From patchwork Mon Dec 9 16:05:06 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Russell Bryant X-Patchwork-Id: 1206390 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=ovn.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47Wp1v1Jk1z9sPc for ; Tue, 10 Dec 2019 03:05:22 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9964C867BD; Mon, 9 Dec 2019 16:05:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N8TcerhV_ZHn; Mon, 9 Dec 2019 16:05:18 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by fraxinus.osuosl.org (Postfix) with ESMTP id 85C5486239; Mon, 9 Dec 2019 16:05:18 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 60209C1796; Mon, 9 Dec 2019 16:05:18 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by lists.linuxfoundation.org (Postfix) with ESMTP id 67F43C0881 for ; Mon, 9 Dec 2019 16:05:17 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 504FE87F84 for ; Mon, 9 Dec 2019 16:05:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QWyC4G0W5i42 for ; Mon, 9 Dec 2019 16:05:16 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by hemlock.osuosl.org (Postfix) with ESMTPS id 3531987F1F for ; Mon, 9 Dec 2019 16:05:15 +0000 (UTC) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-285-DftcbbgOOwCjXveUU808gg-1; Mon, 09 Dec 2019 11:05:11 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 084229A0FE; Mon, 9 Dec 2019 16:05:10 +0000 (UTC) Received: from t480s.redhat.com (ovpn-120-159.rdu2.redhat.com [10.10.120.159]) by smtp.corp.redhat.com (Postfix) with ESMTP id E57DA194BB; Mon, 9 Dec 2019 16:05:08 +0000 (UTC) From: Russell Bryant To: dev@openvswitch.org Date: Mon, 9 Dec 2019 11:05:06 -0500 Message-Id: <20191209160506.501890-1-russell@ovn.org> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-MC-Unique: DftcbbgOOwCjXveUU808gg-1 X-Mimecast-Spam-Score: 0 Subject: [ovs-dev] [PATCH ovn v1] northd: Load config before processing nbdb contents X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Reorder ovnnb_db_run() such that configuration parameters are loaded or initialized before processing the nbdb contents. I found this bug because I noticed dynamic MAC addresses being assigned at ovn-northd startup with an empty prefix. Later, it would switch to allocating MAC addresses with the random prefix that was generated. The impact of this bug is particularly bad if ovn-northd restarts in an existing environment. ovn-northd will check previously assigned dynamic addresses for validity. At startup, previously assigned MAC addresses will all appear invalid because they have a non-empty prefix, so it will reset them all. In the case of IPv6, this also causes the IPv6 addresses change, since OVN assigned dynamic IPv6 addresses are based on the MAC address. With ovn-kubernetes, whatever first set of addresses were assigned is what ends up cached on the Node object and used by the Pod. This bug can cause all of this to get out of sync, breaking network connectivity for Pods on an OVN virtual network. Signed-off-by: Russell Bryant Acked-by: Numan Siddique --- northd/ovn-northd.c | 78 ++++++++++++++++++++++----------------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index 33d3ff2ad..3a5cb7c91 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -10151,45 +10151,6 @@ ovnnb_db_run(struct northd_context *ctx, struct shash meter_groups = SHASH_INITIALIZER(&meter_groups); struct hmap lbs; - build_datapaths(ctx, datapaths, lr_list); - build_ports(ctx, sbrec_chassis_by_name, datapaths, ports); - build_ovn_lbs(ctx, ports, &lbs); - build_ipam(datapaths, ports); - build_port_group_lswitches(ctx, &port_groups, ports); - build_lrouter_groups(ports, lr_list); - build_ip_mcast(ctx, datapaths); - build_mcast_groups(ctx, datapaths, ports, &mcast_groups, &igmp_groups); - build_meter_groups(ctx, &meter_groups); - build_lflows(ctx, datapaths, ports, &port_groups, &mcast_groups, - &igmp_groups, &meter_groups, &lbs); - - sync_address_sets(ctx); - sync_port_groups(ctx); - sync_meters(ctx); - sync_dns_entries(ctx, datapaths); - destroy_ovn_lbs(&lbs); - hmap_destroy(&lbs); - - struct ovn_igmp_group *igmp_group, *next_igmp_group; - - HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node, &igmp_groups) { - ovn_igmp_group_destroy(&igmp_groups, igmp_group); - } - - struct ovn_port_group *pg, *next_pg; - HMAP_FOR_EACH_SAFE (pg, next_pg, key_node, &port_groups) { - ovn_port_group_destroy(&port_groups, pg); - } - hmap_destroy(&igmp_groups); - hmap_destroy(&mcast_groups); - hmap_destroy(&port_groups); - - struct shash_node *node, *next; - SHASH_FOR_EACH_SAFE (node, next, &meter_groups) { - shash_delete(&meter_groups, node); - } - shash_destroy(&meter_groups); - /* Sync ipsec configuration. * Copy nb_cfg from northbound to southbound database. * Also set up to update sb_cfg once our southbound transaction commits. */ @@ -10263,6 +10224,45 @@ ovnnb_db_run(struct northd_context *ctx, controller_event_en = smap_get_bool(&nb->options, "controller_event", false); + build_datapaths(ctx, datapaths, lr_list); + build_ports(ctx, sbrec_chassis_by_name, datapaths, ports); + build_ovn_lbs(ctx, ports, &lbs); + build_ipam(datapaths, ports); + build_port_group_lswitches(ctx, &port_groups, ports); + build_lrouter_groups(ports, lr_list); + build_ip_mcast(ctx, datapaths); + build_mcast_groups(ctx, datapaths, ports, &mcast_groups, &igmp_groups); + build_meter_groups(ctx, &meter_groups); + build_lflows(ctx, datapaths, ports, &port_groups, &mcast_groups, + &igmp_groups, &meter_groups, &lbs); + + sync_address_sets(ctx); + sync_port_groups(ctx); + sync_meters(ctx); + sync_dns_entries(ctx, datapaths); + destroy_ovn_lbs(&lbs); + hmap_destroy(&lbs); + + struct ovn_igmp_group *igmp_group, *next_igmp_group; + + HMAP_FOR_EACH_SAFE (igmp_group, next_igmp_group, hmap_node, &igmp_groups) { + ovn_igmp_group_destroy(&igmp_groups, igmp_group); + } + + struct ovn_port_group *pg, *next_pg; + HMAP_FOR_EACH_SAFE (pg, next_pg, key_node, &port_groups) { + ovn_port_group_destroy(&port_groups, pg); + } + hmap_destroy(&igmp_groups); + hmap_destroy(&mcast_groups); + hmap_destroy(&port_groups); + + struct shash_node *node, *next; + SHASH_FOR_EACH_SAFE (node, next, &meter_groups) { + shash_delete(&meter_groups, node); + } + shash_destroy(&meter_groups); + cleanup_macam(&macam); }