2022040 – [ovn][migration][16.1] Support migration to ML2/OVN from ML2/OVS with hybrid firewall

Bug 2022040 - [ovn][migration][16.1] Support migration to ML2/OVN from ML2/OVS with hybrid firewall

Summary: [ovn][migration][16.1] Support migration to ML2/OVN from ML2/OVS with hybrid ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	python-networking-ovn
Sub Component:
Version:	16.1 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z9
Target Release:	16.1 (Train on RHEL 8.2)
Assignee:	Rodolfo Alonso
QA Contact:	Roman Safronov
Docs Contact:
URL:
Whiteboard:
Depends On:	2075039
Blocks:
TreeView+	depends on / blocked

Reported:	2021-11-10 15:49 UTC by Roman Safronov
Modified:	2023-09-18 04:27 UTC (History)
CC List:	8 users (show)
Fixed In Version:	python-networking-ovn-7.3.1-1.20220530153732.4e24f4c.el8ost
Doc Type:	Enhancement
Doc Text:	With this update, you can now migrate an ML2/OVS deployment with the iptables_hybrid firewall driver to ML2/OVN.
Clone Of:
Environment:
Last Closed:	2022-12-07 20:25:25 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Launchpad	1951272	None	None	None	2021-11-17 15:09:22 UTC
Red Hat Issue Tracker	OSP-10755	None	None	None	2021-11-10 15:55:59 UTC
Red Hat Product Errata	RHBA-2022:8795	None	None	None	2022-12-07 20:25:41 UTC

Description Roman Safronov 2021-11-10 15:49:48 UTC

Description of problem:
Since we do not support ovs2ovn migration with iptables_hybrid firewall driver [1] we should block it explicitly in the ovn_migration script. 

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html/networking_with_open_virtual_network/migrating-ml2ovs-to-ovn

Version-Release number of selected component (if applicable):
RHOS-16.1-RHEL-8-20211104.n.1

How reproducible:
100%

Steps to Reproduce:
1. Deploy ml2ovs environment with iptables_hybrid firewall driver.
2. Try to run ovs2ovn migration according to the official documentation.

Actual results:
ovn_migration script allows customers to perform ovs2ovn migration on an environment with iptables_hybrid firewall driver. This can lead to the situation where customer receives an unsupported OVN configuration where VMs are connected via linux bridges.

Expected results:
ovn migration script detects existing firewall driver. In case the firewall driver is iptables_hybrid the script prints a message that ovs2ovn migration is not allowed  and exits. In case firewall driver is openvswitch the script initiates the ovs2ovn migration as usual.

Comment 17 errata-xmlrpc 2022-12-07 20:25:25 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat OpenStack Platform 16.1.9 bug fix and enhancement advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8795

Comment 18 Red Hat Bugzilla 2023-09-18 04:27:55 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.