This looks like a duplicate of another bug I am working on,
https://bugs.launchpad.net/neutron/+bug/2087822 - can you check that?
Basically if you have two SG rules that have the same normalized cidr
you could see this issue.
Second, the networking-ovn project is retired, it was all merged into
neutron, so that can be removed from this bug.
** Changed in: networking-ovn
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2090921
Title:
The OVN database is missing 6 ACL for security group default after
each redeployment
Status in networking-ovn:
Invalid
Status in neutron:
New
Bug description:
I would require help in investigating what is wrong with the OVN and Neutron
that after the deployment of charmed Openstack
The charms used:
neutron-api:
charm: neutron-api
base: ubuntu@22.04
channel: yoga/stable
ovn-central:
charm: ovn-central
base: ubuntu@22.04
channel: 22.03/stable
In the neutron-ovn-db-sync-util repair mode I can see the following
I attached the full log
2024-12-03 11:44:53.664 1041825 DEBUG
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL-SYNC: started @
2024-12-03 11:44:53.664454 sync_acls
/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/ovn_db_sync.py:250^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACLs-to-be-added 6
ACLs-to-be-removed 0^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but
not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but
not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but
not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but
not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but
not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
2024-12-03 11:44:53.689 1041825 WARNING
neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync
[req-5a3180e5-2874-4fc3-90f1-5c6232823285 - - - - -] ACL found in Neutron but
not in OVN DB for port group pg_7c555e2b_545d_45f2_9748_2d5ae0ddd079^[[00m
So the is the security group. As you can see , some rules were created
much later, after the repair.
$ openstack security group show 7c555e2b-545d-45f2-9748-2d5ae0ddd079
--fit-width
+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2024-12-02T23:31:21Z
|
| description | Default security group
|
| id | 7c555e2b-545d-45f2-9748-2d5ae0ddd079
|
| name | default
|
| project_id | 56f48a2d519d4d59a6cb090cfbc6911f
|
| revision_number | 3
|
| rules | created_at='2024-12-02T23:31:21Z', direction='egress',
ethertype='IPv4', id='6018c7b6-a113-42ad-bb1c-728f641b2e6a',
standard_attr_id='3', tenant_id='56f48a2d519d4d59a6cb090cfbc6911f',
|
| | updated_at='2024-12-02T23:31:21Z'
|
| | created_at='2024-12-03T10:23:56Z', direction='ingress',
ethertype='IPv4', id='a4a89961-0797-415b-a863-92ceb87219b3',
normalized_cidr='0.0.0.0/0', protocol='icmp', remote_ip_prefix='0.0.0.0/0',
standard_attr_id='55', |
| | tenant_id='56f48a2d519d4d59a6cb090cfbc6911f',
updated_at='2024-12-03T10:23:56Z'
|
| | created_at='2024-12-02T23:31:21Z', direction='ingress',
ethertype='IPv4', id='bcfafdad-9152-4c54-add3-1009f7a91efc',
remote_group_id='7c555e2b-545d-45f2-9748-2d5ae0ddd079', standard_attr_id='2',
|
| | tenant_id='56f48a2d519d4d59a6cb090cfbc6911f',
updated_at='2024-12-02T23:31:21Z'
|
| | created_at='2024-12-03T10:23:56Z', direction='ingress',
ethertype='IPv4', id='c8176a25-af34-4a68-a50f-6be9cae6706f',
normalized_cidr='0.0.0.0/0', port_range_max='22', port_range_min='22',
protocol='tcp', |
| | remote_ip_prefix='0.0.0.0/0', standard_attr_id='56',
tenant_id='56f48a2d519d4d59a6cb090cfbc6911f', updated_at='2024-12-03T10:23:56Z'
|
| | created_at='2024-12-02T23:31:21Z', direction='egress',
ethertype='IPv6', id='f5e81dc8-586d-4ab8-942e-a9e1ff1dfb7e',
standard_attr_id='5', tenant_id='56f48a2d519d4d59a6cb090cfbc6911f',
|
| | updated_at='2024-12-02T23:31:21Z'
|
| | created_at='2024-12-02T23:31:21Z', direction='ingress',
ethertype='IPv6', id='f66413d7-dcbb-4f3b-982d-2c2f1217951b',
remote_group_id='7c555e2b-545d-45f2-9748-2d5ae0ddd079', standard_attr_id='4',
|
| | tenant_id='56f48a2d519d4d59a6cb090cfbc6911f',
updated_at='2024-12-02T23:31:21Z'
|
| stateful | True
|
| tags | []
|
| updated_at | 2024-12-03T10:23:56Z
|
+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/networking-ovn/+bug/2090921/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
