Bug 2075038

Summary: [ovn][migration][17.0] Support migration to ML2/OVN from ML2/OVS with hybrid firewall
Product: Red Hat OpenStack Reporter: Daniel Alvarez Sanchez <dalvarez>
Component: openstack-neutronAssignee: Jakub Libosvar <jlibosva>
Status: CLOSED ERRATA QA Contact: Roman Safronov <rsafrono>
Severity: high Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: chrisw, jamsmith, jlibosva, scohen, twilson
Target Milestone: AlphaKeywords: Triaged
Target Release: 17.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-18.3.1-0.20220508171836.a88c2b2.el8ost Doc Type: Enhancement
Doc Text:
You can now migrate the mechanism driver to ML2/OVN from an ML2/OVS deployment that uses the iptables_hybrid firewall driver. + The existing instances keep using the hybrid plug mechanism after the migration, but security groups are implemented in OVN and there are no iptables rules present on the compute nodes.
 Story Points: ---
Clone Of:
: 2075039 (view as bug list) Environment:
Last Closed: 2022-09-21 12:20:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2103545, 2106370, 2109516    
Bug Blocks: 2075039    

Description Daniel Alvarez Sanchez 2022-04-13 13:26:13 UTC 
By not removing the port binding details from the migration tool, we can make the migration from the hybrid firewall possible.

The patch that should enable this process is here:
https://review.opendev.org/c/openstack/neutron/+/837566

The purpose of this BZ is to track the backports and testing of the migration to ML2/OVN from the hybrid firewall, as well as to update our current documentation that states that it is not supported.
Comment 5 Roman Safronov 2022-07-28 15:52:31 UTC 
Verified on RHOS-17.0-RHEL-9-20220721.n.1
Verified that is possible to migrate to OVN from OVS+iptables_hybrid firewall driver.

Note: still there are some OVS-specific leftovers
Bug 2106370 - [OSP17.0][OVN migration] iptables hybrid OVS-specific leftovers (qbr/qvb/qvo) still exist after VM migration
One more related BZ
Bug 2103147 - [RFE] Consider hybrid plugging during cold migration

Added corresponding comment to https://bugzilla.redhat.com/show_bug.cgi?id=2054670 in order to document the issues until they are fixed.
Comment 12 errata-xmlrpc 2022-09-21 12:20:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543
Comment 13 Red Hat Bugzilla 2023-09-18 04:35:25 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days