ovn: fix reserve joinSwitch LRP IPs

namespace.go: When using the HostNetworkNamespace feature, the synchronisation code for namespaces triggers the ensureJoinLRPIPs method, which returns a valid IP from the join subnet without considering a possible active IP address. The end result is that the gwLRPIP is changed every time ovn is restarted and this breaks things like egressIPs. gateway: During startup, getJoinLRPAddresses validates the active joinLRPAddress against the node's subnet, but because of the early state, the node's subnets are empty, instead we should validate against the join switch's subnets that are already initialised. Signed-off-by: Philipp Dallig <philipp.dallig@gmail.com>
ovn-org · Jul 13, 2021 · f518b86 · f518b86
1 parent 12f6bde
commit f518b86
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/go-controller/pkg/ovn/gateway.go b/go-controller/pkg/ovn/gateway.go
@@ -30,7 +30,7 @@ func (oc *Controller) getJoinLRPAddresses(nodeName string) []*net.IPNet {
 	// try to get the IPs from the logical router port
 	gwLRPIPs := []*net.IPNet{}
 	gwLrpName := types.GWRouterToJoinSwitchPrefix + types.GWRouterPrefix + nodeName
-	joinSubnets := oc.joinSwIPManager.lsm.GetSwitchSubnets(nodeName)
+	joinSubnets := oc.joinSwIPManager.lsm.GetSwitchSubnets(types.OVNJoinSwitch)
 	ifAddrs, err := util.GetLRPAddrs(gwLrpName)
 	if err == nil {
 		for _, ifAddr := range ifAddrs {

diff --git a/go-controller/pkg/ovn/namespace.go b/go-controller/pkg/ovn/namespace.go
@@ -466,6 +466,10 @@ func (oc *Controller) createNamespaceAddrSetAllPods(ns string) (addressset.Addre
 					mgmtIfAddr := util.GetNodeManagementIfAddr(hostSubnet)
 					ips = append(ips, mgmtIfAddr.IP)
 				}
+				// Because createNamespaceAddrSetAllPods is called before syncNode, we need to
+				// reserve its joinSwitch LRP IPs if they already exist.
+				gwLRPIPs := oc.getJoinLRPAddresses(node.Name)
+				_ = oc.joinSwIPManager.reserveJoinLRPIPs(node.Name, gwLRPIPs)
 				// for shared gateway mode we will use LRP IPs to SNAT host network traffic
 				// so add these to the address set.
 				lrpIPs, err := oc.joinSwIPManager.ensureJoinLRPIPs(node.Name)

diff --git a/go-controller/pkg/ovn/namespace_test.go b/go-controller/pkg/ovn/namespace_test.go
@@ -2,9 +2,11 @@ package ovn
 
 import (
 	"context"
+	"fmt"
+	"net"
+
 	"github.com/urfave/cli/v2"
 	"k8s.io/apimachinery/pkg/util/sets"
-	"net"
 
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config"
 	egressfirewallfake "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/egressfirewall/v1/apis/clientset/versioned/fake"
@@ -254,6 +256,11 @@ var _ = ginkgo.Describe("OVN Namespace Operations", func() {
 				fakeOvn.controller.SCTPSupport = true
 
 				fexec := fakeOvn.fakeExec
+				fexec.AddFakeCmdsNoOutputNoError(
+					[]string{
+						fmt.Sprintf("ovn-nbctl --timeout=15 --if-exist get logical_router_port rtoj-GR_%s networks", node1.Name),
+					},
+				)
 				addNodeLogicalFlows(fexec, &node1, clusterCIDR, config.IPv6Mode, false)
 				fakeOvn.controller.joinSwIPManager, _ = initJoinLogicalSwitchIPManager()
 				_, err = fakeOvn.controller.joinSwIPManager.ensureJoinLRPIPs(ovntypes.OVNClusterRouter)