Bug 1979300
| Summary: | Upgrading from 4.7.11 to 4.8.0: Saw HybridOverlay logical router policies getting created without any existing hybridoverlay configuration | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Surya Seetharaman <surya> |
| Component: | Networking | Assignee: | Surya Seetharaman <surya> |
| Networking sub component: | ovn-kubernetes | QA Contact: | Anurag saxena <anusaxen> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | bbennett, zzhao |
| Version: | 4.8 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.9.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-18 17:38:02 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Comment 3
Surya Seetharaman
2021-07-06 05:58:02 UTC
(In reply to Surya Seetharaman from comment #3) > Seems like the Hybird Overlay flag is enabled by default: > https://github.com/openshift/cluster-network-operator/blob/ > 6b85589493bb5ef25e9a75c4d19513009f1ce9e6/bindata/network/ovn-kubernetes/004- > config.yaml#L33 but no CIDRs need to be set necessarily? I still don't > understand what this feature does. Okay its not enabled by default: https://github.com/openshift/cluster-network-operator/blob/1808251ababd4b60002d424bbccad2203609567d/pkg/network/ovn_kubernetes.go#L104-L120 On a default config cluster: I0706 06:03:26.897124 3686 config.go:1455] Parsed config: {Default:{MTU:1360 ConntrackZone:64000 EncapType:geneve EncapIP: EncapPort:6081 InactivityProbe:100000 OpenFlowProbe:180 RawClusterSubnets:10.128.0.0/16/23 ClusterSubnets:[]} Logging:{File: CNIFile: Level:4 LogFileMaxSize:100 LogFileMaxBackups:5 LogFileMaxAge:5 ACLLoggingRateLimit:20} Monitoring:{RawNetFlowTargets: RawSFlowTargets: RawIPFIXTargets: NetFlowTargets:[] SFlowTargets:[] IPFIXTargets:[]} CNI:{ConfDir:/etc/cni/net.d Plugin:ovn-k8s-cni-overlay} OVNKubernetesFeature:{EnableEgressIP:true EnableEgressFirewall:true} Kubernetes:{Kubeconfig: CACert: APIServer:https://api-int.ci-ln-7zfsdb2-f76d1.origin-ci-int-gce.dev.openshift.com:6443 Token: CompatServiceCIDR: RawServiceCIDRs:172.30.0.0/16 ServiceCIDRs:[] OVNConfigNamespace:openshift-ovn-kubernetes MetricsBindAddress: OVNMetricsBindAddress: MetricsEnablePprof:false OVNEmptyLbEvents:false PodIP: RawNoHostSubnetNodes: NoHostSubnetNodes:nil HostNetworkNamespace:openshift-host-network} OvnNorth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: northbound:false exec:<nil>} OvnSouth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: northbound:false exec:<nil>} Gateway:{Mode:local Interface: NextHop: VLANID:0 NodeportEnable:true DisableSNATMultipleGWs:false V4JoinSubnet:100.64.0.0/16 V6JoinSubnet:fd98::/64 DisablePacketMTUCheck:false} MasterHA:{ElectionLeaseDuration:60 ElectionRenewDeadline:30 ElectionRetryPeriod:20} HybridOverlay:{Enabled:false RawClusterSubnets: ClusterSubnets:[] VXLANPort:4789} OvnKubeNode:{Mode:full}} Looks like the upgrade test cluster had this enabled.
>
> Looks like the upgrade test cluster had this enabled.
hybridOverlayConfig: {}
This in itself makes it enabled.
https://github.com/ovn-org/ovn-kubernetes/pull/2314 upstream fix posted. Upstream fixed is merged, waiting for the cherry-pick process to downstream. Downstream cherry-pick merged. Moving to modified. verified this bug on 4.9.0-0.nightly-2021-08-03-200806
steps:
prepare install-config.yaml with OVNKubernetes
1. Create manifests with below:
openshift-install create manifests
2. Create the following file
cat <<EOF > manifests/cluster-network-03-config.yml
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
defaultNetwork:
ovnKubernetesConfig:
hybridOverlayConfig: {}
EOF
3. create the cluster
/openshift-install create cluster --log-level debug
4. After the cluster is running and check no error logs in ovn-controller logs
for i in $(oc get pod -n openshift-ovn-kubernetes -l app=ovnkube-node --no-headers | awk '{ print $1}') ; do oc logs $i -n openshift-ovn-kubernetes -c ovn-controller | grep -i error ; done
5. and also check no related lr-policy
oc rsh -n openshift-ovn-kubernetes ovnkube-master-tg7kt
Defaulting container name to northd.
Use 'oc describe pod/ovnkube-master-tg7kt -n openshift-ovn-kubernetes' to see all of the containers in this pod.
sh-4.4# ovn-nbctl lr-policy-list ovn_cluster_router | grep 1002
sh-4.4# exit
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759 |