[release-4.18] OCPBUGS-62671: Fix EgressIP stale GARP post reboot + pod restart#2775
Conversation
openshift-ci-robot
added
jira/severity-important
|
@martinkennelly: This pull request references Jira Issue OCPBUGS-62671, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
do-not-merge/hold
|
@martinkennelly: This PR was included in a payload test run from openshift/machine-config-operator#5325
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/0d396b30-9f8c-11f0-90d0-4678c9c2c425-0 |
openshift-ci
bot
added
the
approved
Currently, we are force exiting with the trap before the background processes can end, container is removed and the orphaned processes end early causing our config to go into an unknown state because we dont end in an orderly manner. Wait until the pid file for ovnkube controller with node is removed which shows the process has completed. Signed-off-by: Martin Kennelly <mkennell@redhat.com> (cherry picked from commit 8b29419) (cherry picked from commit d65ec5c) (cherry picked from commit d3ae338)
Prevent ovn-controller from sending stale GARP by adding drop flows on external bridge patch ports until ovnkube-controller synchronizes the southbound database - henceforth known as "drop flows". This addresses race conditions where ovn-controller processes outdated SB DB state before ovnkube-controller updates it, particularly affecting EIP SNAT configurations attached to logical router ports. Fixes: https://issues.redhat.com/browse/FDP-1537 ovnkube-controller controls the lifecycle of the drop flows. ovs / ovn-controller running is required to configure external bridge. Downstream, the external bridge maybe precreated and ovn-controller will use this. This fix considers three primary scenarios: node, container and pod restart. On Node restart means the ovs flows installed priotior to reboot on the node are cleared but the external bridge exists. Add the flows before ovnkube controller with node starts. The reason to add it here is that our gateway code depends on ovn-controller started and running... There is now a race here between ovn-controller starting (and garping) before we set this flow but I think the risk is low however it needs serious testing. The reason I did not naturally at the drop flows before ovn-controller started is because I have no way to detect if its a node reboot or pod reboot and i dont want to inject drop flows for simple ovn-controller container restart which could disrupt traffic. ovnkube-controller starts, we create a new gateway and apply flows the same flows in-order to ensure we always drop GARP when ovnkube controller hasn't sync. Remove the flows when ovnkube-controller has syncd. There is also a race here between ovnkube-controller removing the flows and ovn-controller GARPing with stale SB DB info. There is no easy way to detect what SB DB data ovn-controller has consumed. On Pod restart, we add the drop flows before exit. ovnkube-controller-with-node will also add it before it starts the go code. Container restart: - ovnkube-controller: adds flows upon start and exit - ovn-controller: no changes While the drop flows are set, OVN may not be able to resolve IPs it doesn't know about in its Logical Router pipelines generation. Following removal of the drop flows, OVN may resolve the IPs using GARP requests. OVN-Controller always sends out GARPs with op code 1 on startup. Signed-off-by: Martin Kennelly <mkennell@redhat.com> (cherry picked from commit 82fc3bf) (cherry picked from commit 50a94e1) (cherry picked from commit 37dd4e2)
PR 5373 to drop the GARP flows didnt consider that we set the default network controller and later we set the gateway obj. In-between this period, ovnkube node may receive a stop signal and we do not guard against accessing the gateway if its not yet set. OVNKube controller may have sync'd before the gateway obj is set. There is nothing to reconcile if the gateway is not set. Signed-off-by: Martin Kennelly <mkennell@redhat.com> (cherry picked from commit e60220a) (cherry picked from commit a7869b2) (cherry picked from commit 2ac68e4)
Ensure ovn-controller has processed the SB DB updates before removing the GARP drop flows by utilizing the hv_cfg field in NB_Global [1] OVNKube controller increments the nb_cfg value post sync, which is copied to SB DB by northd. OVN-Controllers copy this nb_cfg value from SB DB and write it to their chassis_private tables nb_cfg field after they have processed the SB DB changes. Northd will then look at all the chassis_private tables nb_cfg value and set the NB DBs Nb_global hv_cfg value to the min integer found. Since IC currently only supports one node per zone, we can be sure ovn-controller is running locally and therefore its ok to block removing the drop GARP flows. [1] https://man7.org/linux/man-pages/man5/ovn-nb.5.html Signed-off-by: Martin Kennelly <mkennell@redhat.com> (cherry picked from commit 3b5da01) (cherry picked from commit a4776fb) (cherry picked from commit f7c67b7)
martinkennelly
force-pushed
the
418-garp-final
branch
from
e694732 to
2396130
Compare
|
@martinkennelly: This PR was included in a payload test run from openshift/machine-config-operator#5325
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/1434b9a0-a43f-11f0-8a2f-32c75352f1ed-0 |
|
/retest Payload build issue: |
|
/retest Mostly payload creation failure..hmm |
|
/retest |
|
/retest Payload gen issue |
|
Payload ci nightly is good! |
|
@martinkennelly: This PR was included in a payload test run from openshift/machine-config-operator#5325
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/1a5ad180-a533-11f0-8a33-4aa5b4bdb3ee-0 |
|
/verified by 'pre-merge testing' |
openshift-ci-robot
added
the
verified
|
@jechen0648: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@jluhrsen: This PR was included in a payload test run from openshift/machine-config-operator#5325
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/da39e450-a54c-11f0-8e18-f1f75f4770a3-0 |
|
@martinkennelly: This pull request references Jira Issue OCPBUGS-62671, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/unhold |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@martinkennelly: This pull request references Jira Issue OCPBUGS-62671, which is valid. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (jechen@redhat.com), skipping review request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Requesting override for lint job: https://issues.redhat.com/browse/CORENET-6207 |
|
@martinkennelly: Overrode contexts on behalf of martinkennelly: ci/prow/lint DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
Payload ci & nightly blocking are clean. |
|
/lgtm |
openshift-ci
bot
added
the
backport-risk-assessed
openshift-ci
bot
assigned
anuragthehatter,
asood-rh,
barbora137,
huiran0826,
jechen0648,
Meina-rh,
mffiedler,
qiowang721,
rbbratta and
weliang1
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kyrtapz, martinkennelly The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
For job Deprovisioning is failing: Unrelated to this PR but investigating. |
|
/test 4.18-upgrade-from-stable-4.17-e2e-gcp-ovn-rt-upgrade Unrelated deprovisioning issue: raising it with test platform team: https://redhat-internal.slack.com/archives/CBN38N3MW/p1760623426190399 |
|
@martinkennelly: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-merge-bot
bot
merged commit 0466cfd
into
openshift:release-4.18
|
@martinkennelly: Jira Issue Verification Checks: Jira Issue OCPBUGS-62671 Jira Issue OCPBUGS-62671 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
14 participants
No conflicts.
Block GARPs from default network when ovnk controller hasnt yet sync'd.
/hold