Mirantis Container Cloud (MCC) becomes part of Mirantis OpenStack for Kubernetes (MOSK)!

Starting with MOSK 25.2, the MOSK documentation set covers all product layers, including MOSK management (formerly MCC). This means everything you need is in one place. The separate MCC documentation site will be retired, so please update your bookmarks for continued easy access to the latest content.

Perform pre-migration verification

This section describes how to run the pre-migration check, collect the results, and resolve the critical issues before migrating your OpenStack deployment from Open vSwitch (OVS) to Open Virtual Network (OVN). This ensures smooth migration minimizing the risk of unexpected downtime and errors.

Run the preflight checks

To run the pre-migration verification, execute the following command from the OpenStackDeployment container in the Rockoon pod:

osctl-ovs-ovn-migrate preflight_checks

By default, MOSK stores the check results in the /tmp/ovs-ovn-migration/preflight_checks-<TIMESTAMP>.yaml file inside the OpenStackDeployment container. Use this file to resolve the detected issues as it contains UUIDs of the OpenStack resources that violate conditions of checks.

If any check with CRITICAL severity fails, it gets the ERROR state in the results file. Mirantis strongly recommends avoiding migration until you properly solve all critical issues detected by the pre-migration check.

Example of the content of the preflight_checks.yaml file
networks_mtu_size_check:
  description: Found networks that have unsuitable MTU size for Geneve. Workloads
    availability will be broken after migration. Please adjust MTU for networks. Migration
    is not recommended.
  state: ERROR
  violations:
  - 8b143e7c-9580-421a-adc0-788bef321b0d
networks_provider_type_check:
  description: Found networks (containing instances) which have problematic provider
    network type. OVN has multiple issues related to usage of ['vlan', 'flat'] networks.
  state: WARNING
  violations:
    8cde0239-21a0-4d26-95bd-17fc77d13ad2:
      instances:
      - '74340fa3-6a70-4736-a378-2246deb52366'
      provider_type: vlan
networks_provider_type_routing_check:
  description: Found networks (containing instances) which have problematic provider
    network type and are connected to routers. OVN has issues with routing of ['vlan',
    'flat'] networks. Each use case should be carefully checked. Migration is not
    recommended.
  state: ERROR
  violations:
    31800eb1-fc73-47f6-a745-04bc04c99fa1:
      instances:
      - d6d84dde-c748-4efb-a053-4f3a617811f8
      provider_type: vlan
      routers:
      - 9f4bdb50-d716-4473-9bf7-ec3b381f472d
    754804bd-c7dd-488c-83ca-c6ac8af64cd0:
      instances:
      - 8edcc6df-ebc1-474c-961b-ad51bd74df6a
      - b2dffcda-f809-4925-a113-704f628a021f
      provider_type: vlan
      routers:
      - 9f4bdb50-d716-4473-9bf7-ec3b381f472d
    d957e578-28e6-41a7-9936-c2ce5f5a7e1b:
      instances:
      - ba917876-c2a5-42a6-9f2a-9670187be122
      provider_type: vlan
      routers:
      - 13d5afc2-9538-4d91-8e5a-e633ce93ec1a
neutron_tenant_network_types_check:
  description: Found tenant_network_types option containing VXLAN network type. Recommended
    network type for OVN is Geneve. When migrating to OVN all existing VXLAN networks
    will be converted to Geneve regardless of this setting. As well as all new networks
    will be created with Geneve network type.
  state: WARNING
  violations:
  - features:neutron:tenant_network_types
  - services:networking:neutron:values:conf:neutron:ml2:tenant_network_types
  - services:networking:neutron:values:conf:plugins:ml2_conf:ml2:tenant_network_types
ports_with_blocked_access_to_dhcpv4_check:
  description: Found ports which have incorrect security group rules for access to
    DHCP. Instances may lose network connectivity after migration. Please configure
    correct rules to allow access to DHCPv4 service. Migration is not recommended.
  state: ERROR
  violations:
  - 7accccc6-b6dc-4947-82f2-61831cd21cf7
routers_gateway_mtu_check:
  description: OVN can only send packet 'ICMP fragmentation needed'. It may not be
    handled by all workloads correctly. Additional analysis is needed.
  state: WARNING
  violations:
    513546e1-eeb2-49aa-a6d7-e52ae216aa46:
      external_net_id: ab00080d-a5dc-4602-843b-9eceac07a213
      networks_mtu:
        59ea5d3d-ca4f-4fd5-b522-7108c8fa9c4f: 1300
        ab00080d-a5dc-4602-843b-9eceac07a213: 1480
        c7b27b46-ebbb-40a8-8e82-db78387aea1b: 1400
    9f4bdb50-d716-4473-9bf7-ec3b381f472d:
      external_net_id: ab00080d-a5dc-4602-843b-9eceac07a213
      networks_mtu:
        31800eb1-fc73-47f6-a745-04bc04c99fa1: 1400
        754804bd-c7dd-488c-83ca-c6ac8af64cd0: 1300
        ab00080d-a5dc-4602-843b-9eceac07a213: 1480
routers_internal_mtu_check:
  description: Since OVN can not fragment packets by itself connectivity between specified
    networks will be broken. Please make sure that all networks plugged into the router
    have the same MTU value. Migration is not recommended.
  state: ERROR
  violations:
    513546e1-eeb2-49aa-a6d7-e52ae216aa46:
      networks_mtu:
        59ea5d3d-ca4f-4fd5-b522-7108c8fa9c4f: 1300
        c7b27b46-ebbb-40a8-8e82-db78387aea1b: 1400
    9f4bdb50-d716-4473-9bf7-ec3b381f472d:
      networks_mtu:
        31800eb1-fc73-47f6-a745-04bc04c99fa1: 1400
        754804bd-c7dd-488c-83ca-c6ac8af64cd0: 1300
sriov_ports_floating_ip_check:
  description: No issues found
  state: SUCCESS
  violations: {}
subnets_ip_address_availability_check:
  description: 'Found subnets that do not have free IPs. Metadata ports may not be
    created aftser migration. Metadata will not be available for instances after migration. '
  state: WARNING
  violations:
  - e0053e1b-ddf9-4192-a28c-7f661e7692e6
subnets_without_dns_nameservers_check:
  description: Found subnets that do not have dns nameservers set. Access to DNS from
    instances will be broken. Please set dns nameservers for subnets manually. Migration
    is not recommended.
  state: ERROR
  violations:
  - 33edd520-f14e-40ad-ba77-721084594949
  - 711fd1b0-a763-42c3-986e-44a291b79db8
  - 85ba9a6b-659c-4ce8-b58a-d3c34c796f45
  - 96d72182-886e-4d12-ab20-76ce81d526af
  - d4738c9a-a8d6-4e1b-a5a0-0eb92aafc4c6
  - e0053e1b-ddf9-4192-a28c-7f661e7692e6
  - e0be287d-0137-4ba4-a963-8739cc19465f
subnets_without_enabled_dhcp_check:
  description: No issues found
  state: SUCCESS
  violations: []
unsupported_features_check:
  description: No issues found
  state: SUCCESS
  violations: {}

Resolve failed pre-migration checks

  1. Copy the pre-migration checks results file to the keystone-client pod:

    kubectl -n osh-system cp <ROCKOON-POD>:/tmp/ovs-ovn-migration/preflight_checks_<TIMESTAMP>.yaml ./reflight_checks_<TIMESTAMP>.yaml
kubectl -n openstack cp preflight_checks_<TIMESTAMP>.yaml <KEYSTONE-CLIENT-POD>:/tmp/

  2. Convert the pre-migration checks results file to the JSON format. You will use its content later to fix violating resources:

    python3 -c 'import sys, yaml, json; y=yaml.safe_load(sys.stdin.read()); print(json.dumps(y))' < /tmp/preflight_checks_<TIMESTAMP>.yaml > /tmp/preflight_checks.json

  3. Review every failed check carefully and resolve issues as described in the table below.

    OVS to OVS pre-migration checks

    Preflight check

    Failure reason

    Resolution

    networks_mtu_size_check

    Network MTU is not suitable for Geneve.

    Adjust MTUs of the affected networks as described in Adjust MTU for VXLAN tenant networks.
    networks_provider_type_check
    networks_provider_type_routing_check

    VLAN or flat networks are used.

    Contact Mirantis support for further guidance.

    neutron_tenant_network_types_check

    VXLAN tenant network type is configured in the OpenStackDeployment custom resource while the recommended network type for OVN is Geneve.

    The result of this check contains all paths in OpenStackDeployment, where VXLAN is configured. Remove the VXLAN network type after migration.

    ports_with_blocked_access_to_dhcpv4_check

    Security group rules prevent DHCP access for instance ports.

    The result of this check contains UUIDs of the affected instance ports. Adjust security groups to allow DHCP as described in Adjust security groups to allow access to DHCP and Metadata.

    routers_gateway_mtu_check

    Router gateway MTU differs from networks MTU connected to this router.

    Align the router MTU of gateway port with networks MTU connected to this router.

    routers_internal_mtu_check

    Tenant networks connected to the router have inconsistent MTU.

    Ensure that all tenant networks connected to the router have the same MTU.

    sriov_ports_floating_ip_check

    Issues with SR-IOV ports and assigned floating IP addresses.

    Contact Mirantis support for further guidance.

    subnets_ip_address_availability_check

    Subnets have no available IP addresses.

    The result of this check contains UUIDs of subnets that do not have available IP addresses. Free at least one IP address per subnet for the OVN Metadata agent.

    If you cannot free IP addresses before migration, the IP adresses used for the Neutron OVS DHCP agent will be released automatically during migration when the related ports are cleaned up. To make the Neutron OVN Metadata agent use these freed addresses, restart the metadata agent pods. Then wait untill an instance renews the DHCP lease, or manually renew the address from inside the instance. By default, the DHCP lease is renewed every six hours.

    Note

    The route to the Metadata service used by an instance before migration may change during migration when the Metadata agent port is created. This route is updated when the instance renews its DHCP lease. Some operating systems may keep the old route in the instance routing table even after the lease renewal. In such cases, the operator must update the route manually.

    subnets_without_dns_nameservers_check

    Subnets are missing DNS nameservers.

    Configure the DNS nameservers as described in Migrate networking from Open vSwitch to Open Virtual Network.

    subnets_without_enabled_dhcp_check

    VXLAN subnets have DHCP disabled.

    The result of this check contains UUIDS of subnets related to the VXLAN networks that have DHCP disabled. Considering the need to adjust the MTU for VXLAN networks, such subnets will not receive the required MTU size automatically. You need to adjust the MTU size on instance ports within these subnets from inside each affected instance manually as descirbed in Adjust MTU for VXLAN tenant networks.

    unsupported_features_check

    Unsupported features detected for OVN.

    Disable unsupported features before migration.

    Caution

    OVN supports VPNaaS, but MOSK does not currently support seamless migration from OVS to OVN in such setup. This limitation is not detected by unsupported_features_check. If your deployment uses VPNaaS, avoid migrating to OVN.

After you resolve all issues, rerun the pre-migration check to verify that you have successfully resolved all critical issues and can proceed with the actual migration.