Full Release Notes for networking-cisco¶
In this release, clean-up of Nexus configuration was performed by removing obsolete features. For users of tripleo and puppet-neutron repos, you must make sure you are using the correct versions of the repos that include the changes from bugs https://bugs.launchpad.net/tripleo/+bug/1793381 and https://bugs.launchpad.net/puppet-neutron/+bug/1793379.
- Adds support for the Rocky release of OpenStack
Nexus/UCSM: Deprecate old ML2 documentation file
In older versions of networking-cisco, the file
etc/neutron/plugins/ml2/ml2_conf_cisco.inicontains all ML2 configuration documentation for Nexus and UCSM. This has been replaced with a much improved set of documentation which can be found at http://networking-cisco.readthedocs.io. For details of changes, refer to https://bugs.launchpad.net/networking-cisco/+bug/1780445
Nexus: Verify https certificates by default
See the Security release notes for more details.
Nexus: Remove deprecated format of host interface mapping config
The host to interface mapping configuration was deprecated and replaced in release 6.1.0 (see previous release notes). The deprecated configuration is now removed so the replacement configuration must take its place. The following demonstrates the old versus new configuration.
Refer to https://bugs.launchpad.net/networking-cisco/+bug/1771672 for implementation details.
Nexus: Remove deprecated intfcfg.portchannel configuration
The intfcfg.portchannel configuration was deprecated and replaced in release 5.4.0 (see previous release notes). The deprecated configuration is now removed so the replacement configuration intfcfg_portchannel must take its place.
Nexus: Remove Nexus ncclient configuration driver
ncclientDriver used to configure Nexus was deprecated in the
Cisco 5.5.0release. It is replaced by the current default RESTAPI Driver. The ncclient driver is now removed along with related configuration options which include
nexus_driver. For the RESTAPI driver to work, the :command:’feature nxapi’ must be preconfigured on the Nexus device and the correct version of NX-OS must be installed. Refer to Nexus Installation Guide. for more prerequisite details. For implementation details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1758042
Nexus/UCSM: Deprecate old ML2 documentation file
The documentation file
etc/neutron/plugins/ml2/ml2_conf_cisco.inihas been replaced with http://networking-cisco.readthedocs.io. Reference to this new location is placed in
ml2_conf_cisco.ini. This file will be removed entirely in a later release and is no longer copied during setup operations. For details of changes, refer to https://bugs.launchpad.net/networking-cisco/+bug/1780445
Nexus: Verify https certificates by default
In release 5.4.0, the ability to verify https certificates was implemented. The default was originally set to False for insecure https connections to allow time to acquire certificates. In this release, the default is changed to True so certificates will be verified for secured connections.
See release notes for release 5.4.0 for details on this feature and https://bugs.launchpad.net/networking-cisco/+bug/1778275 for implementation details.
- Fixes a bug in the networking-cisco migrations when run against MariaDB which prevent the subnet_id field being added as a primary key due to it previously being added as a foreign key. See: https://bugs.launchpad.net/networking-cisco/+bug/1791121
- Adds support for the OpenStack Neutron queens release.
Nexus: Host Mapping Configuration being replaced
The host mapping configuration beneath the header ml2_mech_cisco_nexus currently does not have a static config option name. This can lead to some issues where even typographical errors can be interpreted as a host mapping config. The config option host_ports_mapping has been introduced to resolve this shortcoming. The following demonstrates the before and after config change.
Nexus: Do not raise exception during update_postcommit when port not found
Occasionally spurious updates are seen in parallel with deletes for same vlan. In this window an update can be received after the port binding is removed. This change reports a warning message instead of raising an exception keeping it consistent with other ML2 driver behavior. This circumstance will more likely be seen when there are multiple neutron threads and controllers.
Nexus: Neutron trunking feature not supported in Newton
Introduced a fix to prevent an error from being generated when using openstack newton or below branches with baremetal configurations. The error message seen is “TypeError: get_object() got an unexpected keyword” “argument ‘port_id’”. For implementation details, refer to https://review.openstack.org/#/c/542877.
Cisco UCSM: The ucsmsdk is now the default replacing the UcsSdk
The ucsmsdk is now the default package for interacting with UCSM. Use of the now deprecated UcsSdk will still work if the ucsmsdk is not installed. However, all new features will be developed using the ucsmsdk so users are encouraged to upgrade.
- All code for CSR1kv-based routing has been removed from networking-cisco. The code was removed in commit 917480566afa2b40dc382bc4f535d173bad7736d.
- All Nexus 1000v driver code has been removed from networking-cisco, and all n1kv related tables have been dropped. The code was removed in commit 0730ec9e6b76b3c1e75082e9dd1af55c9faeb34c
- NCS: Remove support for Network Control System (NCS). The code was removed in commit 31e4880299d04ceb399aa38097fc5f2b26e30ab1
Cisco UCSM: Use of the UcsSdk has been deprecated for removal
Use of of the UcsSdk will be removed in a future release. It has been replaced by the ucsmsdk. While use of the UcsSdk will continue to work until its complete removal, no new features will be added so users are encouraged to upgrade.
Nexus: DBDuplicateEntry error from interface mapping db table with multi-controllers
When there are multiple controllers running, they could simultaneously attempt to initialize the Nexus host interface mapping db table using the user’s static host mapping configuration. This could result in a DBDuplicateEntry exception. This type of error is seen with static user configured hosts but not ironic learned hosts. Refer to DBDuplicate Entry - Failed Insert into cisco_ml2_nexus_host_interface_mapping for error message details and corrective action. For implementation details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1743573.
Cisco UCSM: vNIC and Service Profile Template support for Single UCSM
This feature allows a cloud admin to take advantage of the Service Profile Template and vNIC Template configuration options available on the UCS Manager. The UCSM driver can be provided with the Service Profile or the Service Profile Template configuration, and it will handle the configuration of the UCS Servers accordingly. The vNIC Templates can be used to configure several vNIC on different UCS Servers, all connected to the same physical network. The driver will handle configuration of the appropriate vNIC Template with the VLAN configuration associated with the corresponding neutron provider network.
Nexus: https certification now supported by RESTAPI Client
The Nexus RESTAPI Client now sends requests using https instead of http which results in communication with the Nexus to be encrypted. Certificate verification can also be performed. A new configuration option ‘https_verify’ controls this latter capability. When set to False, the communication path is insecure making it vulnerable to man-in-the-middle attacks. Initially, the default for ‘https_verify’ is set to False but will change to True in the ‘Cisco 6.0.0’ release. If a certificate is already available and configured on the Nexus device, it is highly recommended to set this options to True in the neutron start-up configuration file.
For testing or lab purposes, a temporary local certificate can be generated and the certificate filename can be provided in the configuration option ‘https_local_certificate’. This depends on the Nexus device being configured with the local key and certificate file.
Both configuration options are available for every Nexus switch configured. Refer to the Nexus Configuration Reference for more details on these options as well as https://bugs.launchpad.net/networking-cisco/+bug/1735295
Nexus: Obfuscate password
In log output, obfuscate Nexus Switch password provided in Neutron Start-up configuration.
Cisco UCSM: Add config to control SSL certificate checks
This feature allows a cloud admin to disable SSL certificate checking when the UCSM driver connects to the UCS Managers provided in its configuration. SSL certificate checking is ON by default and setting the
ucsm_https_verifyconfiguration parameter to
Falseturns it OFF. Turning it OFF makes the connection insecure and vulnerable to man-in-the-middle attacks.
Nexus: DBDuplicateEntry error seen with Nexus interface mapping database
Introduced a fix to resolve the issue when the same port-channel is configured for multiple hosts beneath the same switch, a DBDuplicateEntry error is seen. This type of configuration is seen with static configurations only and not ironic. Refer to DBDuplicate Entry - Failed Insert into cisco_ml2_nexus_host_interface_mapping for sample config, more error message details, and corrective action. For implementation details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1735540.
Nexus: Remove ‘.’ from configuration variable names
When testing new configuration variables with puppet and tripleo, the use of dot ‘.’ in configuration variable name fails. There is only one such variable which is intfcfg.portchannel. It is replaced with intfcfg_portchannel.
Nexus: RESTAPI Client Scaling Improvement
To improve performance, the same cookie will be used in requests until it expires and the Nexus device returns a status_code of 403. When this is detected, an attempt to refresh the cookie occurs and upon successful receipt of a new cookie the request that originally failed will be resent. For more details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1735295
Nexus: Improved port-channel support with baremetal events
When there are multiple ethernet interfaces in the baremetal’s neutron port event, the Nexus driver determines whether the interfaces are already configured as members of a port-channel. If not, it creates a new port-channel interface and adds the ethernet interfaces as members. In either case, trunk vlans are applied to the port-channel. For this to be successful, a new configuration variable ‘vpc_pool’ must be defined with a pool of vpc ids for each switch. This must be defined beneath the section header [ml2_mech_cisco_nexus:<switch-ip-address>]. A vpc id common between participating switches will be selected. To get more details on defining this variable, refer to networking-cisco repo, file: etc/neutron/plugins/ml2/ml2_conf_cisco.ini For implementation details on automated port-channel creation, refer to https://bugs.launchpad.net/networking-cisco/+bug/1707286 and https://bugs.launchpad.net/networking-cisco/+bug/1691822 and https://bugs.launchpad.net/networking-cisco/+bug/1705294
Nexus: User customizable port-channels for baremetal interfaces
When the Nexus driver creates port-channels for baremetal events, an additional capability was provided to allow the user to custom configure port-channels that are created. This is done by way of the config variable ‘intfcfg.portchannel’ beneath each switch’s section header [ml2_mech_cisco_nexus:<switch-ip-address>]. Nexus CLI commands are defined in this variable unique for each switch and sent while creating the port-channel. For details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1706965
Nexus: Neutron Trunk Support
The Nexus mechanism driver support of the neutron trunk feature (https://docs.openstack.org/ocata/networking-guide/config-trunking.html) is to create and trunk on the Nexus switch the trunk subport’s network VLAN(s) configured under the neutron trunk parent port.
Nexus: Provider Network Limited Operations
The Openstack administrator may want to control how the neutron port events program the Nexus switch for provider networks. Two configuration variables have been introduced to suppress vlan creation and the vlan trunk port setting on the Nexus switch for provider networks. These variables, ‘provider_vlan_auto_create’ and ‘provider_vlan_auto_trunk’, are defined under the [ml2_cisco] section header.
Cisco UCSM: Auto detection of Compute hosts
This feature allows a cloud admin to expand the size of the Openstack cloud dynamically by adding more compute hosts to an existing UCS Manager. The cloud admin can now add the hostname of this new compute host to the “Name” field of its Service Profile on the UCSM. Then when a VM is scheduled on this compute host, the Cisco UCSM ML2 mechanism driver goes through all the Service Profiles of all the UCSMs known to it to figure out the UCSM and the Service Profile associated with that host. After learning the UCSM and Service Profile, the mechanism driver saves this information for future operations. Note that this method cannot be used to add more Controller nodes to the cloud.
Nexus: Add host to switch/interface mapping database table
A new database table for host to interface mapping is added for baremetal deployments. The administrator must perform a database migration to incorporate this upgrade. The new database table name is ‘cisco_ml2_nexus_host_interface_mapping’. For more details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1691194
Nexus: Set RESTAPI driver as default replacing ncclient driver
The Nexus 9K handles the RESTAPI events more efficiently and without session limitations. It is now the default and will be the only choice in ‘Cisco 7.0.0’ release. This may require the administrator to upgrade the Nexus operating system. If necessary, use ‘nexus_driver=ncclient’ to temporarily go back to original default driver; however, some enhancements may not be available when using this driver. For details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1705036
Nexus: Set default for Configuration Replay to enabled
Configuration replay is now enabled by default by setting the variable ‘switch_heartbeat_time’ to 30 seconds (defined under the [ml2_cisco] section header). If the administrator does not want this feature enabled, set this variable to 0. When enabled, the nexus driver checks each switch for connectivity and will restore the configuration known to the driver if a switch recovers from failure. For details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1712090
Nexus: New vpc id allocation database table
To implement the vpc id pool for automated port-channel creation with baremetal deployments, a new database table was created so a database migration is needed to incorporate the new vpc id table. The new database table name is ‘cisco_ml2_nexus_vpc_alloc’. For more details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1707286 and https://bugs.launchpad.net/networking-cisco/+bug/1691822 and https://bugs.launchpad.net/networking-cisco/+bug/1705294
Nexus: The ncclient/ssh config driver has been deprecated for removal
Use of ncclient/ssh_driver will be removed in the ‘Cisco 7.0.0’ release. It will be replaced by the RESTAPI Driver. Some configuration options are also deprecated for removal since they relate only to the ncclient driver. These include ‘persistent_switch_config’, ‘never_cache_ssh_connection’, ‘host_key_checks’, and ‘nexus_driver’. For details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1705036
Nexus: Eliminate warning message for ‘MultiConfigParser’ from Nexus ML2 Plugin
The ‘MultiConfigParser’ class is deprecated as seen by warnings in the neutron log file. Refer to https://bugs.launchpad.net/networking-cisco/+bug/1712853 for details.
ASR1k: Fix greenpool.py traceback in Ocata
The ASR1k plugin was wrapping neutron and plugin DB operations in common transactions that was generating a lot of strange tracebacks in the neutron server logs. This commit removes the transaction wrapper to make the operations more independent of each other, eliminating the tracebacks entirely.
Nexus: Eliminate warning message for ‘neutron.db.api.get_session’
The ‘neutron.db.api.get_session’ API is deprecated as seen by warnings in the neutron log file so it is replaced. For details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1713498
Nexus: Remove unused configuration variables
The configuration variables ‘svi_round_robin’, ‘provider_vlan_name_prefix’, and ‘vlan_name_prefix’ are no longer used by the nexus driver and can be removed. For further details, refer to https://bugs.launchpad.net/networking-cisco/+bug/1712118