feat: support safe ovs bridge rename adoption#172
Draft
gboutry wants to merge 1 commit intocanonical:mainfrom
Draft
feat: support safe ovs bridge rename adoption#172gboutry wants to merge 1 commit intocanonical:mainfrom
gboutry wants to merge 1 commit intocanonical:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
Adds OVN Southbound-based safety checks to decide when external OVS bridges can be safely replaced/adopted during bridge-mapping renames, with an operator CLI override to allow stale SB reads when needed.
Changes:
- Introduce
is_bridge_rename_safe()and anOVNSBClihelper to determine rename safety by checking local chassis bindings in OVN SB. - Update
_configure_ovn_external_networking()to adopt/recreate bridges on safe rename scenarios (including adopting compatible pre-existing bridges). - Add
hypervisor setup-bridgeCLI command with--allow-stale-sb-readand expand unit test coverage.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
openstack_hypervisor/bridge_datapath.py |
Adds OVN SB client + rename safety logic used to gate destructive bridge changes. |
openstack_hypervisor/hooks.py |
Uses rename-safety signal to adopt/recreate bridges and adds adoption helpers. |
openstack_hypervisor/cli/hypervisor.py |
Adds setup-bridge command and passes stale-read override into networking setup. |
tests/unit/test_bridge_datapath.py |
Adds focused tests for rename safety decisions and SB retry behavior. |
tests/unit/test_hooks.py |
Adds tests for safe/unsafe rename behavior and bridge adoption paths. |
tests/unit/cli/test_hypervisor.py |
Adds tests for setup-bridge default behavior and stale-read flag. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Teach OVSCli to decide whether bridge renames are safe by checking local OVN Southbound bindings. When the chassis has no bindings, the external networking setup can replace an old bridge with the configured target bridge and adopt a pre-existing OVS bridge from bridge-mapping, including MAAS-created bridges when they are compatible. Keep the autonomous hook path fail-closed when OVS or authoritative SB state cannot be read. Add an explicit `hypervisor setup-bridge` override for operators who need to allow stale SB reads against relay-backed deployments. Assisted-By: Codex (GPT-5-4) Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
gboutry
force-pushed
the
feat/safe-bridge-rename
branch
from
ca29cc9 to
f600783
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Teach OVSCli to decide whether bridge renames are safe by checking local OVN Southbound bindings. When the chassis has no bindings, the external networking setup can replace an old bridge with the configured target bridge and adopt a pre-existing OVS bridge from bridge-mapping, including MAAS-created bridges when they are compatible.
Keep the autonomous hook path fail-closed when OVS or authoritative SB state cannot be read. Add an explicit
hypervisor setup-bridgeoverride for operators who need to allow stale SB reads against relay-backed deployments.