Maintenance task: Fails to delete out-of-sync security group rule

Bug #1756123 reported by Lucas Alvares Gomes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-ovn
Fix Released
Medium
Unassigned

Bug Description

Currently the maintenance task can not fix security group rules that failed to be deleted from OVN, the code responsible for checking the security group rule exist in the OVN database is wrong [0].

<snippet>

    def get_acl_by_id(self, acl_id):
        try:
            return self.lookup('ACL', uuid.UUID(acl_id))
        except idlutils.RowNotFound:
            return
</snippet>

The "acl_id" parameter passed to it via the maintenance task is the Neutron object uuid which is saved in the external_ids column of the ACLs, which can't be found by the self.lookup() method.

The delete_security_group_rule() method in the OVNClient also will need some refactor to work with the maintenance task. Currently [1] it requires the Neutron object to be passed as a parameter but, when the maintenance task is fixing it that object has already been deleted from the Neutron database.

So, the delete_security_group_rules() from OVNClient will need to find all ACLs belonging to a given security group rule ID and remove them instead.

[0] https://github.com/openstack/networking-ovn/blob/ef45135b11350acc5bc4e064a609b1a6fb5088e1/networking_ovn/ovsdb/impl_idl_ovn.py#L248-L252

[1] https://github.com/openstack/networking-ovn/blob/ef45135b11350acc5bc4e064a609b1a6fb5088e1/networking_ovn/common/ovn_client.py#L1445-L1447

Changed in networking-ovn:
status: New → Confirmed
importance: Undecided → Medium
Changed in networking-ovn:
status: Confirmed → Won't Fix
status: Won't Fix → Confirmed
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.