Synchronise 2025.1 with upstream#256
Merged
priteau merged 3 commits intostackhpc/2025.1from Feb 2, 2026
Merged
Conversation
neutron-ovn-db-sync-util synchronizes content between neutron's database and OVN NB/SB databases. As a side-effect, it can sometimes remove resources from OVN database that were not meant for neutron to manage. Coexistence support [0] aims to avoid these scenarios. The ovn_db_sync script already tries to avoid these unwanted removals by checking for presence of well known neutron external_ids for resources like "Logical Switch" and "Logical Switch Port" [1]. This change adds similar checks for: * Logical Router Port * Static Route * Port Group NAT rules are still missing the check because they don't have "neutron:" external_ids to check. In addition to the ovn_db_sync script, there is a 'maintenance' process that periodically updates OVN resources. This change also update its methods to not alter resources not owned by the neutron. [0] https://specs.openstack.org/openstack/neutron-specs/specs/2024.1/ml2ovn-coexistence-support-ovn-ext-resources.html [1] https://opendev.org/openstack/neutron/src/commit/f9067a719084710ee4f46fa31edb6a938e0dbbb0/neutron/plugins/ml2/drivers/ovn/mech_driver/ovsdb/impl_idl_ovn.py#L308-L316 Closes-bug: #2027742 Change-Id: I1434700928779577073d1369c0a2983a4076cc0e Signed-off-by: Martin Kalcok <martin.kalcok@canonical.com> (cherry picked from commit ff57491)
Neutron ML2/OVN driver is using ACLs to implement Security Group rules in the OVN backend but neutron-ovn-db-sync util was trying to clean OVN DB slightly too agressively and when it was run in the "repair" mode it was removing from OVN DB all ACLs which did not had security group rule id in the external_ids. That could break e.g. ACLs created by the neutron-fwaas as its OVN driver is also using ACLs to implement rules but is adding different key in the external_ids. This patch changes logic of the neutron-ovn-db-sync-util tool so that it will skip all ACL rules which don't have in external_ids key related to the SG rule. This is similar change to what was already done e.g. for Port Groups in [1]. [1] https://review.opendev.org/c/openstack/neutron/+/958679 Closes-bug: #2138430 Conflicts: neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovn_db_sync.py Change-Id: I12f018d29e7d00d1f0fb0272dc905d1026633cbb Signed-off-by: Slawek Kaplonski <skaplons@redhat.com> (cherry picked from commit 7524142)
In patch [1] there was accidentally merged commented line which imports remote_pdb. This was used only for the debugging process and should never be merged. TrivialFix [1] https://review.opendev.org/c/openstack/neutron/+/973648 Conflicts: neutron/tests/unit/plugins/ml2/drivers/ovn/mech_driver/ovsdb/test_ovn_db_sync.py Change-Id: I0660d88ac12596858678ac6cf64de7ed7743d7e3 Signed-off-by: Slawek Kaplonski <skaplons@redhat.com>
github-actions
Bot
added
automated
priteau
approved these changes
Feb 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains a snapshot of 2025.1 from upstream stable/2025.1.