From e3461e18329ccd83cfc533f6324ff7a108b9a633 Mon Sep 17 00:00:00 2001
From: Zhecheng Li <lzhecheng@vmware.com>
Date: Tue, 25 Aug 2020 10:57:37 +0800
Subject: [PATCH] Upgrade OVS to 2.14.0 (#1121)

* Upgrade OVS version in repo to 2.14.0
* Reorganize apply-patches.sh
---
 .github/workflows/update_ovs_image.yml |  2 +-
 build/images/Dockerfile.build.ubuntu   |  2 +-
 build/images/Dockerfile.ubuntu         |  2 +-
 build/images/base/Dockerfile           |  2 +-
 build/images/base/build_and_push.sh    |  2 +-
 build/images/ovs/Dockerfile            |  2 +-
 build/images/ovs/README.md             |  2 +-
 build/images/ovs/apply-patches.sh      | 58 +++++++++++++-------------
 build/images/ovs/build_and_push.sh     |  2 +-
 build/images/test/Dockerfile           |  2 +-
 ci/jenkins/README.md                   |  2 +
 hack/windows/Install-OVS.ps1           |  4 +-
 12 files changed, 43 insertions(+), 39 deletions(-)

diff --git a/.github/workflows/update_ovs_image.yml b/.github/workflows/update_ovs_image.yml
index 519c029aaec..698f1b55de4 100644
--- a/.github/workflows/update_ovs_image.yml
+++ b/.github/workflows/update_ovs_image.yml
@@ -15,7 +15,7 @@ jobs:
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        OVS_VERSION: 2.13.1
+        OVS_VERSION: 2.14.0
       run: |
         cd build/images/ovs/
         docker pull antrea/openvswitch-debs:$OVS_VERSION || true
diff --git a/build/images/Dockerfile.build.ubuntu b/build/images/Dockerfile.build.ubuntu
index 21bcdccceae..c915b7e9272 100644
--- a/build/images/Dockerfile.build.ubuntu
+++ b/build/images/Dockerfile.build.ubuntu
@@ -11,7 +11,7 @@ COPY . /antrea
 RUN make antrea-agent antrea-controller antrea-cni antctl-ubuntu
 
 
-FROM antrea/base-ubuntu:2.13.1
+FROM antrea/base-ubuntu:2.14.0
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
 LABEL description="The Docker image to deploy the Antrea CNI. "
diff --git a/build/images/Dockerfile.ubuntu b/build/images/Dockerfile.ubuntu
index e68771b072c..51be539e61a 100644
--- a/build/images/Dockerfile.ubuntu
+++ b/build/images/Dockerfile.ubuntu
@@ -1,4 +1,4 @@
-FROM antrea/base-ubuntu:2.13.1
+FROM antrea/base-ubuntu:2.14.0
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
 LABEL description="The Docker image to deploy the Antrea CNI. "
diff --git a/build/images/base/Dockerfile b/build/images/base/Dockerfile
index d41bca8c176..ca11a7f9078 100644
--- a/build/images/base/Dockerfile
+++ b/build/images/base/Dockerfile
@@ -1,4 +1,4 @@
-ARG OVS_VERSION=2.13.1
+ARG OVS_VERSION=2.14.0
 FROM ubuntu:20.04 as cni-binaries
 
 RUN apt-get update && \
diff --git a/build/images/base/build_and_push.sh b/build/images/base/build_and_push.sh
index c38eeb6da8a..1bfc4da1819 100755
--- a/build/images/base/build_and_push.sh
+++ b/build/images/base/build_and_push.sh
@@ -24,7 +24,7 @@ function echoerr {
 }
 
 if [ -z "$OVS_VERSION" ]; then
-    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.1)"
+    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.14.0)"
     exit 1
 fi
 
diff --git a/build/images/ovs/Dockerfile b/build/images/ovs/Dockerfile
index fa118698f7a..9288c827995 100644
--- a/build/images/ovs/Dockerfile
+++ b/build/images/ovs/Dockerfile
@@ -1,7 +1,7 @@
 FROM ubuntu:20.04 as ovs-debs
 
 # Some patches may not apply cleanly if another version is provided.
-ARG OVS_VERSION=2.13.1
+ARG OVS_VERSION=2.14.0
 
 # Install dependencies for building OVS deb packages
 # We only install python3 packages and we only support building OVS >= 2.13.0.
diff --git a/build/images/ovs/README.md b/build/images/ovs/README.md
index db88c972239..8a4edcaab3f 100644
--- a/build/images/ovs/README.md
+++ b/build/images/ovs/README.md
@@ -19,7 +19,7 @@ directory. For example:
 
 ```bash
 cd build/images/ovs
-OVS_VERSION=2.13.1 ./build_and_push.sh
+OVS_VERSION=2.14.0 ./build_and_push.sh
 ```
 
 The image will be pushed to Dockerhub as `antrea/openvswitch:$OVS_VERSION`.
diff --git a/build/images/ovs/apply-patches.sh b/build/images/ovs/apply-patches.sh
index 1070203e10a..c3c0605f17f 100755
--- a/build/images/ovs/apply-patches.sh
+++ b/build/images/ovs/apply-patches.sh
@@ -35,8 +35,8 @@ function version_let() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" == "
 # greater than or equal to
 function version_get() { test "$(printf '%s\n' "$@" | sort -rV | head -n 1)" == "$1"; }
 
-if version_lt "$OVS_VERSION" "2.13.0" || version_gt "$OVS_VERSION" "2.13.1"; then
-    echoerr "OVS_VERSION $OVS_VERSION is not supported (must be >= 2.13.0 and <= 2.13.1)"
+if version_lt "$OVS_VERSION" "2.13.0" || version_gt "$OVS_VERSION" "2.14.0"; then
+    echoerr "OVS_VERSION $OVS_VERSION is not supported (must be >= 2.13.0 and <= 2.14.0)"
     exit 1
 fi
 
@@ -44,39 +44,41 @@ fi
 # merge, we will need to clone the repository with git instead of downloading a
 # release tarball (see Dockerfile).
 
-# These 2 patches (post 2.13.x) ensures that datapath flows are not deleted on
-# ovs-vswitchd exit by default. Antrea relies on this to support hitless upgrade
-# of the Agent DaemonSet.
-# The second patch depends on the first one.
-curl https://github.com/openvswitch/ovs/commit/586cd3101e7fda54d14fb5bf12d847f35d968627.patch | \
-    git apply
-# We exclude 2 files which are likely to cause conflicts.
-curl https://github.com/openvswitch/ovs/commit/79eadafeb1b47a3871cb792aa972f6e4d89d1a0b.patch | \
-    git apply --exclude NEWS --exclude vswitchd/ovs-vswitchd.8.in
-
-# This patch (post 2.13.x) ensures that ovs-vswitchd does not delete datapath
-# ports on exit.
-curl https://github.com/openvswitch/ovs/commit/7cc77b301f80a63cd4893198d82be0eef303f731.patch | \
-    git apply
-
 # This patch (post 2.13.0) ensures that ct_nw_src/ct_nw_dst supports IP Mask.
 if version_let "$OVS_VERSION" "2.13.0"; then
     curl https://github.com/openvswitch/ovs/commit/1740aaf49dad6f533705dc3dce8d955a1840052a.patch | \
         git apply
 fi
 
-# These patches (post 2.13.x) are needed to fix the debian build on Ubuntu 20.04.
-curl https://github.com/openvswitch/ovs/commit/c101cd4171cfe04e214f858b4bbe089e56f13f9b.patch | \
-    git apply
-curl https://github.com/openvswitch/ovs/commit/3c18bb0fe9f23308061217f72e2245f0e311b20b.patch | \
-    git apply
-curl https://github.com/openvswitch/ovs/commit/fe175ac17352ceb2dbc9958112b4b1bc114d82f0.patch | \
-    git apply
+if version_get "$OVS_VERSION" "2.13.0" && version_lt "$OVS_VERSION" "2.14.0" ; then
+    # These 2 patches (post 2.13.x) ensures that datapath flows are not deleted on
+    # ovs-vswitchd exit by default. Antrea relies on this to support hitless upgrade
+    # of the Agent DaemonSet.
+    # The second patch depends on the first one.
+    curl https://github.com/openvswitch/ovs/commit/586cd3101e7fda54d14fb5bf12d847f35d968627.patch | \
+        git apply
+    # We exclude 2 files which are likely to cause conflicts.
+    curl https://github.com/openvswitch/ovs/commit/79eadafeb1b47a3871cb792aa972f6e4d89d1a0b.patch | \
+        git apply --exclude NEWS --exclude vswitchd/ovs-vswitchd.8.in
+
+    # This patch (post 2.13.x) ensures that ovs-vswitchd does not delete datapath
+    # ports on exit.
+    curl https://github.com/openvswitch/ovs/commit/7cc77b301f80a63cd4893198d82be0eef303f731.patch | \
+        git apply
 
-# The OVS ovs-monitor-ipsec script has a Python3 shebang but still includes some Python2-specific code.
-# Until the patch which fixes the script is merged upstream, we apply it here, or Antrea IPsec support will be broken.
-curl https://github.com/lzhecheng/ovs/commit/869b06356e389079861962160e864df609d033e5.patch | \
-    git apply
+    # These patches (post 2.13.x) are needed to fix the debian build on Ubuntu 20.04.
+    curl https://github.com/openvswitch/ovs/commit/c101cd4171cfe04e214f858b4bbe089e56f13f9b.patch | \
+        git apply
+    curl https://github.com/openvswitch/ovs/commit/3c18bb0fe9f23308061217f72e2245f0e311b20b.patch | \
+        git apply
+    curl https://github.com/openvswitch/ovs/commit/fe175ac17352ceb2dbc9958112b4b1bc114d82f0.patch | \
+        git apply
+
+    # The OVS ovs-monitor-ipsec script has a Python3 shebang but still includes some Python2-specific code.
+    # Until the patch which fixes the script is merged upstream, we apply it here, or Antrea IPsec support will be broken.
+    curl https://github.com/openvswitch/ovs/commit/8a09c2590ef2ea0edc250ec46e3d41bd5874b4ab.patch | \
+        git apply
+fi
 
 # OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location
 # does not seem to be in the Python path in Ubuntu 20.04. There may be a better way to do this,
diff --git a/build/images/ovs/build_and_push.sh b/build/images/ovs/build_and_push.sh
index f0ee2c04e10..8a448d03277 100755
--- a/build/images/ovs/build_and_push.sh
+++ b/build/images/ovs/build_and_push.sh
@@ -24,7 +24,7 @@ function echoerr {
 }
 
 if [ -z "$OVS_VERSION" ]; then
-    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.1)"
+    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.14.0)"
     exit 1
 fi
 
diff --git a/build/images/test/Dockerfile b/build/images/test/Dockerfile
index da60932669c..33dbb911236 100644
--- a/build/images/test/Dockerfile
+++ b/build/images/test/Dockerfile
@@ -1,4 +1,4 @@
-FROM antrea/openvswitch:2.13.1
+FROM antrea/openvswitch:2.14.0
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
 LABEL description="A Docker image for antrea integration tests."
diff --git a/ci/jenkins/README.md b/ci/jenkins/README.md
index 7b44ad19243..ffe79b138a9 100644
--- a/ci/jenkins/README.md
+++ b/ci/jenkins/README.md
@@ -42,6 +42,8 @@ should be deleted. This ensures that all tests are run on a clean testbed.
 * Jenkins jobs validator [gated check-in]: this job only executes for PRs that include changes to
   [ci/jenkins/jobs](/ci/jenkins/jobs). It validates the syntax of the jenkins jobs'
   configuration.
+* Jenkins Windows OVS validator: this job only executes for PRs that include changes to [hack/windows/Install-OVS.ps1](hack/windows/Install-OVS.ps1). It validates
+  if Windows OVS can be installed correctly.
 * [EKS conformance/network policy [bi-daily]](http://jenkins.antrea-ci.rocks/view/cloud/job/cloud-antrea-eks-conformance-net-policy/)
   community tests on EKS cluster using sonobuoy, focusing on "Conformance" and "Feature:NetworkPolicy", skipping the same regexes as in job __conformance__ above, as well as "NodePort" (See [#690](https://github.com/vmware-tanzu/antrea/issues/690)).\
   Current test environment matrix:
diff --git a/hack/windows/Install-OVS.ps1 b/hack/windows/Install-OVS.ps1
index c371f52a9f1..b2c9e8d2478 100644
--- a/hack/windows/Install-OVS.ps1
+++ b/hack/windows/Install-OVS.ps1
@@ -8,8 +8,8 @@ $ErrorActionPreference = "Stop"
 # TODO: set up HTTPS so that the archive can be downloaded securely. In the
 # meantime, we use a SHA256 hash to ensure that the downloaded archive is
 # correct.
-$OVSDownloadURL = "http://downloads.antrea.io/ovs/ovs-2.13.1-antrea.1-win64.zip"
-$OVSPublishedHash = '83AA08526D947B08A952339B849441D4896AAB7437B4101CFBCE1130888FF459'
+$OVSDownloadURL = "http://downloads.antrea.io/ovs/ovs-2.14.0-antrea.1-win64.zip"
+$OVSPublishedHash = 'E81800A6B8E157C948BAE548E5AFB425B2AD98CE18BC8C6148AB5B7F81E76B7D'
 $OVSDownloadDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)
 $InstallLog = "$OVSDownloadDir\install.log"
 $OVSZip = "$OVSDownloadDir\ovs-win64.zip"