Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1990357

Summary: No tripleo parameter available to customize rate_limit and burst_size for neutron logging
Product: Red Hat OpenStack Reporter: Alex Katz <akatz>
Component: openstack-tripleo-heat-templatesAssignee: Slawek Kaplonski <skaplons>
Status: CLOSED ERRATA QA Contact: Fiorella Yanac <fyanac>
Severity: high Docs Contact:
Priority: high    
Version: 16.2 (Train)CC: ccamposr, egarciar, fyanac, gregraka, jamsmith, jelynch, jschluet, mburns, rbruzzon, skaplons
Target Milestone: z4Keywords: Triaged
Target Release: 16.2 (Train on RHEL 8.4)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-tripleo-heat-templates-14.3.1-0.20220416022231.55e0447.el8ost puppet-neutron-18.5.1-0.20220217225707.41bcf66.el8ost Doc Type: Enhancement
Doc Text:
This enhancement adds new configuration options for the Networking service (neutron) logging service plug-in. With this update, there is added support for network security group logging, and you can configure Networking service logging by using the following new parameters in RHOSP Orchestration service (heat) templates: + * *Options for Layer 3 (L3) agents:* ** `NeutronL3AgentLoggingRateLimit` ** `NeutronL3AgentLoggingBurstLimit` ** `NeutronL3AgentLoggingLocalOutputLogBase` * *Options for for Open vSwitch (OVS) agents:* ** `NeutronOVSAgentLoggingRateLimit` ** `NeutronOVSAgentLoggingBurstLimit` ** `NeutronOVSAgentLoggingLocalOutputLogBase` * *Options for ML2/OVN back ends:* ** `NeutronOVNLoggingRateLimit` ** `NeutronOVNLoggingBurstLimit` ** `NeutronOVNLoggingLocalOutputLogBase`
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-12-07 19:21:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1619266    

Description Alex Katz 2021-08-05 09:09:05 UTC 
Description of problem:
There is an RFE bz1619266 to support security group logging with ml2/OVN plugin. There are three configurable parameters available for the feature:
 - `service_plugins` list. Contains the list of all the available service plugins. Can be modified on deployment with the `NeutronServicePlugins` parameter.
 - `rate_limit`. Meter option to limit the packet rate of the logs that are sent to the OVN controller. Can't be customized on deployment using Tripleo. As per upstream documentation [1] it can be configured with `neutron.conf.services.logging.log_driver_opts` or just with `rate_limit` option under the `network_log` section of the neutron.conf file (neutron_api container).
 - `burst_limit`. Meter option to increase the packet rate limit by the specified value for a short period of time (to allow sikes). Can't be customized on deployment using Tripleo. As per upstream documentation [1] it can be configured with `neutron.conf.services.logging.log_driver_opts` or just with `rate_limit` option under the `network_log` section of the neutron.conf file (neutron_api container).


That functionality has been already implemented for the ml2/OVS but with the same limitation (not possible to customize on deployment). It requires additional parameters to be configurable (as per documentation [2]):
 - `extensions` list. Contains the list of ovs extensions. Can be configured with `extensions` parameter under `agent` section of openvswitch_agent.ini file (compute/networker node) or ml2_conf.ini file (controller node).
 - `local_output_log_base`. Path to the log file. Can be configured on compute/networker node with `local_output_log_base` parameter under `network_log` section of openvswitch_agent.ini file (security group logging) or l3_agent.ini file (firewall group logging).
 - `rate_limit` and `burst_limit` should be configured on compute/networker nodes (unlike ml2/OVN implementation) under `network_log` section of openvswitch_agent.ini file (security group logging) or l3_agent.ini file (firewall group logging).


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

[1] https://docs.openstack.org/neutron/latest/contributor/internals/ovn/ovn_network_logging.html
[2] https://docs.openstack.org/neutron/wallaby/admin/config-logging.html
Comment 1 Elvira 2022-02-10 15:27:08 UTC 
Hi, why did this change from 16.2 to 17? Can we change it back? @ccamposr 

Kind regards,
Elvira
Comment 30 errata-xmlrpc 2022-12-07 19:21:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.4), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8794