neutron

  1. Bug #1721895
  2. Comment #2

Comment 2 for bug 1721895

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/510628
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9d74de162a2dd7bf5c2df59ccf9ff812f8e46387
Submitter: Jenkins
Branch: master

commit 9d74de162a2dd7bf5c2df59ccf9ff812f8e46387
Author: Jakub Libosvar <email address hidden>
Date: Mon Oct 9 15:33:32 2017 +0000

    ovs-fw: Remove iptables rules on hybrid ports

    ovs-firewall now scans ports on its bridge and stores those that have
    prefix 'qvo', which means such ports use hybrid plugging. Because
    ovs-agent makes a full-sync when it's started, all ports that reside on
    the node are passed to firewall driver to refresh firewall, a new helper
    was added.

    In case the initial scan noticed hybrid plugged, an iptables firewall
    driver is instantiated and each port is passed down to helper that
    removes iptables rules for given port.

    Once all ports are processed, a mark is added to ovsdb to avoid cleaning
    iptables in the future. That means next time ovs-agent is started
    iptables firewall will not be instantiated.

    NOTE: Fullstack tests are a great candidate to cover the migration but
          I'll leave it as TODO after we stabilize fullstack tests.

    Closes-bug: #1721895

    Change-Id: I662c310133a089bf29b734c539e57a8cff923074