Loading...

XML

Word

Printable

Type: Bug
Resolution: Won't Do
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.15.0
Component/s: Networking / kubernetes-nmstate
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
No

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Priority Data:
PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

When the OVS bridge was used by the VMs, the NNCP was modified to add new localnet bridge-mappings to add a new VLAN. The configuration failed with the error below:

message: "error reconciling NodeNetworkConfigurationPolicy on node openshift-worker-deneb-0
      at desired state apply: \"\",\n failed to execute nmstatectl set --no-commit
      --timeout 480: 'exit status 1' '' 'Using 'set' is deprecated, use 'apply' instead.\n[2024-05-13T06:50:38Z    
....
....
....
on: VerificationError: Verification failure: ovs-br1.interface.bridge.port desire
      '[{\"name\":\"enp3s0\"}]', current '[{\"name\":\"enp3s0\"},{\"name\":\"patch-localnet1_ovn_localnet_port-to-br-int\"}]'\n[2024-05-13T06:50:40Z

Looks like it is not expecting the patch port. Also, during the rollback, the underlying interface got disconnected breaking the network of the existing VMs.

# ovs-vsctl show |grep -A 10 "Bridge ovs-br1"
    Bridge ovs-br1
        Port patch-localnet1_ovn_localnet_port-to-br-int
            Interface patch-localnet1_ovn_localnet_port-to-br-int
                type: patch
                options: {peer=patch-br-int-to-localnet1_ovn_localnet_port}
    Bridge br-int
        fail_mode: secure
        datapath_type: system
        Port e6dd253405fb142
            Interface e6dd253405fb142
        Port "75da495e12c46bf"

Version-Release number of selected component (if applicable):

 4.15.0

How reproducible:

100%

Steps to Reproduce:

1. Create an NNCP for OVS bridge and NAD for localnet by following https://docs.openshift.com/container-platform/4.15/virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.html     
2. Attach the NAD to the VM and start it.
3. Edit the nncp to add a new bridge mapping.
4. NNCP goes into "degraded" and NNCE in "failing" status.

Actual results:

NNCP in degraded state after modifying it to add new bridge mapping when the OVS bridge is being used by the VMs. It also disconnected the network connectivity of existing VMs.

Expected results:

If online change of bridge mappings is not allowed, gracefully fail without disrupting the existing workload.

Additional info:

links to

Why NodeNetworkConfigurationPolicy is going into degraded state while adding new bridge mapping for OVN secondary network?

Assignee:: Felix Enrique Llorente Pastora

Reporter:: Nijin Ashok

QA Contact:: Qiong Wang

Need Info From:: None

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2024/05/13 9:14 AM

Updated:: 2025/09/13 10:50 PM

Resolved:: 2024/10/20 11:36 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates