2021987 – OVN migration script should allow any OVS firewall configuration

Bug 2021987 - OVN migration script should allow any OVS firewall configuration

Summary: OVN migration script should allow any OVS firewall configuration

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-networking-ovn
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z3
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Rodolfo Alonso
QA Contact:	Roman Safronov
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2084058 (view as bug list)
Depends On:
Blocks:	2087077
TreeView+	depends on / blocked

Reported:	2021-11-10 14:07 UTC by Roman Safronov
Modified:	2022-06-14 17:44 UTC (History)
CC List:	16 users (show)
Fixed In Version:	python-networking-ovn-7.4.2-2.20220409154848.el8ost
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	2087077 (view as bug list)
Environment:
Last Closed:	2022-06-02 18:33:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1951272	None	None	None	2021-11-17 15:09:29 UTC
OpenStack gerrit	818239	None	MERGED	[OVN] Prevent OVS to OVN migration if firewall "iptables_hybrid"	2022-05-03 15:44:22 UTC
OpenStack gerrit	826265	None	MERGED	[OVN] Prevent OVS to OVN migration if firewall "iptables_hybrid"	2022-05-03 15:44:22 UTC
Red Hat Issue Tracker	OSP-10748	None	None	None	2021-11-10 14:08:22 UTC

Description Roman Safronov 2021-11-10 14:07:09 UTC

Description of problem:
Since we do not support ovs2ovn migration with iptables_hybrid firewall driver we should block it explicitly in the ovn_migration script. 

Version-Release number of selected component (if applicable):
RHOS-16.2-RHEL-8-20211027.n.1

How reproducible:
100%

Steps to Reproduce:
1. Deploy ml2ovs environment with iptables_hybrid firewall driver.
2. Try to run ovs2ovn migration according to the official documentation.

Actual results:
ovn_migration script allows customers to perform ovs2ovn migration on an environment with iptables_hybrid firewall driver. This can lead to the situation where customer receives an unsupported OVN configuration where VMs are connected via linux bridges.

Expected results:
ovn migration script detects existing firewall driver. In case the firewall driver is iptables_hybrid the script prints a message that ovs2ovn migration is not allowed  and exits. In case firewall driver is openvswitch the script initiates the ovs2ovn migration as usual.

Additional info:

Comment 29 Jakub Libosvar 2022-05-06 22:01:07 UTC

*** Bug 2075039 has been marked as a duplicate of this bug. ***

Comment 34 Roman Safronov 2022-05-17 10:09:57 UTC

Verified on puddle  RHOS-16.2-RHEL-8-20220513.n.2 which uses python3-networking-ovn-migration-tool-7.4.2-2.20220409154848.el8ost.noarch.rpm.
Verified that it's possible to migrate to ovn from ml2ovs with either iptables_hybrid or openvswitch firewall.

Comment 35 Fernando Royo 2022-05-23 13:37:02 UTC

*** Bug 2084058 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.