yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #94995
[Bug 2090921] Re: The OVN database is missing 6 ACL for security group default after each redeployment
** Also affects: networking-ovn
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2090921
Title:
The OVN database is missing 6 ACL for security group default after
each redeployment
Status in networking-ovn:
New
Status in neutron:
New
Bug description:
I would require help in investigating what is wrong with the OVN and
Neutron that after the deployment of Openstack
In the neutron-ovn-db-sync-util repair mode I can see the following
I attached the full log
2024-12-03 11:44:53.664 1041825 DEBUG neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL-SYNC: started @ 2024-12-03 11:44:53.664454 sync_acls /usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py:250^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACLs-to-be-added 6 ACLs-to-be-removed 0^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
So the is the security group. As you can see , some rules were created much later, after the repair.
$ openstack security group show 7c555e2b-545d-45f2-9748-2d5ae0ddd079 --fit-width
+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2024-12-02T23:31:21Z |
| description | Default security group |
| id | 7c555e2b-545d-45f2-9748-2d5ae0ddd079 |
| name | default |
| project_id | 56f48a2d519d4d59a6cb090cfbc6911f |
| revision_number | 3 |
| rules | created_at='2024-12-02T23:31:21Z', direction='egress', ethertype='IPv4', id='6018c7b6-a113-42ad-bb1c-728f641b2e6a', standard_attr_id='3', tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', |
| | updated_at='2024-12-02T23:31:21Z' |
| | created_at='2024-12-03T10:23:56Z', direction='ingress', ethertype='IPv4', id='a4a89961-0797-415b-a863-92ceb87219b3', normalized_cidr='0.0.0.0/0', protocol='icmp', remote_ip_prefix='0.0.0.0/0', standard_attr_id='55', |
| | tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', updated_at='2024-12-03T10:23:56Z' |
| | created_at='2024-12-02T23:31:21Z', direction='ingress', ethertype='IPv4', id='bcfafdad-9152-4c54-add3-1009f7a91efc', remote_group_id='7c555e2b-545d-45f2-9748-2d5ae0ddd079', standard_attr_id='2', |
| | tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', updated_at='2024-12-02T23:31:21Z' |
| | created_at='2024-12-03T10:23:56Z', direction='ingress', ethertype='IPv4', id='c8176a25-af34-4a68-a50f-6be9cae6706f', normalized_cidr='0.0.0.0/0', port_range_max='22', port_range_min='22', protocol='tcp', |
| | remote_ip_prefix='0.0.0.0/0', standard_attr_id='56', tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', updated_at='2024-12-03T10:23:56Z' |
| | created_at='2024-12-02T23:31:21Z', direction='egress', ethertype='IPv6', id='f5e81dc8-586d-4ab8-942e-a9e1ff1dfb7e', standard_attr_id='5', tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', |
| | updated_at='2024-12-02T23:31:21Z' |
| | created_at='2024-12-02T23:31:21Z', direction='ingress', ethertype='IPv6', id='f66413d7-dcbb-4f3b-982d-2c2f1217951b', remote_group_id='7c555e2b-545d-45f2-9748-2d5ae0ddd079', standard_attr_id='4', |
| | tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', updated_at='2024-12-02T23:31:21Z' |
| stateful | True |
| tags | [] |
| updated_at | 2024-12-03T10:23:56Z |
+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/networking-ovn/+bug/2090921/+subscriptions
References
