From c1848109011a6b0d31a929618bc8fab7a116bfeb Mon Sep 17 00:00:00 2001 From: wfnuser Date: Mon, 5 Feb 2024 18:58:52 +0800 Subject: [PATCH] Fix: Resolve issue with skipped execution of sg annotations The problem causing ineffective application of sg annotations is that, during virtual machine restart, the logical switch port is intentionally not deleted.(I guess). When sg annotations are added and the VM is restarted, the create logical switch port logic is skipped as it detects the existing lsp. Consequently, the annotation fails to attach to the lsp. Even when we sync lsp for sg, it has no effect. A simple fix is to update the existing lsp during lsp creation if it already exists. This approach ensures correct annotation attachment and addresses the skipped execution issue. Signed-off-by: wfnuser --- pkg/ovs/ovn-nb-logical_switch_port.go | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkg/ovs/ovn-nb-logical_switch_port.go b/pkg/ovs/ovn-nb-logical_switch_port.go index 7aba8090ebb7..dae639b21eb4 100644 --- a/pkg/ovs/ovn-nb-logical_switch_port.go +++ b/pkg/ovs/ovn-nb-logical_switch_port.go @@ -25,6 +25,21 @@ func (c *OVNNbClient) CreateLogicalSwitchPort(lsName, lspName, ip, mac, podName, // ignore if exist { + if portSecurity && len(securityGroups) != 0 { + lsp, err := c.GetLogicalSwitchPort(lspName, true) + if err != nil { + klog.Error(err) + } else { + sgList := strings.Split(securityGroups, ",") + if _, err := c.SetLogicalSwitchPortSecurityGroup(lsp, "add", sgList...); err != nil { + klog.Errorf("set logical switch port %s security groups %s: %v", lsp.Name, securityGroups, err) + } + } + } + if err = c.SetLogicalSwitchPortSecurity(portSecurity, lspName, mac, ip, vips); err != nil { + klog.Errorf("set logical switch port security: %v", err) + return err + } return nil }