Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 2105444: ITP=local, host->svc case failure #1196

Merged
merged 1 commit into from Aug 16, 2022
Merged

Bug 2105444: ITP=local, host->svc case failure #1196

merged 1 commit into from Aug 16, 2022

Conversation

tssurya
Copy link
Contributor

@tssurya tssurya commented Jul 15, 2022
edited

Cherry picked from 944b5c2 NOT CLEAN, conflict mentioned in commit message

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.br-ex.rp_filter = 0
net.ipv4.conf.br-int.rp_filter = 0
net.ipv4.conf.c1798a1ec76c1f4.rp_filter = 0
net.ipv4.conf.d1517e738ed8391.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.ebc08262035b15d.rp_filter = 0
net.ipv4.conf.ens5.rp_filter = 0
net.ipv4.conf.fa15be590ac0579.rp_filter = 0
net.ipv4.conf.genev_sys_6081.rp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.ovn-k8s-mp0.rp_filter = 2
net.ipv4.conf.ovs-system.rp_filter = 0

works!

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 15, 2022

@tssurya: An error was encountered querying GitHub for users with public email (huirwang@redhat.com) for bug 2078691 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details.

Full error message. Post "http://ghproxy/graphql": dial tcp 172.30.229.2:80: connect: connection refused

Please contact an administrator to resolve this issue, then request a bug refresh with /bugzilla refresh.

In response to this:

Bug 2078691: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested review from abhat and dcbw July 15, 2022 10:35
@openshift-ci openshift-ci bot added bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Jul 15, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 15, 2022

@tssurya: This pull request references Bugzilla bug 2078691, which is valid.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.12.0) matches configured target release for branch (4.12.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Requesting review from QA contact:
/cc @huiran0826

In response to this:

Bug 2078691: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci openshift-ci bot requested a review from huiran0826 July 15, 2022 13:21
@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 22, 2022
@tssurya tssurya changed the base branch from master to release-4.11 July 22, 2022 10:48
@openshift-ci openshift-ci bot added bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. and removed bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Jul 22, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 22, 2022

@tssurya: This pull request references Bugzilla bug 2078691, which is invalid:

  • expected the bug to target the "4.11.0" release, but it targets "4.12.0" instead
  • expected dependent Bugzilla bug 2082663 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is CLOSED (DUPLICATE) instead
  • expected dependent Bugzilla bug 2082663 to target a release in 4.12.0, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2078691: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya tssurya changed the title Bug 2078691: ITP=local, host->svc case failure Bug 2105444: ITP=local, host->svc case failure Jul 22, 2022
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 22, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 22, 2022

@tssurya: This pull request references Bugzilla bug 2105444, which is invalid:

  • expected the bug to target the "4.11.0" release, but it targets "4.11.z" instead
  • expected dependent Bugzilla bug 2078691 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead
  • expected dependent Bugzilla bug 2082663 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is CLOSED (DUPLICATE) instead
  • expected dependent Bugzilla bug 2082663 to target a release in 4.12.0, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2105444: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya
Change rp_filter value for ovn-k8s-mp0
10e6a67 
Currently the default value for all interfaces is 0 while
rp_filter for "all" is set to 1.

rp_filter - INTEGER
	0 - No source validation.
	1 - Strict mode as defined in RFC3704 Strict Reverse Path
	    Each incoming packet is tested against the FIB and if the interface
	    is not the best reverse path the packet check will fail.
	    By default failed packets are discarded.
	2 - Loose mode as defined in RFC3704 Loose Reverse Path
	    Each incoming packet's source address is also tested against the FIB
	    and if the source address is not reachable via any interface
	    the packet check will fail.

	Current recommended practice in RFC3704 is to enable strict mode
	to prevent IP spoofing from DDos attacks. If using asymmetric routing
	or other complicated routing, then loose mode is recommended.

	The max value from conf/{all,interface}/rp_filter is used
	when doing source validation on the {interface}.

As per the definitions to avail other FIB table based routing
we should set rp_filter for ovn-k8s-mp0 to 2 to support ITP=local
feature. Security wise we are still ok since we are enabling this only
on ovnk interface mp0 and not on any other interface.

NOTE: Pkt from host goes into ovn via mp0 destined for clusterIP
and it goes in via the new routing table 7 that was added. Return
packet with srcIP=clusterIP comes out via mp0 and default routing
table says all clusterIP traffic should go to br-ex and this is why
reverse path filter check fails since onward packet went in via mp0.

Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
(cherry picked from commit 944b5c2)

 Conflicts in 4.11:
	go-controller/pkg/util/ovs.go
	go-controller/pkg/util/ovs_unit_test.go
 because
openshift@0d9e4aa
 is missing
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 22, 2022

@tssurya: This pull request references Bugzilla bug 2105444, which is invalid:

  • expected dependent Bugzilla bug 2078691 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead
  • expected dependent Bugzilla bug 2082663 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is CLOSED (DUPLICATE) instead
  • expected dependent Bugzilla bug 2082663 to target a release in 4.12.0, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2105444: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

1 similar comment
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 22, 2022

@tssurya: This pull request references Bugzilla bug 2105444, which is invalid:

  • expected dependent Bugzilla bug 2078691 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead
  • expected dependent Bugzilla bug 2082663 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is CLOSED (DUPLICATE) instead
  • expected dependent Bugzilla bug 2082663 to target a release in 4.12.0, but it targets "---" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 2105444: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya
Copy link
Contributor Author

tssurya commented Jul 22, 2022

/retest-required

@tssurya
Copy link
Contributor Author

tssurya commented Jul 22, 2022

/bugzilla refresh

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 22, 2022

@tssurya: This pull request references Bugzilla bug 2105444, which is invalid:

  • expected dependent Bugzilla bug 2078691 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya
Copy link
Contributor Author

tssurya commented Jul 23, 2022

/test e2e-metal-ipi-ovn-dualstack

@tssurya
Copy link
Contributor Author

tssurya commented Jul 23, 2022

/bugzilla refresh

@openshift-ci openshift-ci bot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Jul 23, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 23, 2022

@tssurya: This pull request references Bugzilla bug 2105444, which is valid.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.11.0) matches configured target release for branch (4.11.0)
  • bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
  • dependent bug Bugzilla bug 2078691 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Bugzilla bug 2078691 targets the "4.12.0" release, which is one of the valid target releases: 4.12.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya
Copy link
Contributor Author

tssurya commented Jul 23, 2022

/test e2e-metal-ipi-ovn-dualstack

@trozet
Copy link
Contributor

trozet commented Jul 25, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jul 25, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 25, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: trozet, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 25, 2022
@tssurya
Copy link
Contributor Author

tssurya commented Jul 25, 2022

/test e2e-metal-ipi-ovn-dualstack

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jul 25, 2022
edited

@tssurya: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-openstack-ovn 10e6a67 link false /test e2e-openstack-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@tssurya
Copy link
Contributor Author

tssurya commented Jul 25, 2022

/retest-required

@huiran0826
Copy link

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Aug 11, 2022
@trozet
Copy link
Contributor

trozet commented Aug 15, 2022

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Aug 15, 2022
@huiran0826
Copy link

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Aug 16, 2022
@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 2 against base HEAD 2e00ec0 and 8 for PR HEAD 10e6a67 in total

@openshift-merge-robot openshift-merge-robot merged commit 369b3a4 into openshift:release-4.11 Aug 16, 2022
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 16, 2022

@tssurya: All pull requests linked via external trackers have merged:

Bugzilla bug 2105444 has been moved to the MODIFIED state.

In response to this:

Bug 2105444: ITP=local, host->svc case failure

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhat abhat Awaiting requested review from abhat

@dcbw dcbw Awaiting requested review from dcbw

@huiran0826 huiran0826 Awaiting requested review from huiran0826

@anuragthehatter anuragthehatter Awaiting requested review from anuragthehatter

Assignees

@trozet trozet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/severity-high Referenced Bugzilla bug's severity is high for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@tssurya @trozet @huiran0826 @openshift-ci-robot @openshift-merge-robot