Skip to content

feat: ops-scripts to compare kube-ovn with neutron-ovn #1362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
rackerchris wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: ops-scripts to compare kube-ovn with neutron-ovn #1362

rackerchris wants to merge 1 commit into from

Conversation

@rackerchris
Copy link
Contributor

@rackerchris rackerchris commented Dec 10, 2025

REF: #1342
Pull Request: Introduce Complete OVN/Neutron Consistency Check Suite (4 Scripts)
Overview

This PR introduces a complete, production-ready suite of four diagnostic and cleanup utilities to ensure consistency between the Neutron API and the OVN Northbound (NB) database.

These scripts are critical for identifying and remediating missing or stale networking resources (Ports, Security Groups, Routers, and Floating IPs) that can accumulate due to race conditions or controller failures.

Key Features (Shared Across All Scripts)

All four scripts follow a standardized structure for consistent operation, reporting, and automation:

Robust Dependency Checks: Verifies the presence of openstack, kubectl, awk, grep, and Bash 4.0+.

Mode Control: Supports separate, explicit scan-only (--scan) and automated cleanup (--fix) modes.

Optimized Performance: Uses efficient, single-pass awk parsing and Bash associative arrays for rapid comparison of large UUID sets.

Standardized Exit Codes: Uses 0 (Success/Clean), 1 (Cleanup Needed), and 2 (Fatal Error) for reliable integration into automation tools (e.g., CronJobs).

Component Scripts and Validation Logic

  1. ovn_compare_neutron_ports_with_ovn_lsp.sh (Ports)

    Neutron Source: openstack port list (excluding FIPs).

    OVN Target: Logical_Switch_Port (LSP) table.

    Validation: Matches Neutron Port UUID to OVN LSP name.

    Fix Action: Destroys STALE Logical_Switch_Port entries.

  2. ovn_compare_neutron_security_groups_with_acl.sh (Security Groups)

    Neutron Source: openstack security group list / rule list.

    OVN Target: Port_Group and ACL tables.

    Validation: Matches Neutron UUIDs to OVN external_ids.

    Fix Action: Destroys STALE Port_Group and ACL entries.

  3. ovn_compare_neutron_routers_with_logical_routers.sh (Routers)

    Neutron Source: openstack router list / port list (router device owners).

    OVN Target: Logical_Router and Logical_Router_Port tables.

    Validation: Matches Neutron Router ID to OVN LR name (neutron-UUID) and Neutron Port ID to OVN LRP name (handles lrp- prefix).

    Fix Action: Destroys STALE Logical_Router and STALE Logical_Router_Port entries.

  4. ovn_compare_neutron_fips_with_ovn_nat.sh (Floating IPs)

    Neutron Source: openstack floating ip list (Filtered for Assigned FIPs only).

    OVN Target: NAT table (rules with type=dnat_and_snat).

    Validation: Matches the FIP Address (external IP) to the OVN NAT rule's external_ip.

    Fix Action: Destroys STALE FIP-related NAT rules.

@rackerchris rackerchris marked this pull request as draft December 10, 2025 23:57
@rackerchris rackerchris force-pushed the find-maor-stale-missing-ovn-resources branch from 76ce2b4 to 091d723 Compare December 10, 2025 23:58
@rackerchris rackerchris mentioned this pull request Dec 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rackerchris