neutron

When ACL rules are synchronized, other rules docking with ovn vendors will be deleted by mistake

Bug #1927293 reported by zhangtongjian
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
New
Undecided
Unassigned

Bug Description

If ovn connects with other manufacturers, it will lead to the inconsistency between the ACLS configuration data in MariaDB and the data in the northbound database in ovn. When trying to synchronize ACL rules, it will only synchronize according to the ACLS in neutron, and delete the ACLS that are not unique to ovn in neutron, which will lead to the false deletion.
This is due to :https://github.com/openstack/neutron/blob/4d26c3a5449b2a9e99091204606023040b7635ed/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py#L267

zhangtongjian (zhangtongjian)
Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/790012

Revision history for this message
Rodolfo Alonso (rodolfo-alonso-hernandez) wrote :

Hello:

What does it mean "ovn connects with other manufacturers"? The OVN backend should be managed only by Neutron; that means only Neutron will handle the OVN NB.

Can you explain this a bit more?

Regards.

Revision history for this message
Slawek Kaplonski (slaweq) wrote : auto-abandon-script

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Changed in neutron:
status: In Progress → New
tags: added: timeout-abandon
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/790012
Reason: This review is > 4 weeks without comment, and failed Zuul jobs the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.