[mos 9.x][ovsfw] no vm connectivity with ovs firewall
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Invalid
|
High
|
Inessa Vasilevskaya | ||
9.x |
Invalid
|
High
|
Inessa Vasilevskaya |
Bug Description
https:/
Steps to reproduce:
* install ovs-2.5 (openvswitch-
add-apt-repository 'deb http://
wget -qO - http://
stop openvswitch-switch
apt-get update && apt-get install --upgrade-only openvswitch-switch openvswitch-common
Verify that all is ok: restart neutron-l3-agent and neutron-
* /etc/neutron/
[securitygroup]
firewall_driver = openvswitch
* restart neutron-
OSTF connectivity test (as well as any other test that boots a vm, assigns a floating and pings it) will fail.
UPDATE: as per https:/
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Weird things observed so far (unfortunately I don't have any other environment save mos9.x, so I take devstack as reference one):
* zero mac-addresses in ovs-ofctl show br-int output: paste.openstack .org/show/ 566417/ paste.openstack .org/show/ 566418/
(devstack, OK) http://
(mos9) http://
* ovs-appctl ofproto/trace and dump-flows differ substantially
(devstack, OK) http:// paste.openstack .org/show/ 566433/ paste.openstack .org/show/ 566436/
(mos9) http://
devstack flows br-int: http:// paste.openstack .org/show/ 566435/ paste.openstack .org/show/ 566434/
mos 9 flows br-int: http://
Those 2 are undoubtedly connected, let's figure why it's broken.