Don't recreate clusterPGs and clusterRtrPGs unless needed

In SetupMaster, we always call CreateOrUpdatePortGroupsOps with empty ACLs and PGs for the cluster-wide port group and cluster-wide-router-PG. This is disruptive during upgrades since momentarily all efw ACLs and multicast ACLs will be wiped out. This commit changes this to first check if the PG already exists, if then no need to do anything. Each of those features are responsible for ensuring ACLs, Ports are good on those PGs they own. NOTE: This bug was an issue for multicast and started being an issue for egf from ovn-org@bd29f41 Before that we didn't have ACLs on cluster wide PG. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com> (cherry picked from commit 935bc55)
jcaamano · Mar 7, 2023 · 7c153b3 · 7c153b3
1 parent 22adda1
commit 7c153b3
Showing 1 changed file with 33 additions and 12 deletions.
diff --git a/go-controller/pkg/ovn/master.go b/go-controller/pkg/ovn/master.go
@@ -14,6 +14,7 @@ import (
 	"k8s.io/klog/v2"
 	utilnet "k8s.io/utils/net"
 
+	libovsdbclient "github.com/ovn-org/libovsdb/client"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/kube"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdbops"
@@ -118,23 +119,43 @@ func (oc *DefaultNetworkController) SetupMaster(existingNodeNames []string) erro
 	}
 	oc.defaultCOPPUUID = *(logicalRouter.Copp)
 
-	// Create a cluster-wide port group that all logical switch ports are part of
-	pg := libovsdbops.BuildPortGroup(types.ClusterPortGroupName, types.ClusterPortGroupName, nil, nil)
-	err = libovsdbops.CreateOrUpdatePortGroups(oc.nbClient, pg)
-	if err != nil {
-		klog.Errorf("Failed to create cluster port group: %v", err)
+	pg := &nbdb.PortGroup{
+		Name: types.ClusterPortGroupName,
+	}
+	pg, err = libovsdbops.GetPortGroup(oc.nbClient, pg)
+	if err != nil && err != libovsdbclient.ErrNotFound {
 		return err
 	}
+	if pg == nil {
+		// we didn't find an existing clusterPG, let's create a new empty PG (fresh cluster install)
+		// Create a cluster-wide port group that all logical switch ports are part of
+		pg := libovsdbops.BuildPortGroup(types.ClusterPortGroupName, types.ClusterPortGroupName, nil, nil)
+		err = libovsdbops.CreateOrUpdatePortGroups(oc.nbClient, pg)
+		if err != nil {
+			klog.Errorf("Failed to create cluster port group: %v", err)
+			return err
+		}
+	}
 
-	// Create a cluster-wide port group with all node-to-cluster router
-	// logical switch ports.  Currently the only user is multicast but it might
-	// be used for other features in the future.
-	pg = libovsdbops.BuildPortGroup(types.ClusterRtrPortGroupName, types.ClusterRtrPortGroupName, nil, nil)
-	err = libovsdbops.CreateOrUpdatePortGroups(oc.nbClient, pg)
-	if err != nil {
-		klog.Errorf("Failed to create cluster port group: %v", err)
+	pg = &nbdb.PortGroup{
+		Name: types.ClusterRtrPortGroupName,
+	}
+	pg, err = libovsdbops.GetPortGroup(oc.nbClient, pg)
+	if err != nil && err != libovsdbclient.ErrNotFound {
 		return err
 	}
+	if pg == nil {
+		// we didn't find an existing clusterRtrPG, let's create a new empty PG (fresh cluster install)
+		// Create a cluster-wide port group with all node-to-cluster router
+		// logical switch ports. Currently the only user is multicast but it might
+		// be used for other features in the future.
+		pg = libovsdbops.BuildPortGroup(types.ClusterRtrPortGroupName, types.ClusterRtrPortGroupName, nil, nil)
+		err = libovsdbops.CreateOrUpdatePortGroups(oc.nbClient, pg)
+		if err != nil {
+			klog.Errorf("Failed to create cluster port group: %v", err)
+			return err
+		}
+	}
 
 	// If supported, enable IGMP relay on the router to forward multicast
 	// traffic between nodes.