all: children: cephs: hosts: instance: null computes: hosts: instance: null controllers: hosts: instance: null zuul_unreachable: hosts: {} hosts: instance: ansible_connection: ssh ansible_host: 199.204.45.240 ansible_port: 22 ansible_python_interpreter: auto ansible_user: zuul atmosphere_image_prefix: harbor.atmosphere.dev/ atmosphere_network_backend: ovn barbican_helm_values: pod: replicas: api: 1 ceph_conf_overrides: - option: mon allow pool size one section: global value: true - option: osd crush chooseleaf type section: global value: 0 - option: auth allow insecure global id reclaim section: mon value: false ceph_csi_rbd_helm_values: provisioner: replicaCount: 1 ceph_fsid: 4837cbf8-4f90-4300-b3f6-726c9b9f89b4 ceph_osd_devices: - /dev/ceph-{{ inventory_hostname_short }}-osd0/data - /dev/ceph-{{ inventory_hostname_short }}-osd1/data - /dev/ceph-{{ inventory_hostname_short }}-osd2/data ceph_version: 18.2.7 cilium_helm_values: operator: replicas: 1 cinder_helm_values: conf: ceph: pools: backup: replication: 1 cinder.volumes: replication: 1 cinder: DEFAULT: osapi_volume_workers: 2 pod: replicas: api: 1 scheduler: 1 cluster_issuer_type: self-signed coredns_helm_values: replicaCount: 1 csi_driver: local-path-provisioner glance_helm_values: conf: glance: DEFAULT: workers: 2 glance_store: rbd_store_replication: 1 pod: replicas: api: 1 glance_images: - container_format: bare disk_format: raw is_public: true min_disk: 1 name: cirros url: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img heat_helm_values: conf: heat: DEFAULT: num_engine_workers: 2 heat_api: workers: 2 heat_api_cfn: workers: 2 heat_api_cloudwatch: workers: 2 pod: replicas: api: 1 cfn: 1 cloudwatch: 1 engine: 1 horizon_helm_values: pod: replicas: server: 1 ingress_nginx_helm_values: controller: config: worker-processes: 2 keystone_helm_values: pod: replicas: api: 1 kube_vip_address: 172.17.0.100 kube_vip_interface: '{{ ansible_facts[''default_ipv4''].interface }}' kubernetes_hostname: '{{ ansible_facts[''default_ipv4''].address }}' kubernetes_keepalived_interface: br-mgmt magnum_helm_values: conf: magnum: api: workers: 2 conductor: workers: 2 pod: replicas: api: 1 conductor: 1 magnum_image_disk_format: qcow2 magnum_images: '[ {{ _magnum_images[-1] }} ]' manila_helm_values: conf: manila: DEFAULT: osapi_share_workers: 2 pod: replicas: api: 1 scheduler: 1 molecule_scenario: aio neutron_helm_values: conf: neutron: DEFAULT: api_workers: 2 metadata_workers: 2 rpc_workers: 2 pod: replicas: rpc_server: 1 server: 1 nodepool: az: nova cloud: public external_id: f4ac0ccf-d9eb-4693-9c99-75a50775bb60 host_id: 7cb77d063530dedbf6983b78a36ec607482cf1d282610499e8bd9357 interface_ip: 199.204.45.240 label: ubuntu-jammy-16 node_properties: {} private_ipv4: 199.204.45.240 private_ipv6: null provider: yul1 public_ipv4: 199.204.45.240 public_ipv6: 2604:e100:1:0:f816:3eff:fe2c:a180 region: ca-ymq-1 slot: null nova_helm_values: conf: nova: DEFAULT: metadata_workers: 2 osapi_compute_workers: 2 conductor: workers: 2 scheduler: workers: 2 pod: replicas: api_metadata: 1 conductor: 1 novncproxy: 1 osapi: 1 scheduler: 1 spiceproxy: 1 octavia_helm_values: conf: octavia: controller_worker: workers: 2 octavia_api_uwsgi: uwsgi: processes: 2 pod: replicas: api: 1 housekeeping: 1 worker: 1 ovn_helm_values: conf: auto_bridge_add: br-ex: null pod: replicas: ovn_northd: 1 ovn_ovsdb_nb: 1 ovn_ovsdb_sb: 1 percona_xtradb_cluster_spec: allowUnsafeConfigurations: true haproxy: size: 1 pxc: size: 1 placement_helm_values: conf: placement_api_uwsgi: uwsgi: processes: 2 pod: replicas: api: 1 rook_ceph_cluster_radosgw_spec: dataPool: failureDomain: osd gateway: instances: 1 metadataPool: failureDomain: osd staffeln_helm_values: pod: replicas: api: 1 conductor: 1 valkey_helm_values: replica: replicaCount: 1 zuul_node: az: nova cloud: public external_id: f4ac0ccf-d9eb-4693-9c99-75a50775bb60 host_id: 7cb77d063530dedbf6983b78a36ec607482cf1d282610499e8bd9357 interface_ip: 199.204.45.240 label: ubuntu-jammy-16 node_properties: {} private_ipv4: 199.204.45.240 private_ipv6: null provider: yul1 public_ipv4: 199.204.45.240 public_ipv6: 2604:e100:1:0:f816:3eff:fe2c:a180 region: ca-ymq-1 slot: null uuid: null vars: atmosphere_image_prefix: harbor.atmosphere.dev/ atmosphere_network_backend: ovn barbican_helm_values: pod: replicas: api: 1 ceph_conf_overrides: - option: mon allow pool size one section: global value: true - option: osd crush chooseleaf type section: global value: 0 - option: auth allow insecure global id reclaim section: mon value: false ceph_csi_rbd_helm_values: provisioner: replicaCount: 1 ceph_fsid: 4837cbf8-4f90-4300-b3f6-726c9b9f89b4 ceph_osd_devices: - /dev/ceph-{{ inventory_hostname_short }}-osd0/data - /dev/ceph-{{ inventory_hostname_short }}-osd1/data - /dev/ceph-{{ inventory_hostname_short }}-osd2/data ceph_version: 18.2.7 cilium_helm_values: operator: replicas: 1 cinder_helm_values: conf: ceph: pools: backup: replication: 1 cinder.volumes: replication: 1 cinder: DEFAULT: osapi_volume_workers: 2 pod: replicas: api: 1 scheduler: 1 cluster_issuer_type: self-signed coredns_helm_values: replicaCount: 1 csi_driver: local-path-provisioner glance_helm_values: conf: glance: DEFAULT: workers: 2 glance_store: rbd_store_replication: 1 pod: replicas: api: 1 glance_images: - container_format: bare disk_format: raw is_public: true min_disk: 1 name: cirros url: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img heat_helm_values: conf: heat: DEFAULT: num_engine_workers: 2 heat_api: workers: 2 heat_api_cfn: workers: 2 heat_api_cloudwatch: workers: 2 pod: replicas: api: 1 cfn: 1 cloudwatch: 1 engine: 1 horizon_helm_values: pod: replicas: server: 1 ingress_nginx_helm_values: controller: config: worker-processes: 2 keystone_helm_values: pod: replicas: api: 1 kube_vip_address: 172.17.0.100 kube_vip_interface: '{{ ansible_facts[''default_ipv4''].interface }}' kubernetes_hostname: '{{ ansible_facts[''default_ipv4''].address }}' kubernetes_keepalived_interface: br-mgmt magnum_helm_values: conf: magnum: api: workers: 2 conductor: workers: 2 pod: replicas: api: 1 conductor: 1 magnum_image_disk_format: qcow2 magnum_images: '[ {{ _magnum_images[-1] }} ]' manila_helm_values: conf: manila: DEFAULT: osapi_share_workers: 2 pod: replicas: api: 1 scheduler: 1 molecule_scenario: aio neutron_helm_values: conf: neutron: DEFAULT: api_workers: 2 metadata_workers: 2 rpc_workers: 2 pod: replicas: rpc_server: 1 server: 1 nova_helm_values: conf: nova: DEFAULT: metadata_workers: 2 osapi_compute_workers: 2 conductor: workers: 2 scheduler: workers: 2 pod: replicas: api_metadata: 1 conductor: 1 novncproxy: 1 osapi: 1 scheduler: 1 spiceproxy: 1 octavia_helm_values: conf: octavia: controller_worker: workers: 2 octavia_api_uwsgi: uwsgi: processes: 2 pod: replicas: api: 1 housekeeping: 1 worker: 1 ovn_helm_values: conf: auto_bridge_add: br-ex: null pod: replicas: ovn_northd: 1 ovn_ovsdb_nb: 1 ovn_ovsdb_sb: 1 percona_xtradb_cluster_spec: allowUnsafeConfigurations: true haproxy: size: 1 pxc: size: 1 placement_helm_values: conf: placement_api_uwsgi: uwsgi: processes: 2 pod: replicas: api: 1 rook_ceph_cluster_radosgw_spec: dataPool: failureDomain: osd gateway: instances: 1 metadataPool: failureDomain: osd staffeln_helm_values: pod: replicas: api: 1 conductor: 1 valkey_helm_values: replica: replicaCount: 1 zuul: _inheritance_path: - '' - '' - '' - '' - '' - '' ansible_version: '9' attempts: 1 branch: main build: 204a17903f964e19a1601a00f998e0cb build_refs: - branch: main change: '3904' change_message: "feat(ovn): add periodic cleanup of stale OVS ports on br-int\n\n## Summary\n\nAdds a new `ovn-stale-port-cleanup` DaemonSet to the `ovn` chart that periodically removes stale OVS ports from the integration bridge (`br-int`) on every node running `ovn-controller`.\n\n## Background\n\nStale ports accumulate when `libvirt` removes a VM tap device but the matching OVS `Port` / `Interface` row is left behind on `br-int`. Over time these orphaned entries cause `ovn-controller` poll-loop stalls of tens of seconds, OVS disconnections, and packet drops on healthy VMs sharing the same hypervisor.\n\n## What it does\n\nA small DaemonSet runs on every `openvswitch=enabled` node (same selector as `ovn-controller`). On a configurable cadence it:\n\n1. Lists ports attached to `br-int`.\n2. Intersects with Interface rows that have `external_ids:iface-id` set (Neutron VIFs only \u2014 never touches uplinks, bond members, patch ports).\n3. Marks an interface as a *candidate* if its `Interface.error` column is non-empty (typical: `could not open network device tapXXXX (No such device)`) **or** the kernel netdev is not visible to `ip link`.\n4. Confirms a candidate only after `MIN_STALE_OBSERVATIONS` consecutive cycles (default: 2) \u2014 guards against the race where the Neutron OVS agent has created the port but `libvirt` has not yet created the tap device.\n5. Calls `ovs-vsctl --if-exists del-port br-int ` for each confirmed port, capped at `MAX_DELETIONS_PER_CYCLE` per pass.\n\n## Safety\n\n- **VIF-only filter** \u2014 only ports with `external_ids:iface-id` set are considered.\n- **Bridge-scoped** \u2014 only ports on the configured integration bridge (`conf.ovn_bridge`).\n- **Two-cycle debounce** \u2014 covers the agent-creates-port-then-libvirt-creates-tap race.\n- **`external_ids:skip_cleanup=\"true\"`** opt-out, matching Neutron's own `OVSCleanup` convention.\n- **`MAX_DELETIONS_PER_CYCLE=200`** cap.\n- **`DRY_RUN=1`** mode logs candidates without acting.\n\n## Configuration\n\n```yaml\nconf:\n \ stale_port_cleanup:\n ovs_db_socket: /run/openvswitch/db.sock\n interval_seconds: 3600\n max_deletions_per_cycle: 200\n min_stale_observations: 2\n \ dry_run: 0\n\nmanifests:\n daemonset_ovn_stale_port_cleanup: true\n```\n\nOperators recovering an already-degraded fleet may want to temporarily raise `max_deletions_per_cycle` for the first few cycles.\n\n## Validation\n\n- `helm template charts/ovn` renders cleanly (DaemonSet, ConfigMap entry, ServiceAccount, Role, RoleBinding).\n- `bash -n` passes on the script.\n\n## Files changed\n\n- `charts/ovn/templates/bin/_ovn-stale-port-cleanup.sh.tpl` \u2014 cleanup loop\n- `charts/ovn/templates/daemonset-ovn-stale-port-cleanup.yaml` \u2014 DaemonSet manifest\n- `charts/ovn/templates/configmap-bin.yaml` \u2014 register the script in `ovn-bin`\n- `charts/ovn/values.yaml` \u2014 image, label, conf, tolerations, resources, dependency, manifest toggle\n- `releasenotes/notes/add-ovn-stale-port-cleanup-3a9f1c8b2d4e7f10.yaml` \u2014 reno note\n\n## Follow-ups (not in this PR)\n\n- Prometheus textfile metric (`ovn_stale_ports_removed_total`) so we can alert if the rate spikes.\n- Molecule test exercising the script against a fake OVSDB.\n" change_url: https://github.com/vexxhost/atmosphere/pull/3904 commit_id: 9257e92451a28029dc05b052d03f68e069305313 patchset: 9257e92451a28029dc05b052d03f68e069305313 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere src_dir: src/github.com/vexxhost/atmosphere topic: null buildset: 65080d8cf7aa41f99b2f41f73b52c38e buildset_refs: - branch: main change: '3904' change_message: "feat(ovn): add periodic cleanup of stale OVS ports on br-int\n\n## Summary\n\nAdds a new `ovn-stale-port-cleanup` DaemonSet to the `ovn` chart that periodically removes stale OVS ports from the integration bridge (`br-int`) on every node running `ovn-controller`.\n\n## Background\n\nStale ports accumulate when `libvirt` removes a VM tap device but the matching OVS `Port` / `Interface` row is left behind on `br-int`. Over time these orphaned entries cause `ovn-controller` poll-loop stalls of tens of seconds, OVS disconnections, and packet drops on healthy VMs sharing the same hypervisor.\n\n## What it does\n\nA small DaemonSet runs on every `openvswitch=enabled` node (same selector as `ovn-controller`). On a configurable cadence it:\n\n1. Lists ports attached to `br-int`.\n2. Intersects with Interface rows that have `external_ids:iface-id` set (Neutron VIFs only \u2014 never touches uplinks, bond members, patch ports).\n3. Marks an interface as a *candidate* if its `Interface.error` column is non-empty (typical: `could not open network device tapXXXX (No such device)`) **or** the kernel netdev is not visible to `ip link`.\n4. Confirms a candidate only after `MIN_STALE_OBSERVATIONS` consecutive cycles (default: 2) \u2014 guards against the race where the Neutron OVS agent has created the port but `libvirt` has not yet created the tap device.\n5. Calls `ovs-vsctl --if-exists del-port br-int ` for each confirmed port, capped at `MAX_DELETIONS_PER_CYCLE` per pass.\n\n## Safety\n\n- **VIF-only filter** \u2014 only ports with `external_ids:iface-id` set are considered.\n- **Bridge-scoped** \u2014 only ports on the configured integration bridge (`conf.ovn_bridge`).\n- **Two-cycle debounce** \u2014 covers the agent-creates-port-then-libvirt-creates-tap race.\n- **`external_ids:skip_cleanup=\"true\"`** opt-out, matching Neutron's own `OVSCleanup` convention.\n- **`MAX_DELETIONS_PER_CYCLE=200`** cap.\n- **`DRY_RUN=1`** mode logs candidates without acting.\n\n## Configuration\n\n```yaml\nconf:\n \ stale_port_cleanup:\n ovs_db_socket: /run/openvswitch/db.sock\n interval_seconds: 3600\n max_deletions_per_cycle: 200\n min_stale_observations: 2\n \ dry_run: 0\n\nmanifests:\n daemonset_ovn_stale_port_cleanup: true\n```\n\nOperators recovering an already-degraded fleet may want to temporarily raise `max_deletions_per_cycle` for the first few cycles.\n\n## Validation\n\n- `helm template charts/ovn` renders cleanly (DaemonSet, ConfigMap entry, ServiceAccount, Role, RoleBinding).\n- `bash -n` passes on the script.\n\n## Files changed\n\n- `charts/ovn/templates/bin/_ovn-stale-port-cleanup.sh.tpl` \u2014 cleanup loop\n- `charts/ovn/templates/daemonset-ovn-stale-port-cleanup.yaml` \u2014 DaemonSet manifest\n- `charts/ovn/templates/configmap-bin.yaml` \u2014 register the script in `ovn-bin`\n- `charts/ovn/values.yaml` \u2014 image, label, conf, tolerations, resources, dependency, manifest toggle\n- `releasenotes/notes/add-ovn-stale-port-cleanup-3a9f1c8b2d4e7f10.yaml` \u2014 reno note\n\n## Follow-ups (not in this PR)\n\n- Prometheus textfile metric (`ovn_stale_ports_removed_total`) so we can alert if the rate spikes.\n- Molecule test exercising the script against a fake OVSDB.\n" change_url: https://github.com/vexxhost/atmosphere/pull/3904 commit_id: 9257e92451a28029dc05b052d03f68e069305313 patchset: 9257e92451a28029dc05b052d03f68e069305313 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere src_dir: src/github.com/vexxhost/atmosphere topic: null change: '3904' change_message: "feat(ovn): add periodic cleanup of stale OVS ports on br-int\n\n## Summary\n\nAdds a new `ovn-stale-port-cleanup` DaemonSet to the `ovn` chart that periodically removes stale OVS ports from the integration bridge (`br-int`) on every node running `ovn-controller`.\n\n## Background\n\nStale ports accumulate when `libvirt` removes a VM tap device but the matching OVS `Port` / `Interface` row is left behind on `br-int`. Over time these orphaned entries cause `ovn-controller` poll-loop stalls of tens of seconds, OVS disconnections, and packet drops on healthy VMs sharing the same hypervisor.\n\n## What it does\n\nA small DaemonSet runs on every `openvswitch=enabled` node (same selector as `ovn-controller`). On a configurable cadence it:\n\n1. Lists ports attached to `br-int`.\n2. Intersects with Interface rows that have `external_ids:iface-id` set (Neutron VIFs only \u2014 never touches uplinks, bond members, patch ports).\n3. Marks an interface as a *candidate* if its `Interface.error` column is non-empty (typical: `could not open network device tapXXXX (No such device)`) **or** the kernel netdev is not visible to `ip link`.\n4. Confirms a candidate only after `MIN_STALE_OBSERVATIONS` consecutive cycles (default: 2) \u2014 guards against the race where the Neutron OVS agent has created the port but `libvirt` has not yet created the tap device.\n5. Calls `ovs-vsctl --if-exists del-port br-int ` for each confirmed port, capped at `MAX_DELETIONS_PER_CYCLE` per pass.\n\n## Safety\n\n- **VIF-only filter** \u2014 only ports with `external_ids:iface-id` set are considered.\n- **Bridge-scoped** \u2014 only ports on the configured integration bridge (`conf.ovn_bridge`).\n- **Two-cycle debounce** \u2014 covers the agent-creates-port-then-libvirt-creates-tap race.\n- **`external_ids:skip_cleanup=\"true\"`** opt-out, matching Neutron's own `OVSCleanup` convention.\n- **`MAX_DELETIONS_PER_CYCLE=200`** cap.\n- **`DRY_RUN=1`** mode logs candidates without acting.\n\n## Configuration\n\n```yaml\nconf:\n \ stale_port_cleanup:\n ovs_db_socket: /run/openvswitch/db.sock\n interval_seconds: 3600\n max_deletions_per_cycle: 200\n min_stale_observations: 2\n dry_run: 0\n\nmanifests:\n daemonset_ovn_stale_port_cleanup: true\n```\n\nOperators recovering an already-degraded fleet may want to temporarily raise `max_deletions_per_cycle` for the first few cycles.\n\n## Validation\n\n- `helm template charts/ovn` renders cleanly (DaemonSet, ConfigMap entry, ServiceAccount, Role, RoleBinding).\n- `bash -n` passes on the script.\n\n## Files changed\n\n- `charts/ovn/templates/bin/_ovn-stale-port-cleanup.sh.tpl` \u2014 cleanup loop\n- `charts/ovn/templates/daemonset-ovn-stale-port-cleanup.yaml` \u2014 DaemonSet manifest\n- `charts/ovn/templates/configmap-bin.yaml` \u2014 register the script in `ovn-bin`\n- `charts/ovn/values.yaml` \u2014 image, label, conf, tolerations, resources, dependency, manifest toggle\n- `releasenotes/notes/add-ovn-stale-port-cleanup-3a9f1c8b2d4e7f10.yaml` \u2014 reno note\n\n## Follow-ups (not in this PR)\n\n- Prometheus textfile metric (`ovn_stale_ports_removed_total`) so we can alert if the rate spikes.\n- Molecule test exercising the script against a fake OVSDB.\n" change_url: https://github.com/vexxhost/atmosphere/pull/3904 child_jobs: [] commit_id: 9257e92451a28029dc05b052d03f68e069305313 event_id: 0a153b40-4a87-11f1-86cd-b468e84f325e executor: hostname: 2d72f0692154 inventory_file: /var/lib/zuul/builds/204a17903f964e19a1601a00f998e0cb/ansible/inventory.yaml log_root: /var/lib/zuul/builds/204a17903f964e19a1601a00f998e0cb/work/logs result_data_file: /var/lib/zuul/builds/204a17903f964e19a1601a00f998e0cb/work/results.json src_root: /var/lib/zuul/builds/204a17903f964e19a1601a00f998e0cb/work/src work_root: /var/lib/zuul/builds/204a17903f964e19a1601a00f998e0cb/work include_vars: [] items: - branch: main change: '3904' change_message: "feat(ovn): add periodic cleanup of stale OVS ports on br-int\n\n## Summary\n\nAdds a new `ovn-stale-port-cleanup` DaemonSet to the `ovn` chart that periodically removes stale OVS ports from the integration bridge (`br-int`) on every node running `ovn-controller`.\n\n## Background\n\nStale ports accumulate when `libvirt` removes a VM tap device but the matching OVS `Port` / `Interface` row is left behind on `br-int`. Over time these orphaned entries cause `ovn-controller` poll-loop stalls of tens of seconds, OVS disconnections, and packet drops on healthy VMs sharing the same hypervisor.\n\n## What it does\n\nA small DaemonSet runs on every `openvswitch=enabled` node (same selector as `ovn-controller`). On a configurable cadence it:\n\n1. Lists ports attached to `br-int`.\n2. Intersects with Interface rows that have `external_ids:iface-id` set (Neutron VIFs only \u2014 never touches uplinks, bond members, patch ports).\n3. Marks an interface as a *candidate* if its `Interface.error` column is non-empty (typical: `could not open network device tapXXXX (No such device)`) **or** the kernel netdev is not visible to `ip link`.\n4. Confirms a candidate only after `MIN_STALE_OBSERVATIONS` consecutive cycles (default: 2) \u2014 guards against the race where the Neutron OVS agent has created the port but `libvirt` has not yet created the tap device.\n5. Calls `ovs-vsctl --if-exists del-port br-int ` for each confirmed port, capped at `MAX_DELETIONS_PER_CYCLE` per pass.\n\n## Safety\n\n- **VIF-only filter** \u2014 only ports with `external_ids:iface-id` set are considered.\n- **Bridge-scoped** \u2014 only ports on the configured integration bridge (`conf.ovn_bridge`).\n- **Two-cycle debounce** \u2014 covers the agent-creates-port-then-libvirt-creates-tap race.\n- **`external_ids:skip_cleanup=\"true\"`** opt-out, matching Neutron's own `OVSCleanup` convention.\n- **`MAX_DELETIONS_PER_CYCLE=200`** cap.\n- **`DRY_RUN=1`** mode logs candidates without acting.\n\n## Configuration\n\n```yaml\nconf:\n \ stale_port_cleanup:\n ovs_db_socket: /run/openvswitch/db.sock\n interval_seconds: 3600\n max_deletions_per_cycle: 200\n min_stale_observations: 2\n \ dry_run: 0\n\nmanifests:\n daemonset_ovn_stale_port_cleanup: true\n```\n\nOperators recovering an already-degraded fleet may want to temporarily raise `max_deletions_per_cycle` for the first few cycles.\n\n## Validation\n\n- `helm template charts/ovn` renders cleanly (DaemonSet, ConfigMap entry, ServiceAccount, Role, RoleBinding).\n- `bash -n` passes on the script.\n\n## Files changed\n\n- `charts/ovn/templates/bin/_ovn-stale-port-cleanup.sh.tpl` \u2014 cleanup loop\n- `charts/ovn/templates/daemonset-ovn-stale-port-cleanup.yaml` \u2014 DaemonSet manifest\n- `charts/ovn/templates/configmap-bin.yaml` \u2014 register the script in `ovn-bin`\n- `charts/ovn/values.yaml` \u2014 image, label, conf, tolerations, resources, dependency, manifest toggle\n- `releasenotes/notes/add-ovn-stale-port-cleanup-3a9f1c8b2d4e7f10.yaml` \u2014 reno note\n\n## Follow-ups (not in this PR)\n\n- Prometheus textfile metric (`ovn_stale_ports_removed_total`) so we can alert if the rate spikes.\n- Molecule test exercising the script against a fake OVSDB.\n" change_url: https://github.com/vexxhost/atmosphere/pull/3904 commit_id: 9257e92451a28029dc05b052d03f68e069305313 patchset: 9257e92451a28029dc05b052d03f68e069305313 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere topic: null job: atmosphere-molecule-aio-ovn jobtags: [] max_attempts: 3 message: ZmVhdChvdm4pOiBhZGQgcGVyaW9kaWMgY2xlYW51cCBvZiBzdGFsZSBPVlMgcG9ydHMgb24gYnItaW50CgojIyBTdW1tYXJ5CgpBZGRzIGEgbmV3IGBvdm4tc3RhbGUtcG9ydC1jbGVhbnVwYCBEYWVtb25TZXQgdG8gdGhlIGBvdm5gIGNoYXJ0IHRoYXQgcGVyaW9kaWNhbGx5IHJlbW92ZXMgc3RhbGUgT1ZTIHBvcnRzIGZyb20gdGhlIGludGVncmF0aW9uIGJyaWRnZSAoYGJyLWludGApIG9uIGV2ZXJ5IG5vZGUgcnVubmluZyBgb3ZuLWNvbnRyb2xsZXJgLgoKIyMgQmFja2dyb3VuZAoKU3RhbGUgcG9ydHMgYWNjdW11bGF0ZSB3aGVuIGBsaWJ2aXJ0YCByZW1vdmVzIGEgVk0gdGFwIGRldmljZSBidXQgdGhlIG1hdGNoaW5nIE9WUyBgUG9ydGAgLyBgSW50ZXJmYWNlYCByb3cgaXMgbGVmdCBiZWhpbmQgb24gYGJyLWludGAuIE92ZXIgdGltZSB0aGVzZSBvcnBoYW5lZCBlbnRyaWVzIGNhdXNlIGBvdm4tY29udHJvbGxlcmAgcG9sbC1sb29wIHN0YWxscyBvZiB0ZW5zIG9mIHNlY29uZHMsIE9WUyBkaXNjb25uZWN0aW9ucywgYW5kIHBhY2tldCBkcm9wcyBvbiBoZWFsdGh5IFZNcyBzaGFyaW5nIHRoZSBzYW1lIGh5cGVydmlzb3IuCgojIyBXaGF0IGl0IGRvZXMKCkEgc21hbGwgRGFlbW9uU2V0IHJ1bnMgb24gZXZlcnkgYG9wZW52c3dpdGNoPWVuYWJsZWRgIG5vZGUgKHNhbWUgc2VsZWN0b3IgYXMgYG92bi1jb250cm9sbGVyYCkuIE9uIGEgY29uZmlndXJhYmxlIGNhZGVuY2UgaXQ6CgoxLiBMaXN0cyBwb3J0cyBhdHRhY2hlZCB0byBgYnItaW50YC4KMi4gSW50ZXJzZWN0cyB3aXRoIEludGVyZmFjZSByb3dzIHRoYXQgaGF2ZSBgZXh0ZXJuYWxfaWRzOmlmYWNlLWlkYCBzZXQgKE5ldXRyb24gVklGcyBvbmx5IOKAlCBuZXZlciB0b3VjaGVzIHVwbGlua3MsIGJvbmQgbWVtYmVycywgcGF0Y2ggcG9ydHMpLgozLiBNYXJrcyBhbiBpbnRlcmZhY2UgYXMgYSAqY2FuZGlkYXRlKiBpZiBpdHMgYEludGVyZmFjZS5lcnJvcmAgY29sdW1uIGlzIG5vbi1lbXB0eSAodHlwaWNhbDogYGNvdWxkIG5vdCBvcGVuIG5ldHdvcmsgZGV2aWNlIHRhcFhYWFggKE5vIHN1Y2ggZGV2aWNlKWApICoqb3IqKiB0aGUga2VybmVsIG5ldGRldiBpcyBub3QgdmlzaWJsZSB0byBgaXAgbGlua2AuCjQuIENvbmZpcm1zIGEgY2FuZGlkYXRlIG9ubHkgYWZ0ZXIgYE1JTl9TVEFMRV9PQlNFUlZBVElPTlNgIGNvbnNlY3V0aXZlIGN5Y2xlcyAoZGVmYXVsdDogMikg4oCUIGd1YXJkcyBhZ2FpbnN0IHRoZSByYWNlIHdoZXJlIHRoZSBOZXV0cm9uIE9WUyBhZ2VudCBoYXMgY3JlYXRlZCB0aGUgcG9ydCBidXQgYGxpYnZpcnRgIGhhcyBub3QgeWV0IGNyZWF0ZWQgdGhlIHRhcCBkZXZpY2UuCjUuIENhbGxzIGBvdnMtdnNjdGwgLS1pZi1leGlzdHMgZGVsLXBvcnQgYnItaW50IDxpZmFjZT5gIGZvciBlYWNoIGNvbmZpcm1lZCBwb3J0LCBjYXBwZWQgYXQgYE1BWF9ERUxFVElPTlNfUEVSX0NZQ0xFYCBwZXIgcGFzcy4KCiMjIFNhZmV0eQoKLSAqKlZJRi1vbmx5IGZpbHRlcioqIOKAlCBvbmx5IHBvcnRzIHdpdGggYGV4dGVybmFsX2lkczppZmFjZS1pZGAgc2V0IGFyZSBjb25zaWRlcmVkLgotICoqQnJpZGdlLXNjb3BlZCoqIOKAlCBvbmx5IHBvcnRzIG9uIHRoZSBjb25maWd1cmVkIGludGVncmF0aW9uIGJyaWRnZSAoYGNvbmYub3ZuX2JyaWRnZWApLgotICoqVHdvLWN5Y2xlIGRlYm91bmNlKiog4oCUIGNvdmVycyB0aGUgYWdlbnQtY3JlYXRlcy1wb3J0LXRoZW4tbGlidmlydC1jcmVhdGVzLXRhcCByYWNlLgotICoqYGV4dGVybmFsX2lkczpza2lwX2NsZWFudXA9InRydWUiYCoqIG9wdC1vdXQsIG1hdGNoaW5nIE5ldXRyb24ncyBvd24gYE9WU0NsZWFudXBgIGNvbnZlbnRpb24uCi0gKipgTUFYX0RFTEVUSU9OU19QRVJfQ1lDTEU9MjAwYCoqIGNhcC4KLSAqKmBEUllfUlVOPTFgKiogbW9kZSBsb2dzIGNhbmRpZGF0ZXMgd2l0aG91dCBhY3RpbmcuCgojIyBDb25maWd1cmF0aW9uCgpgYGB5YW1sCmNvbmY6CiAgc3RhbGVfcG9ydF9jbGVhbnVwOgogICAgb3ZzX2RiX3NvY2tldDogL3J1bi9vcGVudnN3aXRjaC9kYi5zb2NrCiAgICBpbnRlcnZhbF9zZWNvbmRzOiAzNjAwCiAgICBtYXhfZGVsZXRpb25zX3Blcl9jeWNsZTogMjAwCiAgICBtaW5fc3RhbGVfb2JzZXJ2YXRpb25zOiAyCiAgICBkcnlfcnVuOiAwCgptYW5pZmVzdHM6CiAgZGFlbW9uc2V0X292bl9zdGFsZV9wb3J0X2NsZWFudXA6IHRydWUKYGBgCgpPcGVyYXRvcnMgcmVjb3ZlcmluZyBhbiBhbHJlYWR5LWRlZ3JhZGVkIGZsZWV0IG1heSB3YW50IHRvIHRlbXBvcmFyaWx5IHJhaXNlIGBtYXhfZGVsZXRpb25zX3Blcl9jeWNsZWAgZm9yIHRoZSBmaXJzdCBmZXcgY3ljbGVzLgoKIyMgVmFsaWRhdGlvbgoKLSBgaGVsbSB0ZW1wbGF0ZSBjaGFydHMvb3ZuYCByZW5kZXJzIGNsZWFubHkgKERhZW1vblNldCwgQ29uZmlnTWFwIGVudHJ5LCBTZXJ2aWNlQWNjb3VudCwgUm9sZSwgUm9sZUJpbmRpbmcpLgotIGBiYXNoIC1uYCBwYXNzZXMgb24gdGhlIHNjcmlwdC4KCiMjIEZpbGVzIGNoYW5nZWQKCi0gYGNoYXJ0cy9vdm4vdGVtcGxhdGVzL2Jpbi9fb3ZuLXN0YWxlLXBvcnQtY2xlYW51cC5zaC50cGxgIOKAlCBjbGVhbnVwIGxvb3AKLSBgY2hhcnRzL292bi90ZW1wbGF0ZXMvZGFlbW9uc2V0LW92bi1zdGFsZS1wb3J0LWNsZWFudXAueWFtbGAg4oCUIERhZW1vblNldCBtYW5pZmVzdAotIGBjaGFydHMvb3ZuL3RlbXBsYXRlcy9jb25maWdtYXAtYmluLnlhbWxgIOKAlCByZWdpc3RlciB0aGUgc2NyaXB0IGluIGBvdm4tYmluYAotIGBjaGFydHMvb3ZuL3ZhbHVlcy55YW1sYCDigJQgaW1hZ2UsIGxhYmVsLCBjb25mLCB0b2xlcmF0aW9ucywgcmVzb3VyY2VzLCBkZXBlbmRlbmN5LCBtYW5pZmVzdCB0b2dnbGUKLSBgcmVsZWFzZW5vdGVzL25vdGVzL2FkZC1vdm4tc3RhbGUtcG9ydC1jbGVhbnVwLTNhOWYxYzhiMmQ0ZTdmMTAueWFtbGAg4oCUIHJlbm8gbm90ZQoKIyMgRm9sbG93LXVwcyAobm90IGluIHRoaXMgUFIpCgotIFByb21ldGhldXMgdGV4dGZpbGUgbWV0cmljIChgb3ZuX3N0YWxlX3BvcnRzX3JlbW92ZWRfdG90YWxgKSBzbyB3ZSBjYW4gYWxlcnQgaWYgdGhlIHJhdGUgc3Bpa2VzLgotIE1vbGVjdWxlIHRlc3QgZXhlcmNpc2luZyB0aGUgc2NyaXB0IGFnYWluc3QgYSBmYWtlIE9WU0RCLgo= patchset: 9257e92451a28029dc05b052d03f68e069305313 pipeline: check playbook_context: playbook_projects: trusted/project_0/github.com/vexxhost/zuul-config: canonical_name: github.com/vexxhost/zuul-config checkout: main commit: 298983cd1253e6833abdb49d87d912527e0e6597 trusted/project_1/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 79fe3eb1d01f8ac5739b0b7bc4759c407b6e248d trusted/project_2/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_0/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_1/github.com/vexxhost/zuul-config: canonical_name: github.com/vexxhost/zuul-config checkout: main commit: 298983cd1253e6833abdb49d87d912527e0e6597 untrusted/project_2/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 79fe3eb1d01f8ac5739b0b7bc4759c407b6e248d untrusted/project_3/github.com/vexxhost/atmosphere: canonical_name: github.com/vexxhost/atmosphere checkout: main commit: 288ebc1a86bec4cd82117ed7e84cc7d3da4da450 untrusted/project_4/opendev.org/openstack/openstack-helm: canonical_name: opendev.org/openstack/openstack-helm checkout: master commit: 61cd74b33d23dc75e95774b9e7444b391877734f playbooks: - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/run.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/playbook_0/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/playbook_0/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/playbook_0/role_2/zuul-jobs/roles post_playbooks: - path: untrusted/project_3/github.com/vexxhost/atmosphere/test-playbooks/molecule/post.yml roles: - checkout: main checkout_description: playbook branch link_name: ansible/post_playbook_0/role_0/atmosphere link_target: untrusted/project_3/github.com/vexxhost/atmosphere role_path: ansible/post_playbook_0/role_0/atmosphere/roles - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_0/role_1/openstack-helm link_target: untrusted/project_4/opendev.org/openstack/openstack-helm role_path: ansible/post_playbook_0/role_1/openstack-helm/roles - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_0/role_3/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_0/role_3/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_0/role_4/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_0/role_4/zuul-jobs/roles - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/post.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_1/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_1/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_1/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_1/role_2/zuul-jobs/roles - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/post-logs.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/post_playbook_2/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/post_playbook_2/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/post_playbook_2/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/post_playbook_2/role_2/zuul-jobs/roles pre_playbooks: - path: trusted/project_0/github.com/vexxhost/zuul-config/playbooks/base/pre.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_0/role_1/zuul-jobs link_target: trusted/project_1/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/pre_playbook_0/role_2/zuul-jobs link_target: trusted/project_2/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_0/role_2/zuul-jobs/roles - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/pre.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_1/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_1/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/pre_playbook_1/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_1/role_2/zuul-jobs/roles - path: untrusted/project_3/github.com/vexxhost/atmosphere/test-playbooks/molecule/pre.yml roles: - checkout: main checkout_description: playbook branch link_name: ansible/pre_playbook_2/role_0/atmosphere link_target: untrusted/project_3/github.com/vexxhost/atmosphere role_path: ansible/pre_playbook_2/role_0/atmosphere/roles - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_2/role_1/openstack-helm link_target: untrusted/project_4/opendev.org/openstack/openstack-helm role_path: ansible/pre_playbook_2/role_1/openstack-helm/roles - checkout: master checkout_description: project default branch link_name: ansible/pre_playbook_2/role_3/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/pre_playbook_2/role_3/zuul-jobs/roles - checkout: main checkout_description: zuul branch link_name: ansible/pre_playbook_2/role_4/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/pre_playbook_2/role_4/zuul-jobs/roles post_review: false post_timeout: null pre_timeout: null project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere projects: github.com/vexxhost/atmosphere: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere checkout: main checkout_description: zuul branch commit: 288ebc1a86bec4cd82117ed7e84cc7d3da4da450 name: vexxhost/atmosphere required: false short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere ref: refs/pull/3904/head resources: {} tenant: oss timeout: 7200 topic: null voting: true