2075038 – [ovn][migration][17.0] Support migration to ML2/OVN from ML2/OVS with hybrid firewall

Bug 2075038 - [ovn][migration][17.0] Support migration to ML2/OVN from ML2/OVS with hybrid firewall

Summary: [ovn][migration][17.0] Support migration to ML2/OVN from ML2/OVS with hybrid ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	17.0 (Wallaby)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	Alpha
Target Release:	17.0
Assignee:	Jakub Libosvar
QA Contact:	Roman Safronov
Docs Contact:
URL:
Whiteboard:
Depends On:	2103545 2106370 2109516
Blocks:	2075039
TreeView+	depends on / blocked

Reported:	2022-04-13 13:26 UTC by Daniel Alvarez Sanchez
Modified:	2023-09-18 04:35 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-neutron-18.3.1-0.20220508171836.a88c2b2.el8ost
Doc Type:	Enhancement
Doc Text:	You can now migrate the mechanism driver to ML2/OVN from an ML2/OVS deployment that uses the iptables_hybrid firewall driver. + The existing instances keep using the hybrid plug mechanism after the migration, but security groups are implemented in OVN and there are no iptables rules present on the compute nodes.
Clone Of:
Clones:	2075039 (view as bug list)
Environment:
Last Closed:	2022-09-21 12:20:43 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	839343	None	MERGED	[ovn][migration] Support migration to OVN from iptables firewall	2022-05-31 19:18:49 UTC
Red Hat Issue Tracker	OSP-14662	None	None	None	2022-04-13 13:38:49 UTC
Red Hat Product Errata	RHEA-2022:6543	None	None	None	2022-09-21 12:21:12 UTC

Description Daniel Alvarez Sanchez 2022-04-13 13:26:13 UTC

By not removing the port binding details from the migration tool, we can make the migration from the hybrid firewall possible.

The patch that should enable this process is here:
https://review.opendev.org/c/openstack/neutron/+/837566

The purpose of this BZ is to track the backports and testing of the migration to ML2/OVN from the hybrid firewall, as well as to update our current documentation that states that it is not supported.

Comment 5 Roman Safronov 2022-07-28 15:52:31 UTC

Verified on RHOS-17.0-RHEL-9-20220721.n.1
Verified that is possible to migrate to OVN from OVS+iptables_hybrid firewall driver.

Note: still there are some OVS-specific leftovers
Bug 2106370 - [OSP17.0][OVN migration] iptables hybrid OVS-specific leftovers (qbr/qvb/qvo) still exist after VM migration
One more related BZ
Bug 2103147 - [RFE] Consider hybrid plugging during cold migration

Added corresponding comment to https://bugzilla.redhat.com/show_bug.cgi?id=2054670 in order to document the issues until they are fixed.

Comment 12 errata-xmlrpc 2022-09-21 12:20:43 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.0 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6543

Comment 13 Red Hat Bugzilla 2023-09-18 04:35:25 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days

Note You need to log in before you can comment on or make changes to this bug.