We are satisfied to announce the release of: neutron 20.3.0: OpenStack Networking This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 20.3.0 ^^^^^^ New Features ************ * Address scope is now added to all OVN LSP port registers in the northbound. Northd then writes the address scope from the northbound to the southbound so it can be used there by the ovn-bgp-agent. * After the port is considered as provisioned, the Nova port binding update could have not been received, leaving the port as not bound. Now the port provisioning method has an active wait that will retry several times, waiting for the port binding update. If received, the port status will be set as active if the admin state flag is set. * Core OVN now can set the destination host on the logical switch port during a live migration. That allows to prepare the destination host earlier, achieving a quicker live migration and a lower downtime during the switch between hosts. Neutron includes this information in the port options. * A new script to remove the duplicated port bindings was added. This script will list all "ml2_port_bindings" records in the database, finding those ones with the same port ID. Then the script removes those ones with status=INACTIVE. This script is useful to remove those leftovers that remain in the database after a failed live migration. It is important to remark that this script should not be executed during any live migration process. * Add "use_random_fully" setting to allow an operator to disable the iptables random-fully property on an iptable rules. Known Issues ************ * Until the OVN bug (https://bugzilla.redhat.com/show_bug.cgi?id=2162756) is fixed, setting the "reside-on-redirect-chassis" to true for the logical router port associated to vlan provider network is needed. This workaround makes the traffic centrallized, but not tunneled, through the node with the gateway port, thus avoiding MTU issues. * If the "use_random_fully" setting is disabled, it will prevent random fully from being used and if there're 2 guests in different networks using the same source_ip and source_port and they try to reach the same dest_ip and dest_port, packets might be dropped in the kernel do to the racy tuple generation . Disabling this setting should only be done if source_port is really important such as in network firewall ACLs and that the source_ip are never repeating within the platform. Upgrade Notes ************* * The default value for the "metadata_workers" configuration option has changed to 0 for the ML2/OVN driver. Since [OVN] Allow to execute "MetadataProxyHandler" in a local thread (https://review.opendev.org/c/openstack/neutron/+/861649), the OVN metadata proxy handler can be spawned in the same process of the OVN metadata agent, in a local thread. That reduces the number of OVN SB database connections to one. Bug Fixes ********* * [bug 2003455 (https://bugs.launchpad.net/neutron/+bug/2003455)] It is added an extra checking to ensure the "reside-on-redirect- chassis" is set to true for the logical router port associated to vlan provider network despite having the "ovn_distributed_floating_ip" enabled or not. This is needed as there is an OVN bug (https://bugzilla.redhat.com/show_bug.cgi?id=2162756) making it not work as expected. Until that is fixed, we need these workaround that makes the traffic centrallized, but not tunneled, through the node with the gateway port, thus avoiding MTU issues. * Normalise OVN agent heartbeat timestamp format to match other agent types. This fixes parsing of "GET /v2.0/agents" for some clients, such as gophercloud. * Fixes an issue in the ML2/OVN driver where the network segment tag was not being updated in the OVN Northbound database. For more information, see bug 1944708 (https://bugs.launchpad.net/neutron/+bug/1944708). * Neutron can record full connection using log-related feature introduced in OVN 21.12. For more info see *bug LP#<https://bugs.launchpad.net/neutron/+bug/2003706>* Other Notes *********** * The OVN migration performs validation by default. This validation means an instance is spawned and is tested by simple ping after the migration is finished. Also it tries to create new workload post migration. This is useful for very simple scenarios when migration is tested but is not really useful in production since likely the production envrionments already have running workloads. It makes more sense to require the validation explicitly rather than implicitly run it as the migration is mostly intended for production. The VALIDATE_MIGRATION now defaults to False and needs to be changed to True if validation upon request. * Since OVN 20.06, the "Chassis" register configuration is stored in the "other_config" field and replicated into "external_ids". This replication is stopped in OVN 22.09. The ML2/OVN plugin tries to retrieve the "Chassis" configuration from the "other_config" field first; if this field does not exist (in OVN versions before 20.06), the plugin will use "external_ids" field instead. Neutron will be compatible with the different OVN versions (with and without "other_config" field). Changes in neutron 20.2.0..20.3.0 --------------------------------- b1da5a11e3 Reintroduce agent bridge resync test f5815bcca5 Make retrieval of port mac column safe 334f7733f5 [OVN] Ensure traffic for provider vlan networks is not tunneled 1f9f77e4a2 Prevent router_ha_interface port from being removed via API 61ff4a1cc1 Apply Ironic's server-ip-address as TFTP next-server 1d611f4a7e Normalise format of OVN agent heartbeat timestamp 9ee1cae86a Add missing osprofiler options 71a47b6b89 Format correctly (dialect=mac_unix_expanded) the MAC addresses 6f0da8a5be ovn migration: Turn validations off by default b221325593 Enable qos extension_driver in ovn_db_sync 9df4a7e398 Do not ignore attributes in bulk port create ff9d2fc33b [OVN] Bump the port revision number in trunk driver 86e2aa859d [OVN] Add missing LSP device_owner info in trunk driver 7dcf8be112 Improve scheduling L3/DHCP agents, missing lower binding indexes aaafcbef33 Fix deprecation warnings in pkg_resources 54501e7a24 Fullstack: Wait placement process fixtrue to really stop 8e6c18916e Filter subnets by "enable_dhcp" flag using the correct type a70cfffef3 [OVN] Allow logging all traffic related to an ACL 6ef9d235d2 Use common wait_until_ha_router_has_state method everywhere 5cb3428d77 Never raise an exception in notify() 254d3d0e5c [Trunk] Update the trunk status with the parent status b0081ea6db Increase fullstack job's timeout 1d9ce04068 Improve agent provision performance for large networks 2a2fda29c9 [OVN][FT] Also update nb_cfg along with nb_cfg_timestamp 97e86e51ae Allow multiple IPv6 ports on router from same network ml2/ovs+dvr 2bf242a375 [OVN] Fix availability zones changes check 0e18664513 Limit tox version to <4 2acac47647 [Fullstack] Wait 10 seconds to ensure that MAC address is configured 0d3fe4f7a2 Fix handling the restart of ovn-controllers 2ed8fa5037 Fix bulk create without mac 52f47c0945 Add address scope to the OVN LSP port registers 821970b716 [stable-only] Load config options importing ``common_config`` 951e2c74ae Check if port exists in ``update_port_virtual_type`` method 7672b0e76a Dont raise RouterInterfaceNotFound on overlap check router ports aeed2f44a2 Set bigger swap in the functional and fullstack jobs 4eba379801 Fix behaviour of enable/disable in OVN network log 0e427ecc49 Fix duplicated routes exceptions 8a4c62d094 Since OVN 20.06, config is stored in "Chassis.other_config" 0d0e6cd47b ovn: Use ovsdb-client to create neutron_pg_drop 44ec1f1503 Avoid register config options on imports e62c81a570 ovn: first tear down old metadata namespaces, then deploy new de89581ace Mark functional L3ha tests as unstable 32fde52371 OVN: Add support for DHCP option "domain-search" for IPv4 3874a1ed9a Always create a "router_extra_attributes" register per router 2032397cf8 Check subnet overlapping after add router interface 9a8301796b [stable-only] Add "tempest-integrated-networking" job to experimental 2649d05dca Update the Ethernet card information 1d34760ae5 Allow shared net to be added on router b7daf9b199 Update documentation link for openSUSE index. ec234e64cd Port provisioning should retry only for VM ports 56841381ef [OVN] Set the default OVN metadata worker number to 0 8eaea0ac1f update the nova host aggregates links 0889dda990 Disable in-band management for bridges before setting up controllers dd7fc47684 [OVN] Avoid deadlock when cleaning hash ring nodes 3867f3c872 [L3HA] Don't update HA router's ports if router isn't active on agents de561baf79 Execute "IpMonitorTestCase" tests always inside a namespace 89eb9e4071 Split Hash Ring probing from the maintenance task c8409a33d9 [OVN] Allow to execute ``MetadataProxyHandler`` in a local thread bf1e9e417c Allow to pass EUI64 IP address as fixed ip for the port 4c842e8eb4 Fix ipam_pluggable_backend unit tests module d2f3499c74 Accept a port deletion with missing port binding information 9db730764c [stable-only] Add writer DB context to "add_provisioning_component" 3d307ef8f8 Script to remove duplicated port bindings e2aa1330c6 fix: Fix url of Floodlight 5ccd08647d Migration revert plan f15a0b66a9 Use "OVNMechDriver" instance in "TestOvn[Nb|Sb]IdlNotifyHandler" ec9eabf8dd Handle several dhcp agents for metadata over ipv6 7721c6982b [OVN] Rate limit the "Disallow caching" log from hash ring fd7fb0e9d8 Do not allow a tenant to create a default SG for another one 15150ed9c7 Fix indentation issue in wait_for_change override f2ec37385d Revert "[OVN] Set NB/SB "connection" inactivity probe" e60184b483 Retry connections to Nova 2d2d650a20 Add an active wait during the port provisioning event 3d036d59fe [ovn] Specify port type if it's a router port when updating edc26807dd Bump revision number of objects when description is changed fa77abbc15 Allow operator to disable usage of random-fully 0cccea36ff [OVN] Remove ACLs with remote SG during deletion of SG 1fda7ab887 Check the Chassis_Private nb_cfg_timestamp with current value 602c1025cd [OVN] Remove session check in ``update_network_postcommit`` de9e632e14 ovn: Don't fail db sync if new IP allocation fails for metadata 601b01f82b [OVN] Try to bind ports only to the ovn-controller agents 722301d93e Mellanox_eth.img url expires, remove the mellanox_eth.img node c11103a9f1 [OVN] Fix updating network segmentation ID ef3729e5a2 remove unused updated_at parameter for AgentCache.update 4303039e50 [ovn]neutron agent show real heartbeat_timestamp 4c93b29471 Clean up db residual record from dvr port 08a2268624 [ovn]Change LogicalSwitchPortUpdateUpEvent old conditions 363f0a972e Add workaround for eventlet.greendns bug c6eaa8276e Port update will trigger less notifications to the DHCP agents ca96555e81 Implement specific tracked resource count method per quota driver 81809eac06 Test: mock out _check_netfilter_for_bridges in unit tests 16ca8df84d Add release note for OVN "requested-chassis" feature df4f010754 ovn: use requested-chassis list format for live migration 7cf7ae0565 Partially revert "Do not link up HA router gateway in backup node" Diffstat (except docs and test files) ------------------------------------- .../contributor/internals/live_migration.rst | 21 ++ etc/oslo-config-generator/neutron.conf | 1 + neutron/agent/common/async_process.py | 4 + neutron/agent/common/ovs_lib.py | 19 +- neutron/agent/common/utils.py | 54 +++- neutron/agent/dhcp/agent.py | 2 +- neutron/agent/l3/dvr_edge_ha_router.py | 4 +- neutron/agent/l3/ha.py | 9 - neutron/agent/l3/ha_router.py | 32 +- neutron/agent/l3/router_info.py | 20 +- neutron/agent/linux/interface.py | 34 +- neutron/agent/linux/iptables_manager.py | 4 + neutron/agent/linux/keepalived.py | 5 + neutron/agent/ovn/metadata/agent.py | 241 ++++++++------ neutron/agent/ovn/metadata/ovsdb.py | 11 +- neutron/agent/ovn/metadata/server.py | 14 +- neutron/agent/ovn/metadata_agent.py | 2 + .../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 27 +- neutron/api/rpc/handlers/l3_rpc.py | 17 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 4 + neutron/cmd/remove_duplicated_port_bindings.py | 70 +++++ neutron/common/_constants.py | 3 + neutron/common/config.py | 3 + neutron/common/ovn/constants.py | 9 +- neutron/common/ovn/hash_ring_manager.py | 15 +- neutron/common/ovn/utils.py | 160 ++++++++-- neutron/conf/agent/common.py | 3 + neutron/conf/common.py | 13 + neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py | 6 +- neutron/db/availability_zone/router.py | 3 +- neutron/db/ipam_pluggable_backend.py | 14 +- neutron/db/l3_agentschedulers_db.py | 4 +- neutron/db/l3_attrs_db.py | 18 +- neutron/db/l3_db.py | 150 ++++++--- neutron/db/l3_dvr_db.py | 7 +- neutron/db/l3_dvrscheduler_db.py | 15 +- neutron/db/l3_hamode_db.py | 10 +- neutron/db/models/l3agent.py | 8 +- neutron/db/network_dhcp_agent_binding/models.py | 9 +- neutron/db/provisioning_blocks.py | 1 + neutron/db/quota/driver.py | 11 +- neutron/db/quota/driver_nolock.py | 4 + neutron/db/securitygroups_db.py | 4 + neutron/extensions/quotasv2.py | 4 +- neutron/notifiers/nova.py | 12 + neutron/objects/l3agent.py | 3 +- neutron/objects/ports.py | 8 + neutron/objects/router.py | 12 + neutron/plugins/ml2/db.py | 18 ++ .../agent/openflow/native/ovs_bridge.py | 34 +- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 76 ++--- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 194 +++++------- .../ml2/drivers/ovn/mech_driver/ovsdb/api.py | 13 +- .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 9 +- .../ovn/mech_driver/ovsdb/extensions/placement.py | 3 +- .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 21 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 79 ++++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 151 ++++++--- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 11 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 174 ++++------- neutron/plugins/ml2/plugin.py | 243 +++++++++------ neutron/quota/resource.py | 4 +- neutron/scheduler/base_scheduler.py | 46 ++- neutron/scheduler/dhcp_agent_scheduler.py | 6 +- neutron/scheduler/l3_agent_scheduler.py | 5 +- neutron/services/logapi/drivers/ovn/driver.py | 90 +++++- neutron/services/revisions/revision_plugin.py | 33 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 41 ++- neutron/services/trunk/plugin.py | 10 +- .../agent/ovn/metadata/test_metadata_agent.py | 52 +-- .../mech_driver/ovsdb/extensions/test_placement.py | 10 +- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 12 +- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 16 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 100 +++++- .../drivers/ovn/mech_driver/test_mech_driver.py | 289 ++++++++++------- .../services/logapi/drivers/ovn/test_driver.py | 66 ++++ .../functional/services/ovn_l3/test_plugin.py | 11 +- .../trunk/drivers/ovn/test_trunk_driver.py | 21 +- .../linux/openvswitch_firewall/test_iptables.py | 16 +- .../rpc/agentnotifiers/test_dhcp_rpc_agent_api.py | 40 ++- .../unit/common/ovn/test_hash_ring_manager.py | 11 +- .../agent/openflow/native/ovs_bridge_test_base.py | 7 +- .../openvswitch/agent/test_ovs_neutron_agent.py | 5 +- .../ml2/drivers/ovn/agent/test_neutron_agent.py | 19 +- .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 2 + .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 13 +- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 2 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 85 ++++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 2 + .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 150 +++++---- .../drivers/ovn/mech_driver/test_mech_driver.py | 290 +++++++++++------ .../services/logapi/drivers/ovn/test_driver.py | 5 +- .../services/revisions/test_revision_plugin.py | 16 + .../trunk/drivers/ovn/test_trunk_driver.py | 12 +- playbooks/configure_functional_job.yaml | 4 +- playbooks/run_functional_job.yaml | 4 +- ...he-OVN-LSP-port-registers-1f45e34815c3896d.yaml | 6 + ...d-port-provisioning-retry-8edf16a258b164a0.yaml | 8 + .../notes/bug-2003455-b502cc637427560e.yaml | 19 ++ ...ange-migration-validation-b030b02c5e1acd3d.yaml | 12 + ...eartbeat-timestamp-format-dcf80badbe267c68.yaml | 6 + .../ovn-chassis-other-config-7db15b9d10bf7f04.yaml | 10 + .../ovn-metadata-workers-fa8a2019f34bd572.yaml | 9 + ...ed-chassis-live-migration-7d5d9d68a5d5a86c.yaml | 8 + .../notes/ovn-update-vlan-id-749d8f17999243f5.yaml | 7 + ...-duplicated-port-bindings-83b58060f3adb403.yaml | 10 + ...l-log-related-traffic-ovn-96b304ab744de13e.yaml | 6 + .../notes/use_random_fully-527b20bc524c308a.yaml | 15 + setup.cfg | 1 + .../tripleo_environment/ovn_migration.sh | 37 ++- .../playbooks/ovn-migration.yml | 17 + .../tripleo_environment/playbooks/revert.yml | 4 + .../roles/recovery-backup/defaults/main.yml | 12 + .../playbooks/roles/recovery-backup/tasks/main.yml | 68 ++++ .../playbooks/roles/revert/tasks/main.yml | 29 ++ tox.ini | 43 +-- zuul.d/base.yaml | 4 +- zuul.d/job-templates.yaml | 36 +++ 159 files changed, 4260 insertions(+), 1509 deletions(-)