commit c2e6038fa17cb2cbfb095320827a59eb681112e8
Author: Daniel Alvarez <email address hidden>
Date: Thu Jan 4 00:22:30 2018 +0100
Check for sg_rules correctness
This patch is updating networking-ovn to check for correctness when
creating or deleting security group rules.
This patch also allows to insert duplicate entries in ACL table in
case that two indentical rules belong to different SGs. Each acl will
reference to its own SG rule in the external_ids column so that we
can ensure consistency across Neutron and OVN objects. The main
drawback is that duplicated acls will make ovn-northd insert duplicate
lflows in SB database which, in turn, makes ovn-controller drop the
flows when it's processing the logical flows and log INFO messages. To
overcome this, I have sent a patch [0] to core OVN so that
ovn-controller logs those traces as DBG instead and reduce noise.
Please see the references in the commit message at [0] and the
discussion around this.
Reviewed: https:/ /review. openstack. org/531033 /git.openstack. org/cgit/ openstack/ networking- ovn/commit/ ?id=c2e6038fa17 cb2cbfb09532082 7a59eb681112e8
Committed: https:/
Submitter: Zuul
Branch: master
commit c2e6038fa17cb2c bfb095320827a59 eb681112e8
Author: Daniel Alvarez <email address hidden>
Date: Thu Jan 4 00:22:30 2018 +0100
Check for sg_rules correctness
This patch is updating networking-ovn to check for correctness when
creating or deleting security group rules.
This patch also allows to insert duplicate entries in ACL table in
case that two indentical rules belong to different SGs. Each acl will
reference to its own SG rule in the external_ids column so that we
can ensure consistency across Neutron and OVN objects. The main
drawback is that duplicated acls will make ovn-northd insert duplicate
lflows in SB database which, in turn, makes ovn-controller drop the
flows when it's processing the logical flows and log INFO messages. To
overcome this, I have sent a patch [0] to core OVN so that
ovn-controller logs those traces as DBG instead and reduce noise.
Please see the references in the commit message at [0] and the
discussion around this.
Partial-Bug: #1605089
[0] https:/ /github. com/openvswitch /ovs/commit/ 5905b28f1abff1a 295ea37654d8871 54b0dc2bc0
Change-Id: Ie2659ecb84193d 58d35ced6b8fb0b 89fc03cf6e7
Signed-off-by: Daniel Alvarez <email address hidden>