openvswitch firewall driver always uses deprecated ovs-ofctl instead of defined driver

Hi Jakub,

Are we getting any errors because of this? Can you please elaborate what needs to be fixed here?

Thanks,
Anindita

Hi Anindita,

no, we don't suffer any errors, we just keep using ovs-ofctl calls even though native of_interface is configured.

The proper fix here would be to define common api for ovs-ofctl and native drivers for CRUD operations. But since we deprecated ovs-ofctl driver in Ocata I think it would be a waste of resources to do that. That's why I changed the summary to OVS firewall and I'll implement a FirewallBridge that will send the flows based on used driver.

Related fix proposed to branch: master
Review: https://review.openstack.org/460394

Fix proposed to branch: master
Review: https://review.openstack.org/460395

Hi Jakub,

what will your FirewallBridge look like?
What do you think of my approach?

Hi Iwamoto, I think if we plan to deprecate of_interface it would be a useless effort to make ovs firewall working with both interfaces. What you have seems good and reasonable to me :)

Reviewed: https://review.openstack.org/460394
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3f4bceecaa67a1f20c7ec6243d0c883ff815f531
Submitter: Jenkins
Branch: master

commit 3f4bceecaa67a1f20c7ec6243d0c883ff815f531
Author: IWAMOTO Toshihiro <email address hidden>
Date: Tue Apr 18 15:04:06 2017 +0900

    of_interface: allow install_instructions to accept string actions

    Other than the of_interface methods, today we are forced to use ovs_lib
    methods to program flows, which call ovs-ofctl in turn. Let's make
    install_instructions accept string actions regardless of of_interface
    driver.

    Related-bug: #1672340
    Change-Id: Ie2fdeab1f4ac567ef336abae03768e43f426311a

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.openstack.org/460395
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.openstack.org/460395
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.opendev.org/460395
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Bug closed due to lack of activity, please feel free to reopen if needed.