Enable Windows OVS Container to run on pristine Host Environment

Signed-off-by: Naman Agarwal <naman.agarwal75@gmail.com>
antrea-io · Sep 14, 2023 · 518b34c · 518b34c
1 parent 4cc6f63
commit 518b34c
Show file tree

Hide file tree

Showing 6 changed files with 176 additions and 68 deletions.
diff --git a/build/images/Dockerfile.build.windows b/build/images/Dockerfile.build.windows
@@ -52,5 +52,7 @@ COPY --from=windows-ovs /Windows/System32/vcruntime140.dll /Windows/System32/
 COPY --from=windows-ovs /Windows/System32/libeay32.dll /Windows/System32/
 COPY --from=windows-ovs /Windows/System32/ssleay32.dll /Windows/System32/
 
+COPY build/images/scripts/start_ovs_windows_containerd.ps1 /
+
 RUN mkdir C:\openvswitch
 COPY --from=windows-ovs /openvswitch /openvswitch/
diff --git a/build/images/scripts/start_ovs_windows_containerd.ps1 b/build/images/scripts/start_ovs_windows_containerd.ps1
@@ -0,0 +1,166 @@
+$ErrorActionPreference = "Stop"
+$OVSVersion = "3.0.5-antrea.0"
+$OVSDownloadURL = "https://downloads.antrea.io/ovs/ovs-$OVSVersion-win64.zip"
+$OVSPublishedHash = 'fd27703ef7314b26b98cffb7aea27d569530ebd3ac3c98daa981ca2654373032'
+$WorkDir = [System.IO.Path]::GetDirectoryName($myInvocation.MyCommand.Definition)
+$OVSDownloadDir = $WorkDir
+$OVSInstallDir = "C:\openvswitch"
+$OVSZip = "$OVSDownloadDir\ovs-win64.zip"
+$ImportCertificate = $true
+$CheckFileHash = $true
+$PowerShellModuleBase = "C:\Windows\System32\WindowsPowerShell\v1.0\Modules"
+$InstallLog = "$OVSDownloadDir\install_ovs.log"
+
+function WaitExpandFiles($Src, $Dest) {
+    Log "Extract $Src to $Dest"
+    Expand-Archive -Path $Src -DestinationPath $Dest | Out-Null
+}
+
+function CheckIfOVSInstalled() {
+    if (Test-Path -Path $OVSInstallDir) {
+        Log "$OVSInstallDir already exists, exit OVS installation."
+        exit 1
+    }
+}
+
+function DownloadOVS() {
+    If (!(Test-Path $OVSDownloadDir)) {
+        mkdir -p $OVSDownloadDir
+    }
+    Log "Downloading OVS package from $OVSDownloadURL to $OVSZip"
+    curl.exe -sLo $OVSZip $OVSDownloadURL
+    If (!$?) {
+        Log "Download OVS failed, URL: $OVSDownloadURL"
+        exit 1
+    }
+
+    if ($CheckFileHash) {
+        $FileHash = Get-FileHash $OVSZip
+        If ($OVSPublishedHash -ne "" -And $FileHash.Hash -ne $OVSPublishedHash) {
+            Log "SHA256 mismatch for OVS download"
+            exit 1
+        }
+    }
+
+    Log "Download OVS package success."
+}
+
+function InstallOVS() {
+    WaitExpandFiles $OVSZip $OVSDownloadDir
+    # Copy OVS package to target dir.
+    Log "Copying OVS package from $OVSDownloadDir\openvswitch to $OVSInstallDir"
+    mv "$OVSDownloadDir\openvswitch" $OVSInstallDir
+    rm $OVSZip
+    # Create log and run dir.
+    $OVS_LOG_PATH = $OVSInstallDir + "\var\log\openvswitch"
+    CreatePath $OVS_LOG_PATH
+    $OVSRunDir = $OVSInstallDir + "\var\run\openvswitch"
+    CreatePath $OVSRunDir
+    $OVSDriverDir = "$OVSInstallDir\driver"
+}
+
+function InstallDriver(){
+   # Install OVS driver certificate.
+   $DriverFile="$OVSDriverDir\OVSExt.sys"
+   if ($ImportCertificate) {
+       $CertificateFile = "$OVSDriverDir\package.cer"
+       if (!(Test-Path $CertificateFile)) {
+           $ExportType = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert;
+           $Cert = (Get-AuthenticodeSignature $DriverFile).SignerCertificate;
+           [System.IO.File]::WriteAllBytes($CertificateFile, $Cert.Export($ExportType));
+       }
+       Log "Installing OVS driver certificate."
+       Import-Certificate -FilePath "$CertificateFile" -CertStoreLocation cert:\LocalMachine\TrustedPublisher
+       Import-Certificate -FilePath "$CertificateFile" -CertStoreLocation cert:\LocalMachine\Root
+   }
+
+   # Install Microsoft Visual C++ Redistributable Package.
+   if (Test-Path $OVSInstallDir\redist) {
+       Log "Installing Microsoft Visual C++ Redistributable Package."
+       $RedistFiles = Get-ChildItem "$OVSInstallDir\redist" -Filter *.exe
+       $RedistFiles | ForEach-Object {
+           Log "Installing $_"
+           Start-Process -FilePath $_.FullName -Args '/install /passive /norestart' -Verb RunAs -Wait
+       }
+   }
+
+   # Install powershell modules
+   if (Test-Path $OVSInstallDir\scripts) {
+       Log "Installing powershell modules."
+       $PSModuleFiles = Get-ChildItem "$OVSInstallDir\scripts" -Filter *.psm1
+       $PSModuleFiles | ForEach-Object {
+           $PSModulePath = Join-Path -Path $PowerShellModuleBase -ChildPath $_.BaseName
+           if (!(Test-Path $PSModulePath)) {
+               Log "Installing $_"
+               mkdir -p $PSModulePath
+               Copy-Item $_.FullName $PSModulePath
+           }
+       }
+   }
+
+   # Install OVS kernel driver.
+   Log "Installing OVS kernel driver"
+   $VMMSStatus = $(Get-Service vmms -ErrorAction SilentlyContinue).Status
+   if (!$VMMSStatus) {
+       $VMMSStatus = "not exist"
+   }
+   Log "Hyper-V Virtual Machine Management service status: $VMMSStatus"
+   if ($VMMSStatus -eq "Running") {
+       cmd /c "cd $OVSDriverDir && install.cmd"
+   } else {
+       cd $OVSDriverDir ; netcfg -l .\ovsext.inf -c s -i OVSExt; cd $WorkDir
+   }
+   if (!$?) {
+       Log "Install OVS kernel driver failed, exit"
+       exit 1
+   }
+}
+
+function ConfigOVS() {
+    $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
+    $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/')
+    $env:PATH = $env:PATH + ";$mountPath/Windows/System32;$mountPath/openvswitch/usr/bin;$mountPath/openvswitch/usr/sbin"
+    $OVS_DB_SCHEMA_PATH = "$mountPath/openvswitch/usr/share/openvswitch/vswitch.ovsschema"
+    $OVS_DB_PATH = "C:\openvswitch\etc\openvswitch\conf.db"
+    if ($(Test-Path $OVS_DB_SCHEMA_PATH) -and !$(Test-Path $OVS_DB_PATH)) {
+        ovsdb-tool create "$OVS_DB_PATH" "$OVS_DB_SCHEMA_PATH"
+    }
+    ovsdb-server $OVS_DB_PATH -vfile:info --remote=punix:db.sock --log-file=/var/log/antrea/openvswitch/ovsdb-server.log --pidfile --detach
+    ovs-vsctl --no-wait init
+
+    # Set OVS version.
+    $OVS_VERSION=$(Get-Item $mountPath\openvswitch\driver\OVSExt.sys).VersionInfo.ProductVersion
+    ovs-vsctl --no-wait set Open_vSwitch . ovs_version=$OVS_VERSION
+
+    ovs-vswitchd --log-file=/var/log/antrea/openvswitch/ovs-vswitchd.log --pidfile -vfile:info --detach
+
+    $SleepInterval = 30
+    Write-Host "Started the loop that checks OVS status every $SleepInterval seconds"
+    while ($true) {
+        if ( !( Get-Process ovsdb-server ) ) {
+            Write-Host "ovsdb-server is not running, starting it again..."
+            ovsdb-server $OVS_DB_PATH -vfile:info --remote=punix:db.sock --log-file=/var/log/antrea/openvswitch/ovsdb-server.log --pidfile --detach
+        }
+        if ( !( Get-Process ovs-vswitchd ) ) {
+            Write-Host "ovs-vswitchd is not running, starting it again..."
+            ovs-vswitchd --log-file=/var/log/antrea/openvswitch/ovs-vswitchd.log --pidfile -vfile:info --detach
+        }
+        Start-Sleep -Seconds $SleepInterval
+    }
+}
+
+Log "Installation log location: $InstallLog"
+
+CheckIfOVSInstalled
+
+DownloadOVS
+
+InstallOVS
+
+# Antrea Pod runs as NT AUTHORITY\SYSTEM user on Windows, antrea-ovs container writes
+# pid and conf.db files to $OVSInstallDir on Windows host Node during runtime.
+icacls $OVSInstallDir /grant "NT AUTHORITY\SYSTEM:(OI)(CI)F" /T
+
+ConfigOVS
+
+Log "OVS Installation Complete!"
diff --git a/build/yamls/antrea-windows-containerd-with-ovs.yml b/build/yamls/antrea-windows-containerd-with-ovs.yml
@@ -20,38 +20,6 @@ data:
     $mountPath =  ($mountPath.Replace('\', '/')).TrimEnd('/')
     $env:PATH = $env:PATH + ";$mountPath/Windows/System32;$mountPath/k/antrea/bin;$mountPath/openvswitch/usr/bin;$mountPath/openvswitch/usr/sbin"
     & antrea-agent --config=$mountPath/etc/antrea/antrea-agent.conf --logtostderr=false --log_dir=c:/var/log/antrea --alsologtostderr --log_file_max_size=100 --log_file_max_num=4 --v=0
-  Run-AntreaOVS-Containerd.ps1: |
-    $ErrorActionPreference = "Stop"
-    $mountPath = $env:CONTAINER_SANDBOX_MOUNT_POINT
-    $mountPath = ($mountPath.Replace('\', '/')).TrimEnd('/')
-    $env:PATH = $env:PATH + ";$mountPath/Windows/System32;$mountPath/openvswitch/usr/bin;$mountPath/openvswitch/usr/sbin"
-    $OVS_DB_SCHEMA_PATH = "$mountPath/openvswitch/usr/share/openvswitch/vswitch.ovsschema"
-    $OVS_DB_PATH = "C:\openvswitch\etc\openvswitch\conf.db"
-    if ($(Test-Path $OVS_DB_SCHEMA_PATH) -and !$(Test-Path $OVS_DB_PATH)) {
-        ovsdb-tool create "$OVS_DB_PATH" "$OVS_DB_SCHEMA_PATH"
-    }
-    ovsdb-server $OVS_DB_PATH -vfile:info --remote=punix:db.sock --log-file=/var/log/antrea/openvswitch/ovsdb-server.log --pidfile --detach
-    ovs-vsctl --no-wait init
-
-    # Set OVS version.
-    $OVS_VERSION=$(Get-Item $mountPath\openvswitch\driver\OVSExt.sys).VersionInfo.ProductVersion
-    ovs-vsctl --no-wait set Open_vSwitch . ovs_version=$OVS_VERSION
-
-    ovs-vswitchd --log-file=/var/log/antrea/openvswitch/ovs-vswitchd.log --pidfile -vfile:info --detach
-
-    $SleepInterval = 30
-    Write-Host "Started the loop that checks OVS status every $SleepInterval seconds"
-    while ($true) {
-        if ( !( Get-Process ovsdb-server ) ) {
-            Write-Host "ovsdb-server is not running, starting it again..."
-            ovsdb-server $OVS_DB_PATH -vfile:info --remote=punix:db.sock --log-file=/var/log/antrea/openvswitch/ovsdb-server.log --pidfile --detach
-        }
-        if ( !( Get-Process ovs-vswitchd ) ) {
-            Write-Host "ovs-vswitchd is not running, starting it again..."
-            ovs-vswitchd --log-file=/var/log/antrea/openvswitch/ovs-vswitchd.log --pidfile -vfile:info --detach
-        }
-        Start-Sleep -Seconds $SleepInterval
-    }
   VMSwitchExtension-AntreaAgent-Containerd.ps1: |
     Param(
         [parameter(Mandatory = $false)] [ValidateSet("enable", "disable")] [string] $VMSwitchExtension = "disable"
@@ -311,8 +279,10 @@ spec:
         - mountPath: /var/log/antrea/
           name: var-log-antrea
       - args:
-        - -file
-        - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaOVS-Containerd.ps1
+        - -command
+        - |
+            Move-Item -Path "$env:CONTAINER_SANDBOX_MOUNT_POINT/start_ovs_windows_containerd.ps1" -Destination "$env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/start_ovs_windows_containerd.ps1" -Force
+            . "$env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/start_ovs_windows_containerd.ps1"
         command:
         - powershell
         image: antrea/antrea-windows:latest

diff --git a/build/yamls/windows/containerd-with-ovs/conf/Run-AntreaOVS-Containerd.ps1 b/build/yamls/windows/containerd-with-ovs/conf/Run-AntreaOVS-Containerd.ps1
diff --git a/build/yamls/windows/containerd-with-ovs/containerd-with-ovs.yml b/build/yamls/windows/containerd-with-ovs/containerd-with-ovs.yml
@@ -18,8 +18,10 @@ spec:
           image: antrea-windows
           imagePullPolicy: IfNotPresent
           args:
-            - -file
-            - $env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/Run-AntreaOVS-Containerd.ps1
+          - -command
+          - |
+            Move-Item -Path "$env:CONTAINER_SANDBOX_MOUNT_POINT/start_ovs_windows_containerd.ps1" -Destination "$env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/start_ovs_windows_containerd.ps1" -Force
+            . "$env:CONTAINER_SANDBOX_MOUNT_POINT/var/lib/antrea-windows/start_ovs_windows_containerd.ps1"
           command:
           - powershell
           volumeMounts:

diff --git a/build/yamls/windows/containerd-with-ovs/kustomization.yml b/build/yamls/windows/containerd-with-ovs/kustomization.yml
@@ -8,7 +8,6 @@ commonLabels:
   app: antrea
 configMapGenerator:
 - files:
-  - conf/Run-AntreaOVS-Containerd.ps1
   - conf/VMSwitchExtension-AntreaAgent-Containerd.ps1
   name: antrea-agent-windows
   namespace: kube-system