[ovs-dev] [PATCH v2] ovn: Check for known logical switch port types.

Mark Michelson mmichels at redhat.com
Fri Aug 25 15:43:03 UTC 2017


On Thu, Aug 24, 2017 at 2:42 PM Russell Bryant <russell at ovn.org> wrote:

> On Thu, Aug 24, 2017 at 2:13 PM, Mark Michelson <mmichels at redhat.com>
> wrote:
> > OVN is lenient with the types of logical switch ports. Maybe too
> > lenient. This patch attempts to solve this problem on two fronts:
> >
> > 1) In ovn-nbctl, if you attempt to set the port type to an unknown
> > type, the command will not end up setting the type.
> > 2) In northd, when copying the port type from the northbound database to
> > the corresponding port-binding in the southbound database, a warning
> > will be issued if the port is of an unknown type.
> >
> > Signed-off-by: Mark Michelson <mmichels at redhat.com>
> > ---
> >  ovn/lib/ovn-util.c        | 30 +++++++++++++++++++
> >  ovn/lib/ovn-util.h        |  2 ++
> >  ovn/northd/ovn-northd.c   |  4 +++
> >  ovn/utilities/ovn-nbctl.c |  7 ++++-
> >  tests/ovn-nbctl.at        | 73
> +++++++++++++++++++++++++++++++++++++++++++++++
> >  5 files changed, 115 insertions(+), 1 deletion(-)
> >
>
> Did you look into whether it was possible to use an enum in the db
> schema?  In particular, what would happen on an upgrade of an existing
> database?  and what happens if the existing db has an invalid type in
> it already?
>
> I just want to make sure we clearly rule that out first.
>

I just did a couple of experiments. I updated the DB schema to change the
logical switch port type to be an enum instead of a string.

I created an environment where I had clean values in the DB. I performed an
upgrade and the northbound DB stayed intact and seemed fine.

I then created an environment where there were logical switch ports with
dirty values in the northbound DB. When I ran the upgrade this time, the
entire northbound DB was empty afterwards. It wasn't just the offending
switch ports that got removed; it was literally everything.

My opinion on this is that the schema change is too risky. If it only
removed offending switch ports, it might not be so bad. But a single switch
port with a bad type results in the entire DB being empty. What do you
think?

Mark Michelson


More information about the dev mailing list