1845109 – [RFE] Need CLI support for --may-exist/--if-exists to lr-policy cmds

The FDP team is no longer accepting new bugs in Bugzilla. Please report your issues under FDP project in Jira. Thanks.

Bug 1845109 - [RFE] Need CLI support for --may-exist/--if-exists to lr-policy cmds

Summary: [RFE] Need CLI support for --may-exist/--if-exists to lr-policy cmds

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux Fast Datapath
Classification:	Red Hat
Component:	OVN
Sub Component:
Version:	RHEL 8.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	lorenzo bianconi
QA Contact:	Jianlin Shi
Docs Contact:	Zhiqiang Fang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-06-08 13:35 UTC by Tim Rozet
Modified:	2020-10-27 09:49 UTC (History)
CC List:	3 users (show)
Fixed In Version:	ovn2.13-20.06.2-14.el7fdn
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-10-27 09:49:12 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2020:4356	0	None	None	None	2020-10-27 09:49:48 UTC

Description Tim Rozet 2020-06-08 13:35:23 UTC

Description of problem:
lr-policy-add and lr-policy-del commands are missing support for --may-exist or --if-exists

See https://github.com/ovn-org/ovn/issues/49 for more info

Comment 3 Jianlin Shi 2020-10-10 05:27:41 UTC

tested with following script:

ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
ovn-nbctl lr-policy-add lr1 1000 ip6.src==3001::1 allow
ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
ovn-nbctl --may-exist lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1
ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1
ovn-nbctl --if-exists lr-policy-del lr1 1000 ip6.src==3001::1

Verified on ovn2.13-20.09.0-1.el7fdp.x86_64:

[root@wsfd-advnetlab16 bz1845109]# rpm -qa | grep -E "openvswitch|ovn"
kernel-kernel-networking-openvswitch-ovn-common-1.0-9.noarch
ovn2.13-20.09.0-1.el7fdp.x86_64
kernel-kernel-networking-openvswitch-ovn-basic-1.0-30.noarch
openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch
openvswitch2.13-2.13.0-51.el7fdp.x86_64
ovn2.13-central-20.09.0-1.el7fdp.x86_64
ovn2.13-host-20.09.0-1.el7fdp.x86_64


+ ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow                                                                                                        
+ ovn-nbctl lr-policy-add lr1 1000 ip6.src==3001::1 allow
+ ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
ovn-nbctl: Same routing policy already existed on the logical router lr1.
+ ovn-nbctl --may-exist lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow  

<==== no error if --may-exist is used
        
+ ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1                        
+ ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1                 
+ ovn-nbctl --if-exists lr-policy-del lr1 1000 ip6.src==3001::1

<=== --if-exists is supported

[root@wsfd-advnetlab16 bz1845109]# ovn-nbctl list logical_router_policy
_uuid               : fb367baf-6d9e-4a7e-98c1-5465ea985ec7               
action              : allow                                           
external_ids        : {}                     
match               : "ip4.src==192.168.0.1"                        
nexthop             : []                                      
options             : {}                                    
priority            : 2000

Comment 4 Jianlin Shi 2020-10-10 05:35:36 UTC

also verified on rhel8 version:

[root@wsfd-advnetlab18 bz1845109]# rpm -qa | grep -E "openvswitch|ovn"
openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch
ovn2.13-20.09.0-1.el8fdp.x86_64
openvswitch2.13-2.13.0-60.el8fdp.x86_64
ovn2.13-central-20.09.0-1.el8fdp.x86_64
ovn2.13-host-20.09.0-1.el8fdp.x86_64

+ ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
+ ovn-nbctl lr-policy-add lr1 1000 ip6.src==3001::1 allow
+ ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
ovn-nbctl: Same routing policy already existed on the logical router lr1.
+ ovn-nbctl --may-exist lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow
+ ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1
+ ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1
+ ovn-nbctl --if-exists lr-policy-del lr1 1000 ip6.src==3001::1

Comment 6 errata-xmlrpc 2020-10-27 09:49:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4356

Note You need to log in before you can comment on or make changes to this bug.