2021-02-08 09:05:46 |
Pedro GuimarĂ£es |
bug |
|
|
added bug |
2021-07-15 07:57:45 |
Frode Nordahl |
ovn (Ubuntu): status |
New |
Fix Committed |
|
2021-09-08 08:07:36 |
Frode Nordahl |
nominated for series |
|
Ubuntu Hirsute |
|
2021-09-08 08:07:36 |
Frode Nordahl |
bug task added |
|
ovn (Ubuntu Hirsute) |
|
2021-09-08 08:07:36 |
Frode Nordahl |
nominated for series |
|
Ubuntu Focal |
|
2021-09-08 08:07:36 |
Frode Nordahl |
bug task added |
|
ovn (Ubuntu Focal) |
|
2021-09-08 08:07:36 |
Frode Nordahl |
nominated for series |
|
Ubuntu Impish |
|
2021-09-08 08:07:36 |
Frode Nordahl |
bug task added |
|
ovn (Ubuntu Impish) |
|
2021-09-08 08:07:42 |
Frode Nordahl |
ovn (Ubuntu Focal): status |
New |
Fix Released |
|
2021-09-08 08:07:46 |
Frode Nordahl |
ovn (Ubuntu Hirsute): status |
New |
Triaged |
|
2021-09-08 08:07:48 |
Frode Nordahl |
ovn (Ubuntu Hirsute): importance |
Undecided |
High |
|
2021-09-08 08:07:52 |
Frode Nordahl |
ovn (Ubuntu Impish): status |
Fix Committed |
Fix Released |
|
2021-09-22 12:45:35 |
James Troup |
ovn (Ubuntu Focal): status |
Fix Released |
Confirmed |
|
2021-09-23 00:37:21 |
Brett Milford |
tags |
|
sts |
|
2021-09-23 00:45:04 |
Brett Milford |
bug |
|
|
added subscriber Brett Milford |
2021-09-23 05:49:11 |
Brett Milford |
bug task added |
|
charm-ovn-central |
|
2021-09-23 05:49:42 |
Brett Milford |
affects |
charm-ovn-central |
cloud-archive |
|
2021-09-23 05:51:59 |
Brett Milford |
nominated for series |
|
cloud-archive/ussuri |
|
2021-09-23 05:51:59 |
Brett Milford |
bug task added |
|
cloud-archive/ussuri |
|
2021-09-23 09:33:33 |
Frode Nordahl |
description |
Hi,
I've tested this on both 20.03 and 20.06.
Looking into ovn-architecture.xml: https://github.com/ovn-org/ovn/blob/master/ovn-architecture.7.xml#L2530
It states that once RBAC is enabled, ovn-controllers will have access to some of the tables and that is hardcoded within OVN.
That means once RBAC is enabled, IGMP_Group table is out of reach for ovn-controllers and will cause the following issue:
2021-02-06T17:17:40.916Z|00028|ovsdb_idl|WARN|transaction error: {"details":"RBAC rules for client "REDACTED" role "ovn-controller" prohibit row insertion into table "IGMP_Group".","error":"permission error"}
Reported on upstream repo: https://github.com/ovn-org/ovn/issues/77
Proposed patch: https://github.com/phvalguima/ovn/commit/3419d9946c51b413f816ceb82372677e4afdbe9d |
[Impact]
It is currently not possible to use Multicast IGMP snooping with OVN in Ubuntu Focal and Hirsute.
[Test Plan]
1. Execute the gate tests for the neutron-api-plugin-ovn charm, which performs a full cloud deployment and confirms two instances can spawn, get metadata and communicate with each other.
2. Enable IGMP snooping and have instances join a multicast group and validate that packets forward and check for RBAC errors.
[Regression Potential]
This is a very small patch that adds a static RBAC rule that ovn-northd writes into the database. The patch has already been available in the upstream branches since February 2021, we have also landed several similar patches upstream which have previously been made available to Focal through point release updates.
[Original Bug Description]
Hi,
I've tested this on both 20.03 and 20.06.
Looking into ovn-architecture.xml: https://github.com/ovn-org/ovn/blob/master/ovn-architecture.7.xml#L2530
It states that once RBAC is enabled, ovn-controllers will have access to some of the tables and that is hardcoded within OVN.
That means once RBAC is enabled, IGMP_Group table is out of reach for ovn-controllers and will cause the following issue:
2021-02-06T17:17:40.916Z|00028|ovsdb_idl|WARN|transaction error: {"details":"RBAC rules for client "REDACTED" role "ovn-controller" prohibit row insertion into table "IGMP_Group".","error":"permission error"}
Reported on upstream repo: https://github.com/ovn-org/ovn/issues/77
Proposed patch: https://github.com/phvalguima/ovn/commit/3419d9946c51b413f816ceb82372677e4afdbe9d |
|
2021-09-23 10:19:52 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~fnordahl/ubuntu/+source/ovn/+git/ovn/+merge/409046 |
|
2021-09-23 10:20:20 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~fnordahl/ubuntu/+source/ovn/+git/ovn/+merge/409047 |
|
2021-09-23 10:29:00 |
Frode Nordahl |
nominated for series |
|
cloud-archive/wallaby |
|
2021-09-23 10:29:00 |
Frode Nordahl |
bug task added |
|
cloud-archive/wallaby |
|
2021-09-23 10:31:52 |
Frode Nordahl |
cloud-archive: status |
New |
Fix Released |
|
2021-09-23 10:32:02 |
Frode Nordahl |
cloud-archive: status |
Fix Released |
Fix Committed |
|
2021-09-23 10:58:42 |
James Page |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2021-10-01 10:38:06 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~fnordahl/ubuntu/+source/ovn/+git/ovn/+merge/409495 |
|
2021-10-01 10:39:10 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~fnordahl/ubuntu/+source/ovn/+git/ovn/+merge/409496 |
|
2021-10-05 17:48:05 |
Brian Murray |
ovn (Ubuntu Hirsute): status |
Triaged |
Fix Committed |
|
2021-10-05 17:48:08 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
2021-10-05 17:48:11 |
Brian Murray |
tags |
sts |
sts verification-needed verification-needed-hirsute |
|
2021-10-07 17:47:09 |
Brian Murray |
ovn (Ubuntu Focal): status |
Confirmed |
Fix Committed |
|
2021-10-07 17:47:15 |
Brian Murray |
tags |
sts verification-needed verification-needed-hirsute |
sts verification-needed verification-needed-focal verification-needed-hirsute |
|
2021-10-13 17:00:59 |
Corey Bryant |
cloud-archive/wallaby: status |
New |
Fix Committed |
|
2021-10-13 17:01:01 |
Corey Bryant |
tags |
sts verification-needed verification-needed-focal verification-needed-hirsute |
sts verification-needed verification-needed-focal verification-needed-hirsute verification-wallaby-needed |
|
2021-10-26 13:01:57 |
Diko Parvanov |
bug task added |
|
charm-ovn-central |
|
2021-10-26 13:02:18 |
Diko Parvanov |
charm-ovn-central: status |
New |
Invalid |
|
2021-10-26 13:39:34 |
Corey Bryant |
cloud-archive/ussuri: status |
New |
Fix Committed |
|
2021-10-26 13:39:36 |
Corey Bryant |
tags |
sts verification-needed verification-needed-focal verification-needed-hirsute verification-wallaby-needed |
sts verification-needed verification-needed-focal verification-needed-hirsute verification-ussuri-needed verification-wallaby-needed |
|
2021-10-26 16:01:17 |
Corey Bryant |
cloud-archive: status |
Fix Committed |
Fix Released |
|
2021-10-26 21:39:19 |
Corey Bryant |
attachment added |
|
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536331/+files/1914988-testing.txt |
|
2021-10-26 21:39:42 |
Corey Bryant |
tags |
sts verification-needed verification-needed-focal verification-needed-hirsute verification-ussuri-needed verification-wallaby-needed |
sts verification-done verification-done-hirsute verification-needed-focal verification-ussuri-needed verification-wallaby-done |
|
2021-10-27 13:26:25 |
Corey Bryant |
attachment removed |
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536331/+files/1914988-testing.txt |
|
|
2021-10-27 13:27:35 |
Corey Bryant |
attachment added |
|
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536475/+files/1914988-testing.txt |
|
2021-10-27 13:46:59 |
Corey Bryant |
attachment added |
|
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536477/+files/1914988-testing.txt |
|
2021-10-27 13:47:14 |
Corey Bryant |
tags |
sts verification-done verification-done-hirsute verification-needed-focal verification-ussuri-needed verification-wallaby-done |
sts verification-done verification-done-focal verification-done-hirsute verification-ussuri-needed verification-wallaby-done |
|
2021-10-27 18:04:45 |
Corey Bryant |
attachment removed |
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536475/+files/1914988-testing.txt |
|
|
2021-10-27 18:05:01 |
Corey Bryant |
attachment removed |
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536477/+files/1914988-testing.txt |
|
|
2021-10-27 18:06:23 |
Corey Bryant |
attachment added |
|
1914988-testing.txt https://bugs.launchpad.net/cloud-archive/+bug/1914988/+attachment/5536505/+files/1914988-testing.txt |
|
2021-10-27 18:06:43 |
Corey Bryant |
tags |
sts verification-done verification-done-focal verification-done-hirsute verification-ussuri-needed verification-wallaby-done |
sts verification-done verification-done-focal verification-done-hirsute verification-ussuri-done verification-wallaby-done |
|
2021-10-29 07:50:14 |
Dan Ackerson |
bug |
|
|
added subscriber Canonical IS BootStack |
2021-10-31 22:13:34 |
Mathew Hodson |
affects |
charm-ovn-central |
ubuntu-translations |
|
2021-10-31 22:13:48 |
Mathew Hodson |
bug task deleted |
ubuntu-translations |
|
|
2021-10-31 22:13:50 |
Mathew Hodson |
ovn (Ubuntu): importance |
Undecided |
High |
|
2021-10-31 22:13:53 |
Mathew Hodson |
ovn (Ubuntu Focal): importance |
Undecided |
High |
|
2021-10-31 22:14:02 |
Mathew Hodson |
ovn (Ubuntu Impish): importance |
Undecided |
High |
|
2021-11-03 00:07:42 |
Chris Halse Rogers |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2021-11-03 00:09:27 |
Launchpad Janitor |
ovn (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
2021-11-03 00:09:44 |
Launchpad Janitor |
ovn (Ubuntu Hirsute): status |
Fix Committed |
Fix Released |
|
2021-11-03 12:32:10 |
Corey Bryant |
cloud-archive/wallaby: status |
Fix Committed |
Fix Released |
|
2021-11-04 00:40:37 |
Corey Bryant |
cloud-archive/ussuri: status |
Fix Committed |
Fix Released |
|