Use Ubuntu 20.04 as base distribution in Antrea Docker image

The main reason for this update is picking up a more recent version of
glibc, as the one that ships with Ubuntu 18.04 can cause OVS to deadlock
(See antrea-io#1022).

In this PR, we only update the distribution for the "main" Antrea Docker
image; other images, such as the ones we use for testing or for
deploying the Antrea Octant plugin, can be updated later if needed.

This is also a good opportunity to upgrade OVS daemons from 2.13.0 to
2.13.1, since the Docker build had to be updated anyway. For the sake of
simplicity, from now on we will only support building the base
openvswitch Docker image for OVS >= 2.13.0.

Fixes antrea-io#1022

.github/workflows/update_ovs_image.yml

@@ -15,7 +15,7 @@ jobs:
       env:
         DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
         DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-        OVS_VERSION: 2.13.0
+        OVS_VERSION: 2.13.1
       run: |
         cd build/images/ovs/
         docker pull antrea/openvswitch-debs:$OVS_VERSION || true

build/images/Dockerfile.build.ubuntu

@@ -11,7 +11,7 @@ COPY . /antrea
 RUN make antrea-agent antrea-controller antrea-cni antctl-ubuntu
 
 
-FROM antrea/base-ubuntu:2.13.0
+FROM antrea/base-ubuntu:2.13.1
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
 LABEL description="The Docker image to deploy the Antrea CNI. "

build/images/Dockerfile.ubuntu

@@ -1,4 +1,4 @@
-FROM antrea/base-ubuntu:2.13.0
+FROM antrea/base-ubuntu:2.13.1
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
 LABEL description="The Docker image to deploy the Antrea CNI. "

build/images/base/Dockerfile

@@ -1,5 +1,5 @@
-ARG OVS_VERSION=2.13.0
-FROM ubuntu:18.04 as cni-binaries
+ARG OVS_VERSION=2.13.1
+FROM ubuntu:20.04 as cni-binaries
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends wget ca-certificates

build/images/base/build_and_push.sh

@@ -24,15 +24,15 @@ function echoerr {
 }
 
 if [ -z "$OVS_VERSION" ]; then
-    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.0)"
+    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.1)"
     exit 1
 fi
 
 THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 
 pushd $THIS_DIR > /dev/null
 
-docker pull ubuntu:18.04
+docker pull ubuntu:20.04
 
 docker pull antrea/openvswitch:$OVS_VERSION
 

build/images/ovs/Dockerfile

@@ -1,24 +1,22 @@
-FROM ubuntu:18.04 as ovs-debs
+FROM ubuntu:20.04 as ovs-debs
 
 # Some patches may not apply cleanly if another version is provided.
-ARG OVS_VERSION=2.13.0
+ARG OVS_VERSION=2.13.1
 
 # Install dependencies for building OVS deb packages
 # We install both python2 and python3 packages (required to build the OVS debs)
 # so that this Dockerfile can be used to build different versions of OVS if
-# needed (python3 is required starting with OVS 2.13.0).
+# needed (python3 is required starting with OVS 2.13.1).
 RUN apt-get update && \
-    apt-get install -y --no-install-recommends wget curl git ca-certificates build-essential fakeroot graphviz \
-            bzip2 autoconf automake debhelper dh-autoreconf libssl-dev libtool openssl procps \
-            python-all python-twisted-conch python-zopeinterface python-six \
-            python3-all python3-twisted python3-zope.interface \
+    DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends wget curl git ca-certificates build-essential fakeroot graphviz \
+            bzip2 autoconf automake debhelper dh-python dh-autoreconf libssl-dev libtool openssl procps \
+            python3-all python3-twisted python3-zope.interface python3-sphinx \
             libunbound-dev
 
 COPY apply-patches.sh /
 
 # Download OVS source code and build debs
 RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.tar.gz  | tar xz -C /tmp && \
-    rm -rf openvswitch-$OVS_VERSION.tar.gz && \
     cd /tmp/openvswitch* && \
     /apply-patches.sh && \
     DEB_BUILD_OPTIONS='parallel=8 nocheck' fakeroot debian/rules binary && \
@@ -28,10 +26,10 @@ RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.t
     cd / && rm -rf /tmp/openvswitch*
 
 
-FROM ubuntu:18.04
+FROM ubuntu:20.04
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
-LABEL description="A Docker image based on Ubuntu 18.04 which includes Open vSwitch built from source."
+LABEL description="A Docker image based on Ubuntu 20.04 which includes Open vSwitch built from source."
 
 COPY --from=ovs-debs /tmp/ovs-debs/* /tmp/ovs-debs/
 COPY charon-logging.conf /tmp

build/images/ovs/README.md

@@ -19,7 +19,7 @@ directory. For example:
 
 ```bash
 cd build/images/ovs
-OVS_VERSION=2.13.0 ./build_and_push.sh
+OVS_VERSION=2.13.1 ./build_and_push.sh
 ```
 
 The image will be pushed to Dockerhub as `antrea/openvswitch:$OVS_VERSION`.

build/images/ovs/apply-patches.sh

@@ -25,24 +25,26 @@ function echoerr {
 }
 
 # Inspired from https://stackoverflow.com/a/24067243/4538702
-# 'sort -V' is available on Ubuntu 18.04
+# 'sort -V' is available on Ubuntu 20.04
 # less than
 function version_lt() { test "$(printf '%s\n' "$@" | sort -rV | head -n 1)" != "$1"; }
 # greater than
 function version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; }
+# less than or equal to
+function version_let() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" == "$1"; }
 # greater than or equal to
 function version_get() { test "$(printf '%s\n' "$@" | sort -rV | head -n 1)" == "$1"; }
 
-if version_lt "$OVS_VERSION" "2.11.0" || version_gt "$OVS_VERSION" "2.13.0"; then
-    echoerr "OVS_VERSION $OVS_VERSION is not supported (must be >= 2.11.0 and <= 2.13.0)"
+if version_lt "$OVS_VERSION" "2.13.0" || version_gt "$OVS_VERSION" "2.13.1"; then
+    echoerr "OVS_VERSION $OVS_VERSION is not supported (must be >= 2.13.0 and <= 2.13.1)"
     exit 1
 fi
 
 # We cannot use 3-way merge unless we are in a git repository. If we need 3-way
 # merge, we will need to clone the repository with git instead of downloading a
 # release tarball (see Dockerfile).
 
-# These 2 patches (post 2.13.0) ensures that datapath flows are not deleted on
+# These 2 patches (post 2.13.x) ensures that datapath flows are not deleted on
 # ovs-vswitchd exit by default. Antrea relies on this to support hitless upgrade
 # of the Agent DaemonSet.
 # The second patch depends on the first one.
@@ -52,19 +54,27 @@ curl https://github.com/openvswitch/ovs/commit/586cd3101e7fda54d14fb5bf12d847f35
 curl https://github.com/openvswitch/ovs/commit/79eadafeb1b47a3871cb792aa972f6e4d89d1a0b.patch | \
     git apply --exclude NEWS --exclude vswitchd/ovs-vswitchd.8.in
 
-# This patch (post 2.13.0) ensures that ovs-vswitchd does not delete datapath
+# This patch (post 2.13.x) ensures that ovs-vswitchd does not delete datapath
 # ports on exit.
 curl https://github.com/openvswitch/ovs/commit/7cc77b301f80a63cd4893198d82be0eef303f731.patch | \
     git apply
 
 # This patch (post 2.13.0) ensures that ct_nw_src/ct_nw_dst supports IP Mask.
-curl https://github.com/openvswitch/ovs/commit/1740aaf49dad6f533705dc3dce8d955a1840052a.patch | \
+if version_let "$OVS_VERSION" "2.13.0"; then
+    curl https://github.com/openvswitch/ovs/commit/1740aaf49dad6f533705dc3dce8d955a1840052a.patch | \
+        git apply
+fi
+
+# These patches (post 2.13.x) are needed to fix the debian build on Ubuntu 20.04.
+curl https://github.com/openvswitch/ovs/commit/c101cd4171cfe04e214f858b4bbe089e56f13f9b.patch | \
+    git apply
+curl https://github.com/openvswitch/ovs/commit/3c18bb0fe9f23308061217f72e2245f0e311b20b.patch | \
+    git apply
+curl https://github.com/openvswitch/ovs/commit/fe175ac17352ceb2dbc9958112b4b1bc114d82f0.patch | \
     git apply
 
-if version_get "$OVS_VERSION" "2.13.0"; then
-    # OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location
-    # does not seem to be in the Python path in Ubuntu 18.04. There may be a better way to do this,
-    # but this seems like an acceptable workaround.
-    sed -i 's/python3\.7/python3\.6/' debian/openvswitch-test.install
-    sed -i 's/python3\.7/python3\.6/' debian/python3-openvswitch.install
-fi
+# OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location
+# does not seem to be in the Python path in Ubuntu 20.04. There may be a better way to do this,
+# but this seems like an acceptable workaround.
+sed -i 's/python3\.7/python3\.8/' debian/openvswitch-test.install
+sed -i 's/python3\.7/python3\.8/' debian/python3-openvswitch.install

build/images/ovs/build_and_push.sh

@@ -24,7 +24,7 @@ function echoerr {
 }
 
 if [ -z "$OVS_VERSION" ]; then
-    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.0)"
+    echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.1)"
     exit 1
 fi
 
@@ -39,7 +39,7 @@ pushd $THIS_DIR > /dev/null
 # locally.
 # See https://github.com/moby/moby/issues/34715.
 
-docker pull ubuntu:18.04
+docker pull ubuntu:20.04
 
 docker build --target ovs-debs \
        --cache-from antrea/openvswitch-debs:$OVS_VERSION \
@@ -52,7 +52,7 @@ docker build \
        -t antrea/openvswitch:$OVS_VERSION \
        --build-arg OVS_VERSION=$OVS_VERSION .
 
-docker push antrea/openvswitch-debs:$OVS_VERSION
-docker push antrea/openvswitch:$OVS_VERSION
+# docker push antrea/openvswitch-debs:$OVS_VERSION
+# docker push antrea/openvswitch:$OVS_VERSION
 
 popd > /dev/null

build/images/test/Dockerfile

@@ -1,4 +1,4 @@
-FROM antrea/openvswitch:2.13.0
+FROM antrea/openvswitch:2.13.1
 
 LABEL maintainer="Antrea <projectantrea-dev@googlegroups.com>"
 LABEL description="A Docker image for antrea integration tests."
@@ -19,4 +19,4 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin/:$PATH
 WORKDIR $GOPATH
 
 COPY build/images/scripts/* /usr/local/bin/
-COPY build/images/test/test-integration /usr/local/bin/
+COPY build/images/test/test-integration /usr/local/bin/