settingsLogin | Registersettings

[openstack-announce] [new][openstackansible] openstack-ansible-os_neutron 14.0.0 release (newton)

0 votes

We are jazzed to announce the release of:

openstack-ansible-osneutron 14.0.0: osneutron role for OpenStack-

This release is part of the newton release series.

Download the package from:

For more details, please see below.


New Features

  • The "osneutron" role now determines the default configuration for
    openvswitch-agent "tunnel
    types" and the presence or absence of
    "localip" configuration based on the value of
    ml2driverstype". Deployers may directly control this
    configuration by overriding the "neutrontunneltypes" variable .

  • The "osneutron" role now configures neutron ml2 to load the
    population" mechanism driver by default based on the value of
    "neutronl2population". Deployers may directly control the neutron
    ml2 mechanism drivers list by overriding the "mechanisms" variable
    in the "neutron_plugins" dictionary.

  • The LBaaSv2 service provider configuration can now be adjusted
    with the "neutronlbaasv2service_provider" variable. This allows a
    deployer to choose to deploy LBaaSv2 with Octavia in a future

  • Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge
    Agent should be enabled is now dynamically determined based on the
    "neutronplugintype" and the "neutronml2mechanismdrivers" that
    are set. This aims to simplify the configuration of Neutron services
    and eliminate the need for deployers to override the entire
    services" dict variable to disable these services.

  • Neutron BGP dynamic routing plugin can now optionally be deployed
    and configured. Please see OpenStack Networking Guide: BGP dynamic
    routing (
    dynamic-routing.html) for details about what the service is and what
    it provides.

  • The Project Calico Neutron networking plugin is now integrated
    into the "os_neutron" role. This can be activated using the
    instructions located in the role documentation.

  • The "osneutron" role will now default to the OVS firewall driver
    when "neutron
    plugintype" is "ml2.ovs" and the host is running
    Ubuntu 16.04 on PowerVM. To override this default behavior,
    deployers should define "neutron
    ml2confinioverrides" and
    openvswitchagentinioverrides' in 'uservariables.yml'.
    Example below

    firewalldriver: neutron.agent.linux.iptablesfirewall.OVSHybridIptablesFirewallDriver
    firewalldriver: iptableshybrid

  • Neutron VPN as a Service (VPNaaS) can now optionally be deployed
    and configured. Please see the OpenStack Networking Guide
    ( for details
    about the what the service is and what it provides. See the VPNaaS
    Install Guide (
    network-service-optional) for implementation details.

  • Support for Neutron distributed virtual routing has been added to
    the "osneutron" role. This includes the implementation of
    Networking Guide's suggested agent configuration. This feature may
    be activated by setting "neutron
    plugintype:" in

  • Open vSwitch driver support has been implemented. This includes
    the implementation of the appropriate Neutron configuration and
    package installation. This feature may be activated by setting
    "neutronplugintype: ml2.ovs" in

  • The osneutron role now supports the ability to configure whether
    apt/yum tasks install the latest available package, or just ensure
    that the package is present. The default action is to ensure that
    the latest package is present. The action taken may be changed to
    only ensure that the package is present by setting
    package_state" to "present".

  • The LBaaSv2 device driver is now set by the Ansible variable
    "neutronlbaasv2device_driver". The default is set to use the
    "HaproxyNSDriver", which allows for agent-based load balancers.

  • A new variable is supported in the "neutronservices" dictionary
    called "service
    conf_path". This variable enables services to deploy
    their config templates to paths outside of /etc/neutron by
    specifying a directory using the new variable.

Upgrade Notes

  • Whether the Neutron DHCP Agent, Metadata Agent or LinuxBridge
    Agent should be enabled is now dynamically determined based on the
    "neutronplugintype" and the "neutronml2mechanismdrivers" that
    are set. This aims to simplify the configuration of Neutron services
    and eliminate the need for deployers to override the entire
    services" dict variable to disable these services.

  • Database migration tasks have been added for the dynamic routing
    neutron plugin.

  • As described in the Mitaka release notes
    ( Neutron
    now correctly calculates for and advertises the MTU to instances.
    The default DHCP configuration to advertise an MTU to instances has
    therefore been removed from the variable "neutrondhcpconfig".

  • As described in the Mitaka release notes
    ( Neutron
    now correctly calculates for and advertises the MTU to instances. As
    such the "neutronnetworkdevicemtu" variable has been removed and
    the hard-coded values in the templates for "advertise
    "pathmtu", and "segmentmtu" have been removed to allow upstream
    defaults to operate as intended.

  • The variable "neutronagentmode" has been removed from the
    "osneutron" role. The appropriate value for "l3agent.ini" is now
    determined based on the "neutronplugintype" and host group

  • The variable "neutron_linuxbridge" has been removed as it is no
    longer used.

  • The variable "neutrondriverinterface" has been removed. The
    appropriate value for "neutron.conf" is now determined based on the

  • The variable "neutrondriverfirewall" has been removed. The
    appropriate value for "neutron.conf" is now determined based on the

  • The variable "neutronml2mechanismdrivers" has been removed. The
    appropriate value for ml2
    conf.ini is now determined based on the

  • The Neutron L3 Agent configuration for the
    handleinternalonlyrouters variable is removed in order to use the
    Neutron upstream default setting. The current default for
    internalonlyrouters is True, which does allow Neutron L3
    router without external networks attached (as discussed per

  • Installation of neutron and its dependent pip packages will now
    only occur within a Python virtual environment. The
    "neutronvenvenabled", "neutronvenvbin",
    "neutronnonvenvlibdir" and "neutronvenvlib_dir" variables have
    been removed.

  • The variable "neutronaptpackages" has been renamed to

  • The variable "neutronlbaasaptpackages" has been renamed to

  • The variable "neutronvpnaasaptpackages" has been renamed to

  • The variable "neutronaptremovepackages" has been renamed to

  • The osneutron role always checks whether the latest package is
    installed when executed. If a deployer wishes to change the check to
    only validate the presence of the package, the option
    package_state" should be set to "present".

  • LBaaSv1 has been removed from the "neutron-lbaas" project in the
    Newton release and it has been removed from OpenStack-Ansible as

  • The database create and user creates have been removed from the
    "os_neutron" role. These tasks have been relocated to the playbooks.

  • The Neutron HA tool written by AT&T is no longer enabled by
    default. This tool was providing HA capabilities for networks and
    routers that were not using the native Neutron L3HA. Because native
    Neutron L3HA is stable, compatible with the Linux Bridge Agent, and
    is a better means of enabling HA within a deployment this tool is no
    longer being setup by default. If legacy L3HA is needed within a
    deployment the deployer can set neutronlegacyhatoolenabled to
    true to enable the legacy tooling.

  • Neutron now makes use of Ubuntu Cloud Archive by default. This can
    be disabled by setting "neutronucaenable" to "False".

Deprecation Notes

  • The Neutron HA tool written by AT&T has been deprecated and will
    be removed in the Ocata release.

Bug Fixes

  • When upgrading it is possible for an old "neutron-ns-metadata-
    proxy" process to remain running in memory. If this happens the old
    version of the process can cause unexpected issues in a production
    environment. To fix this a task has been added to the os_neutron
    role that will execute a process lookup and kill any "neutron-ns-
    metadata-proxy" processes that are not running the current release
    tag. Once the old processes are removed the metadata agent running
    will respawn everything needed within 60 seconds.

Changes in openstack-ansible-os_neutron 13.0.0..14.0.0

9852008 Remove 'ignoreerrors: true' in favor of 'failedwhen: false'
259423e Set calico wheel name for pypkgs lookup
a9aeb12 Calico is now Felix... who knew?!
8cc4b94 Update tox.ini tests target for stable/newton
81a1613 Revert dynamic include for inventory-based conditionals
b16c56a Fix dhcp-agent-list-hosting-net race condition
9588492 Update UPPER
CONSTRAINTSFILE for stable/newton
4f8d226 Update ansible-role-requirements to stable/newton
2fbe6e7 Fix race condition on starting services
e45f77a Use centralised test scripts
3562b0c Update default git branch to stable/newton
be35547 Add conditional around the pid clean up process
2848049 Update .gitreview for stable/newton
58bf83c Use openstack-ansible-tests and ansible 2.1.1
370989b Force Ansible to use dynamic includes
f6457c3 Update paste, policy and rootwrap configurations 2016-09-20
8bd11ef Update home page link in cfg file
f95ff25 Use common log commands for calico tox config
74f2f98 Update paste, policy and rootwrap configurations 2016-09-16
090ab22 Wait for net to be fully instantiated
085713a Add functional testing for Calico
7fdd2a2 Add container logs to the build
4843684 Remove Calico qemu configuration
b88e2de Update paste, policy and rootwrap configurations 2016-09-08
3a8b9ff Ensure the nets, subnets and ports are present
52b66dd Compress test execution logs
baf636e [DOC] Fix the OVS config file in docs
760dab2 [Docs] Update LBaaSv2 docs for horizon
91a5eff Update paste, policy and rootwrap configurations 2016-08-25
72eea60 Rename package lists (and related vars) appropriately
132402f Enable log collection after functional testing
ea0b035 Open vSwitch documentation in Neutron Role
03993a6 Rename remaining references to the neutron
lbaasv2agent group
f9975ac Add the BGP dynamic routing neutron plugin
a0b5c6b Project Calico integration
b94bd9a Update plumgrid plugin installation from pip to deb
ed0836f Make all linting tests use upper-constraints
0c7fad3 Add SNI support via OS packages for os
8f9b32e [DOCS] Moving networking content to neutron role docs
0db3471 Updated from global requirements
5772632 [DOCS] Add links to README; minor restructure
ba878cc Add python packages for SNI support in tests
92bc3ba Move other-requirements.txt to bindep.txt
b1674b6 [DOCS] Move over the Neutron Plugins docs
1b8ad7b Update paste, policy and rootwrap configurations 2016-08-15
31a0386 Revert "Add missing packages required for online DB migrations"
4e5dc52 Add missing packages required for online DB migrations
5250cd4 Consolidate Neutron config path in to a single var
e604e86 Include ansible commands for ansible linting
67bd7bb Ignore the .vagrant directory
f9d40a5 Allow Neutron services to specify config path
f02f040 Fix oslo messaging deprecation
a597bf0 Disable stderr logging
a3a7992 Add project group to role
a8f6cf9 Add ability to change apt/yum package state
2b305ed Ensure that mode is a string
5bbf93c Fix ansible performance issue
e70cd91 Fix bug in RPC config that broke Rabbit SSL support
b86d292 Configure qos extension in openvswitchagent.ini
a70051a Ensure that doc linting is included in the linters test
a867d0e Provide default for rabbitmq telemetry password
5b44c5b Make LBaaSv2 service
provider configurable
dd64d9e Reduce tox.ini config duplication
1ecde3e Allow configuration of multiple rabbit clusters
13b41a3 Remove LBaaSv1
461788f Enable higher performance I/O through
0bc2e4f Define keystone region name.
eb0bb51 Adding funcovs tox environment for neutron ovs testing
ec9d44a Optimise pip install tasks
0bdaa8c Support for Open vSwitch Distributed Virtual Routing
1240dd0 Move UCA repo URL var to role defaults
30899b8 Fix handler case where no old process is found
d599df2 Use plugins repo version of the human
log callback plugin
4d26e4a Check host groupnames for group membership
7a3bb12 Updated from global requirements
813fe65 Remove duplicates from .gitignore
46474f2 Update paste, policy and rootwrap configurations 2016-07-14
667f746 Remove duplicate task for sudoers template
c24f01f Implement doc8 checks for docs
7c275ee Update sphinx configuration
744270e Cleanup/standardize usage of tags
4918c7f Deprecate the deployment of the AT&T neutron HA tool
9a34f27 Remove static log-file parameter from init
c2f9590 Rely on namespaced vars for rabbitmq
163a8ea Update the virtualenv paths only when we have a new venv
c447d00 Switch to backticks in release note
0b87211 Use UCA for non-OVS neutron
c357ce1 Update tox configuration
e5a67a7 Only install to virtual environment
86fc72b Cleanup metadata-proxy when old versions are present
0035646 Fix ansible-lint complaint about directory permissions
1708097 Remove service
group entry from all neutronservices dicts
f9267ff Remove neutron
overlaynetwork var from osneutron role
9dc2f14 Remove ismetal var from osneutron role
4575b8e Removed unused variable
1f29cdc Implement standardised Ubuntu Cloud Archive repo vars
18a9491 Clarify the default for neutronvxlangroup
3344d75 Add missing xenial to meta.yml
30439c2 Dynamic Neutron OVS agent tunneltypes and localip config
a34729a Adding Vagrantfile for local development/testing
a246b5c Configure ml2 firewall driver "iptableshybrid" for OVS
38f5ea9 Fix executor
threadpoolsize typo
e349ad0 Remove enabletunneling config from openvswitchagent.ini
147c7f0 Correct Openvswitch bridgemappings configuration
387c46e Clean up container cache prep in tests
f35213b Pin test-requirements to match OpenStack requirements
b3fa6b4 Address Ansible bare variable usage
357e543 Use default metadata
backlog value from Neutron
063824e Remove piplockdown dependency
e572680 Add metadata checksum fix for AIO-type networks configs
3794674 Updated multi-distro setup for isolation
9654663 Update paste, policy and rootwrap configurations 2016-06-02
dcb0fff Consistency for multi-os in the includes
8e461be Neutron 16.04 support
0795d6d Update plumlib template to support python-keystoneclient v1.7.0 and above
cf5a0f2 Remove unnecessary overrides of service variables
68ea882 Update classpath for FWaaS driver
7bb0a5a Update paste, policy and rootwrap configurations 2016-05-19
c44b0b1 More MTU cleanups for Neutron
2629d0b Updated role using the Multi-Distro framework
e3e2f63 Verbose option has been deprecated from oslo.log
273cef6 Stop configuring neutron to enforce DHCP MTU option
656a976 Implementing neutronopenvswitchagent
34ed097 Removed the db create tasks
1e397c3 Remove task to cleanup checksum rules script
018d336 Add .swp files to .gitignore
5ce4d64 Change pip install task state to 'latest'
7ffbc5a Remove pyfromgit role
c15dcba Use upstream neutron default for handleinternalonlyrouters
d13c448 Add dependencies for paramiko 2.0
9a3022d Missing init script of VPNaaS
d9477c5 Update paste, policy and rootwrap configurations 2016-04-22
61e6192 Ansible 2.x - Address deprecation warning of bare variables
f7a7e14 removed duplicate key
218563e Remove Liberty releasenote index
a277ebd Update os
neutron to handle newton migrations
e4ba265 Correct Neutron VPNaaS serviceprovider config entry
56cff84 Dynamically determine whether Neutron Agents should be enabled
94994ef Add options to auto enable VPNaaS
8416a65 blacklist Ansible 1.9.6
239f58d Fix missing 'qos' in extension drivers
0203066 Fix neutron lbaasv2 upstart init scrtipt placement
b28687f Update min
ansible_version to 1.9
8a9719d Add reno scaffolding for release notes management
759d043 Nuage neutron plugin ansible changes
7b7820f Update paste, policy and rootwrap configurations 2016-04-03
3bc4de9 Switch defaults/tests to use master branch
30bc02a Neutron test cleanup
4eee5af Remove iptables checksum rule script

Diffstat (except docs and test files)

.gitignore | 7 +
.gitreview | 1 +
README.rst | 25 +-
Vagrantfile | 31 ++
bindep.txt | 41 +++
defaults/main.yml | 333 ++++++++++++++-------
examples/playbook.yml | 7 +
files/post-up-checksum-rules | 42 ---
files/post-up-metadata-checksum | 37 +++
files/rootwrap.d/dhcp.filters | 1 +
files/rootwrap.d/functional-testing.filters | 35 ---
files/rootwrap.d/linuxbridge-plugin.filters | 7 +-
files/rootwrap.d/vpnaas.filters | 2 +
handlers/main.yml | 22 +-
library/neutronmigrationsfacts | 19 +-
manual-test.rc | 33 ++
meta/main.yml | 17 +-
other-requirements.txt | 16 -
releasenotes/notes/.placeholder | 0
.../dynamictunneltypes-3eb1aa46a0ca9a19.yaml | 12 +
...2-service-provider-config-57d394bdc64f632e.yaml | 5 +
.../metadata-proxy-cleanup-eed6ff482035dc83.yaml | 10 +
...tron-agent-dynamic-enable-47f0c709ef0dfe55.yaml | 15 +
.../notes/neutron-bgp-552e6e1f6d37f38d.yaml | 9 +
.../notes/neutron-dhcp-mtu-8767de6f541b04c1.yaml | 8 +
.../neutron-mtu-cleanup-ce73693b4f7aef0d.yaml | 9 +
...neutron-networking-calico-b05b08f989f768ee.yaml | 5 +
.../neutron-ovs-powervm-116662f169e17175.yaml | 18 ++
.../notes/neutron-vpnaas-5c7c6508f2cc05c5.yaml | 8 +
.../notes/neutronovsdvr-7fca77cac0545441.yaml | 11 +
.../openvswitch-support-1b71ae52dde81403.yaml | 14 +
...dleinternalonlyrouters-e46092d6f1f7c4b0.yaml | 7 +
...neutron-only-install-venv-ca3bf63ed0507e4b.yaml | 6 +
...package-list-name-changes-a86f7e7c805c2d81.yaml | 10 +
.../notes/package-state-fb7d26a4b7c41a77.yaml | 13 +
.../notes/remove-lbaasv1-26044c48b5d3b508.yaml | 8 +
.../removed-db-create-tasks-eed527e915f23ee0.yaml | 5 +
.../removed-neutron-ha-tool-dd7a4717e03163f9.yaml | 13 +
.../notes/service-conf-path-b27cab31dbc72ad4.yaml | 6 +
.../notes/use-uca-by-default-070751b0b388fcbe.yaml | 4 +
static/.placeholder | 0
releasenotes/source/templates/.placeholder | 0
releasenotes/source/ | 281 +++++++++++++++++
releasenotes/source/index.rst | 9 +
releasenotes/source/mitaka.rst | 6 +
releasenotes/source/unreleased.rst | 5 +
setup.cfg | 2 +- | 11 +-
config.yml | 47 +++
tasks/calicoinit.yml | 42 +++
tasks/main.yml | 92 +++++-
check.yml | 23 --
tasks/neutrondbsetup.yml | 69 +----
tasks/neutroninit.yml | 134 +++++++++
initcommon.yml | 27 ++
initsystemd.yml | 53 ++++
initupstart.yml | 28 ++
install-apt.yml | 114 +++++++
tasks/neutroninstall.yml | 163 ++--------
l3ha.yml | 20 --
lbaas.yml | 49 ---
tasks/neutronml2ovspowervm.yml | 26 ++
postinstall.yml | 121 +++-----
preinstall.yml | 34 +--
serviceadd.yml | 107 -------
servicesetup.yml | 86 +++++-
upstartcommoninit.yml | 46 ---
tasks/neutronupstartinit.yml | 126 --------
tasks/nuageneutronconfig.yml | 24 ++
tasks/plumgridconfig.yml | 91 ++----
templates/api-paste.ini.j2 | 10 +-
dragent.ini.j2 | 9 +
templates/dhcpagent.ini.j2 | 5 +-
templates/felix.cfg.j2 | 4 +
agent.ini.j2 | 7 +-
templates/lbaasagent.ini.j2 | 15 +-
agent.ini.j2 | 1 -
templates/meteringagent.ini.j2 | 3 +-
templates/ | 2 +-
templates/neutron-systemd-init.j2 | 25 ++
templates/neutron-systemd-tempfiles.j2 | 4 +
templates/neutron-upstart-init.j2 | 8 +-
templates/neutron.conf.j2 | 61 ++--
agent.ini.j2 | 4 +-
templates/plugins/ml2/ml2conf.ini.j2 | 13 +-
agent.ini.j2 | 23 ++
templates/plugins/nuage/nuage.ini.j2 | 19 ++
templates/plugins/plumgrid/plumlib.ini | 5 +-
templates/policy.json.j2 | 66 ++--
templates/rootwrap.conf.j2 | 2 +-
templates/vpnaas_agent.ini.j2 | 9 +
test-requirements.txt | 19 +-
tox.ini | 197 +++++++-----
vars/ubuntu-14.04.yml | 54 ++++
vars/ubuntu-16.04.yml | 52 ++++
123 files changed, 3606 insertions(+), 1746 deletions(-)

Requirements updates

diff --git a/test-requirements.txt b/test-requirements.txt
index 3422d65..8fdd8d8 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,4 +1,9 @@
+# The order of packages is significant, because pip processes them in the order
+# of appearance. Changing the order has an impact on the overall integration
+# process, which may cause wedges in the gate later.
+bashate>=0.2 # Apache-2.0
+flake8<2.6.0,>=2.5.4 # MIT
+pyasn1 # BSD
+pyOpenSSL>=0.14 # Apache-2.0
+requests>=2.10.0 # Apache-2.0
+ndg-httpsclient>=0.4.2;python_version<'3.0' # BSD
@@ -7,2 +12,4 @@ flake8
-oslosphinx>=2.5.0 # Apache-2.0
+sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
+oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
+doc8 # Apache-2.0
+reno>=1.8.0 # Apache2

OpenStack-announce mailing list
asked Oct 20, 2016 in openstack-announce by no-reply_at_openstac (33,960 points)   2 16 41