1940824 – [RFE] Upgrade OVN/OVS 2.11 in RHV to OVN/OVS 2.15

Bug 1940824 - [RFE] Upgrade OVN/OVS 2.11 in RHV to OVN/OVS 2.15

Summary: [RFE] Upgrade OVN/OVS 2.11 in RHV to OVN/OVS 2.15

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-provider-ovn
Sub Component:
Version:	4.4.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	ovirt-4.5.0
Target Release:	4.5.0
Assignee:	Ales Musil
QA Contact:	Michael Burman
Docs Contact:
URL:
Whiteboard:
Depends On:	1809463 1965954 1969760 1969763 1974439 1980269 1986299 2008798
Blocks:	1782056
TreeView+	depends on / blocked

Reported:	2021-03-19 09:58 UTC by Martin Perina
Modified:	2022-05-26 17:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:	ovirt-engine-4.5.0.1 ovirt-provider-ovn-1.2.35 ovirt-openvswitch-2.15-2 vdsm-4.50.0.10
Doc Type:	Release Note
Doc Text:	Upgrade from OvS/OVN 2.11 to OVN 2021 and OvS 2.15. The upgrade is transparent to the user as long as these conditions are met: 1. Upgrade the engine first. 2. Before you upgrade the hosts, disable the ovirt-provider-ovn security groups for all OVN networks that are expected to work between hosts with OVN/OvS version 2.11. 3. Upgrade the hosts to match the OVN version 2021 or higher and OvS version to 2.15. This step should be done with the web console, in order to reconfigure OVN and to refresh the certificates. 4. Reboot the host after upgrade. 5. Verify that the provider and OVN were configured successfully by launching the web console and checking the "OVN configured" field on the "General" tab for each host. (You can also obtain the value using the REST API.) Note that the value might be "No" if the host configuration has not been refreshed. If the host's OVN is not configured after refresh and you are using engine 4.5 or later, reinstalling the host will fix this issue.
Clone Of:
Environment:
Last Closed:	2022-05-26 17:25:09 UTC
oVirt Team:	Network
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	oVirt ovirt-engine pull 177	None	open	ansible: Sync OVN SB DB chassis after upgrade	2022-03-24 11:52:20 UTC
Red Hat Product Errata	RHSA-2022:4712	None	None	None	2022-05-26 17:25:31 UTC
oVirt gerrit	115208	master	MERGED	packaging: Update OVN certificate permissions	2021-09-03 10:02:16 UTC
oVirt gerrit	116000	master	MERGED	ansible: Copy vdsm certificate for OVN with correct user and group	2021-09-03 10:02:19 UTC
oVirt gerrit	116015	master	MERGED	controller: Use certificates and keys made specifically for ovn-controller	2021-09-03 10:02:53 UTC
oVirt gerrit	116138	None	None	None	2021-08-23 07:55:36 UTC
oVirt gerrit	116380	master	MERGED	backend: Refactor getOvnCentral, so it can be used by different code	2021-09-03 10:02:21 UTC
oVirt gerrit	116381	master	MERGED	ansible: Reconfigure OVN during host upgrade	2021-09-03 10:02:23 UTC
oVirt gerrit	116718	master	MERGED	net: Add check if OVN is properly configured on the host	2021-09-16 13:07:09 UTC
oVirt gerrit	116727	master	MERGED	net: Add ovnConfigured to capabilities	2021-09-16 13:08:40 UTC
oVirt gerrit	116736	master	MERGED	core: Save ovnConfigured to VdsDynamic	2021-09-21 10:43:06 UTC
oVirt gerrit	116737	master	MERGED	webadmin: Show OVN configured in Host general tab	2021-09-21 10:43:08 UTC
oVirt gerrit	116752	master	MERGED	Add ovnConfigured to Host model	2021-10-07 08:00:15 UTC
oVirt gerrit	116782	master	MERGED	rest: Expose ovnConfigured via REST API	2021-10-20 08:58:03 UTC
oVirt gerrit	116862	master	MERGED	ansible: Fix upgrade of hosts with rhv-openvswitch	2021-09-30 06:04:14 UTC
oVirt gerrit	117080	master	MERGED	ansbible: Fix post upgrade ovirt-openvswitch check	2021-10-14 13:10:02 UTC

Description Martin Perina 2021-03-19 09:58:01 UTC

RHV 4.4 is using OVN/OVS 2.11, which is old version and there won't be added any new features into it. So the only way forward is to upgrade to OVN/OVS 2.13+, which will allow us to use new features (for example ipsec as requested in BZ1782056) and allow also future upgrades (OVN/OVS 2.13+ provides functionality to work with older versions, for example OVN/OVS 2.15 should work with OVN/OVS 2.13).

But there are consequences:

1. According to OVN team running OVN/OVS 2.13 with OVN/OVS 2.11 is unsupported -> we would need to change our OVN support to exclude 4.3 hosts.

2. Even though OVN/OVS 2.13 and 2.11 is unsupported, we still need to provide some reasonable upgrade path - we need to check if upgrade of hosts still using OVN/OVS 2.11 in a cluster still can finish successfully (those hosts can be upgraded to OVN/OVS 2.13) after OVN/OVS is upgraded to 2.13 on RHV Manager

This is RFE is just preliminary, it's not yet acked until we verify that our tests don't detect any failure during upgrade. And of course we will need to determine which version we want to upgrade to: 2.13 or 2.15

Comment 6 Michael Burman 2022-03-22 12:11:29 UTC

This RFE has failedQA, as the ovn-sb is keeping the chassis in inconsistent state.
The Chassis IDs are UUID instead of hostname.
This preventing the VMs running on different hosts, to fail to communicate with each other after the hosts upgraded to ovn/ovs 2.15

We probably need to delete the chassis during the host upgrade/installation and let the ovn-controller to add itself again.
Moving back to ASSIGNED for further work.

Tested with:
rhvm-4.5.0-0.237.el8ev.noarch
ovirt-provider-ovn-1.2.35-1.el8ev.noarch
ovn-2021-21.12.0-32.el8fdp.x86_64
openvswitch2.15-2.15.0-84.el8fdp.x86_64
vdsm-4.50.0.10-1.el8ev.x86_64
ovirt-openvswitch-2.15-3.el8ev.noarch

Comment 7 Sandro Bonazzola 2022-03-29 16:16:40 UTC

We are past 4.5.0 feature freeze, please re-target.

Comment 8 Sandro Bonazzola 2022-04-01 06:36:50 UTC

Updated doctext according to https://github.com/oVirt/ovirt-site/pull/2821/files/87730ec701d42d1be8142fc1e64b4d229c566c3f#r839547966

Comment 9 Michael Burman 2022-04-19 14:14:57 UTC

Verified on - rhvm-4.5.0.2-0.7.el8ev.noarch with the next packages:

ovirt-provider-ovn-1.2.36-1.el8ev.noarch

ovn-2021-21.12.0-45.el8fdp.x86_64
ovn-2021-central-21.12.0-45.el8fdp.x86_64
ovirt-openvswitch-2.15-3.el8ev.noarch
ovirt-openvswitch-ovn-central-2.15-3.el8ev.noarch
ovirt-openvswitch-ovn-2.15-3.el8ev.noarch
ovirt-openvswitch-ovn-common-2.15-3.el8ev.noarch

openvswitch2.15-2.15.0-94.el8fdp.x86_64
ovirt-python-openvswitch-2.15-3.el8ev.noarch
ovirt-openvswitch-ovn-host-2.15-3.el8ev.noarch
python3-openvswitch2.15-2.15.0-94.el8fdp.x86_64
ovn-2021-21.12.0-45.el8fdp.x86_64
ovn-2021-host-21.12.0-45.el8fdp.x86_64

ovirt-provider-ovn-driver-1.2.36-1.el8ev.noarch

vdsm-4.50.0.12-1.el8ev.x86_64

Comment 14 errata-xmlrpc 2022-05-26 17:25:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHV Engine and Host Common Packages security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4712

Note You need to log in before you can comment on or make changes to this bug.