From db3b8d7021d795d2206869d9f2258597065cffee Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Mon, 18 Mar 2024 18:35:39 +0100
Subject: [PATCH] [doc] Expand documentation on OVN useful commands
Change-Id: Ic318e4058c648ffa98392978bbb40440326ba948
---
doc/source/app-ovn.rst | 128 ++++++++++++++++++++++++++++++++++++++++-
1 file changed, 127 insertions(+), 1 deletion(-)
diff --git a/doc/source/app-ovn.rst b/doc/source/app-ovn.rst
index 0b284c75..d86f3c13 100644
--- a/doc/source/app-ovn.rst
+++ b/doc/source/app-ovn.rst
@@ -157,7 +157,7 @@ OpenStack-Ansible user variables
To deploy OpenStack-Ansible using the ML2/OVN mechanism driver, set the
following user variables in the``/etc/openstack_deploy/user_variables.yml``
file:
-
+
.. code-block:: yaml
neutron_plugin_type: ml2.ovn
@@ -236,6 +236,15 @@ Useful Open Virtual Network (OVN) Commands
The following commands can be used to provide useful information about the
state of Open vSwitch networking and configurations.
+The following ad-hoc command can be executed to find the current state and the
+leader of the NB/SB database:
+
+.. code-block:: console
+
+ ansible neutron_ovn_northd -m command -a "ovs-appctl -t /var/run/ovn/ovnnb_db.ctl cluster/status OVN_Northbound"
+ ansible neutron_ovn_northd -m command -a "ovs-appctl -t /var/run/ovn/ovnsb_db.ctl cluster/status OVN_Southbound"
+
+
The ``ovs-vsctl list open_vswitch`` command provides information about the
``open_vswitch`` table in the local Open vSwitch database and can be run from
any network or compute host:
@@ -262,6 +271,23 @@ any network or compute host:
system_type : ubuntu
system_version : "20.04"
+
+If you want to check only for only a specific field from the ovs-vsctl output, like applied
+interface mappings, you can select it in the following way:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovs-vsctl get open . external_ids:ovn-bridge-mappings
+ "vlan:br-provider"
+
+You can also get information about the agent UUID which will be stated in
+``openstack network agent list`` output via similar command:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovs-vsctl get open . external_ids:system-id
+ "a67926f2-9543-419a-903d-23e2aa308368"
+
.. note::
Commands towards OVN Southbound and Northbound databases are expected to be run
@@ -305,6 +331,31 @@ connection details:
options: {csum="true"}
Port_Binding cr-lrp-022933b6-fb12-4f40-897f-745761f03186
+You can get specific information about chassis by providing either it's
+`name`, where `name` is UUID of the agent (`external_ids:system-id` from the
+ovs-vsctl output), for example:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovn-sbctl list Chassis ff66288c-5a7c-41fb-ba54-6c781f95a81e
+ _uuid : b0b6ebec-1c64-417a-adb7-d383632a4c5e
+ encaps : [a3ba78c3-df14-4144-81e0-e6379541bc89]
+ external_ids : {}
+ hostname : mnaio-compute2
+ name : "ff66288c-5a7c-41fb-ba54-6c781f95a81e"
+ nb_cfg : 0
+ other_config : {ct-no-masked-label="true", datapath-type=system, fdb-timestamp="true", iface-types="afxdp,afxdp-nonpmd,bareudp,erspan,geneve,gre,gtpu,internal,ip6erspan,ip6gre,lisp,patch,srv6,stt,system,tap,vxlan", is-interconn="false", mac-binding-timestamp="true", ovn-bridge-mappings="vlan:br-provider", ovn-chassis-mac-mappings="", ovn-cms-options="", ovn-ct-lb-related="true", ovn-enable-lflow-cache="true", ovn-limit-lflow-cache="", ovn-memlimit-lflow-cache-kb="", ovn-monitor-all="false", ovn-trim-limit-lflow-cache="", ovn-trim-timeout-ms="", ovn-trim-wmark-perc-lflow-cache="", port-up-notif="true"}
+ transport_zones : []
+ vtep_logical_switches: []
+
+As you might see, ``other_config`` row also contains bridge-mapping, which can
+be fetched from the table similarly to the ovs-vsctl way:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovn-sbctl get Chassis ff66288c-5a7c-41fb-ba54-6c781f95a81e other_config:ovn-bridge-mappings
+ "vlan:br-provider"
+
The ``ovn-nbctl show`` command provides information about networks, ports,
and other objects known to OVN and demonstrates connectivity between the
northbound database and neutron-server.
@@ -360,9 +411,84 @@ northbound database and neutron-server.
logical ip: "10.3.3.49"
type: "dnat_and_snat"
+Floating IPs and Router SNAT are represented via NAT rules in the NB database,
+where FIP has type `dnat_and_snat`.
+You can fetch the list of NAT rules assigned to a specific router using the router
+name in the OVN database, which is formatted like ``neutron-<UUID>``, where UUID
+is the UUID of the router in Neutron database. Command will look like this:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovn-nbctl lr-nat-list neutron-b0d6ca32-fda3-4fdc-b648-82c8bee303dc
+ TYPE GATEWAY_PORT EXTERNAL_IP EXTERNAL_PORT LOGICAL_IP EXTERNAL_MAC LOGICAL_PORT
+ dnat_and_snat 192.168.25.246 10.3.3.49
+ snat 192.168.25.242 10.3.3.0/24
+
+
+Mapping/location of the router to the gateway node can be established by
+logical ports of the router. For that you need to know the UUID of the
+external port attached to the router. Port name in OVN database is constructed as
+``lrp-<UUID>``, where UUID is the Neutron port UUID. Given, that an external
+network in the topic is named `public`, you can determine the gateway node in a
+following way:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# openstack port list --router b0d6ca32-fda3-4fdc-b648-82c8bee303dc --network public -c ID
+ +--------------------------------------+
+ | ID |
+ +--------------------------------------+
+ | 16555e74-fbef-4ecb-918c-2fb76bf5d42d |
+ +--------------------------------------+
+ root@mnaio-controller1:~# ovn-nbctl get Logical_Router_Port lrp-16555e74-fbef-4ecb-918c-2fb76bf5d42d status:hosting-chassis
+ "5335c34d-9233-47bd-92f1-fc7503270783"
+ root@mnaio-controller1:~# ovn-sbctl get Chassis 5335c34d-9233-47bd-92f1-fc7503270783 hostname
+ mnaio-compute1
+ root@mnaio-controller1:~# openstack network agent show 5335c34d-9233-47bd-92f1-fc7503270783 -c host
+ +-------+-----------------------------+
+ | Field | Value |
+ +-------+-----------------------------+
+ | host | mnaio-compute1 |
+ +-------+-----------------------------+
+
+To list all gateway chassis on which the logical port is scheduled with their priorities, you can use:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovn-nbctl lrp-get-gateway-chassis lrp-16555e74-fbef-4ecb-918c-2fb76bf5d42d | cut -d '_' -f 2
+ 5335c34d-9233-47bd-92f1-fc7503270783 2
+ cb6761f4-c14c-41f8-9654-16f3fc7cc7e6 1
+
+
+In order to migrate active router logical port to another node, you can
+execute the following command:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# ovn-nbctl lrp-set-gateway-chassis lrp-16555e74-fbef-4ecb-918c-2fb76bf5d42d ff66288c-5a7c-41fb-ba54-6c781f95a81e 10
+
Additional commands can be found in upstream OVN documentation and other
resources listed on this page.
+OVN database population
+-----------------------
+
+In case of OVN DB clustering failure and data loss as a result, you can always
+re-populate data in OVN SB/NB from stored state in Neutron database.
+
+For that, you can execute the following:
+
+.. code-block:: console
+
+ root@mnaio-controller1:~# lxc-attach -n $(lxc-ls -1 | grep neutron-server)
+ root@mnaio-controller1-neutron-server-container-7510c8bf:/# source /etc/openstack-release
+ root@mnaio-controller1-neutron-server-container-7510c8bf:/# /openstack/venvs/neutron-${DISTRIB_RELEASE}/bin/neutron-ovn-db-sync-util --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini --ovn-neutron_sync_mode repair
+
+Command ``neutron-ovn-db-sync-util`` is also used during migration from OVS to
+OVN. For that, you need to supply ``--ovn-neutron_sync_mode migrate`` instead
+of `repair` as shown in example above.
+
+
Notes
-----