Victoria Series Release Notes¶

17.0.0-32¶

Even with the “igmp_snooping_enable” configuration option stating that traffic would not be flooded to unregistered VMs when this option was enabled, the ML2/OVN driver didn’t follow that behavior. This has now been fixed and ML2/OVN will no longer flood traffic to unregistered VMs when this configuration option is set to True.

Fixed MAC learning issue when ovs offload enabled. OVS firewall reduce the usage of normal actions to reduce cpu utilization. This causing flood rule because there is no MAC learning on ingress traffic. While this ok for none offload case, when using ovs offload flood rule is not offloaded. This fix the MAC learning in the offload, so we avoid flood rule. #1897637.

Added support for floating IPs port forwarding in OVN.

A new configuration option http_retries was added. This option allows configuring the number of times the nova or ironic client should retry on a failed HTTP call.

New config option keepalived_use_no_track was added. If keepalived version used on the deployment does not support no_track flag in its config file (e.g. keepalived 1.x), this option should be set to False. Default value of this option is True.

The dns-assignment will reflect the dns-domain defined in the network or sent by user when creating the port using –dns-domain rather than just take the dns-domain defined in the neutron configuration

Make the metadata service available over the IPv6 link-local address fe80::a9fe:a9fe. Metadata over IPv6 works on both isolated networks and networks with an IPv6 subnet connected to a Neutron router as well as on dual-stack and on IPv6-only networks. There are no new config options. The usual config options (enable_isolated_metadata, force_metadata, enable_metadata_proxy) now control the metadata service over both IPv4 and IPv6. This change only affects the guests’ access to the metadata service over tenant networks. This feature changes nothing about how the metadata-agent talks to Nova’s metadata service. The guest OS is expected to pick up routes from Router Advertisements for this feature to work on networks connected to a router. At least the following IPv6 subnet modes work:
- --ipv6-ra-mode slaac --ipv6-address-mode slaac
- --ipv6-ra-mode dhcpv6-stateless --ipv6-address-mode dhcpv6-stateless
- --ipv6-ra-mode dhcpv6-stateful --ipv6-address-mode dhcpv6-stateful
Please note that the metadata IPv6 address (being link-local) is not complete without a zone identifier (in a Linux guest that is usually the interface name concatenated after a percent sign). Please also note that in URLs you should URL-encode the percent sign itself. For example, assuming that the primary network interface in the guest is eth0 the base metadata URL is http://[fe80::a9fe:a9fe%25eth0]:80/.

Added support for router availability zones in OVN. The OVN driver can now read from the router’s availability_zone_hints field and schedule router ports accordingly with the given availability zones.

A previous change to set neutron-server child process names also modified neutron agent ones. This can impact monitoring systems relying on /proc/PID/environ formatting or ps -e output. Now neutron agents all have process names formatted this way (showing both an old style process name and full process name visible in recent releases) neutron-agent-name (original process name including interpreter)

See bug 1881297 for more details.

The configuration option firewall_driver is no longer used by neutron-server, it only applies to the L2 agent. This was required for backward-compatibility for hybrid plugging, but since the Newton release the L2 agent has been able to report hybrid plugging is needed in it’s report message back to the server.

Limit the ML2 VLAN allocations to [1, 4094] values in the database engine. This constraint, enforced in the database engine, could not be supported yet. In this case, it will be ignored. For more information, see the note in neutron.db.migration.alembic_migrations.versions.victoria.expand.dfe425060830_limit_vlan_allocation_id_values.py.

The metadata over IPv6 feature makes each dhcp-agent restart trigger a quick restart of dhcp-agent-controlled metadata-proxies, so they can pick up their new config making them also bind to fe80::a9fe:a9fe. These restarts make the metadata service transiently unavailable. This is done in order to enable the metadata service on pre-existing isolated networks during an upgrade. Please also note that pre-existing instances may need to re-acquire all information acquired over Router Discovery and/or DHCP for this feature to start working.

The default value for the metadata_workers configuration option has changed to 2 for the ML2/OVN driver. For ML2/OVS the default value remains the same. Each driver has different approaches when serving metadata to the instances and the previous default value of “<number of CPUs> / 2” did not make sense for ML2/OVN as the OVN metadata agents are distributed running on Compute nodes instead of Controller nodes. In fact, the previous default value could cause scalability issues with ML2/OVN and was overwritten by the deployment tools to avoid problems.

Monitoring tools relying on exact process names should be checked after upgrade, and modified if needed.

Abstract method plug_new from the neutron.agent.linux.interface.LinuxInterfaceDriver class now accepts an optional parameter link_up. Usage of this method, which takes from 5 to 9 positional arguments, without link_up is now deprecated and will not be possible starting in the W release. Third-party drivers which inherit from this base class should update the implementation of their plug_new method.

Deprecate the use of remote_ip_prefix in metering label rules, and it will be removed in future releases. One should use instead the source_ip_prefix and/or destination_ip_prefix parameters. For more details, please refer to the spec: https://review.opendev.org/#/c/744702/.

Terminology such as master and slave have been replaced with more inclusive words, such as primary and backup wherever possible.

The configuration option vnic_type_blacklist has been deprecated for both the OpenvSwitch and SRIOV mechanism drivers, and replaced with vnic_type_prohibit_list. They will be removed in a future release.

1671448 Access for Neutron quotas now governed using standard configurable RBAC policies: ‘get_quota’, ‘update_quota’, ‘delete_quota’

1875981 Neutron now correctly removes associated DNS records when an admin deletes ports, servers or floation IPs.

Fixed bug 1876092 which caused DUP ICMP replies on the flat networks used with DVR routers.

Fixed an issue where the client on a dual-stack (IPv4 + IPv6) network failed to get configuration from the dnsmasq DHCP server. See bug: 1876094.

When uplink-status-propagation extension is enabled, new ports created will default the value of propagate_uplink_status to True.