[release-announce] neutron 11.0.7 (pike)
no-reply at openstack.org
no-reply at openstack.org
Fri Apr 12 23:43:19 UTC 2019
We are happy to announce the release of:
neutron 11.0.7: OpenStack Networking
This release is part of the pike stable release series.
The source is available from:
https://git.openstack.org/cgit/openstack/neutron
Download the package from:
https://tarballs.openstack.org/neutron/
Please report issues through:
https://bugs.launchpad.net/neutron/+bugs
For more details, please see below.
11.0.7
^^^^^^
Critical Issues
***************
* The neutron-openvswitch-agent can sometimes spend too much time
handling a large number of ports, exceeding its timeout value,
"agent_boot_time", for L2 population. Because of this, some flow
update operations will not be triggerred, resulting in lost flows
during agent restart, especially for host-to-host vxlan tunnel
flows, causing the original tunnel flows to be treated as stale due
to the different cookie IDs. The agent's first RPC loop will also do
a stale flow clean-up procedure and delete them, leading to a loss
of connectivity. Please ensure that all neutron-server and neutron-
openvswitch-agent binaries are upgraded for the changes to take
effect, after which the L2 population "agent_boot_time" config
option will no longer be used.
Bug Fixes
*********
* Fixes bug 1501206
(https://bugs.launchpad.net/neutron/+bug/1501206). This ensures that
DHCP agent instances running dnsmasq as a DNS server can no longer
be exploited as DNS amplifiers when the tenant network is using
publicly routed IP addresses by adding an option that will allow
them to only serve DNS requests from local networks.
* Fixes an issue causing IP allocation on port update to fail when
the initial IP allocation was deferred due to lack of binding info.
If both the port mac_address and binding info (binding_host_id) were
updated in the same request, the fixed_ips field was added to the
request internally. The code to complete the deferred allocation
failed to execute in that case. (For more information see bug
1811905 (https://bugs.launchpad.net/neutron/+bug/1811905).)
* The neutron-openvswitch-agent was changed to notify the neutron-
server in its first RPC loop that it has restarted. This signals
neutron-server to provide updated L2 population information to
correctly program FDB entries, ensuring connectivity to instances is
not interrupted. This fixes the following bugs: 1794991
(https://bugs.launchpad.net/neutron/+bug/1794991), 1799178
(https://bugs.launchpad.net/neutron/+bug/1799178), 1813703
(https://bugs.launchpad.net/neutron/+bug/1813703), 1813714
(https://bugs.launchpad.net/neutron/+bug/1813714), 1813715
(https://bugs.launchpad.net/neutron/+bug/1813715).
Other Notes
***********
* The metering agent iptables driver can now load its interface
driver by using a stevedore alias in the "metering_agent.ini" file.
For example, "interface_driver = openvswitch" instead of
"interface_driver =
neutron.agent.linux.interface.OVSInterfaceDriver"
Changes in neutron 11.0.6..11.0.7
---------------------------------
36a1e193cb Don't pass None arg to neutron-keepalived-state-change
8865466e9f OVS agent: always send start flag during initial sync
4651fac9cb Specify tenant_id in TestRevisionPlugin objects
ff0a444526 Fix QoS rule update
672a4328a9 Add rootwrap filters to kill state change monitor
e6ec35f679 Fix port update deferred IP allocation with host_id + new MAC
51a7666533 Divide-and-conquer security group beasts
a6c3d3ae3c Try to enable dnsmasq process several times
6191355da6 [OVS] Exception message when retrieving bridge-id and is not present
ad1d4358ec [Functional tests] Change way how conntrack entries are checked
1c72d30d2d Change duplicate OVS bridge datapath-ids
125fc48111 Remove conntrack rule when FIP is deleted
62fe7852bb More accurate agent restart state transfer
fb84771d13 Divide-and-conquer local bridge flows beasts
a9bc8ab1e1 Fix KeyError in OVS firewall
6345337681 Check if process' cmdline is "space separarated"
9274bb5e4c Replace openstack.org git:// URLs with https://
93cd1921f1 ovs: survive errors from check_ovs_status
876e1d7969 ovs: raise RuntimeError in _get_dp if id is None
e2f93a2703 [Functional] Don't assert that HA router don't have IPs configured
6b41b07dc3 ovsfw: Update SG rules even if OVSFW Port is not found
bfdd867580 Improve invalid port ranges error message
6c9a282bcd Enable ipv6_forwarding in HA router's namespace
91c26f5658 Set initial ha router state in neutron-keepalived-state-change
9961fa068b Do not release DHCP lease when no client ID is set on port
e53afe831a When converting sg rules to iptables, do not emit dport if not supported
5aa1c315fc Spawn metadata proxy on dvr ha standby routers
a906ace3ef DVR edge router: avoid accidental centralized floating IP remove
6d375dcced ovsfw: Don't create rules if updated port doesn't exist
8b255a648c Add new test decorator skip_if_timeout
3af8e2719c Fix notification about arp entries for dvr routers
6098f54722 Add lock_path in installation guide
10c981512a Fix update of ports cache in router_info class
d218a8abb2 Ensure dnsmasq is down before enabling it in restart method
b2418bc248 Block port update from unbound DHCP agent
f9cbd939b9 Fix performance regression adding rules to security groups
399f1c1b65 Always fill UDP checksums in DHCPv6 replies
72d9c3ccb3 Secure dnsmasq process against external abuse
edd8ad31d7 Check port VNIC type when associating a floating IP
4f5c5ab433 Enable 'all' IPv6 forwarding knob correctly
c5a1214ca6 protect DHCP agent cache out of sync
c86473d1a6 Add kill_timeout to AsyncProcess
9b399af547 Fullstack: init trunk agent's driver only when necessary
dab82d56c4 Don't modify global variables in unit tests
329de01d09 Do state report after setting start_flag on OVS restart
d36cb19813 Do not delete trunk bridges if service port attached
cc7e3e92fe Fix the bug about DHCP port whose network has multiple subnets.
fccc786fd5 Force all fdb entries update after ovs-vswitchd restart
6e3102b095 Get centralized FIP only on router's snat host
a2b6f4af6b DevStack: OVS: Only install kernel-* packages when needed
888cbc2970 Include all rootwrap filters when building wheels
f7f09c79e5 DVR: Centralized FloatingIPs are not cleared after migration.
c08f99c7e0 Fix connection between 2 dvr routers
a4fe8a03ae Wait to ipv6 forwarding be really changed by L3 agent
c757992da1 Add missing step for ovs deploy guides
cb2b2d20e6 iptables-restore wait period cannot be zero
b527af20bb Use system protocol assigments for iptables protocol map
7dad724b0d Install centralized floating IP nat rules to all ha nodes
663d6486a3 Add capabilities for privsep
16c2d64bdc Add permanent ARP entries for DVR fip/qrouter veth pair
2fba9f42b9 Allow Ipv6 addresses for nova_metadata_host
d0931c4e55 dhcp: serializing port delete and network rpc calls
aa4cbc9cde Drop strict-order flag from dnsmasq invocation
a54a7235a5 Fix iptables metering driver entrypoint
dc13609435 Update metering driver to load interface driver
Diffstat (except docs and test files)
-------------------------------------
devstack/lib/ovs | 12 +-
.../install/controller-install-option1-obs.rst | 12 +
.../install/controller-install-option1-ubuntu.rst | 12 +
.../install/controller-install-option2-obs.rst | 12 +
.../install/controller-install-option2-ubuntu.rst | 12 +
etc/neutron/rootwrap.d/l3.filters | 13 +-
neutron/agent/common/ovs_lib.py | 22 +-
neutron/agent/dhcp/agent.py | 123 ++++++---
neutron/agent/l3/agent.py | 65 ++++-
neutron/agent/l3/dvr_edge_ha_router.py | 7 +-
neutron/agent/l3/dvr_edge_router.py | 39 ++-
neutron/agent/l3/dvr_fip_ns.py | 7 +
neutron/agent/l3/dvr_local_router.py | 50 +++-
neutron/agent/l3/ha.py | 37 ++-
neutron/agent/l3/ha_router.py | 11 +-
neutron/agent/l3/keepalived_state_change.py | 22 ++
neutron/agent/l3/router_info.py | 53 ++--
neutron/agent/l3/router_processing_queue.py | 17 +-
neutron/agent/linux/async_process.py | 34 ++-
neutron/agent/linux/dhcp.py | 60 +++--
neutron/agent/linux/ip_lib.py | 6 +
neutron/agent/linux/iptables_firewall.py | 66 ++++-
neutron/agent/linux/iptables_manager.py | 2 +-
.../agent/linux/openvswitch_firewall/exceptions.py | 4 +
.../agent/linux/openvswitch_firewall/firewall.py | 49 ++--
neutron/agent/linux/openvswitch_firewall/rules.py | 16 +-
neutron/agent/linux/utils.py | 15 +-
neutron/agent/metadata/agent.py | 7 +-
neutron/agent/rpc.py | 5 +-
neutron/agent/securitygroups_rpc.py | 16 +-
.../api/rpc/agentnotifiers/dhcp_rpc_agent_api.py | 7 +-
neutron/api/rpc/handlers/dhcp_rpc.py | 13 +-
neutron/cmd/sanity/checks.py | 15 ++
neutron/cmd/sanity_check.py | 15 ++
neutron/common/constants.py | 15 ++
neutron/common/ipv6_utils.py | 12 +
neutron/db/ipam_pluggable_backend.py | 10 +-
neutron/db/l3_db.py | 25 ++
neutron/db/l3_dvr_db.py | 127 ++++++++-
neutron/db/l3_dvr_ha_scheduler_db.py | 9 +-
neutron/db/l3_dvrscheduler_db.py | 170 +++++++++---
neutron/db/securitygroups_db.py | 147 +++++------
neutron/extensions/securitygroup.py | 5 +-
neutron/objects/base.py | 2 +-
neutron/plugins/ml2/drivers/l2pop/mech_driver.py | 9 +-
.../drivers/openvswitch/agent/common/constants.py | 33 +++
.../openvswitch/agent/openflow/native/br_int.py | 2 +
.../openvswitch/agent/openflow/native/br_phys.py | 1 +
.../openvswitch/agent/openflow/native/br_tun.py | 1 +
.../openvswitch/agent/openflow/native/ofswitch.py | 15 +-
.../agent/openflow/native/ovs_bridge.py | 8 +-
.../drivers/openvswitch/agent/ovs_neutron_agent.py | 74 +++++-
neutron/plugins/ml2/rpc.py | 12 +-
neutron/privileged/__init__.py | 5 +-
.../metering/drivers/iptables/iptables_driver.py | 9 +-
neutron/services/qos/qos_plugin.py | 3 +-
.../drivers/openvswitch/agent/ovsdb_handler.py | 14 +
.../agent/l3/test_keepalived_state_change.py | 30 ++-
.../functional/agent/linux/test_netlink_lib.py | 8 +-
.../l3_router/test_l3_dvr_router_plugin.py | 14 +-
.../openvswitch/agent/test_ovsdb_handler.py | 8 +
.../linux/openvswitch_firewall/test_firewall.py | 21 +-
.../agent/linux/openvswitch_firewall/test_rules.py | 13 +-
.../unit/agent/linux/test_iptables_firewall.py | 30 +++
.../plugins/ml2/drivers/l2pop/test_mech_driver.py | 23 +-
.../agent/openflow/native/test_ovs_bridge.py | 5 +
.../openvswitch/agent/test_ovs_neutron_agent.py | 60 ++++-
.../drivers/openvswitch/agent/test_ovs_tunnel.py | 13 +-
.../unit/scheduler/test_l3_agent_scheduler.py | 46 +++-
.../services/revisions/test_revision_plugin.py | 1 +
.../openvswitch/agent/test_ovsdb_handler.py | 4 +-
playbooks/legacy/neutron-fullstack/run.yaml | 2 +-
playbooks/legacy/neutron-functional/run.yaml | 2 +-
.../legacy/neutron-grenade-dvr-multinode/run.yaml | 2 +-
.../legacy/neutron-grenade-multinode/run.yaml | 2 +-
playbooks/legacy/neutron-grenade/run.yaml | 2 +-
playbooks/legacy/neutron-rally-neutron/run.yaml | 24 +-
.../neutron-tempest-dvr-ha-multinode-full/run.yaml | 2 +-
playbooks/legacy/neutron-tempest-dvr/run.yaml | 2 +-
.../legacy/neutron-tempest-linuxbridge/run.yaml | 2 +-
.../legacy/neutron-tempest-multinode-full/run.yaml | 2 +-
playbooks/legacy/neutron-tempest-ovsfw/run.yaml | 2 +-
.../dnsmasq-local-service-c8eaa91894a7d6d4.yaml | 8 +
...e-request-as-binding-data-2a01c1ed1a8eff66.yaml | 10 +
...ver-load-interface-driver-ca397f1db40ec643.yaml | 7 +
...cise-agent-state-transfer-67c771cb1ee04dd0.yaml | 27 ++
setup.cfg | 14 +-
118 files changed, 2655 insertions(+), 642 deletions(-)
More information about the Release-announce
mailing list