Skip to content

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs#1558

Merged
openshift-merge-robot merged 4 commits intoopenshift:release-4.13from
npinaeva:ocpbugs-ocpbugs-8471
Mar 8, 2023
Merged

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs#1558
openshift-merge-robot merged 4 commits intoopenshift:release-4.13from
npinaeva:ocpbugs-ocpbugs-8471

Conversation

@npinaeva
Copy link
Copy Markdown
Contributor

@npinaeva npinaeva commented Mar 7, 2023
edited
Loading

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-kubernetes/ovn-kubernetes#3464, ovn-kubernetes/ovn-kubernetes#3466
no conflicts

@npinaeva
Add egress firewall external id to make name+externalIDs unique even
d74d6ea 
when the acl name is cropped. That happens when namespace name is
longer than 43 symbols.

Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
(cherry picked from commit dafe82b)
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Mar 7, 2023
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 7, 2023

@npinaeva: This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected Jira Issue OCPBUGS-8471 to depend on a bug targeting a version in 4.14.0 and in one of the following states: MODIFIED, ON_QA, VERIFIED, but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-kubernetes/ovn-kubernetes#3464
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from JacobTanenbaum and abhat March 7, 2023 10:26
@npinaeva
Copy link
Copy Markdown
Contributor Author

npinaeva commented Mar 7, 2023

/jira refresh

@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 7, 2023

@npinaeva: This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8397 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tssurya added 3 commits March 7, 2023 16:01
@tssurya @npinaeva
Add test to showcase syncEgressFirewall isn't truncating ACL names
e6a85ac 
This commit adds a test to showcase that
since syncEgressFirewall isn't calling libovsdbops.BuildACL
directly, we are not truncating ACL names.

Note that we really need https://github.com/ovn-org/libovsdb/issues/338
for our test server to start screaming for long names.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
(cherry picked from commit d996d0e)
@tssurya @npinaeva
Fix syncEgressFirewall to truncate ACL names
22adda1 
This commit ensures we truncate names as a precaution
also in CreateOrUpdateACLsOps so that our bases are
covered since not all code snippets call BuildACL
directly

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
(cherry picked from commit 7bfe50e)
@tssurya @npinaeva
Don't recreate clusterPGs and clusterRtrPGs unless needed
7c153b3 
In SetupMaster, we always call CreateOrUpdatePortGroupsOps
with empty ACLs and PGs for the cluster-wide port group
and cluster-wide-router-PG. This is disruptive during
upgrades since momentarily all efw ACLs and multicast ACLs
will be wiped out.

This commit changes this to first check if the PG already exists,
if then no need to do anything.
Each of those features are responsible for ensuring ACLs, Ports
are good on those PGs they own.

NOTE: This bug was an issue for multicast and started being an
issue for egf from ovn-kubernetes/ovn-kubernetes@bd29f41
Before that we didn't have ACLs on cluster wide PG.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
(cherry picked from commit 935bc55)
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 7, 2023

@npinaeva: This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8397 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-kubernetes/ovn-kubernetes#3464, ovn-kubernetes/ovn-kubernetes#3466
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva npinaeva mentioned this pull request Mar 7, 2023
Merged
@tssurya
Copy link
Copy Markdown
Contributor

tssurya commented Mar 7, 2023

/retitle OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

@openshift-ci openshift-ci bot changed the title OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique Mar 7, 2023
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. label Mar 7, 2023
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 7, 2023

@npinaeva: This pull request references Jira Issue OCPBUGS-8504, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8222 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8505, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8464 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8397 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-kubernetes/ovn-kubernetes#3464, ovn-kubernetes/ovn-kubernetes#3466
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya
Copy link
Copy Markdown
Contributor

tssurya commented Mar 7, 2023

/retitle OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs

@openshift-ci openshift-ci bot changed the title OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs Mar 7, 2023
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tssurya
tssurya approved these changes Mar 7, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@tssurya tssurya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; waiting on CI

@trozet
Copy link
Copy Markdown
Contributor

trozet commented Mar 7, 2023

/approve

@trozet
Copy link
Copy Markdown
Contributor

trozet commented Mar 7, 2023

/lgtm

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 7, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: npinaeva, trozet, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 7, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 7, 2023
@dcbw
Copy link
Copy Markdown
Contributor

dcbw commented Mar 7, 2023

/retest-required

infra problems all around
baremetalds: Failed to create ci resource: ipi-ci-op-1mgt4qkg-472d2-1633121276383989760
msg=Error: creating EC2 Instance: InvalidParameterValue: Value (ci-op-1mgt4qkg-0e24b-hcvnc-bootstrap-profile) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name

@trozet
Copy link
Copy Markdown
Contributor

trozet commented Mar 7, 2023

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Mar 7, 2023
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci bot commented Mar 8, 2023

@npinaeva: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-ovn-hybrid-step-registry 7c153b3 link false /test e2e-ovn-hybrid-step-registry

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@mffiedler
Copy link
Copy Markdown

mffiedler commented Mar 8, 2023

/label cherry-pick-approved
/label qe-approved

@openshift-ci openshift-ci bot added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. qe-approved Signifies that QE has signed off on this PR labels Mar 8, 2023
@npinaeva
Copy link
Copy Markdown
Contributor Author

npinaeva commented Mar 8, 2023

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Mar 8, 2023
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 8, 2023

@npinaeva: This pull request references Jira Issue OCPBUGS-8504, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-8222 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-8222 targets the "4.14.0" version, which is one of the valid target versions: 4.14.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8505, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-8464 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-8464 targets the "4.14.0" version, which is one of the valid target versions: 4.14.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8471, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-8397 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-8397 targets the "4.14.0" version, which is one of the valid target versions: 4.14.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Mar 8, 2023
@openshift-ci openshift-ci bot requested a review from anuragthehatter March 8, 2023 13:18
@npinaeva
Copy link
Copy Markdown
Contributor Author

npinaeva commented Mar 8, 2023

/tide refresh

@openshift-merge-robot openshift-merge-robot merged commit 5c534b9 into openshift:release-4.13 Mar 8, 2023
@openshift-ci-robot
Copy link
Copy Markdown
Contributor

openshift-ci-robot commented Mar 8, 2023

@npinaeva: Jira Issue OCPBUGS-8504: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-8504 has been moved to the MODIFIED state.

Jira Issue OCPBUGS-8505: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-8505 has been moved to the MODIFIED state.

Jira Issue OCPBUGS-8471: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-8471 has been moved to the MODIFIED state.

Details

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-kubernetes/ovn-kubernetes#3464, ovn-kubernetes/ovn-kubernetes#3466
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva npinaeva deleted the ocpbugs-ocpbugs-8471 branch March 8, 2023 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abhat abhat Awaiting requested review from abhat

@JacobTanenbaum JacobTanenbaum Awaiting requested review from JacobTanenbaum

@anuragthehatter anuragthehatter Awaiting requested review from anuragthehatter

1 more reviewer

@tssurya tssurya tssurya approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@mffiedler mffiedler

@rbbratta rbbratta

@trozet trozet

@weliang1 weliang1

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@asood-rh asood-rh

@jechen0648 jechen0648

@yingwang-0320 yingwang-0320

@qiowang721 qiowang721

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.