Current Series Release Notes¶
10.0.0-14¶
New Features¶
The OVN Octavia provider now includes a synchronization plugin that integrates with Neutron’s
neutron-ovn-db-sync-utilCLI tool. This allows operators to synchronize both Neutron and Octavia resources with the OVN Northbound database in a single operation.The plugin is automatically registered via the
neutron.ovn.db_syncentry point whenovn-octavia-provideris installed. When runningneutron-ovn-db-sync-utilin REPAIR mode, Octavia load balancers using the OVN provider will be synchronized alongside Neutron resources.Example usage:
neutron-ovn-db-sync-util \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --ovn-neutron_sync_mode repair
Note: The Octavia configuration is loaded automatically from /etc/octavia/octavia.conf and should NOT be passed as –config-file.
The plugin can also be used to synchronize only Octavia resources by using the
--sync_plugin octavia_ovn_syncoption:neutron-ovn-db-sync-util \ --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --sync_plugin octavia_ovn_sync \ --ovn-neutron_sync_mode repair
The standalone
octavia-ovn-db-sync-utilcommand remains available for compatibility.Benefits of the integrated approach:
Single command to sync both Neutron and Octavia resources
Ability to sync only Octavia with
--sync_pluginoptionShared OVN Northbound database connection
Consistent sync mode across all resources
Reduced operational complexity
Upgrade Notes¶
The Octavia OVN synchronization plugin requires:
Neutron with support for the
neutron.ovn.db_syncentry point system (version that includes patch 970407)neutron-lib with
BaseOvnDbSynchronizerclass (version that includes patch 970267)
If using older versions of Neutron or neutron-lib, the plugin will fail to load and the standalone
octavia-ovn-db-sync-utilcommand should be used instead.
OVN Octavia provider load balancer VIP and additional VIP Neutron ports are now created with
device_idset tolb-<lb_id>anddevice_ownerset toovn-lb:vip. This matches the protection the Amphora driver has always provided and prevents other workloads (e.g. Nova instances) from attaching the VIP port, which would otherwise leave OVN NAT state for an attached floating IP inconsistent and break external access to the load balancer.
Bug Fixes¶
[bug 2150682] OVN Octavia provider VIP ports were unprotected because they were created with empty
device_idanddevice_owner, allowing them to be attached to other workloads and breaking the load balancer (a staleexternal_maccould remain on the OVN NAT entry for the attached floating IP after the misuse, breaking external connectivity to the VIP). VIP ports created from now on are protected at creation time, and a new periodic maintenance task backfills the same fields on legacy OVN provider VIP ports created before this fix.
Other Notes¶
The Octavia OVN synchronization plugin does not support LOG mode (read-only verification). When
neutron-ovn-db-sync-utilis run in LOG mode, the Octavia plugin will skip synchronization and log a warning. Only REPAIR and MIGRATE modes are supported.For operators who need to verify Octavia synchronization without making changes, the standalone
octavia-ovn-db-sync-utiltool can be used, though it also operates in repair mode only.
