Bug 2021987

Summary: OVN migration script should allow any OVS firewall configuration
Product: Red Hat OpenStack Reporter: Roman Safronov <rsafrono>
Component: python-networking-ovnAssignee: Rodolfo Alonso <ralonsoh>
Status: CLOSED WONTFIX QA Contact: Roman Safronov <rsafrono>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: apevec, bcafarel, dalvarez, ekuris, jamsmith, jlibosva, jpalanis, jschluet, lhh, majopela, mgarciac, mtomaska, ralonsoh, scohen, skaplons, spower
Target Milestone: z3Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-networking-ovn-7.4.2-2.20220409154848.el8ost Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 2087077 (view as bug list) Environment:
Last Closed: 2022-06-02 18:33:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2087077    

Description Roman Safronov 2021-11-10 14:07:09 UTC 
Description of problem:
Since we do not support ovs2ovn migration with iptables_hybrid firewall driver we should block it explicitly in the ovn_migration script. 

Version-Release number of selected component (if applicable):
RHOS-16.2-RHEL-8-20211027.n.1

How reproducible:
100%

Steps to Reproduce:
1. Deploy ml2ovs environment with iptables_hybrid firewall driver.
2. Try to run ovs2ovn migration according to the official documentation.

Actual results:
ovn_migration script allows customers to perform ovs2ovn migration on an environment with iptables_hybrid firewall driver. This can lead to the situation where customer receives an unsupported OVN configuration where VMs are connected via linux bridges.

Expected results:
ovn migration script detects existing firewall driver. In case the firewall driver is iptables_hybrid the script prints a message that ovs2ovn migration is not allowed  and exits. In case firewall driver is openvswitch the script initiates the ovs2ovn migration as usual.

Additional info:
Comment 29 Jakub Libosvar 2022-05-06 22:01:07 UTC 
*** Bug 2075039 has been marked as a duplicate of this bug. ***
Comment 34 Roman Safronov 2022-05-17 10:09:57 UTC 
Verified on puddle  RHOS-16.2-RHEL-8-20220513.n.2 which uses python3-networking-ovn-migration-tool-7.4.2-2.20220409154848.el8ost.noarch.rpm.
Verified that it's possible to migrate to ovn from ml2ovs with either iptables_hybrid or openvswitch firewall.
Comment 35 Fernando Royo 2022-05-23 13:37:02 UTC 
*** Bug 2084058 has been marked as a duplicate of this bug. ***