Public bug reported: When you create a network log resource to enable OVN logging:
https://docs.openstack.org/neutron/latest/contributor/internals/ovn/ovn_network_logging.html It seems that will add a an ACL rule similar to this: ``` _uuid : bd6eaad4-939d-4624-b2f9-9701d1ec402e action : drop direction : to-lport external_ids : {} label : 1753594327 log : true match : "outport == @neutron_pg_drop && ip" meter : acl_log_meter name : neutron-4054c65c-9a05-4bf4-8abe-f31959dbd56f options : {log-related="true"} priority : 1001 severity : info tier : 0 ``` However, once that ACL rule comes in, Neutron starts to think that the rule is not supposed to be there, so when a sync runs, it'll "create" new ACLs and "delete" these ones (not from this one above but similar): ``` 2025-04-11 00:52:12.959 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs-to-be-added 7 ACLs-to-be-removed 7 2025-04-11 00:52:12.959 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group neutron_pg_drop 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group neutron_pg_drop 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 ``` At this point, the neutron_pg_drop ACL to drop all is fully gone and everything is allowed, running the repair again will add the rules again: ``` 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACLs-to-be-added 7 ACLs-to-be-removed 0 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.507 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop 2025-04-11 13:47:02.507 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop ``` However, once these are restored, the ACL meter rules are also gone for good but at least the default block all is restored. ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2107925 Title: [ovn] neutron_pg_drop deleted when using network log Status in neutron: New Bug description: When you create a network log resource to enable OVN logging: https://docs.openstack.org/neutron/latest/contributor/internals/ovn/ovn_network_logging.html It seems that will add a an ACL rule similar to this: ``` _uuid : bd6eaad4-939d-4624-b2f9-9701d1ec402e action : drop direction : to-lport external_ids : {} label : 1753594327 log : true match : "outport == @neutron_pg_drop && ip" meter : acl_log_meter name : neutron-4054c65c-9a05-4bf4-8abe-f31959dbd56f options : {log-related="true"} priority : 1001 severity : info tier : 0 ``` However, once that ACL rule comes in, Neutron starts to think that the rule is not supposed to be there, so when a sync runs, it'll "create" new ACLs and "delete" these ones (not from this one above but similar): ``` 2025-04-11 00:52:12.959 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs-to-be-added 7 ACLs-to-be-removed 7 2025-04-11 00:52:12.959 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop 2025-04-11 00:52:12.960 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group neutron_pg_drop 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group neutron_pg_drop 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 00:52:12.962 37 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-85cacb15-72f4-4c66-b5f4-587c2d558780 - - - - - -] ACLs found in OVN DB but not in Neutron for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 ``` At this point, the neutron_pg_drop ACL to drop all is fully gone and everything is allowed, running the repair again will add the rules again: ``` 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACLs-to-be-added 7 ACLs-to-be-removed 0 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.506 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group pg_c40034c8_8393_4a72_9ca9_6d4be2da5db1 2025-04-11 13:47:02.507 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop 2025-04-11 13:47:02.507 49 WARNING neutron.plugins.ml2.drivers.ovn.mech_driver.ovsdb.ovn_db_sync [None req-8857e42b-0299-4749-90ba-2ef1a4c55ffb - - - - - -] ACL found in Neutron but not in OVN DB for port group neutron_pg_drop ``` However, once these are restored, the ACL meter rules are also gone for good but at least the default block all is restored. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2107925/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
