Bug 1601469 - [OVN] - Create external network's vNIC profile without network filter
Summary: [OVN] - Create external network's vNIC profile without network filter
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: BLL.Network
Version: 4.2.5.1
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: ovirt-4.2.6
: 4.2.6.2
Assignee: Ales Musil
QA Contact: Michael Burman
URL:
Whiteboard:
: 1671739 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-07-16 13:02 UTC by Michael Burman
Modified: 2019-02-14 12:22 UTC (History)
5 users (show)

Fixed In Version: ovirt-engine-4.2.6.2
Clone Of:
Environment:
Last Closed: 2018-09-03 15:07:30 UTC
oVirt Team: Network
Embargoed:
rule-engine: ovirt-4.2+

Attachments (Terms of Use)
engine log (98.24 KB, application/x-gzip)
2018-07-16 13:07 UTC, Michael Burman 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 93435 0 master MERGED webadmin: Fix default network filter for external network 2018-08-06 14:52:48 UTC
oVirt gerrit 93580 0 ovirt-engine-4.2 MERGED webadmin: Fix default network filter for external network 2018-08-09 08:28:12 UTC

Description Michael Burman 2018-07-16 13:02:57 UTC 
Description of problem:
[OVN] - Create external network's vNIC profile without network filter.

When creating an ovn external network on the external provider, it's vNIC profile is created with the default network filter - vdsm-no-mac-spoofing, but it should have no network filter. 

- In newer version of libvirt the VM won't start
- The auto define working as expected

Version-Release number of selected component (if applicable):
4.2.5.2_SNAPSHOT-79.gffafd93.0.scratch.master.el7ev

How reproducible:
100%

Steps to Reproduce:
1. Create new ovn network on ovn external provider

Actual results:
vNIC profile created with default network filter vdsm-no-mac-spoofing

Expected results:
external network vNIC profile should have no filter
Comment 1 Michael Burman 2018-07-16 13:07:12 UTC 
Created attachment 1459161 [details]
engine log
Comment 2 Dan Kenigsberg 2018-07-18 10:10:40 UTC 
Oh, this makes auto-import feature quite cumbersome to use (it's not really "auto" as you need to remove the filter manually).

I hate the idea, but we may need to consider an upgrade script to remove the filter from existing ovn vnic profiles.
Comment 3 Dominik Holler 2018-07-30 09:24:59 UTC 
(In reply to Dan Kenigsberg from comment #2)
> Oh, this makes auto-import feature quite cumbersome to use (it's not really
> "auto" as you need to remove the filter manually).
> 


Is the "Import network" and "AutoSync" flow affected, too, or is this bug just about external networks created using oVirt?
Comment 4 Dominik Holler 2018-07-30 09:38:59 UTC 
(In reply to Dan Kenigsberg from comment #2)
> I hate the idea, but we may need to consider an upgrade script to remove the
> filter from existing ovn vnic profiles.


I am unsure if we should trigger security-related actions which might not be noticed by the administrator.

There is the option to let the VMs fail after the update, to notify the admin, and provide a python script to update the vNIC profiles.
Comment 5 Michael Burman 2018-07-30 13:15:43 UTC 
(In reply to Dominik Holler from comment #3)
> (In reply to Dan Kenigsberg from comment #2)
> > Oh, this makes auto-import feature quite cumbersome to use (it's not really
> > "auto" as you need to remove the filter manually).
> > 
> 
> 
> Is the "Import network" and "AutoSync" flow affected, too, or is this bug
> just about external networks created using oVirt?

'Import flow', 'AutoSync' and 'AutoDefine' flows are ok and work as expected, which means they created with 'no filter'.
The bug is creating external networks using oVirt only.
Comment 6 Dan Kenigsberg 2018-08-14 06:14:42 UTC 
Also available in ovirt-engine-0:4.2.6.3_SNAPSHOT-93.g584f531.0.scratch.master.el7ev
Comment 7 Michael Burman 2018-08-14 13:12:14 UTC 
Verified on - 4.2.6.3_SNAPSHOT-93.g584f531.0.scratch.master.el7ev
Comment 8 Dominik Holler 2019-02-14 12:22:27 UTC 
*** Bug 1671739 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.