Bug 2022040

Summary: [ovn][migration][16.1] Support migration to ML2/OVN from ML2/OVS with hybrid firewall
Product: Red Hat OpenStack Reporter: Roman Safronov <rsafrono>
Component: python-networking-ovnAssignee: Rodolfo Alonso <ralonsoh>
Status: CLOSED ERRATA QA Contact: Roman Safronov <rsafrono>
Severity: high Docs Contact:
Priority: high    
Version: 16.1 (Train)CC: apevec, jamsmith, jelynch, jlibosva, lhh, majopela, ralonsoh, scohen
Target Milestone: z9Keywords: Triaged
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-networking-ovn-7.3.1-1.20220530153732.4e24f4c.el8ost Doc Type: Enhancement
Doc Text:
With this update, you can now migrate an ML2/OVS deployment with the iptables_hybrid firewall driver to ML2/OVN.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-07 20:25:25 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2075039    
Bug Blocks:    

Description Roman Safronov 2021-11-10 15:49:48 UTC 
Description of problem:
Since we do not support ovs2ovn migration with iptables_hybrid firewall driver [1] we should block it explicitly in the ovn_migration script. 

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/networking_with_open_virtual_network/migrating-ml2ovs-to-ovn

Version-Release number of selected component (if applicable):
RHOS-16.1-RHEL-8-20211104.n.1

How reproducible:
100%

Steps to Reproduce:
1. Deploy ml2ovs environment with iptables_hybrid firewall driver.
2. Try to run ovs2ovn migration according to the official documentation.

Actual results:
ovn_migration script allows customers to perform ovs2ovn migration on an environment with iptables_hybrid firewall driver. This can lead to the situation where customer receives an unsupported OVN configuration where VMs are connected via linux bridges.

Expected results:
ovn migration script detects existing firewall driver. In case the firewall driver is iptables_hybrid the script prints a message that ovs2ovn migration is not allowed  and exits. In case firewall driver is openvswitch the script initiates the ovs2ovn migration as usual.
Comment 17 errata-xmlrpc 2022-12-07 20:25:25 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.9 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8795
Comment 18 Red Hat Bugzilla 2023-09-18 04:27:55 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days