Bug 2075039

Summary: [ovn][migration][16.2] Support migration to ML2/OVN from ML2/OVS with hybrid firewall
Product: Red Hat OpenStack Reporter: Daniel Alvarez Sanchez <dalvarez>
Component: python-networking-ovnAssignee: Jakub Libosvar <jlibosva>
Status: CLOSED CURRENTRELEASE QA Contact: Roman Safronov <rsafrono>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: apevec, chrisw, ekuris, jamsmith, jelynch, jlibosva, lhh, majopela, rhos-maint, scohen, skaplons, twilson
Target Milestone: z4Keywords: TestOnly, Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: python-networking-ovn-7.4.2-2.20220409154848.el8ost Doc Type: Enhancement
Doc Text:
With this update, you can now migrate an ML2/OVS deployment with the iptables_hybrid firewall driver to ML2/OVN.
 Story Points: ---
Clone Of: 2075038 Environment:
Last Closed: 2022-07-29 10:35:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2075038, 2109516    
Bug Blocks: 2022040    

Description Daniel Alvarez Sanchez 2022-04-13 13:28:28 UTC 
+++ This bug was initially created as a clone of Bug #2075038 +++

By not removing the port binding details from the migration tool, we can make the migration from the hybrid firewall possible.

The patch that should enable this process is here:
https://review.opendev.org/c/openstack/neutron/+/837566

The purpose of this BZ is to track the backports and testing of the migration to ML2/OVN from the hybrid firewall, as well as to update our current documentation that states that it is not supported.
Comment 2 Jakub Libosvar 2022-05-06 22:01:07 UTC 

*** This bug has been marked as a duplicate of bug 2021987 ***
Comment 3 Jakub Libosvar 2022-06-14 17:13:24 UTC 
*** Bug 2008296 has been marked as a duplicate of this bug. ***
Comment 4 OSP Team 2022-06-23 10:38:51 UTC 
According to our records, this should be resolved by python-networking-ovn-7.4.2-2.20220409154849.el8ost.  This build is available now.
Comment 5 Roman Safronov 2022-07-28 15:48:25 UTC 
Verified on RHOS-16.2-RHEL-8-20220610.n.1
Verified that is possible to migrate to OVN from OVS+iptables_hybrid firewall driver.

Note: still there are some OVS-specific leftovers
Bug 2109516 - [16.2][OVN migration] iptables hybrid OVS-specific leftovers (qbr/qvb/qvo) still exist after VM migration
Bug 2092463 - migration: stale ip6tables rules after migration   - the BZ already in MODIFIED state

Added corresponding comment to https://bugzilla.redhat.com/show_bug.cgi?id=2054670 in order to document the issues until they are fixed.