Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1601469

Summary: [OVN] - Create external network's vNIC profile without network filter
Product: [oVirt] ovirt-engine Reporter: Michael Burman <mburman>
Component: BLL.NetworkAssignee: Ales Musil <amusil>
Status: CLOSED CURRENTRELEASE QA Contact: Michael Burman <mburman>
Severity: medium Docs Contact:
Priority: high    
Version: 4.2.5.1CC: adaper3, bugs, danken, dholler, mburman
Target Milestone: ovirt-4.2.6Flags: rule-engine: ovirt-4.2+
Target Release: 4.2.6.2   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ovirt-engine-4.2.6.2 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-03 15:07:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Network RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
engine log none

Description Michael Burman 2018-07-16 13:02:57 UTC 
Description of problem:
[OVN] - Create external network's vNIC profile without network filter.

When creating an ovn external network on the external provider, it's vNIC profile is created with the default network filter - vdsm-no-mac-spoofing, but it should have no network filter. 

- In newer version of libvirt the VM won't start
- The auto define working as expected

Version-Release number of selected component (if applicable):
4.2.5.2_SNAPSHOT-79.gffafd93.0.scratch.master.el7ev

How reproducible:
100%

Steps to Reproduce:
1. Create new ovn network on ovn external provider

Actual results:
vNIC profile created with default network filter vdsm-no-mac-spoofing

Expected results:
external network vNIC profile should have no filter
Comment 1 Michael Burman 2018-07-16 13:07:12 UTC 
Created attachment 1459161 [details]
engine log
Comment 2 Dan Kenigsberg 2018-07-18 10:10:40 UTC 
Oh, this makes auto-import feature quite cumbersome to use (it's not really "auto" as you need to remove the filter manually).

I hate the idea, but we may need to consider an upgrade script to remove the filter from existing ovn vnic profiles.
Comment 3 Dominik Holler 2018-07-30 09:24:59 UTC 
(In reply to Dan Kenigsberg from comment #2)
> Oh, this makes auto-import feature quite cumbersome to use (it's not really
> "auto" as you need to remove the filter manually).
> 


Is the "Import network" and "AutoSync" flow affected, too, or is this bug just about external networks created using oVirt?
Comment 4 Dominik Holler 2018-07-30 09:38:59 UTC 
(In reply to Dan Kenigsberg from comment #2)
> I hate the idea, but we may need to consider an upgrade script to remove the
> filter from existing ovn vnic profiles.


I am unsure if we should trigger security-related actions which might not be noticed by the administrator.

There is the option to let the VMs fail after the update, to notify the admin, and provide a python script to update the vNIC profiles.
Comment 5 Michael Burman 2018-07-30 13:15:43 UTC 
(In reply to Dominik Holler from comment #3)
> (In reply to Dan Kenigsberg from comment #2)
> > Oh, this makes auto-import feature quite cumbersome to use (it's not really
> > "auto" as you need to remove the filter manually).
> > 
> 
> 
> Is the "Import network" and "AutoSync" flow affected, too, or is this bug
> just about external networks created using oVirt?

'Import flow', 'AutoSync' and 'AutoDefine' flows are ok and work as expected, which means they created with 'no filter'.
The bug is creating external networks using oVirt only.
Comment 6 Dan Kenigsberg 2018-08-14 06:14:42 UTC 
Also available in ovirt-engine-0:4.2.6.3_SNAPSHOT-93.g584f531.0.scratch.master.el7ev
Comment 7 Michael Burman 2018-08-14 13:12:14 UTC 
Verified on - 4.2.6.3_SNAPSHOT-93.g584f531.0.scratch.master.el7ev
Comment 8 Dominik Holler 2019-02-14 12:22:27 UTC 
*** Bug 1671739 has been marked as a duplicate of this bug. ***