Xena Series Release Notes¶
Support for the extensions
subnet_dns_publish_fixed_ipbelonging to the DNS integration is now properly announced by the OVN driver. See bug 1947127
Enforce policy for ‘qos_policy_id’ attribute of Floating IP so only authorized users can set/unset it. For more info see bug LP#1957175.
Changes the API behaviour while using OVN driver to enforce that it’s not possible to delete all the IPs from a router port. For more info see bug LP#1948457
For IPv4 subnets when dns_nameservers is not set in the subnet, servers defined in ‘ovn/dns_servers’ config option or system’s resolv.conf are used, but for IPv6 subnets these are not used. The same will now be used for IPv6 subnets too. Additionally dns servers added in ‘ovn/dns_servers’ config option or system’s resolv.conf will be filtered as per the subnet’s IP version. For more info see the bug report 1951816.
OVN mechanism driver allows only to have one physical network per bridge.
The agent reporting state to the server now uses a RPC timeout set to the report_interval configuration option value. See 1948676.
noauthauth_strategy is used, neutron no longer requires a resource creation request to include a dummy ‘project_id’ in request body. A default project_id
fake_project_idwould be populated automatically in that case and would make the use of
Neutron supports creating IPv4 subnet with prefixlen /31 and /32, via disabling dhcp on a subnet. For more information, see bug 1580927.
Added a new OVS agent extension
dhcpto support distributed DHCP for VMs in compute nodes directly. To enable this just set
extensions=dhcpto OVS agent config file under
[agent]section. We also add a new config section
[dhcp]which has options
enable_ipv6 = True/Falsefor indicating whether enable the DHCPv6 for VM ports.
<user_id>can be used in the network’s, port’s and floating IP’s
dns_domainattribute. Those special keywords will be replaced by the corresponding data from the request context. With that cloud admin can define dns_domain for shared network and ports which belongs to the other projects in the way that each project can use separate DNS zones which needs to be pre-created by users. To enable this feature
dns_domain_keywordsML2 plugin extension has to be enabled in the Neutron config. Enabling multiple dns_integration extensions at the same time leads to an error.
Neutron supports ECMP routes now, with this change, neutron will consolidate multiple routes with the same destination address into a single ECMP route. For more information see bug 1880532.
A new quota driver is added:
DbQuotaNoLockDriver. This driver, unlike
DbQuotaDriver, does not create a unique lock per (resource, project_id). That may lead to a database deadlock state if the number of server requests exceeds the number of resolved resource creations, as described in LP#1926787. This driver relays on the database transactionality isolation and counts the number of used and reserved resources and, if available, creates the new resource reservations in one single database transaction.
Added two new API methods to
get_resource_usagereturns the current resource usage.
quota_limit_checkchecks the current resource usage of several resources against a set of deltas (a dictionary of resource names and resource counters).
Adds support for Network Availability Zones to the OVN driver. When Network AZ is used, OVN’s “external” ports will now be scheduled onto nodes belonging to the AZs specified in the network that the port belongs to. This feature also removes the limitation where all “external” ports were part of to a single HA Chassis Group (meaning they would all be bond to a single host) now the “external” ports will be better distributed across different hosts.
Support stateless security groups with the latest OVN 21.06+. The stateful=False security groups are mapped to the new “allow-stateless” OVN ACL verb.
Added new API extension to QoS service plugin to support CRUD actions for packet rate limit (packet per second) rule in Neutron server side.
port.mac_addressfield is sanitized to have a common format “xx:xx:xx:xx:xx:xx”. The values stored in the database can be sanitized executing the new script provided
neutron-sanitize-port-mac-addresses. This script will read all
portregisters and fix, if needed, the stored MAC address format. The
portAPI is also modified to sanitize the user input. This change was added to neutron-lib 2.12.0 in 788300.
SR-IOV agent now can handle ports from different networks with the same MAC addresses. This feature implies an upgrade in the agent and the server RPC version (see
neutron.plugins.ml2.rpc.RpcCallbacksversion 1.9). Some agent RPC methods have been updated to pass not only the device MAC address but the PCI slot too. In case of having more than one port with the same MAC address, the PCI slot will discriminate the requested port.
Reject any router route or gateway update if not all route nexthops have connectivity with any gateway subnets CIDRs; in other words, all route nexthops IP addresses should belong to one gateway subnet CIDR.
When using the minimim-bandwidth QoS feature due to bug https://launchpad.net/bugs/1921150 physical NIC resource providers were for some time created with the wrong parent (i.e. the hypervisor RP). This is now partially fixed and new resource providers are created now with the expected parent (i.e. the agent RP). However Placement does not allow re-parenting an already existing resource provider, therefore the following Placement DB update may be needed after the fix for bug 1921150 is applied: neutron/tools/bug-1921150-re-parent-device-rps.sql Until all resource providers have the proper parent, neutron-server will retry the re-parenting update, which will be rejected every time, therefore expect polluted logs and some wasted load on Placement. However please note that the bandwidth-aware scheduling is supposed to work even with the wrongly parented resource providers.
When using Linux Bridge mechanism driver in newer operating systems that use
nftablesby default, it is needed to switch back to the legacy tool, as documented in the admin documentation for
Linux bridge mechanism driver.
The way the ML2 plugin filters out API extensions which are not supported by loaded mechanism drivers has changed. Before, the API extension was on the list if at least one of the mechanism drivers supported it, but now the extension needs to be supported by all the mechanism drivers. If at least one of them filters it out, it will be removed from the final list of enabled API extensions. Currently, only the OVN mechanism driver is filtering out some of the ML2 API extensions, thus if that mechanism driver is loaded in Neutron with any other mechanism driver, the list of the enabled API extensions may be smaller than it was before.
The configuration options for XenAPI support has been removed, because these options were already ineffective.
Both the server and the agent RPC versions have been bumped to 1.9; to provide a smooth upgrade transition, the Upgrade Procedure should be followed, upgrading first the servers and then the agents. The agent RPC methods returned values are not modified to keep compatibility with other agents (Linux Bridge, Open vSwitch). The RPC server side is capable of attending calls from agent API < 1.9, in order to provide backwards compatibility. If the device PCI slot is not provided, the behavior will be the previous one.
The following parameters in the
designatesection have been deprecated and will be removed in a future release. The
[designate] auth_typeparameter and required keystoneauth parameters should be used instead.
Fix bug 1939733 by dropping from the dhcp extra option values everything what is after first newline (
\n) character before passing them to the dnsmasq.
Report external dns service OverQuota exception as new neutron ConflictException (409) i.e. ExternalDNSOverQuota. Report the failure as “External DNS Quota exceeded for resources: recordset”.
Ensures that OVN’s mechanism driver does not start when
[ml2_type_geneve]/max_header_sizeis set below the required 38. LP#1868137
Introduced config option for RPC agent step size customization: rpc_resources_processing_step - Number of resources for neutron to divide the large RPC call data sets. It can be reduced if RPC timeout occurred. Default value equals 20. The best value can be determined empirically in your environment.
resource_provider_defualt_hypervisoroption has been added, to replace the default hypervisor name to locates the root resource provider without giving a complete list of interfaces or bridges in the
resource_provider_hypervisorsoption. This option is located in the
Neutron resource tags can now be 255 characters long, previously resource tags was limited to 60 characters.