Newton Series Release Notes

14.2.3

New Features

• New variables have been added to allow a deployer to customize a neutron systemd unit file to their liking.

• The task dropping the neutron systemd unit files now uses the config_template action plugin allowing deployers access to customize the unit files as they see fit without having to load extra options into the defaults and polute the generic systemd unit file with jinja2 variables and conditionals.

• For the os_neutron role, the systemd unit TimeoutSec value which controls the time between sending a SIGTERM signal and a SIGKILL signal when stopping or restarting the service has been reduced from 300 seconds to 120 seconds. This provides 2 minutes for long-lived sessions to drain while preventing new ones from starting before a restart or a stop. The RestartSec value which controls the time between the service stop and start when restarting has been reduced from 150 seconds to 2 seconds to make the restart happen faster. These values can be adjusted by using the neutron_*_init_config_overrides variables which use the config_template task to change template defaults.

Upgrade Notes

• For the os_neutron role, the systemd unit TimeoutSec value which controls the time between sending a SIGTERM signal and a SIGKILL signal when stopping or restarting the service has been reduced from 300 seconds to 120 seconds. This provides 2 minutes for long-lived sessions to drain while preventing new ones from starting before a restart or a stop. The RestartSec value which controls the time between the service stop and start when restarting has been reduced from 150 seconds to 2 seconds to make the restart happen faster. These values can be adjusted by using the neutron_*_init_config_overrides variables which use the config_template task to change template defaults.

14.1.1

New Features

• Neutron SR-IOV can now be optionally deployed and configured. For details about the what the service is and what it provides, see the SR-IOV Installation Guide for more information.

14.0.7

New Features

• The filename of the apt source for the ubuntu cloud archive can now be defined with the variable uca_apt_source_list_filename.

14.0.2

Upgrade Notes

• The variables neutron_requirements_git_repo and neutron_requirements_git_install_branch have been removed in favour of using the URL/path to the upper-constraints file using the variable pip_install_upper_constraints instead.

14.0.0

New Features

• The os_neutron role now determines the default configuration for openvswitch-agent tunnel_types and the presence or absence of local_ip configuration based on the value of neutron_ml2_drivers_type. Deployers may directly control this configuration by overriding the neutron_tunnel_types variable .

• The os_neutron role now configures neutron ml2 to load the l2_population mechanism driver by default based on the value of neutron_l2_population. Deployers may directly control the neutron ml2 mechanism drivers list by overriding the mechanisms variable in the neutron_plugins dictionary.

• The LBaaSv2 service provider configuration can now be adjusted with the neutron_lbaasv2_service_provider variable. This allows a deployer to choose to deploy LBaaSv2 with Octavia in a future version.

• Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent should be enabled is now dynamically determined based on the neutron_plugin_type and the neutron_ml2_mechanism_drivers that are set. This aims to simplify the configuration of Neutron services and eliminate the need for deployers to override the entire neutron_services dict variable to disable these services.

• Neutron BGP dynamic routing plugin can now optionally be deployed and configured. Please see OpenStack Networking Guide: BGP dynamic routing for details about what the service is and what it provides.

• The Project Calico Neutron networking plugin is now integrated into the os_neutron role. This can be activated using the instructions located in the role documentation.

• The os_neutron role will now default to the OVS firewall driver when neutron_plugin_type is ml2.ovs and the host is running Ubuntu 16.04 on PowerVM. To override this default behavior, deployers should define neutron_ml2_conf_ini_overrides and ‘neutron_openvswitch_agent_ini_overrides’ in ‘user_variables.yml’. Example below

  neutron_ml2_conf_ini_overrides:
    securitygroup:
      firewall_driver: neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
  neutron_openvswitch_agent_ini_overrides:
    securitygroup:
      firewall_driver: iptables_hybrid
  

• Neutron VPN as a Service (VPNaaS) can now optionally be deployed and configured. Please see the OpenStack Networking Guide for details about the what the service is and what it provides. See the VPNaaS Install Guide for implementation details.

• Support for Neutron distributed virtual routing has been added to the os_neutron role. This includes the implementation of Networking Guide’s suggested agent configuration. This feature may be activated by setting neutron_plugin_type: ml2.ovs.dvr in /etc/openstack_deploy/user_variables.yml.

• Open vSwitch driver support has been implemented. This includes the implementation of the appropriate Neutron configuration and package installation. This feature may be activated by setting neutron_plugin_type: ml2.ovs in /etc/openstack_deploy/user_variables.yml.

• The os_neutron role now supports the ability to configure whether apt/yum tasks install the latest available package, or just ensure that the package is present. The default action is to ensure that the latest package is present. The action taken may be changed to only ensure that the package is present by setting neutron_package_state to present.

• The LBaaSv2 device driver is now set by the Ansible variable neutron_lbaasv2_device_driver. The default is set to use the HaproxyNSDriver, which allows for agent-based load balancers.

• A new variable is supported in the neutron_services dictionary called service_conf_path. This variable enables services to deploy their config templates to paths outside of /etc/neutron by specifying a directory using the new variable.

Upgrade Notes

• Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge Agent should be enabled is now dynamically determined based on the neutron_plugin_type and the neutron_ml2_mechanism_drivers that are set. This aims to simplify the configuration of Neutron services and eliminate the need for deployers to override the entire neutron_services dict variable to disable these services.

• Database migration tasks have been added for the dynamic routing neutron plugin.

• As described in the Mitaka release notes Neutron now correctly calculates for and advertises the MTU to instances. The default DHCP configuration to advertise an MTU to instances has therefore been removed from the variable neutron_dhcp_config.

• As described in the Mitaka release notes Neutron now correctly calculates for and advertises the MTU to instances. As such the neutron_network_device_mtu variable has been removed and the hard-coded values in the templates for advertise_mtu, path_mtu, and segment_mtu have been removed to allow upstream defaults to operate as intended.

• The variable neutron_agent_mode has been removed from the os_neutron role. The appropriate value for l3_agent.ini is now determined based on the neutron_plugin_type and host group membership.

• The variable neutron_linuxbridge has been removed as it is no longer used.

• The variable neutron_driver_interface has been removed. The appropriate value for neutron.conf is now determined based on the neutron_plugin_type.

• The variable neutron_driver_firewall has been removed. The appropriate value for neutron.conf is now determined based on the neutron_plugin_type.

• The variable neutron_ml2_mechanism_drivers has been removed. The appropriate value for ml2_conf.ini is now determined based on the neutron_plugin_type.

• The Neutron L3 Agent configuration for the handle_internal_only_routers variable is removed in order to use the Neutron upstream default setting. The current default for handle_internal_only_routers is True, which does allow Neutron L3 router without external networks attached (as discussed per https://bugs.launchpad.net/neutron/+bug/1572390).

• Installation of neutron and its dependent pip packages will now only occur within a Python virtual environment. The neutron_venv_enabled, neutron_venv_bin, neutron_non_venv_lib_dir and neutron_venv_lib_dir variables have been removed.

• The variable neutron_apt_packages has been renamed to neutron_distro_packages.

• The variable neutron_lbaas_apt_packages has been renamed to neutron_lbaas_distro_packages.

• The variable neutron_vpnaas_apt_packages has been renamed to neutron_vpnaas_distro_packages.

• The variable neutron_apt_remove_packages has been renamed to neutron_remove_distro_packages.

• The os_neutron role always checks whether the latest package is installed when executed. If a deployer wishes to change the check to only validate the presence of the package, the option neutron_package_state should be set to present.

• LBaaSv1 has been removed from the neutron-lbaas project in the Newton release and it has been removed from OpenStack-Ansible as well.

• The database create and user creates have been removed from the os_neutron role. These tasks have been relocated to the playbooks.

• The Neutron HA tool written by AT&T is no longer enabled by default. This tool was providing HA capabilities for networks and routers that were not using the native Neutron L3HA. Because native Neutron L3HA is stable, compatible with the Linux Bridge Agent, and is a better means of enabling HA within a deployment this tool is no longer being setup by default. If legacy L3HA is needed within a deployment the deployer can set neutron_legacy_ha_tool_enabled to true to enable the legacy tooling.

• Neutron now makes use of Ubuntu Cloud Archive by default. This can be disabled by setting neutron_uca_enable to False.

Deprecation Notes

• The Neutron HA tool written by AT&T has been deprecated and will be removed in the Ocata release.

Bug Fixes

• When upgrading it is possible for an old neutron-ns-metadata-proxy process to remain running in memory. If this happens the old version of the process can cause unexpected issues in a production environment. To fix this a task has been added to the os_neutron role that will execute a process lookup and kill any neutron-ns-metadata-proxy processes that are not running the current release tag. Once the old processes are removed the metadata agent running will respawn everything needed within 60 seconds.