Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs #1558

Merged
merged 4 commits into from
Mar 8, 2023
Merged

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs #1558

merged 4 commits into from
Mar 8, 2023

Conversation

npinaeva
Copy link
Member

@npinaeva npinaeva commented Mar 7, 2023
edited
Loading

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-org/ovn-kubernetes#3464, ovn-org/ovn-kubernetes#3466
no conflicts

@npinaeva
Add egress firewall external id to make name+externalIDs unique even
d74d6ea 
when the acl name is cropped. That happens when namespace name is
longer than 43 symbols.

Signed-off-by: Nadia Pinaeva <[email protected]>
(cherry picked from commit dafe82b)
@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Mar 7, 2023
@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected Jira Issue OCPBUGS-8471 to depend on a bug targeting a version in 4.14.0 and in one of the following states: MODIFIED, ON_QA, VERIFIED, but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-org/ovn-kubernetes#3464
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva
Copy link
Member Author

npinaeva commented Mar 7, 2023

/jira refresh

@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8397 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya @npinaeva
Add test to showcase syncEgressFirewall isn't truncating ACL names
e6a85ac 
This commit adds a test to showcase that
since syncEgressFirewall isn't calling libovsdbops.BuildACL
directly, we are not truncating ACL names.

Note that we really need ovn-org/libovsdb#338
for our test server to start screaming for long names.

Signed-off-by: Surya Seetharaman <[email protected]>
(cherry picked from commit d996d0e)
@tssurya @npinaeva
Fix syncEgressFirewall to truncate ACL names
22adda1 
This commit ensures we truncate names as a precaution
also in CreateOrUpdateACLsOps so that our bases are
covered since not all code snippets call BuildACL
directly

Signed-off-by: Surya Seetharaman <[email protected]>
(cherry picked from commit 7bfe50e)
@tssurya @npinaeva
Don't recreate clusterPGs and clusterRtrPGs unless needed
7c153b3 
In SetupMaster, we always call CreateOrUpdatePortGroupsOps
with empty ACLs and PGs for the cluster-wide port group
and cluster-wide-router-PG. This is disruptive during
upgrades since momentarily all efw ACLs and multicast ACLs
will be wiped out.

This commit changes this to first check if the PG already exists,
if then no need to do anything.
Each of those features are responsible for ensuring ACLs, Ports
are good on those PGs they own.

NOTE: This bug was an issue for multicast and started being an
issue for egf from ovn-org/ovn-kubernetes@bd29f41
Before that we didn't have ACLs on cluster wide PG.

Signed-off-by: Surya Seetharaman <[email protected]>
(cherry picked from commit 935bc55)
@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8397 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-org/ovn-kubernetes#3464, ovn-org/ovn-kubernetes#3466
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva npinaeva mentioned this pull request Mar 7, 2023
Merged
@tssurya
Copy link
Contributor

tssurya commented Mar 7, 2023

/retitle OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

@openshift-ci openshift-ci bot changed the title OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique Mar 7, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. label Mar 7, 2023
@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-8504, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8222 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8505, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8464 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8471, which is invalid:

  • expected dependent Jira Issue OCPBUGS-8397 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-org/ovn-kubernetes#3464, ovn-org/ovn-kubernetes#3466
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tssurya
Copy link
Contributor

tssurya commented Mar 7, 2023

/retitle OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs

@openshift-ci openshift-ci bot changed the title OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Add egress firewall external id to make name+externalIDs unique OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs Mar 7, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 7, 2023

@npinaeva: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

OCPBUGS-8504,OCPBUGS-8505,OCPBUGS-8471: [release-4.13] Fix EFW's name truncation logic & make EFW ACLs unique using extIDs

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tssurya
tssurya approved these changes Mar 7, 2023
View reviewed changes
Copy link
Contributor

@tssurya tssurya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; waiting on CI

@trozet
Copy link
Contributor

trozet commented Mar 7, 2023

/approve

@trozet
Copy link
Contributor

trozet commented Mar 7, 2023

/lgtm

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 7, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: npinaeva, trozet, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 7, 2023
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 7, 2023
@dcbw
Copy link
Contributor

dcbw commented Mar 7, 2023

/retest-required

infra problems all around
baremetalds: Failed to create ci resource: ipi-ci-op-1mgt4qkg-472d2-1633121276383989760
msg=Error: creating EC2 Instance: InvalidParameterValue: Value (ci-op-1mgt4qkg-0e24b-hcvnc-bootstrap-profile) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name

@trozet
Copy link
Contributor

trozet commented Mar 7, 2023

/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label Mar 7, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 8, 2023

@npinaeva: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-ovn-hybrid-step-registry 7c153b3 link false /test e2e-ovn-hybrid-step-registry

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@mffiedler
Copy link

/label cherry-pick-approved
/label qe-approved

@openshift-ci openshift-ci bot added cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. qe-approved Signifies that QE has signed off on this PR labels Mar 8, 2023
@npinaeva
Copy link
Member Author

npinaeva commented Mar 8, 2023

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Mar 8, 2023
@openshift-ci-robot
Copy link
Contributor

@npinaeva: This pull request references Jira Issue OCPBUGS-8504, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-8222 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-8222 targets the "4.14.0" version, which is one of the valid target versions: 4.14.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8505, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-8464 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-8464 targets the "4.14.0" version, which is one of the valid target versions: 4.14.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-8471, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.13.0) matches configured target version for branch (4.13.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • dependent bug Jira Issue OCPBUGS-8397 is in the state MODIFIED, which is one of the valid states (MODIFIED, ON_QA, VERIFIED)
  • dependent Jira Issue OCPBUGS-8397 targets the "4.14.0" version, which is one of the valid target versions: 4.14.0
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Mar 8, 2023
@npinaeva
Copy link
Member Author

npinaeva commented Mar 8, 2023

/tide refresh

@openshift-merge-robot openshift-merge-robot merged commit 5c534b9 into openshift:release-4.13 Mar 8, 2023
@openshift-ci-robot
Copy link
Contributor

@npinaeva: Jira Issue OCPBUGS-8504: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-8504 has been moved to the MODIFIED state.

Jira Issue OCPBUGS-8505: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-8505 has been moved to the MODIFIED state.

Jira Issue OCPBUGS-8471: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-8471 has been moved to the MODIFIED state.

In response to this:

even when the acl name is cropped. That happens when namespace name is longer than 43 symbols.
downstream merge #1556
upstream ovn-org/ovn-kubernetes#3464, ovn-org/ovn-kubernetes#3466
no conflicts

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@npinaeva npinaeva deleted the ocpbugs-ocpbugs-8471 branch March 8, 2023 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tssurya tssurya tssurya approved these changes

@abhat abhat Awaiting requested review from abhat

@JacobTanenbaum JacobTanenbaum Awaiting requested review from JacobTanenbaum

@anuragthehatter anuragthehatter Awaiting requested review from anuragthehatter

Assignees

@mffiedler mffiedler

@rbbratta rbbratta

@trozet trozet

@weliang1 weliang1

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@asood-rh asood-rh

@jechen0648 jechen0648

@yingwang-0320 yingwang-0320

@qiowang721 qiowang721

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/severity-moderate Referenced Jira bug's severity is moderate for the branch this PR is targeting. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.