From f3d438d7d59b87798a85eeaa8ee42fd2ade62686 Mon Sep 17 00:00:00 2001 From: wfnuser Date: Mon, 5 Feb 2024 18:58:52 +0800 Subject: [PATCH] Fix: Resolve issue with skipped execution of sg annotations The problem causing ineffective application of sg annotations is that, during virtual machine restart, the logical switch port is intentionally not deleted.(I guess). When sg annotations are added and the VM is restarted, the create logical switch port logic is skipped as it detects the existing lsp. Consequently, the annotation fails to attach to the lsp. Even when we sync lsp for sg, it has no effect. A simple fix is to update the existing lsp during lsp creation if it already exists. This approach ensures correct annotation attachment and addresses the skipped execution issue. Signed-off-by: Qinghao Huang --- pkg/ovs/ovn-nb-logical_switch_port.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/ovs/ovn-nb-logical_switch_port.go b/pkg/ovs/ovn-nb-logical_switch_port.go index 7aba8090ebb7..2c4294bcb415 100644 --- a/pkg/ovs/ovn-nb-logical_switch_port.go +++ b/pkg/ovs/ovn-nb-logical_switch_port.go @@ -25,6 +25,14 @@ func (c *OVNNbClient) CreateLogicalSwitchPort(lsName, lspName, ip, mac, podName, // ignore if exist { + if portSecurity && len(securityGroups) != 0 { + lsp, err := c.GetLogicalSwitchPort(lspName, true) + if err == nil { + sgList := strings.Split(securityGroups, ",") + c.SetLogicalSwitchPortSecurityGroup(lsp, "add", sgList...) + } + } + c.SetLogicalSwitchPortSecurity(portSecurity, lspName, mac, ip, vips) return nil }