neutron

Libvirt driver cannot avoid ovs_hybrid

Series icehouse
Bug #1336624

Bug #1336624 reported by Ryota Mibu on 2014-07-02

This bug affects 5 people

	Status	Importance	Assigned to	Milestone
neutron	Fix Released	Low	Ryota Mibu	neutron 2015.1.0 "kilo"
Icehouse	New	Undecided	Unassigned
Juno	Fix Released	Undecided	Unassigned	neutron 2014.2.1

Bug Description

This bug is related to Nova and Neutron.

Libvirt driver cannot avoid ovs_hybrid though if NoopFirewallDriver is selected, while using LibvirtGenericVIFDriver at Nova and ML2+OVS at Neutron.

Since Nova follows "binding:vif_detail" from Neutron [1], that is intended behavior. OVS mech driver in Neutron always return the following vif_detail:

  vif_details: {
    "port_filter": true,
    "ovs_hybrid_plug": true,
  }

So, Neutron is right place to configure to avoid ovs_hybrid plugging. I think we can set ovs_hybrid_plug=False in OVS mech driver if security_group is disabled.

[1] https://review.openstack.org/#/c/83190/

Tags:

Eugene Nikanorov (enikanorov) on 2014-07-02

tags:	added: sg-fw
Changed in neutron:
importance:	Undecided → Low
assignee:	nobody → Eugene Nikanorov (enikanorov)
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-02: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/104240

Changed in neutron:
assignee:	Eugene Nikanorov (enikanorov) → Ryota Mibu (r-mibu)
status:	Confirmed → In Progress

Armando Migliaccio (armando-migliaccio) on 2014-10-25

Changed in neutron:
milestone:	none → kilo-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-10-25: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/104240
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=e73f8da072cb41559ecee7f29f864a10db475444
Submitter: Jenkins
Branch: master

commit e73f8da072cb41559ecee7f29f864a10db475444
Author: Ryota MIBU <email address hidden>
Date: Thu Jul 3 00:10:32 2014 +0900

Set vif_details to reflect enable_security_group

    While plugging vif, VIFDriver in Nova follows "ovs_hybrid_plug" and
    "port_filter" in "binding:vif_detail" which is passed from Neutron, but
    those are always true. This patch make ML2 OVS mech driver set those
    param depends on enable_security_group flag. It enables users to avoid
    ovs_hybrid plugging.

    This patch also fixes the same issue in the following plugins/drivers:
      * NEC Plugin
      * BigSwitch Plugin
      * Ryu Plugin
      * ML2 Plugin - OFAgent Mech Driver

Closes-Bug: #1336624
Change-Id: I2b7fb526a6f1b730ad65289307b24fd28b996e1b

Changed in neutron:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-05: Fix proposed to neutron (stable/juno)

Fix proposed to branch: stable/juno
Review: https://review.openstack.org/132759

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-10: Fix proposed to neutron (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/133421

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-11: Fix merged to neutron (stable/icehouse)

Reviewed: https://review.openstack.org/133421
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=506bd9491837cffbdaf63843e5ec108f717588d3
Submitter: Jenkins
Branch: stable/icehouse

commit 506bd9491837cffbdaf63843e5ec108f717588d3
Author: Ryota MIBU <email address hidden>
Date: Thu Jul 3 00:10:32 2014 +0900

Set vif_details to reflect enable_security_group

    This patch also fixes the same issue in the following plugins/drivers:
      * NEC Plugin
      * BigSwitch Plugin
      * Ryu Plugin
      * ML2 Plugin - OFAgent Mech Driver

Conflicts:
neutron/tests/unit/ml2/drivers/test_ofagent_mech.py

    Closes-Bug: #1336624
    Change-Id: I2b7fb526a6f1b730ad65289307b24fd28b996e1b
    (cherry picked from commit e73f8da072cb41559ecee7f29f864a10db475444)

tags:

added: in-stable-icehouse

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-11: Fix merged to neutron (stable/juno)

Reviewed: https://review.openstack.org/132759
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=08778910d1cbcd8c923a766d4b03f4d7220245c6
Submitter: Jenkins
Branch: stable/juno

commit 08778910d1cbcd8c923a766d4b03f4d7220245c6
Author: Ryota MIBU <email address hidden>
Date: Thu Jul 3 00:10:32 2014 +0900

Set vif_details to reflect enable_security_group

    This patch also fixes the same issue in the following plugins/drivers:
      * NEC Plugin
      * BigSwitch Plugin
      * Ryu Plugin
      * ML2 Plugin - OFAgent Mech Driver

    Closes-Bug: #1336624
    Change-Id: I2b7fb526a6f1b730ad65289307b24fd28b996e1b
    (cherry picked from commit e73f8da072cb41559ecee7f29f864a10db475444)

tags:

added: in-stable-juno

Thierry Carrez (ttx) on 2014-12-18

Changed in neutron:
status:	Fix Committed → Fix Released

Revision history for this message

Kimi Zhang (kimi-zhangkai) wrote on 2014-12-18:

How about if we still want to enable security group but with firewall_driver = neutron.agent.firewall.NoopFirewallDriver on each neutron ovs agent node, and we want avoid ovs_hybrid ?

In this way, we keep "fake" security group function running for back-compatibility support for existing Heat templates, and we get rid of ovs_hybrid.

Thierry Carrez (ttx) on 2015-04-30

Changed in neutron:
milestone:	kilo-1 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.