Bug 1979300
Summary: | Upgrading from 4.7.11 to 4.8.0: Saw HybridOverlay logical router policies getting created without any existing hybridoverlay configuration | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Surya Seetharaman <surya> |
Component: | Networking | Assignee: | Surya Seetharaman <surya> |
Networking sub component: | ovn-kubernetes | QA Contact: | Anurag saxena <anusaxen> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | high | CC: | bbennett, zzhao |
Version: | 4.8 | ||
Target Milestone: | --- | ||
Target Release: | 4.9.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-18 17:38:02 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Comment 3
Surya Seetharaman
2021-07-06 05:58:02 UTC
(In reply to Surya Seetharaman from comment #3) > Seems like the Hybird Overlay flag is enabled by default: > https://github.com/openshift/cluster-network-operator/blob/ > 6b85589493bb5ef25e9a75c4d19513009f1ce9e6/bindata/network/ovn-kubernetes/004- > config.yaml#L33 but no CIDRs need to be set necessarily? I still don't > understand what this feature does. Okay its not enabled by default: https://github.com/openshift/cluster-network-operator/blob/1808251ababd4b60002d424bbccad2203609567d/pkg/network/ovn_kubernetes.go#L104-L120 On a default config cluster: I0706 06:03:26.897124 3686 config.go:1455] Parsed config: {Default:{MTU:1360 ConntrackZone:64000 EncapType:geneve EncapIP: EncapPort:6081 InactivityProbe:100000 OpenFlowProbe:180 RawClusterSubnets:10.128.0.0/16/23 ClusterSubnets:[]} Logging:{File: CNIFile: Level:4 LogFileMaxSize:100 LogFileMaxBackups:5 LogFileMaxAge:5 ACLLoggingRateLimit:20} Monitoring:{RawNetFlowTargets: RawSFlowTargets: RawIPFIXTargets: NetFlowTargets:[] SFlowTargets:[] IPFIXTargets:[]} CNI:{ConfDir:/etc/cni/net.d Plugin:ovn-k8s-cni-overlay} OVNKubernetesFeature:{EnableEgressIP:true EnableEgressFirewall:true} Kubernetes:{Kubeconfig: CACert: APIServer:https://api-int.ci-ln-7zfsdb2-f76d1.origin-ci-int-gce.dev.openshift.com:6443 Token: CompatServiceCIDR: RawServiceCIDRs:172.30.0.0/16 ServiceCIDRs:[] OVNConfigNamespace:openshift-ovn-kubernetes MetricsBindAddress: OVNMetricsBindAddress: MetricsEnablePprof:false OVNEmptyLbEvents:false PodIP: RawNoHostSubnetNodes: NoHostSubnetNodes:nil HostNetworkNamespace:openshift-host-network} OvnNorth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: northbound:false exec:<nil>} OvnSouth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: northbound:false exec:<nil>} Gateway:{Mode:local Interface: NextHop: VLANID:0 NodeportEnable:true DisableSNATMultipleGWs:false V4JoinSubnet:100.64.0.0/16 V6JoinSubnet:fd98::/64 DisablePacketMTUCheck:false} MasterHA:{ElectionLeaseDuration:60 ElectionRenewDeadline:30 ElectionRetryPeriod:20} HybridOverlay:{Enabled:false RawClusterSubnets: ClusterSubnets:[] VXLANPort:4789} OvnKubeNode:{Mode:full}} Looks like the upgrade test cluster had this enabled.
>
> Looks like the upgrade test cluster had this enabled.
hybridOverlayConfig: {}
This in itself makes it enabled.
https://github.com/ovn-org/ovn-kubernetes/pull/2314 upstream fix posted. Upstream fixed is merged, waiting for the cherry-pick process to downstream. Downstream cherry-pick merged. Moving to modified. verified this bug on 4.9.0-0.nightly-2021-08-03-200806 steps: prepare install-config.yaml with OVNKubernetes 1. Create manifests with below: openshift-install create manifests 2. Create the following file cat <<EOF > manifests/cluster-network-03-config.yml apiVersion: operator.openshift.io/v1 kind: Network metadata: name: cluster spec: defaultNetwork: ovnKubernetesConfig: hybridOverlayConfig: {} EOF 3. create the cluster /openshift-install create cluster --log-level debug 4. After the cluster is running and check no error logs in ovn-controller logs for i in $(oc get pod -n openshift-ovn-kubernetes -l app=ovnkube-node --no-headers | awk '{ print $1}') ; do oc logs $i -n openshift-ovn-kubernetes -c ovn-controller | grep -i error ; done 5. and also check no related lr-policy oc rsh -n openshift-ovn-kubernetes ovnkube-master-tg7kt Defaulting container name to northd. Use 'oc describe pod/ovnkube-master-tg7kt -n openshift-ovn-kubernetes' to see all of the containers in this pod. sh-4.4# ovn-nbctl lr-policy-list ovn_cluster_router | grep 1002 sh-4.4# exit Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759 |