Bug 1979300 - Upgrading from 4.7.11 to 4.8.0: Saw HybridOverlay logical router policies getting created without any existing hybridoverlay configuration
Summary: Upgrading from 4.7.11 to 4.8.0: Saw HybridOverlay logical router policies get...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.9.0
Assignee: Surya Seetharaman
QA Contact: Anurag saxena
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-07-05 14:24 UTC by Surya Seetharaman
Modified: 2021-10-18 17:38 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-18 17:38:02 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift ovn-kubernetes pull 609 0 None closed Merge 2021-07-18 2021-07-23 09:54:40 UTC
Github ovn-org ovn-kubernetes pull 2314 0 None closed Add hbo-lr-policy only if config.HybridOverlay.ClusterSubnets is set 2021-07-14 19:05:51 UTC
Red Hat Product Errata RHSA-2021:3759 0 None None None 2021-10-18 17:38:16 UTC

Comment 3 Surya Seetharaman 2021-07-06 05:58:02 UTC 
Seems like the Hybird Overlay flag is enabled by default: https://github.com/openshift/cluster-network-operator/blob/6b85589493bb5ef25e9a75c4d19513009f1ce9e6/bindata/network/ovn-kubernetes/004-config.yaml#L33 but no CIDRs need to be set necessarily? I still don't understand what this feature does.
Comment 4 Surya Seetharaman 2021-07-06 07:03:26 UTC 
(In reply to Surya Seetharaman from comment #3)
> Seems like the Hybird Overlay flag is enabled by default:
> https://github.com/openshift/cluster-network-operator/blob/
> 6b85589493bb5ef25e9a75c4d19513009f1ce9e6/bindata/network/ovn-kubernetes/004-
> config.yaml#L33 but no CIDRs need to be set necessarily? I still don't
> understand what this feature does.

Okay its not enabled by default: https://github.com/openshift/cluster-network-operator/blob/1808251ababd4b60002d424bbccad2203609567d/pkg/network/ovn_kubernetes.go#L104-L120

On a default config cluster:

I0706 06:03:26.897124    3686 config.go:1455] Parsed config: {Default:{MTU:1360 ConntrackZone:64000 EncapType:geneve EncapIP: EncapPort:6081 InactivityProbe:100000 OpenFlowProbe:180 RawClusterSubnets:10.128.0.0/16/23 ClusterSubnets:[]} Logging:{File: CNIFile: Level:4 LogFileMaxSize:100 LogFileMaxBackups:5 LogFileMaxAge:5 ACLLoggingRateLimit:20} Monitoring:{RawNetFlowTargets: RawSFlowTargets: RawIPFIXTargets: NetFlowTargets:[] SFlowTargets:[] IPFIXTargets:[]} CNI:{ConfDir:/etc/cni/net.d Plugin:ovn-k8s-cni-overlay} OVNKubernetesFeature:{EnableEgressIP:true EnableEgressFirewall:true} Kubernetes:{Kubeconfig: CACert: APIServer:https://api-int.ci-ln-7zfsdb2-f76d1.origin-ci-int-gce.dev.openshift.com:6443 Token: CompatServiceCIDR: RawServiceCIDRs:172.30.0.0/16 ServiceCIDRs:[] OVNConfigNamespace:openshift-ovn-kubernetes MetricsBindAddress: OVNMetricsBindAddress: MetricsEnablePprof:false OVNEmptyLbEvents:false PodIP: RawNoHostSubnetNodes: NoHostSubnetNodes:nil HostNetworkNamespace:openshift-host-network} OvnNorth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: northbound:false exec:<nil>} OvnSouth:{Address: PrivKey: Cert: CACert: CertCommonName: Scheme: northbound:false exec:<nil>} Gateway:{Mode:local Interface: NextHop: VLANID:0 NodeportEnable:true DisableSNATMultipleGWs:false V4JoinSubnet:100.64.0.0/16 V6JoinSubnet:fd98::/64 DisablePacketMTUCheck:false} MasterHA:{ElectionLeaseDuration:60 ElectionRenewDeadline:30 ElectionRetryPeriod:20} HybridOverlay:{Enabled:false RawClusterSubnets: ClusterSubnets:[] VXLANPort:4789} OvnKubeNode:{Mode:full}}

Looks like the upgrade test cluster had this enabled.
Comment 5 Surya Seetharaman 2021-07-06 07:06:07 UTC 
> 
> Looks like the upgrade test cluster had this enabled.

hybridOverlayConfig: {}

This in itself makes it enabled.
Comment 6 Surya Seetharaman 2021-07-06 08:06:52 UTC 
https://github.com/ovn-org/ovn-kubernetes/pull/2314

upstream fix posted.
Comment 7 Surya Seetharaman 2021-07-14 19:05:24 UTC 
Upstream fixed is merged, waiting for the cherry-pick process to downstream.
Comment 9 Surya Seetharaman 2021-07-20 15:39:06 UTC 
Downstream cherry-pick merged. Moving to modified.
Comment 11 zhaozhanqi 2021-08-04 09:23:16 UTC 
verified this bug on 4.9.0-0.nightly-2021-08-03-200806

steps: 

prepare install-config.yaml with OVNKubernetes 
1. Create manifests with below:
 openshift-install create manifests

2. Create the following file

cat <<EOF > manifests/cluster-network-03-config.yml
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  defaultNetwork:
    ovnKubernetesConfig:
      hybridOverlayConfig: {}
       
EOF

3. create the cluster 

 /openshift-install create cluster --log-level debug

4. After the cluster is running and check no error logs in ovn-controller logs

for i in $(oc get pod -n openshift-ovn-kubernetes -l app=ovnkube-node --no-headers | awk '{ print $1}') ; do oc logs $i -n openshift-ovn-kubernetes -c ovn-controller | grep -i error ; done

5.  and also check no related lr-policy
oc rsh -n openshift-ovn-kubernetes ovnkube-master-tg7kt
Defaulting container name to northd.
Use 'oc describe pod/ovnkube-master-tg7kt -n openshift-ovn-kubernetes' to see all of the containers in this pod.
sh-4.4# ovn-nbctl lr-policy-list ovn_cluster_router | grep 1002
sh-4.4# exit
Comment 14 errata-xmlrpc 2021-10-18 17:38:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3759
Note You need to log in before you can comment on or make changes to this bug.