OVN DB Sync utility cannot find NB DB Port Group
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Unassigned | ||
Ussuri |
Fix Released
|
High
|
Unassigned | ||
Victoria |
Fix Released
|
High
|
Unassigned | ||
Wallaby |
Fix Committed
|
High
|
Unassigned | ||
Xena |
Fix Released
|
High
|
Unassigned | ||
neutron |
In Progress
|
Medium
|
Miro Tomaska | ||
neutron (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Unassigned |
Bug Description
Runtime exception:
ovsdbapp.
can occure while performing database sync between Neutron db and OVN NB db using neutron-
This exception occures when the `sync_networks_
Quick way to reproduce on ML2/OVN:
- openstack project create test_project
- openstack create network --project test_project test_network
- openstack port delete $(openstack port list --network test_network -c ID -f value) # since this is an empty network only the metadata port should get listed and subsequently deleted
- openstack security group delete test_project
So now that you have a network without a metadata port in it and no default security group for the project/tenant that this network belongs to run
neutron-
The exeption should occur
Here is a more realistic scenario how we can run into this with ML2/OVS to ML2/OVN migration. I am also including why the code runs into it.
1. ML2/OVS enviroment with a network but no default security group for the project/tenant associated with the network
2. Perform ML2/OVS to ML2/OVN migration. This migration process will run neutron-
3. During the sync we first sync port groups[1] from Neutron DB to OVN DB
4. Then we sync network ports [2]. The process will detect that the network in question is not part of OVN NB. It will create that network in OVN NB db and along with that it will create a metadata port for it(OVN network requires metadataport). The Port_create call will implicitly notify _ensure_
5. When sync_acls[4] runs it will pick up those 4 new rules but commit to NB DB will fail since the port_group(aka security group) does not exists in NB DB
[1] https:/
[2] https:/
[3] https:/
[4] https:/
===== Ubuntu SRU Details =====
[Impact]
See bug description.
[Test Case]
Deploy openstack with OVN. Follow steps in "Quick way to reproduce on ML2/OVN" from bug description.
[Where problems could occur]
The fix mitigates the occurrence of the runtime exception, however the fix retries to sync port groups one more time, so there is potential for the same runtime exception to be raised.
Changed in neutron: | |
assignee: | nobody → Miro Tomaska (mtomaska) |
Changed in neutron: | |
importance: | Undecided → Medium |
description: | updated |
Changed in neutron (Ubuntu Focal): | |
status: | New → Triaged |
importance: | Undecided → High |
description: | updated |
tags: | added: verification-done |
Fix proposed to branch: master /review. opendev. org/c/openstack /neutron/ +/875989
Review: https:/