Merge 23f835a into aafea18

antrea-io · Feb 22, 2023 · caea932 · caea932
2 parents aafea18 + 23f835a
commit caea932
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 7 deletions.
diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go
@@ -287,7 +287,6 @@ func (i *Initializer) initInterfaceStore() error {
 		return intf
 	}
 	ifaceList := make([]*interfacestore.InterfaceConfig, 0, len(ovsPorts))
-	ovsCtlClient := ovsctl.NewClient(i.ovsBridge)
 	for index := range ovsPorts {
 		port := &ovsPorts[index]
 		ovsPort := &interfacestore.OVSPortConfig{
@@ -322,9 +321,8 @@ func (i *Initializer) initInterfaceStore() error {
 				intf = cniserver.ParseOVSPortInterfaceConfig(port, ovsPort)
 			case interfacestore.AntreaTrafficControl:
 				intf = trafficcontrol.ParseTrafficControlInterfaceConfig(port, ovsPort)
-				if err := ovsCtlClient.SetPortNoFlood(int(ovsPort.OFPort)); err != nil {
-					klog.ErrorS(err, "Failed to set port with no-flood config", "PortName", port.Name)
-				}
+			case interfacestore.AntreaIPsec:
+				intf = noderoute.ParseTunnelInterfaceConfig(port, ovsPort)
 			default:
 				klog.InfoS("Unknown Antrea interface type", "type", interfaceType)
 			}
@@ -376,6 +374,31 @@ func (i *Initializer) initInterfaceStore() error {
 	return nil
 }
 
+func (i *Initializer) restorePortConfigs() error {
+	ovsCtlClient := ovsctl.NewClient(i.ovsBridge)
+	ovsPorts, err := i.ovsBridgeClient.GetPortList()
+	if err != nil {
+		return fmt.Errorf("failed to list OVS ports: %w", err)
+	}
+	for _, port := range ovsPorts {
+		interfaceType, ok := port.ExternalIDs[interfacestore.AntreaInterfaceTypeKey]
+		if !ok {
+			continue
+		}
+		switch interfaceType {
+		case interfacestore.AntreaIPsec:
+			fallthrough
+		case interfacestore.AntreaTrafficControl:
+			if err := ovsCtlClient.SetPortNoFlood(int(port.OFPort)); err != nil {
+				return fmt.Errorf("failed to set port %s with no-flood: %w", port.Name, err)
+			} else {
+				klog.InfoS("Set port no-flood success", "PortName", port.Name)
+			}
+		}
+	}
+	return nil
+}
+
 // Initialize sets up agent initial configurations.
 func (i *Initializer) Initialize() error {
 	klog.Info("Setting up node network")
@@ -394,6 +417,10 @@ func (i *Initializer) Initialize() error {
 		return err
 	}
 
+	if err := i.restorePortConfigs(); err != nil {
+		return err
+	}
+
 	if i.enableL7NetworkPolicy {
 		// prepareL7NetworkPolicyInterfaces must be executed after setupOVSBridge since it requires interfaceStore.
 		if err := i.prepareL7NetworkPolicyInterfaces(); err != nil {
@@ -568,11 +595,18 @@ func (i *Initializer) initOpenFlowPipeline() error {
 			i.ofClient.ReplayFlows()
 			klog.Info("Flow replay completed")
 
+			klog.Info("Restoring OF port configs to OVS bridge")
+			err := i.restorePortConfigs()
+			if err != nil {
+				klog.ErrorS(err, "Failed to restore OF port configs")
+			} else {
+				klog.Info("Restore OF port configs completed")
+			}
 			// ofClient and ovsBridgeClient have their own mechanisms to restore connections with OVS, and it could
 			// happen that ovsBridgeClient's connection is not ready when ofClient completes flow replay. We retry it
 			// with a timeout that is longer time than ovsBridgeClient's maximum connecting retry interval (8 seconds)
 			// to ensure the flag can be removed successfully.
-			err := wait.PollImmediate(200*time.Millisecond, 10*time.Second, func() (done bool, err error) {
+			err = wait.PollImmediate(200*time.Millisecond, 10*time.Second, func() (done bool, err error) {
 				if err := i.FlowRestoreComplete(); err != nil {
 					return false, nil
 				}

diff --git a/pkg/agent/controller/noderoute/node_route_controller.go b/pkg/agent/controller/noderoute/node_route_controller.go
@@ -655,7 +655,6 @@ func getPodCIDRsOnNode(node *corev1.Node) []string {
 func (c *Controller) createIPSecTunnelPort(nodeName string, nodeIP net.IP) (int32, error) {
 	portName := util.GenerateNodeTunnelInterfaceName(nodeName)
 	interfaceConfig, exists := c.interfaceStore.GetNodeTunnelInterface(nodeName)
-
 	var remoteName, psk string
 	// remote_name and psk are mutually exclusive.
 	switch c.networkConfig.IPsecConfig.AuthenticationMode {
@@ -677,8 +676,11 @@ func (c *Controller) createIPSecTunnelPort(nodeName string, nodeIP net.IP) (int3
 			exists = false
 		}
 	}
+	ovsExternalIDs := map[string]interface{}{
+		ovsExternalIDNodeName:                 nodeName,
+		interfacestore.AntreaInterfaceTypeKey: interfacestore.AntreaIPsec,
+	}
 	if !exists {
-		ovsExternalIDs := map[string]interface{}{ovsExternalIDNodeName: nodeName}
 		portUUID, err := c.ovsBridgeClient.CreateTunnelPortExt(
 			portName,
 			c.networkConfig.TunnelType,
@@ -714,6 +716,10 @@ func (c *Controller) createIPSecTunnelPort(nodeName string, nodeIP net.IP) (int3
 		// Let NodeRouteController retry at errors.
 		return 0, fmt.Errorf("failed to get of_port of IPsec tunnel port for Node %s", nodeName)
 	}
+	// Set external_ids for the port for upgrade case.
+	if err := c.ovsBridgeClient.SetPortExternalIDs(portName, ovsExternalIDs); err != nil {
+		return 0, fmt.Errorf("failed to set external IDs for port %s: %w", nodeName, err)
+	}
 	// Set the port with no-flood to reject ARP flood packets.
 	if err := c.ovsCtlClient.SetPortNoFlood(int(ofPort)); err != nil {
 		return 0, fmt.Errorf("failed to set port %s with no-flood config: %w", portName, err)

diff --git a/pkg/agent/interfacestore/types.go b/pkg/agent/interfacestore/types.go
@@ -43,6 +43,7 @@ const (
 	AntreaUplink           = "uplink"
 	AntreaHost             = "host"
 	AntreaTrafficControl   = "traffic-control"
+	AntreaIPsec            = "ipsec"
 	AntreaUnset            = ""
 )