diff -Nru neutron-12.1.1/debian/changelog neutron-12.1.1/debian/changelog --- neutron-12.1.1/debian/changelog 2021-02-23 01:55:40.000000000 +0900 +++ neutron-12.1.1/debian/changelog 2021-05-03 17:15:28.000000000 +0900 @@ -1,3 +1,10 @@ +neutron (2:12.1.1-0ubuntu5) bionic; urgency=medium + + * Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall + - d/p/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch (LP: #1849098) + + -- Seyeong Kim Mon, 03 May 2021 17:15:28 +0900 + neutron (2:12.1.1-0ubuntu4) bionic; urgency=medium * Fix interrupt of VLAN traffic on reboot of neutron-ovs-agent: diff -Nru neutron-12.1.1/debian/patches/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch neutron-12.1.1/debian/patches/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch --- neutron-12.1.1/debian/patches/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch 1970-01-01 09:00:00.000000000 +0900 +++ neutron-12.1.1/debian/patches/0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch 2021-05-03 17:12:55.000000000 +0900 @@ -0,0 +1,56 @@ +From f3bd8defedf0e46381fb724d725137eea1950cda Mon Sep 17 00:00:00 2001 +From: Oleg Bondarev +Date: Mon, 21 Oct 2019 15:40:12 +0400 +Subject: [PATCH] Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall + +This will prevent ovs agent from endless fail loop when dealing +with unbound port: like when port was created in neutron before +agent become alive, then agent gets online and and starts processing +devices. +This patch adds exception handling to prepare_port_filter() - +same as done in update_port_filter(). + +Change-Id: I1137eb18efaf51c67fab145e645f58cbd3772e40 +Closes-Bug: #1849098 +(cherry picked from commit e801159003978f7c5c67eb3e9fe36fa690656d77) +(cherry picked from commit 6d581e94aa9a42894ebb9161790e64b2b60828b0) +--- + .../linux/openvswitch_firewall/firewall.py | 25 +++++++++++++------ + 1 file changed, 17 insertions(+), 8 deletions(-) + +Index: neutron-12.1.1/neutron/agent/linux/openvswitch_firewall/firewall.py +=================================================================== +--- neutron-12.1.1.orig/neutron/agent/linux/openvswitch_firewall/firewall.py ++++ neutron-12.1.1/neutron/agent/linux/openvswitch_firewall/firewall.py +@@ -584,14 +584,23 @@ class OVSFirewallDriver(firewall.Firewal + self._initialize_egress_no_port_security(port['device']) + return + +- old_of_port = self.get_ofport(port) +- of_port = self.get_or_create_ofport(port) +- if old_of_port: +- LOG.info("Initializing port %s that was already initialized.", +- port['device']) +- self._update_flows_for_port(of_port, old_of_port) +- else: +- self._set_port_filters(of_port) ++ try: ++ old_of_port = self.get_ofport(port) ++ of_port = self.get_or_create_ofport(port) ++ if old_of_port: ++ LOG.info("Initializing port %s that was already initialized.", ++ port['device']) ++ self._update_flows_for_port(of_port, old_of_port) ++ else: ++ self._set_port_filters(of_port) ++ except exceptions.OVSFWPortNotFound as not_found_error: ++ LOG.info("port %(port_id)s does not exist in ovsdb: %(err)s.", ++ {'port_id': port['device'], ++ 'err': not_found_error}) ++ except exceptions.OVSFWTagNotFound as tag_not_found: ++ LOG.info("Tag was not found for port %(port_id)s: %(err)s.", ++ {'port_id': port['device'], ++ 'err': tag_not_found}) + + def update_port_filter(self, port): + """Update rules for given port diff -Nru neutron-12.1.1/debian/patches/0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch neutron-12.1.1/debian/patches/0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch --- neutron-12.1.1/debian/patches/0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch 2021-02-23 01:55:40.000000000 +0900 +++ neutron-12.1.1/debian/patches/0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch 2021-05-03 17:12:51.000000000 +0900 @@ -28,11 +28,11 @@ neutron/tests/unit/agent/l3/test_agent.py | 40 ++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) -diff --git a/neutron/agent/l3/agent.py b/neutron/agent/l3/agent.py -index b53e347fc8..6fe209ac6f 100644 ---- a/neutron/agent/l3/agent.py -+++ b/neutron/agent/l3/agent.py -@@ -567,9 +567,6 @@ class L3NATAgent(ha.AgentMixin, +Index: neutron-12.1.1/neutron/agent/l3/agent.py +=================================================================== +--- neutron-12.1.1.orig/neutron/agent/l3/agent.py ++++ neutron-12.1.1/neutron/agent/l3/agent.py +@@ -535,9 +535,6 @@ class L3NATAgent(ha.AgentMixin, if router_update.hit_retry_limit(): LOG.warning("Hit retry limit with router update for %s, action %s", router_update.id, router_update.action) @@ -42,11 +42,11 @@ return router_update.timestamp = timeutils.utcnow() router_update.priority = priority -diff --git a/neutron/tests/unit/agent/l3/test_agent.py b/neutron/tests/unit/agent/l3/test_agent.py -index 47c57dc9b0..1519b206d7 100644 ---- a/neutron/tests/unit/agent/l3/test_agent.py -+++ b/neutron/tests/unit/agent/l3/test_agent.py -@@ -2694,35 +2694,59 @@ class TestBasicRouterOperations(BasicRouterOperationsFramework): +Index: neutron-12.1.1/neutron/tests/unit/agent/l3/test_agent.py +=================================================================== +--- neutron-12.1.1.orig/neutron/tests/unit/agent/l3/test_agent.py ++++ neutron-12.1.1/neutron/tests/unit/agent/l3/test_agent.py +@@ -2657,35 +2657,59 @@ class TestBasicRouterOperations(BasicRou self._test_process_routers_update_rpc_timeout(ext_net_call=True, ext_net_call_failed=True) @@ -114,6 +114,3 @@ def test_process_routers_update_router_deleted_success(self): self._test_process_routers_update_router_deleted() --- -2.17.1 - diff -Nru neutron-12.1.1/debian/patches/series neutron-12.1.1/debian/patches/series --- neutron-12.1.1/debian/patches/series 2021-02-23 01:55:40.000000000 +0900 +++ neutron-12.1.1/debian/patches/series 2021-05-03 17:12:49.000000000 +0900 @@ -9,3 +9,4 @@ 0005-Ensure-drop-flows-on-br-int-at-agent-startup-for-DVR.patch 0006-Don-t-check-if-any-bridges-were-recrected-when-OVS-w.patch 0007-Not-remove-the-running-router-when-MQ-is-unreachable.patch +0001-Handle-OVSFWPortNotFound-and-OVSFWTagNotFound-in-ovs.patch