We are satisfied to announce the release of: neutron 20.3.1: OpenStack Networking This release is part of the yoga stable release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 20.3.1 ^^^^^^ Known Issues ************ * The high availability of metadata service on isolated networks is limited or non-existent. IPv4 metadata is redundant when the DHCP agent managing it is redundant, but recovery is tied to the renewal of the DHCP lease, making most recoveries very slow. IPv6 metadata is not redundant at all as the IPv6 metadata address can only be configured in a single place at a time as it is link-local. Multiple agents trying to configure it will generate an IPv6 duplicate address detection failure. Administrators may observe the IPv6 metadata address in "dadfailed" state in the DHCP namespace for this reason, which is only an indication it is not highly available. Until a redesign is made to the isolated metadata service there is not a better deployment option. See bug 1953165 (https://bugs.launchpad.net/neutron/+bug/1953165) for information. * The *redirect-type=bridged* option is only used if all the tenant networks connected to the router are of type VLAN or FLAT. In this case their traffic will be distributed. However, if there is a mix of VLAN/FLAT and geneve networks connected to the same router, the redirect-type option is not set, and therefore the traffic for the VLAN/FLAT networks will also be centralized but not tunneled. Bug Fixes ********* * 1986003 (https://bugs.launchpad.net/neutron/+bug/1986003) Fixed an issue with concurrent requests to activate the same port binding where one of the requests returned a 500 Internal Server Error. With the fix one request will return successfully and the other will return a 409 Conflict (Binding already active). This fixes errors in nova live-migrations where those concurrent requests might be sent. Nova handles the 409/Conflict response gracefully. * Fix an issue in the OVN driver where network metadata could become unavailable if the metadata port was ever deleted, even if accidental. To re-create the port, a user can now disable, then enable, DHCP for one of the subnets associated with the network using the Neutron API. This will try and create the port, similar to what happens in the DHCP agent for ML2/OVS. For more information, see bug 2015377 (https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/2015377). * [bug 2003455 (https://bugs.launchpad.net/neutron/+bug/2003455)] As part of a previous commit (https://review.opendev.org/c/openstack/neutron/+/875644) the *redirect-type=bridged* option was set in all the router gateway ports (cr-lrp ovn ports). However this was breaking the N/S traffic for geneve tenant networks connected to the provider networks through those routers with the redirect-type option enabled. To fix this we ensure that the redirect-type option is only set if all the networks connected to the router are of VLAN or FLAT type, otherwise we fall back to the default option. This also means that if there is a mix of VLAN and geneve tenant networks connected to the same router, the VLAN traffic will be centralized (but not tunneled). If the traffic for the VLAN/FLAT needs to be distributed, then it should use a different router. Changes in neutron 20.3.0..20.3.1 --------------------------------- b37a2f80ee Start metadata proxy even if IPv6 DAD fails 1a66962ee3 Change RBAC relationship loading method to "joined" 8d30f9223a Revert "Delete sg rule which remote is the deleted sg" bbbafe1681 [ovn] Avoid unwanted ACL_NOT_FOUND error when deleting log objects 508d8328aa Use explicit inner join for networks in port query 99b712b397 [stable-only][ovn] Fix ovsdbapp db_set command for stable branches f1db48afc1 Fix not working use_random_fully config option 46aefebd5d [OVN] Update ovn meter when neutron server reloads c3c056950d Delete sg rule which remote is the deleted sg defb6018f3 Suppress IPv6 metadata DAD failure and delete address 995c465539 Avoid retrieving ports if network list is empty c3fb31b574 Replace context decorators with context managers 9e088512b4 Honor debug mode in keepalived-state-change script logs b3dc3ffa63 Change flag check order in wait_until_address_ready() 47b9511ec5 OVN: Always try and create a metadata port on subnets c246913b2f Ensure redirect-type=bridged not used for geneve networks 347486fb51 Fix concurrent port binding activate 85321a61d3 Revert "Ensure vlan network traffic is not centralized" 9150206a07 [OVN] Explicitly define the fixed IPs for the metadata port fec0286e26 Fix default value for MTUs, when not provided 8c7f3b61f7 [OVS] Allow custom ethertype traffic in the ingress table 833260b04d Delete the PB level registers when deleting the duplicated PB 0152a6087f Only create a frozen Row on matching events f83a97dea2 Ensure vlan network traffic is not centralized 4529b5b230 Rename setup-mtu-t1 argument because it is misleading Diffstat (except docs and test files) ------------------------------------- neutron/agent/l3/keepalived_state_change.py | 1 - neutron/agent/linux/dhcp.py | 3 +- neutron/agent/linux/ip_lib.py | 19 ++- neutron/agent/linux/iptables_manager.py | 7 +- .../agent/linux/openvswitch_firewall/firewall.py | 19 +++ neutron/agent/metadata/driver.py | 41 ++++- neutron/cmd/remove_duplicated_port_bindings.py | 15 +- neutron/common/_constants.py | 3 + neutron/common/ovn/constants.py | 2 + neutron/conf/agent/database/agentschedulers_db.py | 4 +- neutron/db/db_base_plugin_v2.py | 13 +- neutron/db/models/address_group.py | 2 +- neutron/db/models/address_scope.py | 2 +- neutron/db/models/securitygroup.py | 2 +- neutron/db/models_v2.py | 6 +- neutron/db/qos/models.py | 2 +- neutron/objects/db/api.py | 17 +- neutron/objects/ports.py | 16 +- .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 34 ++++ .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 8 + .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 86 +++++++++- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 185 +++++++++++++++++---- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 2 +- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 3 +- neutron/plugins/ml2/plugin.py | 8 + neutron/services/logapi/drivers/ovn/driver.py | 54 +----- neutron/services/qos/qos_plugin.py | 4 +- .../agent/l3/test_keepalived_state_change.py | 4 +- .../ovn/mech_driver/ovsdb/test_maintenance.py | 40 +++++ .../ovn/mech_driver/ovsdb/test_ovn_client.py | 68 ++++++++ .../drivers/ovn/mech_driver/test_mech_driver.py | 44 ++++- .../linux/openvswitch_firewall/test_firewall.py | 22 +++ .../unit/agent/linux/test_iptables_manager.py | 34 ++++ .../ovn/mech_driver/ovsdb/test_maintenance.py | 69 +++++++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 61 +++++++ .../drivers/ovn/mech_driver/test_mech_driver.py | 65 ++++++-- .../services/logapi/drivers/ovn/test_driver.py | 75 ++------- .../notes/bug-1953165-6e848ea2c0398f56.yaml | 16 ++ .../notes/bug-1986003-9bf5ca04f9304336.yaml | 10 ++ ...vn-recreate-metadata-port-76e2c0e651267aa0.yaml | 11 ++ .../notes/redirect-type-f29e89ca97357fe9.yaml | 24 +++ .../infrared/tripleo-ovn-migration/main.yml | 4 +- .../tripleo_environment/ovn_migration.sh | 14 +- 58 files changed, 1095 insertions(+), 229 deletions(-)