From 3272107e18f06d16a75edda938bce1d22c765a11 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Fri, 12 Jul 2024 23:39:09 +0800 Subject: [PATCH 1/9] fix: if user not set OVN_VERSION_COMPATIBILITY, should set it to none Signed-off-by: bobz965 --- dist/images/start-db.sh | 4 ++++ dist/images/upgrade-ovs.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh index c160f183252..bb0abc1910c 100755 --- a/dist/images/start-db.sh +++ b/dist/images/start-db.sh @@ -139,6 +139,7 @@ function is_clustered { function set_nb_version_compatibility() { if [ -n "$OVN_VERSION_COMPATIBILITY" ]; then if ! ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS get NB_Global . options | grep -q version_compatibility=; then + echo "ovn nb global option version_compatibility is set to ${OVN_VERSION_COMPATIBILITY}" ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY} return fi @@ -147,6 +148,9 @@ function set_nb_version_compatibility() { if [ "$value" != "_$OVN_VERSION_COMPATIBILITY" ]; then ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY} fi + else + echo "ovn nb global option version_compatibility is set to _$OVN_VERSION_COMPATIBILITY" + ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=_${OVN_VERSION_COMPATIBILITY} fi } diff --git a/dist/images/upgrade-ovs.sh b/dist/images/upgrade-ovs.sh index 33232bc755c..d8e2b6abe89 100755 --- a/dist/images/upgrade-ovs.sh +++ b/dist/images/upgrade-ovs.sh @@ -38,7 +38,7 @@ nb_addr="$(gen_conn_str 6641)" while true; do if [ x`ovn-nbctl --db=$nb_addr $SSL_OPTIONS get NB_Global . options | grep -o 'version_compatibility='` != "x" ]; then value=`ovn-nbctl --db=$nb_addr $SSL_OPTIONS get NB_Global . options:version_compatibility | sed -e 's/^"//' -e 's/"$//'` - echo "ovn NB_Global option version_compatibility is set to $value" + echo "ovn NB_Global option version_compatibility is already set to $value" if [ "$value" = "$OVN_VERSION_COMPATIBILITY" -o "$value" = "_$OVN_VERSION_COMPATIBILITY" ]; then break fi From 6c76b4b0a18f21077f1a49be8114ec48a4787909 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Wed, 17 Jul 2024 10:53:32 +0800 Subject: [PATCH 2/9] fix: allow deploy with non root Signed-off-by: bobz965 --- dist/images/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/images/install.sh b/dist/images/install.sh index 6dc342a0d1a..f6871f9f7c6 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -4933,8 +4933,8 @@ if ! sh -c "echo \":$PATH:\" | grep -q \":/usr/local/bin:\""; then fi echo "[Step 6/6] Run network diagnose" -kubectl cp kube-system/"$(kubectl -n kube-system get pods -o wide | grep cni | awk '{print $1}' | awk 'NR==1{print}')":/kube-ovn/kubectl-ko /usr/local/bin/kubectl-ko -chmod +x /usr/local/bin/kubectl-ko +sudo kubectl cp kube-system/"$(kubectl -n kube-system get pods -o wide | grep cni | awk '{print $1}' | awk 'NR==1{print}')":/kube-ovn/kubectl-ko /usr/local/bin/kubectl-ko +sudo chmod +x /usr/local/bin/kubectl-ko # show pod status in kube-system namespace before diagnose kubectl get pod -n kube-system -o wide kubectl ko diagnose all From 24db8cad90b837c739ea3a3791cac3b8a11687b8 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Wed, 17 Jul 2024 17:35:52 +0800 Subject: [PATCH 3/9] =?UTF-8?q?=E6=8F=90=E5=8D=87=E5=85=BC=E5=AE=B9?= =?UTF-8?q?=E6=80=A7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: bobz965 --- yamls/kind.yaml.j2 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/yamls/kind.yaml.j2 b/yamls/kind.yaml.j2 index 3f53d10c922..b8f2f4ebf99 100644 --- a/yamls/kind.yaml.j2 +++ b/yamls/kind.yaml.j2 @@ -41,16 +41,18 @@ apiVersion: kind.x-k8s.io/v1alpha4 networking: kubeProxyMode: {{ kube_proxy_mode }} disableDefaultCNI: true - ipFamily: {{ ip_family }} apiServerAddress: {{ api_server_address }} apiServerPort: {{ api_server_port }} -{%- if ip_family is equalto "ipv4" %} +{%- if "ipv4" in ip_family %} + ipFamily: ipv4 podSubnet: {{ pod_cidr_v4 }} serviceSubnet: {{ svc_cidr_v4 }} -{%- elif ip_family is equalto "ipv6" %} +{%- elif "ipv6" in ip_family %} + ipFamily: ipv6 podSubnet: "fd00:10:16::/112" serviceSubnet: "fd00:10:96::/108" {%- else %} + ipFamily: dual podSubnet: "10.16.0.0/16,fd00:10:16::/112" serviceSubnet: "10.96.0.0/12,fd00:10:96::/108" {%- endif %} From c754684638e79ce5d3157eabbebe9677350ac854 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Wed, 17 Jul 2024 18:11:00 +0800 Subject: [PATCH 4/9] rollback Signed-off-by: bobz965 --- dist/images/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/images/install.sh b/dist/images/install.sh index f6871f9f7c6..6dc342a0d1a 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -4933,8 +4933,8 @@ if ! sh -c "echo \":$PATH:\" | grep -q \":/usr/local/bin:\""; then fi echo "[Step 6/6] Run network diagnose" -sudo kubectl cp kube-system/"$(kubectl -n kube-system get pods -o wide | grep cni | awk '{print $1}' | awk 'NR==1{print}')":/kube-ovn/kubectl-ko /usr/local/bin/kubectl-ko -sudo chmod +x /usr/local/bin/kubectl-ko +kubectl cp kube-system/"$(kubectl -n kube-system get pods -o wide | grep cni | awk '{print $1}' | awk 'NR==1{print}')":/kube-ovn/kubectl-ko /usr/local/bin/kubectl-ko +chmod +x /usr/local/bin/kubectl-ko # show pod status in kube-system namespace before diagnose kubectl get pod -n kube-system -o wide kubectl ko diagnose all From 02a98dfd2d3804d8f6e84afcb137835e75892329 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Mon, 22 Jul 2024 14:50:03 +0800 Subject: [PATCH 5/9] fix Signed-off-by: bobz965 --- charts/kube-ovn/templates/central-deploy.yaml | 1 + dist/images/install.sh | 1 + dist/images/start-db.sh | 11 ++++++----- dist/images/upgrade-ovs.sh | 8 +++----- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/charts/kube-ovn/templates/central-deploy.yaml b/charts/kube-ovn/templates/central-deploy.yaml index 481a048e0df..5947e162fbe 100644 --- a/charts/kube-ovn/templates/central-deploy.yaml +++ b/charts/kube-ovn/templates/central-deploy.yaml @@ -45,6 +45,7 @@ spec: image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: + - bash - /kube-ovn/start-db.sh securityContext: runAsUser: 0 diff --git a/dist/images/install.sh b/dist/images/install.sh index 6dc342a0d1a..03a0fdd6974 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -3418,6 +3418,7 @@ spec: image: "$REGISTRY/kube-ovn:$VERSION" imagePullPolicy: $IMAGE_PULL_POLICY command: + - bash - /kube-ovn/start-db.sh securityContext: runAsUser: 0 diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh index bb0abc1910c..dba60d5c7d5 100755 --- a/dist/images/start-db.sh +++ b/dist/images/start-db.sh @@ -41,6 +41,9 @@ SB_CLUSTER_PORT=${SB_CLUSTER_PORT:-6644} ENABLE_SSL=${ENABLE_SSL:-false} ENABLE_BIND_LOCAL_IP=${ENABLE_BIND_LOCAL_IP:-false} +echo "ENABLE_SSL is set to $ENABLE_SSL" +echo "ENABLE_BIND_LOCAL_IP is set to $ENABLE_BIND_LOCAL_IP" + DB_ADDR=:: DB_ADDRESSES=:: if [[ $ENABLE_BIND_LOCAL_IP == "true" ]]; then @@ -49,11 +52,9 @@ if [[ $ENABLE_BIND_LOCAL_IP == "true" ]]; then fi SSL_OPTIONS= -function ssl_options() { - if "$ENABLE_SSL" != "false" ]; then - SSL_OPTIONS="-p /var/run/tls/key -c /var/run/tls/cert -C /var/run/tls/cacert" - fi -} +if [ "$ENABLE_SSL" != "false" ]; then + SSL_OPTIONS="-p /var/run/tls/key -c /var/run/tls/cert -C /var/run/tls/cacert" +fi . /usr/share/openvswitch/scripts/ovs-lib || exit 1 diff --git a/dist/images/upgrade-ovs.sh b/dist/images/upgrade-ovs.sh index d8e2b6abe89..cf13d7bb848 100755 --- a/dist/images/upgrade-ovs.sh +++ b/dist/images/upgrade-ovs.sh @@ -10,11 +10,9 @@ OVN_VERSION_COMPATIBILITY=${OVN_VERSION_COMPATIBILITY:-} UPDATE_STRATEGY=`kubectl -n kube-system get ds ovs-ovn -o jsonpath='{.spec.updateStrategy.type}'` SSL_OPTIONS= -function ssl_options() { - if "$ENABLE_SSL" != "false" ]; then - SSL_OPTIONS="-p /var/run/tls/key -c /var/run/tls/cert -C /var/run/tls/cacert" - fi -} +if "$ENABLE_SSL" != "false" ]; then + SSL_OPTIONS="-p /var/run/tls/key -c /var/run/tls/cert -C /var/run/tls/cacert" +fi function gen_conn_str { if [[ -z "${OVN_DB_IPS}" ]]; then From fe6ef15700230ea5b3e4ddc23d6720f0bd9259cc Mon Sep 17 00:00:00 2001 From: bobz965 Date: Mon, 22 Jul 2024 17:59:50 +0800 Subject: [PATCH 6/9] rollback Signed-off-by: bobz965 --- dist/images/start-db.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh index dba60d5c7d5..579065ba50b 100755 --- a/dist/images/start-db.sh +++ b/dist/images/start-db.sh @@ -140,7 +140,7 @@ function is_clustered { function set_nb_version_compatibility() { if [ -n "$OVN_VERSION_COMPATIBILITY" ]; then if ! ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS get NB_Global . options | grep -q version_compatibility=; then - echo "ovn nb global option version_compatibility is set to ${OVN_VERSION_COMPATIBILITY}" + echo "setting ovn NB_Global option version_compatibility to ${OVN_VERSION_COMPATIBILITY}" ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY} return fi @@ -150,8 +150,8 @@ function set_nb_version_compatibility() { ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY} fi else - echo "ovn nb global option version_compatibility is set to _$OVN_VERSION_COMPATIBILITY" - ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=_${OVN_VERSION_COMPATIBILITY} + echo "OVN_VERSION_COMPATIBILITY is not set" + return 1 fi } From c017dcfe89d348d1fddb317ed7b6bc8e48d35283 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Mon, 22 Jul 2024 18:41:11 +0800 Subject: [PATCH 7/9] keep install.sh as helm Signed-off-by: bobz965 --- dist/images/install.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dist/images/install.sh b/dist/images/install.sh index 03a0fdd6974..9f8a2b35c39 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -40,6 +40,9 @@ OVS_VSCTL_CONCURRENCY=${OVS_VSCTL_CONCURRENCY:-100} ENABLE_COMPACT=${ENABLE_COMPACT:-false} SECURE_SERVING=${SECURE_SERVING:-false} +# ovn version +versionCompatibility=24.03 + # debug DEBUG_WRAPPER=${DEBUG_WRAPPER:-} @@ -3462,6 +3465,8 @@ spec: value: "1" - name: ENABLE_COMPACT value: "$ENABLE_COMPACT" + - name: OVN_VERSION_COMPATIBILITY + value: "$versionCompatibility" resources: requests: cpu: 300m From e5d2895d8061b6fbaf80342b19570ea429c71434 Mon Sep 17 00:00:00 2001 From: bobz965 Date: Tue, 23 Jul 2024 12:19:01 +0800 Subject: [PATCH 8/9] rollback Signed-off-by: bobz965 --- dist/images/install.sh | 5 ----- dist/images/start-db.sh | 3 --- yamls/kind.yaml.j2 | 8 +++----- 3 files changed, 3 insertions(+), 13 deletions(-) diff --git a/dist/images/install.sh b/dist/images/install.sh index 9f8a2b35c39..03a0fdd6974 100755 --- a/dist/images/install.sh +++ b/dist/images/install.sh @@ -40,9 +40,6 @@ OVS_VSCTL_CONCURRENCY=${OVS_VSCTL_CONCURRENCY:-100} ENABLE_COMPACT=${ENABLE_COMPACT:-false} SECURE_SERVING=${SECURE_SERVING:-false} -# ovn version -versionCompatibility=24.03 - # debug DEBUG_WRAPPER=${DEBUG_WRAPPER:-} @@ -3465,8 +3462,6 @@ spec: value: "1" - name: ENABLE_COMPACT value: "$ENABLE_COMPACT" - - name: OVN_VERSION_COMPATIBILITY - value: "$versionCompatibility" resources: requests: cpu: 300m diff --git a/dist/images/start-db.sh b/dist/images/start-db.sh index 579065ba50b..aea83910f25 100755 --- a/dist/images/start-db.sh +++ b/dist/images/start-db.sh @@ -149,9 +149,6 @@ function set_nb_version_compatibility() { if [ "$value" != "_$OVN_VERSION_COMPATIBILITY" ]; then ovn-nbctl --db=$(gen_conn_str 6641) $SSL_OPTIONS set NB_Global . options:version_compatibility=${OVN_VERSION_COMPATIBILITY} fi - else - echo "OVN_VERSION_COMPATIBILITY is not set" - return 1 fi } diff --git a/yamls/kind.yaml.j2 b/yamls/kind.yaml.j2 index b8f2f4ebf99..3f53d10c922 100644 --- a/yamls/kind.yaml.j2 +++ b/yamls/kind.yaml.j2 @@ -41,18 +41,16 @@ apiVersion: kind.x-k8s.io/v1alpha4 networking: kubeProxyMode: {{ kube_proxy_mode }} disableDefaultCNI: true + ipFamily: {{ ip_family }} apiServerAddress: {{ api_server_address }} apiServerPort: {{ api_server_port }} -{%- if "ipv4" in ip_family %} - ipFamily: ipv4 +{%- if ip_family is equalto "ipv4" %} podSubnet: {{ pod_cidr_v4 }} serviceSubnet: {{ svc_cidr_v4 }} -{%- elif "ipv6" in ip_family %} - ipFamily: ipv6 +{%- elif ip_family is equalto "ipv6" %} podSubnet: "fd00:10:16::/112" serviceSubnet: "fd00:10:96::/108" {%- else %} - ipFamily: dual podSubnet: "10.16.0.0/16,fd00:10:16::/112" serviceSubnet: "10.96.0.0/12,fd00:10:96::/108" {%- endif %} From 66c47ebf4a0e3776e25d0c4243b52a2823ace5ce Mon Sep 17 00:00:00 2001 From: bobz965 Date: Tue, 23 Jul 2024 17:13:33 +0800 Subject: [PATCH 9/9] Update dist/images/upgrade-ovs.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: 张祖建 --- dist/images/upgrade-ovs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist/images/upgrade-ovs.sh b/dist/images/upgrade-ovs.sh index cf13d7bb848..cfde7f7e6f5 100755 --- a/dist/images/upgrade-ovs.sh +++ b/dist/images/upgrade-ovs.sh @@ -10,7 +10,7 @@ OVN_VERSION_COMPATIBILITY=${OVN_VERSION_COMPATIBILITY:-} UPDATE_STRATEGY=`kubectl -n kube-system get ds ovs-ovn -o jsonpath='{.spec.updateStrategy.type}'` SSL_OPTIONS= -if "$ENABLE_SSL" != "false" ]; then +if [ "$ENABLE_SSL" != "false" ]; then SSL_OPTIONS="-p /var/run/tls/key -c /var/run/tls/cert -C /var/run/tls/cacert" fi