openvswitch firewall driver always uses deprecated ovs-ofctl instead of defined driver

Bug #1672340 reported by Jakub Libosvar on 2017-03-13
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
High
Unassigned

Bug Description

Changed in neutron:
assignee: nobody → Jakub Libosvar (libosvar)
Anindita Das (anindita-das) wrote :

Hi Jakub,

Are we getting any errors because of this? Can you please elaborate what needs to be fixed here?

Thanks,
Anindita

summary: - DeferredBridge always uses deprecated ovs-ofctl instead of defined
- driver
+ openvswitch firewall driver always uses deprecated ovs-ofctl instead of
+ defined driver
Jakub Libosvar (libosvar) wrote :

Hi Anindita,

no, we don't suffer any errors, we just keep using ovs-ofctl calls even though native of_interface is configured.

The proper fix here would be to define common api for ovs-ofctl and native drivers for CRUD operations. But since we deprecated ovs-ofctl driver in Ocata I think it would be a waste of resources to do that. That's why I changed the summary to OVS firewall and I'll implement a FirewallBridge that will send the flows based on used driver.

tags: added: ovs-fw
removed: ovs-lib
Changed in neutron:
importance: Undecided → High

Related fix proposed to branch: master
Review: https://review.openstack.org/460394

Changed in neutron:
assignee: Jakub Libosvar (libosvar) → IWAMOTO Toshihiro (iwamoto)
status: New → In Progress
IWAMOTO Toshihiro (iwamoto) wrote :

Hi Jakub,

what will your FirewallBridge look like?
What do you think of my approach?

Jakub Libosvar (libosvar) wrote :

Hi Iwamoto, I think if we plan to deprecate of_interface it would be a useless effort to make ovs firewall working with both interfaces. What you have seems good and reasonable to me :)

Reviewed: https://review.openstack.org/460394
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3f4bceecaa67a1f20c7ec6243d0c883ff815f531
Submitter: Jenkins
Branch: master

commit 3f4bceecaa67a1f20c7ec6243d0c883ff815f531
Author: IWAMOTO Toshihiro <email address hidden>
Date: Tue Apr 18 15:04:06 2017 +0900

    of_interface: allow install_instructions to accept string actions

    Other than the of_interface methods, today we are forced to use ovs_lib
    methods to program flows, which call ovs-ofctl in turn. Let's make
    install_instructions accept string actions regardless of of_interface
    driver.

    Related-bug: #1672340
    Change-Id: Ie2fdeab1f4ac567ef336abae03768e43f426311a

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Changed in neutron:
assignee: IWAMOTO Toshihiro (iwamoto) → nobody
status: In Progress → New
tags: added: timeout-abandon

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.openstack.org/460395
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Changed in neutron:
assignee: nobody → IWAMOTO Toshihiro (iwamoto)
status: New → In Progress

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Changed in neutron:
assignee: IWAMOTO Toshihiro (iwamoto) → nobody
status: In Progress → New

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.openstack.org/460395
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers