We are excited to announce the release of: neutron 23.1.0: OpenStack Networking This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/neutron Download the package from: https://tarballs.openstack.org/neutron/ Please report issues through: https://bugs.launchpad.net/neutron/+bugs For more details, please see below. 23.1.0 ^^^^^^ Bug Fixes * Fixed the scenario where the DHCP agent is deployed in conjunction with the OVN metadata agent in order to serve metadata for baremetal nodes. In this scenario, the DHCP agent would not set the route needed for the OVN metadata agent service resulting in baremetal nodes not being able to query the metadata service. For more information see bug 1982569 (https://bugs.launchpad.net/neutron/+bug/1982569). * During the port bulk creation, if an IPAM allocation fails (for example, if the IP address is outside of the subnet CIDR), the other IPAM allocations already created are deleted before raising the exception. Fixes bug 2039550 (https://launchpad.net/bugs/2039550). Changes in neutron 23.0.0.0b1..23.1.0 ------------------------------------- c03d76a41d Ensure ovn loadbalancer FIPs are centralized upon neutron restarts 80b50732e9 [Fullstack] Drop all linuxbridge scenarios from fullstack tests 15814a4623 [Stable Only] Fix parent for nftables job 6a33b2d5c5 Restore the tempest nftables jobs in experimental and periodic queues 2ecb7084fe [DHCP agent] Add route to OVN metadata port if exists 54122203f4 [FT] Clear the idl lock in TestMaintenance tests 28d69eaef4 [stable/2023.2 only] Drop -master jobs c6f5ea61c8 [2023.2 Only] Switch to 2023.2 neutron-tempest-plugin jobs f797f8bc2e Add dhcpagentscheduler API extension to the ML2/OVN extensions 5485a19356 "ebtables-nft" MAC rule deletion failing 59e3b22d14 Remove any IPAM allocation if port bulk creation fails aaa8f18d11 Parameter filters may be None, which cannot be called with ** de121943ee Fix the ``log.setup`` method call with "fix_eventlet=False" 4266dce979 Add "jammy" distribution release to the legacy ebtables installation 61f94ab449 [OVN] Add the default condition check in ``PortBindingChassisEvent`` 04e9b063ad [OVN] Match LSP_TYPE_VIRTUAL in PortBindingUpdateVirtualPortsEvent d28bcf0fe1 Revert "[OVN][Trunk] Add port binding info on subport when parent is bound" f1638bb6d1 Use safer methods to get security groups on security group logging 05aed84c2a Update TOX_CONSTRAINTS_FILE for stable/2023.2 74bca8052a Update .gitreview for stable/2023.2 0ca6953194 Fix wrong indentation in release note b2ceb8b854 Add release note with known issue with FIP PFs and vlan tenant networks 8cba9a2ee8 Call the "tc qdisc" command for ingress qdisc without parent 34e441e06c Revert "[OVN][Trunk] Set the subports correct host during live migration" c930196dd8 [CI] Bump OVS_BRANCH in ovs/ovn source deploy jobs f7489abaf8 [UT] Adjust autogen_process_directives for alembic-1.12.0+ a3a113aedb [OVN] Fix rate and burst for stateless security groups b250b85770 [UT] Reduce the binding retry loop in ``L3HATestFramework`` c6b6ecc751 Drop release notes for l3-ext-gw-multihoming and adjacent features 5c2f54ca03 Default SG rules template - Update related docs and add release note a4c8392209 Default SG rules - use new rules templates to create rules for SGs 78bc33d300 [Fullstack] Use new DB for each running test 7f777c223e [OVN] Cleanup old Hash Ring node entries d9eb04478e [FT] Make explicit the "publish" call check in "test_port_forwarding" fa130f29f7 Update QoS config document: use YAML config examples 0545f40a04 [OVN] Add the 'uplink-status-propagation' extension to ML2/OVN a3b00768d6 Check the device ID and host ID during virtual port binding 0e5c91c499 Add some more known issues to the OVN gap document e6fb32e27d Fix race condition when creating two routers without HA network 4109ee9bb4 Use the new network HA parameter aad82233eb Prevent internal IP change for floating IP 87b2f34a98 Fix ovn-metadata agent sync of unused namespaces 7ed79c1f78 [OVN][Trunk] Set the subports correct host during live migration e1f887ca9f [OVN] Skip the port status UP update during a live migration 7848eb0bf9 Add "openstack-tox-py310-with-sqlalchemy-master" to check queue 24a645d1d7 Fix bindep for Debian bookworm 72b5120ac2 Remove local CI job "tox-py311" superseded by "openstack-tox-py311" 06dbc5227b [OVN] Disable the mcast_flood_reports option for LSPs 4295598261 Use SQLAlchemy expression "select" 85d3fff97e Use HasStandardAttributes as parent class for Tags DB model 49fcd2f515 Force DB migration script to be run before some fullstack tests 43b4c9ebc5 [sqlalchemy-20] TableClause.insert constructs Insert object 3044b938b9 [OVN] Retry retrieving LSP hosting information afcce6d749 Initialize logger for rpc-server and wsgi script 4693836a1b [OVN] ovn-db-sync check for router port differences 395dd237d1 Fix missing oslo.versionedobjects library option 6fef1e6525 Add max limit to agent_down_time 0741a0d5a5 Add NET_OWNER_MEMBER and NET_OWNER_READER policy rules 5b7031841e Create is_ovn_metadata_port() method a505ff7dbb hash-ring: Retry all DB operations if inactive 14b2f4f60f [UT] Create network to make lazy loading in the models_v2 possible 4757b46646 Fix some new pylint "W" warnings 9e8e3a7867 [OVN] Hash Ring: Better handle Neutron worker failures 019d3421f2 Update Cirros to 0.6.2 ba6f7bf83e dvr: Avoid installing non-dvr openflow rule on startup 89702218db Add extra router attributes for ECMP and BFD 6c513217c2 ovs-agent: React to DB down just like to server down 36db70a718 Add sanity check for dnsmasq 2.86 321182980d Follow up on a small nit from patch 875989 [1] 96fd203a14 For hosts in DVR mode, only fetch bound FIPs 5db57734aa Initialize config in DietTestCase class 929b383743 Fix some new pylint "R" warnings aeb8036393 [sqlalchemy-20] Replace Query.get() with Session.get() c831771053 [PostgreSQL] Subnet entity with ServiceType grouped by both tables cc38cb0cee [sqlalchemy-20] Use the correct OVO field type c94fb2bb88 [sqlalchemy-20] Define one DB model per "FromClause.join" clause a9c8bf5c06 [neutron-api] remove leader_only for sb connection 32121ee638 Add unit tests periodic jobs to the experimental queue b2f1cc724a Add "openstack-tox-py310-with-sqlalchemy-master" CI job 49b68d36a0 [Docs] Add recommendation about usage of cache in the neutron-metadata-agent 67be07fd5b Add new DEFAULT option named "my_ipv6" e41fae522b Default SG api rules template - DB and OVO models 670675dd17 [sqlalchemy-20] Network "repr" should be tested with any order 02b12b0917 Refactor for ovs qos driver meter limit features 65bbbcee76 Set result when lswitch port exist 26a2266cf4 [FT] Move ``BaseOVSTestCase`` class to concurrency 1 executor 80ad28e696 Define the port "fixed_ips" in the creation call 68ecae5ff9 [OVN] Prevent binding a virtual type port b4eb5d71ab Drop redundant index on ports table 42ae944870 Switch fullstack/functional fips jobs to 9-stream f2dd2d3cac doc: fix typo in metering-agent.rst 4a71a7f82f Remove unused method from OVN L3 plugin 833a6d82cd [OVN] Prevent Trunk creation/deletion with parent port bound 28926957d6 [OVN] Expose chassis hosting information in LSP b92d133de6 [OVN] Read the necessary configuration options in the OVN agent load c8c74f12e0 Load FIP information during initialize not init 0090572b93 Ensure traffic is not centralized if DVR is enabled 024704625a Add missing port_binding policies 39e167ab27 Add neutron-tempest-plugin-linuxbridge job to the periodic queue 4a97429e7f [OVN] Improve ovn_l3/plugin.py exception logging add2a6eb8c [ovn][ipv6] Add some more tests to skiplist b084213382 Add more debugging to common agent code 8cd949fc9b Increase timeout in test_get_all_devices() 22ace8a752 [OVS] Check the datapath ID set by the creation method 6632420675 Revert "Use ``TextClause`` to define the DB model "server_default"" 7b85f9c244 [OVN][L3] Optimize FIP update operation 32d589f03e Don't allow deletion of the router ports without IP addresses 576c468b71 Disable pool recycle in tests 67a0b07287 Delete sg rule which remote is the deleted sg a174467639 Explicitly define the subnet creating a new port 08fe84f443 [sqlalchemy-20] Remove redundant indexes from some tables 126d54badc Fix some new pylint "E" warnings dfe29e6760 Delete network namespace on last port deletion 9d9f47c20c [OVN] Remove SB "Chassis"/"Chassis_Private" duplicated registers 8887cdf5d3 Imported Translations from Zanata 955e621167 [OVN][Trunk] Add port binding info on subport when parent is bound f2e3ab3805 [OVN] Hash Ring: Set nodes as offline upon exit 6e3525188f [S-RBAC] Fix policies for CUD subnets APIs ec4bfb91f0 [qos] _validate_create_network_callback return in no network 593278550a Functional: assert multiple calls for update_virtual_port_host 0c66dfaed8 [OVN] The all() and count() methods should be inside a DB txn 8b0c7d2c8d Return back the test_dvr_ha_router_interface_mtu_update test case 57e860ca19 Return back the test_dvr_router_interface_mtu_update test case afa20faec3 [OVN] Improve Hash Ring logs 0c09dbdb2a Subnet now inherit the sRBAC perm. from the parent resource Network 9ca0e34a5e Delete the "Chassis_Private" register when deleting an agent 5e0c102830 Send ovn heatbeat more often. 15fb672641 dhcp/agent: add more detail to a todo note regarding call_driver a9323f0325 dhcp/agent: fix 'get_metadata_bind_interface' driver call 050536c66e Stop the RPC connections when the agent exits ce12b6ac19 Do not query neutron-rpc for sg rules upon sg deletion 1f5f8965c3 gate: bump ovn to the latest LTS release (22.03) 2a8c7ff4f0 [ovn][ipv6] Skip test_update_router_admin_state f9be5d886d Fix 'consider-using-with' warning f070ba6f9d Revert "[OVN] Remove backwards compatibility with OVN < v20.09" e8cd39b3d7 Make DB migration creating indexes in RBACs conditional 61b358b6b5 [S-RBAC] Add API policies for get and activate port bindings b6ce722324 Raise the timeout of "neutron-ovn-rally-task" to 9000 e9da29d16c Change RBAC relationship loading method to "joined" 37dda9bc69 Move ``determine_bind_host`` to ``ovn.utils`` ac24dbed1c Implement ``get_port_type_virtual_and_parents`` method a22b1dedc2 Implement ``get_subnets_address_scopes`` method 9f6f6d5082 Return 409 Conflict to tenant user deleting port attached to FIP 2fbfe3855e Improve the ``PortBindingUpdateVirtualPortsEvent`` match filter 413044f253 [OVN] The L3 scheduler does not use all chassis by default 1b9a16c956 Add description field to the security_group_default_rules resource a72e97ddff Update api extension for default sg rules API a221764751 Allow Multiple External Gateways 0b67da59c6 [sqlalchemy-20] Open a connection to execute a command ac231c8174 Improve "sync_ha_chassis_group" method 35cb164ea5 [ovn]disable security group notifier 9e6675ec06 Increase the waiting period to receive a port creation event 43ef447a57 SG rule dict method allows DB object and Neutron OVO 846003c437 Start metadata proxy even if IPv6 DAD fails 452973c0db Revert "Use a writer context for the online alembic migrations" f42d86cc0d Bump neutron-lib to 3.6.1 ebc0658d55 Revert "Delete sg rule which remote is the deleted sg" e0a2427a2f [ovn] Avoid unwanted ACL_NOT_FOUND error when deleting log objects b677d65b2d [OVN][Migration] Enable settings backup subnet for NFS clients 6fa3d8019f Use ``TextClause`` to define the DB model "server_default" 1d0335810d Disable mysql gather performance in jobs 10ff1caaca Fix some new pylint "C" warnings ed274efcf7 Update pylint version 5f4a41326d Add rate-limiting to metadata agents 43c756d728 [alembic] Alembic operations require keywords only arguments 0959e452d3 [sqlalchemy-20] Retrieve the ``URL`` string with the password a86e300a0b Handle no more IP addresses available during a network sync a612346146 Fix not working use_random_fully config option a06b44e12d Imported Translations from Zanata 01af4b2cda Remove the neutron-debug tool 3b7699bc66 Add scope ID to the "GROUP BY" clause in ``get_scoped_floating_ips`` 01de74dedf [S-RBAC] Get QoS rule types API available for READER role 7573fca58c Notify neutron-server ovs is restarted d409296bde docs: Deindent code blocks 043a8ecad9 [OVN] Use the API context in ``OVNClient._add_router_ext_gw`` method 363c690529 Replace "tenant_id" with "project_id" in address scope 6a2ccfac32 Make "project_id" in "L3HARouterNetwork" unique constraint 98ac1fa31a [sqlalchemy-20] Add the transaction context to the upgrade checks methods 3e65ef863c Mark "ipv6_pd_enabled" as deprecated and experimental. 4edff4fe8d [S-RBAC] Fix new policies for FIP PFs APIs be0dc09d52 [S-RBAC] Fix new policies for get QoS rules APIs 97d658c4ce port-hint-ovs-tx-steering: shim extension 6b55589ae0 port-hint-ovs-tx-steering: agent side 0390ada97c port-hints: api extension c3602ac19b [OVN] Update ovn meter when neutron server reloads be4e150de9 [OVN] Remove backwards compatibility with OVN < v20.09 dde1d69c78 Add host metadata haproxy manager c0af5b3b5e Reduce lock contention on subnets 256297fc7f rbacs: clean-up to use defined constants ACCESS_* 6eb7006801 Drop retries in tests for TimeoutException 78dbe55f19 Add extra log to help figuring out OVS events 30c0e5699e Fix doc links for networking option 2 adaba13bdb Add new DEFAULT option named "my_ip" b1cc242fad Add a method to retrieve router gateway ports 7a59cf0eb9 Correct planned removal for maintenance function 2be53b1719 [functional] Fix db_set use in test_cascading_del_in_txn a9963e90d9 ``_get_ovn_version`` returns a 3 element tuple 4ad979a534 Mark "test_port_creation_and_deletion" as unstable 9ac59e4b4a Avoid retrieving ports if network list is empty 4bac350f68 Remove "neutron-ovn-tempest-ovs-release-ubuntu-old" job b19b55909d Don't set and remove immediately DEAD VLAN tag in tests 88ce859b56 Change API to validate network MTU minimums 9f22dc1d3a Doc: Add FWaaS v2 install details 853dc2570d Add py39 jobs to tox override template 39d252da7c Deprecated support for Windows OS 82029c2c51 Use a writer context for the online alembic migrations 2cafe0a9c4 Revert "Move to python3.9 as minimal python version" f93c9be1c1 Move to python3.9 as minimal python version 4e27e27ae2 Replace context decorators with context managers dd184c5c10 Fix Loki tempest jobs b31453af47 [OVN] Admin procedure for duplicated or deleted OVN agents 872b53f618 Fix functional tests modules which are using PluginFixture 670cc383e0 [S-RBAC] Switch to new policies by default d757c530bc Update QoS documentation a84567b8d6 Remove the ``OVNSqlFixture`` class workaround 05ba4257de Remove creation of DHCP port in the OVN metadata unit test f23d7af8d7 Use explicit inner join for networks in port query 43829301f3 Handle "no such process" during keepalived process cleanup 34ea8988d6 [OVN] Add update event to ``OVSInterfaceEvent`` class a5e26408d2 Fix dns_integration and ml2 plugin unit tests modules 5db17654b9 Fix servicetype unit tests module f92d6fa72a Fix segments unit tests module 6b5acb5835 [S-RBAC] Get availability zone API available for READER role 340fd3cfe7 Run master jobs only on master branch 706a0e0268 Fix parent of neutron-ovn-tempest-with-uwsgi-loki 28961c8b76 Fix network_segment_range unit tests module 73ac4510c7 [grenade] Collect ovn services logs 2364327bd1 Run periodic jobs in experimental queue too 9d51633013 Fix intermittent failures in finding metada port in SB DB 267efd2984 OVN: Always try and create a metadata port on subnets c7ef824941 Do not check the context object in ``TestMeteringPlugin`` 5510cdab92 [ovn] OVNClient._get_router_ports: Drop unused parameter e5d4499672 [ovn] Drop use of LR OVN_GW_NETWORK_EXT_ID_KEY d67d1c2736 [ovn] Drop use of OVN_GW_PORT_EXT_ID_KEY 69f30c92ef [sqlalchemy-20] Add reader context to ``get_ports_on_host_by_subnet`` 7dfbdf65a7 Add support for localnet_learn_fdb OVN option e374b82d8f [CI][fullstack/functional] Report slowest tests 8eecccfeae [S-RBAC] Allow network owners to get ports from that network 95c19c8868 Checkout "sqlalchemy/alembic" main branch in sqlalchmey-master jobs 3de8ebebd8 Pin OVS_BRANCH to working commit a06fe7cfd9 Fix NoSuchOptError error in Ipam unit tests 5a17f2b24a Pass physical bridge informations to OVS agent extension API 33cf2cdc83 Fix ACL sync when default sg group is created 7828acaf4f [ovn] Add end to end test for QosExtension 2aee961ab6 Suppress IPv6 metadata DAD failure and delete address ade2a9f893 Mark "test_multiple_agents_for_network" as unstable fa172ab7dc rbacs: fix typo, s/cxt/ctx e6de524555 rbacs: filter out model that are already owned by context 7073410be3 Bump skip-level lower version to stable/zed 775d5de9f1 Add debug information to ``MacvtapAgentTestCase.test_get_all_devices`` 0ec04dd638 Ensure redirect-type=bridged not used for geneve networks d4654e3011 Filter out unsatisfied routers in SQL 33c4a2d97e Update url and package name 3cc28a004a Add plugin.spec to irrelevant-files b777aa57b2 Update the quota guide examples cfe38a0014 Change name of ``_TestIsSessionActive`` test case. 5c60d697c3 OVN agent: Stop registering unused options 27b3eacd3d Revert "Ensure vlan network traffic is not centralized" e4da60740b [sqlalchemy-20] Do not use strings for aatribute names in loader options 0a69dd5e3d [sqlalchemy-20] query.join should define one table/column per call 4b8e484e1d Increase port name size and type to internal 2ccf1e1e90 [OVN] OVN agent should register "Chassis_Private" by default f42f1cfa69 [sqlalchemy-20] Provide SQL "case" expression correct input paremeters 831ac3152d Fix a number of configuration typos 5b4ed5b117 Fix concurrent port binding activate 1646e5b28d Add neutron-lib project to the SQLAlchemy master branch CI jobs 0220236c63 Cleanup before executing "test_get_all_devices" 6e1dbe9781 Add oslo.db project to the SQLAlchemy master branch CI jobs 97aa84b69a Open the 2023.2 (Bobcat) DB branch c97dcfd03f doc: state that O flag can be 0 in dhcpv6-stateful 6358495720 Delete sg rule which remote is the deleted sg 04d3f889ef Fix metadata agent intermittent test failures 9704dca84e [OVN] Explicitly define the fixed IPs for the metadata port dea48cfc0a Only create a frozen Row on matching events 711fbb9820 Imported Translations from Zanata 8ea2a9c128 Fix typo in unit test 442b437a81 Change external process manager tests to clean temp files efab60c0bf Try to optimize Mysql server mem usage on some CI jobs 745497a112 [OVN] Remove "update_port_qos_with_external_ids_reference" 5c98d9e8d1 [OVS] Parse the "permitted_ethertypes" at the FW initialization bffa642b35 [OVN] Method ``get_port_qos`` should always return 2 values 008277b8c1 [OVS] Allow custom ethertype traffic in the ingress table b9567033fc [OVN] Use the BW values retrieved from ``get_port_qos`` 08eb8e2498 Use neutron-lib policy rules c8ccf2ffbb [OVN] Change oslo config options entry point for the OVN agent cf96bd8bdf ovs: fix regression when vlan mapping is not already registered d44f164f4d ovn_idl_impl: fix a logic bug in get_sg_port_groups d9358b67bd functional: set dns_domain config option after its registration 8946684fb2 Remove duplicate rows in MySQL query output 5d2086c698 Add 2023.1 release name in routed networks doc b6bc4c8a66 Add Lajos Katona to Client and Doc areas as lieutenant d4a85833a7 [sqlalchemy-20] The Session.begin.subtransactions flag is deprecated 0a214b0437 Imported Translations from Zanata 999116126e Add full support for OVN NB "Gateway_Chassis" table 4254ccd1bc Update master for stable/2023.1 8e3bddbf8b Ensure vlan network traffic is not centralized 39b65575cd Change the release tag to use the release identification 44ac03de14 Fix policy unit test deprecation warnings ebcde41fc8 [OVN] Add ``get_gateway_chassis_az_hints`` method to OVN API 2af5fd889b Add sleep before checking if ovs port is in the namespace 12093015de Add Jens Harbott as Lieutenants in Infra area 75e8360224 Reintroduce agent bridge resync test 3cf4899cf0 [OVN] Adding support for VNIC type virtio-forwarder. f3c743d090 Do not update static routes in snat-ns for dvr router with ha Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .pylintrc | 26 +- bindep.txt | 9 +- ...g-bgp-floating-ip-over-l2-segmented-network.rst | 420 +++++++------ .../shared/deploy-selfservice-initialnetworks.txt | 7 + .../internals/ovn/ovn_network_logging.rst | 114 ++-- .../contributor/internals/ovn/port_forwarding.rst | 110 ++-- .../contributor/testing/ci_scenario_jobs.rst | 23 - .../install/compute-install-option2-ubuntu.rst | 4 +- etc/oslo-config-generator/neutron.conf | 1 + neutron/agent/common/ip_lib.py | 9 + neutron/agent/common/ovsdb_monitor.py | 12 + neutron/agent/dhcp/agent.py | 12 +- .../l2/extensions/metadata}/__init__.py | 0 .../l2/extensions/metadata/host_metadata_proxy.py | 200 ++++++ neutron/agent/l3/agent.py | 7 +- neutron/agent/l3/dvr_edge_ha_router.py | 4 + neutron/agent/l3/dvr_edge_router.py | 19 +- neutron/agent/l3/dvr_local_router.py | 3 + neutron/agent/l3/router_info.py | 7 +- neutron/agent/l3_agent.py | 3 + neutron/agent/linux/dhcp.py | 111 ++-- neutron/agent/linux/interface.py | 2 +- neutron/agent/linux/ip_lib.py | 19 +- neutron/agent/linux/iptables_firewall.py | 6 +- neutron/agent/linux/iptables_manager.py | 14 +- .../agent/linux/openvswitch_firewall/firewall.py | 43 +- neutron/agent/linux/tc_lib.py | 2 +- neutron/agent/metadata/driver.py | 62 +- neutron/agent/metadata_agent.py | 3 + neutron/agent/ovn/agent/ovn_neutron_agent.py | 2 +- neutron/agent/ovn/agent/ovsdb.py | 9 +- neutron/agent/ovn/extensions/qos_hwol.py | 10 +- neutron/agent/ovn/metadata/agent.py | 25 +- neutron/agent/ovn/metadata/driver.py | 23 +- neutron/agent/ovn/metadata_agent.py | 2 + neutron/agent/ovn/ovn_neutron_agent.py | 6 +- neutron/agent/rpc.py | 3 +- neutron/api/rpc/callbacks/version_manager.py | 9 +- neutron/api/rpc/handlers/securitygroups_rpc.py | 15 +- neutron/cmd/ovn/neutron_ovn_db_sync_util.py | 10 +- neutron/cmd/sanity/checks.py | 54 +- neutron/cmd/sanity_check.py | 25 + neutron/cmd/upgrade_checks/checks.py | 145 +++-- neutron/common/_constants.py | 6 + neutron/common/config.py | 2 +- neutron/common/metadata.py | 67 ++ neutron/common/ovn/constants.py | 9 +- neutron/common/ovn/exceptions.py | 7 +- neutron/common/ovn/extensions.py | 8 + neutron/common/ovn/hash_ring_manager.py | 9 +- neutron/common/ovn/utils.py | 237 ++++++++ neutron/common/utils.py | 40 +- neutron/conf/agent/common.py | 11 +- neutron/conf/agent/database/agents_db.py | 21 +- neutron/conf/agent/database/agentschedulers_db.py | 9 +- neutron/conf/agent/dhcp.py | 14 +- neutron/conf/agent/l3/config.py | 29 +- neutron/conf/agent/metadata/config.py | 45 +- neutron/conf/agent/ovn/metadata/config.py | 6 +- neutron/conf/agent/ovs_conf.py | 8 +- neutron/conf/agent/ovsdb_api.py | 4 +- neutron/conf/agent/securitygroups_rpc.py | 8 +- neutron/conf/common.py | 44 +- neutron/conf/db/dvr_mac_db.py | 8 +- neutron/conf/db/l3_agentschedulers_db.py | 4 +- neutron/conf/db/l3_dvr_db.py | 2 +- neutron/conf/db/l3_extra_gws_db.py | 36 ++ neutron/conf/db/l3_hamode_db.py | 16 +- neutron/conf/db/l3_ndpproxy_db.py | 2 +- neutron/conf/experimental.py | 5 + neutron/conf/extensions/conntrack_helper.py | 2 +- neutron/conf/plugins/ml2/drivers/agent.py | 6 +- neutron/conf/plugins/ml2/drivers/linuxbridge.py | 16 +- .../ml2/drivers/mech_sriov/mech_sriov_conf.py | 2 +- neutron/conf/plugins/ml2/drivers/ovn/ovn_conf.py | 50 +- neutron/conf/plugins/ml2/drivers/ovs_conf.py | 14 +- neutron/conf/policies/__init__.py | 4 + neutron/conf/policies/address_group.py | 8 +- neutron/conf/policies/address_scope.py | 18 +- neutron/conf/policies/agent.py | 23 +- neutron/conf/policies/auto_allocated_topology.py | 5 +- neutron/conf/policies/availability_zone.py | 11 +- neutron/conf/policies/base.py | 64 +- .../conf/policies/default_security_group_rules.py | 91 +++ neutron/conf/policies/flavor.py | 23 +- neutron/conf/policies/floatingip.py | 11 +- neutron/conf/policies/floatingip_pools.py | 3 +- .../conf/policies/floatingip_port_forwarding.py | 25 +- neutron/conf/policies/l3_conntrack_helper.py | 17 +- neutron/conf/policies/local_ip.py | 9 +- neutron/conf/policies/local_ip_association.py | 13 +- neutron/conf/policies/logging.py | 11 +- neutron/conf/policies/metering.py | 13 +- neutron/conf/policies/ndp_proxy.py | 9 +- neutron/conf/policies/network.py | 57 +- neutron/conf/policies/network_ip_availability.py | 3 +- neutron/conf/policies/network_segment_range.py | 9 +- neutron/conf/policies/port.py | 280 ++++----- neutron/conf/policies/port_bindings.py | 75 +++ neutron/conf/policies/qos.py | 77 +-- neutron/conf/policies/quotas.py | 7 +- neutron/conf/policies/rbac.py | 21 +- neutron/conf/policies/router.py | 77 ++- neutron/conf/policies/security_group.py | 21 +- neutron/conf/policies/segment.py | 9 +- neutron/conf/policies/service_type.py | 5 +- neutron/conf/policies/subnet.py | 35 +- neutron/conf/policies/subnetpool.py | 25 +- neutron/conf/policies/trunk.py | 15 +- neutron/conf/quota.py | 16 +- neutron/conf/service.py | 2 +- neutron/conf/services/extdns_designate_driver.py | 4 +- neutron/db/address_group_db.py | 1 + neutron/db/address_scope_db.py | 7 +- neutron/db/agents_db.py | 22 +- neutron/db/db_base_plugin_common.py | 11 +- neutron/db/db_base_plugin_v2.py | 92 ++- neutron/db/dvr_mac_db.py | 1 + neutron/db/external_net_db.py | 24 +- neutron/db/ipam_backend_mixin.py | 2 +- neutron/db/l3_agentschedulers_db.py | 4 +- neutron/db/l3_attrs_db.py | 10 +- neutron/db/l3_db.py | 102 +++- neutron/db/l3_dvr_db.py | 26 +- neutron/db/l3_dvrscheduler_db.py | 2 +- neutron/db/l3_extra_gws_db.py | 577 ++++++++++++++++++ neutron/db/l3_hamode_db.py | 89 ++- neutron/db/migration/__init__.py | 6 +- ...53938cdc1_update_segment_networks_constraint.py | 3 + .../0aefee21cd87_remove_dedundant_indexes.py | 65 ++ ...19773d7_create_l3harouternetwork_project_id_.py | 40 ++ .../2023.2/expand/6f1145bff34c_port_hints.py | 45 ++ .../expand/89c58a70ceba_ecmp_bfd_attributes.py | 39 ++ .../93f394357a27_remove_in_use_on_subnets.py | 42 ++ .../b1199a3adbef_de_duplicate_indices_for_ports.py | 54 ++ .../c33da356b165_security_group_default_rules.py | 130 ++++ .../alembic_migrations/versions/EXPAND_HEAD | 2 +- .../liberty/expand/45f955889773_quota_usage.py | 2 +- .../2b4c2465d44b_dvr_sheduling_refactoring.py | 29 +- .../mitaka/contract/4ffceebfcdc_standard_desc.py | 11 +- .../8a6d8bdae39_migrate_neutron_resources_table.py | 23 +- ...tributes_to_support_external_dns_integration.py | 15 +- ...86_add_binding_index_to_routerl3agentbinding.py | 19 +- .../7bbb25278f53_device_owner_ha_replicate_int.py | 21 +- .../7d9d8eeec6ad_rename_tenant_to_project.py | 2 +- .../8fd3918ef6f4_add_segment_host_mapping.py | 5 +- .../newton/contract/97c25b0d2353_add_name_desc.py | 25 +- .../a84ccf28f06a_migrate_dns_name_from_port.py | 21 +- .../a8b517cff8ab_add_routerport_bindings_for_ha.py | 29 +- ...12a3ef66e62_add_standardattr_to_qos_policies.py | 27 +- .../62c781cb6192_add_qos_policies_default_table.py | 1 - .../804a3c76314c_add_data_plane_status_to_port.py | 2 +- ...2437bf41_add_propagate_uplink_status_to_port.py | 2 +- ...454a9655_add_dns_publish_fixed_ip_to_subnets.py | 3 +- .../expand/86274d77933e_change_mtu_to_not_null.py | 11 +- .../Ibac91d24da2_port_forwarding_description.py | 19 +- .../expand/c3e9d13c4367_add_binding_index_to_.py | 17 +- .../fd6107509ccd_ovn_distributed_device_owner.py | 9 +- ...766_add_standard_attributes_to_address_group.py | 21 +- ...8d6f371_rbac_target_tenant_to_target_project.py | 2 +- .../expand/ba859d649675_add_indexes_to_rbacs.py | 26 +- .../I43e0b669096_port_forwarding_port_ranges.py | 27 +- neutron/db/migration/cli.py | 5 +- neutron/db/models/address_group.py | 2 +- neutron/db/models/address_scope.py | 2 +- neutron/db/models/data_plane_status.py | 2 +- neutron/db/models/dns.py | 12 +- neutron/db/models/l3_attrs.py | 6 + neutron/db/models/l3ha.py | 5 + neutron/db/models/port_hints.py | 35 ++ neutron/db/models/securitygroup.py | 2 +- neutron/db/models/securitygroup_default_rules.py | 47 ++ neutron/db/models/segment.py | 2 - neutron/db/models/tag.py | 2 +- neutron/db/models/uplink_status_propagation.py | 2 +- neutron/db/models_v2.py | 60 +- neutron/db/ovn_hash_ring_db.py | 78 ++- neutron/db/ovn_revision_numbers_db.py | 18 +- neutron/db/port_hints_db.py | 53 ++ neutron/db/qos/models.py | 4 +- neutron/db/quota/models.py | 4 +- neutron/db/securitygroups_db.py | 301 +++++++-- neutron/db/securitygroups_rpc_base.py | 12 +- neutron/debug/README | 38 -- neutron/debug/commands.py | 130 ---- neutron/debug/debug_agent.py | 176 ------ neutron/debug/shell.py | 92 --- neutron/exceptions/mtu.py | 28 + neutron/extensions/l3_extra_gws.py | 22 + neutron/extensions/network_ha.py | 21 + neutron/extensions/network_ip_availability.py | 6 +- neutron/extensions/port_hint_ovs_tx_steering.py | 21 + neutron/extensions/port_hints.py | 20 + .../extensions/security_groups_default_rules.py | 76 ++- neutron/locale/de/LC_MESSAGES/neutron.po | 452 +------------- neutron/locale/es/LC_MESSAGES/neutron.po | 411 +------------ neutron/locale/fr/LC_MESSAGES/neutron.po | 415 +------------ neutron/locale/it/LC_MESSAGES/neutron.po | 409 +------------ neutron/locale/ja/LC_MESSAGES/neutron.po | 404 +----------- neutron/locale/ko_KR/LC_MESSAGES/neutron.po | 372 +----------- neutron/locale/pt_BR/LC_MESSAGES/neutron.po | 400 +----------- neutron/locale/ru/LC_MESSAGES/neutron.po | 401 +----------- neutron/locale/zh_CN/LC_MESSAGES/neutron.po | 348 +---------- neutron/locale/zh_TW/LC_MESSAGES/neutron.po | 352 +---------- neutron/objects/db/api.py | 18 +- neutron/objects/l3agent.py | 4 +- neutron/objects/port/extensions/port_hints.py | 53 ++ neutron/objects/port_forwarding.py | 13 +- neutron/objects/ports.py | 9 +- neutron/objects/router.py | 74 ++- neutron/objects/securitygroup_default_rules.py | 58 ++ neutron/objects/subnet.py | 8 + neutron/opts.py | 9 +- neutron/pecan_wsgi/hooks/policy_enforcement.py | 3 +- neutron/plugins/ml2/driver_context.py | 2 +- neutron/plugins/ml2/drivers/agent/_common_agent.py | 15 +- .../ml2/drivers/linuxbridge/agent/arp_protect.py | 4 +- .../linuxbridge/agent/linuxbridge_neutron_agent.py | 2 +- .../agent/extension_drivers/qos_driver.py | 156 +++-- .../openvswitch/agent/openflow/native/br_int.py | 89 ++- .../openvswitch/agent/openflow/native/br_tun.py | 16 +- .../openvswitch/agent/ovs_agent_extension_api.py | 17 +- .../openvswitch/agent/ovs_dvr_neutron_agent.py | 18 +- .../drivers/openvswitch/agent/ovs_neutron_agent.py | 104 +++- .../plugins/ml2/drivers/ovn/agent/neutron_agent.py | 10 +- .../ml2/drivers/ovn/mech_driver/mech_driver.py | 80 ++- .../ml2/drivers/ovn/mech_driver/ovsdb/api.py | 9 + .../ml2/drivers/ovn/mech_driver/ovsdb/commands.py | 40 +- .../ovn/mech_driver/ovsdb/extensions/qos.py | 11 - .../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py | 22 +- .../drivers/ovn/mech_driver/ovsdb/maintenance.py | 298 +++++++-- .../drivers/ovn/mech_driver/ovsdb/ovn_client.py | 570 +++++++++-------- .../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py | 85 ++- .../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py | 70 ++- .../ml2/extensions/port_hint_ovs_tx_steering.py | 35 ++ neutron/plugins/ml2/extensions/port_hints.py | 45 ++ neutron/plugins/ml2/plugin.py | 34 +- neutron/policy.py | 23 +- neutron/profiling/profiled_decorator.py | 63 +- neutron/scheduler/l3_agent_scheduler.py | 17 +- neutron/scheduler/l3_ovn_scheduler.py | 23 +- neutron/server/__init__.py | 1 + neutron/service.py | 5 +- neutron/services/l3_router/l3_router_plugin.py | 5 +- neutron/services/logapi/common/db_api.py | 11 +- .../logapi/drivers/openvswitch/ovs_firewall_log.py | 2 +- neutron/services/logapi/drivers/ovn/driver.py | 86 ++- neutron/services/loki/loki_plugin.py | 4 +- neutron/services/network_ip_availability/plugin.py | 4 +- neutron/services/ovn_l3/plugin.py | 35 +- neutron/services/qos/qos_plugin.py | 8 +- neutron/services/tag/tag_plugin.py | 3 + .../trunk/drivers/openvswitch/agent/driver.py | 5 +- .../drivers/openvswitch/agent/ovsdb_handler.py | 7 +- neutron/services/trunk/drivers/ovn/trunk_driver.py | 25 +- neutron/services/trunk/plugin.py | 7 +- .../agent/l3/test_keepalived_state_change.py | 2 +- .../functional/agent/l3/test_metadata_proxy.py | 173 +++++- .../functional/agent/linux/test_keepalived.py | 17 +- .../agent/ovn/extensions/test_qos_hwol.py | 49 +- .../agent/ovn/metadata/test_metadata_agent.py | 61 +- .../test_ba859d649675_add_indexes_to_rbacs.py | 55 ++ .../test_c3e9d13c4367_add_binding_index_to_.py | 29 +- .../macvtap/agent/test_macvtap_neutron_agent.py | 25 +- .../ovn/mech_driver/ovsdb/extensions/test_qos.py | 202 +++++- .../drivers/ovn/mech_driver/ovsdb/test_impl_idl.py | 38 ++ .../ovn/mech_driver/ovsdb/test_maintenance.py | 158 ++++- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 86 +++ .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 40 +- .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 118 +++- .../drivers/ovn/mech_driver/test_mech_driver.py | 90 ++- .../privileged/agent/linux/test_tc_lib.py | 44 +- .../scheduler/test_l3_agent_scheduler.py | 6 + .../l3_router/test_l3_dvr_ha_router_plugin.py | 13 +- .../l3_router/test_l3_dvr_router_plugin.py | 78 ++- .../services/logapi/drivers/ovn/test_driver.py | 9 +- .../functional/services/ovn_l3/test_plugin.py | 42 +- .../portforwarding/test_port_forwarding.py | 7 +- .../trunk/drivers/ovn/test_trunk_driver.py | 37 +- .../l2/extensions/metadata}/__init__.py | 0 .../metadata/test_host_metadata_proxy.py | 104 ++++ .../linux/openvswitch_firewall/test_firewall.py | 22 + .../unit/agent/linux/test_external_process.py | 113 ++-- .../unit/agent/linux/test_iptables_manager.py | 34 ++ .../api/rpc/handlers/test_securitygroups_rpc.py | 114 +++- .../unit/conf/policies/test_availability_zone.py | 6 - .../policies/test_default_security_group_rules.py | 133 ++++ .../policies/test_floatingip_port_forwarding.py | 347 ++++++----- .../unit/extensions/test_availability_zone.py | 21 +- .../unit/extensions/test_data_plane_status.py | 12 +- .../unit/extensions/test_default_subnetpools.py | 8 +- .../test_expose_port_forwarding_in_fip.py | 22 +- .../extensions/test_floating_ip_port_forwarding.py | 31 +- .../unit/extensions/test_l3_conntrack_helper.py | 21 +- .../extensions/test_network_ip_availability.py | 86 ++- .../unit/extensions/test_network_segment_range.py | 36 +- .../test_security_groups_default_rules.py | 484 +++++++++++++++ .../unit/extensions/test_subnet_service_types.py | 5 +- .../unit/extensions/test_subnetpool_prefix_ops.py | 4 +- .../objects/port/extensions/test_port_hints.py | 33 + .../objects/test_securitygroup_default_rules.py | 27 + .../ml2/drivers/agent/test__common_agent.py | 11 +- .../plugins/ml2/drivers/l2pop/test_mech_driver.py | 68 ++- .../agent/extension_drivers/test_qos_driver.py | 34 +- .../agent/openflow/native/test_br_int.py | 47 +- .../agent/openflow/native/test_br_tun.py | 33 +- .../agent/test_ovs_agent_extension_api.py | 8 + .../openvswitch/agent/test_ovs_neutron_agent.py | 122 ++++ .../drivers/openvswitch/agent/test_ovs_tunnel.py | 9 +- .../drivers/ovn/mech_driver/ovsdb/test_commands.py | 24 +- .../ovn/mech_driver/ovsdb/test_impl_idl_ovn.py | 85 ++- .../ovn/mech_driver/ovsdb/test_maintenance.py | 306 ++++++++-- .../ovn/mech_driver/ovsdb/test_ovn_client.py | 269 +++++--- .../ovn/mech_driver/ovsdb/test_ovn_db_sync.py | 42 ++ .../ovn/mech_driver/ovsdb/test_ovsdb_monitor.py | 17 +- .../drivers/ovn/mech_driver/test_mech_driver.py | 436 +++++++------ .../plugins/ml2/drivers/ovn/test_db_migration.py | 6 +- .../ml2/extensions/test_dns_domain_keywords.py | 6 +- .../plugins/ml2/extensions/test_dns_integration.py | 4 +- .../test_tag_ports_during_bulk_creation.py | 22 +- .../unit/plugins/ml2/test_extension_driver_api.py | 16 +- .../unit/plugins/ml2/test_tracked_resources.py | 51 +- .../unit/scheduler/test_l3_agent_scheduler.py | 44 +- .../unit/services/logapi/common/test_db_api.py | 7 + .../services/logapi/drivers/ovn/test_driver.py | 116 ++-- .../unit/services/metering/test_metering_plugin.py | 211 +++---- .../services/revisions/test_revision_plugin.py | 8 +- plugin.spec | 2 +- ...ecurity-group-rules-added-94a9ac6cdd1c538e.yaml | 23 + ...te-support-for-Windows-OS-80e32ef7e5e05b44.yaml | 5 + ...d-distributed-FIPs-config-0b4e9a92255cf4a8.yaml | 13 + ...dd-metadata-rate-limiting-bf0c17a31f86ee16.yaml | 8 + .../agent_down_time_max-af3b62763aaa2fe5.yaml | 6 + .../notes/bug-1953165-6e848ea2c0398f56.yaml | 16 + .../notes/bug-1986003-9bf5ca04f9304336.yaml | 10 + .../notes/bug-1999209-febf1fa3512556b3.yaml | 7 + .../notes/bug-2022914-edbf1ea3514596b8.yaml | 7 + ...p-agent-ovn-metadata-port-33a654ccb9554c65.yaml | 9 + .../notes/dvr-external-mac-934409413e515eb2.yaml | 10 + ...ce-scope-and-new-defaults-1f82a9eb71125f5d.yaml | 25 + ...tworks_unique_per_project-4d02e963cfc8d546.yaml | 8 + ...e_neutron_server-db-check-82fc780ff9455446.yaml | 7 + .../notes/hash-ring-cleanup-1079d2375082cebe.yaml | 6 + .../notes/localnet-learn-fdb-22469280b49701fc.yaml | 23 + ...d_enabled_as_experimental-c9bfe343a0beb334.yaml | 7 + .../network_ha_extension-99578e7ee47f47db.yaml | 8 + .../notes/new-my-ip-config-b8efeb05dd50cfd6.yaml | 9 + .../notes/new-my-ipv6-config-361b5dc824591fe5.yaml | 9 + ...uplink-status-propagation-4c232954f8b4f0ef.yaml | 7 + ...eduler-only-on-gw-chassis-33c22c1f5f7a73d4.yaml | 12 + .../ovn-mcast_flood_reports-4eee20856ccfc7d7.yaml | 7 + ...vn-recreate-metadata-port-76e2c0e651267aa0.yaml | 11 + ...n-trunk-check-parent-port-eeca2eceaca9d158.yaml | 6 + ...tual-port-prevent-binding-50efba5521e8a28e.yaml | 10 + ...port-hint-ovs-tx-steering-277a411933ed372b.yaml | 13 + .../notes/port-hints-d465bb2fa144537c.yaml | 12 + ..._ipamallocation_leftovers-9d72cc5f616f51e4.yaml | 7 + .../notes/redirect-type-f29e89ca97357fe9.yaml | 24 + ...ve_duplicated_ovn_chassis-df12fb6233ea3d3e.yaml | 17 + .../remove_neutron_debug-262a139650d71183.yaml | 6 + ...ork_subnet_mtu_validation-c221f22efcfae927.yaml | 22 + releasenotes/source/2023.1.rst | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 59 +- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 4 +- requirements.txt | 8 +- roles/legacy_ebtables/tasks/main.yaml | 3 +- roles/nftables/tasks/main.yaml | 6 + setup.cfg | 5 +- tools/configure_for_func_testing.sh | 7 +- .../infrared/tripleo-ovn-migration/README.rst | 6 +- .../infrared/tripleo-ovn-migration/main.yml | 2 +- .../tripleo_environment/ovn_migration.sh | 4 +- .../playbooks/roles/recovery-backup/tasks/main.yml | 1 + tox.ini | 20 +- zuul.d/base.yaml | 98 +-- zuul.d/grenade.yaml | 27 +- zuul.d/job-templates.yaml | 106 ++-- zuul.d/project.yaml | 11 +- zuul.d/rally.yaml | 14 +- zuul.d/tempest-multinode.yaml | 89 +-- zuul.d/tempest-singlenode.yaml | 275 ++------- 519 files changed, 15886 insertions(+), 11354 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2b2d62fbb9..115c514170 100644 --- a/requirements.txt +++ b/requirements.txt @@ -23 +23 @@ netifaces>=0.10.4 # MIT -neutron-lib>=3.4.0 # Apache-2.0 +neutron-lib>=3.7.0 # Apache-2.0 @@ -37 +37 @@ oslo.i18n>=3.20.0 # Apache-2.0 -oslo.log>=4.5.0 # Apache-2.0 +oslo.log>=5.3.0 # Apache-2.0 @@ -47 +47 @@ oslo.upgradecheck>=1.3.0 # Apache-2.0 -oslo.utils>=4.8.0 # Apache-2.0 +oslo.utils>=6.2.0 # Apache-2.0 @@ -53 +53 @@ ovs>=2.10.0 # Apache-2.0 -ovsdbapp>=1.16.0 # Apache-2.0 +ovsdbapp>=2.2.1 # Apache-2.0