Description of problem: lr-policy-add and lr-policy-del commands are missing support for --may-exist or --if-exists See https://github.com/ovn-org/ovn/issues/49 for more info
tested with following script: ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow ovn-nbctl lr-policy-add lr1 1000 ip6.src==3001::1 allow ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow ovn-nbctl --may-exist lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1 ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1 ovn-nbctl --if-exists lr-policy-del lr1 1000 ip6.src==3001::1 Verified on ovn2.13-20.09.0-1.el7fdp.x86_64: [root@wsfd-advnetlab16 bz1845109]# rpm -qa | grep -E "openvswitch|ovn" kernel-kernel-networking-openvswitch-ovn-common-1.0-9.noarch ovn2.13-20.09.0-1.el7fdp.x86_64 kernel-kernel-networking-openvswitch-ovn-basic-1.0-30.noarch openvswitch-selinux-extra-policy-1.0-15.el7fdp.noarch openvswitch2.13-2.13.0-51.el7fdp.x86_64 ovn2.13-central-20.09.0-1.el7fdp.x86_64 ovn2.13-host-20.09.0-1.el7fdp.x86_64 + ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow + ovn-nbctl lr-policy-add lr1 1000 ip6.src==3001::1 allow + ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow ovn-nbctl: Same routing policy already existed on the logical router lr1. + ovn-nbctl --may-exist lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow <==== no error if --may-exist is used + ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1 + ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1 + ovn-nbctl --if-exists lr-policy-del lr1 1000 ip6.src==3001::1 <=== --if-exists is supported [root@wsfd-advnetlab16 bz1845109]# ovn-nbctl list logical_router_policy _uuid : fb367baf-6d9e-4a7e-98c1-5465ea985ec7 action : allow external_ids : {} match : "ip4.src==192.168.0.1" nexthop : [] options : {} priority : 2000
also verified on rhel8 version: [root@wsfd-advnetlab18 bz1845109]# rpm -qa | grep -E "openvswitch|ovn" openvswitch-selinux-extra-policy-1.0-23.el8fdp.noarch ovn2.13-20.09.0-1.el8fdp.x86_64 openvswitch2.13-2.13.0-60.el8fdp.x86_64 ovn2.13-central-20.09.0-1.el8fdp.x86_64 ovn2.13-host-20.09.0-1.el8fdp.x86_64 + ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow + ovn-nbctl lr-policy-add lr1 1000 ip6.src==3001::1 allow + ovn-nbctl lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow ovn-nbctl: Same routing policy already existed on the logical router lr1. + ovn-nbctl --may-exist lr-policy-add lr1 2000 ip4.src==192.168.0.1 allow + ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1 + ovn-nbctl lr-policy-del lr1 1000 ip6.src==3001::1 + ovn-nbctl --if-exists lr-policy-del lr1 1000 ip6.src==3001::1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (ovn2.13 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4356