ .../plugins/ml2/drivers/ovn/test_db_migration.py | 32 +- .../ml2/extensions/test_dns_domain_keywords.py | 6 +- .../plugins/ml2/extensions/test_dns_integration.py | 4 +- .../test_tag_ports_during_bulk_creation.py | 22 +- .../unit/plugins/ml2/test_extension_driver_api.py | 16 +- .../unit/plugins/ml2/test_tracked_resources.py | 51 +- .../unit/privileged/agent/linux/test_ip_lib.py | 11 + .../unit/scheduler/test_l3_agent_scheduler.py | 44 +- .../unit/services/logapi/common/test_db_api.py | 7 + .../services/logapi/drivers/ovn/test_driver.py | 116 ++- .../unit/services/metering/test_metering_plugin.py | 211 +++-- .../portforwarding/drivers/ovn/test_driver.py | 80 +- .../services/revisions/test_revision_plugin.py | 13 +- plugin.spec | 2 +- ...ecurity-group-rules-added-94a9ac6cdd1c538e.yaml | 23 + ...te-support-for-Windows-OS-80e32ef7e5e05b44.yaml | 5 + ...d-distributed-FIPs-config-0b4e9a92255cf4a8.yaml | 13 + ...-require-centralized-FIPs-65864dfeb3edc9b1.yaml | 17 + ...d-gw-port-support-for-FIP-fb97b85f5928740b.yaml | 15 + ...dd-metadata-rate-limiting-bf0c17a31f86ee16.yaml | 8 + .../agent_down_time_max-af3b62763aaa2fe5.yaml | 6 + .../notes/bug-1953165-6e848ea2c0398f56.yaml | 16 + .../notes/bug-1986003-9bf5ca04f9304336.yaml | 10 + .../notes/bug-1999209-febf1fa3512556b3.yaml | 7 + .../notes/bug-2022914-edbf1ea3514596b8.yaml | 7 + ...85-trunk-parent-vlan-mode-9280ff2d45403bde.yaml | 8 + ...p-agent-ovn-metadata-port-33a654ccb9554c65.yaml | 9 + .../notes/dvr-external-mac-934409413e515eb2.yaml | 10 + ...ce-scope-and-new-defaults-1f82a9eb71125f5d.yaml | 25 + .../external-port-scheduling-a5419ac51d863087.yaml | 14 + ...deletion-router-interface-072a18373f920ed9.yaml | 6 + ...tworks_unique_per_project-4d02e963cfc8d546.yaml | 8 + ...e_neutron_server-db-check-82fc780ff9455446.yaml | 7 + .../notes/hash-ring-cleanup-1079d2375082cebe.yaml | 6 + ...ort-remote-address-groups-89da589aad3c01d3.yaml | 8 + .../notes/localnet-learn-fdb-22469280b49701fc.yaml | 23 + ...d_enabled_as_experimental-c9bfe343a0beb334.yaml | 7 + .../network_ha_extension-99578e7ee47f47db.yaml | 8 + ...owner-for-ovn-lb-hm-ports-f5a648c4d948c5c8.yaml | 9 + .../notes/new-my-ip-config-b8efeb05dd50cfd6.yaml | 9 + .../notes/new-my-ipv6-config-361b5dc824591fe5.yaml | 9 + ...ion-subnetpool-prefix-ops-9b2e4dbdcc174ede.yaml | 3 + ...uplink-status-propagation-4c232954f8b4f0ef.yaml | 7 + ...physnet-filter-agent-type-9e22942bed304807.yaml | 10 + ...eduler-only-on-gw-chassis-33c22c1f5f7a73d4.yaml | 12 + .../ovn-mcast_flood_reports-4eee20856ccfc7d7.yaml | 7 + ...vn-recreate-metadata-port-76e2c0e651267aa0.yaml | 11 + ...n-trunk-check-parent-port-eeca2eceaca9d158.yaml | 6 + ...ge-name-and-datapath-type-d2bd5b438118355f.yaml | 8 + ...tual-port-prevent-binding-50efba5521e8a28e.yaml | 10 + ...port-hint-ovs-tx-steering-277a411933ed372b.yaml | 13 + .../notes/port-hints-d465bb2fa144537c.yaml | 12 + ..._ipamallocation_leftovers-9d72cc5f616f51e4.yaml | 7 + ...sed_on_lsp_up_and_enabled-31c062fc7089f62a.yaml | 9 + .../notes/redirect-type-f29e89ca97357fe9.yaml | 24 + ...ve_duplicated_ovn_chassis-df12fb6233ea3d3e.yaml | 17 + .../remove_neutron_debug-262a139650d71183.yaml | 6 + .../resource-tags-policies-a2ffd52e57d7b4b8.yaml | 7 + ...ork_subnet_mtu_validation-c221f22efcfae927.yaml | 22 + releasenotes/source/2023.1.rst | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 59 +- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 4 +- requirements.txt | 8 +- roles/legacy_ebtables/tasks/main.yaml | 3 +- roles/nftables/tasks/main.yaml | 6 + setup.cfg | 5 +- tools/configure_for_func_testing.sh | 7 +- .../infrared/tripleo-ovn-migration/README.rst | 6 +- .../infrared/tripleo-ovn-migration/main.yml | 2 +- .../tripleo_environment/ovn_migration.sh | 4 +- .../playbooks/roles/recovery-backup/tasks/main.yml | 1 + tox.ini | 20 +- zuul.d/base.yaml | 98 +-- zuul.d/grenade.yaml | 27 +- zuul.d/job-templates.yaml | 106 +-- zuul.d/project.yaml | 11 +- zuul.d/rally.yaml | 14 +- zuul.d/tempest-multinode.yaml | 89 +-- zuul.d/tempest-singlenode.yaml | 275 +------ 575 files changed, 21057 insertions(+), 12947 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2b2d62fbb9..340d8b9d81 100644 --- a/requirements.txt +++ b/requirements.txt @@ -23 +23 @@ netifaces>=0.10.4 # MIT -neutron-lib>=3.4.0 # Apache-2.0 +neutron-lib>=3.8.1 # Apache-2.0 @@ -37 +37 @@ oslo.i18n>=3.20.0 # Apache-2.0 -oslo.log>=4.5.0 # Apache-2.0 +oslo.log>=5.3.0 # Apache-2.0 @@ -47 +47 @@ oslo.upgradecheck>=1.3.0 # Apache-2.0 -oslo.utils>=4.8.0 # Apache-2.0 +oslo.utils>=6.2.0 # Apache-2.0 @@ -53 +53 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=1.16.0 # Apache-2.0 +ovsdbapp>=2.2.1 # Apache-2.0