yahoo-eng-team team mailing list archive

Thread
Date

[Bug 2073254] Re: nova-compute optional wait for vif-plugged in ovn usecase

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: sean mooney <2073254@xxxxxxxxxxxxxxxxxx>
Date: Wed, 26 Feb 2025 14:12:00 -0000
Reply-to: Bug 2073254 <2073254@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

set to opinion because while i dont dissagre with the fundamental intent i do not agree that this is a bug.
its a feature as it change the live migration workflow and has upgrade impact as well as implications for the contract between nova and neutron so it should have a spec.

** Changed in: nova
       Status: In Progress => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2073254

Title:
  nova-compute optional wait for vif-plugged in ovn usecase

Status in OpenStack Compute (nova):
  Opinion

Bug description:
  Description
  ===========
  At environments using OVN as network backend, nova doesn't wait for network-vif-plugged event (As the events wasn't reliable.)
  This leads to issues in bigger environments, where ovn northd needs some time to sync or some ovn component is down. Nova than starts the libvirt migration, but network setup is not done. That breaks live-migration of smaller VMs (less RAM - faster copied).

  Neutron is using the multi-chassis approach of ovn to send packages to both, source and destination host. Also newer OVN versions perform much better regarding sending the events.
  Nova should have an option to wait for OVN to have this configured.
  Without that, live-migration breaks connectivity of VMs.

  I propose to add an option to let nova-compute create the tap interface, instead creating it by libvirt. This helps as we see at OVN southbound and at local ovs Interface, that the interface is claimed, but that's only done, as soon the interface is on the host. When libvirt creates the interface, this will happen at creating the libvirt domain and directly before starting the migration. So there is no possibility to wait for neutron.
  Instead when nova-compute creates the interface, we can wait till OVN has the change propagated and implemented and start migration afterwards.

  We should check that at nova-compute, as it has all the needed
  information and going the way over neutron and network-vif-plugged
  event is a much bigger change. Also the behavior at nova will be
  optional (config option), but neutron needs to rely on this behavior,
  to send the event at the correct time.

  Steps to reproduce
  ==================
  1. Run neutron with ovn setup and create a VM that you can ping (via FIP or other VM in same private network)
  2. Stop northd
  3. Start live-migration
  4. Wait till live-migration is done - VM is not reachable anymore

  
  Expected result
  ===============
  nova-compute can create the interface so OVN has it claimed before the actual migration starts
  nova-compute can wait for network backend to claim the interface.

  Actual result
  =============
  libvirt migration is directly started

  Environment
  ===========
  nova-compute --version: 30.1.0 / master
  neutron-server 26.0.0.0b3.dev182 / master
  ml2 plugin: ovn
  at neutron: ovsdb-client (Open vSwitch) 3.3.0
  Nova 30.1.0 / master
  nova.conf: live_migration_wait_for_vif_plug=true ([3])
  Hypervisor OS: Ubuntu 24.04.1
  libvirtd 10.0.0 + kvm 8.2.2

  Proposed Change
  ===============
  Add config option to let create interface by nova-compute and libvirt use it
  Based on that option wait for ovs interface to get claimed/installed by ovn-controller.

  
  [3] https://docs.openstack.org/nova/latest/configuration/config.html#compute.live_migration_wait_for_vif_plug

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2073254/+subscriptions

References

[Bug 2073254] [NEW] nova doesn't wait for vif-plugged in ovn usecase
From: Stefan Hoffmann, 2024-07-16