From 01e6f88cf2c445e1aa1fab5c86b23f74f1a19ce1 Mon Sep 17 00:00:00 2001 From: Antonin Bas Date: Wed, 5 Aug 2020 18:57:24 -0700 Subject: [PATCH] Use Ubuntu 20.04 as base distribution in Antrea Docker image The main reason for this update is picking up a more recent version of glibc, as the one that ships with Ubuntu 18.04 can cause OVS to deadlock (See #1022). In this PR, we only update the distribution for the "main" Antrea Docker image; other images, such as the ones we use for testing or for deploying the Antrea Octant plugin, can be updated later if needed. This is also a good opportunity to upgrade OVS daemons from 2.13.0 to 2.13.1, since the Docker build had to be updated anyway. For the sake of simplicity, from now on we will only support building the base openvswitch Docker image for OVS >= 2.13.0. Fixes #1022 --- .github/workflows/update_ovs_image.yml | 2 +- build/images/Dockerfile.build.ubuntu | 2 +- build/images/Dockerfile.ubuntu | 2 +- build/images/base/Dockerfile | 4 +-- build/images/base/build_and_push.sh | 4 +-- build/images/ovs/Dockerfile | 18 ++++++------- build/images/ovs/README.md | 2 +- build/images/ovs/apply-patches.sh | 36 ++++++++++++++++---------- build/images/ovs/build_and_push.sh | 8 +++--- build/images/test/Dockerfile | 4 +-- 10 files changed, 45 insertions(+), 37 deletions(-) diff --git a/.github/workflows/update_ovs_image.yml b/.github/workflows/update_ovs_image.yml index b220b19f8c3..519c029aaec 100644 --- a/.github/workflows/update_ovs_image.yml +++ b/.github/workflows/update_ovs_image.yml @@ -15,7 +15,7 @@ jobs: env: DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - OVS_VERSION: 2.13.0 + OVS_VERSION: 2.13.1 run: | cd build/images/ovs/ docker pull antrea/openvswitch-debs:$OVS_VERSION || true diff --git a/build/images/Dockerfile.build.ubuntu b/build/images/Dockerfile.build.ubuntu index 230f603b5fc..21bcdccceae 100644 --- a/build/images/Dockerfile.build.ubuntu +++ b/build/images/Dockerfile.build.ubuntu @@ -11,7 +11,7 @@ COPY . /antrea RUN make antrea-agent antrea-controller antrea-cni antctl-ubuntu -FROM antrea/base-ubuntu:2.13.0 +FROM antrea/base-ubuntu:2.13.1 LABEL maintainer="Antrea " LABEL description="The Docker image to deploy the Antrea CNI. " diff --git a/build/images/Dockerfile.ubuntu b/build/images/Dockerfile.ubuntu index 269f2a42c20..e68771b072c 100644 --- a/build/images/Dockerfile.ubuntu +++ b/build/images/Dockerfile.ubuntu @@ -1,4 +1,4 @@ -FROM antrea/base-ubuntu:2.13.0 +FROM antrea/base-ubuntu:2.13.1 LABEL maintainer="Antrea " LABEL description="The Docker image to deploy the Antrea CNI. " diff --git a/build/images/base/Dockerfile b/build/images/base/Dockerfile index b9d2c54951d..d41bca8c176 100644 --- a/build/images/base/Dockerfile +++ b/build/images/base/Dockerfile @@ -1,5 +1,5 @@ -ARG OVS_VERSION=2.13.0 -FROM ubuntu:18.04 as cni-binaries +ARG OVS_VERSION=2.13.1 +FROM ubuntu:20.04 as cni-binaries RUN apt-get update && \ apt-get install -y --no-install-recommends wget ca-certificates diff --git a/build/images/base/build_and_push.sh b/build/images/base/build_and_push.sh index 3426a02d076..c38eeb6da8a 100755 --- a/build/images/base/build_and_push.sh +++ b/build/images/base/build_and_push.sh @@ -24,7 +24,7 @@ function echoerr { } if [ -z "$OVS_VERSION" ]; then - echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.0)" + echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.1)" exit 1 fi @@ -32,7 +32,7 @@ THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" pushd $THIS_DIR > /dev/null -docker pull ubuntu:18.04 +docker pull ubuntu:20.04 docker pull antrea/openvswitch:$OVS_VERSION diff --git a/build/images/ovs/Dockerfile b/build/images/ovs/Dockerfile index 07482364526..a1a4e6658d8 100644 --- a/build/images/ovs/Dockerfile +++ b/build/images/ovs/Dockerfile @@ -1,24 +1,22 @@ -FROM ubuntu:18.04 as ovs-debs +FROM ubuntu:20.04 as ovs-debs # Some patches may not apply cleanly if another version is provided. -ARG OVS_VERSION=2.13.0 +ARG OVS_VERSION=2.13.1 # Install dependencies for building OVS deb packages # We install both python2 and python3 packages (required to build the OVS debs) # so that this Dockerfile can be used to build different versions of OVS if -# needed (python3 is required starting with OVS 2.13.0). +# needed (python3 is required starting with OVS 2.13.1). RUN apt-get update && \ - apt-get install -y --no-install-recommends wget curl git ca-certificates build-essential fakeroot graphviz \ - bzip2 autoconf automake debhelper dh-autoreconf libssl-dev libtool openssl procps \ - python-all python-twisted-conch python-zopeinterface python-six \ - python3-all python3-twisted python3-zope.interface \ + DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends wget curl git ca-certificates build-essential fakeroot graphviz \ + bzip2 autoconf automake debhelper dh-python dh-autoreconf libssl-dev libtool openssl procps \ + python3-all python3-twisted python3-zope.interface python3-sphinx \ libunbound-dev COPY apply-patches.sh / # Download OVS source code and build debs RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.tar.gz | tar xz -C /tmp && \ - rm -rf openvswitch-$OVS_VERSION.tar.gz && \ cd /tmp/openvswitch* && \ /apply-patches.sh && \ DEB_BUILD_OPTIONS='parallel=8 nocheck' fakeroot debian/rules binary && \ @@ -28,10 +26,10 @@ RUN wget -q -O - https://www.openvswitch.org/releases/openvswitch-$OVS_VERSION.t cd / && rm -rf /tmp/openvswitch* -FROM ubuntu:18.04 +FROM ubuntu:20.04 LABEL maintainer="Antrea " -LABEL description="A Docker image based on Ubuntu 18.04 which includes Open vSwitch built from source." +LABEL description="A Docker image based on Ubuntu 20.04 which includes Open vSwitch built from source." COPY --from=ovs-debs /tmp/ovs-debs/* /tmp/ovs-debs/ COPY charon-logging.conf /tmp diff --git a/build/images/ovs/README.md b/build/images/ovs/README.md index 8e4a8cbbd97..db88c972239 100644 --- a/build/images/ovs/README.md +++ b/build/images/ovs/README.md @@ -19,7 +19,7 @@ directory. For example: ```bash cd build/images/ovs -OVS_VERSION=2.13.0 ./build_and_push.sh +OVS_VERSION=2.13.1 ./build_and_push.sh ``` The image will be pushed to Dockerhub as `antrea/openvswitch:$OVS_VERSION`. diff --git a/build/images/ovs/apply-patches.sh b/build/images/ovs/apply-patches.sh index b435a91f4d9..e073ff0bc36 100755 --- a/build/images/ovs/apply-patches.sh +++ b/build/images/ovs/apply-patches.sh @@ -25,16 +25,18 @@ function echoerr { } # Inspired from https://stackoverflow.com/a/24067243/4538702 -# 'sort -V' is available on Ubuntu 18.04 +# 'sort -V' is available on Ubuntu 20.04 # less than function version_lt() { test "$(printf '%s\n' "$@" | sort -rV | head -n 1)" != "$1"; } # greater than function version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } +# less than or equal to +function version_let() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" == "$1"; } # greater than or equal to function version_get() { test "$(printf '%s\n' "$@" | sort -rV | head -n 1)" == "$1"; } -if version_lt "$OVS_VERSION" "2.11.0" || version_gt "$OVS_VERSION" "2.13.0"; then - echoerr "OVS_VERSION $OVS_VERSION is not supported (must be >= 2.11.0 and <= 2.13.0)" +if version_lt "$OVS_VERSION" "2.13.0" || version_gt "$OVS_VERSION" "2.13.1"; then + echoerr "OVS_VERSION $OVS_VERSION is not supported (must be >= 2.13.0 and <= 2.13.1)" exit 1 fi @@ -42,7 +44,7 @@ fi # merge, we will need to clone the repository with git instead of downloading a # release tarball (see Dockerfile). -# These 2 patches (post 2.13.0) ensures that datapath flows are not deleted on +# These 2 patches (post 2.13.x) ensures that datapath flows are not deleted on # ovs-vswitchd exit by default. Antrea relies on this to support hitless upgrade # of the Agent DaemonSet. # The second patch depends on the first one. @@ -52,19 +54,27 @@ curl https://github.com/openvswitch/ovs/commit/586cd3101e7fda54d14fb5bf12d847f35 curl https://github.com/openvswitch/ovs/commit/79eadafeb1b47a3871cb792aa972f6e4d89d1a0b.patch | \ git apply --exclude NEWS --exclude vswitchd/ovs-vswitchd.8.in -# This patch (post 2.13.0) ensures that ovs-vswitchd does not delete datapath +# This patch (post 2.13.x) ensures that ovs-vswitchd does not delete datapath # ports on exit. curl https://github.com/openvswitch/ovs/commit/7cc77b301f80a63cd4893198d82be0eef303f731.patch | \ git apply # This patch (post 2.13.0) ensures that ct_nw_src/ct_nw_dst supports IP Mask. -curl https://github.com/openvswitch/ovs/commit/1740aaf49dad6f533705dc3dce8d955a1840052a.patch | \ +if version_let "$OVS_VERSION" "2.13.0"; then + curl https://github.com/openvswitch/ovs/commit/1740aaf49dad6f533705dc3dce8d955a1840052a.patch | \ + git apply +fi + +# These patches (post 2.13.x) are needed to fix the debian build on Ubuntu 20.04. +curl https://github.com/openvswitch/ovs/commit/c101cd4171cfe04e214f858b4bbe089e56f13f9b.patch | \ + git apply +curl https://github.com/openvswitch/ovs/commit/3c18bb0fe9f23308061217f72e2245f0e311b20b.patch | \ + git apply +curl https://github.com/openvswitch/ovs/commit/fe175ac17352ceb2dbc9958112b4b1bc114d82f0.patch | \ git apply -if version_get "$OVS_VERSION" "2.13.0"; then - # OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location - # does not seem to be in the Python path in Ubuntu 18.04. There may be a better way to do this, - # but this seems like an acceptable workaround. - sed -i 's/python3\.7/python3\.6/' debian/openvswitch-test.install - sed -i 's/python3\.7/python3\.6/' debian/python3-openvswitch.install -fi +# OVS hardcodes the installation path to /usr/lib/python3.7/dist-packages/ but this location +# does not seem to be in the Python path in Ubuntu 20.04. There may be a better way to do this, +# but this seems like an acceptable workaround. +sed -i 's/python3\.7/python3\.8/' debian/openvswitch-test.install +sed -i 's/python3\.7/python3\.8/' debian/python3-openvswitch.install diff --git a/build/images/ovs/build_and_push.sh b/build/images/ovs/build_and_push.sh index 3d5678e595b..c9e21244db0 100755 --- a/build/images/ovs/build_and_push.sh +++ b/build/images/ovs/build_and_push.sh @@ -24,7 +24,7 @@ function echoerr { } if [ -z "$OVS_VERSION" ]; then - echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.0)" + echoerr "The OVS_VERSION env variable must be set to a valid value (e.g. 2.13.1)" exit 1 fi @@ -39,7 +39,7 @@ pushd $THIS_DIR > /dev/null # locally. # See https://github.com/moby/moby/issues/34715. -docker pull ubuntu:18.04 +docker pull ubuntu:20.04 docker build --target ovs-debs \ --cache-from antrea/openvswitch-debs:$OVS_VERSION \ @@ -52,7 +52,7 @@ docker build \ -t antrea/openvswitch:$OVS_VERSION \ --build-arg OVS_VERSION=$OVS_VERSION . -docker push antrea/openvswitch-debs:$OVS_VERSION -docker push antrea/openvswitch:$OVS_VERSION +# docker push antrea/openvswitch-debs:$OVS_VERSION +# docker push antrea/openvswitch:$OVS_VERSION popd > /dev/null diff --git a/build/images/test/Dockerfile b/build/images/test/Dockerfile index 925f3b81be9..596f1b7c2ca 100644 --- a/build/images/test/Dockerfile +++ b/build/images/test/Dockerfile @@ -1,4 +1,4 @@ -FROM antrea/openvswitch:2.13.0 +FROM antrea/openvswitch:2.13.1 LABEL maintainer="Antrea " LABEL description="A Docker image for antrea integration tests." @@ -19,4 +19,4 @@ ENV PATH $GOPATH/bin:/usr/local/go/bin/:$PATH WORKDIR $GOPATH COPY build/images/scripts/* /usr/local/bin/ -COPY build/images/test/test-integration /usr/local/bin/ \ No newline at end of file +COPY build/images/test/test-integration /usr/local/bin/