[release-announce] neutron 21.1.1 (zed)

no-reply at openstack.org no-reply at openstack.org
Thu Jun 8 14:41:12 UTC 2023 

We are chuffed to announce the release of:

neutron 21.1.1: OpenStack Networking

This release is part of the zed stable release series.

The source is available from:

    https://opendev.org/openstack/neutron

Download the package from:

    https://tarballs.openstack.org/neutron/

Please report issues through:

    https://bugs.launchpad.net/neutron/+bugs

For more details, please see below.

21.1.1
^^^^^^


Known Issues
************

* The high availability of metadata service on isolated networks is
  limited or non-existent. IPv4 metadata is redundant when the DHCP
  agent managing it is redundant, but recovery is tied to the renewal
  of the DHCP lease, making most recoveries very slow. IPv6 metadata
  is not redundant at all as the IPv6 metadata address can only be
  configured in a single place at a time as it is link-local. Multiple
  agents trying to configure it will generate an IPv6 duplicate
  address detection failure.

  Administrators may observe the IPv6 metadata address in "dadfailed"
  state in the DHCP namespace for this reason, which is only an
  indication it is not highly available. Until a redesign is made to
  the isolated metadata service there is not a better deployment
  option. See bug 1953165
  (https://bugs.launchpad.net/neutron/+bug/1953165) for information.

* The *redirect-type=bridged* option is only used if all the tenant
  networks connected to the router are of type VLAN or FLAT. In this
  case their traffic will be distributed. However, if there is a mix
  of VLAN/FLAT and geneve networks connected to the same router, the
  redirect-type option is not set, and therefore the traffic for the
  VLAN/FLAT networks will also be centralized but not tunneled.


Bug Fixes
*********

* 1986003 (https://bugs.launchpad.net/neutron/+bug/1986003) Fixed an
  issue with concurrent requests to activate the same port binding
  where one of the requests returned a 500 Internal Server Error. With
  the fix one request will return successfully and the other will
  return a 409 Conflict (Binding already active). This fixes errors in
  nova live-migrations where those concurrent requests might be sent.
  Nova handles the 409/Conflict response gracefully.

* Fix an issue in the OVN driver where network metadata could become
  unavailable if the metadata port was ever deleted, even if
  accidental. To re-create the port, a user can now disable, then
  enable, DHCP for one of the subnets associated with the network
  using the Neutron API. This will try and create the port, similar to
  what happens in the DHCP agent for ML2/OVS. For more information,
  see bug 2015377
  (https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/2015377).

* [bug 2003455 (https://bugs.launchpad.net/neutron/+bug/2003455)] As
  part of a previous commit
  (https://review.opendev.org/c/openstack/neutron/+/875644) the
  *redirect-type=bridged* option was set in all the router gateway
  ports (cr-lrp ovn ports). However this was breaking the N/S traffic
  for geneve tenant networks connected to the provider networks
  through those routers with the redirect-type option enabled. To fix
  this we ensure that the redirect-type option is only set if all the
  networks connected to the router are of VLAN or FLAT type, otherwise
  we fall back to the default option. This also means that if there is
  a mix of VLAN and geneve tenant networks connected to the same
  router, the VLAN traffic will be centralized (but not tunneled). If
  the traffic for the VLAN/FLAT needs to be distributed, then it
  should use a different router.

Changes in neutron 21.1.0..21.1.1
---------------------------------

1a711f399a Start metadata proxy even if IPv6 DAD fails
d3b403bfee Change RBAC relationship loading method to "joined"
8bf6f7f03c Revert "Delete sg rule which remote is the deleted sg"
8def3b694d [ovn] Avoid unwanted ACL_NOT_FOUND error when deleting log objects
004ed33ec1 Use explicit inner join for networks in port query
1529c0a297 [stable-only][ovn] Fix ovsdbapp db_set command for stable branches
2317295cf5 Fix not working use_random_fully config option
438e486451 docs: Deindent code blocks
039caabfe3 [S-RBAC] Fix new policies for FIP PFs APIs
ca942e9732 [S-RBAC] Get QoS rule types API available for READER role
9177e90db4 [S-RBAC] Fix new policies for get QoS rules APIs
1864dd8684 [OVN] Update ovn meter when neutron server reloads
876c681821 [S-RBAC] Get availability zone API available for READER role
55a3543aba [S-RBAC] Allow network owners to get ports from that network
e4cf8cc0a6 Delete sg rule which remote is the deleted sg
1c615281f7 Suppress IPv6 metadata DAD failure and delete address
9fa3ed4a84 Avoid retrieving ports if network list is empty
beaed42bd9 Replace context decorators with context managers
ecbb69522a Honor debug mode in keepalived-state-change script logs
0c18181ee9 Change flag check order in wait_until_address_ready()
0681f8b3ad OVN: Always try and create a metadata port on subnets
b43c9a6ec0 Do not check the context object in ``TestMeteringPlugin``
061eafdd81 [stable/zed only] Drop -master jobs
ec1a0e27dc Ensure redirect-type=bridged not used for geneve networks
bd0d2ae6f1 Fix concurrent port binding activate
f5d3ef2a23 Make path for tcpdump release-specific
ba7d18d634 Revert "Ensure vlan network traffic is not centralized"
d35fa4cdd3 [OVN] Explicitly define the fixed IPs for the metadata port
d0d8702e89 Fix default value for MTUs, when not provided
138a47bfd6 [OVS] Allow custom ethertype traffic in the ingress table
07855a6826 Delete the PB level registers when deleting the duplicated PB
0091a25ea6 Only create a frozen  Row on matching events
a415bb4c98 Ensure vlan network traffic is not centralized


Diffstat (except docs and test files)
-------------------------------------

devstack/plugin.sh                                 |   7 +-
...g-bgp-floating-ip-over-l2-segmented-network.rst | 420 +++++++------
.../internals/ovn/ovn_network_logging.rst          | 114 ++--
.../contributor/internals/ovn/port_forwarding.rst  | 110 ++--
.../contributor/testing/ci_scenario_jobs.rst       |  11 -
neutron/agent/l3/keepalived_state_change.py        |   1 -
neutron/agent/linux/dhcp.py                        |   3 +-
neutron/agent/linux/ip_lib.py                      |  19 +-
neutron/agent/linux/iptables_manager.py            |   7 +-
.../agent/linux/openvswitch_firewall/firewall.py   |  19 +
neutron/agent/metadata/driver.py                   |  41 +-
neutron/cmd/remove_duplicated_port_bindings.py     |  15 +-
neutron/common/_constants.py                       |   3 +
neutron/common/ovn/constants.py                    |   2 +
neutron/conf/agent/database/agentschedulers_db.py  |   4 +-
neutron/conf/policies/availability_zone.py         |   6 +-
neutron/conf/policies/base.py                      |  14 +
.../conf/policies/floatingip_port_forwarding.py    |  16 +-
neutron/conf/policies/port.py                      |   1 +
neutron/conf/policies/qos.py                       |  22 +-
neutron/db/db_base_plugin_v2.py                    |  13 +-
neutron/db/models/address_group.py                 |   2 +-
neutron/db/models/address_scope.py                 |   2 +-
neutron/db/models/securitygroup.py                 |   2 +-
neutron/db/models_v2.py                            |   6 +-
neutron/db/qos/models.py                           |   2 +-
neutron/objects/db/api.py                          |  18 +-
neutron/objects/ports.py                           |  16 +-
.../ml2/drivers/ovn/mech_driver/ovsdb/commands.py  |  34 ++
.../drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py  |   8 +
.../drivers/ovn/mech_driver/ovsdb/maintenance.py   |  86 ++-
.../drivers/ovn/mech_driver/ovsdb/ovn_client.py    | 185 +++++-
.../drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py   |   2 +-
.../drivers/ovn/mech_driver/ovsdb/ovsdb_monitor.py |   3 +-
neutron/plugins/ml2/plugin.py                      |   8 +
neutron/services/logapi/drivers/ovn/driver.py      |  54 +-
neutron/services/qos/qos_plugin.py                 |   4 +-
.../agent/l3/test_keepalived_state_change.py       |   4 +-
.../ovn/mech_driver/ovsdb/test_maintenance.py      |  40 ++
.../ovn/mech_driver/ovsdb/test_ovn_client.py       |  68 +++
.../drivers/ovn/mech_driver/test_mech_driver.py    |  44 +-
.../linux/openvswitch_firewall/test_firewall.py    |  22 +
.../unit/agent/linux/test_iptables_manager.py      |  34 ++
.../unit/conf/policies/test_availability_zone.py   |   6 -
.../policies/test_floatingip_port_forwarding.py    | 347 ++++++-----
.../ovn/mech_driver/ovsdb/test_maintenance.py      |  69 ++-
.../ovn/mech_driver/ovsdb/test_ovn_client.py       |  61 ++
.../drivers/ovn/mech_driver/test_mech_driver.py    |  65 +-
.../services/logapi/drivers/ovn/test_driver.py     |  75 +--
.../unit/services/metering/test_metering_plugin.py |  24 +-
.../notes/bug-1953165-6e848ea2c0398f56.yaml        |  16 +
.../notes/bug-1986003-9bf5ca04f9304336.yaml        |  10 +
...vn-recreate-metadata-port-76e2c0e651267aa0.yaml |  11 +
.../notes/redirect-type-f29e89ca97357fe9.yaml      |  24 +
zuul.d/base.yaml                                   |  24 -
zuul.d/job-templates.yaml                          |  16 -
zuul.d/tempest-multinode.yaml                      |  53 --
zuul.d/tempest-singlenode.yaml                     |  99 ----
79 files changed, 2401 insertions(+), 1602 deletions(-)

More information about the Release-announce mailing list