Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1985717

Summary: [OVN][Test-only] Metadata ports can no longer talk to SR-IOV ports
Product: Red Hat OpenStack Reporter: Roman Safronov <rsafrono>
Component: python-networking-ovnAssignee: Ihar Hrachyshka <ihrachys>
Status: CLOSED CURRENTRELEASE QA Contact: Eran Kuris <ekuris>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: apevec, astillma, bcafarel, brault, cfields, ctrautma, ekuris, gregraka, ihrachys, jamsmith, jiji, jishi, jlibosva, kfida, lhh, lmadsen, lmartins, majopela, nusiddiq, ralongi, scohen, spower
Target Milestone: rcKeywords: TestOnly, Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovn-2021-21.06.0-17.el8fdp Doc Type: Bug Fix
Doc Text:
This update fixes a known issue where the Open Virtual Network (OVN) Metadata service was not available to VM instances bound to an SR-IOV virtual function. The issue did not affect network function but these instances did not receive their SSH keys in the absence of a Metadata service connection. + The metadata service connectivity for SR-IOV ports now functions correctly.
 Story Points: ---
Clone Of: 1974062 Environment:
Last Closed: 2022-04-20 18:15:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1974062    
Bug Blocks:    

Description Roman Safronov 2021-07-25 08:37:50 UTC 
+++ This bug was initially created as a clone of Bug #1974062 +++

This is a test-only OSP bz in order to make sure that OSP16.2 does not have the described issues after FDP OVN version that includes the fix for #1974062 is available in OSP container images. Expected release date of the FDP version is July 26, 2021


Description of problem:
Instance is not able to get metadata on creation. SSH to the instance is not working.

Version-Release number of selected component (if applicable):
RHOS-16.2-RHEL-8-20210610.n.1, and still occurs on RHOS-16.2-RHEL-8-20210722.n.0

How reproducible:
Happens very often, mainly on SR-IOV environment

Steps to Reproduce:
1. Deploy SR-IOV environment, make sure that external network exist.
2. Create a security group with allowed icmp and ssh and a keypair.
3. Create a vf sr-iov port ('direct' port) in the external network, make sure vf is using the security group that have rules allowing ssh and icmp.
4. Launch a VM connected using the vf port, created in the previous stage.
5. Try to ping the VM IP
Result: Ping works - OK
6. Try to ssh the VM
Result: Access using SSH fails - NOK (BUG)

Actual results:
Metadata service is not accessible from a VM so SSH key can not be obtained. It is not possible to connect to VM using SSH.

Expected results:
Metadata service is accessible from VM. It is possible to connect to VM using SSH.

Additional info:

Try run openstack console log show <VM UUID>
It can be seen that VM is not able to access metadata:
   35.102236] cloud-init[797]: 2021-06-18 18:11:07,494 - util.py[WARNING]: No active metadata service found

Connect to the compute node where the VM is running and try to ping the VM from metadata namespace:
sudo ip net exec ovnmeta-<DATAPATH UUID> ping 192.168.2.225
Result: no replies
Comment 10 Eran Kuris 2021-08-08 06:38:18 UTC 
The fix verified on the latest official puddle : 
(undercloud) [stack@undercloud-0 ~]$ cat core_puddle_version 
RHOS-16.2-RHEL-8-20210804.n.0

[root@computesriov-1 ~]# podman ps | grep ovn 
c3a3195d480b  undercloud-0.ctlplane.localdomain:8787/rh-osbs/rhosp16-openstack-ovn-controller:16.2_20210804.1              kolla_start  2 days ago  Up 2 days ago          ovn_controller
7c4c403a999b  undercloud-0.ctlplane.localdomain:8787/rh-osbs/rhosp16-openstack-neutron-metadata-agent-ovn:16.2_20210804.1  kolla_start  2 days ago  Up 2 days ago          ovn_metadata_agent
[root@computesriov-1 ~]# podman exec -it ovn_controller /bin/bash
[root@computesriov-1 /]# rpm -qa | grep ovn 
ovn-2021-21.06.0-17.el8fdp.x86_64
rhosp-ovn-2021-4.el8ost.1.noarch
ovn-2021-host-21.06.0-17.el8fdp.x86_64
rhosp-ovn-host-2021-4.el8ost.1.noarch