Now I haven't any openstack cluster for testing, nikhil please help me test it.
Step for reproduce and testing:
1. Create a VM (get neutron port_id, example xxxxx)
2. Check port_id in OVN northbound DB:
ovn-nbctl --no-leader-only lsp-list neutron-<neutron-network-id> https://ibb.co/d7D9VT4
--> port_id in OVN is yyyyy
2. ovn-nbctl --no-leader-only list port_group neutron_pg_drop | grep yyyyy
--> port yyyyy in port_group neutron_pg_drop
3. Disable port security
4. ovn-nbctl --no-leader-only list port_group neutron_pg_drop | grep yyyyy
--> port yyyyy removed from port_group neutron_pg_drop
5. Remove NB & SB DB
6. Run command neutron-ovn-db-sync-util to resync from neutron to NB database
neutron-ovn-db-sync-util --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --ovn-neutron_sync_mode repair
- Restart ovn-controller in all controller and compute
7. ovn-nbctl --no-leader-only list port_group neutron_pg_drop | grep yyyyy
--> port yyyyy appear in port_group neutron_pg_drop
--> Can't access to this VM (VM still active but can't ping or access to IP)
After this patch, in step 7: port yyyyy not appear in port_group neutron_pg_drop
Hello,
Now I haven't any openstack cluster for testing, nikhil please help me test it.
Step for reproduce and testing: <neutron- network- id> /ibb.co/ d7D9VT4
1. Create a VM (get neutron port_id, example xxxxx)
2. Check port_id in OVN northbound DB:
ovn-nbctl --no-leader-only lsp-list neutron-
https:/
--> port_id in OVN is yyyyy
2. ovn-nbctl --no-leader-only list port_group neutron_pg_drop | grep yyyyy
--> port yyyyy in port_group neutron_pg_drop
3. Disable port security
4. ovn-nbctl --no-leader-only list port_group neutron_pg_drop | grep yyyyy
--> port yyyyy removed from port_group neutron_pg_drop
5. Remove NB & SB DB ovn-db- sync-util to resync from neutron to NB database ovn-db- sync-util --config-file /etc/neutron/ neutron. conf --config-file /etc/neutron/ plugins/ ml2/ml2_ conf.ini --ovn-neutron_ sync_mode repair
6. Run command neutron-
neutron-
- Restart ovn-controller in all controller and compute
7. ovn-nbctl --no-leader-only list port_group neutron_pg_drop | grep yyyyy
--> port yyyyy appear in port_group neutron_pg_drop
--> Can't access to this VM (VM still active but can't ping or access to IP)
After this patch, in step 7: port yyyyy not appear in port_group neutron_pg_drop