ovs-vswitchd needs to be forced to reconfigure after adding protocols to bridges
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Neutron Open vSwitch Charm |
Invalid
|
Undecided
|
Unassigned | ||
Ubuntu Cloud Archive |
Fix Released
|
Undecided
|
Unassigned | ||
Train |
Fix Released
|
High
|
Unassigned | ||
Ussuri |
Fix Released
|
Undecided
|
Unassigned | ||
neutron |
New
|
Undecided
|
Unassigned | ||
openvswitch |
New
|
Undecided
|
Unassigned | ||
neutron (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Eoan |
Fix Released
|
High
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
openvswitch (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
When the neutron native ovs driver creates bridges it will sometimes apply/modify the supported openflow protocols on that bridge. The OpenVswitch versions shipped with Train and Ussuri don't support this which results in OF protocol mismatches when neutron performs operations on that bridge. The patch we are backporting here ensures that all protocol versions are set on the bridge at the point on create/init.
[Test Case]
* deploy Openstack Train
* go to a compute host and do: sudo ovs-ofctl -O OpenFlow14 dump-flows br-int
* ensure you do not see "negotiation failed" errors
[Regression Potential]
* this patch is ensuring that newly created Neutron ovs bridges have OpenFlow 1.0, 1.3 and 1.4 set on them. Neutron already supports these so is not expected to have any change in behaviour. The patch will not impact bridges that already exist (so will not fix them either if they are affected).
-------
As part of programming OpenvSwitch, Neutron will add to which protocols bridges support [0].
However, the Open vSwitch `ovs-vswitchd` process does not appear to always update its perspective of which protocol versions it should support for bridges:
# ovs-ofctl -O OpenFlow14 dump-flows br-int
2019-11-
ovs-ofctl: br-int: failed to connect to socket (Broken pipe)
# systemctl restart ovsdb-server
# ovs-ofctl -O OpenFlow14 dump-flows br-int
cookie=
cookie=
...
(Success)
The restart of the `ovsdb-server` process above will make `ovs-vswitchd` reassess its configuration.
Changed in charm-neutron-openvswitch: | |
status: | New → Invalid |
summary: |
- ovsdb-server needs to be restarted after adding protocols to bridges + ovs-vswitchd needs to be forced to reconfigure after adding protocols to + bridges |
description: | updated |
no longer affects: | openvswitch (Ubuntu Focal) |
no longer affects: | openvswitch (Ubuntu Eoan) |
Changed in neutron (Ubuntu Focal): | |
status: | New → Fix Released |
no longer affects: | openvswitch (Ubuntu Eoan) |
no longer affects: | openvswitch (Ubuntu Focal) |
Changed in neutron (Ubuntu Eoan): | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in neutron (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in openvswitch (Ubuntu): | |
importance: | Undecided → High |
status: | Confirmed → Triaged |
no longer affects: | kolla-ansible |
Hello:
I've seen this behavior in OVS 2.12. Previous versions work well (2.11 and 2.10).
I detected this problem using Neutron (master), OVS 2.12 and OVS firewall. The firewall flows are added to the DB using "--bundle". This requires OF14. Because this protocol is added after the bridge is created, it does not work.
But if the protocol is added in the same transaction of the creation [1], then the "--bundle" add-flows commands work.
Regards.
[1] https:/ /github. com/openstack/ neutron/ blob/4051e0b19d c9f318c2e0dd7c6 0eaa2c46536ad03 /neutron/ agent/common/ ovs_lib. py#L286- L302